Final Report Summary - SCION (Scalability, Control, Isolation on Next-generation Networks)
SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing ASes into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains provide natural isolation of routing failures and misconfigurations, give endpoints strong control over both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design.
Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine then into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.
Since the start of the project, the research on improving the SCION architecture has been complemented and assisted by implementation and deployment. Since 2014, an operational SCION network has been in operation. The current maturity of the software was achieved through professional and experienced developers, which have built the now 5th generation of the software. Moreover, this has been complemented by substantial efforts in formally modeling and verifying core components of the SCION architecture.
The development has a research and a commercial component. At ETH, we have been working on an open-source component, and we have been operating SCIONLab, a global research network that allows anyone to connect to and explore SCION communication. When a large Swiss bank contacted us in early 2017 to start using SCION for production traffic, we established Anapaya Systems to handle the commercial aspects. In the meantime, Anapaya Systems is operating a commercial SCION network that runs in parallel to the SCIONLab network, providing sound operational guarantees needed for a commercial deployment.
Besides high security, SCION also provides a scalable routing infrastructure, and high efficiency for packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine then into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of ISPs and receivers, offering path choice to all the parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multi-path communication, which is an important approach for high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.
Since the start of the project, the research on improving the SCION architecture has been complemented and assisted by implementation and deployment. Since 2014, an operational SCION network has been in operation. The current maturity of the software was achieved through professional and experienced developers, which have built the now 5th generation of the software. Moreover, this has been complemented by substantial efforts in formally modeling and verifying core components of the SCION architecture.
The development has a research and a commercial component. At ETH, we have been working on an open-source component, and we have been operating SCIONLab, a global research network that allows anyone to connect to and explore SCION communication. When a large Swiss bank contacted us in early 2017 to start using SCION for production traffic, we established Anapaya Systems to handle the commercial aspects. In the meantime, Anapaya Systems is operating a commercial SCION network that runs in parallel to the SCIONLab network, providing sound operational guarantees needed for a commercial deployment.