Hi folks! My first post here. I have become fascinated with Cardano and have been studying the stake pool setup and code quite a bit. My question is why does the relay-node topology file contain the block-producer ip address? If I understand the concept correctly, the whole point of putting the block-producer “behind” the relay-node is so it acts like a proxy & thus protects the block-producer. Shouldn’t that mean only the block-producer should be able to initiate contact with the relay-node? Like in a client/server way where the client makes all requests & is protected from the server “pushing” changes to it? What would happen if I remove the block-producer ip address from the relay-node?
AFAIK, it’s a pull model. The BP would still be able to pull Tx from the Relay, but the Relay could not pull blocks produced by the BP.
Hi Tom, thanks for being my first reply on here! Huh, still strikes me as odd with my understanding of proxy networks. It seems like a security issue for the relay-node to hold a hardcopy of the ip address you created the relay-node to hide in the first place, right? From the point of view of the relay-node, the block-producer ip address just appears like any other relay-node in that topology file list, so the block-producer node must be the one initiating the contact & saying “hey I’m your special producer node” so the relay-node knows to call back and pull what it should. Just a strange setup.
One has to understand that Cardano protocols are uni-directional. I.e., relay node has to connect to bp node to get blocks (if produced) and bp node has to connect to get transactions. It’s not really hiding bp node behind relay node - it’s more of a separation of tasks. Relay nodes keep the network communicating and thus the blockchain distributed and bp nodes wait until they have to validate a block and then send the result over to the relay node for further distribution.
Thanks, jf. That makes more sense to me now that I think about it. It’s all about polling for changes from immediate neighbor nodes & then pulling them, and the firewall setup to only allow access by the relay-node lets the bp node do its work without the burden of all the random internet traffic that’s always hammering completely open ports.