openskills.info

Blockchain Infrastructure

itDistributed systems, messaging, and integration

You should already be familiar with: blockchain-fundamentals

Blockchain Infrastructure

Blockchain infrastructure is the machinery between a blockchain protocol and the software that uses it. It runs protocol clients, keeps network data available, exposes application interfaces, and turns raw chain activity into useful operational signals.

You do not need to operate every component yourself. You do need to know which component answers each request, what it trusts, and how it can fail.

This course uses Ethereum and Geth for concrete examples. The operating model also applies to other blockchain networks. Exact client commands, node roles, and finality rules remain network-specific.

The problem infrastructure solves

A blockchain application cannot read shared state by contacting "the blockchain" as an abstract object. It sends a request to a node or a service that operates nodes. That path introduces real systems concerns:

  • Is the node on the intended network?
  • Has it synchronized far enough to answer the request?
  • Does it retain the historical state the request needs?
  • Can the endpoint handle the request rate?
  • Which methods may the caller invoke?
  • What happens when a node, region, or provider fails?
  • Can you detect stale, divergent, or incomplete results?

Blockchain infrastructure makes those questions explicit. It does not remove the protocol's trust model. It adds an operational trust model around access to the protocol.

A six-part mental model

Think of the infrastructure as six connected parts.

  1. Protocol clients validate and follow the network. On current Ethereum, an execution client processes transactions and state. A consensus client follows proof-of-stake consensus. The two communicate through the authenticated Engine API.
  2. Peer-to-peer networking lets clients discover peers, exchange blocks, and follow the network head. A running process without healthy peers is not a useful source of current chain data.
  3. Chain storage holds blocks, receipts, and state. Retention and pruning choices determine which historical questions a node can answer efficiently.
  4. RPC access gives applications a request interface. Ethereum execution clients implement a common JSON-RPC method set, although clients can also expose implementation-specific methods.
  5. Application data services read blocks, transactions, logs, or traces and shape them for application queries. This layer often includes an indexer and an application database.
  6. Operations and security cover releases, configuration, monitoring, capacity, backups, access control, and incident response.

Follow one read request through the stack:

Application → API edge → RPC node → local chain data → response

For a subscribed event or indexed query, add an off-chain processing path:

RPC node → event consumer or indexer → application database → application

The second path trades direct protocol access for query speed and a data model suited to the application. The database is a derived view. You still need a defined way to reconcile it with canonical chain history.

Node roles are service choices

"Run a node" is not a complete requirement. Start with the workload.

A current-state workload needs recent blocks and current contract state. A normal synchronized full node usually fits. A historical analytics workload may need old state at specific block heights. That workload can require an archive-capable node or a specialized data service.

An Ethereum archive node retains historical state instead of pruning it. That makes historical state queries faster, but increases storage and operating cost. Do not choose archive retention because it sounds more complete. Choose it because named queries require it.

A validator workload adds stricter availability and key-handling concerns. On Ethereum, a solo validator depends on both an execution client and a consensus client. Validator keys are not ordinary RPC credentials. Keep signing duties and key custody separate from public application access.

Synchronization is part of readiness

A process can be alive while its data is not ready.

Synchronization is how a client catches up with the network. Different sync modes trade time, storage, and trust assumptions. In Geth, the eth_syncing method returns progress data while synchronization is active and false when it is not syncing.

That result is necessary but not sufficient for a production readiness check. Also inspect:

  • the latest block observed by the node;
  • the age of that block;
  • the active peer count;
  • execution-client and consensus-client agreement;
  • disk, memory, and input/output pressure;
  • RPC error rate and latency.

A load balancer should not send normal traffic to a node that is still catching up. A stronger check compares the node's view with an independent reference and applies a workload-specific freshness limit.

The RPC endpoint is a security boundary

JSON-RPC is the usual application entry point for an Ethereum execution client. The method name identifies a namespace and operation, such as eth_blockNumber.

Geth can serve JSON-RPC over HTTP, WebSocket, or an interprocess socket. HTTP is a common remote application transport. WebSocket supports subscriptions. A local interprocess socket keeps communication on one machine.

Do not expose a client endpoint directly to an untrusted network. Geth's own security guidance says its endpoints are not designed to withstand hostile clients or large public traffic volumes. Put an API edge in front of remotely used nodes. The edge can provide:

  • transport encryption;
  • authentication and authorization;
  • method allowlists;
  • request size and rate limits;
  • timeouts and concurrency limits;
  • logging and abuse detection;
  • routing across healthy nodes.

Keep the client bound to a private or loopback address where possible. Enable only the namespaces the workload needs. Administrative, debugging, account, and signing methods deserve stricter isolation than ordinary read methods.

Self-hosted, managed, or hybrid

A self-hosted fleet gives you direct control over client choice, configuration, retention, upgrades, and data locality. You also own synchronization, security, capacity, and incident response.

A managed node service operates nodes and exposes an authenticated API. Ethereum's documentation notes that providers may place load balancers across nodes and may offer full or archive access. The provider removes much of the node maintenance, but adds provider limits and a dependency outside your system.

A hybrid design uses both. For example, normal traffic can use an internal node fleet while a second provider supplies independent verification or temporary failover. Redundancy only helps when failure modes are independent. Two endpoints backed by the same provider, region, client implementation, or control plane may fail together.

Choose by writing the requirements first:

RequirementQuestion to answer
DataCurrent state, receipts, logs, traces, or historical state?
FreshnessHow far behind the network may a response be?
AvailabilityWhich failures must the service survive?
ThroughputWhich methods dominate request volume and cost?
TrustMust results be verified by your own node or a second source?
SecurityWho may call which methods from which networks?
OperationsWho patches, monitors, scales, and restores the service?

Operate signals, not just processes

Geth exposes optional metrics and documents dashboards for system, network, and blockchain behavior. Metrics are disabled by default and can be enabled at startup.

Build alerts around service outcomes:

  • head age exceeds the allowed freshness window;
  • peer count stays below the safe operating range;
  • synchronization resumes unexpectedly;
  • execution and consensus clients stop communicating;
  • free disk approaches the capacity threshold;
  • RPC errors, timeouts, or tail latency rise;
  • indexed data falls behind the node head;
  • two independent sources disagree beyond the expected finality window.

CPU and memory still matter, but a green host does not prove a current chain view. Tie infrastructure metrics to protocol progress and application behavior.

Plan for change

Blockchain networks change through scheduled upgrades. Client software also receives security and compatibility releases. Ethereum's node guide directs operators to keep clients current, especially before network upgrades.

Treat an upgrade as a production change:

  1. Read the network and client release notices.
  2. Verify downloaded binaries or images against official release material.
  3. Test the version and configuration on a non-production network or canary node.
  4. Confirm database-format and rollback constraints.
  5. Roll through redundant nodes without removing all capacity at once.
  6. Watch synchronization, peers, head freshness, errors, and resource use.
  7. Record the running version and configuration.

Back up what cannot be recreated. Chain databases can usually be resynchronized, although that may take substantial time. Keys, passwords, configuration, and deployment records require deliberate protection. Geth documentation specifically separates recreatable chain data from the keystore and stresses secure keystore and password backups.

Common design mistakes

The first mistake is treating a successful TCP connection as proof of correct data. The endpoint may be on the wrong network, behind the head, or missing required history.

The second is using one endpoint for every trust zone. Public reads, internal analytics, debugging, and validator communication have different risk profiles.

The third is adding replicas without defining consistency. A load balancer can route adjacent requests to nodes at different heads. Decide when that is acceptable and when a request needs pinning or an explicit block reference.

The fourth is confusing protocol durability with application availability. A network can continue while your RPC endpoint, indexer, DNS, credentials, or database is unavailable.

The fifth is retaining every historical state without a query requirement. Archive access is a product capability with a storage and maintenance cost.

A practical route forward

Start by querying a trusted testnet endpoint. Learn the request envelope and hexadecimal quantity encoding. Then inspect sync state, block height, peer count, and client version on a node you control.

Next, design the endpoint boundary. Bind the client privately. Add an authenticated proxy, a small method allowlist, rate limits, and structured request logs. Test failure behavior when one backend is stale or offline.

Then add protocol-aware monitoring. Track head age, synchronization, peers, resources, and RPC outcomes. Rehearse one client upgrade and one recovery from lost recreatable data.

Finally, build an application data pipeline only for queries that raw RPC cannot serve well. Record block identifiers with derived rows. Define how the pipeline handles reorganizations, restarts, and backfills.

Relevant careers