This new network is based on a novel networking technology, SCION, researched and developed at ETH Zurich in collaboration with Anapaya Systems. Offering a decentralized any-to-any architecture, extreme reliability, protection against network-level threats, and clearly defined governance and trust anchors, the network can power and improve existing and new use-cases such as open banking and digital exchanges.
Three network providers build a federation and are deploying Anapaya’s SCION routers (aka. Anapaya CORE) at the borders of their network. The SCION routers are then interconnected to form the redundant core network. Users of this new network, i.e., financial institutions, are connected to the core network by one or more network providers, using Anapaya EDGE gateways. These EDGE gateways provide the entry points for users to use the network as a communication platform - they transparently enable traditional IP-based communication to use a SCION network (“IP-in-SCION encapsulation”). EDGE gateways are in control of which network path to choose when sending data through the network - a concept called “path control” that is at the center of any SCION-based network. This path control combined with the availability of many different paths (native multipathing) is what enables the extreme reliability of SCION-based networking. Choice of path is set by defining rules (e.g., always choose the path with the lowest latency).
In the following, we present how the reliability and resilience of the new network was demonstrated under extreme conditions using real-world applications.
Fig 1. New network evaluation setup
The evaluation setup is depicted in figure 1. Two financial institutions are each connected to two network providers in two different sites. At each site, an Anapaya EDGE gateway is deployed acting as the entry point to the core network. Each gateway offers a SCION tunneling interface towards every other gateway on the remote destination. IP prefix information needed to route traditional IP traffic between the two financial institutes is learned locally through the Border Gateway Protocol (BGP) and redistributed between Anapaya EDGE gateways using the SCION Gateway Routing Protocol (SGRP) ensuring dynamic and seamless integration of the Anapaya EDGE gateways in the existing network infrastructure of the financial institutes.
Finally, two test instances of system-critical applications have been set up to evaluate the application impact of the various test scenarios performed. The applications use a classical client-server-based architecture, where the client and server establish a secure session over which information is exchanged.
Test Scenarios and Results
To demonstrate the reliability and resilience of the new network, a series of tests have been performed and their results evaluated. The tests involved various failure scenarios including
- Link failure in the access network
- Link failure in the core network
- Complete CORE router failure in the core network
- Complete EDGE gateway failure (resulting in site failover)
- Complete failure of an entire network provider
As a baseline, two continuous and active application sessions were maintained between the two financial institutes and the effect of each failure scenario was observed on those active sessions. Furthermore, failover time on the network level was measured. In a final step, the results of each failure scenario in the new network were compared against the results obtained using the existing financial network infrastructure (where possible).
Table 1: Test Results and comparison to existing infrastructure
Table 1 shows the results of the various test scenarios. It clearly shows the extreme reliability and resilience of the new infrastructure. Throughout the entirety of the testing, not once any of the active sessions needed to be re-established and information was flowing uninterrupted - despite all the failure cases that were evaluated. Looking at the effective failover times, i.e., the time needed to find and switch over to a working network path on the new network shows a sub-second failover time in most cases. Only when an entire site failed, the site-to-site failover took in the order of 5 seconds, but even that did not lead to an interruption on the application level. Compared to the results of the existing network infrastructure shows a clear improvement in terms of reliability. In every single scenario, a session had to be re-established. The reason for that is not only insufficient failover time but also that network endpoints change because of the failover requiring the establishment of a new application session.
The new network infrastructure has been built and tested for financial service institutions in Switzerland. Over the course of 2020, the Swiss National Bank and SIX in partnership with Swisscom, Sunrise, and SWITCH as network operators and Anapaya as technology provider built the technical infrastructure to power the new network. The test performed and showcased in this article demonstrates the resilience of a network based on the SCION technology. As both test participants have two gateways and use at least two carriers, there always existed a path and thus there was no application session interruption or message delivery delay. This is a significant improvement compared to current solutions, as up to now there would always have been a session interruption. Certain applications, e.g., for payments or financial information, however, are time-critical and would therefore benefit from uninterrupted sessions and no message delays.
“Extensive testing under extreme conditions has proven the reliability and resilience of the infrastructure - made possible by the path control and inherent multipathing properties of a SCION-based network architecture. This level of reliability and resilience is a vast improvement to ensure business continuity for current and future system-relevant use cases and applications not only in the financial sector but also for other critical infrastructures.” – Fritz Steinmann, SIX, Senior Network and Network Security Architect