Hi Lars,
Thank you for bringing this topic here. It might be difficult to explain to others the relationship between SCION and Zero Trust.
Yes, I heard about SCION which was designed by ETH Zurich few years ago. But I am not sure if SCION should be considered as an evolution of current Internet or a revolution.
I think that SCION is not just a replacement of BGP on the Internet but also it is about changing the way we do routing and security in the Internet network.
Here are the key SCION differentiator in my opinion:
- SCION is about source routing instead of destination routing like we do with BGP
- SCION is by design stateless routing so we don't need to care about routing tables consistency through different network nodes in the Internet
- SCION can be considered as secure by design because routing information's exchanged between nodes are encrypted and signed. This is something that we are trying to do with RPKI to secure BGP to avoid BGP hijacks
SCION authors defined isolation domains (ISDNs) to group ASes and ensure economic and political relationships between them on the Internet, like we do today with LIRs and RIRs (such as RIPE or APNIC). But I agree that ISDs are also important in SCION design to ensure scalability; I am not sure how this will scale.
I have some knowledge and expertise about Segment Routing (SR) which was designed to replace BGP in intra-AS networks. IETF is working on multiple extensions of SR and in my understanding SR6 is applicable to inter-AS communications as well. I don't really see a big difference between SR and SCION.
The only difference I see is: With Segment Routing you need to know the whole topology of the network and select an end-to-end path whereas with SCION and thanks to ISDs you can have multiple segmented paths with the need to know the network topology.
Should we then spend time and energy to work on a new disruptive technology or should we work to evolve current and already mature technologies such as SR?
On the other hand, Huawei has submitted to ITU-T a set of proposals to replace IPv4 & v6 to address new use cases and introduce a new way of routing which is very similar to SCION.
Ps: I heard that many Swiss ISP are now providing SCON services to their customers, any feedback ?
Thanks
Zied
------------------------------
Zied TURKI CISSP #549219
Technology & Cybersecurity Specialist
Paris
------------------------------
Original Message:
Sent: Nov 07, 2022 03:27:44 AM
From: Lars Ruddigkeit
Subject: SCION - Next-Generation Networks
Hello community,
I see some traction in Switzerland for SCION. This is most likely due to that it is an invention from the ETH.
It seems to me like it is aiming to be the next BCG (Border Gateway Protocol). Not sure if their isolation domains will scale.
Has anybody heard of it and has an opinion about the technology?
Kindest regards,
Lars
Links:
SCION Internet Architecture (scion-architecture.net)
The internet architecture of the 1980s is due for an upgrade | World Economic Forum (weforum.org)
------------------------------
Lars Ruddigkeit
Account Technical Strategist Swiss FedGov
Microsoft Switzerland
------------------------------