Distribution of P2P configuration roles

[ivansukach]

P2P setup consist of setting up persistent_peers and seed nodes. As it mentioned on your docs:
"Seeds are the first point of contact for a new node. They return a list of known active peers and then disconnect.
Seeds should operate full nodes with the PEX reactor in a "crawler" mode that continuously explores to validate the availability of peers.
Seeds should only respond with some top percentile of the best peers it knows about."
"With the above, the node then queries some seeds for peers for its chain, dials those peers, and runs the Tendermint protocols with those it successfully connects to."
"A node checks its address book on startup and attempts to connect to peers from there. If it can't connect to any peers after some time, it falls back to the seeds to find more."
"Seed Mode - The node operates in seed mode. In seed mode, a node continuously crawls the network for peers, and upon incoming connection shares some peers and disconnects."
"Seeds - Dials these seeds when we need more peers. They should return a list of peers and then disconnect. If we already have enough peers in the address book, we may never need to dial them."
"Note: If seeds and persistent_peers intersect, the user will be warned that seeds may auto-close connections and that the node may not be able to keep the connection persistent."
"Persistent Peers - Dial these peers and auto-redial them if the connection fails. These are intended to be trusted persistent peers that can help anchor us in the p2p network. "
"Private Peers - These are IDs of the peers that we do not add to the address book or gossip to other peers. They stay private to us."
"These are IDs of the peers which are allowed to be connected by both inbound or outbound regardless of max_num_inbound_peers or max_num_outbound_peers of user's node reached or not."
"These are IDs of the peers which are allowed to be connected by both inbound or outbound regardless of max_num_inbound_peers or max_num_outbound_peers of user's node reached or not."
So, statements above sounds like rules, that we should keep to build different architectures of P2P network. But could you provide some examples of high reliable networks, that have been built with this rules.
Unfortunately, after reading your documentation I don't understand how to build network...

In my case I should build cosmos blockchain app that works with tendermint consensus engine. The first app that should be created is genesis node(full node). How should I configure peers and seeds for it?(at first step we have only one node - genesis node). Next step we are going to create another validator node. Due to your documentation we should create sentry node before creating a second node, that we are going to use as validator. So, OK. Currently we have to steps:

Create genesis node without seeds and peers, sentry nodes as it is only one node in network
Create Sentry node. But what p2p config should we provide to it? Should we set genesis node address as persistent peer for sentry node??
Logically then we should report genesis node about new sentry node. So we should configure some values in config files of genesis.
Currently everything is ready to add a validator to our network. So we should create a new node and configure p2p network. Should we configure genesis node as persistent peer or firstly we should add and configure seeds?
5a) We should create seed node and configure three nodes that our network currently consist of. Logically that sentry node should be configured as sentry node, but what about genesis node and new validator node? Should they both be configured as persistent peer?
5b) To create seed we should start new node with seed-mode == true config, or we shouldn't? In which role should we configure genesis node? Should we configure genesis node as a persistent_peer?
Our genesis node still don't have any nodes, that have been configured as seeds and peers. So it is time to configure them. But if we will update persistent_peers after each addition of new validator to network than there will be no need for seeds. On the other hand there is a wide variety of problems, that we will get with centralized control of config file, for example we will need to ask some app for new version of config file with recently updated and configured persistent_peers. So it is very bad practice. And you provide a solution for it - seed nodes. But on our 4th and 5th step we have only one seed node, and than in future after addition a new seed nodes we will need to add it to genesis node again. So, it seems like we should create few seed nodes (and few sentry nodes) for future purposes on step 4-5 to get fid of changing configuration for our genesis node and first validator nodes.
So currently we have genesis node, independent validator node, few sentry nodes and few seed nodes. They are configured to work with each other.
So it is time to add new validator nodes. And we are not going to change config files of current genesis and validator nodes, sentry and seed nodes to add new validators to persistent peers. So we will not "touch" them.
We will configure new nodes with the same config file, that consist of
a) two persistent_peers: genesis node and first validator
b) few seeds that we 've already created
c) few sentry nodes that we 've already created

Now it is time to choose node that will serve our GUI for users( for example node that serves web wallet of token based on cosmos app). Use genesis node for it seems like bad idea( additional load, api is easier to use for hackers attacks than gRPC). So we should choose that node between another validators, it should be a validator because of another nodes should know about transactions that will be performed on node, that will be used to serve requests from GUI for users. So developers of blockchain should keep at least two validators, few sentry and few seed nodes. And for IBC exchange we should use our node, that serves requests from GUI or another one, but it better to do not use genesis node.

Could you provide examples and purposes in which we should or could use "Private Peers" and "Unconditional Peers"?
I am developer with little knowledge of tendermint and cosmos, so sometimes I can make mistakes. Please pay attention on my mistakes on your answer.