# Node Compliance Rules ### Compliance Rules Nodes must adhere to specific compliance rules to ensure fair distribution and maintain a balanced network. These rules regulate the number of nodes within subnets, ASNs, and cities to avoid saturation and promote decentralization. #### Subnet Limits **Maximum of 5 IPs per /24 subnet** * A /24 subnet means IP addresses like 192.168.1.0 to 192.168.1.255 (256 addresses). * You can only run 5 Qubetics nodes maximum within the same subnet. * Example: If you have IPs 203.45.67.1, 203.45.67.2, 203.45.67.3... you can only run 5 nodes max because they're all in the 203.45.67.x range. **Residential nodes are exempt** * If you're running from a home internet connection (residential IP), this limit doesn't apply. * This rule mainly affects data centers and hosting providers. #### ASN Limits ASN (Autonomous System Number) = Your internet service provider's network identifier. **Nodes must belong to underutilized ASNs** * If too many nodes already exist on a particular provider (like AWS, Google Cloud, etc.), you may not be able to add more. * This prevents one provider from dominating the network. **Overutilized ASNs may impose stricter limits** * Popular hosting providers (DigitalOcean, Hetzner, AWS) likely have many nodes already. * You might face restrictions or earn fewer rewards if your ASN is saturated. #### Why These Rules Exist * **Prevent centralization** - Stop one person/company from controlling too many nodes. * **Ensure decentralization** - Spread nodes across different networks/locations. * **Fair rewards** - Prevent gaming the system by running hundreds of nodes. * **Performance optimization** - Better resource distribution. ### Performance Optimization (Linux) This is an optional performance optimization to handle more users. Apply these kernel tweaks to improve connection handling and increase network and file limits. This is particularly helpful for nodes running on limited VM resources. #### Kernel Tweaks Edit the sysctl configuration: ```bash sudo nano /etc/sysctl.conf ``` Then paste the following settings using SHIFT+CTRL+V: ```bash net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr net.core.somaxconn=8192 net.ipv4.ip_local_port_range=1024 65535 net.core.netdev_max_backlog=2000 net.ipv4.tcp_max_syn_backlog=2048 fs.inotify.max_user_instances=2048 fs.file-max=999999999 ``` #### What These Settings Do? These settings optimize your server's network performance to handle many simultaneous VPN connections efficiently. **BBR Congestion Control** ```bash net.core.default_qdisc=fq net.ipv4.tcp_congestion_control=bbr ``` * BBR (Bottleneck Bandwidth and RTT) = Modern TCP algorithm that improves speed and reduces latency. * Makes VPN connections faster and more stable. **Connection Queue** ```bash net.core.somaxconn=8192 ``` * Increases connection queue size. * Allows your node to accept more simultaneous connection requests. **Port Range** ```bash net.ipv4.ip_local_port_range=1024 65535 ``` * Expands available port range for outbound connections. * Prevents "out of ports" errors when handling many users. **Network Buffers** ```bash net.core.netdev_max_backlog=2000 net.ipv4.tcp_max_syn_backlog=2048 ``` * Increases network packet buffers. * Prevents packet drops during high traffic. **File Descriptors** ```bash fs.inotify.max_user_instances=2048 fs.file-max=999999999 ``` * Increases file descriptor limits. * Prevents "too many open files" errors. ### Troubleshooting #### High Load Check Check if the load exceeds CPU count: ```bash [ $(cut -d '.' -f 1 /proc/loadavg) -gt $(nproc) ] && echo "high" || echo "low" ``` This diagnostic command checks if your CPU is overloaded: * Compares system load vs CPU cores. * If load > CPU count = you need better hardware or optimization. Address this by optimizing resources or upgrading hardware. #### RPC Configuration Use load-balanced RPC servers for better node health: ``` rpc_addresses = "https://tendermint-testnet.qubetics.work" ``` * RPC (Remote Procedure Call) = Your node communicates with Qubetics blockchain. * Using load-balanced RPC servers prevents timeouts and improves reliability. * Ensures your node stays synced with the network. ### Workarounds for Malicious Traffic (Optional) To protect your node from malicious traffic and ensure optimal performance, implement the following strategies. These commands help protect your node from abuse like torrenting and malicious traffic. #### Secure DNS Configure DNS at the system level using systemd-resolved. Edit resolved configuration: ```bash sudo nano /etc/systemd/resolved.conf ``` Add these lines: ``` DNS=1.1.1.2 9.9.9.11 FallbackDNS=1.1.1.1 9.9.9.9 ``` Then restart: ```bash sudo systemctl restart systemd-resolved ``` #### P2P Traffic Blocking Use iptables to block unencrypted traffic. Example rules to block torrent discovery: ```bash # Block torrent announce URLs sudo iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP # Block .torrent file transfers sudo iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP # Save rules so they persist after reboot sudo iptables-save | sudo tee /etc/iptables/rules.v4 ``` Implement a strict "allow specific ports, drop the rest" firewall policy for additional control. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://qubetics.gitbook.io/qubetics-docs/getting-started/qubetics-dvpn/node-compliance-rules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.