Is Cardano Mainnet using P2P yet?

Hi I am new to setting up a Cardano node on here.

I noticed there is two file formats for topoogy files. I believe from my research one is for P2P and the other is an older method.

{
  "LocalRoots": {
    "groups": [
      {
        "localRoots": {
          "accessPoints": [
            { "address": "your-blockproducer-address", "port": 6000 }
          ],
          "advertise": false
        },
        "valency": 1
      }
    ]
  },
  "PublicRoots": [
    {
      "publicRoots": {
        "accessPoints": [
          {
            "address": "preprod-node.world.dev.cardano.org",
            "port": 30000
          }
        ],
        "advertise": false
      }
    }
  ],
  "useLedgerAfterSlot": 4642000
}

and something like below which I believe is/was the current method in mainnet?

{
	"Producers": [
	  {
	    "addr": "<BlockProducingNodeIPAddress>",
	    "port": 6000,
	    "valency": 1
	  },
	  {
	    "addr": "relays-new.cardano-mainnet.iohk.io",
	    "port": 3001,
	    "valency": 2
	  }
	]
}

> {
> 	"Producers": [
> 	  {
> 	    "addr": "<RelayNodeIPAddress>",
> 	    "port": 6000,
> 	    "valency": 1
> 	  }
> 	]
> }

Which file structure is used on mainnet? The p2p or this older method? Can I use both?

Yes p2p is recommanded to use for your relays. Right now most of the block producer nodes are still using using the “old” topology format as you cant simply activate p2p on your bp without also adjusting your fw.

You can use the old method (topologyUpdater) or p2p:

If you decide to activate p2p, make sure you do it on both block producer and relay.

To do this, modify the config.json and topology.json files as in this guide:

What is fw in this case?

Sorry, was talking about firewall.

Okay, so I can safely use the new p2p and it will still work on mainnet? good to know!

Oh that makes sense :), I should have guessed that haha.

Is there a way I can test to make sure the firewall is setup correctly? (when I’m testing on the block producer mode?)

I don’t understand your concern.

There is no problem with running P2P on your block producer. There is no problem running everything using P2P mode as I do. There is also no problem running some P2P and some in legacy mode.

I also don’t see why you would need to change your firewall compared to what you were using when running everything in legacy mode. P2P mode can pierce firewalls more easily because your nodes can initiate outgoing connections from your internal network to external relays and then these connections can be upgraded to duplex if both ends are running P2P mode.

The main thing is that you don’t want any external entity being able to initiate a connection in to your block producer. Consequently, if you want to run P2P mode on your block producer, you only want it connecting with your own relays. These connections with your relays will get upgraded to duplex, but that isn’t a security concern because you want bilateral connections between your BP and your relays.

This post has copies of the topology files I use for my relays and my BP.

You can use the following command to test if you are able to connect on a certain port.

nc -v ip port -w2

example

nc -v 165.146.18.25 6000 -w2

You can also use cardano-cli ping to test connectivity between nodes.

Here is an example of me using cardano-cli ping on my BP node to ping one of my local relays:

cardano-cli ping -c 2 -h 172.16.0.8 -p 2700
172.16.0.8:2700 network rtt: 0.001
172.16.0.8:2700 handshake rtt: 0.008610015s
172.16.0.8:2700 Negotiated version NodeToNodeVersionV10 764824073 False
   timestamp,                         host,                          cookie,  sample,  median,     p90,    mean,     min,     max,     std
   2023-08-17 06:11:44.661324519 UTC, 172.16.0.8:2700             ,       0,   0.003,   0.003,   0.003,   0.003,   0.003,   0.003,     NaN
   2023-08-17 06:11:44.665333817 UTC, 172.16.0.8:2700             ,       1,   0.001,   0.002,   0.003,   0.002,   0.001,   0.003,   0.001

Something I just found out is that my Android phone already had netcat installed so now I like @Zyroxa 's idea even more for quick testing over a separate internet connection to see how your firewall looks from outside.