[SCION] SCION User AS

Juan A. García-Pardo juan.garcia at inf.ethz.ch
Tue Apr 26 16:14:14 CEST 2022


Hi Dheeraj,
The first thing you will need is to be able to ping the user AS 1 machine
from the user AS 2 machine (and vice versa). I will assume that you have
already established an IP channel between those two machines and that they
can "see" each other.
Using the address 192.168.1.1 for A and 192.168.1.2 for B, you should be
able to:
`ping 192.168.1.2` from A, and
`ping 192.168.1.1` from B. Please modify the addresses with the real ones.
I am attaching the topology files that you would use for both of them.
Remember to change the addresses with the real ones in the topology files
as well. The user AS A (17-ffaa:1:d7b) is configured to provide access to
the user AS B (17-ffaa:1:f1c).
Lastly, unless you are using the "installation from sources" deployment
method, you will want to prevent the topology from updating from the
Coordinator. To do this, run the following for the two machines where the
user ASes are deployed:
`sudo mv /etc/scion/scionlab-config.json{,.bak}`
It will rename the scionlab-config.json file and stop the
scionlab-config command from touching anything inside /etc/scion.
Best regards,

Juan A.

PS: I am CC'ing the list, as this is useful information for everyone else
that may like to do a similar thing. (there is no private information in
the topology files other than the assigned AS IDs)


On Tue, Apr 26, 2022 at 12:34 PM Chandrashekar Dheeraj <
dheeraj.chandrashekar at aalto.fi> wrote:

> Hi Juan
>
>
>
> Thanks for the quick response.
>
> I have attached the topology files of two AS.
>
> Both AS are connected to the same parent via OpenVPN. I need a direct
> connection between them.
>
>
>
> Regards
>
> Dheeraj
>
>
>
> *From:* Juan A. García-Pardo <juan.garcia at inf.ethz.ch>
> *Sent:* Monday, April 25, 2022 9:23 PM
> *To:* Chandrashekar Dheeraj <dheeraj.chandrashekar at aalto.fi>
> *Cc:* scion at lists.inf.ethz.ch
> *Subject:* Re: [SCION] SCION User AS
>
>
>
> Hi Dheeraj,
>
> Is it possible to connect two User AS directly ?
>
> Yes.
>
> Or is it possible to have a peer link between them (even if they are
> connected to a parent node) ?
>
> There is currently no support for peering links in our reference
> implementation.
>
> Can this be done by ourselves ?
>
> Yes. Let me explain the procedure.
>
> Let's have A and B as two user ASes. They are both connected to an
> attachment point, it is not important which one or even whether it is the
> same for both A and B or two different attachment points.
>
> Since we cannot connect A and B with a peering link, we have to establish
> a customer-provider relationship between A and B. Let's say that A provides
> connectivity for B.
>
> In this case we will have to manually edit both topology files and disable
> updates from the coordinator. This means that changes done via web to the
> user ASes will not be automatically reflected in said user ASes.
>
> If this is okay with you, please send the topology files and I will try to
> edit them for you and send them back to you.
>
> Best regards,
>
>
>
> Juan A.
>
>
>


More information about the SCION mailing list