§ Wiki · Wiki entryView source ·.md

Node Provider Networking Guide

Networking requirements for connecting node machines to the Internet Computer — bandwidth, IPv4/IPv6, switch layout, BMC isolation, and monitoring.

·May 4, 2026·4 min read

This guide covers the networking that a node provider is expected to put in place around each rack of node machines. Configuring networks is not trivial; providers should be comfortable with IP networking and with the configuration of switches and other network equipment before starting.

What you need to provide

A typical site needs the following ingredients before any node is turned on:

A 10G switch fabric — SFP+ or 10G Ethernet, with enough ports for the planned deployment, plus cabling.
Bandwidth of approximately 300 Mbps per node, sustained, with unfiltered access to the public internet.
One IPv6 /64 prefix for the deployment. Each node receives multiple IPv6 addresses out of that prefix.
At least two IPv4 addresses per data center, attached to the first two node machines in the first rack at that site.
One domain name per IPv4-configured node (see Node Provider Domain Name Guide).

All IP addresses are assigned statically; IC-OS configures the network from the values supplied during deployment.

Cabling

At least one 10G port on each server must connect to the 10G switch. Port locations depend on the chassis vendor; for the example Supermicro 1U servers in the upstream guide the 10G ports sit on the add-in NIC at the rear of the chassis. Confirm the layout for the specific hardware in use before pulling cables.

Per-node configuration

Every node machine requires:

A public, static IPv6 address on the assigned /64.
A configured IPv6 gateway with reachability to the wider internet.
Unfiltered internet access — no upstream packet filtering against IC-OS traffic.

The first two nodes in the first rack of each data center additionally require:

A public, static IPv4 address.
A configured IPv4 gateway with reachability to the wider internet.
Unfiltered internet access on IPv4 as well.

Beyond that pair, additional nodes can run on IPv6 only. The IPv4 pair preserves the network's ability to reach back into the data center regardless of how the rest of the rack is configured.

What not to do

[!WARNING] Do not place external firewalls or packet filters in front of node machines. Filtering node traffic upstream disrupts protocol behavior. IC-OS manages its own software firewalls on each node.

[!WARNING] Do not configure LACP bonding on the switch ports facing IC nodes. IC nodes do not currently support LACP.

BMC isolation

Baseboard Management Controllers (BMCs) ship with notoriously poor security defaults. Treat the BMC network as hostile and isolate it from the public internet:

Replace the default BMC password with a strong, unique credential on every machine before the BMC is reachable from anywhere outside the rack.
Never expose the BMC interface broadly to the public internet.
Place the BMC on an isolated management network — a separate switch or a dedicated VLAN — rather than the production node network.
Where operationally acceptable, restrict BMC access to physical presence at the site.

Network and server monitoring

Providers are expected to monitor both the switch fabric and the node machines. Two common approaches:

SNMP

Use SNMPv3 so that polling traffic is authenticated and encrypted.
Define alerting thresholds for bandwidth, CPU, memory, and interface errors.
Retain historical data to support trend analysis and capacity planning.

gNMI / gRPC streaming telemetry

Confirm that the switch and NIC firmware support gNMI before committing to it.
Run telemetry over TLS.
Configure subscriptions for the metrics that matter, with sample intervals tuned to the load you can ingest.

For node-level alerting and the available open-source helpers, see Node Provider Alerting Options.

Pre-launch checklist

Before the first node is powered on, verify:

10G switch is in place and configured.
At least one 10G port per server is patched to the switch.
The IPv6 /64 prefix is allocated and routed to the rack.
At least two IPv4 addresses are reserved for the data center.
Domain names exist for each IPv4 node.
Sustained bandwidth of around 300 Mbps per node is available.
BMCs are not reachable from the public internet.

Node Provider Documentation
How independent operators run the hardware that hosts the Internet Computer — the role, the current onboarding status, the lifecycle from proposal to operation, and the rewards.
Data Center and ISP Guide
How node providers should approach selecting a data center and an ISP — distributing across countries, gathering quotes, and finalizing a colocation contract.
Node Provider Domain Name Guide
How to assign domain names and DNS records to IPv4-enabled node machines, with a walk-through of a typical Cloudflare configuration.
Decentralization and Security Guide
Operational practices that node providers should follow to defend the Internet Computer's decentralization — independence, supply-chain hygiene, physical security, and key handling.

For agents

The plain-markdown source is available at /wiki/node-networking-guide/source.md. Agents should read that rather than parse this page.