Hey everyone, id like to build a cardano staking pool and am curious as to what the reasoning is to why i need 2 physical machines for it! I understand that each machine will be dedicated to either being a relay node or a bp node (where bp requires tighter security), but can this be accomplished using a singular machine under one os? Alternatively can i set up a vm on the my ubuntu machine, dedicate the vm and allocated resources towards one node then using the host machine amd remaining resource for the other node?
1 Like
hi,
not a best practice but if you have enough resources (each node will use ~10G of RAM and will need ~60-70G HDD space) you can try to run a pool
Cheers,
Speaking about “not a best practice”:
- Have any attacks that shall be prevented by this block-producer-behind-relay architecture been seen in the wild?
- Could a pool go totally without relays by registering IP or DNS name of the block producer as “relay” in the pool cert?
- Have any attacks that shall be prevented by this block-producer-behind-relay architecture been seen in the wild?
As far as I know nope but better to prevent…
- Could a pool go totally without relays by registering IP or DNS name of the block producer as “relay” in the pool cert?
yes, it should work but the producer will be exposed to the network… of course you can customize the IN peers to allow just a few trust peers but adapools which is working with yoroi will see the node down (port closed) and the pool will not be available on yoroi
1 Like
Yes i believe i should have enough resources for the job. I have 32gb ram and a 500ssd. When you mentioned: not the best practice, is that due to it being run on a vm or is that a security thing? Also would you have any other suggestions for running the 2 nodes on a singular machine? Thanks a bunch 
If u will have an issue with the machine all servers/nodes will be affected… also could be a security issue because u will register the IP of the BP on the network… anyway for testing and fun should be ok
It’s up to u if u will want this set up… if the security is not a concern for you then u can start to build the node
Cheers,
Awsome, thanks for clearification and input!!
1 Like
If it is for testing it is irrelevant. However, for true operation it is a very risky setup as your block producer signing keys would be on a machine you advertise to the entire internet. The separation is to have really strong firewall rules on the blockproducer. You also want to have your blockproducer machine free of any other task, keep in mind your producer can only make a block on its allocated slot and having your machine busy might make you miss a block.
Although if you on mainnet are producing blocks, that is 1M at stake, don’t put it at risk. You should really invest on having separate machines. On testnets, or your private testnet. Have fun breaking things.
1 Like
@Titan-C so it is my understanding that a vm allows communication without sacrifice of security to the host os. If i in the method id like to try, set up a relay node with the vm, and left the bp on the host pc, and setup the necessary security for the bp node (host pc), how would the relay node (vm) be a producing a security risk? Aside from the security, i could see the problem where i may not be online if my vm goes down, but that would be the same as a separate pc (relay) going down anyway. If the bp node goes down, doesnt really matter if my relay goes down with it does it? Also can you explain more into how i may miss out on minting a block if my machine is busy! What do you mean by busy?
1 Like
I agree.
I think you need to look at your entire network setup. For example, if everything goes through your single router then if the router fails, or its connection to the internet, then your relay and block producer beyond will also be disconnected.
1 Like
Hmm you have a good point. However if i have a setup where i have a network dedicated to running one relay and one network dedicated to running one bp node, If either the bp node or relay node go down (even if they are on individual networks) doesnt that mean the system of two becomes inoperable (without relay, bp cant do anything, without bp, no point in having relay)? Unless you have 2 relays or i miss understood how you mean “look into my network”. Thanks for the suggestion
If you want true redundancy then you want two of everything. But you can’t run two instances of your block producer simultaneously otherwise you will produce forks in the chain.
There was a blow-up in the community about some stake pools running two block producers a few months ago.
The problem is that each block producer has its own mem-pool and therefore can include different transactions when they produce a block. Therefore each instance of your block producer can produce a different block for the same slot causing a fork in the chain. Depending on how these blocks are propagated, it can result in other stake pools adding blocks to one or both forks. Ultimately only 1 fork can be accepted so some other pools get their blocks orphaned as a result.
Every time a pool operator does notice an orphaned block they analyse the cause and can see if it was caused by someone running two block producers. They will then not be happy with this operator since their actions caused them to miss a block and receive less rewards. There was actually a list maintained for a while recording which stake pool operators were doing this. Missing blocks is a big deal especially for small pool operators who may only get to produce a few blocks.
Don’t run two block producers at the same time or you will very much upset other pool operators who will want your guts for garters.
So getting back to the redundancy issue, you will also need to come up with a mechanism whereby you have a fail-over to a back-up block producer if your main block producer fails.
I went through analysing this whole design myself and decided that it wasn’t worth the hassle. I run multiple relays in different locations and just one block producer. I have 2 separate network connections between the relays and the block producer. If my block producer goes down, I can quickly convert one of the independent relays to run as a block producer.
Note that my pool is small and I may produce only 1 block per epoch. This gives me time to reconfigure my setup in the case of a failure. You will need to consider the trade-offs for your own situation.
2 Likes
Very insightful. Ill keep this in mind! Thank you!
Being busy and missing a block means:
You can only produce a block on your designated slot. A slot is 1 second long. If at that precise second your machine was busy doing other stuff like writing to disk, swaping data, calculating something, garbage collecting or anything a normal machine does for each of the processes it runs. Then you might miss your chance to produce the block on your allocated slot. For that reason you want to run your block producer on a machine with enough resources and not do anything else on that machine, because every process you run can take priority over block producing and you might miss your chance.
Again when you run a Stake pool on mainnet, as a service operator, with your stake on the line and the one of your delegators. Invest in separate machines, with well endowed resources, have redundancy and fail over plans, audit your security. Don’t be cheap, or you’ll have a hard time sustaining the trust of your delegators.
To test your configurations, yes spin even private networks on many VMs on the same host and have fun breaking things.
1 Like
You can run a block producer as a virtual machine and you can pin particular processor cores to the block producer VM only. This allows you to guarantee that your block producer cores do not suffer contention with other VMs.
1 Like
Yup, ive made sure to allocate 2 cores (instead of the default 1 to the relay vm) and have 4 cores remaining on host, also have 12 gb ram allocated and 100gb storage for the VM. Leave 20gb ram and 400gb strg for the bp to play with. I’m hoping this will work at St least to see if it will work on test net. Is there a way to allocate cores to a process like a bp node so it’s always ready for when chosen for a slot?
You can see the topic solving-the-cardano-node-huge-memory-usage-done on how to manually configure how many cores the process should use and other optimization parameters. It’s a lengthy topic but may be worth exploring.
1 Like
Did you set up your BP node on your host PC? If not, did you consider running your BP node on a VM?
For all of the security reasons of course, but then you can also duplicate/copy instances of your VM at different stages of the building process.
Build VM, apply perferred settings, secure/harden, then copy VM.
Build node on VM, let it sync, then copy VM.
So many options to consider.
Currently running the BP on host. (Relay on host would be less secure as if someone gains access thru relay, they gain access to BP). So basically your saying setup a second vm, dedicated to the BP node and get it setup how i want it, then copy the setup to the host machine and run it there? @aarinofCBO
Running both the BP and relay on two seprate VMs is a good idea in my opinion. This helps with security, resource dedication, and duplication.
About copying the VM, once you have a good instance you can copy it and save it for later use incase you run into an issue that you can’t fix.
If you need a new VM you can take your time to build a new one or use a copy from an earlier instance.
1 Like