Router

router is the SCION router. Due to the encapsulation of SCION packets, this can use ordinary UDP sockets for network communication and so can run on almost any host system without requiring any special privileges.

Command Line Reference

Synopsis

router [--config <config.toml> | help | version]

Options

--config <config.toml>

Specifes the configuration file and starts the router.

help, -h, --help [subcommand]

Display help text for subcommand.

version

Display version information.

sample [file]

Display sample files.

config

Display a configuration file sample.

completion [shell]

Generate the autocompletion script for router for the specified shell.

Run router help completion for a list of the available shells.

Run router help completion [shell] for usage information on the autocomplete script for a particular shell.

Environment Variables

SCION_TESTING_DRKEY_EPOCH_DURATION

For testing only. This option relates features.experimental_scmp_authentication.

Override the global duration for Dynamically Recreatable Key (DRKey) Infrastructure epochs.

Also applies to the control service.

Type:

duration

Default:

24h

SCION_TESTING_ACCEPTANCE_WINDOW

For testing only. This option relates features.experimental_scmp_authentication.

Defines the length of the window around the current time for which SCMP authentication timestamps are accepted. See SPAO specification.

Type:

duration

Default:

5m

GOMAXPROCS

Specified by the GO runtime. The Go runtime starts a number kernel threads such that the number of non-sleeping threads never exceeds GOMAXPROCS. By default GOMAXPROCS is equal to the number of cores in the host. That value can be changed via the GOMAXPROCS environment variable (or programatically by the application code). See the go runtime documentation for more information. One reason to change this is running multiple routers on the same host. In such a case, it is best to split the available cores among the routers, lest Go’s default assumptions causes them to compete for cores and incurr futile context switching. This precaution is especially useful in performance testing situations.

Type:

unsigned integer

Default:

all cores

Configuration

The router is configured by two main files. First, the .toml configures common features like logging and metrics and specifies the configuration directory from which all other configuration files are read. The second one is topology.json, which contains all the AS information that the router uses to forward packets.

Router Configuration

In addition to the common .toml configuration options, the router considers the following options.

general
general.id = <string> (Required)

Identifier for this router.

This is used to identify which parts of the topology.json file refer to self. Thus, id must match a key in the topology.json files’ border_routers section.

general.config_dir = <string> (Required)

Path to a directory for loading AS topology.json and keys.

If this is a relative path, it is interpreted as relative to the current working directory of the program (i.e. not relative to the location of this .toml configuration file).

features

Features is a container for generic, boolean feature flags (usually for experimental or transitional features).

features.experimental_scmp_authentication = <bool> (Default: false)

Enable the DRKey-based authentication of SCMPs in the router, which is experimental and currently incomplete.

When enabled, the router inserts the SCION Packet Authenticator Option for SCMP messages. For now, the MAC is computed based on a dummy key, and consequently is not practically useful.

router
router.receive_buffer_size = <int> (Default: 0)

The receive buffer size in bytes. 0 means use system default.

router.send_buffer_size = <int> (Default: 0)

The send buffer size in bytes. 0 means use system default.

router.num_processors = <int> (Default: GOMAXPROCS)

Number of goroutines started for SCION packets processing.

These goroutines make the routing decision for the SCION packets by inspecting, validating and updating the path information in the packet header. Packets are processed asynchronously from the corresponding read/write operations on the individual interface sockets.

Goroutines are the Go programming language’s light-weight user-space concurrency primitives. Go’s runtime schedules goroutines on top of a smaller number of kernel threads. The default is to use as many packet processors as there are kernel threads started by Go, letting other goroutines displace them sporadically. Whether more or fewer processors are preferable is to be determined experimentaly.

The number of kernel threads that go creates depends on the number of usable cores, which is controlled by the environment variable GOMAXPROCS. See GOMAXPROCS.

router.num_slow_processors = <int> (Default: 1)

Number of goroutines started for the slow-path processing which includes all SCMP traffic and traceroutes. A minimum of 1 slow-path processor is required.

router.batch_size = <int> (Default: 256)

The batch size used by the receiver and forwarder to read or write from / to the network socket.

bfd
disable = <bool> (Default: false)

Set whether the BFD feature is disabled by default.

This setting applies to BFD sessions to all neighboring routers, including sibling routers (other routers in the same AS).

Can be overridden for specific inter-AS BFD sessions with bfd.disable.

detect_mult = <uint8>, default 3

Set the BFD detection time multiplier.

After detect_mult consecutively missing control packets, the BFD session is considered “down” and is reset.

Can be overridden for specific inter-AS BFD sessions with bfd.detect_mult.

desired_min_tx_interval = <duration>, default 200ms

Defines the frequency at which this router should send BFD control messages. The effective interval is the result of negotiating with the remote router during session establishment; the value will be max(desired_min_tx_interval, remote.required_min_rx_interval).

Can be overridden for specific inter-AS BFD sessions with bfd.desired_min_tx_interval.

required_min_rx_interval = <duration>, default 200ms

Defines an upper bound for the frequency at which this router wants to receive BFD control messages. The effective interval at which the remote router will send control messages is the result of negotiating with the remote router during session establishment; the value will be max(remote.desired_min_tx_interval, required_min_rx_interval)

Can be overridden for specific inter-AS BFD sessions with bfd.required_min_rx_interval.

topology.json

The router reads the border_routers section of the topology.json file.

It uses the entry referring to its own general.id to determine the intra-AS links that this router instance is responsible for. The other router entries (“sibling routers”) define which router is responsible for which interface. This mapping is consulted during packet forwarding to determine the sibling router to which a packet transitting the AS needs to forwarded to.

Additionally, the router considers the control_service and discovery_service entries. These entries define the underlay addresses that the router uses to resolves anycast or multicast service addresses.

Keys

The router loads the forwarding secret keys master0.key/master1.key from <config_dir>/keys.

The key files contain a base64-encoded high-entropy random string. The keys should be exactly 16 bytes long (corresponding to a base64 encoding of 24 bytes with two trailing pad bytes ==). These keys must be identical to the corresponding keys used by the control service.

Note

The router and Control Service currently use these keys as input for PBKDF2 to generate the actual forwarding key. Consequently, keys of any size can currently be used. This may be changed to only accept high-entropy 16 byte keys directly in the future.

Port table

Description

Transport

Port(s)

Application protocol

Underlay data-plane

UDP

30042-30051

none

Monitoring

TCP

30442

HTTP/2

Metrics

Metrics can expose any combination of the following set of labels:

  • interface: The SCION Interface ID of the interface (e.g., 4, internal).

  • neighbor_isd_as: The ISD-AS of the neighboring router from which this packet was received. This label is set to the local ISD-AS for internal interfaces.

  • isd_as: The local ISD-AS to which this interface belongs (note that in a multi-ISD environment a router can belong to multiple ISD-ASes, but an interface can only belong to one).

  • sibling: A human-readable description of the sibling router (e.g. br1-ff_00_5-2).

Interface state

Name: router_interface_up

Type: Gauge

Description: 1 if the router in the remote AS is reachable, 0 otherwise.

Labels: interface, isd_as and neighbor_isd_as.

Connectivity to sibling router instances

Name: router_sibling_reachable

Type: Gauge

Description: 1 if a sibling router instance within the local AS is reachable.

Labels: sibling and isd_as.

Input/output bytes total

Name: router_input_bytes_total, router_output_bytes_total

Type: Counter

Description: Total number of bytes received/sent by the router. This only includes data-plane bytes. Bytes received/sent by the Dispatcher on the local system (if any) are not counted in this number. The underlay header bytes are not included in this number.

Labels: interface, isd_as and neighbor_isd_as.

Input/output packets total

Name: router_input_pkts_total, router_output_pkts_total

Type: Counter

Description: Total number of packets received/sent by the router. This only includes data-plane packets. Packets received/sent by the Dispatcher on the local system (if any) are not counted in this number.

Labels: interface, isd_as and neighbor_isd_as.

Dropped packets total

Name: router_dropped_pkts_total

Type: Counter

Description: Total number of packets dropped by the router. This metric reports the number of packets that were dropped because of errors.

Labels: interface, isd_as and neighbor_isd_as.

BFD state changes (inter-AS)

Name: router_bfd_state_changes_total

Type: Counter

Description: Total number of BFD state changes in a BFD session with a router in a different AS.

Labels: interface, isd_as and neighbor_isd_as.

BFD state changes (intra-AS)

Name: router_bfd_sibling_state_changes_total

Type: Counter

Description: Total number of BFD state changes in a BFD session with a router in the local AS.

Labels: interface, isd_as and neighbor_isd_as.

BFD packets sent/received (inter-AS)

Name: router_bfd_sent_packets_total, router_bfd_received_packets_total

Type: Counter

Description: Number of BFD packets sent to, respectively received from, the router in a different AS.

Labels: interface, isd_as and neighbor_isd_as.

BFD packets sent/received (intra-AS)

Name: router_bfd_sent_sibling_packets_total, router_bfd_received_sibling_packets_total

Type: Counter

Description: Number of BFD packets sent to, respectively received from, the router in the local AS.

Labels: sibling and isd_as.

Service instance count

Name: router_service_instance_count

Type: Gauge

Description: Number of service instances known by the data plane. The router monitors the reachability of control and discovery service instances. Instances are dynamically added and removed from the data plane based on their reachability. Packets with an svc address as destination are sent to any instance known by the data plane.

Labels: service and isd_as.

Service instance changes total

Name: router_service_instance_changes_total

Type: Counter

Description: Number of total service instance changes. Both addition and removal of a service instance is accumulated.

Labels: service and isd_as.

HTTP API

The HTTP API is exposed by the router application. The IP address and port of the HTTP API is taken from the metrics.prometheus configuration setting.

The HTTP API does not support user authentication or HTTPS. Applications will want to firewall this port or bind to a loopback address.

The router currently only supports the common HTTP API.