Relay Nodes: Or how to protect your stake node

I have tried asking this in telegram but it has not been effective due to the lack of having message threads.
Has anyone prepared or thought about the potential solutions around having relay nodes that are in front of a ‘core’ (for lack of a better term) stake pool node to offer some level of protection?

Would the following solutions make some node attacks less effective?
Experimental Idea 1:
Having two passive nodes running on separate servers. These nodes would be open to all connections from the cardano network.
Then having a ‘core’ stake pool node with a firewall that only accepts traffic from the above two nodes.

Experimental Idea 2:
Running 3 different servers all using the same configuration as a stake pool. Obviously if this pool is chosen to create a block all 3 nodes will try and broadcast a block and only 1 would make it. I would imaging this may cause problems for the network? Or could this be a really hacky solution?


Hi @CardanoUmbrella

I am not sure that your second idea would work, that is whether it could be provisioned that way.

I assume that if you try to start jormungandr with the same pool ID and keys (i.e. the --secret parameter) as an existing server, but on a different IP, the network would reject it. I don’t know whether the public IP that is provided in the node config is linked to the pool ID or if the IP is just a random list of nodes that other nodes can connect to (whether they are stake pools or not). Maybe I will try it (when the network stabilises :grinning:).

That said you would need to be able to move your pool to a different IP if required, so if they are linked then this would need to update to other nodes. So if it was designed to prevent multiple servers this may cause an issue while the new IP propagates.

It is an interesting question, that probably needs someone from IOHK to answer.



I would love to hear too if is possible to run several nodes (different node id) with same pool id.

I don’t think it possible simply because the private key (secret key) that is used to register a node should not be shared. If it is shared by several nodes, you wouldn’t be able to tell which node signed the transactions. The cryptographic purpose of the private key is to narrow down the signature to one and only one signer. Anything other than that is consider forgery which renders the transaction as invalid.


Does passive node help securing the network by checking and broadcasting blocks to network peers ? And is Daedalus wallet a passive full node?