Lightning Network adoption continues to proliferate in 2019. Last week Bitfinex was the first major exchange to adopt Lightning as a way to transfer BTC. Now you can deposit and withdraw BTC from their exchange in seconds. 

One thing exchange operators have asked is how to safely “failover” their Lightning node. The ability to failover pieces of your infrastructure is critical in providing high availability web services that customers can access at any time.

Unlike bitcoin, Lightning is an interactive protocol that requires you to be online to accept payments from your customers. This means if your Lightning node goes offline a customer cannot deposit or withdraw funds until it is back up and running. With bitcoin wallets and addresses, customers can still deposit into the exchange even if your node is not online.

Currently if the machine a Lightning node is running on is corrupted, it could be 10s of minutes to get it up and running again if you have followed proper backup protocols

Possible Solutions

One way to provide the ability to failover Lightning nodes is to spin up a large amount of Lightning nodes all with different node ids. If one of the nodes does fail, at least your customers can access other nodes that you may have spun up. 

This gets a little tricky. It adds complexity on clients of the exchange to manage node connections. They now need the ability to find all N of the lightning nodes the exchange has spun up. They also must have sufficient liquidity to all N of the nodes to continue deposits and withdrawals from the exchange which leads to more capital inefficiency in the ecosystem. 

Additional complexity is the fact that invoices that are created on one node are not compatible with other Lightning nodes the exchange is running. This is because each node signs the invoice and provides the digital signature for the client to validate that this invoice hasn’t been forged. While the exchange may be the rightful owner of two nodes, the client will not be able to pay an invoice to another node that the exchange operates which defeats the purpose of this redundancy in the first place. 

Our Solution

Our solution to this problem involves having a remote database that you can use to spin up replicas for existing Lightning nodes. 

There are two things that need to be considered when failing over a Lightning node:

  1. The database that holds all relevant information to channels 
  2. The private keys associated with the bitcoin in the Lightning channels

Currently all Lightning implementations use local databases by default to store information related to their channel. This is antithetical to failover strategies as we must have the data available remotely to be able to spin up a new server. 

At Suredbits, we forked Eclair to add support for a remote database. C-lightning has implemented support for PostgreSQL. This does incur some latency as now every time a channel is updated, you need to write to a remote database. With this change, if your eclair node were to fail on the machine you could spin up a new eclair node with all of the same channel information on a separate machine. 

This would allow for the ability for a business to failover the node.

There is some risk with remote databases 

  1. Failure to write to the remote database due to network level issues
  2. Multiple nodes reading from the same database that can cause loss of funds via the penalty mechanism

With Eclair, channel operations cannot continue if writing to the database fails. This mitigates issue #1 since you can use database level locks to make sure only one machine can read/write from the database, which in turn, mitigates issue #2. 

Now you can safely failover your Lightning node in a matter of seconds. 

Get in touch with the team on Twitter:

Suredbits

Chris Stewart


All of our API services, for both Cryptocurrency APIs as well as Sports APIs, are built using Lightning technology and the Lightning Network. All API services are live on Bitcoin’s mainnet. Our fully customizable data service allows customers to stream as much or as little data as they wish and pay using bitcoin.

You can connect to our Lightning node at the url:

038[email protected]ln.suredbits.com

To learn more about how our Lightning APIs work please visit our API documentation or checkout our Websocket Playground to start exploring fully customized data feeds.

If you are a company or cryptocurrency exchange interested in learning more about how Lightning can help grow your business, contact us at [email protected].