Setting up 3 sentries and a validator on Umee (or any other Cosmos network)

Umee is a crosschain project that bridges DeFi between Cosmos and Ethereum

We wrote an article on how set sentries and validators on the same machine on Bitcanna network, but that specific use case is not a real mainnet scenario. So we have decided to write this article on how to set up 3 sentry nodes and a validator node in Umee Network (but is also valid for any other Cosmos networks), so it could help others with the task in the future.

First of all, you will have to set your nodes configure to be able to run the Umee node daemon and configured to connect to the Umee network. But that’s not part of the article, you can find those instructions in Umee Github repositories.

For a mainnet setup composed of sentries and validator the configuration of your nodes should contain the following structure:

## Validator node configuration
pex = false
persistent_peers =list of sentry nodes
private_peer_ids =omitted
addr_book_strict =false

## Sentry Node Configuration
pex =true
persistent_peers =validator node, and optionally other sentry nodes private_peer_ids = validator node id
addr_book_strict = false

As you may know, the way to specify a node is the following:


Usually the p2p port for Cosmos networks is 26656, and the tendemint node id can be obtained with the following command

umeed tendermint show-node-id

A valid example could be: 47a763c7c542db370f0a7e380d355f89c6f1115b@

If our setup nodes would have the following values (node ids and ip’s are not real…):

Sentry 1: 111@
Sentry 2: 222@
Sentry 3: 333@
Validator: 444@

and the list of network seed nodes is represented by this string “REPLACE WITH NETWORK SEED NODES”, the setup configuration would look like this:

# Sentry 1 config (111@
persistent_peers = “222@,333@,444@”
addr_book_strict = false
pex = true
private_peer_ids = “444”

# Sentry 2 config (222@
persistent_peers = “111@,333@,444@”
addr_book_strict = false
pex = true
private_peer_ids = “444”

# Sentry 3 config (333@
persistent_peers = “111@,222@,444@”
addr_book_strict = false
pex = true
private_peer_ids = “444”

# Validator config (444@
seeds = “”
persistent_peers = “111@,222@,333@”
addr_book_strict = false
pex = false
private_peer_ids = “”

As you may see, all the sentries have the pex value set to true, this makes the nodes try to discover and connect to nodes of the network, but not for the validator. The sentries are also set to have the validator as a private peer (private_peer_ids value), so the validator it isn’t gossipped to the rest of the network and remains anonymous.

Besides that, the validator is connected to all the sentries that will act as a proxy connection to the P2P network, and the sentries are connected to the validator, and optionally to other validators (as in this case).

A good way to test that your validator is hidden from the network, is to check that the validator is only able to connect to the network when at least 1 sentry node is running and in sync. So set all your nodes working, and stop all the 3 sentries, and check that the validator node is not able to sync and sign blocks anymore, start 1 sentry node again and check that the validator syncs again and begins signing blocks too.

Also, don’t forget to set your security practices on all your nodes (firewall, ssh access, certificates, etc.).

And that’s it! Hope it helps you set a better infrastructure for your Cosmos validators and mitigate those possible DDoS attacks.

For further info you can have a look at Cosmos forums on the topic, or just ask in Umee validator communities Discord channels. And of course have a look at this interesting Cosmos DeFi project, Umee Network.



We're a company of Blockchain passionate individuals that aim to help decentralize the world while having fun with technology.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store