More security, reliability and control: SWITCHlan SCION access provides the best conditions for ensuring that your data is only transferred to the parts of the internet that you want it to reach.

The secure internet architecture of the next generation

These days, digitalisation requires secure networks that are easy to control. However, the foundation of the internet was laid last century without any special security mechanisms, and it has hardly been updated since. That makes it vulnerable. Nowadays, cybercriminals exploit vulnerabilities to such a degree that IT departments spend the majority of their time trying to prevent and eliminate cyber threats. This observation concerns not only the multitude of security risks, but also aspects of the transport network. It is high time for an upgrade.

SCION (Scalability, Control, and Isolation On Next-Generation Networks) is that upgrade. SWITCHlan SCION access combines the security, reliability and control of private networks with the flexibility of the public internet. The technology was developed at the Swiss Federal Institute of Technology (ETH) in Zurich. SWITCH has supported SCION’s development at ETH Zurich since 2015.

How you benefit


All the paths are authenticated and protected against routing attacks.


Multiple network paths with instant failover ensure that individual path failures go unnoticed.


You control the route of your data to its destination.


Hidden paths and the path selection controlled by the sender increase protection against DDoS attacks.


A SCION application can select the best paths for network traffic based on cost or latency rules.

High degree of reliability

High degree of reliability

SCION’s architecture gives you a high degree of reliability with various features and new concepts. As a result, some attacks can be prevented from the very outset: SCION is immune to prefix hijacking. What is more, the technology reduces the risk of exposure to distributed denial of service (DDoS) attacks through hidden paths and source authentication. The protection provided against address spoofing even prevents susceptibility to DDoS reflection attacks.

Reliability and performance through multi-pathing

Reliability and performance through multi-pathing

Multi-pathing allows the SCION protocol to open up multiple potential paths that can be used simultaneously. This increases the usable capacity in the network and enables faster switching in the event of path failures, provided that the application supports this function.

In this instance, the granularity of the path selection is restricted to the transfer points between networks (autonomous systems). The path within a network is not subject to the control of SCION, meaning alternative paths cannot be used there.

More control with SCION

More control with SCION

SCION gives you path control over your end-to-end communication, allowing you to avoid certain network sections such as networks in unstable regions. Control over path choice also allows you to make selections regarding available bandwidths and latencies. This increases the security of your data in terms of how it is handled. You get more control over the transport route of your sensitive data.



This variant is your SCION connection to SWITCHlan’s SCION Core (CH-ISD, without Edge services). Here, you the customer are responsible for procuring and operating the SCION router. You will need a software licence for this, depending on the provider.
If you are not connected to the SWITCHlan backbone yet, for example because you are using the IP access or L2VPN service, we will be happy to provide you with a tailored quotation.


The managed service is an optional addition to SWITCHlan SCION access and is used to operate your SCION router and connection (SCION Edge: SCION IP gateway).

Report: SCION-based Science DMZ

A SCION Science DMZ combines the traditional advantages of a Science DMZ with the additional guarantees provided by strong source authentication of every data packet, even at line rate, but without the high cost of traditional IP firewalls.

Factsheet SWITCHlan SCION Access

Get all relevant information on SWITCHlan SCION Access at a glance.

The technology of SCION

Today’s internet is made up of a multitude of loosely interconnected networks. Communication between the different networks makes transfers vulnerable through route hijacking. For example, a data packet could be diverted across several countries on its way from Zurich to Geneva and the sender and recipient would be helpless to prevent this from happening. Such hijackings are often detected well after the event.

Cybercriminals can redirect data packets or disable internet services with DDoS attacks. This is where SCION comes in – and minimises the area of attack to network level from the outset.

A team from ETH Zurich has redesigned SCION’s internet architecture from scratch. The foundation is formed by ‘isolation domains’ (ISDs). These domains can be states, industries or autonomous companies. SCION combines several networks (geographical, for example) to form ISDs. All the Swiss networks can belong to one ISD, for instance. Communication between two networks in the same ISD never goes anywhere else. As a result, confidential data can no longer be diverted unchecked via other network sections.

With SCION, the sender determines what transport route the data packets take, making attacks at routing level essentially impossible. For example, you can specify certain providers or network paths to avoid.

At present, the SCION protocol is still in development. Officially, the specification has not yet been publicly standardised. The development team at ETH is actively seeking to obtain this standardisation.

Do you have any questions?

We would be happy to help you understand the next generation of internet architecture.

Are you interested in SWITCHlan SCION access? Call us or send us a message. We advise you with expertise, commitment and a focus on your individual requirements.


Daniel Bertolo
Head Network
+41 44 268 15 87


Diego Tres
Community Account Manager
+41 44 268 16 57

Anapaya Systems AG

Anapaya Systems AG

Anapaya Systems is a spin-off of ETH Zurich. The company has made it its mission to develop the next generation of inter-network architecture. Anapaya combines high security (prefix hijacking prevention, proven secure protocol and implementation), high availability (DDoS defence at network level) and flexibility (path control and multi-pathing, SD-WAN) within SCION’s network architecture. This was developed at ETH Zurich and is considered ground-breaking. The architecture ensures state-of-the-art, secure inter-domain routing, QoS, DDoS defence, secure PKI and an unprecedented level of availability.