Skip to main content

Disconnected EDGEs

This section describes the different configuration sections required to set up disconnected EDGE appliances.

It focuses on the configuration sections that differ from the connected EDGEs setup. The Connected EDGEs section provides the common configuration sections that are also required for the disconnected EDGE setup.

note

Refer to the Getting Started Setup guide for step-by-step instructions on how to interact with the Anapaya appliance.

independent EDGEs

In case obtaining a second SCION ISD-AS number is not an issue, prefer to configure EDGEs in the independent EDGEs mode instead.

tip

Refer to the Dynamic Redundancy (BGP) guide to learn how to configure your EDGEs with dynamic redundancy.

Information

The configuration examples below are based on the following information and need to be adapted to your specific setup.

Anapaya EDGE
 Anapaya EDGE
SCION ISP
 SCION ISP
Firewall or Router
 Firewall or Router
SCION Link
 SCION Link
CustomerISD-AS
1-ff00:0:10
 Customer ISD-AS...
10.11.0.5/30
 10.11.0.5/30
SCION Interface ID
 SCION Interface ID
IP Connectivity
 IP Connectivity
x
 x
EDGE 1 LAN IP
10.11.0.6/30
 EDGE 1 LAN IP...
EDGE 2 LAN IP
10.12.0.6/30
 EDGE 2 LAN IP...
EDGE 2 WAN IP
10.100.10.34/30
 EDGE 2 WAN IP...
EDGE 1 WAN IP
169.254.2.2/30
 EDGE 1 WAN IP...
1
 1
2
 2
21
 21
45
 45
ISPISD-AS
1-ff00:0:1
 ISP ISD-AS...
ISPISD-AS
1-ff00:0:5
 ISP ISD-AS...
10.12.0.5/30
 10.12.0.5/30 Text is not SVG - cannot display

Information provided by ISP 1

  • CORE
    • SCION ISD-AS: 1-ff00:0:1
    • SCION interface ID: 21
    • SCION link underlay address: 169.254.2.1:31021
  • EDGE
    • WAN interface IP address: 169.254.2.2/30

Information provided by ISP 2

  • CORE
    • SCION ISD-AS: 1-ff00:0:5
    • SCION interface ID: 45
    • SCION link underlay address: 10.100.10.33:31045
  • EDGE
    • WAN interface IP address: 10.100.10.34/30

Information provided by the customer

  • SCION ISD-AS of the EDGEs: 1-ff00:0:110

  • EDGE 1

    • LAN interface IP address: 10.11.0.6/30
    • LAN interface IP gateway: 10.11.0.5

  • EDGE 2

    • LAN interface IP address: 10.12.0.6/30
    • LAN interface IP gateway: 10.12.0.5

Information to be chosen by the operator of the EDGE appliances

  • EDGE 1
    • SCION interface ID of the EDGE appliances: 1
    • SCION link underlay port of the EDGE appliance: 31001. Together with the underlay address of the ISP, this forms the SCION link address of the EDGE appliance: 169.254.2.2:31001.
  • EDGE 2
    • SCION interface ID of the EDGE appliances: 2
    • SCION link underlay port of the EDGE appliance: 31002. Together with the underlay address of the ISP, this forms the SCION link address of the EDGE appliance: 10.100.10.34:31002.

The following table summarizes the SCION links between the EDGE appliances and the SCION ISPs. The SCION interface is a combined representation of the ISD-AS and the interface ID, e.g., 1-ff00:0:10#1.

ApplianceSCION interfaceUnderlay addressNeighbor SCION interfaceNeighbor underlay address
EDGE 11-ff00:0:10#1169.254.2.2:310011-ff00:0:1#21169.254.2.1:31021
EDGE 21-ff00:0:10#210.100.10.34:310021-ff00:0:5#4510.100.10.33:31045

Network interfaces

Refer to the Connected EDGEs deployment example for more information about network interfaces configuration.

Loading...

SCION

Refer to the Connected EDGEs deployment example for more information about SCION configuration.

Loading...

Cluster

The cluster section describes the configuration of the cluster on the EDGE appliances. In this example, the EDGE appliances deployed in a sharded manner are part of the same cluster but do not have IP connectivity. The cluster configuration statically configures the SCION topology, specifically lists the existence of IP-in-SCION tunneling endpoints.

failover

EDGEs in a disconnected deployment mode which (by definition) are part of the same SCION ISD-AS must list the IP-in-SCION tunneling endpoints of the cluster peers. Missing endpoints might result in failover between EDGEs not working correctly.

Loading...

IP-in-SCION tunneling

Refer to the Connected EDGEs deployment example for more information about IP-in-SCION tunneling configuration.

Static announcements

The static announcements section is used to announce the local IP prefixes to the remote SCION ISD-AS. This is required, unless there is a BGP integration with the customer network that handles the announcements.

Static announcements should have next-hop tracking enabled, such that remote IP-in-SCION tunneling endpoints can properly fail if the next-hop becomes unreachable. The tracking is ICMP-based, hence, ICMP ECHO messages between the EDGE and the configured next-hop must not be filtered. Otherwise, prefixes will not be announced.

Loading...

Complete configuration

For completeness, we provide the full configuration of both EDGE appliances:

Loading...