An overview of the use of SCION in Sui is available in an overview article. In short, SCION is a next-generation Internet designed for high security to provide high availability and efficiency. As SCION is largely fault-independent from today Internet, Sui validators using SCION will most likely continue to operate even when large-scale BGP routing failures and attacks occur.

Deployment Overview

The figure below provides an overview of the per-validator deployment used in these instructions:

While other deployment approaches are available, the above approach enables deploying the Anapaya EDGE VM appliance, which requires 2 vCPUs and 2—4 GiB of memory, on an already provisioned bare-metal Sui validator host; and sharing a single network interface between both the EDGE guest and the host with a low impact on performance.

The additional components deployed to the Sui validator hosts are shaded in the diagram above, and are briefly described below:

• EDGE: The Anapaya EDGE (or “appliance”) is the SCION router and networking stack that connects to an upstream SCION provider and forwards traffic. It is provided as a VM.
• FRR: Routing daemon, that updates routes on the host based on information provided from the router in the EDGE VM.
• vibr_scion: Linux bridge providing management communication between the guest VM and host applications.
• Physical function (PF) and virtual function (VF): Hardware-based virtualization (SR-IOV) of the public interface, to share it with the EDGE VM.

Sui + SCION Setup

The instructions below will assist you in enabling SCION connectivity for your Sui validator.

The setup proceeds in three phases:

1. In the first phase, you generate a private key and certificate-signing request for your light-weight SCION AS.
2. In the second phase, you submit your request to connect to the SCION network. In response, you will receive a cryptographic certificate to authenticate your AS to the SCION network; an access token to download the Anapaya EDGE appliance; and the configurations to automatically connect to the upstream SCION providers.
3. In the third phase, you deploy your appliance and configure it with the received parameters.

Requirements

These instructions assume you have already satisfy the following requirements:

• a Sui testnet validator, meeting the suggested specifications,
  • running at least Ubuntu 22.04,
  • deployed at an datacenter which is connected to the NYIIX, LINX, BBIX or SwissIX Internet exchange points in New York, London, Tokyo, and Zurich respectively (e.g., Latitude, OVH, or Vultr in New York, London, or Tokyo, see Am I connected to the NYIIX, LINX, BBIX or SwissIX IXP for more info);
• an assigned SCION ISD-AS number (contact Chris Gorham /msg gorpig on Sui Discord to be assigned a number, providing the data centre of your validator);