This glossary provides definitions for terms, acronyms, and technical concepts used throughout the documentation.
---
## A
### API (Application Programming Interface)
A set of protocols and tools for building software applications. In this context, refers to RPC APIs (ETH, NET, WEB3) exposed by Besu nodes.
### Archive Node
A blockchain node that stores the complete historical state of the blockchain, including all transactions and state changes. See also: Full Node, RPC Node.
---
## B
### Besu
Hyperledger Besu, an Ethereum client used for running blockchain nodes. Supports both public and private networks, with features like permissioning and QBFT consensus.
### Block
A collection of transactions grouped together and added to the blockchain. In ChainID 138, blocks are produced approximately every 2 seconds using QBFT consensus.
### Blockscout
An open-source blockchain explorer that provides a web interface for viewing blockchain data, transactions, and smart contracts.
### Break-glass
Emergency access method that bypasses normal security controls. In this architecture, refers to optional inbound NAT rules for emergency access.
A protocol for secure cross-chain communication and token transfers. The deployment includes Commit, Execute, and RMN node types.
### ChainID
A unique identifier for a blockchain network. ChainID 138 is the identifier for the Sankofa/Phoenix/PanTel network.
### cloudflared
The Cloudflare Tunnel client software that creates secure, encrypted connections between internal services and Cloudflare's edge network.
### Container (LXC)
Linux Container, a lightweight virtualization technology used by Proxmox. Containers share the host kernel but have isolated filesystems and network namespaces.
### CORS (Cross-Origin Resource Sharing)
A security feature that allows web applications to make requests to APIs from different domains. Configured in Besu RPC settings.
---
## D
### DHCP (Dynamic Host Configuration Protocol)
A network protocol that automatically assigns IP addresses to devices on a network. Used for management VLAN (VLAN 11).
### DNS (Domain Name System)
A system that translates domain names (e.g., `rpc-http-pub.d-bis.org`) to IP addresses.
### DON (Decentralized Oracle Network)
A network of Chainlink nodes that work together to provide oracle services. In CCIP, there are Commit DONs and Execute DONs.
---
## E
### Egress
Outbound network traffic leaving the internal network. Egress NAT pools map internal IPs to public IPs for allowlisting.
### Enode
Ethereum node identifier, a unique address that identifies a blockchain node on the network. Format: `enode://<node-id>@<ip>:<port>`
### ER605
TP-Link ER605 router, used as the edge router in this architecture. Two routers (ER605-A and ER605-B) provide redundancy.
### ES216G
TP-Link ES216G managed switch, used for network switching and VLAN trunking. Three switches provide core, compute, and management connectivity.
---
## F
### Failover
Automatic switching to a backup system when the primary system fails. ER605 routers support WAN failover.
### Firewall
Network security system that controls incoming and outgoing network traffic based on predetermined security rules.
### Full Node
A blockchain node that stores the complete blockchain and validates all transactions. See also: Archive Node, RPC Node.
---
## G
### Gateway
A network device that connects different networks and routes traffic between them. In this architecture, gateways are configured on ER605 routers for each VLAN.
### Genesis Block
The first block in a blockchain. The genesis block contains the initial configuration, including validators and network parameters.
---
## H
### HA (High Availability)
System design that ensures services remain available even if individual components fail. ER605 routers provide active/standby redundancy.
### Hostname
A human-readable name assigned to a network device. In this architecture, hostnames follow patterns like `r630-01`, `ml110`, `besu-rpc-1`.
---
## I
### Ingress
Inbound network traffic entering the internal network. In this architecture, ingress is primarily handled through Cloudflare tunnels.
### IPAM (IP Address Management)
The process of planning, tracking, and managing IP address space. This architecture uses deterministic IPAM aligned with VMID allocation.
### ISP (Internet Service Provider)
A company that provides internet access. This architecture uses Spectrum as the primary ISP, with a second ISP for failover.
---
## J
### JWT (JSON Web Token)
A compact, URL-safe token format used for authentication. Besu RPC nodes use JWT tokens for secure API access.
---
## L
### LXC (Linux Container)
See: Container
### Load Balancer
A device or service that distributes network traffic across multiple servers to improve performance and reliability.
---
## M
### Mermaid
A text-based diagramming language used to create flowcharts, sequence diagrams, and other visualizations in markdown documents.
### ML110
HP ML110 Gen9 server, used as the management and bootstrap node in this architecture. IP: 192.168.11.10
---
## N
### NAT (Network Address Translation)
A method of remapping IP addresses. In this architecture, NAT is used for egress traffic to map private IPs to public IPs for allowlisting.
Nginx Proxy Manager (or equivalent) LXC; VMID 10233. IPs 192.168.11.166 and 192.168.11.167; only .167 is used in UDM Pro port forwarding for public ingress (76.53.10.36:80/443 → 192.168.11.167:80/443).
A computer or virtual machine that participates in a network. In blockchain context, refers to Besu nodes (validators, sentries, RPC nodes).
---
## O
### Omada
TP-Link's network management system. Used for managing ER605 routers and ES216G switches.
### Oracle
In blockchain context, a service that provides external data to smart contracts. Chainlink provides oracle services.
---
## P
### P2P (Peer-to-Peer)
A network architecture where nodes communicate directly with each other without a central server. Blockchain networks use P2P for node communication.
### Permissioning
A feature that restricts which nodes can join a blockchain network. Besu supports node permissioning and account permissioning.
### Proxmox VE (Proxmox Virtual Environment)
An open-source server virtualization platform. Used to manage VMs and containers in this architecture.
### Public IP Block
A range of public IP addresses assigned by an ISP. This architecture uses 6× /28 blocks (16 IPs each) for different purposes.
---
## Q
### QBFT (QBFT Consensus)
QBFT (QBFT Byzantine Fault Tolerance) is a consensus algorithm used by Besu for private/permissioned networks. Provides fast block times and finality.
---
## R
### R630
Dell PowerEdge R630 server, used as compute nodes in the Proxmox cluster. Four R630 servers provide production compute capacity.
### RPC (Remote Procedure Call)
A protocol for requesting services from remote programs. Besu nodes expose RPC APIs (HTTP and WebSocket) for blockchain interactions.
### RMN (Risk Management Network)
A network of Chainlink nodes that provide security validation for CCIP operations. RMN nodes review and approve sensitive cross-chain operations.
---
## S
### Sentry Node
A blockchain node that acts as a proxy between validator nodes and the public network, protecting validators from direct exposure.
### Sovereign Tenant
An isolated tenant environment with dedicated resources and network segmentation. This architecture supports multiple sovereign tenants (SMOM, ICCC, DBIS, Absolute Realms).
### Static Node
A hard-coded list of peer nodes that a blockchain node will always try to connect to. Used for reliable peer discovery in private networks.
### Subnet
A logical subdivision of an IP network. This architecture uses multiple subnets (one per VLAN) for network segmentation.
---
## T
### TOML (Tom's Obvious Minimal Language)
A configuration file format. Besu uses TOML files for node configuration.
### Tunnel
An encrypted connection between networks. Cloudflare tunnels provide secure access to internal services without exposing public IPs.
---
## V
### Validator
A blockchain node that participates in consensus by proposing and validating blocks. In QBFT, validators take turns proposing blocks.
### VLAN (Virtual Local Area Network)
A logical network segment that groups devices regardless of physical location. This architecture uses 19 VLANs for network segmentation.
### VMID (Virtual Machine ID)
A unique identifier assigned to each VM or container in Proxmox. This architecture uses a deterministic VMID allocation scheme (11,000 VMIDs).
### VM (Virtual Machine)
A software emulation of a physical computer. Proxmox supports both VMs (full virtualization) and containers (LXC).
---
## W
### WebSocket
A communication protocol that provides full-duplex communication over a single TCP connection. Used for real-time RPC subscriptions.
Ubiquiti Dream Machine Pro; edge router replacing ER605 in current topology. Public IP 76.53.10.34; port forwards 76.53.10.36:80/443 to NPMplus 192.168.11.167.
