Archipel 2.0 release. What is new?
Sentry nodes, new options, multiple validators support and others new security features, discover Archipel 2.0 and it’s innovative consensus-based high availability solution.
Why Archipel?
Nowadays, many blockchain services are centralized on cloud infrastructure. For instance, around 70% of Ethereum nodes are in VPC and 63% of Ethereum Dapps use Infura Provider as this survey shows. We can imagine that in a few years some blockchain services can be banned from public cloud providers. Moreover, cloud providers can have an interruption of services and network issues.
For a better network resilience, one solution can be to have a decentralized infrastructure at home. The problem is that it is challenging to maintain a good quality of service at home. You can have internet connection or power cuts. As a result, it is very unsafe to install a Proof-of-Stake validator at home. Your validator must be always up (24/7) and ready to execute its duty. If not, you will be slashed by the network and lose your money. To solve this problem, we are creating a solution to provide high availability for blockchain services.
History
The initial idea of Archipel was born in 2019 during the ETHCC conference.
A few months later, we wanted to try our idea in action and we participated in the ETHBerlin Hackathon. You can read more about our participation and see the first working prototype in action here.
With only a few hours of sleep, we successfully managed to construct a not perfect but working solution. The first High-Availability setup using 3 DAppNodes was launched.
We had many good feedbacks from the members of the jury, and it inspired us to apply to the Web3 Foundation Grant Program to go further.
Our grant submission was accepted Web3 Foundation Grant program and we were able to bootstrap the Archipel project.
You can find all the project pathway from ETH berlin hackathon in 2019 to Grant Milestone 1 and Milestone 2 in our previous publications.
How does it work?
Let’s briefly recap how Archipel works.
On each DAppNode instance, several components are running :
- Archipel Substrate chain node
- Archipel Orchestrator
- Polkadot node
- Archipel Dashboard
The Archipel Orchestrator is connected to the Archipel Substrate chain. The Archipel Substrate chain allows the orchestrator to receive heartbeats from other Archipel participants, decide on leader nodes and manage the Polkadot node mode. The Polkadot node can be in an active or passive mode. In active mode Polkadot node acts like a validator and in passive mode it acts like a simple node and does only chain synchronization.
For more details on each component, see our Github README
Archipel 2.0 released
The Archipel 1.0 release was presented in April. Since then, we worked to improve our solution and now the Archipel 2.0 is here.
Confined Testing
After the 1.0 release, we tested in a distant forced confined situation a distributed setup of nodes.
You can see the live demo here “High-Availability setup with 3 federated DAppNode confined at home!”of the first distributed setup of Archipel solution.
What is new?
In this section we will tell you about some new features introduced in the Archipel 2.0 release.
Sentry nodes
We introduced a new specific sentry node role. Thanks to this, validator nodes are never exposed to the outside world. Archipel Polkadot validators are connected to the Polkadot Network only through these sentry nodes. This adds an additional layer of security for validator nodes. The communication between sentry and validator nodes is protected by Wireguard VPN.
External Sentry nodes
We also introduced the external sentry node role. This role has all the advantages of sentry nodes but can be deployed externally at any cloud provider. It adds an additional layer of security due to fact that the majority of cloud providers have DDoS protection. The communication between sentry and validator nodes can be also protected by Wireguard VPN.
Multiple validators in one Archipel chain
In the previous version, you were able to set up only one validator in one federation of nodes. Now you can add as many nodes as you want and create groups of nodes. Orchestration will then select one validator node for each group. With this change, it is now possible to run several validators (with different sessions keys) under one Archipel setup.
Choose your nodes number according to your cost/benefit/security requirements
The Archipel chain, needed for orchestration process, uses a 2/3 tolerance babe/grandpa consensus provided by the Substrate framework. So, the automatic smart orchestrator supports ⅓ nodes — 1 Archipel nodes down at the same time within the federation. If you set up 9 Archipel nodes authorities, you can tolerate 2 nodes down, 12 authorities you can tolerate 3 nodes down, and so forth…
Choose your High Availability security level through the number of nodes that suit your cost/benefit/security requirements.
If you reach the down threshold limit, all nodes will automatically switch into passive mode as a precautionary measure. You can then continue to validate but it requires a manual action from the Archipel administrator.
“Shoot The Other Node In The Head” aka STONITH
In a distributed system, it is very difficult to conclude that a node really is down. Possibly there is a small network problem and in a few seconds the node will become available. If we simply will assume that a validator node is down and will start another one with the same session keys, it can lead to double signing and slashing.
To solve that, a so-called STONITH algorithm can be used.
We prototyped an ‘electric outlet SMS shoot’ on the “Build Polkadot: Launch Bounty Challenges” and we earned the third place in the “surprise” bounty category.
Lets see the current workflow of STONITH with Archipel.
The current validator node is reported as down. At that moment we are not able to surely conclude that the node is really down. To confirm it, we are asking the 4G electrical outlet to turn off the validator node.
So before taking the leadership, an Archipel node sends a SMS command to the electrical outlet of the current validator instance. The Archipel node will take the lead and start as a validator only if a callback SMS confirmation is received from the remote outlet. SMS callback sent by the outlet confirms that electric turn off is effective. Thanks to this, we are reducing considerably the risk of double signing.
What next?
We constantly have new ideas to explore as you can see in our GitHub issues.
Polkadot Sentry nodes will become deprecated in october. That is why, more than ever, our cluster of redundant nodes will be important for the future setup and we will dive into remote signing features coming to see how to integrate it. We will also modify Archipel to respect new secure validators requirements setup after sentry nodes removal.
We have also ideas for administration improvements and new services supports
- Archipel light client for administrator remote commands
- ‘Harakiri command’ on potentially compromised node
- Support for other services or chains
- Support of multi-service running in parallel ( Polkadot, chain A, service B) in one Archipel cluster.
We constraint ourself to respect decentralized principle using as much as possible DAppNode as a root layer. But from these constraints, it also produces and creates opportunities, shared and shareable knowledge for Community calls.
So, please give stars at GitHub repository and stay tuned.
Try Archipel
We have detailed documentation explaining the Archipel testing and deployment process in our GitHub repository.
You can try Archipel using a DappNode Package or a Docker container:
You can also watch our special series of Archipel video tutorials. It will give you an introduction to the project as well as useful video tutorials for developers.
If you want to test our project locally on your Linux or Mac machine, you can use our testing documentation.
Conclusion
Your boarding on Archipel 2.0 is now complete !
We would like to thank the Web3 Foundation for helping us to bootstrap Archipel project and as well as Parity Technologies for the development of an excellent Substrate Framework. Finally, DAppNode team for their work and support along the way.
In the next blog post we will present our production ready Archipel Validators deployment. Stay tuned!
