PCBs are flooded through multiple
paths over policy-compliant paths to discover multiple paths between any pair of
core ASes. SCION’s beacon servers can
be configured to implement current BGP
policies, as well as additional properties
(such as control of upstream ASes) BGP
is unable to express.
Path servers store mappings from AS
identifiers to sets of such announced
path segments and are organized as a
hierarchical caching system similar to
today’s DNS. ASes, through the master
beacon servers, select the set of path
segments through which they want to
be reached, uploading them to a path
server in the ISD core.
Certificate servers store cached
copies of TRCs retrieved from the ISD
core, store cached copies of other ASes’
certificates, and manage keys and cer-
tificates for securing intra-AS com-
munication. Beacon servers require
certificate servers when validating the
authenticity of PCBs.
Border routers forward packets between ASes supporting SCION. In the
case of a control packet, the border
router forwards it to the appropriate
server, and, in the case of a data packet,
forwards it either to a host inside the
AS or toward the next border router.
Since SCION can operate using
any communication fabric inside an
AS, the internal routers do not need to
be changed.
Path exploration and registration.
Through inter-domain beaconing, core
ASes discover paths to other core ASes.
Through intra-domain beaconing,
inside ASes. We did not include name
servers in Figure 2b, as their operation
is similar to today’s DNS.
Beacon servers are responsible for
disseminating PCBs, as in Figure 2a.
Beacon servers in a core AS generate intra-ISD PCBs that are sent to non-core
ASes of the ISD. Non-core AS beacon
servers receive these PCBs and re-send
them to their customer ASes, resulting
in AS-level path segments. Figure 3 outlines PCBs propagated from the ISD
core down to customer ASes. At every AS,
information about the AS’s interfaces is
added to the PCB. The beacon servers
generates a set of PCBs it forwards to
its customer ASes. In the case of inter-ISD
communication, the beaconing process
is similar to BGP’s route-advertising
process, although it is periodic and
Figure 2. SCION components at different scales: (a) SCION ISD with PCBs propagated from the ISD core down to customer ASes, and path
segments for ASes A, B, C, D, and E to the ISD core; and (b) magnified view of an AS with its routers and servers. The path from AS C to the
ISD core traverses two internal routers.
(a) (b)
AS
Peering link Core PCB
Path server
Beacon server
Certificate server
AS border router
AS internal router Non-Core PCB Prov.-Cust. link
