Private IP Communication Implementation

Objective

Enable private IP communication between eBlobbers and zs3server by leveraging AWS VPC internal networking. This eliminates public IP traffic between these components and ensures secure, cost-efficient communication.

Technical Architecture

1. Network Infrastructure

VPC Design

  • VPC CIDR: 10.0.0.0/16

  • Subnets:

    • Public Subnet: 10.0.1.0/24 (eBlobbers + Parity Blobbers)

    • Private Subnet: 10.0.2.0/24 (zs3server)

VPC Design

Routing Architecture

  • Internet ↔ Internet Gateway ↔ Public Subnet (Blobbers)

  • NAT Gateway ↔ Private Subnet (zs3server)

Security Groups

  • Public SG (allow-web-and-ssh): Attached to blobber instances for internet access.

  • Private SG (allow-private-communication): Attached to zs3server, restricting traffic to VPC-only communication.

2. Instance Placement Strategy

Blobber Instances

  • Location: Public subnet (10.0.1.0/24)

  • Access: Internet-facing for external sync.

  • Communication: Private IP communication to zs3server.

zs3server Instance

  • Location: Private subnet (10.0.2.0/24)

  • Access: Outbound internet via NAT Gateway (for updates, package downloads).

  • Communication: Private IP endpoints for blobber interactions.

Technical Implementation

1. Terraform Infrastructure

New Resources

  • Private subnet for zs3server

  • NAT Gateway for outbound internet

  • Private route table (linked to NAT Gateway)

  • Security group for private communication

Modified Resources

  • zs3server moved into private subnet

  • Security groups updated for private-only communication

2. Blobber Configuration

  • Dynamic Private IP Discovery: Blobbers automatically discover zs3server private IP.

  • Auto-Generated Config Files: Ensures updated configurations without manual intervention.

  • Continuous Health Monitoring: Keeps communication stable and fault-tolerant.

Implementation Status

Component
Status
Completion
Notes

Infrastructure

✅ Done

100%

VPC, subnets, NAT Gateway, routing

Security Groups

✅ Done

100%

Access control rules applied

Blobber Config

✅ Done

100%

Dynamic IP discovery + monitoring

Technical Deep-Dive

Network Flow

Blobber (10.0.1.x) → Private IP → ZS3Server (10.0.2.x:8080)

Security Implementation

  • Network isolation: zs3server in private subnet

  • Security groups enforce access policies

  • Audit logging tracks all requests

Success Metrics

  • Private subnet created and verified

  • NAT Gateway operational

  • Security groups configured correctly

  • Private IP communication active between blobbers and zs3server

PreviousOnboarding Flow for ZUS Cache (AWS Marketplace)NextAPIs

Last updated