Hardware and bandwidth requirements for the Tezos DAL

The Paris proposal introduces the Data Availability Layer (DAL) on Tezos Mainnet. The DAL will provide increased throughput and data bandwidth for Tezos Smart Rollups, especially Etherlink. This post provides insight into suggested minimum hardware and bandwidth requirements to participate in the DAL with the intent of gathering feedback from interested community members, especially active Tezos bakers.

In a nutshell, the DAL is a complementary peer-to-peer network, with two main roles for participants:

  • slot producers, who publish data into the network; and,
  • attesters, who ensure the availability of the published data.

Other roles help improving the health of the network in terms of connectivity and data dissemination:

  • bootstrap nodes, who help in topics-based peers discovery; and,
  • slots observers, who allow slots reconstruction/amplification.

Tezos bakers who choose to run an attester DAL node, will then play a key role: by retrieving the data and attesting it in Layer 1 blocks, they will verify data availability on Tezos. Note that, by enshrining the attester role to Layer 1 consensus, participation will be proportional to the bakers stake, and hardware and bandwidth requirements will therefore also depend on their stake.

This post provides some minimal requirements for the bakers when they run a DAL attester node, and also for slot producers publishing rollup data to the DAL for every Layer 1 block – keep in mind that CPU requirements depend on the amount of published data.

We have experimented with various hardware configurations for both slot producers and attesters on custom test networks running on Google Cloud Platform. We inferred the following minimal requirements to get 100% of the 32 published slots data at each level attested by the bakers.

Bakers 0.5% of total stake 1% of the total stake 2% of the total stake 5% of the total stake 15% of the total stake
Machine type e2-small (ssd) ($15 a month) e2-small (ssd) ($15 a month) e2-small (ssd) ($15 a month) e2-medium (ssd) ($30 a month) c2-standard-4 ($140 a month)
CPU clock 2,25 GHz 2,25 GHz 2,25 GHz 2,25 GHz 3,1 GHz
RAM 2 GiB 2 GiB 2 GiB 4 GiB 4 GiB
Disk space (*) 20 GiB 20 GiB 20 GiB 20 GiB 20 GiB
Bandwidth (upload) 250 KiB/s 250 KiB/s 250 KiB/s 250 KiB/s 250 KiB/s
Bandwidth (download) 250 KiB/s 350 KiB/s 400 KiB/s 600 KiB/s 1 MiB/s

(*) This is a conservative estimate of the maximum disk space used by the DAL node. It does not include the size of the executable, nor other dependencies.

Slot producer 1 slot per block
CPU n2-standard-2 ($70 a month)
RAM 4 GiB
Disk space 500 GiB
Bandwidth (upload) 2.5 MiB/s
Bandwidth (download) 0.5 MiB/s

We will provide further details about the experiments guiding these recommendations in a future blog post. Still, we believe that the proposed requirements are relatively fair, even for larger stakes, and can be served by affordable, off-the-shelf hardware or cloud providers. This is aligned with Tezos general positioning that a low barrier of entry for bakers (validators) not only contributes to an effective and inclusive network decentralization but also increases hardware and platform diversity, which reduces security risks – the same principles behind proposed improvements in Layer 1 performance.

In general, we recommend operating DAL nodes and Tezos bakers on separate IP addresses to avoid leaking the baker’s one. This does not require running them on separate physical machines, and can be set up using most cloud storage solutions.

If you already run a baker, please consider running an attester DAL node to help us improve Tezos scalability. Note that it’s already possible to test the DAL in the Weeklynet teztnet – do not hesitate to reach out to us if you need help setting up.

9 Likes

The documentation advises against running the DAL node on the same machine as the baker daemon due to potential IP address leaks caused by the DAL.

Is there any plan to address this issue?

5 Likes

Perhaps wallet nodes can be used as relays for DAL that way everything is not hitting the DAL nodes directly?

1 Like

Upon reevaluation of the risks, we have revised our guidance and no longer recommend against deploying the DAL node on the same machine as the baker node.

The initial concern was that an attacker with access to a DAL node’s RPC endpoints could exploit a target baker’s IP address to launch a Denial-of-Service (DoS) attack. However, this risk is deemed low compared to other vulnerabilities inherent in public machines. Moreover, as the network expands and more nodes join, the risk is expected to diminish further due to the increasing complexity of mapping bakers’ identities to IP addresses.

2 Likes