Skip to main content

Authenticated UDP Checking

In preparation for the upcoming Clear UDP traffic decommission, this guide helps verify that a Monad node is properly configured for Authenticated UDP. It checks that the node's configuration and peer settings fully support Auth UDP operation.

Steps

1. Install yq (tomlq tool)

sudo apt-get update && sudo apt-get install -y yq

2. Run the configuration validation script

MF_BUCKET=https://bucket.monadinfra.com
curl -fsSL $MF_BUCKET/scripts/validate-auth-udp-config.sh | bash -s -

Example output:

======================================
Checking monad client configuration...


Node name        : my-node
Node config file : /home/monad/monad-bft/config/node.toml
Peers file       : /home/monad/monad-bft/config/peers.toml


peer_discovery.self_auth_port = 8001 ✔
bootstrap.peers[1] address=64.31.29.190:8000 auth_port=8001 ✔
bootstrap.peers[2] address=64.31.53.173:8000 auth_port=8001 ✔
bootstrap.peers[3] address=208.115.197.25:8000 auth_port=8001 ✔
bootstrap.peers[4] address=64.130.52.235:8000 auth_port=8001 ✔
bootstrap.peers[5] address=64.130.56.50:8000 auth_port=8001 ✔
bootstrap.peers[6] address=64.130.49.148:8000 auth_port=8001 ✔
bootstrap.peers[7] address=69.162.93.53:8000 auth_port=8001 ✔
bootstrap.peers[8] address=185.189.46.19:8001 auth_port=8001 ✔


Current peers (depends on the network):
Auth UDP          : 166
Clear UDP         : 25
Total             : 191


✔ Configuration is Auth UDP compliant, and ready for Clear UDP decommission.

If the configuration is not Auth UDP compliant

Please consider the following steps:

  • Follow the Auth UDP guide

  • Verify the bootnode peers configuration are updated

    • https://t.me/MonadNodeAnnouncements/103

    • Bootstrap Peers Update (11 Feb 2026)
      

      Dear node operators,
      

      With the recent activation Authenticated UDP traffic, the bootstrap peers needed to be updated on all nodes, in order to join the network.
      

      1. Get the new bootstrap peers signatures (all [[bootstrap.peers]] items):
      

        Mainnet:
      

          - Validators: https://bucket.monadinfra.com/config/mainnet/latest/node.toml
      

          - Full node: https://bucket.monadinfra.com/config/mainnet/latest/full-node-node.toml
      

        Testnet:
      

          - Validators: https://bucket.monadinfra.com/config/testnet/latest/node.toml
      

          - Full node: https://bucket.monadinfra.com/config/testnet/latest/full-node-node.toml
      

      2. Make sure to replace existing peering records with the new ones. The configuration should not have duplicated entries for a given secp256k1_pubkey.
      

      3. Restart the node: systemctl restart monad-bft monad-execution monad-rpc. (No hard reset required)
      

      4. Verify the node can rejoin the network.
      

      Note: Be aware that a hard reset wipes the node's peering cache, since the reset-workspace.sh script deletes the peers.toml file. Any outdated peering setup may cause connection issues. After a hard reset, nodes must rebuild their peer list from scratch using the new bootstrap peering signatures.
      

      If you require assistance, please reach out to the Devops team.
      

      Many Thanks,
      -MF

  • Ensure the upstream/downstream connections (validator <> dedicated/prioritized full node) are using Auth UDP

    • If the remote peer already supports Auth UDP, the script should locate the corresponding record in peers.toml and print the expected configuration.
    • If the remote peer is still using Clear UDP, the script will not find a matching record. In this case, contact the remote peer operator to request Auth UDP activation and the new name record signature.