Skip to main content

Welcome to Anapaya's Interactive Operator Training Environment

The goal of this training is to show you how to set up, configure and interact with different components in a SCION network. The training consists of a series of tutorials, each introducing new concepts and teaching new skills required to operate a SCION infrastructure. To work through the tutorials, familiarity with the basic concepts of SCION such as a SCION AS, Trust Root Configuration (TRC), and AS certificate is highly recommended. However, you are not required to have an in-depth understanding of these elements to follow the tutorials.

While you go through the tutorials, you will be working in an interactive virtual environment that runs an entire SCION network topology in various containers. Your entry point into this network is a code editor with integrated terminals. Open the editor from the quick links. From there, you will be able to interact with the network, e.g., by modifying appliance configurations, injecting traffic, or even SSH-ing on the individual appliances.

Ideally you will work through the training tutorials in the order that they are listed below. This is mainly because in some tutorials we rely on concepts and tools which are introduced in the previous tutorials. Of course, in such cases the references to relevant tutorials are provided. Thus, it is possible to directly jump into a particular tutorial, but you might need to check out the references for more explanations on certain concepts.

Overview of the tutorials

The tutorials are split in four sections:

General

The General section is highly recommended for all trainees.

Tutorial Introduction first introduces the SCION topology that you will be working on during the training. Then, it aims to familiarize you with the training environment and gives you a high-level understanding of how to configure an Anapaya appliance. Furthermore, it introduces some tools which come in handy when you solve the exercises in the following tutorials.

In Tutorial Appliance Configuration, you will learn how to configure an Anapaya appliance by completing a partial appliance configuration and deploying it.

Tutorial IP-in-SCION Tunneling introduces the configuration of IP-in-SCION tunneling which provides a mean to tunnel IP traffic over SCION and make local IP networks accessible from remote SCION ASes. Network administrators can define what IP prefixes are exchanged with peers and choose the paths that tunneled traffic is routed on. You will learn how to inspect and investigate IP-in-SCION tunneling related information in a running setup and also how to fill in the relevant tunneling section in the configuration file.

Tutorial CPPKI introduces the basic concepts of working with the SCION Control Plane PKI (CPPKI). You will be taught how to configure TRCs, how to provision CPPKI certificates, and how to inspect the list of configured TRCs and certificates.

The main purpose of Tutorial Monitoring is to familiarize you with the basics of monitoring SCION services. After completing the hands-on tasks in this tutorial, you will be able to monitor the services running in a SCION network using Grafana, building on top of Prometheus, and explore the logs of different SCION services.

Service Providers

The Service Providers section is particularly interesting for operators of a SCION service provider network and can be skipped if you are not working for a SCION service provider.

In Tutorial Adding an Edge Customer, you will learn how to configure a connection to a neighboring SCION AS.

The Configure GATE Customer tutorial, is a practical exercise to configure a GATE appliance and an EDGE appliance for a specific customer.

Advanced Routing

The Advanced Routing section is highly recommended for all trainees. It helps trainees familiarize themselves with more advanced topics related to the IP-in-SCION tunneling mechanism.

In Tutorial Domain-Based Routing, you learn to enable different communication patterns on an appliance that belongs to multiple ISDs. Through the exercises, you will configure domains in the IP-in-SCION tunneling configuration and investigate the connectivity patterns within each ISD.

In Tutorial Traffic Engineering, you learn to influence the SCION paths that IP-in-SCION tunneled traffic is routed on. You will work through a series of exercises where you investigate how traffic flows in the SCION network, select paths using path filters and classify IP traffic to route it on those paths.

Troubleshooting

After the successful completion of all tutorials up to this point you will be familiar with the basics of operating a SCION network. To further hone your skills you can now work through a series of troubleshooting exercises. In Tutorial Broken Connectivity you fix a network with a connectivity issue, in Tutorial AS Certificate you fix issues related to AS certificates and in Tutorial Trust Root Configuration you will need to handle a TRC related problem.

Reset the exercises

If you want to reset the exercises to their initial state, you can run the reset script in the terminal. The script is located in the workspace directory and can be executed with the following command:

./reset
# or to reset a specific environment
./reset webspeed
./reset stabank
./reset corpbank