Hi,
Canton domain exposes admin port and public port and participant node expose ledger port and admin port.
Canton implements the Ledger API. This is exposed on what you refer to as the “ledger port” (the good ol’ 6865). On top of that, Canton also exposes a few extra services to manage a participant which are not covered by the Ledger API (e.g. the Ledger API doesn’t allow to disable a user but Canton does), which are grouped together and exposed as the Canton Participant Admin API.
Separately, a domain allows to create some sort of “subnet” that allows several participants to collaborate (the next level up being domains acting as routers to connect these subnets into a virtual shared ledger, which is currently in alpha). The domain node exposes a set of services which together allow participant to interoperate. The protocol used by participants to interact with each other via the domain is the Canton protocol and this communication uses what you refer to as the “public port”. The domain also exposes services that allow to perform administrative tasks, which are separate and exposed on the “domain admin port”.
Its “public port”.
Administrative services specific to the two types of nodes. You can read more about the specific services exposed here on the docs.
Do these pointers help?
The bulk of the reference documentation for the configuration is currently in Scaladoc format. Here is the page that contains a brief description of domains and remote-domains (specifically for the open-source version, the enterprise version might have a few additions)
Is that correct to say that
IIUC here “local” means “same process” rather than “same address”.
That should be correct, yes.
participant1.connect_local command can connect to the domain that run in a different process. Is that right?
If you want to connect to a domain that is “local” to the machine but “remote” as in “running in a different address space” (and communicating with other processes only via the network stack) you need to use connect instead of connect_local.
Note that connect_local is mostly just convenience: It exploits the fact that the domain is part of the config so you can just specify the name and it deduces some parameters automatically (in particular the port & host). It still establishes a network connection.