Adding an EDGE customer
Time estimate: 30 minutes
In this exercise, you will focus on adding a new customer AS to your appliance configurations. We start with a basic working setup and extend it to provide SCION connectivity to the new customer AS.
At the end of this hands-on session, you should feel comfortable to add a new customer AS to your existing setup.
This hands-on is particularly interesting for operators of a SCION service provider network and can be skipped if you are not working for a SCION service provider.
Overview
Refer to the diagram below, which visualizes the network topology we work on in this hands-on session. The depicted infrastructure consists of an ISD, called Finance ISD, which has three ASes:
- Webspeed (ISD-AS 1-ff00:1:1)
- Corpbank Switzerland (ISD-AS 1-ff00:1:2)
- Stabank Private Banking (ISD-AS 1-ff00:1:3)
The Webspeed AS consists of three sites in Zurich, Geneva, and Lugano. Each of these sites includes
exactly one host. These hosts are called core.zurich.webspeed, core.geneva.webspeed, and
core.lugano.webspeed, respectively. This is a core AS.
The Corpbank Switzerland AS has two sites, one in Geneva and one in Zurich. Both of them have a
host, respectively called edge.zurich.corpbank and edge.geneva.corpbank. Furthermore, the
Stabank Private Banking AS includes only one site, in Lugano, with one host, called
edge.lugano.stabank. They are both leaf ASes and each of them is connected to the Webspeed AS via
two links, as depicted in the diagram.
TODO: Topology image placeholder
Over the course of this lab, you will be working in a cloud-hosted playground of the SCION infrastructure. All the ASes run in a virtualized environment on a cloud machine.
Preparation
This step is required to follow the hands-on session.
In this task, you will work with a partial setup. Initially, the relationship between Corpbank and Webspeed is configured completely. The Stabank side of the Stabank and Webspeed connection is also configured completely. The missing part is the Webspeed configuration that enables the connectivity to Stabank.
Unless stated otherwise, all commands are assumed to be run from the
workspace directory on your training VM. The built-in terminal in
the editor will put you automatically in the right
directory. To open the built-in terminal use the Ctrl+` shortcut.
Alternatively, you can click the Menu button in the top left, then
select View -> Show Terminal . This will bring up the terminal and puts
you in the correct working directory (~/workspace) for all the tasks in
this training.
From the cloud machine, run the setup script:
operator@training:~/workspace$ ./appliance_add_customer_exercise setup
After the tasks in this exercise are completed, the topology should be in a working state. However in case something is not working properly and you need to revert the changes, you can run the following command:
operator@training:~/workspace$ ./appliance_add_customer_exercise restore
As you know, before running the setup command from above, the network setup in your VM should look
like what is depicted in the above diagram. What the setup command essentially does is removing
the entries that correspond to the Stabank AS from the configuration of the hosts in the Webspeed
AS. This way the Webspeed AS and the Stabank AS become disconnected. This exercise is about adding
back the removed information to make these ASes connected again.
In Tasks 1 and 2, you will re-configure the host core.geneva.webspeed and core.lugano.webspeed,
respectively. (You do not need to re-configure the host core.zurich.webspeed because there is no
link from this host to the Stabank AS.) Furthermore, you will test that after each one of these
re-configurations, the Stabank AS and the Webspeed AS are connected as expected.
The editor has built-in support for the appliance configuration schema. You can get contextual help for each configuration entry by hovering your mouse over the entry. Furthermore, you can use the Ctrl+Space shortcut to get autocompletion suggestions (useful for editing the configuration in later exercises).
Task 1. Configuring the Link to Geneva
First, download the configuration file for the host core.geneva.webspeed and open it by running
the commands:
operator@training:~/workspace$ appliance-cli context select core.geneva.webspeed
operator@training:~/workspace$ appliance-cli get config > core.geneva.webspeed.appliance.json
operator@training:~/workspace$ code-server core.geneva.webspeed.appliance.json
To connect the new customer AS, namely the Stabank AS in our case, we need to enable the SCION links
in the hosts that actually connect to it, i.e., core.geneva.webspeed (and similarly
core.lugano.webspeed, which is handled in Task 2). For this, we need to configure the host
core.geneva.webspeed with the additional interface 2. (See the diagram from above.) More
precisely, the scion/ases/neighbors list contains the information for the configured neighboring
ASes that are connected to this appliance. You need to add an entry for the Stabank AS in this list.
Below, we will explain each of these sub-sections one by one.
-
scion/ases/neighbors/neighbor_isd_as: This field contains the ISD-AS number of the neighboring AS, which is the Stabank AS in this case. -
scion/ases/neighbors/relationship: This field defines the relationship to the neighboring AS. As we are configuring a customer AS in this exercise, the remote (i.e., the Stabank AS) is in aCHILDrelationship with the local AS (i.e., the Webspeed AS). -
scion/ases/neighbors/interfaces: This field defines a list of interfaces that link to the neighboring AS on this appliance. Each interface entry includes:- An
addressconsisting ofip:port, which can be derived from the information in the above diagram for the corresponding interface. - The
administrative_statedetermines the state of the interface, as its name suggests. For our purpose, this of course needs to be set toUP. - The
interface_idis the identifier of the interface. This can also be derived from the diagram. - The
scion_mtuentry determines the maximum transmission unit, which is set to1472in our setup. - The
remotesubsection contains necessary information on the customer side (i.e., the Stabank AS). Here, you will need to fill inaddress, andinterface_idwhich can again be derived from the diagram, but from the Stabank side of the corresponding link. - The
bfdsubsection configures the Bidirectional Forwarding Detection (BFD) that is used to check the connectivity between the ISD-AS's router and the neighbor's router. You can copy this section from the existing neighbor section.
- An
Using the above explanations and the diagram, add the necessary configuration data to the
scion/ases/neighbors section of the configuration file of the host core.geneva.webspeed, which
you downloaded earlier.
Solution
One neighbor, the AS 1-ff00:1:1 is already configured. This is the configuration
to add 1-ff00:1:3:
Now, upload the updated configuration on the Webspeed CORE in Geneva:
operator@training:~/workspace$ appliance-cli put config <core.geneva.webspeed.appliance.json
Note that if there are any mistakes in the added configuration, you will receive some validation errors, which should help you to find the issue(s).
Run showpaths from the hosts in the Webspeed AS to the Stabank
AS. How many paths does it display?
It can take a few seconds for the updated configuration to be synchronized across all appliances. Try again after a few seconds if the paths do not show up immediately.
Solution
operator@training:~/workspace$ lxc shell core-lugano-webspeed
root@core.lugano.webspeed:~# scion showpaths 1-ff00:1:3
Available paths to 1-ff00:1:3
2 Hops:
[0] Hops: [1-ff00:1:1 2>1 1-ff00:1:3] MTU: 1472 NextHop: 10.1.0.1:30042 Status: alive LocalIP: 10.1.0.8
There must exist exactly one path, which corresponds to the link that you just added.
Task 2. Configuring the Link to Lugano
First, download the configuration file for the host core.lugano.webspeed
by running the following commands:
operator@training:~/workspace$ appliance-cli context select core.lugano.webspeed
operator@training:~/workspace$ appliance-cli get config > core.lugano.webspeed.appliance.json
operator@training:~/workspace$ code-server core.lugano.webspeed.appliance.json
This task is very similar to Task 1. You simply need to do Task 1 for the host
core.lugano.webspeed. To avoid redundancy, we do not explain the relevant sub-sections which need
to be added. Please refer to Task 1 for such explanations and see the diagram for the missing
configuration data such as ip, port, interface_id and so forth.
Add the necessary configuration data to the scion/ases/neighbors section of the configuration file
of the host core.lugano.webspeed, which you downloaded earlier.
Solution
Upload the updated configuration on the Webspeed CORE in Lugano:
operator@training:~/workspace$ appliance-cli put config <core.lugano.webspeed.appliance.json
Now, it is time to check whether the applied changes have resulted in the desired behavior.
Run a showpaths command from one of the Webspeed hosts to the Stabank AS. How many paths does it
display?
It can take a few seconds for the updated configuration to be synchronized across all appliances. Try again after a few seconds if the paths do not show up immediately.
Solution
operator@training:~/workspace$ lxc shell core-lugano-webspeed
root@core.lugano.webspeed:~# scion showpaths 1-ff00:1:3
Available paths to 1-ff00:1:3
2 Hops:
[0] Hops: [1-ff00:1:1 2>1 1-ff00:1:3] MTU: 1472 NextHop: 10.1.0.1:30042 Status: alive LocalIP: 10.1.0.8
[1] Hops: [1-ff00:1:1 4>2 1-ff00:1:3] MTU: 1472 NextHop: 10.1.0.8:30042 Status: alive LocalIP: 10.1.0.8
There must exist two paths, which correspond to the link that you just added and the link from Task 1.
Finally, log into a host in the Corpbank AS and again run the showpaths command to the Stabank AS.
How many paths does it display?
It can take a few seconds for the updated configuration to be synchronized across all appliances. Try again after a few seconds if the paths do not show up immediately.
Solution
operator@training:~/workspace$ lxc shell edge-zurich-corpbank
root@edge-zurich-corpbank:~# scion showpaths 1-ff00:1:3
Available paths to 1-ff00:1:3
3 Hops:
[0] Hops: [1-ff00:1:2 1>1 1-ff00:1:1 2>1 1-ff00:1:3] MTU: 1472 NextHop: 10.2.0.1:30042 Status: alive LocalIP: 10.2.0.2
[1] Hops: [1-ff00:1:2 1>1 1-ff00:1:1 4>2 1-ff00:1:3] MTU: 1472 NextHop: 10.2.0.1:30042 Status: alive LocalIP: 10.2.0.2
[2] Hops: [1-ff00:1:2 2>3 1-ff00:1:1 2>1 1-ff00:1:3] MTU: 1472 NextHop: 10.2.0.2:30042 Status: alive LocalIP: 10.2.0.2
[3] Hops: [1-ff00:1:2 2>3 1-ff00:1:1 4>2 1-ff00:1:3] MTU: 1472 NextHop: 10.2.0.2:30042 Status: alive LocalIP: 10.2.0.2
There must exist four paths as can be seen in the output of the above command.