A public-chain local edge pool that has been explicitly enabled in `config/gru-transport-active.json` for exposure in token-aggregation.
### Active Transport Pair
A canonical `c*` to mirrored `cW*` pair that is explicitly enabled by the GRU transport overlay and has the required mapping, deployment, and bridge-peer wiring.
A set of protocols and tools for building software applications. In this context, refers to RPC APIs (ETH, NET, WEB3) exposed by Besu nodes.
### Archive Node
A blockchain node that stores the complete historical state of the blockchain, including all transactions and state changes. See also: Full Node, RPC Node.
---
## B
### Besu
Hyperledger Besu, an Ethereum client used for running blockchain nodes. Supports both public and private networks, with features like permissioning and QBFT consensus.
### Block
A collection of transactions grouped together and added to the blockchain. In ChainID 138, blocks are produced approximately every 2 seconds using QBFT consensus.
### Blockscout
An open-source blockchain explorer that provides a web interface for viewing blockchain data, transactions, and smart contracts.
### Break-glass
Emergency access method that bypasses normal security controls. In this architecture, refers to optional inbound NAT rules for emergency access.
The source-of-truth `c*` asset on Chain 138. In GRU Transport, the canonical asset is locked/released on Chain 138 while public chains hold mirrored `cW*` form.
The GRU monetary classification for public-network `cW*` assets. These are mirrored transport representations of canonical Chain 138 `c*` assets, not generic wrapped tokens.
The Cloudflare Tunnel client software that creates secure, encrypted connections between internal services and Cloudflare's edge network.
### Container (LXC)
Linux Container, a lightweight virtualization technology used by Proxmox. Containers share the host kernel but have isolated filesystems and network namespaces.
### CORS (Cross-Origin Resource Sharing)
A security feature that allows web applications to make requests to APIs from different domains. Configured in Besu RPC settings.
---
## D
### DHCP (Dynamic Host Configuration Protocol)
A network protocol that automatically assigns IP addresses to devices on a network. Used for management VLAN (VLAN 11).
### DNS (Domain Name System)
A system that translates domain names (e.g., `rpc-http-pub.d-bis.org`) to IP addresses.
### DON (Decentralized Oracle Network)
A network of Chainlink nodes that work together to provide oracle services. In CCIP, there are Commit DONs and Execute DONs.
---
## E
### Egress
Outbound network traffic leaving the internal network. Egress NAT pools map internal IPs to public IPs for allowlisting.
### Enode
Ethereum node identifier, a unique address that identifies a blockchain node on the network. Format: `enode://<node-id>@<ip>:<port>`
### ER605
TP-Link ER605 router, used as the edge router in this architecture. Two routers (ER605-A and ER605-B) provide redundancy.
### ES216G
TP-Link ES216G managed switch, used for network switching and VLAN trunking. Three switches provide core, compute, and management connectivity.
---
## F
### Failover
Automatic switching to a backup system when the primary system fails. ER605 routers support WAN failover.
### Firewall
Network security system that controls incoming and outgoing network traffic based on predetermined security rules.
### Full Node
A blockchain node that stores the complete blockchain and validates all transactions. See also: Archive Node, RPC Node.
---
## G
### Gateway
A network device that connects different networks and routes traffic between them. In this architecture, gateways are configured on ER605 routers for each VLAN.
### Genesis Block
The first block in a blockchain. The genesis block contains the initial configuration, including validators and network parameters.
The cross-chain issuance, transport, routing, reserve-verification, and redemption system that moves canonical `c*` from Chain 138 into public-network `cW*` form under JSON-gated policy controls.
### GRU Transport
The short operator-facing name for the GRU Monetary Transport Layer.
A GRU transport pair whose outbound wrapping is controlled by reserve-verifier checks and per-destination outstanding limits. The hard-peg truth is redemption into canonical `c*`, not secondary-market pool price.
Nginx Proxy Manager (or equivalent) LXC; VMID 10233. IPs 192.168.11.166 and 192.168.11.167; only .167 is used in UDM Pro port forwarding for public ingress (76.53.10.36:80/443 → 192.168.11.167:80/443).
A computer or virtual machine that participates in a network. In blockchain context, refers to Besu nodes (validators, sentries, RPC nodes).
---
## O
### Omada
TP-Link's network management system. Used for managing ER605 routers and ES216G switches.
### Oracle
In blockchain context, a service that provides external data to smart contracts. Chainlink provides oracle services.
---
## P
### P2P (Peer-to-Peer)
A network architecture where nodes communicate directly with each other without a central server. Blockchain networks use P2P for node communication.
### Permissioning
A feature that restricts which nodes can join a blockchain network. Besu supports node permissioning and account permissioning.
### Proxmox VE (Proxmox Virtual Environment)
An open-source server virtualization platform. Used to manage VMs and containers in this architecture.
### Public IP Block
A range of public IP addresses assigned by an ISP. This architecture uses 6× /28 blocks (16 IPs each) for different purposes.
---
## Q
### QBFT (QBFT Consensus)
QBFT (QBFT Byzantine Fault Tolerance) is a consensus algorithm used by Besu for private/permissioned networks. Provides fast block times and finality.
---
## R
### R630
Dell PowerEdge R630 server, used as compute nodes in the Proxmox cluster. Four R630 servers provide production compute capacity.
### RPC (Remote Procedure Call)
A protocol for requesting services from remote programs. Besu nodes expose RPC APIs (HTTP and WebSocket) for blockchain interactions.
### RMN (Risk Management Network)
A network of Chainlink nodes that provide security validation for CCIP operations. RMN nodes review and approve sensitive cross-chain operations.
---
## S
### Sentry Node
A blockchain node that acts as a proxy between validator nodes and the public network, protecting validators from direct exposure.
### Sovereign Tenant
An isolated tenant environment with dedicated resources and network segmentation. This architecture supports multiple sovereign tenants (SMOM, ICCC, DBIS, Absolute Realms).
### Static Node
A hard-coded list of peer nodes that a blockchain node will always try to connect to. Used for reliable peer discovery in private networks.
### Subnet
A logical subdivision of an IP network. This architecture uses multiple subnets (one per VLAN) for network segmentation.
---
## T
### TOML (Tom's Obvious Minimal Language)
A configuration file format. Besu uses TOML files for node configuration.
### Tunnel
An encrypted connection between networks. Cloudflare tunnels provide secure access to internal services without exposing public IPs.
---
## V
### Validator
A blockchain node that participates in consensus by proposing and validating blocks. In QBFT, validators take turns proposing blocks.
### VLAN (Virtual Local Area Network)
A logical network segment that groups devices regardless of physical location. This architecture uses 19 VLANs for network segmentation.
### VMID (Virtual Machine ID)
A unique identifier assigned to each VM or container in Proxmox. This architecture uses a deterministic VMID allocation scheme (11,000 VMIDs).
### VM (Virtual Machine)
A software emulation of a physical computer. Proxmox supports both VMs (full virtualization) and containers (LXC).
---
## W
### WebSocket
A communication protocol that provides full-duplex communication over a single TCP connection. Used for real-time RPC subscriptions.
Ubiquiti Dream Machine Pro; edge router replacing ER605 in current topology. Public IP 76.53.10.34; port forwards 76.53.10.36:80/443 to NPMplus 192.168.11.167.
