The Internet has become an integral part of our lives, connecting people and devices across the globe. However, as technology advances and our reliance on digital connectivity grows, the traditional Internet architecture faces scalability, security, and reliability challenges. As a result, a new architecture has emerged: SCION (Scalability, Control, and Isolation on Next-Generation Networks) is a modern approach to designing a secure, reliable, and performant Internet architecture.
In this article, we will delve into the world of SCION and compare it to the traditional Internet. While most people are familiar with the Internet as we know it today, few are aware of the cutting-edge advancements that SCION brings to the table. By exploring the advantages and key differences between SCION and the traditional Internet, we hope to shed light on the potential of this innovative technology and its impact on the future of digital communication.
Understanding the Traditional Internet
The origins of the Internet can be traced back to the 1960s when the U.S. Advanced Research Projects Agency Network (ARPANET) began developing a public packet-switched network. The first successful message between two computers occurred in 1969 when a student at the University of California Los Angeles (UCLA) logged in to the mainframe at the Stanford Research Institute (SRI). Over the next few years, ARPANET grew into the precursor of today's Internet.
The National Science Foundation Network (NSFNET) replaced ARPANET as the backbone of the Internet in 1989. Commercial and other Internet service providers (ISPs) emerged, connecting to the NSFNET. Ethernet standards, commercial routers/switches, LAN networks, and mature implementations of TCP/IP on Unix and Linux systems further contributed to the growth of the Internet.
Today, the standard Internet consists of two primary components: the physical infrastructure and the protocols used to establish communications between users.
Physical infrastructure:
The physical infrastructure of the Internet consists of a vast network of interconnected routers, switches, and undersea cables. These physical components facilitate the transmission of data packets across long distances, allowing information to travel between different locations worldwide.
Protocols:
The protocols used in the traditional Internet architecture are collectively known as the TCP/IP protocol suite. TCP (Transmission Control Protocol) and IP (Internet Protocol) are the foundational protocols that enable the reliable transmission of data packets between devices.
IP is responsible for addressing and routing data packets across the Internet. It assigns unique IP addresses to devices and ensures that packets are delivered to their destinations. The IP protocol also defines the structure of data packets and handles the fragmentation and reassembly of larger data units.
TCP is a connection-oriented protocol that provides reliable, ordered, and error-checked delivery of data packets. It establishes a connection between the sender and receiver, breaks data into manageable chunks (segments), and reassembles them at the destination. TCP also implements flow control and congestion control mechanisms to optimize data transmission.
In addition to TCP/IP, other protocols such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), and DNS (Domain Name System) are used for specific purposes like web browsing, file transfers, and domain name resolution.
Finally, the Internet, being a network of networks, uses the Border Gateway Protocol (BGP) to “glue” the different networks together. Through BGP, the networks of the Internet - also called Autonomous Systems (AS) - exchange routing information in the form of IP prefixes. The BGP is what makes the Internet work. However, it is also the root cause of many of the scalability, reliability, and security challenges that plague the Internet.
Strengths and limitations of the Traditional Internet
The traditional Internet architecture has several strengths that have enabled it to become the backbone of modern communication:
Global connectivity |
The traditional Internet allows users from different parts of the world to connect and communicate with ease, facilitating global collaboration and information sharing. |
Established infrastructure |
The existing physical infrastructure of the Internet, including undersea cables and network infrastructure, provides a robust foundation for data transmission. |
Widely adopted standards |
The TCP/IP protocol suite and BGP have become the de facto standard for Internet communication, ensuring interoperability between diverse devices and networks. |
However, the traditional Internet also has its limitations:
Scalability |
Its architecture faces scalability challenges as the number of connected devices and users continues to grow rapidly. The reliance on ever-growing routing tables and the limitations of routing protocols can hinder efficient scalability. |
Reliability |
Due to the nature of BGP, faults that are localized in nature can spread throughout the Internet and cause global outages. Furthermore, after each change, the Internet needs to reconverge to a stable state. This reconvergence process can take minutes or even hours to complete all while negatively impacting connectivity. |
Security vulnerabilities |
The traditional Internet architecture is susceptible to various security threats, including DDoS attacks and routing-based security flaws. |
Lack of control and transparency |
Network participants have very little control over how their data is routed through the Internet. Furthermore, there is a complete lack of transparency in which network paths are being used by packets traversing the Internet. |
Understanding the strengths and limitations of traditional Internet architecture sets the stage for exploring SCION, a modern approach that aims to address these challenges and redefine the future of digital communication.
Introducing SCION
SCION (Scalability, Control, and Isolation on Next-Generation Networks) is a revolutionary approach to global Internet architecture that aims to address the limitations of the traditional Internet. Developed as a research project at ETH Zurich, Switzerland, SCION is designed to provide enhanced security, control, robustness, high availability, and isolation.
Unlike traditional Internet routing protocols that rely on fixed routing tables and hop-by-hop forwarding, SCION introduces path-aware networking and policy-based routing (PBR) equivalents, offering greater flexibility and control over traffic routing. Its architecture allows end hosts or gateways to learn about available network path segments and combine them into end-to-end paths, which are then carried in packet headers. This ensures secure end-to-end communication, even in link failures or malicious attacks.
SCION also enables much greater control over sources that can reach a certain destination network. The chart below compares access activities to a prominent Swiss Bank's data center gateways from external sources during the first quarter of 2023. Using the data from an intrusion detection system, it was discovered that there were 200,053 malicious attacks coming in via the traditional internet, while only one specific attack with malicious intent occurred on the SCION-based internet. The reason for that was that the bank had fine-grained control from which sources its gateways were accessible, effectively blocking out almost all unwanted traffic before it even reached the gateways. Furthermore, thanks to the visibility features of the SCION network, it was possible to trace the source of that one particular attack.
SCION's architecture is based on several fundamental design principles:
Path-aware networking:
SCION introduces path awareness by allowing end hosts to determine and select the network paths they will use for communication. This enables greater control over traffic routing and facilitates the establishment of more reliable and efficient paths.
Isolation and security:
SCION incorporates strong security measures to protect against various threats, including DDoS attacks and routing-based vulnerabilities. Using cryptographic mechanisms, it ensures that all network paths are verifiable and unforgeable. It also enables the creation of secret paths that can only be used by selected communication partners, enhancing security and privacy.
Scalability:
By replacing the need for centralized routing tables with path-aware routing, SCION provides a more scalable solution that can handle the increasing number of connected devices and users.
Control and customization:
By offering granular control and customization options for network operators, SCION allows for the definition of specific routing policies, enabling organizations to meet compliance requirements, optimize performance, and tailor network paths based on their specific needs.
Key features and innovations of SCION
SCION introduces several key features and innovations that make it a powerful alternative to the traditional Internet architecture:
Highly available communication |
Using multipath communication, it provides greater resilience to network failures. This enhances communication availability and reliability, reducing network failures' impact. |
Client path control |
SCION allows for precise control over the path each packet takes during communication. This feature is handy for compliance purposes, as organizations can ensure that packets do not traverse specific ISPs or geographical locations. |
Hidden paths |
Enabling the creation of hidden paths that are cryptographically protected, SCION ensures that, even if an attacker knows the network topology, these paths remain invisible, making them immune to DDoS attacks or other kinds of exploitation of critical vulnerabilities. |
Interoperability with existing infrastructure |
With its ability to be deployed on top of existing IP networks, SCION allows for a gradual adoption and integration of its features, making it easier to transition from traditional Internet routing protocols. SCION-IP gateways allow for compatibility between existing IP networks and SCION-based communication. |
Transport agnostic |
It can run natively using SCION headers or utilize commonly-used underlay transports, such as IP or MPLS networks. This transport-agnostic nature enables flexibility and compatibility with different networking technologies. |
BGP-free solution |
Aiming to replace the Border Gateway Protocol (BGP) as the primary routing protocol, SCION provides resilient paths that are not susceptible to BGP hijacking and other vulnerabilities, enhancing the security and stability of Internet routing. |
Reduced data plane processing |
SCION reduces the processing required on data packets, improving overall network efficiency and reducing latency. This also helps to reduce the cost of networking hardware and services. |
Advantages of SCION over the Traditional Internet
The advantages of SCION over traditional Internet architecture are numerous. Perhaps most notably, this new approach offers greater control and customization for network operators and enhanced security, availability, scalability, and privacy for users.
SCION empowers network administrators with fine-grained control and isolation mechanisms, allowing the definition of specific routing policies and access control rules. This helps organizations meet compliance requirements, optimize performance, and custom-tailor network paths based on their specific needs.
SCION also supports network slicing, which facilitates the creation of dedicated virtual segments with individual routing policies and resource allocation for different services or user groups. This makes it possible to prioritize certain types of traffic, enable high-throughput applications, and ensure the availability of mission-critical services.
By offering advanced security features that address the vulnerabilities present in the traditional Internet architecture, SCION provides a robust defense against DDoS attacks and routing-based security flaws.
Finally, SCION overcomes the scalability limitations of the traditional Internet by eliminating the reliance on centralized routing tables. With its path-aware networking and decentralized routing approach, SCION can support millions of devices and users while enabling optimized network performance, fault tolerance, and efficient load balancing.
Key differences between SCION and the Traditional Internet
When exploring the key differences between SCION and the traditional Internet, it becomes evident that SCION offers significant advancements in speed, reliability, security, routing approach, addressing, trust models, and governance.
SCION stands out as a secure and reliable solution, providing immunity to routing attacks and robust protection against DDoS attacks. Independent testing has shown that SCION can be 20%-25% faster than the traditional Internet, with lower latency and faster data transmission. These advantages make SCION the preferred choice for large organizations and government agencies that require secure and efficient connectivity.
Regarding routing, SCION adopts path-based routing, offering more control over traffic routing. In SCION, end hosts determine the paths and carry path information in packet headers, enabling end-to-end control over network paths.
Another notable difference is the trust and security models. The traditional Internet relies on trust assumptions, such as trust in ISPs and routing protocols. Additional security layers like VPNs are often required to ensure secure communication. In contrast, SCION introduces trust anchors and cryptographic mechanisms to establish a secure network. SCION's trust hierarchy, enabled by trust anchors, provides end-to-end path protection and resistance against routing attacks, enhancing security without relying solely on trust assumptions.
How can SCION benefit your organization?
Possibilities are endless with faster, more reliable, and secure Internet connectivity. With SCION, lower latency translates to a seamless and fluid user experience across various services and applications. In the business world, faster speeds mean more productive webinars and conference calls and efficient real-time services like retrieving critical information or providing quality customer service.
For the financial sector, government, and medical or research institutions, where digital transactions are crucial, SCION's speed ensures consistent and secure online financial activities, preventing costly delays that could impact operations. Its secure lines of communication help ensure the confidentiality of critical data, helping to protect confidential information and reduce the risk of data breaches.
For mission-critical services, SCION's built-in security features and fault tolerance capabilities make it an ideal solution. It also offers greater control over traffic routing and network slicing for custom-tailored network paths, enabling organizations to meet specific requirements and compliance standards. Real-time control and monitoring offer a way to manage time-sensitive processes and secure connectivity to remote or mission-critical sites.
Finally, SCION provides a more efficient networking experience, reducing the need for additional layers of security protocols and lifting the burden from your existing infrastructure. Looking ahead, future technologies such as IoT implementations, autonomous cars, and AR/VR applications will significantly benefit from SCION's low latency and high-speed connectivity, enabling their full potential in modern life.
Whether you're a bank, government entity, or multinational business, adopting Anapaya's SCION technology offers the best of both worlds: enhanced efficiency and reduced operational time without compromising security or reliability. To learn more about the advantages of SCION or to see how it can meet your organization's needs, book a meeting with us today.
TAGS:
Anapaya