Re security, can it not be achieved by running witness node and API node in separate docker containers or VMs, sharing only the consensus data. You can even use the dual ethernet on most HEDT motherboards to provide 2 completely separate internet access and IP addresses (one hidden, one public). Only in the event of one internet going down would they share internet. Redundant internet is a small cost. This is the sort of setup you can only do on your own machines, not in a data center.
You are viewing a single comment's thread from:
Just knowing the IP of a witness node is a security risk. Even if you had multiple IP's they would be on the same subnet most likely and easy to track it down.
You can't share consensus data between VM's, they can't be both writing to the blockchain file.
Two diverse internet providers would provide completely different IPs.
Surely only the witness node would be writing to the blockchain file? Isn't that the whole point of dPOS consensus?
The APIs should just be reading from it? Or am I misunderstanding something.
If so then Docker can allow this. https://www.digitalocean.com/community/tutorials/how-to-share-data-between-docker-containers
@anyx your thoughts on these issues would be appreciated.
An RPC node runs the witness plugin and the blockchain file grows on all nodes even seed nodes. They cannot share the same file.
While docker images can easily share data, that does not mean the underlying applications can.
I thought you were talking about sharing witness and full node on same hardware, now you are talking about two ISP?
HEDT motherboard often have two Ethernet Ports. Internet via two separate ISPs can plug into each port and each VM or docker container can use a different ISP as main and the alternate as backup. Only in event of outage of one would witness & API nodes be using same ISP & IP address range.
Posted using Partiko iOS