# Private IP Communication Implementation

### Objective

Enable private IP communication between **eBlobbers** and **zs3server** by leveraging AWS VPC internal networking. This eliminates public IP traffic between these components and ensures secure, cost-efficient communication.

### Technical Architecture

#### 1. Network Infrastructure

**VPC Design**

* VPC CIDR: `10.0.0.0/16`
* Subnets:
  * **Public Subnet:** `10.0.1.0/24` (eBlobbers + Parity Blobbers)
  * **Private Subnet:** `10.0.2.0/24` (zs3server)

<figure><img src="/files/zOysaMH8vi2ZOsuROu7Z" alt="" width="375"><figcaption><p>VPC Design</p></figcaption></figure>

**Routing Architecture**

* Internet ↔ Internet Gateway ↔ Public Subnet (Blobbers)
* NAT Gateway ↔ Private Subnet (zs3server)

**Security Groups**

* **Public SG (allow-web-and-ssh):** Attached to blobber instances for internet access.
* **Private SG (allow-private-communication):** Attached to zs3server, restricting traffic to VPC-only communication.

#### 2. Instance Placement Strategy

**Blobber Instances**

* **Location**: Public subnet (`10.0.1.0/24`)
* **Access**: Internet-facing for external sync.
* **Communication**: Private IP communication to zs3server.

**zs3server Instance**

* **Location**: Private subnet (`10.0.2.0/24`)
* **Access**: Outbound internet via NAT Gateway (for updates, package downloads).
* **Communication**: Private IP endpoints for blobber interactions.

### Technical Implementation

#### 1. Terraform Infrastructure

**New Resources**

* Private subnet for zs3server
* NAT Gateway for outbound internet
* Private route table (linked to NAT Gateway)
* Security group for private communication

**Modified Resources**

* zs3server moved into private subnet
* Security groups updated for private-only communication

#### 2. Blobber Configuration

* **Dynamic Private IP Discovery**: Blobbers automatically discover zs3server private IP.
* **Auto-Generated Config Files**: Ensures updated configurations without manual intervention.
* **Continuous Health Monitoring**: Keeps communication stable and fault-tolerant.

### Implementation Status

| Component       | Status | Completion | Notes                              |
| --------------- | ------ | ---------- | ---------------------------------- |
| Infrastructure  | ✅ Done | 100%       | VPC, subnets, NAT Gateway, routing |
| Security Groups | ✅ Done | 100%       | Access control rules applied       |
| Blobber Config  | ✅ Done | 100%       | Dynamic IP discovery + monitoring  |

### Technical Deep-Dive

**Network Flow**

```
Blobber (10.0.1.x) → Private IP → ZS3Server (10.0.2.x:8080)
```

**Security Implementation**

* Network isolation: zs3server in private subnet
* Security groups enforce access policies
* Audit logging tracks all requests

### Success Metrics

* Private subnet created and verified
* NAT Gateway operational
* Security groups configured correctly
* Private IP communication active between blobbers and zs3server


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.zus.network/zus-docs/system-overview/cloud-deployments/private-ip-communication-implementation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.