Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

update scenario_1 #5

Merged
merged 1 commit into from
Jul 25, 2024
Merged

update scenario_1 #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 20 additions & 14 deletions CIP-0123/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ that the Cardano network encounters a situation where the built-in recovery mech
## Disaster Recovery Procedures
<!-- The technical specification should describe the proposed improvement in sufficient technical detail. In particular, it should provide enough information that an implementation can be performed solely on the basis of the de# the CIP. This is necessary to facilitate multiple, interoperable implementations. This must include how the CIP should be versioned, if not covered under an optional Versioning main heading. If a proposal defines structure of on-chain data it must include a CDDL schema in its specification.-->

While recovery will need to be tailored to the actual situation, three main scenarios can be identified.
While the exact recovery process will depend on the unique nature of the failure, there are three main scenarios we can consider.

### Scenario 1: Long-Lived Network Partition

Expand Down Expand Up @@ -87,19 +87,25 @@ would violate the required Praos guarantees.

#### Remediations

Disconnected nodes must be reconnected to the main chain by their operators. This can be done
by truncating the local block database to a point before the chain fork and then resycing
against the main network. This can be done by the `db-truncator` tool.

Full node wallets can also be recovered in the same way, though this
may require technical skills that the end users do not possess. It
may be easier, if slower, for them to simply resynchronize their nodes
from genesis. This could take some time. An alternative might be to
restore using a Mithril or other signed snapshot. In this case, care
needs to be taken to achieve the correct balance of trust against
speed of recovery.


Disconnected nodes must be reconnected to the main chain by their operators. This can be done
by truncating the local block database to a point before the chain fork and then resyncing
against the main network. This can be done using the `db-truncator` tool.

Full node wallets can also be recovered in the same way, though this may require technical
skills that the end users do not possess. It may be easier, if slower, for them to simply
resynchronize their nodes from genesis.

Ouroboros Genesis provides additional resilience when recovering from long lived network partitions.
In Praos nodes resyncing from a point before the chain fork could still in some cases follow the
alternative chain (if it is the first one seen) and extra mechanisms may be needed to avoid this
possibility. In Praos, for example, this may require that all participants on the alternate chain
truncate the local block database prior to the partition being resolved. In Ouroboros Genesis
when resyncing from a point before the chain fork, the chain selection rules will ensure
selection of the correct path for the main chain assuming the partition has been resolved.

Alternative methods to restore might include the use of Mithril or other signed snapshot.
In this case, care needs to be taken to achieve the correct balance of trust against speed
of recovery.

#### Additional Effects on Cardano Users

Expand Down