We do have at least one requirement related to DDoS that we really need to address, which is that we need to be able to bind listeners in indy-node to a specific NIC. (I am told that, although we can declare in config that we’re binding to a specific NIC, logs reveal that we always bind to all NICs. This may be inaccurate, but if it is, we should teach people how to do it right, because apparently nobody is.) The reason I feel like this is urgent is that a major DDoS mitigation strategy for MGL was the requirement that all validators should have 2 NICs--one dedicated to consensus with other validators, and one dedicated to clients. If we have bad clients doing DDoS, but we have two NICs, then we shouldn’t be able to defeat consensus on the other NIC.
We need to make sure that we support using two separate NICs and provide detailed instructions on how it can be achieved.
We should explore working capacity of 2 NIC node configuration before we will configure persistent pool this way because now both node and client IPs bind to 0.0.0.0.
- Will node work with 2 NIC and different IPs for node and client in pool ledger?
- Will pool work with 1 / f+1 / n-f / n nodes configured this way?