Node Compliance Rules

Compliance Rules

Nodes must adhere to specific compliance rules to ensure fair distribution and maintain a balanced network. These rules regulate the number of nodes within subnets, ASNs, and cities to avoid saturation and promote decentralization.

Subnet Limits

Maximum of 5 IPs per /24 subnet

  • A /24 subnet means IP addresses like 192.168.1.0 to 192.168.1.255 (256 addresses).

  • You can only run 5 Qubetics nodes maximum within the same subnet.

  • Example: If you have IPs 203.45.67.1, 203.45.67.2, 203.45.67.3... you can only run 5 nodes max because they're all in the 203.45.67.x range.

Residential nodes are exempt

  • If you're running from a home internet connection (residential IP), this limit doesn't apply.

  • This rule mainly affects data centers and hosting providers.

ASN Limits

ASN (Autonomous System Number) = Your internet service provider's network identifier.

Nodes must belong to underutilized ASNs

  • If too many nodes already exist on a particular provider (like AWS, Google Cloud, etc.), you may not be able to add more.

  • This prevents one provider from dominating the network.

Overutilized ASNs may impose stricter limits

  • Popular hosting providers (DigitalOcean, Hetzner, AWS) likely have many nodes already.

  • You might face restrictions or earn fewer rewards if your ASN is saturated.

Why These Rules Exist

  • Prevent centralization - Stop one person/company from controlling too many nodes.

  • Ensure decentralization - Spread nodes across different networks/locations.

  • Fair rewards - Prevent gaming the system by running hundreds of nodes.

  • Performance optimization - Better resource distribution.

Performance Optimization (Linux)

This is an optional performance optimization to handle more users. Apply these kernel tweaks to improve connection handling and increase network and file limits. This is particularly helpful for nodes running on limited VM resources.

Kernel Tweaks

Edit the sysctl configuration:

sudo nano /etc/sysctl.conf

Then paste the following settings using SHIFT+CTRL+V:

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
net.core.somaxconn=8192
net.ipv4.ip_local_port_range=1024 65535
net.core.netdev_max_backlog=2000
net.ipv4.tcp_max_syn_backlog=2048
fs.inotify.max_user_instances=2048
fs.file-max=999999999

What These Settings Do?

These settings optimize your server's network performance to handle many simultaneous VPN connections efficiently.

BBR Congestion Control

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

  • BBR (Bottleneck Bandwidth and RTT) = Modern TCP algorithm that improves speed and reduces latency.

  • Makes VPN connections faster and more stable.

Connection Queue

net.core.somaxconn=8192

  • Increases connection queue size.

  • Allows your node to accept more simultaneous connection requests.

Port Range

net.ipv4.ip_local_port_range=1024 65535

  • Expands available port range for outbound connections.

  • Prevents "out of ports" errors when handling many users.

Network Buffers

net.core.netdev_max_backlog=2000
net.ipv4.tcp_max_syn_backlog=2048

  • Increases network packet buffers.

  • Prevents packet drops during high traffic.

File Descriptors

fs.inotify.max_user_instances=2048
fs.file-max=999999999

  • Increases file descriptor limits.

  • Prevents "too many open files" errors.

Troubleshooting

High Load Check

Check if the load exceeds CPU count:

[ $(cut -d '.' -f 1 /proc/loadavg) -gt $(nproc) ] && echo "high" || echo "low"

This diagnostic command checks if your CPU is overloaded:

  • Compares system load vs CPU cores.

  • If load > CPU count = you need better hardware or optimization.

Address this by optimizing resources or upgrading hardware.

RPC Configuration

Use load-balanced RPC servers for better node health:

rpc_addresses = "https://tendermint-testnet.qubetics.work"

  • RPC (Remote Procedure Call) = Your node communicates with Qubetics blockchain.

  • Using load-balanced RPC servers prevents timeouts and improves reliability.

  • Ensures your node stays synced with the network.

Workarounds for Malicious Traffic (Optional)

To protect your node from malicious traffic and ensure optimal performance, implement the following strategies. These commands help protect your node from abuse like torrenting and malicious traffic.

Secure DNS

Configure DNS at the system level using systemd-resolved.

Edit resolved configuration:

sudo nano /etc/systemd/resolved.conf

Add these lines:

DNS=1.1.1.2 9.9.9.11
FallbackDNS=1.1.1.1 9.9.9.9

Then restart:

sudo systemctl restart systemd-resolved

P2P Traffic Blocking

Use iptables to block unencrypted traffic. Example rules to block torrent discovery:

# Block torrent announce URLs
sudo iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP

# Block .torrent file transfers
sudo iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP

# Save rules so they persist after reboot
sudo iptables-save | sudo tee /etc/iptables/rules.v4

Implement a strict "allow specific ports, drop the rest" firewall policy for additional control.

PreviousdVPN Node & Provider Earnings SystemNextdVPN Node Setup Guide

Last updated