Autonomous System

An autonomous system is a computer network controlled by a single entity, typically an Internet-service provider or a larger organization like a university, participating in the Internet routing. In the traditional BGP-based Internet, ASes are assigned 32-bit autonomous system numbers (ASN). The AS identifiers in SCION are longer, 48-bit, and usually occur in combination with the identifier for a specific ISD in which the AS is being identified.

In SCION, the concept of ASes takes a more prominent role as it also serves as “locator” in the addressing of end hosts.

Bidirectional Forwarding Detection

Bidirectional Forwarding Detection (BFD) is a network protocol that is used to detect faults between two forwarding engines connected by a link. See RFC 5880 and RFC 5881.

In SCION, BFD is used to determine the liveness of the link between two border routers and trigger SCMP error messages.

Certificate Authority

An entity that signs and issues digital certificates, certifying the ownership of a public key by the named subject of the certificate. CAs are a part of a public key infrastructure, like the SCION Control-Plane PKI.

Control-Plane PKI

The SCION Control-Plane Public Key Infrastructure (PKI) defines the certificate hierarchy that allows to tie cryptographic keys to SCION AS identifiers. This is the machinery that allows to authenticate SCION control-plane messages.

See SCION Cryptography.

End Host

A SCION end host is a computer or other device connected to a computer network in a SCION AS, able to send and receive SCION traffic.

In the IRTF PANRG’s vocabulary of path properties, endpoints are the start and end node of a path. An endpoint can be an end host, but it applies slightly more generically to any node which is the source or destination of SCION traffic, e.g. to a gateway.

The terms “endpoint” and “end host” are used mostly interchangeably. End host is preferred where the focus is (physical or virtual) machines and the software running on them, and endpoint is used otherwise.

Interface ID

An interface ID is the AS-local identifier for an inter-domain link.

The interface ID is an arbitrary 16-bit number between 1 and 65535, assigned without external coordination by the operator of the AS.

Isolation Domain

An Isolation Domain (ISD) is a set of participating ASes. ISDs can overlap, i.e. ASes can participate in multiple ISDs.

An ISD represents a scope for CAs in the Control-Plane PKI; CAs can issue certificates exclusively to ASes in their ISD.

At the same time Isolation Domains also serve as a local routing domain. Inside an isolation domain, links between ASes form a directed acyclic graph, allowing efficient path discovery. Only the core ASes (i.e. the ASes at the top(s) of this directed acyclic graph) need to participate in the less efficient inter-ISD path discovery.

See Isolation Domains (ISDs).

Path-Segment Construction Beacon

Path-Segment Construction Beacons are control-plane messages that are propagated through a SCION network during the path exploration (“beaconing”) process. On their way, PCBs accumulate authenticated network topology information (on the granularity of ASes).

SCION Control Message Protocol

The SCION analog to ICMP.

A supporting protocol for the SCION dataplane. It is used by SCION routers or end hosts to send error messages and for diagnostics (ping and traceroute).

See SCMP Specification for more information.

Trust-Root Configuration

Each ISD has a separate trust-root configuration, specifying the core ASes acting as CAs.

See Trust Root Configuration (TRC) Specification.