Shelley p2p discovery replacement procedure

Ive installed everything (or so I thought), then saw coincashew’s instructions stating this:

Shelley has been launched without peer-to-peer (p2p) node discovery so that means we will need to manually add trusted nodes in order to configure our topology. This is a critical step as skipping this step will result in your minted blocks being orphaned by the rest of the network.

They also say this:

Critical step: In order to be a functional stake pool ready to mint blocks, you must see the TXs processed number increasing. If not, review your topology file and ensure your relay buddies are well connected and ideally, minted some blocks.

And my TX isnt increasing, so Im guessing they’re correct. Cardano’s official documents dont appear to say anything about this.

The instructions I’m following are at


  1. Assuming my “air gapped machine” (for signing) was never compromised in any way, BUT my BP and Relays were totally compromised or even stolen, what is at risk??

For example: Will I lose my pledge?

As far as I know, I’ve basically lost nothing important because the cold keys weren’t compromised. Please correct me if I’m wrong.

  1. At the moment, my BP does not have direct connection to the internet. It communicates ONLY with my Relays via my LOCAL network at home. Does the BP need direct connection to the internet?

  2. Because I’m paranoid and my BP doesnt connect directly to the Internet, my BP doesn’t have a public IP. It only has a local IP for my home network. So it doesn’t have a “public ip” I can register in the steps at (the part that replaces Shelley’s p2p discovery).

Any help is appreciated. Please speak to me like a newbie. I’m learning all of this as I go. I have no formal training in all this.


these are good questions, here is a quick answer:

  1. if you are doing everything correctly (and don’t have and never had any payment or other keys on the BP node, except those needed to run a BP node) then you are fine. If you have been compromised, just clean / reinstall the system, generate new KES keys and you are up and running. If someone stoles the KES keys, not much he/she can do with that.

  2. No, BP doesn’t need a direct internet connection. BP node only needs to be connected to your relays, basically, your relays are the proxy servers for the BP node to get info from other nodes.

3)BP needs only to be connected to your nodes… nothing else, so no need to run any topology buddy scripts on your BP nodes (only relay nodes)

hope it helps