Anapaya GATE
The Anapaya GATE is not a single appliance but a service composed of multiple components working together. Understanding these components and their roles is the starting point for planning a GATE deployment.
GATE service components and participants
Components
- Anapaya GATE appliances — One or more GATE appliances that bridge the SCION network and the public IP internet. GATE appliances are either operated by an ISP within their own backbone, or by Anapaya at internet exchange points (IXPs).
- Anapaya EDGE appliances — One or more customer-operated Anapaya EDGE appliances that connect to the GATE and advertise the customer's service IP prefixes into the SCION network.
- Service IP addresses — Either GATE reseller assigned IPs from its public address pool, or
customer-provided IP space (typically a
/24prefix).
Participants
| Role | Description |
|---|---|
| Customer | Orders GATE service, operates Anapaya EDGE appliances, exposes services via GATE |
| Anapaya | Operates GATE appliances at IXPs and operates the GATE reseller platform |
| GATE provider | Provides GATE access from a defined region or set of BGP ASes (Anapaya or GATE operator) |
| GATE reseller | Sells GATE service to customers, may operate Anapaya EDGE appliances for the customer, assigns IP addresses for GATE service |
| ISP / GATE operator | Operates ISP-native GATE instances within their backbone |
GATE profiles
Each GATE configuration is governed by a profile that defines the geographic and network footprint of the service — which internet users can reach the customer's service through the GATE. Profiles are chosen at service ordering time and determine the exposure of the protected service. See Profiles for a full reference.
GATE profiles can be changed later on, but this may require IP address reassignments and changes to the Anapaya EDGE configuration.
Custom profiles
GATE profiles that are provided by Anapaya can be customized to meet specific customer requirements. Customization options include:
- Rate limits
- Geographic coverage (e.g., specific countries or ASes)
- IP address requirements (e.g., specific prefixes)
Deployment checklist
Use the following questions to determine the correct GATE profile, deployment mode, and required EDGE setup for a customer.
1. What geographic coverage is required?
Identify the regions from which the protected service must be reachable.
See Profiles for a complete reference.
2. Does the customer bring their own IP addresses?
- Reseller-provided IPs (recommended for most customers): A
/31or less specific IPv4 prefix can be assigned from the GATE reseller's public address pool. No further IP administration is required on the customer side. (Note: IPv6 space can be provided on demand). - Customer-provided IPs: The customer can bring their own IP prefixes (at least a
/24or less specific for IPv4). Reach out to the GATE reseller for details on IP requirements and provisioning lead time.
3. How many EDGE appliances are needed?
A single EDGE is sufficient for non-critical services where downtime is acceptable. For production services, a redundant setup is strongly recommended.
See Anapaya EDGE deployment modes for a full decision tree on Anapaya EDGE redundancy.
4. My desired profile does not exist or I have other custom requirements
If you have custom requirements, please reach out to support@anapaya.net.
Configuration and setup
Once the above questions are answered, the GATE service can be ordered from the reseller. Refer to the GATE configuration guide for details on the configuration and testing of the GATE service and the Anapaya EDGE appliances.