I wanted to ask if you guys have thought about the ideal core/relay setup. Assuming core is physically separated from the relay(s), it seems one option is to expose the IP of the core to the relay by directly including the IPs in topology files.
But this creates a security problem as the core’s IP address becomes known if relay is compromised. I wonder if you have thought about any alternative methods…
PS: I hear that in the mainnet implementation of the networking layer, there won’t be a need for a two-way communication between the core and the relay, which is great!
From my understanding you can set up relay nodes in front of the pool as a first line of defense. With static topology pointers you can even create a Multi-Chain of nodes, so the first compromised relay does not immediately expose the pools IP.
But also never forget about the KISS principle.
The node itself hasn’t (shouldn’t) the cold keys on his disk. So even if the pool is compromised it’s not fully lost.
And last but not least you also must consider
performance for peak client requests
Dont know if its optimal but an old principle from networks is the ring type of network connection. So I made an idea of ringrelays. Granted its weakest link is each ring connector but if you have more rings of relays this should not be a big problem and it will the help with the criteriums werkof lists of failover resilience (and each ring connector could easily become a core node if needed for example) and definitively with broadcast capacity as that is the whole point of the rings to have different geographical clusters and connect efficiently to the core node.
That’s an interesting idea, but I would make sure your Core has access to more than one relay (I am probably just mis-interpreting your chart, you might mean that the core connects to all relays and those relays go to different places.)
During the FnF/publicHTN I am going to try different relay configurations to try and find issues. One of which will be having a middle set of relays that isn’t public facing at all that sits in between the core and the main network facing relays. I.E. creating a node-forest of sorts.
Yeah that image is for one ring and you do more than one.
This is interesting.
What kind of connection is used to connect the core and the Relay1, Relay2… RelayX (the ring on your picture)?
Are you connecting via internet/TCP or it’s some sort of private network?
Can you expand on this a bit? From what exists today, I don’t see a way to avoid connecting two nodes without including them in each other’s topology… I am hearing this likely to change when the network layer is implemented.
Yes, I guess it’s not really possible to establish a TCP connection between two hosts without exposing ones IP address.
But you can have
PublicNet <=> Relay1 <=> Relay2 <=> Pool
To have an additional layer
Yep, that’s what I’ll be trying tomorrow.
One ring has a local connection between core and relay and others then onwards is internet. 2-4th ring has internet connection with core.