It is called proof of stake for a good reason
I guess that’s true, surprising though as that eventually means the network will be managed by a small group with a large stack
I may be a tad late to this topic. I am by no means an expert and have only just yesterday managed to build my first node. Not running yet, but I am nonetheless happy of how much I have learnt in the last week or so! Yay😀
In regards to OP question: seeing as I do not currently have access to 2 machines, could I use Amazon Web services for the relay and local machine for producer? Using aws is suggested at the iohk zendesk if one doesn’t have a Linux rig. What are your thoughts on this?
To add on to the commentary, I would recommend running more than one relay node as a means to provide redundancy - utilizing multiple relays will permit the block producer to remain functional in the case one of your relay nodes goes down.
AWS, GOOGLE VM (In my country they offer an initial 300$ free credit) or any other VM service provider could definitively work as a relay. Just be sure to be well within the minimum specs and be aware that currently we are seeing spikes in the epoch transitions where cpu and ram usage goes up.
I am actually a fan of the hybrid model as you get the agility of scaling and moving your relays with VMs and the safety, decentralization and bang for buck with home servers. A few of us who run home servers also try to install multiple internet connections so that if one is down we do not loose contact with global relays. If that is a valuable investment time will tell.
Thank you for your answer. I will take small steps at a time. Atm my next challenge is to get a relay node running locally and manage to see its stats remotely with prometheus and the grafana gui. I want to set up the latter temporarily on my work machine. Currently just a bit confused about ip and port
I am trying extremely hard to understand all of this and this comment finally helps to clear some things up, though i’m still a little foggy.
When you say hybrid model you mean: a dedicated computer running ubuntu, hard wired to your local/home internet - serving as the BP node; and on that same machine, an instance of a web server (AWS, google, etc.) running as your relay?
Am I fully understanding that correctly? In all honesty I don’t think I am, because I’ve seen on many other comment threads, that the BP machine which stores your keys, should be cold, meaning its not connected to the internet? I’m sorry if im making this difficult, but i’ve been stuck trying to grasp this concept for quite some while.
Any help is greatly appreciated!!!
Welcome to the forum. Your understanding of the hybrid setup is correct.
Your BP will only connect to your relays, and must be online. Keys are cold stored on a machine which is preferably offline at all times. Making several hard copies is also recommended.
Your BP will need three keys to run: those will need to be online and in the latest software version must be chmodded so that only you have privileges on them.
I hope this helps,
No that is not a good hybrid model. A better one would be a BP in lan and relays through internet. Cold keys are stored cold. In particular any payment cold keys. While bad to loose the keys for the pool loosing access to the founding would be disasterous. I recommend storing that on a differnent computer all together not even the BP. You can do the transaction signing parts on the computer and transfer it to a BP computer. Internet server could be local if fixed ip but more preferably on a global provider like say in my case with google. That would leave you more in control over what traffic is allowed to enter any of the relay and direct all html to a specific server that will not affect any operational aspects. In general it is not a good idea to disclose IP of your BP as it opens it up to attacks. Also your local lan capacity should be redundant and to several internet ISPs. I detail the parts i am comfortable to detail from a security standpoint here: Information about the staking pools – ADA North Pool Since then I have moved away from a docker based approach as it is no longer needed on the smaller scale I am on currently. I also removed some redundant relays as I have enough of relays from local ISPS (multiple). From a security standpoint docker is fine to use as long as its secured well. Since then I also ran a security contest and no sucessfull attacks on my servers. With that said security is an ongoing thing always. I believe even if someone found IP of my server and tried to massively attack it due to other redundancy meassures it would still update and be on tip. To take down my pool would require attacking multiple sources at same time, many of them with DDOS protection and also very large capacity to handle packets (75 million tcp packets per second on router and 200+ million on network card)
please i attach a topology which i developed as i had nodes at home.,
if that is related to your points and also helps.
Node for transaction signing should not be on a router or need router. It looks like an online signing node. It should be cold idealy. You would sign transaction then move it to a relay. If you are not going fully cold make it only accept ip and port of cardano from a trusted source such as a core relay. But I recommend offline signing that is the common advice given by spos and I agree it is good advice.
Also a single relay with 1 isp is a point of failure. If isp goes down so does your bp. I have one public relay but also other relays not disclosed so that if public isp or relay went down the block producer would still update fine.
totally agree about the isolated node for transactions…
no internet from the first second of the installation.
that graphic was during the initial preparation for my previous setup.
thank your for your comments
in the graphic it is not presented the logical communication, with a lot of restrictions and rules on the firewalls for the communication.
for any question, feel free to ask and we can go deeper in more details
enjoy the decentralization