Private Networks

This guide explains how to set up a private network of multiple Geth nodes. An Ethereum network is a private network if the nodes are not connected to the main network. In this context private only means reserved or isolated, rather than protected or secure.

本指南说明了如何建立包含多个Geth节点的专用网络。如果节点未连接到主网络,则以太坊网络是专用网络。在这种情况下,私有仅表示保留或隔离,而不是受保护或安全。

Choosing A Network ID

The network ID is an integer number which isolates Ethereum peer-to-peer networks. Connections between blockchain nodes will occur only if both peers use the same genesis block and network ID. Use the --networkid command line option to set the network ID used by geth.

网络ID是一个整数,用于隔离以太坊ptp网络。仅当两个对等方都使用相同的创世块和网络ID时,区块链节点之间的连接才会发生。使用--networkid 命令行选项设置geth使用的网络ID。

The main network has ID 1. If you supply your own custom network ID which is different than the main network, your nodes will not connect to other nodes and form a private network. If you’re planning to connect to your private chain on the Internet, it’s best to choose a network ID that isn’t already used. You can find a community-run registry of Ethereum networks at https://chainid.network.

主网络的ID是1。如果您提供的自定义网络ID与主网络不同,则您的节点将不会连接到其他节点并形成专用网络。如果您打算连接到Internet上的私有链,则最好选择一个尚未使用的网络ID。在https://chainid.network 上您可以找到由社区运营的以太坊网络注册表

Choosing A Consensus Algorithm 选择一个共识算法

While the main network uses proof-of-work to secure the blockchain, Geth also supports the the ‘clique’ proof-of-authority consensus algorithm as an alternative for private networks. We strongly recommend ‘clique’ for new private network deployments because it is much less resource intensive than proof-of-work. The clique system is also used for several public Ethereum testnets such as Rinkeby and Görli.

尽管主网络使用工作量证明来保护区块链,但Geth还支持“陈旧的”权威证明共识算法,作为私有网络的替代方案。我们强烈建议在新的专用网络部署中使用“ clique”,因为它比工作量证明要少得多的资源。该集团系统还用于多个以太坊公共测试网,例如Rinkeby和Görli。

Here are the key differences between the two consensus algorithms available in Geth:

以下是Geth中可用的两种共识算法之间的主要区别:

Ethash consensus, being a proof-of-work algorithm, is a system that allows open participation by anyone willing to dedicate resources to mining. While this is a great property to have for a public network, the overall security of the blockchain strictly depends on the total amount of resources used to secure it. As such, proof-of-work is a poor choice for private networks with few miners. The Ethash mining ‘difficulty’ is adjusted automatically so that new blocks are created approximately 12 seconds apart. As more mining resources are deployed on the network, creating a new block becomes harder so that the average block time matches the target block time.

Ethash共识是一种工作量证明算法,是一个允许任何愿意将资源专用于采矿的人公开参与的系统。虽然这对于公共网络来说是一个伟大的财产,但是区块链的整体安全性严格取决于用于保护它的资源总量。因此,对于矿工很少的专用网络,工作量证明是一个糟糕的选择。Ethash挖掘的“难度”会自动进行调整,以便在大约12秒的间隔内创建新的区块。随着在网络上部署更多挖掘资源,创建新块变得更加困难,因此平均块时间与目标块时间匹配。

Clique consensus is a proof-of-authority system where new blocks can be created by authorized ‘signers’ only. The clique consenus protocol is specified in EIP-225. The initial set of authorized signers is configured in the genesis block. Signers can be authorized and de-authorized using a voting mechanism, thus allowing the set of signers to change while the blockchain operates. Clique can be configured to target any block time (within reasonable limits) since it isn’t tied to the difficulty adjustment.

Clique共识是一种授权证明系统,其中新的块只能由授权的“签名者”创建。集团共识协议在EIP-225中指定。最初的授权签名者集在创世块中配置。可以使用表决机制对签名者进行授权和取消授权,从而允许在区块链运行时更改签名者集。可以将Clique配置为以任何块时间为目标(在合理的限制内),因为它与难度调整无关。

Creating The Genesis Block

Every blockchain starts with the genesis block. When you run Geth with default settings for the first time, it commits the main net genesis to the database. For a private network, you usually want a different genesis block.

每个区块链都始于创世块。首次使用默认设置运行Geth时,它将把主要的网络起源提交到数据库。对于专用网络,通常需要一个不同的创世块。

The genesis block is configured using the genesis.json file. When creating a genesis block, you need to decide on a few initial parameters for your blockchain:

使用genesis.json文件配置了genesis块。创建创世块时,您需要为区块链确定一些初始参数:

  • Ethereum platform features enabled at launch (config). Enabling protocol features while the blockchain is running requires scheduling a hard fork.
  • 在启动时启用以太坊平台功能(配置)。在区块链运行时启用协议功能需要安排硬分叉。
  • Initial block gas limit (gasLimit). Your choice here impacts how much EVM computation can happen within a single block. We recommend using the main Ethereum network as a guideline to find a good amount. The block gas limit can be adjusted after launch using the --targetgaslimit command-line flag.
  • Initial allocation of ether (alloc). This determines how much ether is available to the addresses you list in the genesis block. Additional ether can be created through mining as the chain progresses.

Clique Example

This is an example of a genesis.json file for a proof-of-authority network. The config section ensures that all known protocol changes are available and configures the ‘clique’ engine to be used for consensus.

Note that the initial signer set must be configured through the extradata field. This field is required for clique to work.

First create the signer account keys using the geth account command (run this command multiple times to create more than one signer key).

geth account new --datadir data

Take note of the Ethereum address printed by this command.

To create the initial extradata for your network, collect the signer addresses and encode extradata as the concatenation of 32 zero bytes, all signer addresses, and 65 further zero bytes. In the example below, extradata contains a single initial signer address, 0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82.

要为您的初始网络创建额外数据,请收集签名者地址,并将额外数据编码为32个零字节,所有签名者地址以及65个其他零字节的串联。在下面的示例中,Extradata包含一个初始签名者地址0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82。

You can use the period configuration option to set the target block time of the chain.

您可以使用“period ”选项来设置链的目标阻止时间。

{
  "config": {
    "chainId": 15,
    "homesteadBlock": 0,
    "eip150Block": 0,
    "eip155Block": 0,
    "eip158Block": 0,
    "byzantiumBlock": 0,
    "constantinopleBlock": 0,
    "petersburgBlock": 0,
    "clique": {
      "period": 5,
      "epoch": 30000
    }
  },
  "difficulty": "1",
  "gasLimit": "8000000",
  "extradata": "0x00000000000000000000000000000000000000000000000000000000000000007df9a875a174b3bc565e6424a0050ebc1b2d1d820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
  "alloc": {
    "7df9a875a174b3bc565e6424a0050ebc1b2d1d82": { "balance": "300000" },
    "f41c74c9ae680c1aa78f42e5647a62f353b7bdde": { "balance": "400000" }
  }
}

Ethash Example

Since ethash is the default consensus algorithm, no additional parameters need to be configured in order to use it. You can influence the initial mining difficulty using the difficulty parameter, but note that the difficulty adjustment algorithm will quickly adapt to the amount of mining resources you deploy on the chain.

由于ethash是默认的共识算法,因此无需配置其他参数即可使用它。您可以使用difficulty 参数来影响初始挖掘难度,但是请注意,难度调整算法将快速适应您在链上部署的挖掘资源量。

{
  "config": {
    "chainId": 15,
    "homesteadBlock": 0,
    "eip150Block": 0,
    "eip155Block": 0,
    "eip158Block": 0,
    "byzantiumBlock": 0,
    "constantinopleBlock": 0,
    "petersburgBlock": 0,
    "ethash": {}
  },
  "difficulty": "1",
  "gasLimit": "8000000",
  "alloc": {
    "7df9a875a174b3bc565e6424a0050ebc1b2d1d82": { "balance": "300000" },
    "f41c74c9ae680c1aa78f42e5647a62f353b7bdde": { "balance": "400000" }
  }
}

Initializing the Geth Database

To create a blockchain node that uses this genesis block, run the following command. This imports and sets the canonical genesis block for your chain.

要创建使用此创世块的区块链节点,请运行以下命令。这将为您的链导入并设置规范的创世块。

geth init --datadir data genesis.json

Future runs of geth using this data directory will use the genesis block you have defined.

使用此数据目录的geth将来运行,将使用您定义的创世纪块。

geth --datadir data --networkid 15

Scheduling Hard Forks 安排硬叉

As Ethereum protocol development progresses, new Ethereum features become available. To enable these features on your private network, you must schedule a hard fork.

随着以太坊协议开发的进展,新的以太坊功能变得可用。要在专用网络上启用这些功能,必须安排硬分叉。

First, choose any future block number where the hard fork will activate. Continuing from the genesis.json example above, let’s assume your network is running and its current block number is 35421. To schedule the ‘Istanbul’ fork, we pick block 40000 as the activation block number and modify our genesis.json file to set it:

首先,选择任何将来激活硬叉的区块编号。继续上面的genesis.json示例,让我们假设您的正在运行网络并且其当前块号为35421。要调度“ Istanbul”分支,我们选择块40000作为激活块号,并修改我们的genesis.json文件进行设置。 :

{
  "config": {
    ...
    "istanbulBlock": 40000,
    ...
  },
  ...
}

In order to update to the new fork, first ensure that all Geth instances on your private network actually support the Istanbul fork (i.e. ensure you have the latest version of Geth installed). Now shut down all nodes and re-run the init command to enable the new chain configuration:

为了更新到新的分支,请首先确保您的专用网络上的所有Geth实例实际上都支持Istanbul分支(即,确保您安装了最新版本的Geth)。现在关闭所有节点,然后重新运行init命令以启用新的链配置:

geth init --datadir data genesis.json

Setting Up Networking

Once your node is initialized to the desired genesis state, it is time to set up the peer-to-peer network. Any node can be used as an entry point. We recommend dedicating a single node as the rendezvous point which all other nodes use to join. This node is called the ‘bootstrap node’.

将您的节点初始化为所需的创始状态后,就该建立 peer-to-peer网络了。任何节点都可以用作入口点。我们建议将单个节点指定为所有其他节点用来联接的集合点。该节点称为“bootstrap node”。

First, determine the IP address of the machine your bootstrap node will run on. If you are using a cloud service such as Amazon EC2, you’ll find the IP of the virtual machine in the management console. Please also ensure that your firewall configuration allows both UDP and TCP traffic on port 30303.

首先,确定您的引导节点将在其上运行的计算机的IP地址。如果您使用的是Amazon EC2之类的云服务,则可以在管理控制台中找到虚拟机的IP。还请确保您的防火墙配置允许端口30303上的UDP和TCP通信。

The bootstrap node needs to know about its own IP address in order to be able to relay it others. The IP is set using the --nat flag (insert your own IP instead of the example address below).

引导节点需要知道其自己的IP地址,以便能够将其中继。使用--nat标志设置IP(插入您自己的IP而不是下面的示例地址)。

geth --datadir data --networkid 15 --nat extip:172.16.254.4

Now extract the ‘node record’ of the bootnode using the JS console.

现在,使用JS控制台提取引导节点的“节点记录”。

geth attach data/geth.ipc --exec admin.nodeInfo.enr

This command should print a base64 string such as the following example. Other nodes will use the information contained in the bootstrap node record to connect to your peer-to-peer network.

此命令应打印base64字符串,例如以下示例。其他节点将使用引导节点记录中包含的信息来连接到对等网络。

"enr:-Je4QEiMeOxy_h0aweL2DtZmxnUMy-XPQcZllrMt_2V1lzynOwSx7GnjCf1k8BAsZD5dvHOBLuldzLYxpoD5UcqISiwDg2V0aMfGhGlQhqmAgmlkgnY0gmlwhKwQ_gSJc2VjcDI1NmsxoQKX_WLWgDKONsGvxtp9OeSIv2fRoGwu5vMtxfNGdut4cIN0Y3CCdl-DdWRwgnZf"

Setting up peer-to-peer networking depends on your requirements. If you connect nodes across the Internet, please ensure that your bootnode and all other nodes have public IP addresses assigned, and both TCP and UDP traffic can pass the firewall.

设置 peer-to-peer 网络取决于您的要求。如果您通过Internet连接节点,请确保您的bootnode和所有其他节点都分配有公共IP地址,并且TCP和UDP通信都可以通过防火墙。

If Internet connectivity is not required or all member nodes connect using well-known IPs, we strongly recommend setting up Geth to restrict peer-to-peer connectivity to an IP subnet. Doing so will further isolate your network and prevents cross-connecting with other blockchain networks in case your nodes are reachable from the Internet. Use the --netrestrict flag to configure a whitelist of IP networks:

如果不需要Internet连接或所有成员节点都使用知名IP进行连接,我们强烈建议设置Geth以限制对IP子网的对等连接。这样做将进一步隔离您的网络,并防止在您的节点可从Internet到达的情况下与其他区块链网络交叉连接。使用--netrestrict标志可配置IP网络白名单:

geth <other-flags> --netrestrict 172.16.254.0/24

With the above setting, Geth will only allow connections from the 172.16.254.0/24 subnet, and will not attempt to connect to other nodes outside of the set IP range.

使用上述设置,Geth将仅允许来自172.16.254.0/24子网的连接,而不会尝试连接到设置的IP范围之外的其他节点。

Running Member Nodes

Before running a member node, you have to initialize it with the same genesis file as used for the bootstrap node.

在运行成员节点之前,必须使用与引导节点相同的创世纪文件对其进行初始化。

With the bootnode operational and externally reachable (you can try telnet <ip> <port> to ensure it’s indeed reachable), you can start more Geth nodes and connect them via the bootstrap node using the --bootnodes flag.

在bootnode可操作且可外部访问的情况下(您可以尝试telnet以确保它确实可以访问),您可以启动更多的Geth节点,并使用--bootnodes标志通过引导节点将它们连接起来。

To create a member node running on the same machine as the bootstrap node, choose a separate data directory (example: data-2) and listening port (example: 30305):

要创建与引导节点在同一台计算机上运行的成员节点,请选择一个单独的数据目录(例如:data-2)和侦听端口(例如:30305):

geth --datadir data-2 --networkid 15 --port 30305 --bootnodes <bootstrap-node-record>

With the member node running, you can check whether it is connected to the bootstrap node or any other node in your network by attaching a console and running admin.peers. It may take up to a few seconds for the nodes to get connected.

在成员节点运行的情况下,可以通过附加控制台并运行admin.peers来检查它是否连接到引导程序节点或网络中的任何其他节点。节点可能最多需要几秒钟才能建立连接。

geth attach data-2/geth.ipc --exec admin.peers

Clique: Running A Signer

To set up Geth for signing blocks in proof-of-authority mode, a signer account must be available. The account must be unlocked to mine blocks. The following command will prompt for the account password, then start signing blocks:

要在授权证明模式下为Geth设置用于签名块的签名者,必须具有签名者帐户。该帐户必须解锁才能解锁。以下命令将提示您输入帐户密码,然后开始签名块:

geth <other-flags> --unlock 0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82 --mine

You can further configure mining by changing the default gas limit blocks converge to (with --targetgaslimit) and the price transactions are accepted at (with --gasprice).

Ethash: Running A Miner

For proof-of-work in a simple private network, a single CPU miner instance is enough to create a stable stream of blocks at regular intervals. To start a Geth instance for mining, run it with all the usual flags and add the following to configure mining:

geth <other-flags> --mine --minerthreads=1 --etherbase=0x0000000000000000000000000000000000000000

This will start mining bocks and transactions on a single CPU thread, crediting all block rewards to the account specified by --etherbase.