Hello everyone,
After an intensive Summer packed with activities, we owe you an update.
We have continued working on SCIONLab, our global infrastructure to make
SCION easy to use and experiment with. SCIONLab now supports
connections to multiple attachment points and our automated
image builder enables you to easily fetch a fully customized image for
Raspberry Pi and Odroid devices to run your SCION AS.
In this newsletter, we focus on SCIONLab research opportunities, give
insight into an exciting project that has been conducted on SCIONLab,
report on a DDoS solution for servers that we have implemented, and
provide an update from Anapaya Systems.
|
|
Research opportunities for SCIONLab
As SCIONLab continues to mature, many exciting research opportunities
become possible. To illustrate this point, we present a few
possibilities.
SCIONLab offers next-generation Internet architecture research based on
SCION. By joining SCIONLab, users obtain real ASes with all
cryptographic credentials to participate in the global SCIONLab routing
infrastructure. Through the control-plane PKI, each AS
obtains its own certificate. ASes can use their own computing resources
and attach to different points in the SCIONLab network. This enables a
user to use SCIONLab as a path-aware networking testbed with
path-selection support, perform inter-domain routing
scalability research, or investigate network availability and
performance across the globe.
In the near future, we plan to extend SCIONLab with the following
mechanisms enabling additional exciting research opportunities:
-
Hidden paths for secure IoT operation
-
Inter-domain bandwidth resource allocation system
-
Multi-path QUIC socket for multi-path research
-
DDoS defense research using in-network defense mechanisms
|
|
MS thesis project report: Network performance evaluation on SCION
In a MS thesis project by François Wirz, we conducted a performance
evaluation of SCION on a distributed set of hosts operated by Open
Systems. We conducted measurements of the end-to-end connectivity
between hosts over the regular Internet and over SCION using various
metrics, such as latency and topological path properties (e.g., path
stretch). By inspecting the topological properties
of the SCION paths, we evaluated how path selection can improve
availability and path performance in a path aware networking context.
Our results show that for more than 90% of possible AS pairs, SCION was
able to deliver high path disjointness and simultaneous
availability for both eastbound and westbound paths. More results of
this collaboration with Open Systems can be found in François’
thesis report.
|
|
DoS Defense for Server Systems
With SCION’s global QoS system, end domains have an effective mechanism
to defend against volumetric DDoS attacks (which congest network links).
However, non-volumetric attacks that exhaust resources on the end host
are still possible. The main problem lies
in the asymmetry between the attacker and the defender: while the
attacker can trivially forge arbitrary requests, the defender has to
process all incoming requests. Thus, we designed and implemented an
efficient packet filtering service that is able to filter
a traffic stream with 60+ Gbps bandwidth on a commodity server while
introducing negligible latency overhead. During an attack, the service
checks the authenticity of each packet, removes duplicate packets, and
enforces per-AS resource allocation. This work
arose from a collaboration of Benjamin Rothenberger, Florian Jacky and
Pascal Sprenger. The paper describing this work is currently under
review, if you would like to get early access please contact Benjamin.
|
|
Anapaya Systems Update
On the commercial side, Anapaya systems is continuing the ISP and
customer deployment of SCION. The growing BGP-free commercial SCION
network now encompasses Swisscom, Deutsche Telekom, SWITCH, and Init7.
Several corporations have obtained SCION network connections
through these ISPs to the corporate SCION network. The Anapaya team is
steadily growing at a recent pace of one person per month, with
currently 9 developers. With the increasing maturity of the product,
Anapaya is now starting to build up a management, operation,
and sales team.
With the continuing increase of interest and deployment, we are experiencing profuse excitement.
Thanks for your interest and stay tuned for further updates!
The SCION team
|
|
|