For terms related to the SCION protocol we use the glossary of The Complete Guide to SCION.

Anapaya Appliance

The Anapaya Appliance is a software package implementing the SCION protocol. It can be configured as a CORE, EDGE or GATE.

Anapaya CORE

Description of Anapaya CORE product

Anapaya EDGE

Description of Anapaya EDGE product

Anapaya GATE

Description of Anapaya GATE product

Autonomous System (AS).

An Autonomous System is a network under a common administrative control. For example, the network of an Internet service provider, company, or university can constitute an AS. If an organizational entity operates multiple networks that are not directly connected through a local area network, then the different networks are considered different ASes in SCION.

Certificate Authority (CA)

A Certificate Authority (CA) is a trusted entity that issues digital certificates. These certificates typically bind a domain name to a public key. In SCION these certificates are used to assure the authenticity of ASes.

Control Plane

The SCION control plane is responsible for the propagation and discovery of network paths, i.e., for the exchange of routing information between network nodes. The control plane thus determines where traffic can be sent and deals with questions such as how routes are established, which paths exist, what quality individual links offer, etc. Within a SCION AS, such functionalities are carried out by the control service. Packet forwarding is instead a task pertaining to the data plane.

Core AS

In SCION networks, a core AS is an AS which has some additional duties such as initiating the beaconing for path discovery. Furthermore, a core AS needs to manage and distribute the ISD’s trust related information (TRC).

Data Plane

The data plane (sometimes also referred to as the forwarding plane) is responsible for forwarding data packets that end hosts have injected into the network. After routing information has been disseminated by the control plane, packets are forwarded according to such information by the data plane.


The IP-in-SCION-Tunneling mechanism enables common IP traffic to be transported over SCION. A service provider and service consumer can communicate via standard IP traffic that is tunneled through the SCION network.

Isolation Domain (ISD)

In SCION, autonomous systems (ASes) are organized into logical groups called isolation domains or ISDs. Each ISD consists of ASes that span an area with a uniform trust environment (i.e., a common jurisdiction). A possible model is for ISDs to be formed along national boundaries or federations of nations.


In SCION, a network path is a defined route that a packet traverses. The path consists of a sequence of hops. Each hop consists of a SCION ISD-AS and an ingress and egress interface. Two parties that want to communicate use an end-to-end path, that is constructed based on a set of up to three path segments.

Path Segment

Path Segments are generated through the beaconing process, which is initiated by the core ASes. There exist three types of path segments: core, up and down path segments. A core path segment is a path between cores, while an up path segment is a path segment from a non-core AS to a core AS. Down path segments are the same as up path segments but in reverse direction. These path segments are used to form an end-to-end path which consist of maximum an up, a core and a down path segment.

Path-Segment Construction Beacon (PCB)

Core ASes generate PCBs to explore paths within their isolation domain (ISD) and among the different ISDs. ASes further propagate selected PCBs to their neighboring ASes. As a PCB traverses the network, it carries path segments, which can subsequently be used for traffic forwarding.

Public Key Infrastructure (PKI)

PKI enables parties to authenticate themselves to other parties without having to exchange secrets bilaterally. A certificate authority which all parties have to trust digitally signs certificates, which are used to prove authenticity to other parties. In SCION, PKI is used to authenticate ASes.


Scalability Control and Isolation on Next-Generation Networks (SCION) is the name of the inter network routing protocol.

Trust Root Configuration (TRC)

In SCION, the Trust Root Configuration is the anchor of trust in an ISD. It consists of a collection of signed certificates and policies. The TRC further specifies the core ASes, the CAs and the voting parties within the ISD.

Voting Quorum

The voting quorum is a trust root configuration (TRC) field that indicates the number of votes needed on a successor TRC for it to be verifiable. A voting quorum greater than one will thus prevent a single entity from creating a malicious TRC update.