Scaling SCIERA: A Journey Through the Deployment of a Next-Generation Network

SIGCOMM'25
1

Title: Scaling SCIERA: A Journey Through the Deployment of a Next-Generation Network

Authors: François Wirz (ETH Zurich); Marten Gartner (OVGU Magdeburg); Jelte van Bommel, Elham Ehsani Moghadam (ETH Zurich); Grace H. Cimaszewski (Princeton); Anxiao He, Yizhe Zhang (UVA); Henry Birge-Lee (Princeton); Felix Kottmann (ETH Zurich); Cyrill Krähenbühl (Princeton); Jonghoon Kwon (ETH Zurich); Kyveli Mavromati (Anapaya Systems); Liang Wang (Princeton); Daniel Bertolo (SWITCH); Marco Canini (KAUST); Buseung Cho (KISTI); Ronaldo A. Ferreira (UFMS); Simon Peter Green (SingAREN); David Hausheer (OVGU Magdeburg); Junbeom Hur (Korea University); Xiaohua Jia (CityUHK); Heejo Lee (Korea University); Prateek Mittal (Princeton); Omo Oaiya (WACREN); Chanjin Park (KISTI); Adrian Perrig (Anapaya Systems; ETH Zurich); Jerry Sobieski (GMU; Sobieski Systems & Services); Yixin Sun (UVA); Cong Wang (CityUHK); Klaas Wierenga (GÉANT)

Scribe: Ziyi Wang (Xiamen University)

da219447095eb3a6a8961ef1fea707d4
da219447095eb3a6a8961ef1fea707d41571×896 128 KB

Introduction
This paper systematically introduces SCIERA, a deployment practice and experience summary of a Next-Generation Network (NGN) based on the SCION architecture within the global research and education network. SCION is a path-aware, highly secure inter-domain next-generation network architecture designed for high security, efficiency, and scalability in both the control and data planes. Although SCION has seen preliminary applications in fields such as finance, its widespread deployment still faces numerous challenges, including the persistent ‘cold start’ dilemma and an immature developer ecosystem. The core focus of this paper lies in how to enable existing applications to natively support SCION at low cost, leveraging the global academic network to propel NGN beyond the cold start dilemma. The establishment of SCIERA aims to break this deadlock. By building an academic network spanning five continents and serving 250,000 users, it effectively promotes the transition of SCION from an experimental technology to scalable adoption.

Key idea and contribution:
SCIERA answers the question of “how to implement a next-generation network” through practice, specifically including:

  1. Proposes a scalable NGN deployment methodology: A three-tier hierarchical deployment model is designed, utilizing Layer 2 links (VLAN/VXLAN) to achieve interconnection fully independent of BGP. Furthermore, multiple deployment modes are proposed and implemented to accommodate varying resources and requirements across different institutions.
  2. Implements a fast bootstrapping mechanism transparent to end devices: Bootstrap information is provided using existing network protocols, achieving a “plug-and-play” user experience. Three operational modes are supported, covering all scenarios from servers to mobile/IoT devices.
  3. Provides low-barrier application development support: Multi-language SCION libraries are developed, offering APIs closely resembling the standard Socket interface, among other features.
  4. Validates the feasibility of low-cost, highly available infrastructure and summarizes key deployment experiences and tool support: The SCION Orchestrator visual management tool is developed, reducing AS deployment time from several days to a few hours. Sustainable network operation is ensured through open ecosystem collaboration and compliance strategies.

The success of SCIERA proves that it is feasible to deploy native NGN at scale through evolution rather than revolution on top of the existing Internet. It provides practically validated architectural patterns, toolchains, and operational experience for subsequent NGN deployments, thereby significantly reducing the barriers to deploying and using new network architectures.

Q&A
Q1: This is more of a comment than a question. I’d like to say that I’m a big fan of this work. Technically, it’s fascinating and, as you mentioned, it opens up many opportunities. I want to highlight this for the community: there are numerous external forces currently examining the Internet and exploring ways to regulate or control it. They have entirely legitimate needs, requirements, and concerns. What I wish to highlight is that, in many respects, the SCION architecture is precisely positioned to address these very needs. Therefore, when we engage with external parties and they express desires such as ‘we wish to enhance BGP security’ or ‘we seek isolation’, SCION presents a ready-made alternative. I believe it offers substantial capabilities in this regard. So, we ought to take it very seriously and allow it to coexist with protocols like BGP and IGP. Thank you. Thank you.
A1: Thank you very much for your comments. I think you’re absolutely right.

Q2: What does operating this network entail? For network operators, how much effort is required to operate a SCION network? Secondly, what are the security implications? If you are an institutional network administrator, you would be concerned about security, especially since today’s IP networks already deploy extensive firewalls and intrusion detection mechanisms.
A2: Regarding the maintenance and deployment aspects: initially, a significant amount of manual effort was indeed required, but we have since automated many of these processes. There is now a very useful tool called the Orchestrator that operators can use to quickly identify any issues in the network, view logs, and so on. Of course, this still represents a change, so they will need to invest some time in learning how SCION works in order to operate such a network effectively.
As for security, because it is a new network architecture, existing equipment, such as firewalls, requires some adaptation to support SCION. We are actively researching this issue and have achieved a number of results, such as developing security mechanisms capable of processing traffic at extremely high rates. Furthermore, the entire SCION control plane is formally verified.

Evaluation
The paper demonstrates SCIERA’s feasibility and advantages through multi-dimensional evaluation: median terminal boot delay below 150ms; minimal code modification required for application adaptation; deployment time reduced from months to days. Through path diversity and multipath transmission, field tests demonstrated lower latency (median reduction of 6.9%, 90th percentile reduction of 23.7%) and higher resilience (significantly superior connectivity under link failures compared to single-path routing) than traditional IP networks. The significance of these findings lies in demonstrating that SCION delivers superior performance and resilience to conventional IP networks even on low-cost hardware and heterogeneous network environments. This provides empirical groundwork for large-scale NGN deployment while showcasing the potential value of path-aware networks in latency optimisation, fault recovery, and eco-routing.

Personal thoughts
I believe the value of this paper lies not only in its technical details but more significantly in its practical insights derived from real-world deployment experience. The authors share early decision-making missteps, adaptation challenges in heterogeneous environments, and strategies for achieving scalability. However, the paper has limitations: it offers limited discussion of business models, security analysis is largely confined to the architectural level, and there is a lack of empirical evaluation against actual attacks. Overall, SCIERA provides a valuable ‘roadmap’ for NGN implementation, demonstrating significant practical relevance.