1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
6.4 KiB
6.4 KiB
Architecture Documentation
Last Updated: 2025-01-27
Status: Active
Table of Contents
- Overview
- Network Architecture
- Consensus
- Network Configuration
- Infrastructure
- Oracle System
- DeFi Infrastructure
- Monitoring
- Security
- Explorer
- API Gateway
- Data Management
- Scalability
- High Availability
- Performance
- Future Enhancements
Overview
The DeFi Oracle Meta Mainnet (ChainID 138) is a production-ready blockchain network built on Hyperledger Besu with QBFT (Quorum Byzantine Fault Tolerance) consensus. The network is designed as a read network with public RPC endpoints and internal oracle publishers.
Network Architecture
Tiered Architecture
The network is organized into three tiers:
-
Validators (N≥4)
- Private subnets, no public IPs
- QBFT consensus participation
- RPC disabled for security
- Peered only to sentries
-
Sentries (N=3-5)
- Public-facing P2P nodes
- Peer to validators and other sentries
- Limited RPC (internal only)
- Port 30303 (TCP/UDP) for P2P
-
RPC Nodes (N=3-5)
- Public HTTPS JSON-RPC
- No P2P enabled
- Read-only operations
- Behind API gateway with rate limiting
Consensus
- Protocol: QBFT (Quorum Byzantine Fault Tolerance)
- Block Time: ~2 seconds
- Finality: Immediate (BFT)
- Validator Set: 4+ validators
- Epoch Length: 30,000 blocks
- Request Timeout: 10 seconds
Network Configuration
- ChainID: 138
- Gas Limit: ~30,000,000 per block
- Network ID: 138
- Consensus: QBFT
Infrastructure
Azure Kubernetes Service (AKS)
- Cluster: AKS with multiple node pools
- Networking: Azure CNI with VNet integration
- Storage: Azure Disks (Premium SSD) for chaindata
- Secrets: Azure Key Vault for key management
- Monitoring: Azure Monitor and Container Insights
Networking
- VNet: Virtual Network with subnets for each tier
- NSGs: Network Security Groups with restrictive rules
- Application Gateway: HTTPS termination and load balancing
- Private Endpoints: Validator nodes in private subnets
Oracle System
Oracle Aggregator
- Chainlink-compatible oracle aggregator
- Round-based updates
- Access control (Admin and Transmitter roles)
- Heartbeat and deviation threshold policies
Oracle Publisher
- Off-chain service fetching data from multiple sources
- Median aggregation
- Transaction signing via EthSigner
- Resilience logic (exponential backoff, reorg handling)
CCIP Integration
- Chainlink CCIP for cross-chain oracle data
- CCIP sender and receiver contracts
- Cross-chain message validation
DeFi Infrastructure
Standard Contracts
- WETH: Wrapped Ether (WETH9 standard)
- Multicall: Batch contract calls
- CREATE2 Factory: Deterministic address deployment
- Proxy: Upgradeable oracle contracts
Monitoring
Prometheus
- Scrapes metrics from all Besu nodes
- Custom metrics for oracle updates
- Alert rules for node health and performance
Grafana
- Dashboards for node health
- Block production metrics
- RPC performance metrics
- Oracle feed status
Loki
- Log aggregation
- Structured logging
- Log retention policies
Alertmanager
- Alert routing
- Notification channels
- Alert inhibition rules
Security
Key Management
- Azure Key Vault for validator keys
- EthSigner for oracle transaction signing
- HSM integration (optional)
Network Security
- Private subnets for validators
- Network Security Groups
- TLS for internal communication
- WAF for RPC endpoints
Permissioning
- Node permissioning (static-nodes.json)
- Account permissioning (optional)
- On-chain permissioning (optional)
Explorer
Blockscout
- Full-featured blockchain explorer
- Contract verification
- Token tracking
- Transaction history
API Gateway
Features
- Rate limiting (per method, per IP)
- Authentication (API keys, JWT)
- Method allowlists
- CORS configuration
- HTTPS termination
Rate Limits
- Default: 1200 requests/minute
- eth_call: 600 requests/minute
- eth_getLogs: 300 requests/minute
- eth_getBlockByNumber: 600 requests/minute
Data Management
Node Types
- Public RPC: SNAP sync, 7-30 days retention
- Internal Indexer: ARCHIVE sync, persistent
- Validators: FULL sync, persistent
Backup
- Daily volume snapshots
- Weekly cold backup
- Restore procedures documented
Scalability
Horizontal Scaling
- RPC nodes can scale based on load
- Sentry nodes can scale for P2P capacity
- Validators fixed (consensus requirement)
Vertical Scaling
- Resource limits configured per tier
- Auto-scaling for RPC and sentry nodes
- Fixed resources for validators
High Availability
Multi-AZ Deployment
- Nodes distributed across availability zones
- Pod anti-affinity rules
- Pod disruption budgets
Disaster Recovery
- Volume snapshots
- Cold backup procedures
- Restore runbooks
Performance
SLOs
- RPC availability: ≥99.9% monthly
- P95 RPC latency: ≤300ms
- Block lag: ≤2 blocks under normal conditions
Optimization
- SNAP sync for RPC nodes
- Caching layer (Redis)
- CDN for static assets
Future Enhancements
- On-chain permissioning
- Cross-chain bridges
- DeFi protocol integrations
- Layer 2 solutions
- Privacy features (Tessera)