You should go through this tutorial if you want to install SCION end host but do not want to run other SCION AS services on that machine. Before proceeding you should already have SCION AS services available in your network, otherwise end host will not run properly.
In this tutorial we will cover the steps necessary to configure a SCION end host in a SCIONLab AS.
A SCION end host is a machine running SCION applications in a SCION AS, i.e. it is not a router and does not run any infrastructure services for the AS. An end host will communicate with the control service of the AS to get paths and certificate information. For communication to hosts in different ASes, traffic will be sent to the SCION border routers of the AS. The end host knows the addresses for these services from a configuration file (
The software stack for a SCION end host application consists of the
dispatcher, responsible for managing sockets and encapsulating/decapsulating SCION packets for IP/UDP overlay, and the SCION-daemon
sciond, which is responsible for fetching, verifying and caching paths and certificate information from the AS services.
Compared to the perhaps more familiar software stack for IP, we can see some rough analogues:
dispatcher: corresponds to the kernels
sciond: similar to a local caching DNS resolver daemon (like e.g. dnsmasq, unbound), except it’s for paths and certificates, not for names
The software stack for a SCION end host consists of the
dispatcher and the
sciond, contained in the
On Debian-based OS run the following snippet to add the package repository:
sudo apt-get install apt-transport-https echo "deb [trusted=yes] https://packages.netsec.inf.ethz.ch/debian all main" | sudo tee /etc/apt/sources.list.d/scionlab.list sudo apt-get update
and then install the packages using:
sudo apt-get install scion-daemon scion-dispatcher
Of course you can also use the other available installation options. When running the VM installation, the steps will be virtually identical with the only difference that they need to be performed in the respective VMs. When running SCION built from sources, the directory paths will be different (configuration in
$GOPATH/src/github.com/scionproto/scion instead of
/etc/scion) and the
systemctl commands would be replaced with the
The configuration downloaded from SCIONLab configures all SCION services to listen only on the localhost address by default. To run an end host on a different host, the services need to bind on an IP that is accessible from the end host.
On the host running the AS services, locate the
topology.json files in
/etc/scion/gen/. In this configuration file, we change the occurrences of IP
127.0.0.1 to the hosts IP.
export NODE_IP=example sed -i "s/127\.0\.0\.1/$NODE_IP/" /etc/scion/gen/ISD*/AS*/*/topology.json
Restart your AS services by running
sudo systemctl restart scionlab.target
To create the configuration for the end host, we copy the relevant parts of the configuration (modified in the previous step) from the node’s
/etc/scion/gen directory: we’ll need the
ISD*/AS*/endhost and the
The following snippet copies exactly these parts of the SCION configuration to
cd /etc/scion/ && cp -r --parent gen/ISD*/AS*/endhost gen/dispatcher /tmp/
At this moment
/tmp/gen contains a full configuration needed for the SCION end host. You can use e.g.
scp to install it in the
/etc/scion/ directory on the target machine.
Finally we can start the
# replace XX and YYYY with your ISD/AS number e.g. scion-daemon@17-ffaa_1_15b.service systemctl enable --now scion-dispatcher.service systemctl enable --now scion-daemon@XX-ffaa_1_YYYY.service
Test that your connection is working, e.g. by using
scmp echo (as described in checking AS configuration) and start using the applications.