# Deployment And Rotation Model

## Ingress And Egress Separation

Treat inbound and outbound IPs as different resources with different lifecycles.

- Ingress nodes terminate client connections.
- Egress nodes NAT traffic out to the public internet.
- Clients should never depend on egress IPs for discovery.
- Egress rotation should not force client re-enrollment.

This gives you freedom to:

- rotate front-door IPs aggressively when they are blocked
- spread outbound traffic across many IPs at once
- rebalance sessions gradually instead of hard-cutting users
- isolate ingress bans from outbound reputation issues

## Practical Topology

- Client -> ingress edge
- Ingress edge -> private backbone or overlay
- Private backbone -> egress pool
- Egress pool -> destination internet

The ingress fleet is optimized for reachability under censorship. The egress fleet is optimized for capacity, reputation, and geographic policy.

## Rotation Rules

- Rotate ingress faster than egress.
- Keep several ingress IPs live at once per region.
- Maintain more than one provider and ASN per user population.
- Drain sessions off blocked or degraded nodes rather than dropping them immediately.
- Reassign new sessions using live reachability data from clients in affected networks.

## Provider API Requirement

Use providers with reliable API access so the control system can:

- create and destroy nodes
- attach or allocate addresses
- update DNS and load balancer targets
- stamp bootstrap configuration onto new ingress and egress nodes
- remove blocked nodes from circulation quickly

Good baseline providers for this model are those with scriptable VM, network, and IP APIs. A mixed-provider fleet matters more than any single vendor.

## Orchestrator Contract

The orchestrator should support these actions:

1. `createIngress(region, provider, profile)`
2. `createEgress(region, provider, profile)`
3. `allocateIngressFrontdoors(nodeId, count)`
4. `allocateEgressIps(nodeId, count)`
5. `drainNode(nodeId)`
6. `retireNode(nodeId)`
7. `publishEndpointCatalog(region)`

This repository includes a dry-run deployment planner at [orchestrator/plan.js](/home/uprootiny/damm/orchestrator/plan.js) plus an example topology file at [examples/topology.json](/home/uprootiny/damm/examples/topology.json).