Skip to main content

How it works

The primary technical function of the Anapaya EDGE is to ensure seamless interoperability between a company's internal, IP-based network and the external SCION network. This is achieved through a process called IP-in-SCION tunneling.

IP-in-SCION tunneling

The Anapaya EDGE appliance contains a specialized module that receives standard IP traffic from the local network (LAN) destined for a remote SCION-connected location. It then transparently encapsulates these IP packets within SCION packets, adding the necessary SCION headers, including the pre-selected, cryptographically-secured path. These SCION packets are then forwarded across the SCION Internet. At the destination, a remote Anapaya EDGE appliance receives the packets, decapsulates them to remove the SCION headers, and forwards the original IP packets to the final destination on the remote LAN.

This encapsulation process is critical because it means that end-user devices, servers, and applications on the enterprise network require no modification whatsoever. They continue to communicate using standard IP, while the Anapaya EDGE handles all the complexities of interfacing with the SCION network, allowing organizations to gain SCION's benefits without a disruptive overhaul of their internal systems.

IP-in-SCION tunneling involves the following steps:

  1. A sender sends an IP packet towards an IP destination.
  2. The IP packet reaches an Anapaya EDGE appliance, in the sender's network via standard local IP routing.
  3. Based on the destination IP address, the Anapaya EDGE appliance determines the destination SCION AS and destination Anapaya EDGE. This is done using the SCION Gateway Routing Protocol (SGRP), which maps IP addresses to remote Anapaya EDGE appliances.
  4. Next, the Anapaya EDGE appliance determines the optimal SCION path to reach the destination SCION AS. The choice of the path depends on configuration and thhe real-time network performance characteristics, such as latency, jitter, drop rate, etc.
  5. Then, the original IP packet is encapsulated within a SCION packet by the Anapaya EDGE appliance and sent to the remote IP-in-SCION tunneling endpoint in the destination SCION AS. The SCION path used is the one chosen in the previous step.
  6. The remote IP-in-SCION tunneling endpoint receives the SCION packet and decapsulates the original IP packet. It then forwards the packet to the final IP destination using standard local IP routing.

For a more detailed explanation of the IP-in-SCION tunneling process please refer to the technical documentation.

Management and orchestration

Anapaya provides robust tools for managing and orchestrating the EDGE appliance and its associated policies. Network administrators can utilize the Anapaya CONSOLE, a web-based network management application, to configure the EDGE appliance, monitor its status, and manage security policies. This centralized dashboard provides visibility and control over data paths and network performance, empowering administrators to make adjustments independently of their service providers.

For programmatic access, the EDGE appliance exposes a comprehensive HTTP REST API. This API allows for programmatic interaction to manipulate the appliance's configuration, inspect its status in real-time, and integrate its management into larger automation and orchestration frameworks, such as Ansible.