You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* faq/join_infra: split FW config to its own page and update it
Questions:
1. Is this split better? (I think it makes sense, because this way we can send
the direct link to just that info to network operators when prodding them to
fix the firewall.)
2. What did I forget in outgoing connections?
* faq/join_infra: cosmetic changes
* change title and add an intro sentence
Inter-AS connectivity is required only with the neighbouring ASes. In order to allow dynamic topology adjustments we recommend firewall opening for 0.0.0.0/0. In most cases, after determining the best neighbours for your AS, we can provide a narrowed-down list of networks.
22
+
" %}
23
+
24
+
{% include alert type="note" content="
25
+
As an alternative we can also operate connections over a tunnel, e.g. OpenVPN or Wireguard. However please note this will be done only in a special scenarios, e.g. installing a node in a country with strict network policy regarding connectivity abroad. In that case UDP connectivity can be stricter, but inbound SSH connectivity from networks listed above must work.
26
+
" %}
27
+
28
+
{% include alert type="note" content="
29
+
The ICMP connectivity is required for diagnosing the state of the network in case of any issues with the node. In case it is not provided, the node will be considered down as soon as it's not reachable via SSH without further investigations.
Copy file name to clipboardExpand all lines: content/faq/join_infrastructure.md
+9-39Lines changed: 9 additions & 39 deletions
Original file line number
Diff line number
Diff line change
@@ -15,13 +15,13 @@ This page is supposed to give you a general overview over joining as a part of t
15
15
16
16
## Procedure
17
17
18
-
-[Get in contact with us](../../#contact) telling you want to join the infrastructure.
19
-
- Once the node(s) are ready on your side, create a `scionlab` user with full `sudo` rights and access for the SCIONLab team.
20
-
- The SCIONLab admins will perform measurements to find the most appropriate neighbors to your AS. We will notify you of the result.
21
-
- Once the neighboring ASes have been decided, the administrators will install SCION services and configure monitoring for the node(s).
22
-
- Your AS is now connected to the infrastructure of SCIONLab and hosts within your network now have direct access to SCIONLab.
18
+
1.[Get in contact with us](../../#contact) telling you want to join the infrastructure.
19
+
2. Once the node(s) are ready on your side, create a `scionlab` user with full `sudo` rights and access for the SCIONLab team.
20
+
3. The SCIONLab admins will perform measurements to find the most appropriate neighbors to your AS. We will notify you of the result.
21
+
4. Once the neighboring ASes have been decided, the administrators will install SCION services and configure monitoring for the node(s).
22
+
5. Your AS is now connected to the infrastructure of SCIONLab and hosts within your network now have direct access to SCIONLab.
23
23
24
-
Once the node(s) are part of the SCIONLab infrastructure, their configuration will be centrally managed via Ansible in order to keep the whole infrastructure in the best shape. You will not be required to take any action as long as the machine remains accessible for us.
24
+
Once the node(s) are part of the SCIONLab infrastructure, their configuration will be centrally managed via Ansible in order to keep the whole infrastructure in the best shape. You will not be required to take any action as long as the machine remains accessible to us.
25
25
26
26
## Requirements
27
27
@@ -30,40 +30,10 @@ There are a few requirements for you or your organization to join SCIONLab as an
30
30
- Infrastructure ASes and nodes are required to be active 24 hours a day, 7 days a week. The SCIONLab administrators can typically handle all SCION related problems, but sometimes they will contact you if they cannot perform certain tasks. An example would be to change a drive if it failed, etc.
31
31
- The machine should have a minimum of 4 CPUs, 8 GB of RAM and 40 GB of disk space. In most of the cases a VM can suffice.
32
32
- OS for the SCION infrastructure node must be Ubuntu 18.04.
33
-
- The border router node(s) must have a public static IP. Any other SCION services can run with private static IP.
34
-
-Firewall has to be configured according to the connectivity matrix below.
33
+
- The border router node(s) must have a public static IP address. Any other SCION services can run with private static IP addresses.
34
+
-Any firewalls affecting the node must be configured according to the [SCION AS connectivity matrix](./as_connectivity.html).
Inter-AS connectivity is required only with the neighbouring ASes. In order to allow dynamic topology adjustments we recommend firewall opening for 0.0.0.0/0. In most cases, after determining the best neighbours for your AS, we can provide a narrowed-down list of networks.
49
-
" %}
50
-
51
-
{% include alert type="note" content="
52
-
As an alternative we can also operate connections over a tunnel, e.g. OpenVPN or Wireguard. However please note this will be done only in a special scenarios, e.g. installing a node in a country with strict network policy regarding connectivity abroad. In that case UDP connectivity can be stricter, but inbound SSH connectivity from networks listed above must work.
53
-
" %}
54
-
55
-
{% include alert type="note" content="
56
-
The ICMP connectivity is required for diagnosing the state of the network in case of any issues with the node. In case it is not provided, the node will be considered down as soon as it's not reachable via SSH without further investigations.
0 commit comments