Skip to content

Overall Architecture

The architecture is composed of 3 main components, namely

  • Ethereum 1.0 node, running Geth
  • Ethereum 2.0 node, running Prysm in beacon mode
  • Validator node, running Prysm in validator mode

Few more have been added to ensure stability and security of the overall infrastructure, such as a bastion and a utility node.

cryptouille-architecture-01.png

The network is segmented in three layers, as described below:

  • public zone is internet facing for mainnet and beacon chain peer-to-peer protocols. Both have the need to have inbound udp and tcp ports, as well as being able to reach to node anywhere on the Internet. This zone is unrestricted in outbound traffic. Objective of this zone is to provide a highly reliable internet connectivity to maximise peers quality and hence node reliability.
  • private zone assigned private, non-routable IP addresses only. Servers in this zone don't have internet access and their traffic is highly filtered or restricted. They can have access to beacon chain node. Objective of this zone is to limit traffic to the strict minimum, preventing any data leakage to happen in case of bogus or malicious software (factory chain attack for instance)
  • management zone is not sitting on the data path, but perform monitoring and alerting duty, as well as providing ssh connectivity to any of the nodes in the infrastructure.

Service mesh to secure point to point communication

A service mesh has been put in place to secure point to point communication using army-grade encryption and peer validation.

Immutable infrastructure

All the nodes can be wiped and rebuilt within seconds.

Monitoring and Alerting

Prometheus is used as main metrics collection point, and Grafana/Alertmanager pair is doing the alerting duty.