Anapaya appliance configuration (cluster only)
cluster object
The configuration for the appliance cluster.
features object
The list of feature that are announced to the peers. Note that the actually announced value can depend on whether what features is locally enabled and configured.
Option to enable the announcement of support for the SCION RSS feature to the peers. If the local host does not support the SCION RSS feature, this option does not have any effect.
truepeers object[]
The list of peers in this cluster. This is used to configure the topology or the discovery of the topology of peer appliances in an organization.
Textual description for this peer.
features object
Configures the feature options of the peer. This field can not be set together with the synchronization field.
Option to statically enable the SCION RSS feature. If set to true, the local router enables UDP source port entropy on the underlay for SCION packets forwarded to the peer, such that the peer can leverage RSS for SCION traffic. This can greatly improve throughput performance. This must only be set to true if the peer supports the SCION RSS feature.
falseThe name of this peer used to identify the peer. This can be any string but must be unique among all peers.
scion object
The relevant SCION configuration of the peer. This can be used to define the relevant SCION components on the peer appliance so that paths via the peer appliance can also be used.
ases object[]
The list of SCION ASes on the peer.
control object
Configuration and state data for the control service in the peer.
The address of the control service. The address must be specified as host:port.
192.168.1.1:30100ISD-AS number of the AS.
1-ff00:0:110neighbors object[]
The neighbors for the SCION AS in the peer.
interfaces object[]
The list of interfaces on the peer for this neighbor AS.
SCION interface identifier. It must be unique in the SCION AS.
Possible values: >= 1 and <= 0
Internal address of the peer router that owns the interface.
169.254.0.1:30100The maximum transmission unit in bytes for SCION packets. This represents the protocol data unit (PDU) of the SCION layer on this interface and is usually calculated as maximum Ethernet payload - IP Header - UDP Header.
14721472ISD-AS number of the neighbor AS.
2-ff00:0:210The relationship to the neighbor AS. If the local AS is core, this value must either be CORE or CHILD. If the local is non-core, this value must either be PARENT, CHILD or PEER.
Possible values: [CORE, CHILD, PARENT, PEER]
The shard ID of the peers in the AS.
scion_tunneling object
The relevant SCION tunneling configuration of the peer. This is used so that all appliances can announce the full list of SCION tunneling endpoints in the AS to other ASes.
endpoint object
The SCION tunneling endpoint on the peer appliance.
allowed_interfaces object[]
The SCION interfaces for each SCION AS that is configured on the peer, that are allowed to be used by this IP-in-SCION tunneling endpoint. This can be used to control incoming traffic, e.g., if a tunnel endpoint should only be reachable via SCION interfaces 1 and 2, allowed-interfaces should list them explicitly. Remote tunnel endpoints will then only choose paths entering the respective local AS via SCION interface 1 or 2. If the IP-in-SCION tunneling endpoint on the peer appliance should be reachable via a SCION interface of another appliance, the allowed-interfaces list must be configured with the respective SCION interfaces. By default the list is empty, in this case the appliance will automatically configure the SCION interfaces that are configured on the peer as allowed-interfaces. Automatic configuration can be disabled by setting disable_auto_allowed_interfaces.
List of allowed interfaces for this SCION AS
[2,3]The SCION AS where the list of allowed interfaces applies. Packets to this IP-in-SCION tunnel endpoint in this SCION AS will only arrive on the listed interfaces.
Port number for control traffic. The control address is constructed from the IP address and this control port. The control address is used to exchange IP routing information as part of SGRP. If not set, or zero, the control port will be dynamically allocated.
40201Port number for data traffic. The data address is constructed from the IP address and this control port. The data address is used for the IP-in-SCION encapsulated traffic stream. If not set, or zero, the data port will be dynamically allocated.
40200Whether the automatic configuration of allowed interfaces should be disabled. When disabled, the IP-in-SCION tunneling endpoint of the peer will be reached by remote endpoints on all SCION interfaces of the locally configured AS. When enabled (default), the peer IP-in-SCION tunneling endpoint will only be reached by remote endpoints on the SCION interfaces that are configured on the peer appliance.
IP address of the peer IP-in-SCION endpoint.
192.168.1.100Port number for probing traffic. The probe address is constructed from the IP address and this probe port. The probe address is used by remote tunnel endpoints in their health probing. If not set, or zero, the probe port will be dynamically allocated.
40202synchronization object
The synchronization configuration for this peer. This can be used to configure the automatic synchronization of topology information and supported features. Automatic synchronization of topology and supported features is not recommended for EDGE deployments. Instead static configuration is recommended. This field can not be set together with the scion, scion-tunneling, and features field.
The gRPC address of this peer, used for synchronization of appliance information
192.168.1.1:30100synchronization object
The configuration data necessary for the anapaya cluster synchronization. This determines how frequently this appliance synchronizes its local data with its peers, if synchronization is enabled.
The address where peers can fetch topology information. If this is not set, topology information is not exposed to peers and should be statically configured on the peers.
192.0.2.3:40000The interval between two consecutive topology synchronizations attempts to the cluster peers. Must only be set if dynamic topology discovery is enabled. It requires a unit suffix out of ['d', 'h', 'm', 's']. The encoding consists of a decimal number concatenated with a suffix; for example, '5s', '10m', '12h', and '1d'.
1m{
"cluster": {
"features": {
"scion_rss": true
},
"peers": [
{
"description": "string",
"features": {
"scion_rss": false
},
"name": "string",
"scion": {
"ases": [
{
"control": {
"address": "192.168.1.1:30100"
},
"isd_as": "1-ff00:0:110",
"neighbors": [
{
"interfaces": [
{
"interface_id": 0,
"next_hop": "169.254.0.1:30100",
"scion_mtu": 1472
}
],
"neighbor_isd_as": "2-ff00:0:210",
"relationship": "CORE"
}
],
"shard_id": 0
}
]
},
"scion_tunneling": {
"endpoint": {
"allowed_interfaces": [
{
"interfaces": [
2,
3
],
"isd_as": "string"
}
],
"control_port": 40201,
"data_port": 40200,
"disable_auto_allowed_interfaces": true,
"ip": "192.168.1.100",
"probe_port": 40202
}
},
"synchronization": {
"address": "192.168.1.1:30100"
}
}
],
"synchronization": {
"address": "192.0.2.3:40000",
"node_synchronization_interval": "1m"
}
}
}