Setting up peering

Note: Due to security issues found in ILP we have closed down our public connectors and will not provide any new connections until these have been resolved. We will return with new nodes once we feel confident that are funds are safe.

Setting up peering is an important step, as you will need connectivity for your ILP Connector. This is likely to be the most time-consuming task, as you will need to work with other ILP Connector operators to set these up. With these pointers and the peering databases you will save a lot of time, as most of the research is already done.

Contacting MLaB

MLaB has a open peering policy and invites any ILP operator to directly peer with one or more MLaB ILP Connectors. To simplify the configuration by default we accept *client* connections from our end, which requires you to take the server role.

You will have to choose the MLaB endpoint(s) you want to use, as each endpoint supplies a different set of directly connected and indirectly connected peers. For redundancy reasons we try to balance all our peers between the nodes (so 1/3 of the peers on each node) unless they have multiple connections with us. Please choose one that has the least amount of peers connected, which can be found in the Peering Database. Don’t worry, each to the MLaB nodes are connected (again redundantly) and you will be connected to all the ILP nodes we have providing the shortest route possible.

This information you will need:

Endpoint ILP Hostname ILP XRP Address
g.nl-mlab1 btp1.mlab.company rf2frS27UZKz7PqCMqMMisGrgCxVrhL9L1
g.nl-mlab2 btp2.mlab.company rhAG7gdd2CKAeaEQCwz5pkN9o1KK6CPNGn
g.nl-mlab3 btp3.mlab.company rGwijy3SbxwDNb2yAhtP9ThonpG9o47ZY6

Once you have selected your endpoint(s) you will have to setup a server on your ILP connector so we can connect. You will find the information to create such a server on this page. After you have created the server you can send a DM to @WilcoC_gitlab on Gitter or an e-mail to [email protected] using the following text:

Hi MLaB,

I would like to peer with you and have created a server connection on my end. 

Our connection details are:

Configured endpoint: g_nl_mlab1 or g_nl_mlab2 or g_nl_mlab3 
ILP Hostname: btp.mydomain.tld
ILP Address: g.uniquename
ILP XRP Address: my_wallet_address
BTP URL: btp:ws://...... or if SSL used then btp:wss://......

My contact on Gitter is : my_gitter_user
My contact on e-mail is : [email protected]

With regards,

Signed, a new ILP node operater

Contacting ILP node operators

You can contact other peers by using the Peering Database which lists the Gitter contact name for nodes that are known to us. You can always peer with MLaB, which get you a good starting point, but you should always have a backup peering or two, in case your connection to MLaB fails.

When you contact the person you want to peer with the first question you will get is are you going to be the server or client role. Each role has a separate way to configure the peering, where the client role is the most simplest to setup. So you must exchange the following information:

  • Who is the client / server role
  • Client: You will get a BTP URL
  • Server: You must provide a BTP URL
  • Exchange XRP addresses
  • The ILP Hostname (btp.mydomain.tld)
  • The ILP address (g.my_unique_name)
Setting up as the server

choosing wither not to use SSL in the peering

Adding SSL is the best way to go, however it will hinder you to troubleshoot connection with tools like tcpdump. Since a lot of the items are still in beta, i would say not having SSL is a big thing. However moving forward it would be best if all ILP Connector operators enforce the usage of SSL in the future, protecting the communications between ILP Connectors.

Creating the unsecure (non-SSL) port

You will always need to do this part, as you will forward your SSL port into this port later. Before you can start, you will need to know the XRP address of your peer (which you can ask or find in the peering database). Next you will need to generate a secret (you can use the tool pwgen for this, command line would be: apt-get install pwgen && pwgen 32 1). Then you need to assign two free ports, you need to document this for yourself to prevent conflicts. Use something smart like using 3000-3999 for unsecured ports and 4000-4999 for secured ports and and link the 3xxx and 4xxx to the same peer. In this example we will do this:

ADD_HERE_THE_ILP_UNIQUE_NAME_YOU_RECEIVED = g_nl-mlab4
ADD_HERE_THE_UNSECURE_PORT_NUMBER = 3001
ADD_HERE_THE_SECURE_PORT_NUMBER = 4001
ADD_HERE_THE_RANDOM_GENERATED_SECRET = Gie8uDiehieg1Quoohi5fooNgeeF2tae
ADD_HERE_THE_XRP_ADDRESS_YOU_RECEIVED = rxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ADD_HERE_YOUR_ILP_HOST_NAME = my.ilp.connector

WARNING: Please do not really use the above secret EVER, and ALWAYS generate a new one. This key is publicly known and bad stuff might happen if you use it. 

Edit your launch.config.js file, and add this snippet below your secret (so newest are always above in the file):

const ADD_HERE_THE_ILP_UNIQUE_NAME_YOU_RECEIVED = {
  relation: 'peer',
  plugin: 'ilp-plugin-xrp-paychan',
  assetCode: 'XRP',
  assetScale: 9,
  balance: {
    maximum: '1000000000',
    settleThreshold: '-1000000',
    settleTo: '0'
  },
  options: {
    assetScale: 9,
    maxFeePercent: '0.05',
    claimInterval: 3600000,
    listener: {
       port: ADD_HERE_THE_UNSECURE_PORT_NUMBER,
       secret: 'ADD_HERE_THE_RANDOM_GENERATED_SECRET'
    },
    rippledServer: 'wss://s1.ripple.com',
    secret,
    address,
    peerAddress: 'ADD_HERE_THE_XRP_ADDRESS_YOU_RECEIVED'
  }
}

Then move down in the file until you see:

        CONNECTOR_ACCOUNTS: JSON.stringify({
            local: miniAccounts,
            ilsp: ilspServer
        })

Modify it, so it will show this (where g_remote_name is the remote name you defined as the ILP name, which equals the ADD_HERE_THE_ILP_UNIQUE_NAME_YOU_RECEIVED value):

        CONNECTOR_ACCOUNTS: JSON.stringify({
            g_remote_name: g_remote_name,
            local: miniAccounts,
            ilsp: ilspServer
        })

Finally restart your ILP Connector (as user connector):

su - connector
cd ~/app
pm2 reload launch.config.js --update-env

Configuring the SSL port

Now its time to add the SSL onto the non-SSL port. This is quite easy! We will create a file called /etc/nginx/sites-enabled/proxyXXXX.conf assuming you have Ubuntu (Centos  you have to do /etc/nginx/conf.d/proxyXXXX.conf)  where XXXX is the _secure port number_ you have assigned. The file will have the following contents:

server {
    listen ADD_HERE_THE_SECURE_PORT_NUMBER ssl http2;
    server_name ADD_HERE_YOUR_ILP_HOST_NAME;

    ssl_certificate /etc/letsencrypt/live/ADD_HERE_YOUR_ILP_HOST_NAME/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ADD_HERE_YOUR_ILP_HOST_NAME/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/ADD_HERE_YOUR_ILP_HOST_NAME/chain.pem;

    include snippets/ssl.conf;
    include snippets/security.conf;

    location / {
      proxy_pass http://127.0.0.1:ADD_HERE_THE_UNSECURE_PORT_NUMBER;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_connect_timeout       300;
      proxy_send_timeout          300;
      proxy_read_timeout          300;
      send_timeout                300;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "Upgrade";
    }
}


Finally restart your Nginx:

/etc/init.d/nginx reload

Now visit the moneyd-gui and see the new g_remote_name on the status page and make sure its listed. It should be red, because the remote party did not set their side up yet.

Once it is listed you need to do one final thing, that is share the information with your peer. You will need to make the BTP URI first, which is formatted as:

for unsecure: btp+ws://:[email protected]:UNSECUREPORT

example : btp+ws://:[email protected]:3001

for secure: btp+wss://:[email protected]:SECUREPORT

example : btp+wss://:[email protected]:4001

So if you completed this, you will need to send the BTP URI and your XRP wallet address to your peer, and he will be able to setup the client configuration.

Settings up as the client

Once you have exchange the information you can fill in the below snippet. There are three values you must replace, the last two are very simple. The first one (ADD_HERE_THE_ILP_UNIQUE_NAME_YOU_RECEIVED) you must adhere to coding rules (no spaces, dashes, lowercase) in the name. Example g_remotename is a good name. You can use underscore like g_remote_name. The reason for using the ILP name is that this name will be showing on the status page if the peer is connected or not, and its handy to have it be the same name that shows up in your routing table.

Edit your launch.config.js file, and add this snippet below your secret (so newest are always above in the file):

const ADD_HERE_THE_ILP_UNIQUE_NAME_YOU_RECEIVED = {
  relation: 'peer',
  plugin: 'ilp-plugin-xrp-paychan',
  assetCode: 'XRP',
  assetScale: 9,
  balance: {
    maximum: '1000000000',
    settleThreshold: '-1000000',
    settleTo: '0'
  },
  options: {
    assetScale: 9,
    maxFeePercent: '0.05',
    claimInterval: 3600000,
    server: 'ADD_HERE_THE_BTP_URL_YOU_RECEIVED',
    rippledServer: 'wss://s2.ripple.com',
    peerAddress: 'ADD_HERE_THE_XRP_ADDRESS_YOU_RECEIVED',
    address,
    secret
  }
};

Then move down in the file until you see:

        CONNECTOR_ACCOUNTS: JSON.stringify({
            local: miniAccounts,
            ilsp: ilspServer
        })

Modify it, so it will show this (where g_remote_name is the remote name you defined as the ILP name):

        CONNECTOR_ACCOUNTS: JSON.stringify({
            g_remote_name: g_remote_name,
            local: miniAccounts,
            ilsp: ilspServer
        })

Finally restart your ILP Connector (as user connector):

su - connector
cd ~/app
pm2 reload launch.config.js --update-env

Now visit the moneyd-gui and see the new g_remote_name on the status page and make sure its connected. If its red, something might be wrong or the remote end is not ready yet. If it does not connect let the remote peer know that there is an issue with the peering.