By Gary Taylor, Solutions Architect

Discover how SCION is transforming internet routing, and how Anapaya and Megaport Virtual Edge are simplifying its adoption.

Enterprise internet routing is anything but simple. With distributed endpoints, data security, and service reliability to consider, it doesn’t take long for network teams to feel overwhelmed with a complicated mess of workarounds and add-ons that become increasingly difficult to oversee and manage.

But a new networking protocol has quickly disrupted the networking industry, offering a new routing method that can deliver superior, more secure, and more trustworthy internet compared to what the traditional workarounds provide – with far simpler management. Meet SCION.

The limitations of the current internet

Currently, the internet as we know it can’t provide the security, reliability, and performance that is often needed. Most businesses make it viable with additional platforms, services, and workarounds.

Without those workarounds, traffic is simply sent on an automatic basis, and the sender has no control over the path this traffic takes. As a result, data can be routed through vulnerable, unsafe, or congested networks. The consequences can be serious:

• Integrity of data is placed at risk, with proprietary data exposed to potential infiltration and cyberattacks.
• Availability of data may be compromised if there is an infrastructure or provider outage, taking critical systems offline and interrupting both internal operations and external service delivery.
• Performance can be affected as spikes in traffic create bottlenecks, presenting to the end user as jitter, lag, and unsuccessful data retrieval.

What is SCION?

SCION stands for Scalability, Control, and Isolation On Next-Generation Networks. As described by The SCION Association, a non-profit organization established to act as a guardian and enabler of the protocol, “SCION is the first clean-slate Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communication.”

Often nicknamed “Internet 2.0”, SCION’s path-aware routing allows for route control, failure isolation, and explicit trust information for secure end-to-end communication. Much like how ChatGPT has disrupted the AI landscape, SCION is rapidly gaining traction as a transformative force in networking, especially for sectors operating mission-critical infrastructure.

The following industries are leading SCION adoption:

• Finance: Banking services giants The Swiss National Bank and SIX have implemented SCION to establish the Secure Swiss Finance Network (SSFN), a controlled and secure network enhancing security and efficiency in financial communications.
• Frankfurter Bankgesellschaft increased the adoption of SCION beyond SSFN to include secure remote access for IT administrators. This air-gapped setup remains isolated from internal networks and the public internet while leveraging SCION’s inherent security and resilience.
• Health Info Net AG (HIN): HIN partnered with SCION-based solutions provider Anapaya to implement SCION and bolster its communications network with the HIN Trust Circle, also known as Secure Swiss Health network (SSHN).
• Secure EFTPOS Network (SEPN): The SEPN, powered by SCION, delivers resilient, end-to-end protected transactions for merchants, issuers, acquirers, and financial institutions.
• Research and education: The SCION Education, Research, and Academic (SCIERA) network connects universities and national research and education networks across multiple continents, providing native SCION connectivity to students and researchers.
• Telecommunications: Swisscom has introduced a premium internet offering based on SCION, supporting more reliable and secure connectivity for its customers.
• Energy: The first Security Operations Center (SOC) utilizing SCION has been launched by AXPO Systems.

Features of SCION

When you switch to SCION, key features of your architecture include:

• Separation of control and data planes: Enhances flexibility in routing and network management.
• Stronger security: Provides end-to-end authentication and integrity, protecting against various attacks.
• Scalability: Supports a large number of endpoints with minimal performance loss.
• Path selection: Users can choose routes based on their specific needs, optimizing for factors like latency or reliability.
• Network isolation: Allows the creation of secure, isolated networks that can still connect with others.

Benefits of SCION

When you opt for SCION over traditional networking, you’ll modernize your internet architecture with the following benefits.

Trusted networks

With SCION, networks are referred to as Autonomous Systems (ASes). These ASes can be grouped into trust domains (known as isolation domains, or ISDs) with agreed trust policies.

These ISDs establish their own trust roots and maintain their own public key infrastructure (PKI) services, which cryptographically verify each participating AS so they aren’t reliant on third-party PKIs (such as global certificate authority).

This makes it easier to protect the privacy and integrity of your data, and supports compliance for industry sectors that require enhanced trust and data governance policies.

Fast multi-path discovery and failover

SCION discovers path segments and assembles these into available paths to destinations in advance. As a result SCION doesn’t rely on iterative BGP convergence, which is the process where BGP routers receive new information that causes them to recompute routes and refine the route table with each iteration.

With this feature, users can quickly switch between paths and use multiple paths simultaneously to increase resilience and reliability in their mission-critical networks, as well as protect against denial-of-service attacks.

Path validation

With SCION, ASNs can influence how the topology is seen by others, as well as how they send and receive traffic from other ISDs, for more secure path validation. This is because unlike BGP, every hop on a SCION path between origin and destination is cryptographically verified – meaning particular attributes can be assigned or dynamically calculated for different paths.

This verification protects against route leaks, hijacks, and IP address spoofing for stronger validation.

Geofencing for data sovereignty

SCION discovers path segments (hops) between networks, assembled into those cryptographically verified paths to which particular attributes can be assigned or dynamically calculated. Users can then select the preferred path/s to send their data over the internet based on optimal characteristics or other parameters like geofencing.

Scalability and interoperability

As SCION is based on internet protocols, it can utilize existing internet infrastructure. This means no changes are needed to the internal network infrastructure of a network operator, and devices that are SCION-enabled can utilize SCION gateways.

How to deploy

SCION is available as a licensed option via Anapaya based out of Zurich; an open-source deployment is also possible.

Anapaya Systems emerged out of the development of SCION at ETH Zurich University as a commercial provider of the SCION Protocol, offering extensive support for its three key services:

• Anapaya EDGE: A secure gateway that seamlessly connects an organization’s network to the SCION backbone, ensuring resilient and controlled data flows.
• Anapaya CORE: The backbone infrastructure used by providers to interconnect SCION networks and deliver reliable, high-performance data transits.
• Anapaya GATE: A bridging solution that enables access to the SCION Internet for users without a direct SCION connection, extending its benefits more broadly.

Anapaya is also a Megaport Virtual Edge (MVE)-enabled partner.

About Megaport Virtual Edge

An interconnected network ecosystem of pre-arranged paths is essential for successful SCION deployment. This is where MVE comes in.

MVE is Megaport’s virtual network function hosting service, giving users private branch-to-cloud connectivity with reduced latency, jitter, and hops. With MVE you can build virtual firewalls, routers, and SD-WAN appliances without the need for physical infrastructure.

Customers can use an image from their choice of the market’s leading vendors to complement, expand, or replace existing infrastructure.

Discover MVE

How Anapaya and Megaport support SCION

When you deploy SCION with Anapaya and MVE, you get all the benefits that come with using Megaport for your connectivity underlay:

• Real-time global deployment: Spin up virtual SCION EDGEs, COREs, and GATEs on demand in 90+ locations worldwide. This also enables access via 1,100 + global locations to the full suite of Megaport services.
• Optimized cloud connectivity: Direct, private connections to major cloud providers bypass the public internet and provide simple SCION-enabled multicloud access.
• Reduced infrastructure costs: Eliminate the need for physical routers and on-premises hardware.
• Global reach, local performance: Deliver high-speed, low-latency networking closer to your end-users.

SCION is redefining internet routing by addressing the security, reliability, and performance limitations of traditional networking. By integrating SCION into your network with Anapaya and MVE, you can build a scalable, high-performance network that simplifies deployment, enhances security, and reduces infrastructure costs.

Want to see it in action? Contact us for a demo and explore how SCION with Megaport can upgrade your network.