We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback
00:00

Formal Metadata

Title
SCION
Subtitle
Future internet that you can use today
Title of Series
Number of Parts
490
Author
Contributors
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Do you know where your internet traffic flows? Does it go through China even if you don't want it to? SCION is a new internet architecture aimed at solving this problem. We will show how you can easily join the already existing worldwide network. The current Internet was not designed with control and security considerations in mind: incidents such as the hijacking of all traffic for YouTube by a Pakistani ISP in February 2008, the Cloudflare DNS service hijacked by AnchNet in May 2018, or a large chunk of European mobile traffic being rerouted through China in June 2019 show that we cannot quite trust the current Internet. SCION is a proposed future Internet architecture aiming to offer high availability and security, even in the presence of actively malicious network operators and devices. Designing a new Internet from scratch gives us the opportunity to make it work a lot better: we are aiming to notably improve security, availability, and performance. At the same time, just replacing the Internet would not be feasible, and thus we also emphasise practical concerns, such as incremental deployment and backwards compatibility. Thanks to that, SCION is currently the only clean-slate Internet architecture with a world-wide research network and production deployments in several large institutions in Switzerland; and you can start using it today.
33
35
Thumbnail
23:38
52
Thumbnail
30:38
53
Thumbnail
16:18
65
71
Thumbnail
14:24
72
Thumbnail
18:02
75
Thumbnail
19:35
101
Thumbnail
12:59
106
123
Thumbnail
25:58
146
Thumbnail
47:36
157
Thumbnail
51:32
166
172
Thumbnail
22:49
182
Thumbnail
25:44
186
Thumbnail
40:18
190
195
225
Thumbnail
23:41
273
281
284
Thumbnail
09:08
285
289
Thumbnail
26:03
290
297
Thumbnail
19:29
328
Thumbnail
24:11
379
Thumbnail
20:10
385
Thumbnail
28:37
393
Thumbnail
09:10
430
438
InternetworkingStatisticsBitMultiplication signUsabilityReal numberComputer animation
InternetworkingSlide ruleRight angleInternetworkingComputer animation
EmailCASE <Informatik>InternetworkingDifferent (Kate Ryan album)Computer clusterSoftwareCausalityComputer animation
Multiplication signInternetworkingVirtual machineComputer animation
Internet der DingeDifferent (Kate Ryan album)Computer animation
TelecommunicationInformationControl flowSet (mathematics)RoutingGame controllerBitDataflowMessage passing
Category of beingRoutingStreaming mediaInternet service providerRandom matrixIntegrated development environmentSoftwareRouter (computing)CASE <Informatik>1 (number)MathematicsComputer animation
Internet service providerSoftwareDigital photographyGame controllerRoutingScalabilityIntegrated development environmentIn-System-ProgrammierungCASE <Informatik>Router (computing)Open sourcePublic domainPoint (geometry)Arithmetic meanHierarchyDifferent (Kate Ryan album)Computer animation
Computer networkSoftwareComputer animation
Computer networkUniverse (mathematics)Computer animation
Computer networkWorkloadComputer animation
Mixed realityLogic gatePoint (geometry)Ocean currentLevel (video gaming)Computer architectureMereologyServer (computing)Software testingBuildingRouter (computing)Inheritance (object-oriented programming)Computer animation
MultiplicationControl flowInternet service providerDifferent (Kate Ryan album)CASE <Informatik>Cartesian coordinate systemSlide ruleLecture/Conference
Link (knot theory)Computer animationLecture/Conference
Open sourcePoint cloudFacebook
Transcript: English(auto-generated)
OK, just a bit of statistics. Does any one of you have been yesterday to the same talk but in the longer version? OK, not so many people. So it will be the same, but I will do it in 10 minutes instead of 50. So probably everyone will enjoy.
OK, so long story short, we are trying to redesign internet, of course, because everyone wants to do it. We are kind of academies because I'm coming from ETH Zurich, but also we have a spin-off which is now doing this for real. So for people to really use it, and it's something usable. So it's not just a next wish, nice, dream,
which has nothing to do with reality, but really have something working. That's why I want to present it. I will skip this slide because of the timing. So what we are doing? So of course, we are designing the new internet because there is a fundamental problem with the current internet, which I will show you in the next slide.
We are doing this in a very clean state, which means we get rid of what you have currently and we redesign it. Not to be too much of a revolutionist, we are trying to make it working on the current infrastructure also. So you have mixed deployments, so you do not really need to redesign all your infrastructure at once because this is money and probably it's nice,
but you won't do it in reality. So you want to have a solution that you can use from right now. So this is one of the snapshots of the articles from Wired, infrastructure mess causing countless internet outages. You can see it every month. So BGP causes problems. In general, routing causes problems.
And if you go into the whole network stack layer for, it's in general causing a lot of problems because people either use it incorrectly or people do not know how to use it, or it's been designed 50 years ago and it covers different use cases. Because at the time when internet was originally designed,
everything was super simple. So your computer, it was just a machine for sending mails, nothing more. But right now, we have really smart devices. So all the IoT blockchains, all these fancy buzzwords, this really needs different concepts, different approach to privacy, to how we treat data, where we store data, who has access to data, and all these kind of things.
So we are creating a new protocol, a new set of protocols, just a bunch of buzzwords. So route control, failure isolation, trust information, end-to-end communication, these are just buzzwords. Let me explain a bit more what we are trying to do. So route control, the fundamental problem I have
with BGP is that you, as the end user, I, as the end user, I have completely no control of how my data flows, where it goes. I can only specify the destination, but I have no idea what happens. Every half year, I think there is something, yeah, I will try putting it a bit like this. Maybe it will be better.
So every half a year, we can read articles. China steals data, or data flows through Pakistan, even though it shouldn't, and all this kind of stuff. Sometime ago in Switzerland, we had a problem, so the traffic, which was supposed to only stay in the country, was going through Russia and China. And then, you know, I'm asking why. Why does it happen? Because there is no fundamental reason.
If I'm sending some message to a dude on the other side of the street over the internet, I want it to go with the short path, not through the other continent. So yeah, what you are trying to provide, this is the very first fundamental for this dev room. So we decentralized route, we decentralized routing.
So there is no entities on the way which control what happens to your data. You control it. So you can see with different colors, we have two computers, and we want to send data between them. So you select how the stream goes. You select the path based on different incentives. Do you want it to be high throughput? Do you want it to be super secure because it goes only through ISPs
which provide you the best trust? Of course, there is kind of money aspect because some paths, they can be cheaper. The other ones can be more expensive, different properties. But also what we want to achieve is very fast failure, resistance to failure. So I'm always bitching on BGP and BFD
because I work with this and I do not like it because it doesn't work properly in flaky network environments. So by offloading this to user, to the application, you have the possibility to react immediately to any change in the network. You do not need to wait for all the routers to converge and whatever happens in between
because you don't know what happens. So, you know, it's just a matter of trust. You trust these guys selling you internet, but they do what they think is good for you. But this is not always the case. Yeah, so path control. You select the path. I won't go into details. I just want to highlight for people knowing this stuff. This is not source routing. This is a fundamentally different concept
because you select the whole path. Routers, they just follow instructions. Routers are stateless, which also means from performance perspective, it's probably not super interesting for this Dev Room, but you do not need to parse so much stuff from the packet because you just check where to send it next. Thank you, it's done. And also the policies are enforced
in your local neighborhood, which means we have the concept of isolation domains. It can be your city, your company, your country, depends how you want to design it. The main point is you do not need to trust everyone in the network. You all need to trust your isolation domain. So if I build isolation domain for my family,
my father, my mother, my grandma, my dog, they do not need to trust my ISP and a bunch of other dudes. They all need to trust me as the ISD. So all the certificates, all this kind of stuff, it happens in this very local environment. I do not need to trust some global routes
somewhere out there. And yeah, different feature scalability because routers are stateless and we have this kind of hierarchical routing. You do not have the super huge routing tables, which you can easily mess with and just make your traffic to behave very incorrectly. We have native multipath.
So this can be a nice feature for some people because you can just use your infrastructure better. And you also can control your data more because if you go multipath, even if something went wrong, even if some ISP on the way goes crazy, goes rogue, it doesn't have all the data. And photo runs, this is what I said, by offloading this and doing kind of IKEA,
do it yourself style, you have more control because you, as a developer, you can decide what is good for you, how to behave in case of some problems. Yes, I tested my demo, but I will not show you this. Okay, just, yeah, I won't describe details. It just, we have two separate networks running already.
So this is used both by researchers around the world, but this is also used already by Swiss government and Swiss National Bank. So it's not just a bunch of guys at university doing something for fun. This is really used for more than two years now for mission critical workload of Swiss National Bank. So if they trust, I mean, Switzerland finance,
banking, all this kind of stuff, if they trust it, I would use it. Okay, so how can I run it? Because I'm saying like very, very high level overview, but I want to sell you the point. This is super easy to run. We run on any commodity server. You do not need Cisco, Juniper, or these guys to build super expensive switches and routers for you.
This is a very standard 64-bit architecture. You can take your PC, your laptop, whatever you want, even Raspberry Pi, and you can run as part of infrastructure on this device. And I said at the very beginning, we have a possibility of doing mixed deployments because of course, if we told everyone, now you need to redesign from scratch,
people wouldn't be able to join this party because they will say, okay, but we need to invest so much money and maybe there is some gain, maybe there is not, it's too risky. So we are trying to make it super easy to join on top of current stuff you have, test it, and if you are happy, push your ISP, push your IT departments, whatever,
you name it, this kind of corporate bullshit and move forward to the native deployment. Yeah, we have some Hello World, you can go through slides later. In GitHub, we have more serious applications using natively Sion. Yes, we are very happy to see different use cases because we have some, but also downstream contributors,
they are always super appreciated because you people always invent kind of use cases, solutions, problems, which we wouldn't even think about. Yes, I will show the next demo, but no, and a bunch of links if you are interested, and yes. Thank you.