AS Numbers and Certificates

In this user guide, we explain how to request an AS number and AS certificate. They are necessary for connecting an Anapaya appliance to the SCION network.

AS Number

Every participant in a SCION network needs their own SCION AS number. Refer to ISD-and-AS-numbering for more details on the numbering scheme.

Currently, Anapaya is the only organization assigning SCION AS numbers for the productive SCION networks. For the SSFN (Secure Swiss Finance Network), SIX is assigning SCION AS numbers on behalf of Anapaya.

Note

The entire 4-byte BGP AS numbering space is reserved for organizations that own the respective BGP AS number. Thus, if your organization already has a BGP AS number assigned by an official BGP numbering authority, it can claim the same SCION AS number.

Request AS Number from Anapaya

Reach out to the Anapaya CSE team to request a SCION AS number from Anapaya. Your request should include

  • your organization details,

  • your technical contacts responsible for SCION,

  • and the Isolation domains you want to connect to.

Note

Once assigned, the AS number and your organization will be added to the Autonomous Systems list.

Request AS Number from SIX (for SSFN participants)

Follow the instructions on the SIX SSFN website on how to apply for a SSFN certificate. In the process, when required to fill in AS Number, leave the field empty and SIX will assign an AS number.

AS Certificate

A SCION AS needs a SCION AS certificate for every isolation domain it should be part of. Requesting an initial AS certificate is a manual process which is described below. Once the AS certificate is uploaded to the Anapaya appliance, SCION connectivity to the rest of the network can be established. AS certificate renewals are then automated and are performed by the appliance every few days.

Create Certificate Signing Request

As a first step, the Certificate Signing Request (CSR) needs to be created. Refer to Generating a Certificate Signing Request for details on how to use the appliance API for this. Make sure you include the relevant subject details.

Note

When creating a CSR for a SCION AS in the SSFN, make sure the values match with the contract values agreed upon with SIX.

Request the AS Certificate

Install the AS Certificate

Once you receive the AS certificate from the issuing party, you need to install it in the Anapaya appliance. Refer to Installing AS Certificates for the necessary commands.