Overview¶
The Anapaya EDGE implements the IP-in-SCION tunneling module together with a SCION router and is typically deployed by end customers to connect their network to the SCION network.
Interacting with an Anapaya Appliance¶
The Anapaya appliance offers a feature-rich HTTP REST API supporting the following interactions (more will be added in the future):
Manipulating the configuration of the appliance.
Inspecting the status of the appliance.
Provisioning cryptographic material, such as TRCs and certificates.
Using basic SCION tools such as
scion pingandscion showpathsthat help with exploring the network basic troubleshooting.
The OpenAPI 3 specification of the appliance management API is available here.
The entire appliance configuration is described in a single JSON file. This facilitates backup and restore of the appliance configuration - an appliance can be restored to a previous state by enacting a backup of the configuration or even freshly provisioned by installing the appliance base image and applying the configuration.
To interact with the management API, there is a range of frontends available:
appliance-cli, a command-line tool to interact with the appliance API.
curl (or similar) to interact with the appliance via HTTP from the command line.
Anapaya Console enables central orchestration of EDGE, CORE and GATE appliances.
It is also possible to use tools like Ansible to orchestrate a fleet of appliances, however, this is out of scope of this knowledge base.
Section Appliance Configuration describes in detail the configuration of an Anapaya appliance.
EDGE Appliance Features¶
Anapaya offers three tiers of the EDGE Appliance to cater to different needs:
Lite: Designed for simple SCION connections, ideal for basic use cases.
Standard: Provides highly resilient communications with enhanced features.
Pro: Includes advanced capabilities such as EDGE-to-EDGE encryption, among other features.
Category |
Feature |
Lite Tier |
Standard Tier |
Pro Tier |
Legacy Tier |
|---|---|---|---|---|---|
Management API |
OAuth2 authentication for management API |
❌ |
✅ |
✅ |
✅ |
SCION Tunneling |
SCION Tunneling configuration |
✅ |
✅ |
✅ |
✅ |
Encryption |
❌ |
❌ |
✅ |
❌ |
|
Maximum number of remote tunneling endpoints |
5 |
50 |
Unlimited |
Unlimited |
|
Maximum number of path filters |
1 |
10 |
Unlimited |
Unlimited |
|
Maximum number of traffic matchers |
1 |
10 |
Unlimited |
Unlimited |
|
SCION |
Maximum number of neighbor ASes |
1 |
2 |
Unlimited |
Unlimited |
Maximum number of SCION links |
1 |
Unlimited |
Unlimited |
Unlimited |
|
Can operate as a Certificate Authority (CA) |
❌ |
❌ |
✅ |
✅ |
|
LAN |
Network redundancy features like BGP, VRRP, Next-hop Tracking, and Clustering |
❌ |
✅ |
✅ |
✅ |
Telemetry¶
Each appliance exports rich telemetry data, logs, and events to a central collector based on Prometheus. Details on the exported metrics and their semantics are described in section Telemetry.
Next Steps¶
If you are just starting out with the Anapaya appliance, we recommend that you begin with the Getting Started section.
If you are already familiar with the Anapaya appliance, we invite you to check out the Appliance Configuration section or read one of our User Guides.