# Network Configuration ## Network Topology The DeFi Oracle Meta Mainnet uses a tiered architecture with validators, sentries, and RPC nodes. ### Validators - **Count**: 4+ validators - **Location**: Private subnets, no public IPs - **Peering**: Only to sentries (via static-nodes.json) - **Consensus**: IBFT 2.0 - **RPC**: Disabled for security ### Sentries - **Count**: 3-5 sentries - **Location**: Public subnets - **Peering**: To validators and other sentries - **P2P Port**: 30303 (TCP/UDP) - **RPC**: Limited, internal only ### RPC Nodes - **Count**: 3-5 RPC nodes - **Location**: DMZ subnet - **P2P**: Disabled - **RPC**: Public HTTPS JSON-RPC - **Sync Mode**: SNAP (or FULL/ARCHIVE) ## Peering Configuration ### Static Nodes Static nodes are configured in `static-nodes.json`: ```json [ "enode://@:30303", "enode://@:30303", "enode://@:30303", "enode://@:30303" ] ``` ### Bootnodes Bootnodes are configured via environment variables or config maps. Validators use sentries as bootnodes. ## Network Security ### Network Security Groups (NSGs) #### Validators - Allow internal communication (10.0.0.0/16) - Deny all other traffic #### Sentries - Allow P2P (30303 TCP/UDP) from any - Allow internal communication (10.0.0.0/16) #### RPC Nodes - Allow HTTPS (443) from any - Allow HTTP (80) from any (redirect to HTTPS) - Allow internal communication (10.0.0.0/16) ## Permissioning ### Node Permissioning Node permissioning is configured via `permissions-nodes.toml`: ```toml nodes-allowlist=[ "enode://@:30303" ] ``` ### Account Permissioning Account permissioning is configured via `permissions-accounts.toml`: ```toml accounts-allowlist=[ "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb" ] ``` ## IBFT 2.0 Configuration ### Genesis Parameters - **ChainID**: 138 - **Block Period**: 2 seconds - **Epoch Length**: 30,000 blocks - **Request Timeout**: 10 seconds - **Gas Limit**: ~30,000,000 ### Validator Set Validators are specified in the genesis `extraData` field. The validator set can be updated via IBFT transitions. ### Consensus Parameters - **Block Time**: ~2 seconds - **Finality**: Immediate (BFT) - **Validator Count**: 4+ validators - **Fault Tolerance**: (N-1)/3 ## Network Monitoring ### Peer Count Monitor peer count to ensure network connectivity: - Validators should have 2+ peers (sentries) - Sentries should have 5+ peers (validators + sentries) - RPC nodes have 0 peers (P2P disabled) ### Block Production Monitor block production to ensure consensus is working: - Block time should be ~2 seconds - Block lag should be ≤2 blocks - Chain should not stall for >20 seconds ### Network Topology Monitor network topology to ensure proper peering: - Validators should only peer to sentries - Sentries should peer to validators and other sentries - RPC nodes should have no P2P connections ## Troubleshooting ### Nodes Not Peering 1. Check network connectivity 2. Verify static-nodes.json configuration 3. Check firewall rules (NSGs) 4. Verify node keys are correct ### Block Production Issues 1. Check validator keys are correct 2. Verify genesis file matches across all nodes 3. Check consensus parameters 4. Review validator logs ### Network Partition 1. Identify partitioned nodes 2. Check network connectivity 3. Verify peering configuration 4. Restart nodes if necessary ## Network Updates ### Adding Validators 1. Generate validator key 2. Update genesis extraData (requires transition) 3. Add validator to static-nodes.json 4. Restart validators and sentries ### Removing Validators 1. Remove validator from static-nodes.json 2. Update genesis extraData (requires transition) 3. Restart validators and sentries ### Updating Consensus Parameters 1. Create IBFT transition block 2. Update block period, epoch length, or request timeout 3. All validators must accept the transition ## Network Maintenance ### Regular Maintenance - Monitor peer count daily - Review block production weekly - Check network topology monthly - Update node software quarterly ### Emergency Procedures - Network partition: Identify and reconnect nodes - Validator failure: Remove failed validator - Chain stall: Restart validators - Security incident: Isolate affected nodes