Overview
A drand Network is composed of individual and independent drand Nodes that generate randomness by networking with other distributed nodes. The randomness is published to the world with the help of drand Relays.
Key Objectives for League of Entropy Operators:
| Objective |
Description |
| Security |
Ensure a secure, DDoS-resistant stack that withstands targeted attacks without compromising private key material. |
| Performance |
Provide a fast service that scales to serve hundreds of thousands of clients efficiently. |
| Diversity |
Create a diverse setup with multiple endpoints and access methods to ensure reliable randomness consumption, even in degraded network conditions. |
A high-level view of a simple drand stack
A high-level view of a simple drand stack
https://lh7-us.googleusercontent.com/0dTQEtQyYTdw8W8kzzKms5o2fx7XlXZIcZXXm7B2N0U7ZfXaHIquajtW4KlOm2Yg28zKcu3aItyAXEegPZ-IML4tR2Wr6vqFdmHqF1NWQL1ML7Bbdi-XQa6FFOnNQchbmkUn8nCX4gJ5SgjHjnjJYbqfiJ_lH8I
Guidelines for drand Nodes
- Must be isolated from the public internet.
- Whitelist incoming TLS-encrypted connections from other drand Nodes using a dedicated firewall instance, which can also perform TLS termination as needed.
- Outgoing connections should originate from static IP(s) that other operators can whitelist.
- drand nodes do not offer API service publicly; rely on drand Relays and CDNs.
- Whitelist or authenticate access from Relays and CDN endpoints.
Guidelines for drand Relays
- Encourage the use of Relays to distribute randomness.
- Relays can provide an HTTP endpoint or use a libp2p-based PubSub system for distribution.
- Relays should be independent of the drand Node and not co-located on the same machine.
- PubSub-enabled relays should maintain a unique libp2p Peer ID.
- HTTP-enabled relays are stateless and can be horizontally scaled.
Use of Content Distribution Networks (CDNs)