Skip to main content

Migration to v0.41

When migrating from version 0.40 (or older) to version 0.41 (or newer) there's a change in the semantics of how the IP prefixes are received and sent via SGRP.

In the older versions, the IP space was split into one or more mutually exclusive "domains" and each domain was assigned a list of SCION path policies. Incoming IP prefixes were split in such a way, that each route belonged to a single domain.

Starting with version 0.41, the domains remain only as a mechanism to configure SCION path policies. Domains are no longer necessarily mutually exclusive. A single IP prefix may belong to two or more domains, depending on the identity of the remote SCION AS that announced it, or even on the size of the prefix. Splitting of prefixes isn't done any more. Instead, each incoming prefix is either accepted and inserted into the routing table as is, or it is rejected as a whole. The actual packet routing is done in the standard way, using the longest prefix match algorithm.

Given that the former and the new semantics do not map cleanly onto each other the migration may not be trivial. The appliance attempts an automatic configuration migration when installing the new version which should cover most scenarios.

It is recommended to perform a manual migration check (see below) to ensure the migration worked as expected.

Migration process

Before the migration, save the current tunneling state:

appliance-cli get debug/scion-tunneling/state/current --format json > state.json
appliance-cli get debug/scion-tunneling/sgrp/peers --format json > peers.json

Install the new version and run the following command:

appliance-cli debug sgrp-migration state.json peers.json

The output shows whether there are any differences in prefixes being received or announced from before to after the migration.

If there are no differences no further action is needed and migration was successful.

If there are differences, these may not necessarily be caused by the migration. It is also possible that a remote AS started to announce different IP prefixes in the meantime.

Debugging tips

List IP prefixes received from remote SCION ASes:

appliance-cli get debug/scion-tunneling/sgrp/remote/receive

Filter results by specific local or remote AS. For example:

appliance-cli get debug/scion-tunneling/sgrp/remote/receive --query remote_isd_as=1-ff00:0:111

Prefixes are sorted by the domain they were assigned to and classified as:

  • candidates: prefixes received from remote ASes.
  • accepted: prefixes that passed the domain accept filters.

List IP prefixes announced to remote SCION ASes:

appliance-cli get debug/scion-tunneling/sgrp/remote/announce

Filter results by specific local or remote AS. For example:

appliance-cli get debug/scion-tunneling/sgrp/remote/announce --query local_isd_as=1-ff00:0:110

Prefixes are classified as:

  • candidates: prefixes available for announcements to the remote ASes.
  • accepted: prefixes that passed the announce filters.

List the SGRP rules (both for incoming and outgoing prefixes):

appliance-cli inspect tunneling sgrp