Overall Architecture
The architecture is composed of 3 main components, namely
- Ethereum 1.0 node, running Geth
- Ethereum 2.0 node, running Prysm in beacon mode
- Validator node, running Prysm in validator mode
Few more have been added to ensure stability and security of the overall infrastructure, such as a bastion and a utility node.
The network is segmented in three layers, as described below:
public
zone is internet facing for mainnet and beacon chain peer-to-peer protocols. Both have the need to have inbound udp and tcp ports, as well as being able to reach to node anywhere on the Internet. This zone is unrestricted in outbound traffic. Objective of this zone is to provide a highly reliable internet connectivity to maximise peers quality and hence node reliability.private
zone assigned private, non-routable IP addresses only. Servers in this zone don't have internet access and their traffic is highly filtered or restricted. They can have access to beacon chain node. Objective of this zone is to limit traffic to the strict minimum, preventing any data leakage to happen in case of bogus or malicious software (factory chain attack for instance)management
zone is not sitting on the data path, but perform monitoring and alerting duty, as well as providing ssh connectivity to any of the nodes in the infrastructure.
Service mesh to secure point to point communication
A service mesh has been put in place to secure point to point communication using army-grade encryption and peer validation.
Immutable infrastructure
All the nodes can be wiped and rebuilt within seconds.
Monitoring and Alerting
Prometheus is used as main metrics collection point, and Grafana/Alertmanager pair is doing the alerting duty.