Skip to main content

Connected EDGEs

This section describes the different configuration sections required to set up connected EDGE appliances.

It focuses on the configuration sections that differ from the single EDGE setup. The Single EDGE section provides the common configuration sections that are also required for the connected EDGE setup.

note

Refer to the Getting Started Setup guide for step-by-step instructions on how to interact with the Anapaya appliance.

tip

Refer to the Static Redundancy (VRRP) and the Dynamic Redundancy (BGP) guides to learn how to configure different redundancy mechanisms.

Information

The configuration examples below are based on the following information and need to be adapted to your specific setup.

Anapaya EDGE
 Anapaya EDGE
SCION ISP
 SCION ISP
Firewall or Router
 Firewall or Router
SCION Link
 SCION Link
CustomerISD-AS
1-ff00:1:10
 Customer ISD-AS...
10.10.0.1/24
 10.10.0.1/24
SCION Interface ID
 SCION Interface ID
IP Connectivity
 IP Connectivity
x
 x
EDGE 1 LAN IP
10.10.0.12/24
 EDGE 1 LAN IP...
EDGE 2 LAN IP
10.10.0.13/24
 EDGE 2 LAN IP...
EDGE 2 WAN IP
10.100.10.34/30
 EDGE 2 WAN IP...
EDGE 1 WAN IP
169.254.2.2/30
 EDGE 1 WAN IP...
1
 1
2
 2
21
 21
45
 45
ISPISD-AS
1-ff00:0:1
 ISP ISD-AS...
ISPISD-AS
1-ff00:0:5
 ISP ISD-AS... Text is not SVG - cannot display

Information provided by ISP 1

  • CORE
    • SCION ISD-AS: 1-ff00:0:1
    • SCION interface ID: 21
    • SCION link underlay address: 169.254.2.1:31021
  • EDGE
    • WAN interface IP address: 169.254.2.2/30

Information provided by ISP 2

  • CORE
    • SCION ISD-AS: 1-ff00:0:5
    • SCION interface ID: 45
    • SCION link underlay address: 10.100.10.33:31045
  • EDGE
    • WAN interface IP address: 10.100.10.34/30

Information provided by the customer

  • SCION ISD-AS of the EDGEs: 1-ff00:0:110
  • LAN interface IP addresses: 10.10.0.12/24 and 10.10.0.13/24
  • LAN interface IP gateway: 10.10.0.1

Information to be chosen by the operator of the EDGE appliances

  • EDGE 1
    • SCION interface ID of the EDGE appliances: 1
    • SCION link underlay port of the EDGE appliance: 31001. Together with the underlay address of the ISP, this forms the SCION link address of the EDGE appliance: 169.254.2.2:31001.
  • EDGE 2
    • SCION interface ID of the EDGE appliances: 2
    • SCION link underlay port of the EDGE appliance: 31002. Together with the underlay address of the ISP, this forms the SCION link address of the EDGE appliance: 10.100.10.34:31002.
loopback interface

In a connected EDGE setup, the LAN interface of each EDGE is used to bind the control and data plane and the IP-in-SCION tunneling endpoints and no loopback address is configured.

The following table summarizes the SCION links between the EDGE appliances and the SCION ISPs. The SCION interface is a combined representation of the ISD-AS and the interface ID, e.g., 1-ff00:0:10#1.

ApplianceSCION interfaceUnderlay addressNeighbor SCION interfaceNeighbor underlay address
EDGE 11-ff00:0:10#1169.254.2.2:310011-ff00:0:1#21169.254.2.1:31021
EDGE 21-ff00:0:10#210.100.10.34:310021-ff00:0:5#4510.100.10.33:31045

Network interfaces

Refer to the Single EDGE deployment example for more information about network interfaces configuration.

Loading...

SCION

Refer to the Single EDGE deployment example for more information about SCION configuration.

Loading...

Cluster

The cluster section describes the configuration of the cluster on the EDGE appliances. In this example, the EDGE appliances deployed in a sharded manner are part of the same cluster. The cluster configuration is used to synchronize SCION beacon and path information amongst each other and statically configures the SCION topology.

The cluster configuration includes a list of peers that are part of the cluster. For EDGE appliances we recommend to use static topology configuration, see Cluster for more details.

Loading...

IP-in-SCION tunneling

Refer to the Single EDGE deployment example for more information about IP-in-SCION tunneling configuration.

Static announcements

The static announcements section is used to announce the local IP prefixes to the remote SCION ISD-AS. This is required, unless there is a BGP integration with the customer network that handles the announcements.

Static announcements should have next-hop tracking enabled, such that remote IP-in-SCION tunneling endpoints can properly fail if the next-hop becomes unreachable. The tracking is ICMP-based, hence, ICMP ECHO messages between the EDGE and the configured next-hop must not be filtered. Otherwise, prefixes will not be announced.

Loading...

Complete configuration

For completeness, we provide the full configuration of both EDGE appliances:

Loading...