Regarding this step in the instructions where we create a script that “fetches your relay node buddies and updates your topology file”. Are we sharing the block producers private IP with a system outside of the private network? Or are we considering the public IP that directs traffic to the publicly accessible relay the block producer IP as well? I’m a bit confused by this instruction and what’s intending to say.
Can anyone explain this a little better based on experience?
The blockproducing IP is the address that the relay can reach it on. If you are a local network, then the local IP address, if you are running on a cloud based setup then the public IP address of the BP. The BP only connects to the relay.
The relay needs a public address for other relays to reach it on, so it can be part of the wider cardano network.
If the BP only connects to the relay then why would it have a public IP (cloud or on-prem)? One can establish private IP’s in the cloud as well and isolate communication between BP and relay from public network traffic.
My concern about the suggestion in the documentation that the BP IP should be shared with a third party system goes against the principal of BP/relay network security as I understand it. The point of the relay is to allow the BP to operate solely on a private network, is it not? In other words, why would I need to inform a third party about a private IP that nobody on the public network can access?
What’s the point or the result of doing so?
I guess what is the purpose of the customPeers parameter?
Is it using that parameter to maybe geolocate the relays and thus block producer? If so shouldn’t we put the public address that routes to the relay server and maybe the BP port? should it be the BP port? Can’t geolocate a private IP…this is what’s confusing me…or am I completely wrong about the purpose of the customPeers parameter?
I’m not sure which third party you are referring to. The script just ensures that your BP address will exist in the relay topology, and then pull a list of other relays to connect it. The script isn’t announcing your BP address to anyone else. The custom peers parameter just adds your BP address to the list of nodes your relay will connect to.
@Curtis_Paul The 3rd party, in this case the TopoplogyUpdater, creates the final topology file on their server so they “need” the IP.
I understand your security-related concerns. What you can do is omitting the block producer IP and adding that manually to the topology file after you pull it from the topologyUpdater. It’s not mandatory sending it, but a nice way to generate the final file without having to manually add the BP later.
P2P should be getting implemented end of this year or beginning next year so it’ll make the topologyUpdater obsolete. Anyway topologyUpdater is a great tool and thanks to the guy maintaining it.
Ok, so the way it sounds to me is that these values are simply string text that get inserted in to the response from this GET request.
So if that’s the case I should be fine putting in a dummy IP and port, then I can just modify the content of the results to my actual BP IP/port. Then use that to update my topology configuration. This way, it avoids any possibility of my actual address from being stored by the third party and/or accessible by someone else because it might be stored remotely.
yes…looking forward to the P2P feature, hopefully it’s secure.
Ya, I should have been more specific in my question/explanation earlier. I find it’s more efficient to be as specific as possible when asking the community about stuff.