Skip to main content

Dynamic Redundancy (BGP)

In this deployment example, we will configure the Anapaya EDGE to dynamically advertise routes that are reachable.

IP prefixes that are learned from the SCION network are advertised to the LAN via BGP, conversely, IP prefixes that are reachable in the LAN need to be advertised to the EDGE appliances via BGP as well. When an IP prefix is no longer reachable via the SCION network, it is retracted from BGP and the LAN will no longer use that EDGE appliance to reach the SCION network.

info

In the dynamic redundancy setup both EDGE appliances can be used for outgoing traffic simultaneously, this can be influenced by the operator of the LAN side BGP router.

note

Refer to the Getting Started Setup guide for step-by-step instructions on how to interact with the Anapaya appliance.

Information

The configuration examples below are based on the connected EDGE setup and need to be adapted to your specific setup.

Anapaya EDGE
 Anapaya EDGE
SCION ISP
 SCION ISP
Firewall or Router
 Firewall or Router
SCION Link
 SCION Link
CustomerISD-AS
1-ff00:1:10
 Customer ISD-AS...
10.10.0.1/24
 10.10.0.1/24
SCION Interface ID
 SCION Interface ID
IP Connectivity
 IP Connectivity
x
 x
EDGE 1 LAN IP
10.10.0.12/24
 EDGE 1 LAN IP...
EDGE 2 LAN IP
10.10.0.13/24
 EDGE 2 LAN IP...
EDGE 2 WAN IP
10.100.10.34/30
 EDGE 2 WAN IP...
EDGE 1 WAN IP
169.254.2.2/30
 EDGE 1 WAN IP...
1
 1
2
 2
21
 21
45
 45
ISPISD-AS
1-ff00:0:1
 ISP ISD-AS...
ISPISD-AS
1-ff00:0:5
 ISP ISD-AS...
ASN 65012
 ASN 65012
ASN 65013
 ASN 65013
ASN 65001
 ASN 65001
BGP Session
 BGP Session Text is not SVG - cannot display

Additional information provided by the customer

BGP RouterRouter IPASN
EDGE 110.10.0.1265012
EDGE 210.10.0.1365013
LAN side10.10.0.165001

BGP

The following BGP section is added to configure the eBGP session between the EDGE appliances and a BGP router in the internal network.

Loading...

IP-in-SCION tunneling

The IP-in-SCION tunneling section needs to be adjusted. The static_announcements list is no longer required. Instead, the EDGE appliances propagate the IP prefixes that are received via BGP from the LAN side router to the SCION network. The rest of the IP-in-SCION tunneling configuration remains the same as in the connected EDGE setup example.

Loading...

Complete configuration

For completeness, we provide the full configuration of the EDGE appliance:

Loading...

Advanced configuration

Multiple LAN interfaces

If the EDGE appliances have multiple LAN interfaces, each with its own BGP session, the configuration should be updated as follows:

  • Add a BGP neighbor entry for each BGP session in the bgp.neighbors list.
  • Configure a loopback interface on each EDGE appliance, and bind the router, control service, and tunneling endpoint to this loopback address.
  • Include the loopback address as a network in the BGP configuration.
  • Ensure connectivity so that the other EDGE appliance can reach the loopback address.
  • Set the loopback addresses as cluster peers to enable proper communication between appliances.