mirror of
https://github.com/corda/corda.git
synced 2024-12-21 22:07:55 +00:00
Docs: some work on the network map docs.
This commit is contained in:
Mike Hearn
parent
a223fdb8d3
commit
7548c6c901
@ -1,12 +1,23 @@
|
||||
Network Map
|
||||
===========
|
||||
|
||||
The network map is a collection of signed ``NodeInfo`` objects (signed by the node it represents and thus tamper-proof)
|
||||
forming the set of reachable nodes in a compatibility zone. A node can receive these objects from two sources:
|
||||
The network map is a collection of signed ``NodeInfo`` objects. Each NodeInfo is signed by the node it represents and
|
||||
thus cannot be tampered with. It forms the set of reachable nodes in a compatibility zone. A node can receive these
|
||||
objects from two sources:
|
||||
|
||||
1. The HTTP network map service if the ``compatibilityZoneURL`` config key is specified.
|
||||
1. A network map server that speaks a simple HTTP based protocol.
|
||||
2. The ``additional-node-infos`` directory within the node's directory.
|
||||
|
||||
The network map server also distributes the parameters file that define values for various settings that all nodes need
|
||||
to agree on to remain in sync.
|
||||
|
||||
.. note:: In Corda 3 no implementation of the HTTP network map server is provided. This is because the details of how
|
||||
a compatibility zone manages its membership (the databases, ticketing workflows, HSM hardware etc) is expected to vary
|
||||
between operators, so we provide a simple REST based protocol for uploading/downloading NodeInfos and managing
|
||||
network parameters. A future version of Corda may provide a simple "stub" implementation for running test zones.
|
||||
In Corda 3 the right way to run a test network is through distribution of the relevant files via your own mechanisms.
|
||||
We provide a tool to automate the bulk of this task (see below).
|
||||
|
||||
HTTP network map service
|
||||
------------------------
|
||||
|
||||
@ -31,6 +42,12 @@ The set of REST end-points for the network map service are as follows.
|
||||
| GET | /network-map/network-parameters/{hash} | Retrieve the signed network parameters (see below). The entire object is signed with the network map certificate which is also attached. |
|
||||
+----------------+-----------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
We use HTTP is used for the network map service instead of Corda's own AMQP based peer to peer messaging protocol to
|
||||
enable the server to be placed behind caching content delivery networks like Cloudflare, Akamai, Amazon S3 and so on.
|
||||
By using industrial HTTP cache networks the map server can be shielded from DoS attacks more effectively. Additionally,
|
||||
for the case of distributing small files that rarely change, HTTP is a well understood and optimised protocol. Corda's
|
||||
own protocol is designed for complex multi-way conversations between authenticated identities using signed binary
|
||||
messages separated into parallel and nested flows, which isn't necessary for network map distribution.
|
||||
|
||||
The ``additional-node-infos`` directory
|
||||
---------------------------------------
|
||||
@ -43,24 +60,39 @@ latest one is taken.
|
||||
|
||||
On startup the node generates its own signed node info file, filename of the format ``nodeInfo-${hash}``. To create a simple
|
||||
network without the HTTP network map service then simply place this file in the ``additional-node-infos`` directory
|
||||
of every node that's part of this network.
|
||||
of every node that's part of this network. For example, a simple way to do this is to use rsync.
|
||||
|
||||
Usually, test networks have a structure that is known ahead of time. For the creation of such networks we provide a
|
||||
``network-bootstrapper`` tool. This tool pre-generates node configuration directories if given the IP addresses/domain
|
||||
names of each machine in the network. The generated node directories contain the NodeInfos for every other node on
|
||||
the network, along with the network parameters file and identity certificates. Generated nodes do not need to all be
|
||||
online at once - an offline node that isn't being interacted with doesn't impact the network in any way. So a test
|
||||
cluster generated like this can be sized for the maximum size you may need, and then scaled up and down as necessary.
|
||||
|
||||
More information can be found in :doc:`setting-up-a-corda-network`.
|
||||
|
||||
Network parameters
|
||||
------------------
|
||||
|
||||
Network parameters are a set of values that every node participating in the zone needs to agree on and use to
|
||||
correctly interoperate with each other. If the node is using the HTTP network map service then on first startup it will
|
||||
download the signed network parameters, cache it in a ``network-parameters`` file and apply them on the node.
|
||||
correctly interoperate with each other. They can be thought of as an encapsulation of all aspects of a Corda deployment
|
||||
on which reasonable people may disagree. Whilst other blockchain/DLT systems typically require a source code fork to
|
||||
alter various constants (like the total number of coins in a cryptocurrency, port numbers to use etc), in Corda we
|
||||
have refactored these sorts of decisions out into a separate file and allow "zone operators" to make decisions about
|
||||
them. The operator signs a data structure that contains the values and they are distributed along with the network map.
|
||||
Tools are provided to gain user opt-in consent to a new version of the parameters and ensure everyone switches to them
|
||||
at the same time.
|
||||
|
||||
If the node is using the HTTP network map service then on first startup it will download the signed network parameters,
|
||||
cache it in a ``network-parameters`` file and apply them on the node.
|
||||
|
||||
.. warning:: If the ``network-parameters`` file is changed and no longer matches what the network map service is advertising
|
||||
then the node will automatically shutdown. Resolution to this is to delete the incorrect file and restart the node so
|
||||
that the parameters can be downloaded again.
|
||||
|
||||
.. note:: A future release will support the notion of phased rollout of network parameter changes.
|
||||
|
||||
If the node isn't using a HTTP network map service then it's expected the signed file is provided by some other means.
|
||||
For such a scenario there is the network bootstrapper tool which in addition to generating the network parameters file
|
||||
also distributes the node info files to the node directories. More information can be found in :doc:`setting-up-a-corda-network`.
|
||||
also distributes the node info files to the node directories.
|
||||
|
||||
The current set of network parameters:
|
||||
|
||||
@ -85,16 +117,23 @@ Network parameters update process
|
||||
---------------------------------
|
||||
|
||||
In case of the need to change network parameters Corda zone operator will start the update process. There are many reasons
|
||||
that may lead to this decision: we discovered that some new fields have to be added to enable smooth network interoperability or change
|
||||
of the existing compatibility constants is required due to upgrade or security reasons.
|
||||
that may lead to this decision: new fields that were added to enable smooth network interoperability, or a change
|
||||
of the existing compatibility constants is required, for example.
|
||||
|
||||
To synchronize all nodes in the compatibility zone to use the new set of the network parameters two RPC methods exist. The process
|
||||
requires human interaction and approval of the change.
|
||||
.. note:: A future release may support the notion of phased rollout of network parameter changes.
|
||||
|
||||
To synchronize all nodes in the compatibility zone to use the new set of the network parameters two RPC methods are
|
||||
provided. The process requires human interaction and approval of the change, so node operators can review the
|
||||
differences before agreeing to them.
|
||||
|
||||
When the update is about to happen the network map service starts to advertise the additional information with the usual network map
|
||||
data. It includes new network parameters hash, description of the change and the update deadline. Node queries network map server
|
||||
for the new set of parameters and emits ``ParametersUpdateInfo`` via ``CordaRPCOps::networkParametersFeed`` method to inform
|
||||
node operator about the event.
|
||||
data. It includes new network parameters hash, description of the change and the update deadline. Nodes query the network map server
|
||||
for the new set of parameters.
|
||||
|
||||
The fact a new set of parameters is being advertised shows up in the node logs with the message
|
||||
"Downloaded new network parameters", and programs connected via RPC can receive ``ParametersUpdateInfo`` by using
|
||||
the ``CordaRPCOps.networkParametersFeed`` method. Typically a zone operator would also email node operators to let them
|
||||
know about the details of the impending change, along with the justification, how to object, deadlines and so on.
|
||||
|
||||
.. container:: codeset
|
||||
|
||||
@ -103,12 +142,22 @@ node operator about the event.
|
||||
:start-after: DOCSTART 1
|
||||
:end-before: DOCEND 1
|
||||
|
||||
Node administrator can review the change and decide if is going to accept it. The approval should be done before ``updateDeadline``.
|
||||
Nodes that don't approve before the deadline will be removed from the network map.
|
||||
If the network operator starts advertising a different set of new parameters then that new set overrides the previous set. Only the latest update can be accepted.
|
||||
To send back parameters approval to the zone operator RPC method ``fun acceptNewNetworkParameters(parametersHash: SecureHash)``
|
||||
has to be called with ``parametersHash`` from update. Notice that the process cannot be undone.
|
||||
The node administrator can review the change and decide if they are going to accept it. The approval should be do
|
||||
before the update Deadline. Nodes that don't approve before the deadline will likely be removed from the network map by
|
||||
the zone operator, but that is a decision that is left to the operator's discretion. For example the operator might also
|
||||
choose to change the deadline instead.
|
||||
|
||||
If the network operator starts advertising a different set of new parameters then that new set overrides the previous set.
|
||||
Only the latest update can be accepted.
|
||||
|
||||
To send back parameters approval to the zone operator, the RPC method ``fun acceptNewNetworkParameters(parametersHash: SecureHash)``
|
||||
has to be called with ``parametersHash`` from update. Note that approval cannot be undone. You can do this via the Corda
|
||||
shell (see :doc:`shell`):
|
||||
|
||||
``run acceptNewNetworkParameters parametersHash: "ba19fc1b9e9c1c7cbea712efda5f78b53ae4e5d123c89d02c9da44ec50e9c17d"``
|
||||
|
||||
If the administrator does not accept the update then next time the node polls network map after the deadline, the
|
||||
advertised network parameters will be the updated ones. The previous set of parameters will no longer be valid.
|
||||
At this point the node will automatically shutdown and will require the node operator to bring it back again.
|
||||
|
||||
|
||||
Next time the node polls network map after the deadline the advertised network parameters will be the updated ones. Previous set
|
||||
of parameters will no longer be valid. At this point the node will automatically shutdown and will require the node operator
|
||||
to bring it back again.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user