Exploring the SCION Network¶
The goal here is to introduce several tools which can be used to explore the SCION network. We explain the functionalities that the scion tool provides and talk about traffic interception using TShark.
Investigating SCION Paths¶
Here, we focus on one of the fundamental functionalities of the scion tool,
namely the scion showpaths command, which lets network administrators explore the
paths in the SCION network. Showpaths takes
the destination AS as input, requests paths from the SCION control plane,
and displays them in a human-readable format. The showpaths tool
also supports command line arguments to display additional information
about the path (e.g., path expiration time or path status). For example,
the command below can be used to display all the paths to the AS with
the ISD-AS number 1-ff00:1:1:
scion showpaths 1-ff00:1:1
Here is an example of how the output would look like:
Available paths to 1-ff00:1:1
[0] Hops: [1-ff00:1:2 1>1 1-ff00:1:1] MTU: 1472 NextHop: 10.2.0.1:30042 Status: alive LocalIP: 10.2.0.2
[1] Hops: [1-ff00:1:2 2>3 1-ff00:1:1] MTU: 1472 NextHop: 10.2.0.2:30042 Status: alive LocalIP: 10.2.0.2
This indicates that there are two paths to the aforementioned AS.
The paths are represented as a sequence of AS hops and interface pairs that are
traversed. An interface pair is represented as eg>in, where eg is the
egress interface ID, and in is the ingress interface ID. In the second path
in the example above, a packet on the path exits the AS 1-ff00:1:2 on the
egress interface 2 and enters the AS 1-ff00:1:1 on the ingress interface 3.
The Maximum Transmission Unit (MTU) and the next hop on this path are also displayed. The next hop indicates the internal address of the SCION router a packet has to be forwarded to when using this path.
Due to path caching, sometimes showpaths might show fewer paths than
you expect. If that is the case, you can ask showpaths to fetch new
paths using the --refresh flag.
You can exploit various functionalities of the showpaths command by using different flags. To see a complete list of the provided flags, you can run:
scion showpaths --help
For example, you can run the following command to see how long it takes until the paths
to the AS 1-ff00:1:1 expire:
scion showpaths -e 1-ff00:1:1
By default, showpaths probes the paths it displays by sending probe packets across each of them and waiting for a response. A path is in one of the following three states:
Alive: The response from the destination AS was received.
Timeout: No response to the probe packet was received from the destination AS.
SCMP: A SCION Control Message Protocol (SCMP) error was received in response to the probe packet. (You will learn more about SCMP in Network checks using SCMP.)
If this behavior is not desired, probing can be deactivated by providing
the --no-probe flag.
Network checks using SCMP¶
The SCION Control Message Protocol (SCMP) is analogous to the Internet Control Message Protocol (ICMP) and provides the following functionalities:
Network diagnostic: SCMP is used to implement network debugging tools such as the SCION equivalents of
pingortraceroute.Error messages: SCMP is used by SCION applications (e.g., routers and dispatchers) to signal problems encountered during packet processing or to inform end hosts about network-layer problems.
The scion tool uses SCMP to gather information about the network. To see the command line arguments of scion, you can run:
scion help
Note
The scion tool provides two sub-commands that use SCMP to gather information:
traceroute and ping.
tracerouteis similar to IP traceroute; it sends multiple SCMP packets and each packet is crafted so that a different router in the path replies.pingis similar to IP ping; it sends a specified number of packets at a given interval and prints out the round-trip time.
Here is an example scion ping command:
scion ping -c 1 1-ff00:1:1,[10.8.0.1]
This command sends pings toward the AS 1-ff00:1:1 and the host
with the IP address 10.8.0.1. Of course, the corresponding host
needs to have a SCION network stack to be able to respond to SCION
pings.
Furthermore, when the -c flag is set, scion ping sends
the specified number of SCMP echo packets and reports back the statistics.
You can familiarize yourself with different flags supported by the
scion ping and scion traceroute commands by running
scion ping --help and scion traceroute --help.
The scion tool gives you the possibility to select the path
on which you want to execute your ping or traceroute command.
For this, you need to utilize the --interactive flag. Here is
an example:
scion ping --interactive 1-ff00:1:1,[10.8.0.1]
After executing such a command, you will be asked to choose your desired path.
In addition to the flag --interactive, the scion tool
provides the sequence option which gives you even more flexibility
in the choice of path for the execution of ping and traceroute.
You can read about how it works by running scion ping --help or
scion traceroute --help.
Traffic interception with TShark¶
TShark is a network protocol analyzer that can be used to inspect live network traffic (see Wireshark man page for more information about this tool).
To use TShark, you first need to make sure that it is installed on the machine where the TShark commands to capture traffic will be run. Then, you can simply run:
tshark
Then, TShark starts capturing packets from the default interface. To capture traffic from any interface, you can run:
tshark -i any
The output of the tshark command is always in the following format:
<seq-id> <timestamp> <src> -> <dst> <protocol> <protocol specific info>
The seq-id is an increasing ID that starts at 0 and increments by one
for each captured packet. The timestamp indicates the time since starting the
capture. The src and dst values represent source and destination IP addresses
of the packet. The protocol represents the protocol in use; there could be
packets with various protocols such as “HTTP”, “ICMP”, “TCP”, “BFD”, “UDP”, etc.
Finally, the last part of the capture line presents information that is specific
to the protocol.
TShark supports various packet filtering mechanisms. We already mentioned one
common filter, the -i flag. This flag can be used to select the desired
interface(s). For example, the command tshark -i eno5 will show only packets
that go through the eno5 interface.
More specific filters can be written in a custom packet filter language (see the
wireshark wiki). For instance, to
show all traffic that has IP destination address 192.168.7.2, use the following
command:
tshark -i any dst 192.168.7.2
Multiple filters can be combined with the and operator, for example to
additionally filter for the port 42001, one can run the following command:
tshark -i any dst 192.168.7.2 and port 42001
The default filtering is too limited to inspect the SCION traffic. Therefore, we
provide a plugin that allows us to filter on the SCION layer. For example, the
filters scion.src_as and scion.dst_as can be exploited to filter the packets
according to their source and destination AS. The following command prints out
only the packets whose destination AS is equal to ff00:1:1:
tshark -i any -Y 'scion.dst_as == "ff00:1:1"'
As mentioned above, there are packets with various protocols. We can also filter
according to our desired protocols. For example, scion.next_hdr != BFD in
the command below makes sure that no packet from the Bidirectional Forwarding
Detection (BFD) protocol is shown:
tshark -i any -Y 'scion.next_hdr != "BFD"'
Or, for example, you can filter for the SCMP packets by running:
tshark -i any -Y 'scion.next_hdr == "SCMP"'
Tip
For more information about TShark SCION filters, see https://github.com/scionproto/scion/blob/master/tools/wireshark/scion.lua. Inspect the filters that were used above, and see what other filters can be applied.
Tip
You can use the -V flag in the tshark commands to print full packets.