4.3 KiB
4.3 KiB
Network Configuration
Network Topology
The DeFi Oracle Meta Mainnet uses a tiered architecture with validators, sentries, and RPC nodes.
Validators
- Count: 4+ validators
- Location: Private subnets, no public IPs
- Peering: Only to sentries (via static-nodes.json)
- Consensus: QBFT
- RPC: Disabled for security
Sentries
- Count: 3-5 sentries
- Location: Public subnets
- Peering: To validators and other sentries
- P2P Port: 30303 (TCP/UDP)
- RPC: Limited, internal only
RPC Nodes
- Count: 3-5 RPC nodes
- Location: DMZ subnet
- P2P: Disabled
- RPC: Public HTTPS JSON-RPC
- Sync Mode: SNAP (or FULL/ARCHIVE)
Peering Configuration
Static Nodes
Static nodes are configured in static-nodes.json:
[
"enode://<validator-1-public-key>@<validator-1-ip>:30303",
"enode://<validator-2-public-key>@<validator-2-ip>:30303",
"enode://<sentry-1-public-key>@<sentry-1-ip>:30303",
"enode://<sentry-2-public-key>@<sentry-2-ip>:30303"
]
Bootnodes
Bootnodes are configured via environment variables or config maps. Validators use sentries as bootnodes.
Network Security
Network Security Groups (NSGs)
Validators
- Allow internal communication (10.0.0.0/16)
- Deny all other traffic
Sentries
- Allow P2P (30303 TCP/UDP) from any
- Allow internal communication (10.0.0.0/16)
RPC Nodes
- Allow HTTPS (443) from any
- Allow HTTP (80) from any (redirect to HTTPS)
- Allow internal communication (10.0.0.0/16)
Permissioning
Node Permissioning
Node permissioning is configured via permissions-nodes.toml:
nodes-allowlist=[
"enode://<node-public-key>@<node-ip>:30303"
]
Account Permissioning
Account permissioning is configured via permissions-accounts.toml:
accounts-allowlist=[
"0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb"
]
QBFT Configuration
Genesis Parameters
- ChainID: 138
- Block Period: 2 seconds
- Epoch Length: 30,000 blocks
- Request Timeout: 10 seconds
- Gas Limit: ~30,000,000
Validator Set
Validators are specified in the genesis extraData field. The validator set can be updated via QBFT transitions.
Consensus Parameters
- Block Time: ~2 seconds
- Finality: Immediate (BFT)
- Validator Count: 4+ validators
- Fault Tolerance: (N-1)/3
Network Monitoring
Peer Count
Monitor peer count to ensure network connectivity:
- Validators should have 2+ peers (sentries)
- Sentries should have 5+ peers (validators + sentries)
- RPC nodes have 0 peers (P2P disabled)
Block Production
Monitor block production to ensure consensus is working:
- Block time should be ~2 seconds
- Block lag should be ≤2 blocks
- Chain should not stall for >20 seconds
Network Topology
Monitor network topology to ensure proper peering:
- Validators should only peer to sentries
- Sentries should peer to validators and other sentries
- RPC nodes should have no P2P connections
Troubleshooting
Nodes Not Peering
- Check network connectivity
- Verify static-nodes.json configuration
- Check firewall rules (NSGs)
- Verify node keys are correct
Block Production Issues
- Check validator keys are correct
- Verify genesis file matches across all nodes
- Check consensus parameters
- Review validator logs
Network Partition
- Identify partitioned nodes
- Check network connectivity
- Verify peering configuration
- Restart nodes if necessary
Network Updates
Adding Validators
- Generate validator key
- Update genesis extraData (requires transition)
- Add validator to static-nodes.json
- Restart validators and sentries
Removing Validators
- Remove validator from static-nodes.json
- Update genesis extraData (requires transition)
- Restart validators and sentries
Updating Consensus Parameters
- Create QBFT transition block
- Update block period, epoch length, or request timeout
- All validators must accept the transition
Network Maintenance
Regular Maintenance
- Monitor peer count daily
- Review block production weekly
- Check network topology monthly
- Update node software quarterly
Emergency Procedures
- Network partition: Identify and reconnect nodes
- Validator failure: Remove failed validator
- Chain stall: Restart validators
- Security incident: Isolate affected nodes