Add commonprefix.com validator to UNL#18
Open
cabrilo wants to merge 1 commit into
Open
Conversation
|
Details on the validator reports are listed below |
|
Glad to see you are meeting recommendations I have made in my authored Rippled Field Guide https://github.com/realgrapedrop/rippled-field-guide/blob/main/docs/RIPPLED-FIELD-GUIDE.md |
|
I support this. Common Prefix would be a great and high-quality addition to the UNL. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds
commonprefix.comvalidator to UNL.nHBgzYRyy9VstzSm3uqZC34Uk72aEsyAu9aT4ZCkxxWec9DdmMD7Infrastructure
rippled, providing regional distribution in underrepresented areaz1d.2xlarge)Code for the infrastructure is open source and available at: https://github.com/commonprefix/xrpl-validator
Our validator is behind two proxies, also hosted in India. The validator runs in an isolated private subnet with no direct internet access; inbound peer traffic terminates at a cluster of proxy nodes in public subnets.
flowchart TD Internet((Internet)) subgraph public["Public Subnet"] PublicNode1[Node<br/>proxy] end subgraph private["Public Subnet"] PublicNode2[Node<br/>proxy] end subgraph isolated["Isolated Private Subnet"] Validator[Validator<br/>proposing] end Internet <--> PublicNode1 Internet <--> PublicNode2 PublicNode1 --> Validator PublicNode2 --> ValidatorThe aim of the setup is to ensure secure environment and high availability, with ability to automatically recover from failures and quickly respond to unforeseen issues. Our track record is available at: https://livenet.xrpl.org/validators/nHBgzYRyy9VstzSm3uqZC34Uk72aEsyAu9aT4ZCkxxWec9DdmMD7/history
Infrastructure As Code
Our infrastructure allows quick deployment of new proxy nodes and migration of existing validator if needed. It also allows spinning up new testnet clusters that mimic our mainnet setup to explore optimizations and identify issues.
Security
Among others, we take the following security precautions:
rippledare stored in AWS Secrets Manager, with least privilege access and auditing of all accessInternal Networking
Validator has no access to the internet without going through a NAT Gateway, limiting it to ports common for system updates and debugging. There are no ports forwarded between the internet and the validator.
Nodes are in their separate subnets. Validator's subnet can only ever communicate to the rest of the network through proxy nodes.
The only ports opened are standard
ripplednetworking nodes on proxy nodes. SSH ports are never open and two factor authentication is required to establish a connection to any server.Monitoring & Alerting
We have continuous monitoring and alerting for:
Our logs are collected to CloudWatch and visualized for ease of access. Alerts on anomalies, securities breaches, and validator state are sent, based on severity, to AWS CloudTrail, mobile phone push notifications, Discord push notifications, SMS and phone calls.
Updates
We have historically responded quickly to
rippledupdates, performing a rolling update of our proxy nodes and validator to increase uptime.Why Common Prefix
Common Prefix is deeply involved in the
rippledcodebase. We performed security audits, documentation of the payment engine and we are currently leading the formal verification efforts, disclosing a number of security reports and reporting bugs. We also brought XRPL to Axelar.By including Common Prefix in the UNL, community gains our expertise and voting leadership; Common Prefix gains insights into peering, networking and consensus and ability to participate in debugging any liveness issues or bugs.