Connecting Your Gateway with the Consensus Layer

The consensus layer serves as the backend infrastructure for the Ethereum blockchain, hosting and verifying the efficacy of validators.

Several consensus layer clients exist including Lighthouse, Prysm, Nimbus, and Teku.

You have two options to connect Gateway with the Consensus Layer:

Initiate connection by the Gateway. The easest way. Recommended to add Gateway as trusted peer if supported, otherwise connection will be not stable.
Initiate connection by the Consensus Layer. This approach recommended for Consensus Layer clients like prysm, nimbus and teku which are not supporting trusteed peers but instead treat outgoing connection as trusted.

Initiate connection by the Gateway

As mentioned previously, the bloXroute Gateway connects to your node as a peer. To connect your gateway as a peer to your Consensus Layer client, you should

Include your Consensus Layer client in the --multiaddr startup argument. Consensus Layer client's identity is available from the output of /eth/v1/node/identity Beacon API endpoint.
Add your gateway peer ID as a “trusted peer”.

This is similar to the requirements for connecting to the Execution Layer client, but the execution is a bit different.

1. Make sure Beacon node uses private key.

Strictly speaking, this step is not required. If your node does not have a private key, then every time you restart it it will generate a new public key. This public key is part of the multiaddr argument, which means every time you restart your node you will need to update the gateway startup argument.

Verify Lighthouse has the private key file beacon/network/key within the datadir.

Verify the Prysm node started with --p2p-priv-key. This will ensure the beacon node peer ID will not change if the Prysm node restarts.

The value is a path to a file that has a private key. The file should include the private key in hex format, similar to 6375297bde61c2e30537d..........4165971cf6698cc8d2ec2a421202b8601.

Verify the Nimbus node starts with the following values :

--discv5=true /

--nat:extip:<PublicIPAddressOfNode> /

--netkey-file=<pathToFile> / <-nimbus will generate key

--direct-peer=/ip4/<IPaddressOfGateway>/tcp/13000/p2p/<GatewayPeerID>

Note: The value --netkey-file will ensure the beacon node peer ID will not change if the nimbus node restarts. This file should have the private key in hex format, similar to:

{"crypto":{"kdf":{"function":"..........b71133496dc1","version":1}

In order to start a Teku node with a private key, the user must manually create one first. To create a compatible private key:

Use teku command to create a new set of public/private keys with - teku peer generate --number=1 --output-file key-details.txt
Open key-details.txt and copy the Private Key(Hex) it should look like 0x0802122100de1b920d44aa73a10a ... 0fff3e0b417bb6d3
Create a new private key file with echo -n '0x0802122100de1b920d44aa73a10a ... 0fff3e0b417bb6d3' > key.txt <-this ensures there is no EOL included
You now have a compatible private key: key.txt

Verify the Teku node starts with the following values:

--p2p-advertised-ip=<IpAddress>

--p2p-private-key-file me/home/key.txt

--p2p-static-peers=/ip4/<IPaddressOfGateway>/tcp/13000/p2p/<GatewayPeerID>

2. Add your Consensus Layer client to the `--multiaddr` argument

As its name suggests, multiaddr supports multiple addresses. When adding your consensus layer client to this argument, it should look like the below:

/ip4/<IP_address>/tcp/<port>/p2p/<Peer_ID>

3. Add the Gateway peer ID as a trusted peer

The Lighthouse implementation supports adding beacon nodes as trusted peers by running with --trusted-peers <Gateway peer id> as a parameter.

During the startup process, you can look up the peerID string from the Gateway log by grep-ing for the phrase, “Starting P2P beacon node:”. Below is an example of the log reporting the peer ID.

time="2022-09-14T18:43:25.145480" level=info msg="Starting P2P beacon node: [/ip4/172.17.0.2/tcp/13000 /ip4/<PublicIpAddres>/tcp/13000], peer ID: 16Uiu2HAmM4ZMcMknZMnQQucupVq5TgPG93cbCWjthaX91hkupWg4" connType=beacon

Initiate connection by the Consensus Layer

You need to specify --beacon-port flag for the Gateway with any port number you want to use. Make sure this port is opened by firewall and port exposed by the docker.

You can restrict incoming connections by the public key. In order to do this you need create file with public keys on new line each and then use --beacon-trusted-peers-file to specify the file. You can change the file without restart and Gateway would pick up changes. Don't forget to include the file via volumes(-v flag) into the docker container. This option is handy if you want to be 100% sure that no random nodes connected, but in reality since Gateway is not using discovery protocol there is not much chance anybody else will know about your Gateway.

When you starting Gateway you will see something like this in the logs:

Starting p2p/<Peer_ID>

You need this public key to add it to the Consensus Layer.

--libp2p-addresses /ip4/<IP_address>/tcp/<port> --trusted-peers <Peer_ID>

Replace your IP and port and pubkey. If you are running Gateway on same machine with the Consensus layer your IP probably would be 127.0.0.1. Port here is port from the --beacon-port. Peer ID can be taken from the gateway logs.

--peer /ip4/<IP_address>/tcp/<port>/p2p/<Peer_ID>

--direct-peer /ip4/<IP_address>/tcp/<port>/p2p/<Peer_ID>

--p2p-direct-peers=/ip4/<IP_address>/tcp/<port>/p2p/<Peer_ID>

PreviousAdd Your Gateway as a Trusted Peer to Your Execution Layer Client NextValidator Gateway

Last updated 1 month ago