running-node.md

Running a DCLedger Node

DCL Node types

• Genesis Validator - Validator Node created at the beginning of a network
• Non-genesis Validator - Validator Node joined a network after a significant time period
• Private Sentry - Full Node to connect other (external) Validator Nodes (Sentry Node Architecture)
• Public Sentry - Full Node to connect other (external) Full Nodes
• Observer - Full Node for serving gRPC / REST / RPC clients
• Seed - Full Node for sharing IP addresses of Public Sentry Nodes (Seed Node)

DCL network architecture overview

DCL network architecture can logically have the following variations based on different use cases

1. Genesis Validator + (Optional) Private Sentry + (Optional) Public Sentry + (Optional) Observer + (Optional) Seed

• Running a full DCL network from scratch with Genesis Validator Node
• Refer to deployment-design-aws.md for more info

2. Validator + (Optional) Private Sentry + (Optional) Public Sentry + (Optional) Observer + (Optional) Seed

• Running a full DCL infrastructure with Validator Node to join existing DCL network
• Refer to deployment-design-aws.md for more info

3. Observer only

• Running an Observer Node only to join existing DCL network

Running a node

Depending on your use cases you can choose one of the following options to run your nodes

1. Manual (advanced)

• Genesis Validator
• Non-genesis Validator
• Private Sentry
• Public Sentry
• Observer
• Seed

2. Using ansible (semi automated)

• Genesis Validator
• Non-genesis Validator
• Private Sentry
• Public Sentry
• Observer
• Seed

3. Using Terraform and Ansible on AWS cloud (fully automated)

• AWS deployment - this option includes configurable scripts to run DCL network according to deployment-design-aws.md

Security and DDoS mitigation

• To protect your node against DDoS attacks you can consider one of the following options:
  • No VPN, just whitelist/blacklist via firewall rule
  • IPSec site-to-site VPN (Cloud providers)
  • WireGuard P2P VPN
• Consider enabling TLS for public endpoints (RPC/gRPC/REST) (TLS 1.3 is recommended)
  • Most cloud providers including AWS provide TLS encryption integrated into Load Balancers
  • Offload TLS encryption using a reverse proxy (i.e Nginx)
• See deployment wiki for more info

Health and Monitoring

Health and monitoring can be configured various ways depending on a cloud provider or user needs.

Some general recommendations:

• Prometheus - for monitoring application and server performance metrics
• ELK - for collecting application and system logs
• See deployment wiki for more info

AWS deployment - contains automation scripts for setting up health and monitoring on AWS