An educational project for learning SCION architecture through hands-on experimentation
Inspired by the groundbreaking research at ETH Zurich and the SCION Association, this project provides a local, containerized SCION network for students, researchers, and developers to explore path-aware networking without needing access to the global SCIONLab testbed.
- Learn by Doing β Run a complete SCION network locally and see how it differs from traditional BGP-based routing
- Understand Path-Awareness β Experience sender-selected paths, multi-path communication, and instant failover
- Explore SCION Concepts β Isolation Domains (ISDs), beaconing, Trust Root Configurations (TRCs), and cryptographic path validation
- Safe Experimentation β Break links, simulate failures, and observe network behavior without affecting production systems
SCION (Scalability, Control, and Isolation on Next-generation Networks) was developed at ETH Zurich as a clean-slate Internet architecture that addresses fundamental security and reliability issues in today's Internet. Unlike BGP, SCION gives end hosts control over their network paths and provides cryptographic guarantees about path authenticity.
This project is not affiliated with ETH Zurich or the SCION Association β it's an independent learning resource built on top of the open-source scionproto/scion implementation.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SCION Network β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββ
β ISD 1 (Academic Network) β β ISD 2 (Commercial Network) β
β β β β
β ββββββββββββββββββββββββββ β CORE β ββββββββββββββββββββββββββ β
β β AS 1-ff00:0:110 ββββΌβββββββββΊβΌβββ AS 2-ff00:0:210 β β
β β (Core AS) β β Link β β (Core AS) β β
β β β’ Control Service β β β β β’ Control Service β β
β β β’ Border Router β β β β β’ Border Router β β
β β β’ SCION Daemon β β β β β’ SCION Daemon β β
β βββββββββββββ¬βββββββββββββ β β βββββββββββββ¬βββββββββββββ β
β β CHILD β β β CHILD β
β βΌ β β βΌ β
β ββββββββββββββββββββββββββ β β ββββββββββββββββββββββββββ β
β β AS 1-ff00:0:111 β β PEER β β AS 2-ff00:0:211 β β
β β (Leaf AS) ββββΌβββββββββΊβΌβββ (Leaf AS) β β
β β β’ Control Service β β Link β β β’ Control Service β β
β β β’ Border Router β β β β β’ Border Router β β
β β β’ SCION Daemon β β β β β’ SCION Daemon β β
β β β’ End Host (host-111)β β β β β’ End Host (host-211)β β
β ββββββββββββββββββββββββββ β β ββββββββββββββββββββββββββ β
β β β β
ββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββ
Available Paths from host-111 to host-211:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Path 1 (Direct): 111 ββPEERβββΊ 211
Path 2 (Via Cores): 111 ββPARENTβββΊ 110 ββCOREβββΊ 210 ββCHILDβββΊ 211
- Docker & Docker Compose
- Bash shell
- ~2GB disk space for SCION images
# 1. Clone this repository
git clone <repo-url> && cd SCIONMiniNet
# 2. Generate configuration files
make setup
# 3. Start the network
make up
# 4. Wait for convergence (~20 seconds)
sleep 20
# 5. Explore paths between ASes
make paths
# 6. Send ping across the network
make ping| Network Topology | AS Details | Path Discovery |
|---|---|---|
 |
 |
 |
| Container Status | Ping Test |
|---|---|
 |
 |
| Setup & Start | Path Discovery |
|---|---|
 |
 |
| Container Status | SCION Ping |
|---|---|
 |
 |
This project teaches these core SCION concepts:
ISDs are administrative regions that manage trust and routing policies. Our topology has:
- ISD 1: Academic Network (AS 110, AS 111)
- ISD 2: Commercial Network (AS 210, AS 211)
- CORE: Links between core ASes (backbone)
- CHILD/PARENT: Hierarchical provider-customer links
- PEER: Direct connections between non-hierarchical ASes
Unlike BGP, SCION endpoints discover ALL available paths and choose which to use:
make paths # See all paths from AS111 to AS211Each SCION packet carries its complete path in the header. Routers don't need routing tablesβthey just follow the embedded path.
The sender (not the network) chooses the path based on:
- Latency requirements
- Bandwidth needs
- Trust/jurisdiction constraints
- Failover policies
make interactive # Manually select a path and ping over it| Command | Description |
|---|---|
make paths |
Show all available paths from AS111 to AS211 |
make ping |
Send SCMP echo requests |
make measure |
Measure latency on each path |
make interactive |
Interactive path selection and ping |
make shell-111 |
Shell into host in AS 1-ff00:0:111 |
make shell-211 |
Shell into host in AS 2-ff00:0:211 |
# Break the core link by stopping AS110's router
make break-link ROUTER=router-110
# Observe: only the PEER path remains
make paths
# Restore the link
make restore-link ROUTER=router-110# Measure RTT on all available paths
make measure
# Compare: which path is faster?
# The PEER link (111β211) should be faster than via cores# Open two terminals and send traffic on different paths
# Terminal 1:
make shell-111
scion ping 2-ff00:0:211 -c 100
# Terminal 2:
make shell-211
scion ping 1-ff00:0:111 -c 100SCIONMiniNet/
βββ Makefile # All commands
βββ README.md # This file
βββ docker-compose.yml # Container orchestration
βββ topology/
β βββ topology.topo # SCION topology definition
βββ scripts/
β βββ setup.sh # Generates configs
β βββ cleanup.sh # Removes generated files
βββ bin/
β βββ scion-paths # Path discovery
β βββ scion-ping # SCMP ping
β βββ scion-measure # Latency measurement
β βββ scion-interactive # Interactive explorer
βββ docs/
β βββ CONCEPTS.md # SCION deep-dive
β βββ EXPERIMENTS.md # Guided experiments
βββ gen/ # Generated configs (gitignored)
Edit topology/topology.topo to add ASes or links:
ASes:
"1-ff00:0:112": # Add a new AS
cert_issuer: 1-ff00:0:110
mtu: 1472
links:
# Add new link
- {a: "1-ff00:0:111#3", b: "1-ff00:0:112#1", linkAtoB: PEER}Then regenerate and restart:
make clean
make setup
make upSCION applications can use multiple paths simultaneously:
- Discover paths: Query the daemon for all available paths
- Distribute traffic: Split data across paths based on capacity
- Handle failures: Automatically failover when a path breaks
See docs/EXPERIMENTS.md for a multi-path implementation guide.
- SCION Book - Comprehensive guide
- scionproto/scion - Reference implementation
- SCIONLab - Global testbed
Paths not showing?
# Wait for beacon propagation
sleep 30 && make pathsContainers not starting?
# Check Docker status
docker compose ps
docker compose logsPermission denied?
chmod +x scripts/*.sh bin/*MIT License - See LICENSE for details.
Built for learning SCION fundamentals through hands-on experimentation.