Thank you for your time and appreciate all the hard work that is going on behind the scenes with engineers pulling 100 hour weeks.
A question that has come a couple times is what are the necessary routing rules for P-Reps to Citizen nodes.
My understanding is that we will be building a DDoS rate limiting nginx auto-scaling layer in front of the P-Rep nodes which are only serving traffic over 7100/9000 to two separate whitelists of peers. The citizen nodes on the other hand need to be open to the world on 9000 and can be run in an auto-scaling group behind a load balancer or just exposed and registered individually.
The real question is, can P-Reps then only to talk to it’s own Citizen node and can lock down 9000 between their security groups so P-Reps don’t expose 9000 to anyone else? This is where I think I am wrong because I just finally dug into Block42’s work and reread the docs. It seems the converse of this is the Citizen is not needed at all but that doesn’t seem true. So how exactly does the Citizen connect to the P-Rep?
This has not been my focus but another one of our engineers. I will put together further network maps and start a cleaner thread later backed with terraform code to codify any answer.
Some other questions as an aside, they can wait for next weeks AMA.
- Are you planning on moving traffic from L4 to L7 and what can P-Reps do to help / prepare?
- Are you going to release the Dockerfiles for P-Rep soon? Insight would love to decouple and distribute as Ansible playbooks.
- How can P-Reps help more in TestNets with delivering logs or building tooling that could help
- Would you like a script that runs a TestNet with however many nodes you want and an agent installed on each node that you can run system updates across the network to test different application releases on even in CI and have all logs / metrics piped to Elasticsearch and Prometheus? Not blowing smoke, honestly wondering if that is something you want. Insight can do that soon with buy-in.
Thanks again for your time and sorry for long post.