Boundary Nodes Motion Proposal
The boundary nodes are the Internet Computer edge infrastructure. This motion proposal sets the future roadmap for boundary nodes. It is proposed to enhance the design and implementation of the boundary nodes in several aspects, to make their deployment and operation more decentralized, make them easier to deploy and upgrade, and increase their security.
Design, implement, and deploy enhanced scalable, decentralized, and secure network of boundary nodes for the Internet Computer. This network will serve as the edge framework of the Internet Computer and will be managed by the NNS. It will provide end-to-end security, as well as caching, for users of the IC, while being highly decentralized. The enhanced boundary nodes will also support custom domain names and TLS certificate management.
Boundary nodes provide the network edge services of the Internet Computer (IC) including enabling standard HTTPS requests from users to canister smart contract APIs on the IC and routing canister smart contract API calls to nodes hosting those contracts on the corresponding subnet, as well as caching, load balancing, rate limiting, IPv4-IPv6 translation (as IC nodes all use IPv6), and integrity verification for content served to users.
To bring the design and implementation of the boundary nodes to the next level with respect to functionality, scalability and decentralization, the currently supported feature set is to be extended and enhanced. Furthermore, the community will be enabled to decide on the allocation and sizing of the edge infrastructure and offer custom domains.
3. Why is this important?
The enhancements for boundary nodes in this proposal will enable the IC community to sustainably grow the IC network in a decentralized fashion, while guaranteeing end-to-end security, and providing improved experience for users of the IC and of canister smart contracts that run on top of it.
4. Topics under this project
Specifically, this proposal includes the following research and development directions for boundary nodes:
- Scalability and Reliability - support higher request rates and more client connections by means of smarter traffic management, improved load balancing over nodes in a subnet, failover and more.
- Decentralization - allow more node providers to deploy boundary nodes by reducing the operational requirements.
- NNS management - let the NNS manage boundary nodes, including adding, removing, and upgrading nodes and compensating node providers via proposals.
- Security - integrate security improvements mentioned in the proposals on Trusted Execution Enhanced IC and the decentralized DNS and CA.
- Domains - enable additional and custom domains for canister smart contracts discovery and enhanced decentralization.
- Customizable - make it easier for node owners to control the operations and capabilities of their boundary node like API-only boundary nodes, filtering etc.
- Resiliency - related to the scalability and decentralization goals above, improve the DoS protection mechanisms for the IC.
- Discovery and Steering - Provide distributed discovery and steering to boundary nodes and different node providers and make it easier for the community to provide such services themselves.
- HTTP and query API caching - Improve caching on the boundary nodes so that they are compliant with caching standards.
- Semantic caching - use read-only canister state to serve queries directly from the boundary nodes.
- Monitoring - enhance monitoring of boundary nodes using, for example, probing, and improved metrics. Provide metrics access to the community e.g. for use in node provider remuneration.
- Boundary Node Economy - provide remuneration for running boundary nodes and charging canisters for support services (e.g., serving cached results).
- Compliance with local laws - as recently discussed by the community, the boundary node providers may be liable, by local laws, for content served through their nodes. Our intent is to research mechanisms, review community suggestions, and propose to the community possible mechanisms that would empower boundary node providers to restrict content served through their nodes, such that they remain compliant with local laws. As a consequence of the decentralization goal, the content might still be accessible from other jurisdictions.
5. Key milestones
The following milestones are indicative and may not be reached in the order listed here.
- M1: Provide a public and open source process for building a boundary node VM deterministically.
- M2: Enable additional boundary nodes on different domains and include support for them in the CDKs/agent code.
- M3: Have additional boundary nodes either API-only and/or on different domains.
- M4: Introduce an economic model for boundary nodes based on additional monitoring.
- M5: Enable the boundary nodes to be deployed and updated via NNS proposals.
- M6: Increase the number of NNS controlled and remunerated boundary nodes and node providers.
- M7: Improved Scalability, Resilience and Standards Compliant Caching
- M8: Trusted Execution for improved security
- M9: Distributed Discovery and Steering
- M10: Semantic Caching
6. People involved
Discussion leads: Yotam Harchol, John Plevyak, Björn Tackmann, Rüdiger Kapitza
7. Why the DFINITY Foundation should make this a long-running R&D project
Boundary nodes are necessary for the Internet Computer, to provide transparent access for web users, as well as to secure the IC. Boundary nodes are part of the IC, and therefore should be as secure and as decentralized as possible. Therefore, the DFINITY Foundation is committed to researching and designing the next generation of boundary nodes including the above-mentioned areas for the benefit of the IC as a whole.
8. Skills and Expertise necessary to accomplish this
The problems described above require the cooperation of networking experts with security and cryptography experts, to design, review, and implement the prospective solutions, as well as to provide detailed security reviews and proofs. Specifically, experts from the following fields are necessary:
- Network systems
- Network management
- Network security
- Systems security
- Secure hardware
- Distributed systems
This project would require both researchers and software engineers with expertise in the above-mentioned fields.
9. Open research questions
- Efficiently load balance subnet nodes at the boundary nodes, without introducing high bandwidth and computation overheads
- Fully decentralized discovery and routing for unmodified standard Web2 devices and users
- Semantic caching - execute query calls directly on the boundary nodes, using read-only replicated state and possibly different consistency guarantees
- Boundary node economy - develop an economic model for running the boundary nodes edge network
- Compliance with local laws based on the location of boundary nodes
10. Examples where the community can integrate into project
As boundary nodes are an important piece of the IC infrastructure, we expect high community interest in this proposal. We invite the community to join the engineers and researchers of DFINITY in the discussion of this topic. We welcome any ideas for the topics above, as well as any critical assessment. We plan to keep the community posted on this topic on a regular basis.
11. What we are asking the community
Please review this proposal and provide us with any feedback you have regarding the boundary nodes. Please also review the other related proposals on trusted execution environments and decentralized DNS and CA. We invite you to engage in the discussion and hope it will be fruitful and useful for the IC community and for the future edge framework of the IC.