status

Cardano network infrastructure

Published 11.1.2023

Cardano is a decentralised network. This means that it is run by volunteers from all over the world. All pool operators must operate their own Cardano full node. Cardano full node is also operated by all users who use the Daedalus wallet. All nodes communicate with each other and pass information about transactions and blocks. Each full node maintains its own version of the ledger. Let's take a look at what the Cardano infrastructure looks like.

TLDR

  • The pool operator must operate one block-producing node and at least one relay node.
  • Pool operators use cloud services to run relay nodes.
  • Using cloud services is not a significant risk for blockchain networks.

Block producer and relay nodes

Staking pool operators operate at least one block-producing node and one relay node. It is recommended to operate at least 2 relay nodes.

The block-producing node is not accessible from the public network for security reasons. Instead, it is connected to its own relay nodes that are visible on the public network and mediate communication with other relay nodes.

The block-producing node must be protected because it uses important keys and certificates for minting blocks. Relay nodes form an important layer of protection. Block-producing nodes are not visible to attackers at the network layer. Relay nodes do not produce blocks or maintain a ledger. It is not possible to steal the necessary keys and certificates from them.

The block-producing node should run on a dedicated server and should run a firewall that is configured to allow incoming connections only from relay nodes. Relay nodes should also run on dedicated servers.

It is wise to take into account the possible failure of the server on which the block-producing node is running and create a backup solution. Pool operators can run two block-producing nodes on two dedicated servers. One of them actively produces blocks, and the other is a backup and takes over the responsibility for block production when the first node becomes unavailable. The backup node can have its own relay nodes.

Cardano network depends on cloud services

The Cardano network consists of almost 6000 relay nodes. Approximately 1800 of them are in the USA, 1400 in Germany, and around 250 in Japan, the UK, Canada, etc.

1400 pool operators run only one relay node, 1000 of them run 2 relay nodes and over 230 of them run 3 relay nodes. Interestingly, 65 operators run 8 relay nodes.

Pool operators use cloud services to run relay nodes. Approximately 21% of operators use Amazon, 11% use DigitalOcean, 8% use Hetzner, 6% use Google, 5% use OVH, and so on. 27% of pool operators use other solutions, including running their own servers.

Where pool operators run block-producing nodes is not publicly available information. They can use cloud services or have their own server.

There are pool operators that use a different cloud service in a different territory for each relay node so that their block-producing node has a quality connection to the outside world.

Using cloud services is not a major risk

Using cloud services for Cardano infrastructure poses some risk, as the provider may terminate the service. Cardano's network would thus be temporarily compromised by the loss of several relay nodes. Transactions and blocks could propagate more slowly. Some block-producing nodes would be unable to broadcast newly minted blocks.

It is important to note that Cardano is not existentially threatened. If the 3 largest cloud providers were to terminate service at the same time and without warning, roughly 40% of relay nodes would cease to function. This means that Cardano would still produce at least 60% of the blocks. This is not a critical issue for pool operators as they can relatively quickly start a relay node in another cloud service on the other side of the world, or on their own server. Some operators will be able to respond to an event faster, others slower.

It is also important to note that it is not possible for cloud service providers, or authorities, to steal the ADA coins of operators or ADA coins that have been delegated to pools. As long as pool operators follow the rules for the secure handling of private keys, they always have them stored in cold storage. Even if the operator uses a cloud service for the block-producing node, the only things an attacker can obtain are the keys and certificates needed to mint the blocks. Moreover, these keys periodically expire and must be renewed through the operator's key.

In an ideal world, all pool operators would use their own servers which they would have full control over on their premises. In this case, it is difficult to provide protection against power or internet connection failure. The solution can be relatively expensive. It is economically viable to use cloud services that have built-in protection against outages.

Pool operators want to ensure 100% reliability of block production and therefore use the best possible solution. Cloud services are a form of centralization, but on the other hand, they provide a very high-quality infrastructure.

It can be very expensive for small pool operators to get their own servers. If they have no guarantee that their pool will be saturated it can be risky. Using a cloud service reduces business risk.

All blockchain networks use cloud services or gravitate towards some form of centralization at the network level. A 2022 report from Trail of Bits says that 60% of all Bitcoin traffic has traversed just three ISPs. About half of all public Bitcoin nodes were operating from hosting providers (Hetzner, OVH, Digital Ocean, and Amazon AWS). Many popular pools are also hosted in the cloud.

In August 2022, 52% of Ethereum nodes were running on Amazon, 17% on Hetzner and 4% on Oracle, etc.

Centralization at the network level is not necessarily a risk to decentralized consensus. Delegators have control over their stakes and can change their delegation at any time. If a pool stops producing blocks because a cloud provider has shut down a server, ADA coins can be delegated to another pool. Even if, say, 100 different pool operators use the same cloud service, each is responsible for its own node in terms of storing private keys. Each can independently of the others move the service elsewhere.

Conclusion

If pool operators decide to use a cloud service, it would be wise to choose one that currently has the smallest presence. This diversifies the risk of a large number of relay nodes failing in the event that a large cloud provider suddenly shuts down the service.

If cloud service providers stopped providing their infrastructure to blockchain networks, their decentralization at the network level would increase. This would actually be a win for users. However, as long as there is the option to use the cloud, it is very likely that pool operators will take advantage of it, as the solution is very reliable and no existing blockchain network has had any significant problem with it so far. Should a problem arise, it is relatively easy to solve and blockchain networks, including Cardano, will survive it.

Featured:

Related articles

Did you enjoy this article? Other great articles by the same author