Skip to main content

Operating a node

This page explains how to setup and run a builder node.

note

If would like to participate as an operator, please fill out this form to register your interest.

System requirements

  • Intel TDX-capable CPU
  • 16 cores
  • 32 GiB RAM
  • 2 TB disk storage, min 30K IOPS read/write, 1200MiB/s sequential read/write
  • 1 Gbps Internet access

Cloud hosting

Currently only Microsoft Azure is supported for hosting, since it's the only provider with an end-to-end working TEE attestations. We are actively working with Google, OVH and other providers, and expect to expand the list of supported cloud providers soon.

Microsoft Azure Cloud

For Azure, we recommend the Standard_EC16es_v5 instance type. You'll need to request a quota for "Standard ECEV5 Family vCPUs" (16 vCPUs).

The Azure infrastructure can be created with this Terraform module: https://github.com/flashbots/terraform-module-azure-confidential-vm

Notes on the setup:

  • Storage account: no redundancy necessary
  • Disk:
    • 2TB Premium SSD v1 (not v2!) with toggled "Performance Plus" and read-only host cache
    • Need to support 20k IOPS read/write, 900MiB/s sequential read/write

Bare metal hosting

Bare metal hosting is not yet supported. We are currently working with providers including Google and OpenMetal to resolve any remaining issues with measurements, attestations and BIOS upgrades. We expect bare-metal hosting to be available in the near future (Q3/4 2025).

This presentation contains more details about the challenges of TDX attestations on bare-metal servers.

Securing the Operator API

After initial startup of the instance, you need to secure the Operator API by setting a password:

curl -k -v --data "<PASSWORD>" https://<INSTANCE_IP>:3535/api/v1/set-basic-auth
warning

Store the password in a safe place. If it is lost, the instance is not recoverable, and you will need to redeploy the instance.

You can update the password at any time by running the same command with a new password and the old auth secret:

curl -k -v --user "admin:<OLD_PASSWORD>" --data "<NEW_PASSWORD>" https://<INSTANCE_IP>:3535/api/v1/set-basic-auth

Now ensure it works by testing the /logs API call:

curl -k --user "admin:<PASSWORD>" https://<INSTANCE_IP>:3535/logs

Metrics and dashboards

Builder nodes provide metrics in Prometheus format.

Grafana dashboard downloads:

Dashboard screenshots for Orderflow Proxy

Dashboard screenshots for rbuilder