fbda1b4beb
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
12 KiB
CCIP Deployment Specification - ChainID 138
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Status: Deployment-ready, fully enabled CCIP lane
Total Nodes: 41 (minimum) or 43 (with 7 RMN nodes)
VMID Range: 5400-5599 (200 VMIDs available)
Overview
This specification defines the deployment of a fully enabled CCIP lane for ChainID 138, including all required components for operational readiness:
CCIP Fleet Architecture Diagram
graph TB
Internet[Internet]
ER605[ER605 Router]
subgraph CCIPNetwork[CCIP Network]
subgraph CommitDON[Commit DON - VLAN 132]
Commit1[CCIP-COMMIT-01<br/>VMID 5410]
Commit2[CCIP-COMMIT-02<br/>VMID 5411]
Commit16[CCIP-COMMIT-16<br/>VMID 5425]
end
subgraph ExecDON[Execute DON - VLAN 133]
Exec1[CCIP-EXEC-01<br/>VMID 5440]
Exec2[CCIP-EXEC-02<br/>VMID 5441]
Exec16[CCIP-EXEC-16<br/>VMID 5455]
end
subgraph RMN[RMN - VLAN 134]
RMN1[CCIP-RMN-01<br/>VMID 5470]
RMN2[CCIP-RMN-02<br/>VMID 5471]
RMN7[CCIP-RMN-07<br/>VMID 5476]
end
subgraph Ops[Ops/Admin - VLAN 130]
Ops1[CCIP-OPS-01<br/>VMID 5400]
Ops2[CCIP-OPS-02<br/>VMID 5401]
end
end
Internet --> ER605
ER605 --> CommitDON
ER605 --> ExecDON
ER605 --> RMN
ER605 --> Ops
CommitDON -->|NAT Pool Block #2| Internet
ExecDON -->|NAT Pool Block #3| Internet
RMN -->|NAT Pool Block #4| Internet
-
Transactional Oracle Nodes (32 nodes)
- Commit-role nodes (16)
- Execute-role nodes (16)
-
Risk Management Network (RMN) (5-7 nodes)
-
Operational Control Plane (4 nodes)
- Admin/Ops nodes (2)
- Monitoring/Telemetry nodes (2)
Node Allocation
A) CCIP Transactional Oracle Nodes (32 nodes)
1. Commit-Role Chainlink Nodes (16 nodes)
VMIDs: 5410-5425
Hostnames: CCIP-COMMIT-01 through CCIP-COMMIT-16
Purpose: Observe finalized source-chain events, build Merkle roots, and submit commit reports (request RMN "blessings" when applicable).
Responsibilities:
- Monitor source chain (ChainID 138) for finalized events
- Build Merkle roots from observed events
- Submit commit reports to the commit DON
- Request RMN validation for security-sensitive operations
| VMID | Hostname | Role | Function |
|---|---|---|---|
| 5410 | CCIP-COMMIT-01 | Commit Oracle | Commit-role Chainlink node |
| 5411 | CCIP-COMMIT-02 | Commit Oracle | Commit-role Chainlink node |
| 5412 | CCIP-COMMIT-03 | Commit Oracle | Commit-role Chainlink node |
| 5413 | CCIP-COMMIT-04 | Commit Oracle | Commit-role Chainlink node |
| 5414 | CCIP-COMMIT-05 | Commit Oracle | Commit-role Chainlink node |
| 5415 | CCIP-COMMIT-06 | Commit Oracle | Commit-role Chainlink node |
| 5416 | CCIP-COMMIT-07 | Commit Oracle | Commit-role Chainlink node |
| 5417 | CCIP-COMMIT-08 | Commit Oracle | Commit-role Chainlink node |
| 5418 | CCIP-COMMIT-09 | Commit Oracle | Commit-role Chainlink node |
| 5419 | CCIP-COMMIT-10 | Commit Oracle | Commit-role Chainlink node |
| 5420 | CCIP-COMMIT-11 | Commit Oracle | Commit-role Chainlink node |
| 5421 | CCIP-COMMIT-12 | Commit Oracle | Commit-role Chainlink node |
| 5422 | CCIP-COMMIT-13 | Commit Oracle | Commit-role Chainlink node |
| 5423 | CCIP-COMMIT-14 | Commit Oracle | Commit-role Chainlink node |
| 5424 | CCIP-COMMIT-15 | Commit Oracle | Commit-role Chainlink node |
| 5425 | CCIP-COMMIT-16 | Commit Oracle | Commit-role Chainlink node |
2. Execute-Role Chainlink Nodes (16 nodes)
VMIDs: 5440-5455
Hostnames: CCIP-EXEC-01 through CCIP-EXEC-16
Purpose: Monitor pending executions on destination chains, verify proofs, and execute messages on destination chains.
Responsibilities:
- Monitor destination chains for pending CCIP executions
- Verify Merkle proofs from commit reports
- Execute validated messages on destination chains
- Coordinate with commit DON for message verification
| VMID | Hostname | Role | Function |
|---|---|---|---|
| 5440 | CCIP-EXEC-01 | Execute Oracle | Execute-role Chainlink node |
| 5441 | CCIP-EXEC-02 | Execute Oracle | Execute-role Chainlink node |
| 5442 | CCIP-EXEC-03 | Execute Oracle | Execute-role Chainlink node |
| 5443 | CCIP-EXEC-04 | Execute Oracle | Execute-role Chainlink node |
| 5444 | CCIP-EXEC-05 | Execute Oracle | Execute-role Chainlink node |
| 5445 | CCIP-EXEC-06 | Execute Oracle | Execute-role Chainlink node |
| 5446 | CCIP-EXEC-07 | Execute Oracle | Execute-role Chainlink node |
| 5447 | CCIP-EXEC-08 | Execute Oracle | Execute-role Chainlink node |
| 5448 | CCIP-EXEC-09 | Execute Oracle | Execute-role Chainlink node |
| 5449 | CCIP-EXEC-10 | Execute Oracle | Execute-role Chainlink node |
| 5450 | CCIP-EXEC-11 | Execute Oracle | Execute-role Chainlink node |
| 5451 | CCIP-EXEC-12 | Execute Oracle | Execute-role Chainlink node |
| 5452 | CCIP-EXEC-13 | Execute Oracle | Execute-role Chainlink node |
| 5453 | CCIP-EXEC-14 | Execute Oracle | Execute-role Chainlink node |
| 5454 | CCIP-EXEC-15 | Execute Oracle | Execute-role Chainlink node |
| 5455 | CCIP-EXEC-16 | Execute Oracle | Execute-role Chainlink node |
B) Risk Management Network (RMN) (5-7 nodes)
VMIDs: 5470-5474 (minimum 5) or 5470-5476 (recommended 7)
Hostnames: CCIP-RMN-01 through CCIP-RMN-05 (or CCIP-RMN-07)
Purpose: Independent security network that monitors and validates CCIP behavior, providing an additional security layer before commits/execution proceed.
Responsibilities:
- Independently monitor CCIP commit and execute operations
- Validate security-critical transactions
- Provide "blessing" approvals for high-value operations
- Act as independent security audit layer
| VMID | Hostname | Role | Function |
|---|---|---|---|
| 5470 | CCIP-RMN-01 | RMN Node | Risk Management Network node |
| 5471 | CCIP-RMN-02 | RMN Node | Risk Management Network node |
| 5472 | CCIP-RMN-03 | RMN Node | Risk Management Network node |
| 5473 | CCIP-RMN-04 | RMN Node | Risk Management Network node |
| 5474 | CCIP-RMN-05 | RMN Node | Risk Management Network node |
| 5475 | CCIP-RMN-06 | RMN Node | Risk Management Network node (optional) |
| 5476 | CCIP-RMN-07 | RMN Node | Risk Management Network node (optional) |
Recommendation: Deploy 7 RMN nodes (5470-5476) for stronger fault tolerance from day-1.
C) Operational Control Plane (4 nodes)
3. CCIP Ops / Admin (2 nodes)
VMIDs: 5400-5401
Hostnames: CCIP-OPS-01, CCIP-OPS-02
Purpose: Primary operational control plane for CCIP network management, key rotation, and manual execution operations.
Responsibilities:
- Network administration and configuration management
- Key rotation and access control
- Manual execution coordination
- Emergency response operations
| VMID | Hostname | Role | Function |
|---|---|---|---|
| 5400 | CCIP-OPS-01 | Admin | Primary CCIP operations/admin node |
| 5401 | CCIP-OPS-02 | Admin | Backup CCIP operations/admin node |
4. CCIP Monitoring / Telemetry (2 nodes)
VMIDs: 5402-5403
Hostnames: CCIP-MON-01, CCIP-MON-02
Purpose: Metrics collection, log aggregation, alerting, and operational visibility.
Responsibilities:
- Metrics collection and aggregation
- Log aggregation and analysis
- Alerting and notification management
- Operational dashboard and visibility
| VMID | Hostname | Role | Function |
|---|---|---|---|
| 5402 | CCIP-MON-01 | Monitoring | Primary CCIP monitoring/telemetry node |
| 5403 | CCIP-MON-02 | Monitoring | Redundant CCIP monitoring/telemetry node |
Complete VMID Allocation
| Component | VMID Range | Count | Hostname Pattern |
|---|---|---|---|
| CCIP-OPS | 5400-5401 | 2 | CCIP-OPS-01..02 |
| CCIP-MON | 5402-5403 | 2 | CCIP-MON-01..02 |
| CCIP-COMMIT | 5410-5425 | 16 | CCIP-COMMIT-01..16 |
| CCIP-EXEC | 5440-5455 | 16 | CCIP-EXEC-01..16 |
| CCIP-RMN (min) | 5470-5474 | 5 | CCIP-RMN-01..05 |
| CCIP-RMN (opt) | 5475-5476 | 2 | CCIP-RMN-06..07 |
| Total (min) | 5400-5474 | 41 | - |
| Total (rec) | 5400-5476 | 43 | - |
Deployment Summary
Minimum Deployment (41 nodes)
- ✅ 2 Ops nodes
- ✅ 2 Monitoring nodes
- ✅ 16 Commit nodes
- ✅ 16 Execute nodes
- ✅ 5 RMN nodes
Recommended Deployment (43 nodes)
- ✅ 2 Ops nodes
- ✅ 2 Monitoring nodes
- ✅ 16 Commit nodes
- ✅ 16 Execute nodes
- ✅ 7 RMN nodes (stronger fault tolerance)
Architecture Notes
CCIP Role Architecture
Important: Chainlink's CCIP v1.6 uses a Role DON architecture where nodes run Commit and Execute OCR plugins. The terms "Committing DON" and "Executing DON" refer to role subsets, not separate networks.
For infrastructure planning:
- Commit-role nodes handle source chain observation and commit report generation
- Execute-role nodes handle destination chain message execution
- RMN nodes provide independent security validation
- Ops/Monitoring nodes provide operational control and visibility
Security Model
The RMN (Risk Management Network) provides an additional security layer by:
- Independently validating CCIP operations
- Providing "blessing" approvals for high-value transactions
- Acting as a security audit layer separate from the oracle quorum
Network Requirements
VLAN Assignments (Post-Migration)
Once VLAN migration is complete, CCIP nodes will be assigned to the following VLANs:
| Role | VLAN ID | VLAN Name | Subnet | Gateway | Egress NAT Pool |
|---|---|---|---|---|---|
| Ops/Admin | 130 | CCIP-OPS | 10.130.0.0/24 | 10.130.0.1 | Block #1 (restricted) |
| Monitoring | 131 | CCIP-MON | 10.131.0.0/24 | 10.131.0.1 | Block #1 (restricted) |
| Commit | 132 | CCIP-COMMIT | 10.132.0.0/24 | 10.132.0.1 | Block #2 <PUBLIC_BLOCK_2>/28 |
| Execute | 133 | CCIP-EXEC | 10.133.0.0/24 | 10.133.0.1 | Block #3 <PUBLIC_BLOCK_3>/28 |
| RMN | 134 | CCIP-RMN | 10.134.0.0/24 | 10.134.0.1 | Block #4 <PUBLIC_BLOCK_4>/28 |
Interim Network (Pre-VLAN Migration)
Status: ✅ Range cleared 2026-02-01. No conflicts.
While still on flat LAN (192.168.11.0/24), use interim IP assignments:
- Ops/Admin: 192.168.11.170-171
- Monitoring: 192.168.11.172-173
- Commit: 192.168.11.174-189
- Execute: 192.168.11.190-205
- RMN: 192.168.11.206-212
Connectivity
- All CCIP nodes must have connectivity to:
- Source chain (ChainID 138 - Besu network)
- Destination chain(s) (to be specified)
- Each other (for OCR/DON coordination)
- RMN nodes (for security validation)
Ports
- Standard Chainlink node ports (configurable)
- P2P networking for OCR coordination
- RPC endpoints for chain connectivity
- Monitoring/metrics endpoints
Egress NAT Configuration
Role-based egress NAT pools provide provable separation and allowlisting:
-
Commit nodes (VLAN 132): Egress via Block #2
- Allows allowlisting of commit node egress IPs
- Enables source chain RPC allowlisting
-
Execute nodes (VLAN 133): Egress via Block #3
- Allows allowlisting of execute node egress IPs
- Enables destination chain RPC allowlisting
-
RMN nodes (VLAN 134): Egress via Block #4
- Independent security-plane egress
- Enables RMN-specific allowlisting
See NETWORK_ARCHITECTURE.md for complete network architecture.
Next Steps
- ✅ VMID allocation defined (5400-5599 range)
- ⏳ Deploy operational control plane (5400-5403)
- ⏳ Deploy commit oracle nodes (5410-5425)
- ⏳ Deploy execute oracle nodes (5440-5455)
- ⏳ Deploy RMN nodes (5470-5474 or 5470-5476)
- ⏳ Configure CCIP lane connections
- ⏳ Configure destination chain(s) connectivity