Files

defiQUG cb47cce074 Complete markdown files cleanup and organization

- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.

2026-01-06 01:46:25 -08:00

12 KiB

Raw Blame History

CCIP Deployment Specification - ChainID 138

Status: Deployment-ready, fully enabled CCIP lane
Total Nodes: 41 (minimum) or 43 (with 7 RMN nodes)
VMID Range: 5400-5599 (200 VMIDs available)

Overview

This specification defines the deployment of a fully enabled CCIP lane for ChainID 138, including all required components for operational readiness:

CCIP Fleet Architecture Diagram

graph TB
    Internet[Internet]
    ER605[ER605 Router]
    
    subgraph CCIPNetwork[CCIP Network]
        subgraph CommitDON[Commit DON - VLAN 132]
            Commit1[CCIP-COMMIT-01<br/>VMID 5410]
            Commit2[CCIP-COMMIT-02<br/>VMID 5411]
            Commit16[CCIP-COMMIT-16<br/>VMID 5425]
        end
        
        subgraph ExecDON[Execute DON - VLAN 133]
            Exec1[CCIP-EXEC-01<br/>VMID 5440]
            Exec2[CCIP-EXEC-02<br/>VMID 5441]
            Exec16[CCIP-EXEC-16<br/>VMID 5455]
        end
        
        subgraph RMN[RMN - VLAN 134]
            RMN1[CCIP-RMN-01<br/>VMID 5470]
            RMN2[CCIP-RMN-02<br/>VMID 5471]
            RMN7[CCIP-RMN-07<br/>VMID 5476]
        end
        
        subgraph Ops[Ops/Admin - VLAN 130]
            Ops1[CCIP-OPS-01<br/>VMID 5400]
            Ops2[CCIP-OPS-02<br/>VMID 5401]
        end
    end
    
    Internet --> ER605
    ER605 --> CommitDON
    ER605 --> ExecDON
    ER605 --> RMN
    ER605 --> Ops
    
    CommitDON -->|NAT Pool Block #2| Internet
    ExecDON -->|NAT Pool Block #3| Internet
    RMN -->|NAT Pool Block #4| Internet

Transactional Oracle Nodes (32 nodes)
- Commit-role nodes (16)
- Execute-role nodes (16)
Risk Management Network (RMN) (5-7 nodes)
Operational Control Plane (4 nodes)
- Admin/Ops nodes (2)
- Monitoring/Telemetry nodes (2)

Node Allocation

A) CCIP Transactional Oracle Nodes (32 nodes)

1. Commit-Role Chainlink Nodes (16 nodes)

VMIDs: 5410-5425
Hostnames: CCIP-COMMIT-01 through CCIP-COMMIT-16

Purpose: Observe finalized source-chain events, build Merkle roots, and submit commit reports (request RMN "blessings" when applicable).

Responsibilities:

Monitor source chain (ChainID 138) for finalized events
Build Merkle roots from observed events
Submit commit reports to the commit DON
Request RMN validation for security-sensitive operations

VMID	Hostname	Role	Function
5410	CCIP-COMMIT-01	Commit Oracle	Commit-role Chainlink node
5411	CCIP-COMMIT-02	Commit Oracle	Commit-role Chainlink node
5412	CCIP-COMMIT-03	Commit Oracle	Commit-role Chainlink node
5413	CCIP-COMMIT-04	Commit Oracle	Commit-role Chainlink node
5414	CCIP-COMMIT-05	Commit Oracle	Commit-role Chainlink node
5415	CCIP-COMMIT-06	Commit Oracle	Commit-role Chainlink node
5416	CCIP-COMMIT-07	Commit Oracle	Commit-role Chainlink node
5417	CCIP-COMMIT-08	Commit Oracle	Commit-role Chainlink node
5418	CCIP-COMMIT-09	Commit Oracle	Commit-role Chainlink node
5419	CCIP-COMMIT-10	Commit Oracle	Commit-role Chainlink node
5420	CCIP-COMMIT-11	Commit Oracle	Commit-role Chainlink node
5421	CCIP-COMMIT-12	Commit Oracle	Commit-role Chainlink node
5422	CCIP-COMMIT-13	Commit Oracle	Commit-role Chainlink node
5423	CCIP-COMMIT-14	Commit Oracle	Commit-role Chainlink node
5424	CCIP-COMMIT-15	Commit Oracle	Commit-role Chainlink node
5425	CCIP-COMMIT-16	Commit Oracle	Commit-role Chainlink node

2. Execute-Role Chainlink Nodes (16 nodes)

VMIDs: 5440-5455
Hostnames: CCIP-EXEC-01 through CCIP-EXEC-16

Purpose: Monitor pending executions on destination chains, verify proofs, and execute messages on destination chains.

Responsibilities:

Monitor destination chains for pending CCIP executions
Verify Merkle proofs from commit reports
Execute validated messages on destination chains
Coordinate with commit DON for message verification

VMID	Hostname	Role	Function
5440	CCIP-EXEC-01	Execute Oracle	Execute-role Chainlink node
5441	CCIP-EXEC-02	Execute Oracle	Execute-role Chainlink node
5442	CCIP-EXEC-03	Execute Oracle	Execute-role Chainlink node
5443	CCIP-EXEC-04	Execute Oracle	Execute-role Chainlink node
5444	CCIP-EXEC-05	Execute Oracle	Execute-role Chainlink node
5445	CCIP-EXEC-06	Execute Oracle	Execute-role Chainlink node
5446	CCIP-EXEC-07	Execute Oracle	Execute-role Chainlink node
5447	CCIP-EXEC-08	Execute Oracle	Execute-role Chainlink node
5448	CCIP-EXEC-09	Execute Oracle	Execute-role Chainlink node
5449	CCIP-EXEC-10	Execute Oracle	Execute-role Chainlink node
5450	CCIP-EXEC-11	Execute Oracle	Execute-role Chainlink node
5451	CCIP-EXEC-12	Execute Oracle	Execute-role Chainlink node
5452	CCIP-EXEC-13	Execute Oracle	Execute-role Chainlink node
5453	CCIP-EXEC-14	Execute Oracle	Execute-role Chainlink node
5454	CCIP-EXEC-15	Execute Oracle	Execute-role Chainlink node
5455	CCIP-EXEC-16	Execute Oracle	Execute-role Chainlink node

B) Risk Management Network (RMN) (5-7 nodes)

VMIDs: 5470-5474 (minimum 5) or 5470-5476 (recommended 7)
Hostnames: CCIP-RMN-01 through CCIP-RMN-05 (or CCIP-RMN-07)

Purpose: Independent security network that monitors and validates CCIP behavior, providing an additional security layer before commits/execution proceed.

Responsibilities:

Independently monitor CCIP commit and execute operations
Validate security-critical transactions
Provide "blessing" approvals for high-value operations
Act as independent security audit layer

VMID	Hostname	Role	Function
5470	CCIP-RMN-01	RMN Node	Risk Management Network node
5471	CCIP-RMN-02	RMN Node	Risk Management Network node
5472	CCIP-RMN-03	RMN Node	Risk Management Network node
5473	CCIP-RMN-04	RMN Node	Risk Management Network node
5474	CCIP-RMN-05	RMN Node	Risk Management Network node
5475	CCIP-RMN-06	RMN Node	Risk Management Network node (optional)
5476	CCIP-RMN-07	RMN Node	Risk Management Network node (optional)

Recommendation: Deploy 7 RMN nodes (5470-5476) for stronger fault tolerance from day-1.

C) Operational Control Plane (4 nodes)

3. CCIP Ops / Admin (2 nodes)

VMIDs: 5400-5401
Hostnames: CCIP-OPS-01, CCIP-OPS-02

Purpose: Primary operational control plane for CCIP network management, key rotation, and manual execution operations.

Responsibilities:

Network administration and configuration management
Key rotation and access control
Manual execution coordination
Emergency response operations

VMID	Hostname	Role	Function
5400	CCIP-OPS-01	Admin	Primary CCIP operations/admin node
5401	CCIP-OPS-02	Admin	Backup CCIP operations/admin node

4. CCIP Monitoring / Telemetry (2 nodes)

VMIDs: 5402-5403
Hostnames: CCIP-MON-01, CCIP-MON-02

Purpose: Metrics collection, log aggregation, alerting, and operational visibility.

Responsibilities:

Metrics collection and aggregation
Log aggregation and analysis
Alerting and notification management
Operational dashboard and visibility

VMID	Hostname	Role	Function
5402	CCIP-MON-01	Monitoring	Primary CCIP monitoring/telemetry node
5403	CCIP-MON-02	Monitoring	Redundant CCIP monitoring/telemetry node

Complete VMID Allocation

Component	VMID Range	Count	Hostname Pattern
CCIP-OPS	5400-5401	2	CCIP-OPS-01..02
CCIP-MON	5402-5403	2	CCIP-MON-01..02
CCIP-COMMIT	5410-5425	16	CCIP-COMMIT-01..16
CCIP-EXEC	5440-5455	16	CCIP-EXEC-01..16
CCIP-RMN (min)	5470-5474	5	CCIP-RMN-01..05
CCIP-RMN (opt)	5475-5476	2	CCIP-RMN-06..07
Total (min)	5400-5474	41	-
Total (rec)	5400-5476	43	-

Deployment Summary

Minimum Deployment (41 nodes)

✅ 2 Ops nodes
✅ 2 Monitoring nodes
✅ 16 Commit nodes
✅ 16 Execute nodes
✅ 5 RMN nodes

Recommended Deployment (43 nodes)

✅ 2 Ops nodes
✅ 2 Monitoring nodes
✅ 16 Commit nodes
✅ 16 Execute nodes
✅ 7 RMN nodes (stronger fault tolerance)

Architecture Notes

CCIP Role Architecture

Important: Chainlink's CCIP v1.6 uses a Role DON architecture where nodes run Commit and Execute OCR plugins. The terms "Committing DON" and "Executing DON" refer to role subsets, not separate networks.

For infrastructure planning:

Commit-role nodes handle source chain observation and commit report generation
Execute-role nodes handle destination chain message execution
RMN nodes provide independent security validation
Ops/Monitoring nodes provide operational control and visibility

Security Model

The RMN (Risk Management Network) provides an additional security layer by:

Independently validating CCIP operations
Providing "blessing" approvals for high-value transactions
Acting as a security audit layer separate from the oracle quorum

Network Requirements

VLAN Assignments (Post-Migration)

Once VLAN migration is complete, CCIP nodes will be assigned to the following VLANs:

Role	VLAN ID	VLAN Name	Subnet	Gateway	Egress NAT Pool
Ops/Admin	130	CCIP-OPS	10.130.0.0/24	10.130.0.1	Block #1 (restricted)
Monitoring	131	CCIP-MON	10.131.0.0/24	10.131.0.1	Block #1 (restricted)
Commit	132	CCIP-COMMIT	10.132.0.0/24	10.132.0.1	Block #2 `<PUBLIC_BLOCK_2>/28`
Execute	133	CCIP-EXEC	10.133.0.0/24	10.133.0.1	Block #3 `<PUBLIC_BLOCK_3>/28`
RMN	134	CCIP-RMN	10.134.0.0/24	10.134.0.1	Block #4 `<PUBLIC_BLOCK_4>/28`

Interim Network (Pre-VLAN Migration)

While still on flat LAN (192.168.11.0/24), use interim IP assignments:

Ops/Admin: 192.168.11.170-171
Monitoring: 192.168.11.172-173
Commit: 192.168.11.174-189
Execute: 192.168.11.190-205
RMN: 192.168.11.206-212

Connectivity

All CCIP nodes must have connectivity to:
- Source chain (ChainID 138 - Besu network)
- Destination chain(s) (to be specified)
- Each other (for OCR/DON coordination)
- RMN nodes (for security validation)

Ports

Standard Chainlink node ports (configurable)
P2P networking for OCR coordination
RPC endpoints for chain connectivity
Monitoring/metrics endpoints

Egress NAT Configuration

Role-based egress NAT pools provide provable separation and allowlisting:

Commit nodes (VLAN 132): Egress via Block #2
- Allows allowlisting of commit node egress IPs
- Enables source chain RPC allowlisting
Execute nodes (VLAN 133): Egress via Block #3
- Allows allowlisting of execute node egress IPs
- Enables destination chain RPC allowlisting
RMN nodes (VLAN 134): Egress via Block #4
- Independent security-plane egress
- Enables RMN-specific allowlisting

See NETWORK_ARCHITECTURE.md for complete network architecture.

Next Steps

✅ VMID allocation defined (5400-5599 range)
⏳ Deploy operational control plane (5400-5403)
⏳ Deploy commit oracle nodes (5410-5425)
⏳ Deploy execute oracle nodes (5440-5455)
⏳ Deploy RMN nodes (5470-5474 or 5470-5476)
⏳ Configure CCIP lane connections
⏳ Configure destination chain(s) connectivity

12 KiB Raw Blame History

CCIP Deployment Specification - ChainID 138

Overview

CCIP Fleet Architecture Diagram

Node Allocation

A) CCIP Transactional Oracle Nodes (32 nodes)

1. Commit-Role Chainlink Nodes (16 nodes)

2. Execute-Role Chainlink Nodes (16 nodes)

B) Risk Management Network (RMN) (5-7 nodes)

C) Operational Control Plane (4 nodes)

3. CCIP Ops / Admin (2 nodes)

4. CCIP Monitoring / Telemetry (2 nodes)

Complete VMID Allocation

Deployment Summary

Minimum Deployment (41 nodes)

Recommended Deployment (43 nodes)

Architecture Notes

CCIP Role Architecture

Security Model

Network Requirements

VLAN Assignments (Post-Migration)

Interim Network (Pre-VLAN Migration)

Connectivity

Ports

Egress NAT Configuration

Next Steps

References

12 KiB

Raw Blame History