Merge pull request #181 from aws-samples/solana

frbrkoala · web-flow · commit de29a704054e · 2025-03-25T12:56:35.000+11:00
Solana. Network throttling feature.
diff --git a/lib/solana/README.md b/lib/solana/README.md
@@ -26,6 +26,16 @@ Solana nodes on AWS can be deployed in 2 different configurations: base RPC and
 3.	The Solana nodes use all required secrets locally, but optionally can store a copy in [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html) as secure backup.
 4.	The Solana nodes send various monitoring metrics for both EC2 and Solana nodes to Amazon CloudWatch.
 
+### Optimizing Data Transfer Costs
+
+Solana Agave clients generate significant outbound traffic, ranging from 80 to 200+ TiB monthly in recent years. To manage associated costs, the blueprint includes an outbound traffic optimization feature that automatically monitors and adjusts bandwidth usage.
+
+The system works by tracking the node's "Slots Behind" metric after the initial sync is done. When this metric reaches zero, indicating the node is fully synced, the system applies a user-defined bandwidth limit specified in the `SOLANA_LIMIT_OUT_TRAFFIC_MBPS` variable of your `.env` file. If the slots behind metric exceeds 100, the limit is temporarily removed until the node catches up. While the default outbound bandwidth limit is set to 20 Mbit/s (~6.5 TiB/month), testing has shown that nodes can maintain synchronization even at speeds as low as 15 Mbit/s. Inbound bandwidth remains unrestricted.
+
+To maintain operational efficiency, the system excludes internal network traffic from these restrictions. Traffic within standard internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) remains unrestricted, ensuring that AWS applications using internal IPs function normally. This optimization can reduce data transfer costs by over 90%.
+
+It's important to note that while this feature is highly effective for RPC nodes, it should not be implemented on consensus nodes. Restricting outbound traffic on consensus nodes can compromise performance and is not recommended for optimal network participation.
+
 ## Additional materials
 
 <details>
@@ -84,8 +94,8 @@ This is the Well-Architected checklist for Solana nodes implementation of the AW
 
 | Usage pattern  | Ideal configuration  | Primary option on AWS  | Data Transfer Estimates | Config reference |
 |---|---|---|---|---|
-| 1/ Base RPC node (no secondary indexes) | 48 vCPU, 384 GiB RAM, Accounts volume: EBS gp3, 500GiB, 7K IOPS, 700 MB/s throughput, Data volume: EBS gp3, 2TB, 9K IOPS, 700 MB/s throughput   | r7a.12xlarge, Accounts volume: EBS gp3, 500GiB, 7K IOPS, 700 MB/s throughput, Data volume: EBS gp3, 2TB, 9K IOPS, 700 MB/s throughput | 13-15TB/month (no staking) | [.env-sample-baserpc-x86](./sample-configs/.env-sample-baserpc-x86) |
-| 2/ Extended RPC node (with all secondary indexes) | 96 vCPU, 768 GiB RAM, Accounts volume: 500GiB, 7K IOPS, 700 MB/s throughput, Data volume: 2TB, 9K IOPS, 700 MB/s throughput  | I8g.18xlarge, Accounts volume: Instance Store, Data volume: Instance Store | 20-38TB/month (no staking) | [.env-sample-extendedrpc-arm](./sample-configs/.env-sample-extendedrpc-arm) |
+| 1/ Base RPC node (no secondary indexes) | 48 vCPU, 384 GiB RAM, Accounts volume: EBS gp3, 500GiB, 7K IOPS, 700 MB/s throughput, Data volume: EBS gp3, 2TB, 9K IOPS, 700 MB/s throughput   | r7a.12xlarge, Accounts volume: EBS gp3, 500GiB, 7K IOPS, 700 MB/s throughput, Data volume: EBS gp3, 2TB, 9K IOPS, 700 MB/s throughput | 100-200TB/month (no staking) | [.env-sample-baserpc-x86](./sample-configs/.env-sample-baserpc-x86) |
+| 2/ Extended RPC node (with all secondary indexes) | 96 vCPU, 768 GiB RAM, Accounts volume: 500GiB, 7K IOPS, 700 MB/s throughput, Data volume: 2TB, 9K IOPS, 700 MB/s throughput  | r7a.24xlarge, Accounts volume: EBS io2, 500GiB, 10K IOPS, Data volume: EBS io2, 2000GiB, 30K IOPS | 100-200TB/month (no staking) | [.env-sample-extendedrpc-arm](./sample-configs/.env-sample-extendedrpc-arm) |
 </details>
 
 ## Setup Instructions
@@ -305,6 +315,37 @@ free -g
 sudo sysctl vm.swappiness=10
 ```
 
+6. How can I check network throttling configuration currently applied to the instance?
+
+```bash
+# Check iptables manage table
+iptables -t mangle -L -n -v
+
+# Set network interface ID
+INTERFACE=$(ip -br addr show | grep -v '^lo' | awk '{print $1}' | head -n1)
+
+# Check  traffic control (tc) tool configuration
+tc qdisc show
+
+# Watch current traffic
+tc -s qdisc ls dev $INTERFACE
+
+# Monitor bandwidth in real-time
+iftop -i $INTERFACE
+```
+
+7. How to manually remove all iptables and tc rules?
+
+```bash
+# Remove tc rules
+tc qdisc del dev $INTERFACE root
+
+# Remove iptables rules
+iptables -t mangle -D OUTPUT -j MARKING
+iptables -t mangle -F MARKING
+iptables -t mangle -X MARKING
+```
+
 ## Upgrades
 
 When nodes need to be upgraded or downgraded, [use blue/green pattern to do it](https://aws.amazon.com/blogs/devops/performing-bluegreen-deployments-with-aws-codedeploy-and-auto-scaling-groups/). This is not yet automated and contributions are welcome!
diff --git a/lib/solana/app.ts b/lib/solana/app.ts
@@ -21,34 +21,15 @@ new SolanaSingleNodeStack(app, "solana-single-node", {
     stackName: `solana-single-node-${config.baseNodeConfig.nodeConfiguration}`,
     env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
 
-    instanceType: config.baseNodeConfig.instanceType,
-    instanceCpuType: config.baseNodeConfig.instanceCpuType,
-    solanaCluster: config.baseNodeConfig.solanaCluster,
-    solanaVersion: config.baseNodeConfig.solanaVersion,
-    nodeConfiguration: config.baseNodeConfig.nodeConfiguration,
-    dataVolume: config.baseNodeConfig.dataVolume,
-    accountsVolume: config.baseNodeConfig.accountsVolume,
-    solanaNodeIdentitySecretARN: config.baseNodeConfig.solanaNodeIdentitySecretARN,
-    voteAccountSecretARN: config.baseNodeConfig.voteAccountSecretARN,
-    authorizedWithdrawerAccountSecretARN: config.baseNodeConfig.authorizedWithdrawerAccountSecretARN,
-    registrationTransactionFundingAccountSecretARN: config.baseNodeConfig.registrationTransactionFundingAccountSecretARN,
+    ...config.baseNodeConfig
 });
 
 new SolanaHANodesStack(app, "solana-ha-nodes", {
     stackName: `solana-ha-nodes-${config.baseNodeConfig.nodeConfiguration}`,
     env: { account: config.baseConfig.accountId, region: config.baseConfig.region },
 
-    instanceType: config.baseNodeConfig.instanceType,
-    instanceCpuType: config.baseNodeConfig.instanceCpuType,
-    solanaCluster: config.baseNodeConfig.solanaCluster,
-    solanaVersion: config.baseNodeConfig.solanaVersion,
-    nodeConfiguration: config.baseNodeConfig.nodeConfiguration,
-    dataVolume: config.baseNodeConfig.dataVolume,
-    accountsVolume: config.baseNodeConfig.accountsVolume,
-
-    albHealthCheckGracePeriodMin: config.haNodeConfig.albHealthCheckGracePeriodMin,
-    heartBeatDelayMin: config.haNodeConfig.heartBeatDelayMin,
-    numberOfNodes: config.haNodeConfig.numberOfNodes,
+    ...config.baseNodeConfig,
+    ...config.haNodeConfig,
 });
 
 
diff --git a/lib/solana/lib/assets/instance/network/net-rules-start.sh b/lib/solana/lib/assets/instance/network/net-rules-start.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Add input as command line parameters for name of the directory to mount
+if [ -n "$1" ]; then
+  LIMIT_OUT_TRAFFIC_MBPS=$1
+else
+  echo "Warning: Specify max value for outbound data traffic in Mbps."
+  echo "Usage: net-rules.sh <max_bandwidth_mbps>"
+  exit 1;
+fi
+
+# Step 1: Create an iptables rule to mark packets going to public IPs
+# Create a new chain for our marking rules
+iptables -t mangle -N MARKING
+
+# Add rules to return (skip marking) for private IP ranges
+iptables -t mangle -A MARKING -d 10.0.0.0/8 -j RETURN
+iptables -t mangle -A MARKING -d 172.16.0.0/12 -j RETURN
+iptables -t mangle -A MARKING -d 192.168.0.0/16 -j RETURN
+iptables -t mangle -A MARKING -d 169.254.0.0/16 -j RETURN
+
+# Mark remaining traffic (public IPs)
+iptables -t mangle -A MARKING -j MARK --set-mark 1
+
+# Jump to our MARKING chain from OUTPUT
+iptables -t mangle -A OUTPUT -j MARKING
+
+# Step 2: Set up tc with filter for marked packets
+INTERFACE=$(ip -br addr show | grep -v '^lo' | awk '{print $1}' | head -n1)
+
+tc qdisc add dev $INTERFACE root handle 1: prio
+
+# Step 3: Add the tbf filter for marked packets
+tc filter add dev $INTERFACE parent 1: protocol ip handle 1 fw flowid 1:1
+tc qdisc add dev $INTERFACE parent 1:1 tbf rate "${LIMIT_OUT_TRAFFIC_MBPS}mbit" burst 20kb latency 50ms
diff --git a/lib/solana/lib/assets/instance/network/net-rules-stop.sh b/lib/solana/lib/assets/instance/network/net-rules-stop.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+INTERFACE=$(ip -br addr show | grep -v '^lo' | awk '{print $1}' | head -n1)
+
+# Remove tc rules
+/usr/sbin/tc qdisc del dev $INTERFACE root
+
+# Remove iptables rules
+/usr/sbin/iptables -t mangle -D OUTPUT -j MARKING
+/usr/sbin/iptables -t mangle -F MARKING
+/usr/sbin/iptables -t mangle -X MARKING
+
+exit 0;
diff --git a/lib/solana/lib/assets/instance/network/net-rules.service b/lib/solana/lib/assets/instance/network/net-rules.service
@@ -0,0 +1,12 @@
+[Unit]
+Description="ipables and Traffic Control Rules"
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/opt/instance/network/net-rules-start.sh _LIMIT_OUT_TRAFFIC_MBPS_
+ExecStop=/opt/instance/network/net-rules-stop.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/lib/solana/lib/assets/instance/network/net-sync-checker.service b/lib/solana/lib/assets/instance/network/net-sync-checker.service
@@ -0,0 +1,5 @@
+[Unit]
+Description="Net sync checker for blockchain node"
+
+[Service]
+ExecStart=/opt/instance/network/net-syncchecker.sh
diff --git a/lib/solana/lib/assets/instance/network/net-sync-checker.timer b/lib/solana/lib/assets/instance/network/net-sync-checker.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description="Run Network Sync checker service every 1 min"
+
+[Timer]
+OnCalendar=*:*:0/1
+Unit=net-sync-checker.service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/lib/solana/lib/assets/instance/network/net-syncchecker.sh b/lib/solana/lib/assets/instance/network/net-syncchecker.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+INIT_COMPLETED_FILE=/data/data/init-completed
+
+TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+EC2_INTERNAL_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/local-ipv4)
+
+# Start checking the sync node status only after the node has finished the initial sync
+if [ -f "$INIT_COMPLETED_FILE" ]; then
+    SOLANA_SLOTS_BEHIND_DATA=$(curl -s -X POST -H "Content-Type: application/json" -d ' {"jsonrpc":"2.0","id":1, "method":"getHealth"}' http://$EC2_INTERNAL_IP:8899 | jq .error.data)
+    SOLANA_SLOTS_BEHIND=$(echo $SOLANA_SLOTS_BEHIND_DATA | jq .numSlotsBehind -r)
+
+    if [ "$SOLANA_SLOTS_BEHIND" == "null" ] || [ -z "$SOLANA_SLOTS_BEHIND" ]
+    then
+        SOLANA_SLOTS_BEHIND=0
+    fi
+
+    if [ $SOLANA_SLOTS_BEHIND -gt 100 ]
+    then
+        if systemctl is-active --quiet net-rules; then
+            systemctl stop net-rules
+        fi
+    fi
+
+    if [ $SOLANA_SLOTS_BEHIND -eq 0 ]
+    then
+        if ! systemctl is-active --quiet net-rules; then
+            systemctl start net-rules
+        fi
+    fi
+fi
diff --git a/lib/solana/lib/assets/instance/network/setup.sh b/lib/solana/lib/assets/instance/network/setup.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Add input as command line parameters for name of the directory to mount
+if [ -n "$1" ]; then
+  LIMIT_OUT_TRAFFIC_MBPS=$1
+else
+  echo "Warning: Specify max value for outbound data traffic in Mbps."
+  echo "Usage: instance/network/setup.sh <max_bandwidth_mbps>"
+  exit 1;
+fi
+
+INTERFACE=$(ip -br addr show | grep -v '^lo' | awk '{print $1}' | head -n1)
+NET_SCRIPTS_PATH="/opt/instance/network"
+
+# Replace _LIMIT_OUT_TRAFFIC_MBPS_ with the value of LIMIT_OUT_TRAFFIC_MBPS in file /opt/network/net-rules.service.template
+sed -i "s/_LIMIT_OUT_TRAFFIC_MBPS_/${LIMIT_OUT_TRAFFIC_MBPS}/g" $NET_SCRIPTS_PATH/net-rules.service
+sed -i "s/_INTERFACE_/${INTERFACE}/g" $NET_SCRIPTS_PATH/net-rules.service
+
+# Copy the file $NET_SCRIPTS_PATH/net-rules.service to /etc/systemd/system/net-rules.service
+cp $NET_SCRIPTS_PATH/net-rules.service /etc/systemd/system/net-rules.service
+
+echo "Enabling net rules service"
+systemctl enable net-rules.service
+
+echo "Setting up sync-checker service"
+mv $NET_SCRIPTS_PATH/net-sync-checker.service /etc/systemd/system/net-sync-checker.service
+
+# Run every 5 minutes
+echo "Setting up sync-checker timer"
+mv $NET_SCRIPTS_PATH/net-sync-checker.timer /etc/systemd/system/net-sync-checker.timer
+
+echo "Starting net sync checker timer"
+systemctl start net-sync-checker.timer
+systemctl enable net-sync-checker.timer
diff --git a/lib/solana/lib/assets/user-data-ubuntu.sh b/lib/solana/lib/assets/user-data-ubuntu.sh
@@ -22,6 +22,7 @@ chmod 600 /etc/cdk_environment
   echo "SOLANA_CLUSTER=${_SOLANA_CLUSTER_}"
   echo "LIFECYCLE_HOOK_NAME=${_LIFECYCLE_HOOK_NAME_}"
   echo "ASG_NAME=${_ASG_NAME_}"
+  echo "LIMIT_OUT_TRAFFIC_MBPS=${_LIMIT_OUT_TRAFFIC_MBPS_}"
 } >> /etc/cdk_environment
 source /etc/cdk_environment
 
@@ -127,6 +128,11 @@ systemctl restart amazon-cloudwatch-agent
 
 systemctl daemon-reload
 
+if [[ "$LIMIT_OUT_TRAFFIC_MBPS" -gt 0 ]]; then
+  echo "Limiting out traffic"
+  /opt/instance/network/setup.sh
+fi
+
 echo "Starting up the node service"
 systemctl enable --now node
 
diff --git a/lib/solana/lib/config/node-config.interface.ts b/lib/solana/lib/config/node-config.interface.ts
@@ -22,6 +22,7 @@ export interface SolanaBaseNodeConfig extends configTypes.BaseNodeConfig {
     voteAccountSecretARN: string;
     authorizedWithdrawerAccountSecretARN: string;
     registrationTransactionFundingAccountSecretARN: string;
+    limitOutTrafficMbps: number;
 }
 
 export interface SolanaHAConfig {
diff --git a/lib/solana/lib/config/node-config.ts b/lib/solana/lib/config/node-config.ts
@@ -34,7 +34,7 @@ export const baseNodeConfig: configTypes.SolanaBaseNodeConfig = {
     instanceType: new ec2.InstanceType(process.env.SOLANA_INSTANCE_TYPE ? process.env.SOLANA_INSTANCE_TYPE : "r6a.8xlarge"),
     instanceCpuType: process.env.SOLANA_CPU_TYPE?.toLowerCase() == "x86_64" ? ec2.AmazonLinuxCpuType.X86_64 : ec2.AmazonLinuxCpuType.ARM_64,
     solanaCluster: <configTypes.SolanaCluster> process.env.SOLANA_CLUSTER || "mainnet-beta",
-    solanaVersion: validateVersion(process.env.SOLANA_VERSION) || "2.0.18",
+    solanaVersion: validateVersion(process.env.SOLANA_VERSION) || "2.1.16",
     nodeConfiguration: <configTypes.SolanaNodeConfiguration> process.env.SOLANA_NODE_CONFIGURATION || "baserpc",
     dataVolume: {
         sizeGiB: process.env.SOLANA_DATA_VOL_SIZE ? parseInt(process.env.SOLANA_DATA_VOL_SIZE): 2000,
@@ -52,6 +52,7 @@ export const baseNodeConfig: configTypes.SolanaBaseNodeConfig = {
     voteAccountSecretARN: process.env.SOLANA_VOTE_ACCOUNT_SECRET_ARN || "none",
     authorizedWithdrawerAccountSecretARN: process.env.SOLANA_AUTHORIZED_WITHDRAWER_ACCOUNT_SECRET_ARN || "none",
     registrationTransactionFundingAccountSecretARN: process.env.SOLANA_REGISTRATION_TRANSACTION_FUNDING_ACCOUNT_SECRET_ARN || "none",
+    limitOutTrafficMbps: process.env.SOLANA_LIMIT_OUT_TRAFFIC_MBPS ? parseInt(process.env.SOLANA_LIMIT_OUT_TRAFFIC_MBPS) : 20,
 };
 
 export const haNodeConfig: configTypes.SolanaHAConfig = {
diff --git a/lib/solana/lib/ha-nodes-stack.ts b/lib/solana/lib/ha-nodes-stack.ts
@@ -23,6 +23,8 @@ export interface SolanaHANodesStackProps extends cdk.StackProps {
     albHealthCheckGracePeriodMin: number;
     heartBeatDelayMin: number;
     numberOfNodes: number;
+
+    limitOutTrafficMbps: number;
 }
 
 export class SolanaHANodesStack extends cdk.Stack {
@@ -47,6 +49,7 @@ export class SolanaHANodesStack extends cdk.Stack {
             albHealthCheckGracePeriodMin,
             heartBeatDelayMin,
             numberOfNodes,
+            limitOutTrafficMbps,
         } = props;
 
         // Using default VPC
@@ -101,6 +104,7 @@ export class SolanaHANodesStack extends cdk.Stack {
             _SOLANA_CLUSTER_: solanaCluster,
             _LIFECYCLE_HOOK_NAME_: lifecycleHookName,
             _ASG_NAME_: autoScalingGroupName,
+            _LIMIT_OUT_TRAFFIC_MBPS_: limitOutTrafficMbps.toString(),
         });
 
         // Setting up the nodse using generic High Availability (HA) Node constract
diff --git a/lib/solana/lib/single-node-stack.ts b/lib/solana/lib/single-node-stack.ts
@@ -25,6 +25,7 @@ export interface SolanaSingleNodeStackProps extends cdk.StackProps {
     voteAccountSecretARN: string;
     authorizedWithdrawerAccountSecretARN: string;
     registrationTransactionFundingAccountSecretARN: string;
+    limitOutTrafficMbps: number;
 }
 
 export class SolanaSingleNodeStack extends cdk.Stack {
@@ -51,6 +52,7 @@ export class SolanaSingleNodeStack extends cdk.Stack {
             voteAccountSecretARN,
             authorizedWithdrawerAccountSecretARN,
             registrationTransactionFundingAccountSecretARN,
+            limitOutTrafficMbps,
         } = props;
 
         // Using default VPC
@@ -120,6 +122,7 @@ export class SolanaSingleNodeStack extends cdk.Stack {
             _SOLANA_CLUSTER_: solanaCluster,
             _LIFECYCLE_HOOK_NAME_: constants.NoneValue,
             _ASG_NAME_: constants.NoneValue,
+            _LIMIT_OUT_TRAFFIC_MBPS_: limitOutTrafficMbps.toString(),
         });
         node.instance.addUserData(modifiedInitNodeScript);
 
diff --git a/lib/solana/sample-configs/.env-sample-baserpc-arm b/lib/solana/sample-configs/.env-sample-baserpc-arm
@@ -9,7 +9,8 @@ AWS_REGION="us-east-2"
 ## Common configuration parameters ##
 SOLANA_CLUSTER="mainnet-beta"                 # All options:  "mainnet-beta", "testnet", "devnet"
 SOLANA_NODE_CONFIGURATION="baserpc"                   # All options:   "baserpc", "extendedrpc"
-SOLANA_VERSION="2.0.19"                       # Latest required version of Agave above 2.x. Check for latest Mainnet version https://github.com/anza-xyz/agave/releases
+SOLANA_VERSION="2.1.16"                       # Latest required version of Agave above 2.x. Check for latest Mainnet version https://github.com/anza-xyz/agave/releases
+SOLANA_LIMIT_OUT_TRAFFIC_MBPS=20              # Limit outbound traffic to X Mbit/sec from the node to optimize data transfer costs. Set to 0 to switch off. Default: 20 Mbit/s.
 
 SOLANA_INSTANCE_TYPE="r8g.12xlarge"
 SOLANA_CPU_TYPE="ARM_64"                      # All options: "x86_64", "ARM_64". IMPORTANT: Make sure the CPU type matches the instance type used
diff --git a/lib/solana/sample-configs/.env-sample-baserpc-x86 b/lib/solana/sample-configs/.env-sample-baserpc-x86
@@ -9,7 +9,8 @@ AWS_REGION="us-east-2"
 ## Common configuration parameters ##
 SOLANA_CLUSTER="mainnet-beta"                 # All options:  "mainnet-beta", "testnet", "devnet"
 SOLANA_NODE_CONFIGURATION="baserpc"                   # All options:  "baserpc", "extendedrpc"
-SOLANA_VERSION="2.0.19"                       # Latest required version of Agave above 2.x. Check for latest Mainnet version https://github.com/anza-xyz/agave/releases
+SOLANA_VERSION="2.1.16"                       # Latest required version of Agave above 2.x. Check for latest Mainnet version https://github.com/anza-xyz/agave/releases
+SOLANA_LIMIT_OUT_TRAFFIC_MBPS=20              # Limit outbound traffic to X Mbit/sec from the node to optimize data transfer costs. Set to 0 to switch off. Default: 20 Mbit/s.
 
 SOLANA_INSTANCE_TYPE="r7a.12xlarge"
 SOLANA_CPU_TYPE="x86_64"                      # All options: "x86_64", "ARM_64". IMPORTANT: Make sure the CPU type matches the instance type used
diff --git a/lib/solana/sample-configs/.env-sample-extendedrpc-arm b/lib/solana/sample-configs/.env-sample-extendedrpc-arm
@@ -9,7 +9,8 @@ AWS_REGION="us-east-1"
 ## Common configuration parameters ##
 SOLANA_CLUSTER="mainnet-beta"                 # All options:  "mainnet-beta", "testnet", "devnet"
 SOLANA_NODE_CONFIGURATION="extendedrpc"                   # All options:   "baserpc", "extendedrpc"
-SOLANA_VERSION="2.0.19"                       # Latest required version of Solana. Check for latest Mainnet version https://github.com/solana-labs/solana/releases
+SOLANA_VERSION="2.1.16"                       # Latest required version of Solana. Check for latest Mainnet version https://github.com/solana-labs/solana/releases
+SOLANA_LIMIT_OUT_TRAFFIC_MBPS=20              # Limit outbound traffic to X Mbit/sec from the node to optimize data transfer costs. Set to 0 to switch off. Default: 20 Mbit/s.
 
 SOLANA_INSTANCE_TYPE="i8g.16xlarge"
 SOLANA_CPU_TYPE="ARM_64"                      # All options: "x86_64", "ARM_64". IMPORTANT: Make sure the CPU type matches the instance type used
diff --git a/lib/solana/sample-configs/.env-sample-extendedrpc-x86 b/lib/solana/sample-configs/.env-sample-extendedrpc-x86
@@ -9,7 +9,8 @@ AWS_REGION="us-east-1"
 ## Common configuration parameters ##
 SOLANA_CLUSTER="mainnet-beta"                 # All options:  "mainnet-beta", "testnet", "devnet"
 SOLANA_NODE_CONFIGURATION="extendedrpc"                   # All options:   "baserpc", "extendedrpc"
-SOLANA_VERSION="2.0.19"                       # Latest required version of Agave above 2.x. Check for latest Mainnet version https://github.com/anza-xyz/agave/releases
+SOLANA_VERSION="2.1.16"                       # Latest required version of Agave above 2.x. Check for latest Mainnet version https://github.com/anza-xyz/agave/releases
+SOLANA_LIMIT_OUT_TRAFFIC_MBPS=20              # Limit outbound traffic to X Mbit/sec from the node to optimize data transfer costs. Set to 0 to switch off. Default: 20 Mbit/s.
 
 SOLANA_INSTANCE_TYPE="r7a.24xlarge"
 SOLANA_CPU_TYPE="x86_64"                      # All options: "x86_64", "ARM_64". IMPORTANT: Make sure the CPU type matches the instance type used
diff --git a/lib/solana/test/.env-test b/lib/solana/test/.env-test
diff --git a/lib/solana/test/ha-nodes-stack.test.ts b/lib/solana/test/ha-nodes-stack.test.ts
diff --git a/lib/solana/test/single-node-stack.test.ts b/lib/solana/test/single-node-stack.test.ts
