# Glossary and Terminology **Last Updated:** 2025-01-20 **Document Version:** 1.0 **Status:** Active Documentation --- ## Overview This glossary provides definitions for terms, acronyms, and technical concepts used throughout the documentation. --- ## A ### API (Application Programming Interface) A set of protocols and tools for building software applications. In this context, refers to RPC APIs (ETH, NET, WEB3) exposed by Besu nodes. ### Archive Node A blockchain node that stores the complete historical state of the blockchain, including all transactions and state changes. See also: Full Node, RPC Node. --- ## B ### Besu Hyperledger Besu, an Ethereum client used for running blockchain nodes. Supports both public and private networks, with features like permissioning and QBFT consensus. ### Block A collection of transactions grouped together and added to the blockchain. In ChainID 138, blocks are produced approximately every 2 seconds using QBFT consensus. ### Blockscout An open-source blockchain explorer that provides a web interface for viewing blockchain data, transactions, and smart contracts. ### Break-glass Emergency access method that bypasses normal security controls. In this architecture, refers to optional inbound NAT rules for emergency access. --- ## C ### CCIP (Chainlink Cross-Chain Interoperability Protocol) A protocol for secure cross-chain communication and token transfers. The deployment includes Commit, Execute, and RMN node types. ### ChainID A unique identifier for a blockchain network. ChainID 138 is the identifier for the Sankofa/Phoenix/PanTel network. ### cloudflared The Cloudflare Tunnel client software that creates secure, encrypted connections between internal services and Cloudflare's edge network. ### Container (LXC) Linux Container, a lightweight virtualization technology used by Proxmox. Containers share the host kernel but have isolated filesystems and network namespaces. ### CORS (Cross-Origin Resource Sharing) A security feature that allows web applications to make requests to APIs from different domains. Configured in Besu RPC settings. --- ## D ### DHCP (Dynamic Host Configuration Protocol) A network protocol that automatically assigns IP addresses to devices on a network. Used for management VLAN (VLAN 11). ### DNS (Domain Name System) A system that translates domain names (e.g., `rpc-http-pub.d-bis.org`) to IP addresses. ### DON (Decentralized Oracle Network) A network of Chainlink nodes that work together to provide oracle services. In CCIP, there are Commit DONs and Execute DONs. --- ## E ### Egress Outbound network traffic leaving the internal network. Egress NAT pools map internal IPs to public IPs for allowlisting. ### Enode Ethereum node identifier, a unique address that identifies a blockchain node on the network. Format: `enode://@:` ### ER605 TP-Link ER605 router, used as the edge router in this architecture. Two routers (ER605-A and ER605-B) provide redundancy. ### ES216G TP-Link ES216G managed switch, used for network switching and VLAN trunking. Three switches provide core, compute, and management connectivity. --- ## F ### Failover Automatic switching to a backup system when the primary system fails. ER605 routers support WAN failover. ### Firewall Network security system that controls incoming and outgoing network traffic based on predetermined security rules. ### Full Node A blockchain node that stores the complete blockchain and validates all transactions. See also: Archive Node, RPC Node. --- ## G ### Gateway A network device that connects different networks and routes traffic between them. In this architecture, gateways are configured on ER605 routers for each VLAN. ### Genesis Block The first block in a blockchain. The genesis block contains the initial configuration, including validators and network parameters. --- ## H ### HA (High Availability) System design that ensures services remain available even if individual components fail. ER605 routers provide active/standby redundancy. ### Hostname A human-readable name assigned to a network device. In this architecture, hostnames follow patterns like `r630-01`, `ml110`, `besu-rpc-1`. --- ## I ### Ingress Inbound network traffic entering the internal network. In this architecture, ingress is primarily handled through Cloudflare tunnels. ### IPAM (IP Address Management) The process of planning, tracking, and managing IP address space. This architecture uses deterministic IPAM aligned with VMID allocation. ### ISP (Internet Service Provider) A company that provides internet access. This architecture uses Spectrum as the primary ISP, with a second ISP for failover. --- ## J ### JWT (JSON Web Token) A compact, URL-safe token format used for authentication. Besu RPC nodes use JWT tokens for secure API access. --- ## L ### LXC (Linux Container) See: Container ### Load Balancer A device or service that distributes network traffic across multiple servers to improve performance and reliability. --- ## M ### Mermaid A text-based diagramming language used to create flowcharts, sequence diagrams, and other visualizations in markdown documents. ### ML110 HP ML110 Gen9 server, used as the management and bootstrap node in this architecture. IP: 192.168.11.10 --- ## N ### NAT (Network Address Translation) A method of remapping IP addresses. In this architecture, NAT is used for egress traffic to map private IPs to public IPs for allowlisting. ### NPMplus Nginx Proxy Manager (or equivalent) LXC; VMID 10233. IPs 192.168.11.166 and 192.168.11.167; only .167 is used in UDM Pro port forwarding for public ingress (76.53.10.36:80/443 → 192.168.11.167:80/443). ### Nginx A web server and reverse proxy. In this architecture, Nginx Proxy Manager (VMID 105 or NPMplus VMID 10233) routes HTTP traffic to internal services. ### Node A computer or virtual machine that participates in a network. In blockchain context, refers to Besu nodes (validators, sentries, RPC nodes). --- ## O ### Omada TP-Link's network management system. Used for managing ER605 routers and ES216G switches. ### Oracle In blockchain context, a service that provides external data to smart contracts. Chainlink provides oracle services. --- ## P ### P2P (Peer-to-Peer) A network architecture where nodes communicate directly with each other without a central server. Blockchain networks use P2P for node communication. ### Permissioning A feature that restricts which nodes can join a blockchain network. Besu supports node permissioning and account permissioning. ### Proxmox VE (Proxmox Virtual Environment) An open-source server virtualization platform. Used to manage VMs and containers in this architecture. ### Public IP Block A range of public IP addresses assigned by an ISP. This architecture uses 6× /28 blocks (16 IPs each) for different purposes. --- ## Q ### QBFT (QBFT Consensus) QBFT (QBFT Byzantine Fault Tolerance) is a consensus algorithm used by Besu for private/permissioned networks. Provides fast block times and finality. --- ## R ### R630 Dell PowerEdge R630 server, used as compute nodes in the Proxmox cluster. Four R630 servers provide production compute capacity. ### RPC (Remote Procedure Call) A protocol for requesting services from remote programs. Besu nodes expose RPC APIs (HTTP and WebSocket) for blockchain interactions. ### RMN (Risk Management Network) A network of Chainlink nodes that provide security validation for CCIP operations. RMN nodes review and approve sensitive cross-chain operations. --- ## S ### Sentry Node A blockchain node that acts as a proxy between validator nodes and the public network, protecting validators from direct exposure. ### Sovereign Tenant An isolated tenant environment with dedicated resources and network segmentation. This architecture supports multiple sovereign tenants (SMOM, ICCC, DBIS, Absolute Realms). ### Static Node A hard-coded list of peer nodes that a blockchain node will always try to connect to. Used for reliable peer discovery in private networks. ### Subnet A logical subdivision of an IP network. This architecture uses multiple subnets (one per VLAN) for network segmentation. --- ## T ### TOML (Tom's Obvious Minimal Language) A configuration file format. Besu uses TOML files for node configuration. ### Tunnel An encrypted connection between networks. Cloudflare tunnels provide secure access to internal services without exposing public IPs. --- ## V ### Validator A blockchain node that participates in consensus by proposing and validating blocks. In QBFT, validators take turns proposing blocks. ### VLAN (Virtual Local Area Network) A logical network segment that groups devices regardless of physical location. This architecture uses 19 VLANs for network segmentation. ### VMID (Virtual Machine ID) A unique identifier assigned to each VM or container in Proxmox. This architecture uses a deterministic VMID allocation scheme (11,000 VMIDs). ### VM (Virtual Machine) A software emulation of a physical computer. Proxmox supports both VMs (full virtualization) and containers (LXC). --- ## W ### WebSocket A communication protocol that provides full-duplex communication over a single TCP connection. Used for real-time RPC subscriptions. ### UDM Pro Ubiquiti Dream Machine Pro; edge router replacing ER605 in current topology. Public IP 76.53.10.34; port forwards 76.53.10.36:80/443 to NPMplus 192.168.11.167. ### WAN (Wide Area Network) A network that spans a large geographic area. In this architecture, WAN refers to internet connections on UDM Pro (or ER605). --- ## Related Documentation - **[../02-architecture/NETWORK_ARCHITECTURE.md](../02-architecture/NETWORK_ARCHITECTURE.md)** ⭐⭐⭐ - Network architecture reference - **[../06-besu/BESU_OFFICIAL_REFERENCE.md](../06-besu/BESU_OFFICIAL_REFERENCE.md)** ⭐ - Besu official documentation - **[../07-ccip/CCIP_DEPLOYMENT_SPEC.md](../07-ccip/CCIP_DEPLOYMENT_SPEC.md)** ⭐⭐ - CCIP deployment specification --- **Last Updated:** 2025-01-20 **Review Cycle:** Quarterly