Project Coordinator (EU) :Otto-von-Guericke-University Magdeburg
Country of the EU Coordinator :Germany
Organisation Type :Academia
Project participants :
Prof. Dr. David Hausheer is a Professor at the Faculty of Computer Science at Otto-von-Guericke-University Magdeburg since May 2017. He holds a diploma degree in electrical engineering and a Ph.D. degree in technical sciences from ETH Zurich. Prof. Hausheer will be leading the project and guiding the corresponding work.
M.Sc. Marten Gartner is a Ph.D. student in the team of Prof. Hausheer at the Faculty of Computer Science at Otto-von-Guericke-University Magdeburg since February 2021. He holds an M.Sc. degree in digital engineering from OVGU Magdeburg. Marten Gartner will contribute both to the setup of SCIONLab over BRIDGES as well as to the experiments.
M.Sc. Tony John is a Ph.D. student in the team of Prof. Hausheer at the Faculty of Computer Science at Otto-von-Guericke-University Magdeburg since January 2021. He holds an M.Sc. degree in computer science from OVGU Magdeburg. Tony John will be mainly contributing experiments in terms of bandwidth and latency measurements of SCION over BRIDGES.
M.Sc. Thorben Krüger is a Ph.D. student in the team of Prof. Hausheer at the Faculty of Computer Science at Otto-von-Guericke-University Magdeburg since May 2020. He holds an M.Sc. degree in system and network engineering from the University of Amsterdam. Thorben Krüger will be mainly contributing to the experiment evaluation. He will be joining the project team from October 2022.
George Mason University:
Jerry Sobieski is a Co-Principle Investigator of the BRIDGES Project (NSF and GMU). Prior to this, he was a CRO at NORDUnet driving advanced networking research efforts between NORDUnet, the European R&E community, and the Global R&E Networks internationally. Jerry Sobieski will be leading the US-side of the project team and strongly support the SCION setup over the BRIDGES infrastructure.
Dr. Liang Zhang is a postdoctoral research fellow at GMU. He received his M.S. degree in information and communication engineering, University of Science and Technology of China (USTC), China, in 2014, and his Ph.D. degree in electrical engineering from New Jersey Institute of Technology (NJIT), USA, in 2020. Liang Zhang will also support the SCION setup over the BRIDGES infrastructure.
State of US partner :Virginia
Starting date :
Leveraging Path Diversity to Enhance Resilience, Scalability and Energy-Efficiency with SCION
SCION is a clean-slate Next-Generation Internet (NGI) architecture (http://scion- architecture.net/pdf/SCION-book.pdf) designed to provide route control, failure isolation, and explicit trust information for end-to-end communication. SCION organizes existing Autonomous Systems (ASes) into groups of independent routing planes, called isolation domains, which interconnect to provide global connectivity. Isolation domains naturally isolate routing failures and misconfiguration, give endpoints strong control over both inbound and outbound traffic, and provide meaningful and enforceable trust. As a result, the SCION architecture provides strong resilience and security properties as an intrinsic consequence of its design.
Besides high security, SCION also provides a scalable routing infrastructure and highly efficient packet forwarding. As a path-based architecture, SCION end hosts learn about available network path segments, and combine them into end-to-end paths that are carried in packet headers. Thanks to embedded cryptographic mechanisms, path construction is constrained to the route policies of Internet Service Providers (ISPs) and receivers, offering path choice to all parties: senders, receivers, and ISPs. This approach enables path-aware communication, an emerging trend in networking. These features also enable multipath communication, which enhances privacy by obfuscating traffic over multiple paths, facilitates high availability, rapid failover in case of network failures, increased end-to-end bandwidth, dynamic traffic optimization, and resilience to DDoS attacks.
Since the start, the research on improving the SCION architecture has been complemented by implementation and deployment. Since 2014, an operational SCION network has been in operation in Switzerland. The current maturity of the software has been achieved through professional and experienced developers, which have recently built the 5th generation of the software. Moreover, this has been complemented by substantial efforts in formally modelling and verifying key parts of the SCION architecture, such that SCION has reached a level of maturity, which renders it ready today for large-scale deployment.
In order to provide a low entry bar for researchers and application developers who wish to explore and assess the capabilities of SCION, we have developed SCIONLab (https://netsec.ethz.ch/publications/papers/icnp2020_scionlab.pdf), a flexible, scalable, and extensible SCION network running at global scale. SCIONLab provides users with fast setup, enabling them to instantiate a SCION node as a VM in a few clicks, requiring little technical expertise to join the SCION network. Thereby, SCION nodes can contribute to the routing within the SCION topology and researchers can attach their own computing resources anywhere in within the SCIONLab network.
To this end, the objectives of this project are twofold: (a) To interconnect SCIONLab with the BRIDGES infrastructure over two very high-speed transatlantic links, in order to increase the path diversity and bandwidth for SCIONLab experiments and (b) to run experiments between the US and Europe over the SCIONLab testbed to demonstrate the privacy-enhancement (e.g., by splitting traffic over multiple paths) and improved reliability (e.g. with multi-path and seamless path failover) over SCION, as well as to show the scalability of our SCION-based path discovery mechanisms which help to effectively reduce the network’s power consumption and incentivize ISPs and transit providers to shift towards greener electricity.
The SCIONLab testbed has currently a strong basis in Europe, with deployments, a.o., in multiple research networks including GEANT GTS, SWITCH, DFN-GVS, SIDN, and Fed4FIRE+ (VirtualWall, Grid5000). However, it lacks high-bandwidth connectivity and path diversity to their US counterparts, such as Internet2, FABRIC and others. By interconnecting SCIONLab with BRIDGES’ infrastructure, we will be able to increase the path opportunities over the Atlantic and carry out experiments at very high speeds using SCION’s native path-awareness and multipath support. The enhanced SCIONLab network will be maintained even after the end of this project and offered on a continuous basis to experimenters and application developers in other NGI topics.
Our project has addressed and contributed to the impacts in relation to the NGI initiative as follows:
Impact 1: Enhanced EU – US cooperation in Next Generation Internet, including policy cooperation.
The rise of new network services and architecture proposals has led to the success of global network testbeds like PlanetLab or the Peering testbed. Unfortunately, current testbeds have shown shortcomings, e.g., related to the “security” of running your code or using your own configuration, requiring individual vetting by the testbed, the difficulty to evaluate DoS / security in real-world environments, and resource availability (especially computation).
Moreover, these testbeds did not enable important networking aspects, including multipath routing, path-aware networking, security applications requiring per-AS certificates and cryptographic keys, secure routing, etc.
With the SCION deployment over BRIDGES and the experiments proposed in this project, we are able to significantly advance networking research through several experiments over the enhanced SCIONLab testbed across the Atlantic, which provides the possibility to run path-aware networking experiments enabled by the underlying SCION architecture.
Impact 2: Reinforced collaboration and increased synergies between the Next Generation Internet and the US Internet programmes.
Our experiments meet NGI objectives such as privacy-enhancement by leveraging the SCION path diversity provided in a native fashion across the Atlantic. Additionally, experiments with our enhanced SCION-based path discovery mechanisms demonstrate the increased throughput, reliability, and energy-efficiency that can be achieved based on the SCION Internet architecture, thanks to a better utilization of network resources and through SCION’s native multi-path property.
These impacts are well aligned with the objectives of our US partner in this project, GMU, who receives funding from NSF under BRIDGES - Binding Research Infrastructures for the Deployment of Global Experimental Science (Award Number: 2029221). NSF BRIDGES serves two key objectives: First, it is a prototype and demonstrator of a fully virtualized cyber-infrastructure architecture in support of future global science applications and advanced networked services such as SCION. Second, BRIDGES links European research facilities directly to US research facilities by constructing a 100 Gbps research focused network ring spanning the North Atlantic. This BRIDGES facility has the explicit purpose to facilitate collaborative global experiments across a common, contiguous, seamless and fully federated network research infrastructure.
Impact 3: Developing interoperable solutions and joint demonstrators, contributions to standards.
There have already been a number of efforts in standardizing SCION at the IETF, e.g. within PANRG (Path Aware Networking Research Group) and TAPS (Transport Services) working groups. Specifically, Internet Drafts on the SCION overview, the SCION Components Analysis and on DRKey (Dynamically Recreatable Key) have been written up. Additionally, a presentation on PANAPI (Path Aware Networking Application Programming Interface) has been given at a recent IETF TAPS meeting. The results of our experiments will also partially be fed into these ongoing standardization efforts.
More recently, SCION was also present at the IETF meeting 115 in London. Specifically, an overview on the ongoing standardization work related to SCION was given during the RTGWG (Routing Area Working Group) and the PANRG meetings and the progress with respect to these efforts was highlighted. In the next steps, the received feedback will be addressed and the existing Internet Drafts on SCION will be improved. Additionally, there will be also new drafts documenting current specifications on the SCION control plane and the SCION data plane.
Impact 4: An EU - US ecosystem of top researchers, hi-tech start-ups / SMEs and Internet-related communities collaborating on the evolution of the Internet
The rapid growth of the Internet is driving the emergence of various new network services (e.g., IoT) at a global scale. The limitations of the existing Internet architecture towards those new requirements has significantly increased the demand for advanced wired networking architectures overcoming those limitations.
SCION is a novel secure Internet architecture which aims to provide route control, failure isolation, and explicit trust information for end-to-end communications. As discussed in detail in the original SCION paper , no existing solution simultaneously provides the capabilities as SCION does, although individual aspects are covered by these efforts, which SCION builds upon. SCION has already lead to a new start-up, Anapaya Systems and a quite large SCION community, especially in Europe but also worldwide.
With our joint EU-US SCION setup and experiments over NSF BRIDGES these efforts are strengthened further. Researchers directly benefit from the major performance improvement due to the high bandwidth and low delay capabilities over BRIDGES. Furthermore, users also benefit from additional paths within SCIONLab passing across several transatlantic links. This results in a significantly improved SCIONLab network between the US and Europe to run
sophisticated SCION experiments, which will give a more detailed insight into the SCION infrastructure deployed on native connections at a wide scale. To this end, we will also further disseminate the results of our experiments.
The expected results from our project will provide a deep insight into the potential of SCION in terms of privacy, reliability, and energy-efficiency enhancement by leveraging path diversity across the Atlantic. By analysing timing and throughput to different remote locations from both EU and US locations within the enhanced SCIONLab testbed, conclusions on the overall SCION multipath and path-awareness capabilities can be drawn, at a scale which would otherwise not be possible. Additionally, the resulting performance models gained from the enhanced SCIONLab network topology can be used to estimate the performance of the SCION network on a worldwide scale.
The benefit for the research community is a significantly improved SCIONLab network between the US and Europe to run sophisticated SCION experiments and a more detailed insight into the SCION infrastructure deployed on native connections at a wide scale. This will enable to show the true potential of SCION in real measurements.
Researchers will directly benefit as we expect a major performance improvement from the high bandwidth and low delay capabilities over BRIDGES. Furthermore, users will also benefit from additional paths within SCIONLab passing across several transatlantic links.
This way the user satisfaction can be further increased, while potentially reducing the load on congested paths. Based on the derived results, suitable deployment alternatives of SCION can be identified and compared, considering the network topologies both within and among different locations. This will allow us to further reduce delays and increase throughput within our SCIONLab network.
The proposed experiments are of high interest in the context of the NGI priority topics. To achieve this, it is necessary for the experiments to be able to select and use multiple paths across the Atlantic as it can be done by the proposed platform with SCION.
Future Plan :
The objective of this project was to deploy SCION over the NSF BRIDGES infrastructure in order to demonstrates the SCION benefits by means of experiments across the Atlantic. To this end, the redundant BRIDGES network with dual 100G links enables researchers to select and use multiple paths across the Atlantic as facilitated by SCION. While we have successfully deployed three SCION servers within BRIDGES and six SCION servers with GEANT with native SCION links in the respective networks, the actual connection of BRIDGES with GEANT in order to exchange SCION traffic remains part of our future work, as our deployment will be further expanded. Given the huge number of connection opportunities on both sides, connecting BRIDGES with GEANT will be of great benefit for SCION research.
- Six new nodes added to the SCION testbed in Europe, and three nodes on BIRDGES in the US (at George Mason University, University of Virginia, and Princeton)
- Results validate the benefit from enhanced privacy, availability, reliability, and energy-efficiency on the SCION network.
- Demonstrate the capability of the SCIONLab testbed by showing its reliability while deliberately interrupting certain connections within the SCIONLab network.
- Pre-standardisation: Presentations at IETF 114 (Path Aware Networking RG meeting) and IETF 115 (Routing Area Working Group, and PANRG)