Skip to main content

Single EDGE

This section describes the different configuration sections required to set up the single EDGE appliance. This includes configuration of the network interfaces, the SCION AS, the SCION links, and the IP-in-SCION tunneling configuration.

note

Refer to the Getting Started Setup guide for step-by-step instructions on how to interact with the Anapaya appliance.

Information

The configuration examples below are based on the following information and need to be adapted to your specific setup.

Anapaya EDGE
 Anapaya EDGE
SCION ISP
 SCION ISP
Firewall or Router
 Firewall or Router
SCION Link
 SCION Link
ISPISD-AS
1-ff00:0:1
 ISP ISD-AS...
CustomerISD-AS
1-ff00:0:10
 Customer ISD-AS...
SCION Interface ID
 SCION Interface ID
IP Connectivity
 IP Connectivity
EDGE WAN IP
169.254.2.2/30
 EDGE WAN IP...
CORE IP
169.254.2.1/30
 CORE IP...
EDGE LAN IP
10.10.0.12/24
 EDGE LAN IP...
10.10.0.1/24
 10.10.0.1/24
21
 21
1
 1
x
 x Text is not SVG - cannot display

Information provided by the ISP

  • CORE
    • SCION ISD-AS: 1-ff00:0:1
    • SCION interface ID: 21
    • SCION link underlay address: 169.254.2.1:31021
  • EDGE
    • WAN interface IP address: 169.254.2.2/30

Information provided by the customer

  • SCION ISD-AS of the EDGE: 1-ff00:0:110
  • LAN interface IP address: 10.10.0.12/24
  • LAN interface IP gateway: 10.10.0.1

Information to be chosen by the operator of the EDGE appliance

  • SCION interface ID of the EDGE appliance: 1
  • SCION link underlay port of the EDGE appliance: 31001. Together with the underlay address of the ISP, this forms the SCION link address of the EDGE appliance: 169.254.2.2:31001.
  • SCION loopback interface IP address: 10.20.0.1/32
loopback interface

In the single EDGE setup, the loopback interface is used to provide a stable address for the SCION control plane and data plane as well as the the IP-in-SCION tunneling endpoint. It is not used for routing purposes, as the single EDGE appliance does not have any other appliances to connect to.

In case of redundant setups, the control plane and data plane need to be configured on the LAN interface instead of the loopback interface.

The following table summarizes the SCION links between the EDGE appliance and the SCION ISP. The SCION interface is a combined representation of the ISD-AS and the interface ID, e.g., 1-ff00:0:10#1.

ApplianceSCION interfaceUnderlay addressNeighbor SCION interfaceNeighbor underlay address
EDGE1-ff00:0:10#1169.254.2.2:310011-ff00:0:1#21169.254.2.1:31021

Network interfaces

The network interfaces section describes the configuration of the network interfaces on the EDGE appliance. In this example, we assume the WAN interface is named wan and the LAN interface is named lan, furthermore we can freely choose the name of the loopback interface loop1.

Loading...

SCION

The SCION section describes the configuration of the SCION AS on the EDGE appliance. For details, see the SCION configuration documentation covering general AS configuration, data plane, control plane, and SCION neighbors.

Most configuration parameters can be directly derived from the information provided by the ISP and the customer, as described in the Information section. The following example shows the configuration of the SCION AS on the EDGE appliance.

control and router

The control and router sections need to be set to enabled: true for the control and data plane to be enabled. The address of the control plane as well as the internal_interface of the router need to be set to the loopback interface address.

neighbor relationship

Unless otherwise specified by the ISP, the neighbor relationship should be set to PARENT.

Loading...

IP-in-SCION tunneling

The IP-in-SCION tunneling section describes the configuration of the IP-in-SCION tunneling on the EDGE appliance. This allows the EDGE appliance to configure IP tunnels towards other EDGE or GATE appliances.

This example configures a routing domain towards a communication partner with their own SCION ISD-AS.

Information provided by the communication partner

  • SCION ISD-AS: 1-ff00:0:25
  • IP prefixes: 10.30.0.0/24

Information provided by the customer

  • SCION ISD-AS: 1-ff00:0:10
  • IP prefixes: 10.10.0.0/24

This configuration allows end hosts in the local network 10.10.0.0/24 to communicate with end hosts in the remote SCION ISD-AS 1-ff00:0:25 in the 10.30.0.0/24 network.

Static announcements

The static announcements section is used to announce the local IP prefixes to the remote SCION ISD-AS. This is required, unless there is a BGP integration with the customer network that handles the announcements.

Loading...
endpoint

The endpoint needs to be set to enabled: true to enable the IP-in-SCION tunneling. The ip should be set to the loopback interface address of the EDGE appliance.

Complete configuration

For completeness, we provide the full configuration of the EDGE appliance:

Loading...