Deploying the first API boundary nodes

Hello everyone,

I’m pleased to announce that we’re nearing the deployment of the first API boundary nodes under NNS control. Before we proceed, we need to submit a proposal for monitoring access from DFINITY datacenters. This will allow us to observe the health of the API boundary nodes and address any issues.

Following this, we will propose converting some unassigned nodes into API boundary nodes. This marks the first step towards the new boundary node architecture, detailed here.

Feel free to ask any questions. We will update this thread with the proposals as we submit them.

17 Likes

We have just submitted the proposal to allow access to all “monitoring and observability” ports from the DFINITY datacenters. You can find proposal 130319 here and vote on it.

In particular, this proposal provides access to the following ports:

  • 7070: orchestrator dashboard
  • 9091: orchestrator metrics
  • 9100: node exporter metrics
  • 9324: ic-boundary metrics
  • 19100: metrics proxy metrics
  • 19531: systemd-journal-gatewayd (logs)

For now this firewall rule has no effect, but will be used as soon as the first API boundary node is deployed.

4 Likes

And we have just submitted the proposal to turn two unassigned nodes into API boundary nodes. You can find proposal 130337 here and vote on it.

3 Likes

We have liftoff! :rocket:

Both proposals have been adopted and the first two API boundary nodes are live! Right now, they are not yet taking any production traffic as that is still routed through the existing boundary nodes. However, as we make progress towards the new boundary node architecture, we will gradually add more API boundary nodes and start shifting traffic to them.

The first two API boundary nodes are live and are happy to serve any requests you might have. If you want to try it out, you can for example query the total ckBTC supply using the follow command:

dfx canister call mxzaz-hqaaa-aaaar-qaada-cai icrc1_total_supply '()' --network https://bc1-dll02.blockchaindevlabs.com --query

or

dfx canister call mxzaz-hqaaa-aaaar-qaada-cai icrc1_total_supply '()' --network https://br1-dll01.aviatelabs.co --query
5 Likes

Awesome, congralutations to the team! :partying_face:

1 Like

Why can’t I open https://bc1-dll02.blockchaindevlabs.com

The API boundary nodes only serve the API endpoints und /api/v2/... as defined in the interface spec.

When you try to open the root, you just get a 404 back. You can see it the best on the command line:

$ curl -sLv https://bc1-dll02.blockchaindevlabs.com
...
* Server certificate:
*  subject: CN=bc1-dll02.blockchaindevlabs.com
*  start date: Jun 13 08:16:02 2024 GMT
*  expire date: Sep 11 08:16:01 2024 GMT
*  subjectAltName: host "bc1-dll02.blockchaindevlabs.com" matched cert's "bc1-dll02.blockchaindevlabs.com"
*  issuer: C=US; O=Let's Encrypt; CN=E6
*  SSL certificate verify ok.
...
< HTTP/2 404
< content-length: 0
< date: Thu, 13 Jun 2024 11:57:59 GMT
<
* Connection #0 to host bc1-dll02.blockchaindevlabs.com left intact

What is the difference between bc1-dll02.blockchaindevlabs.com and icp0.io

bc1-dll02.blockchaindevlabs.com is the domain of an API boundary node and icp0.io is a domain of today’s boundary nodes.

I guess that doesn’t really help much. So what does it mean:
We are redesigning the edge of the Internet Computer. Today, there are boundary nodes (or “today’s boundary nodes”) and they do mainly two things:

  1. translate your browser’s HTTP requests into API calls;
  2. route API calls to the right subnet and replica.

This is what is running under icp0.io and ic0.app. These domains serve both purposes: you can directly access canisters using CANISTER_ID.icp0.io and you can directly submit API calls using icp0.io/api/v2/....

The new edge will, at a very high level, split today’s boundary nodes into two entities: API boundary nodes and HTTP gateways. API boundary nodes only serve the API endpoints, while the HTTP gateways mainly provide the capability to access canisters directly from your browser.

Ultimately, bc1-dll02.blockchaindevlabs.com/api/v2/... serves the same purpose as icp0.io/api/v2....

For more information about the new edge of the Internet Computer, check this thread about the boundary node roadmap.

1 Like