Skip to content

Building SCION on Ubuntu 16.04 x86-64


This tutorial will guide you through the steps required to install SCION on an x86 system running Ubuntu 16.04. For details on how to build SCION on a Raspberry Pi, please take a look at how to build SCION on a Raspberry Pi.

Note about sudo

Many of our build and installation scripts will use sudo in them. The user has to belong to the sudo group:

sudo usermod -aG sudo scionuser

And it is highly recommended to enable sudo without password:

echo 'scionuser ALL=(ALL) NOPASSWD:ALL' | sudo tee /etc/sudoers.d/99-scionuser-user

Remember to replace scionuser with your username.

Easy Way (using the SCION install script)

The easy way to install SCION is to use the SCION install script:

chmod +x

The SCION install script supports various ways to connect to SCION:

Running the SCION infrastructure on a local topology

If the SCION install script is executed without any arguments, SCION will be run on a local topology:


For more information, check out Running the SCION infrastructure on a local topology.

Connecting to SCIONLab

Installing a SCION AS and connecting it to SCIONLab requires that you have already downloaded the necessary configuration from the SCION Coordination Service. To do so, please follow one of the following options, depending on the network configuration of the system on which SCION will be installed until you have the configuration files:

  1. Connecting to SCIONLab with a static public IP address
  2. Connecting to SCIONLab with a static IP address, but behind a NAT
  3. Connecting to SCIONLab via VPN (without a static IP address)

The configuration downloaded from the SCION Coordination Service includes a gen folder that needs to be uploaded to the target system and provided as an argument to the install script:

export BIDIR=`pwd`
./ -g $BIDIR/gen/

In case of connecting to SCIONLab via VPN, the OpenVPN client configuration (client.conf), that is included in the configuration downloaded from the SCION Coordination Service needs to be provided as argument additionally:

export BIDIR=`pwd`
./ -g $BIDIR/gen/ -v $BIDIR/client.conf

Next Steps

The execution declares new variable definitions (e.g. $SC) in ~/.profile. It is advised to log out and log in again for them to take effect.

After running the SCION infrastructure, it is necessary to verify that it is running properly. This is covered in the tutorial Verifying SCION Installation.

Advanced Way (manual installation)

The following steps will guide you through the manual installation of the tools necessary for running SCION.

Step One – install Go

In order to run SCION, you must have Go version 1.9.x installed. The installation steps below will automatically install the correct GO version, but be aware that if you are running a different Go version or are using a different gopath, the following steps may break other Go software that you are running.

Step Two – configure your Go workspace


You can skip this step if you already have a Go workspace configured on your machine.

It is necessary to set up your Go workspace. The following commands will create a default workspace at ~/go and export it as the $GOPATH environment variable:

echo 'export GOPATH="$HOME/go"' >> ~/.profile
source ~/.profile
mkdir -p "$GOPATH/bin"
echo 'PATH=$PATH:$GOPATH/bin' >> ~/.profile
source ~/.profile

SCION installation

Step One – clone the SCION repository

After the Go workspace has been configured, we can check out the SCION repository from with all dependencies using the following commands:

mkdir -p "$GOPATH/src/"
cd "$GOPATH/src/"
git clone --recursive -b scionlab .


If your account does not have an SSH key and that SSH key is not assigned to the github account, the checkout will fail with the error Permission denied (publickey). There are two ways to resolve this problem:

  1. Changing the checkout using https instead of ssh: git config --global url.
  2. Assign an SSH key to your Github account, detailed instructions can be found on Github help.

This will clone the appropriate SCION directory into your Go workspace. We will create an environment variable SC that will point to the SCION root directory. Afterwards it is necessary to navigate to the newly downloaded repository for finishing the configuration:

echo 'export SC="$GOPATH/src/"' >> ~/.profile
source ~/.profile
cd $SC

Step Two – configure Python path variable

Some SCION components like SCIONviz require Python libraries which are located in the SCION root directory. In order to make them accessible, the PYTHONPATH environment variable needs to be exported:

echo 'export PYTHONPATH="$SC/python:$SC"' >> ~/.profile
source ~/.profile

Step Three – finish installing the required packages

In order to install all the dependencies, simply issue the following command while in the root directory of the SCION installation:

bash -c 'yes | GO_INSTALL=true ./env/deps'


You might be asked for your sudo password after running the command

This will finish installing the required dependencies and system packages.

Step Four – configure the host Zookeeper instance

Replacing /etc/zookeeper/conf/zoo.cfg with the file docker/zoo.cfg is recommended. This has the standard parameters set, as well as using a ram disk for the data log, which greatly improves the performance of Zookeeper (at the cost of reliability, so it should only be done in a testing environment).

cp docker/zoo.cfg /etc/zookeeper/conf/zoo.cfg

Next steps

After finishing the installation of SCION, you can run the architecture on several different topologies. The following tutorials will cover this in further detail:

  1. Configure SCION to run on system boot – Use systemd to run SCION and SCION-viz when the system is started.
  2. Running a local network topology – Generate a sample topology and run SCION locally
  3. Connecting to SCIONLab with a static public IP address – Connect to the already running SCION topology.
  4. Connecting to SCIONLab with a static public IP address, but behind a NAT
  5. Connecting to SCIONLab without a static public IP address – Connect to the already running SCION topology through an OpenVPN tunnel.