Skip to main content

Network Configuration

A Core Cell can be made up of:

  • multiple subnets (recommended)
  • a single subnet

A Core Cell with Multiple Subnets

It is recommended to have a two-layer subnet which is used in general web services such as DB + AppServer and Proxy Web Servers. This design of the subnet has more advantages on the security.

Since monitoring servers are also required for managing all servers as another layer, the following section describes how to setup a Core Cell with a three-layer subnet.

The three-layer subnet consists of the following:

  • CN Subnet
  • PN Subnet
  • Management (Mgmt) Subnet

CN Subnet

A CN Subnet consists of CN servers in Core Cells. The working CN in a Core Cell is only one, but spare one should be prepared for high availability. IP/Port of all CNs within the Core Cell Network (CCN) must be opened to each other because they try to connect to the others from the outside of the Core Cell. (This connection information can be received from Baobab operators.) The internal communication with other subnets in the Core Cell requires to open default port (32323: default Klaytn P2P port number) in order to connect to PNs of the PN Subnet. Furthermore, it is necessary to open other ports such as the CN monitoring port (61001) for the monitoring server and the SSH port (22) for the management purpose. If the multichannel feature is used, another port (32324: default multichannel port) should be opened as well.

CN Subnet

Origin SubnetTarget SubnetIngressEgress
CN SubnetPN SubnetP2P: 32323 (32324 for multichannel)All
CN SubnetMgmt SubnetSSH: 22, Monitoring: 61001All
CN SubnetPublic (Internet)each CN's IP and P2P portAll

PN Subnet

A PN Subnet consists of the PN servers to provide services in order to connect to the external ENs.

A PN subnet is connected to the following nodes:

  • CNs in Core Cells
  • Some PNs of other Core Cells
  • Core Cell Management Servers (Mgmt, Monitoring)
  • EN nodes

PN Subnet

Origin SubnetTarget SubnetIngressEgress
PN SubnetCN SubnetP2P: 32323 (32324 for multichannel)All
PN SubnetMgmt SubnetSSH: 22, Monitoring: 61001All
PN SubnetPublic (Internet)P2P: 32323All

Mgmt Subnet

A Mgmt Subnet is a gateway subnet for the operator to enter into the Core Cell nodes through ssh. A VPN server may be necessary to make the connection together with a monitoring server and a management server installed with a tool to manage the Core Cell nodes.

Management Subnet

Origin SubnetTarget SubnetIngressEgress
Mgmt SubnetCN SubnetAllAll
Mgmt SubnetPN SubnetAllAll
Mgmt SubnetPublic (Internet)VPN (tcp): 443, VPN (udp): 1194All

A Core Cell with a Single Subnet

A single subnet of a Core Cell is built for the development/test purpose or under the difficult circumstances to create multiple subnets.

All nodes are setup under a single CC subnet. Firewall setup is also necessary for the CN to connect to other CNs within the CNN using P2P port (32323, 32324 for multichannel option). The P2P port of the PN is opened to connect with ENs in Endpoint Node Network (ENN) and PNs in the Core Cell Network (CNN). Additionally, an optional VPN and monitoring servers are required to be managed remotely.

CC with a Single Subnet

Make this page better