[Search] [txt|pdf|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01                                                         
rtgwg                                                              X. Li
Internet Draft                                                  L. Zhang
Intended status: Informational                                   Y. Tang
Expires: December 2021                                            Z. Shi
                                                                S. Huang
                                                                    BUPT
                                                       June 29, 2021



    Photonic firewall oriented routing and spectrum allocation strategy
                                in optical networks
                         draft-li-rtgwg-photonic-firewall-rsa-01.txt

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79. This document may not be modified,
   and derivative works of it may not be created, and it may not be
   published except as an Internet-Draft.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008. The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html



Li, et al.                  Expires December 29, 2021           [Page 1]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021

   This Internet-Draft will expire on June December 29, 2021.

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Abstract

   The photonic firewall oriented routing and spectrum allocation
   strategy in elastic optical networks is proposed. For the security
   detecting requirement, each light-path should pass through at least a
   photonic firewall. To reduce the blocking rate and improve the
   spectrum efficiency, the whole network is divided into several parts
   according to the locations of all deployed photonic firewalls. A
   photonic firewall is responsible for the security detecting for each
   part. This strategy has a low complexity and is suitable for large-
   scale optical networks.

Table of Contents


   1. Introduction...................................................3
   2. Conventions used in this document..............................4
   3. Motivation.....................................................4
   4. Photonic Firewall Oriented Routing and Spectrum Allocation
   Strategy..........................................................4
       4.1. Photonic Firewall.........................................4
       4.2. Secure Connection Establishment Requirement...............6
       4.3. Photonic Firewall oriented Routing and Spectrum Allocation
       Strategy.......................................................6
   5. Security Considerations........................................7
   6. IANA Considerations............................................7
   7. References.....................................................7
       7.1. Normative References......................................7
       7.2. Informative References....................................8




Li, et al.                  Expires December 29, 2021           [Page 2]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021

1. Introduction

   This document describes the photonic firewall oriented routing and
   spectrum allocation strategy in optical networks. Optical networks
   which take advantages of high-speed and large-capacity has been
   widely applied to access, backbone transmission, data center
   interconnection, inter-satellite link, etc. Many new technologies are
   emerging with the aim of improving the capacity of optical fiber,
   such as optical orthogonal frequency division multiplexing (O-OFDM)
   and space division multiplexing (SDM). The accommodated traffic is
   booming, and more services are emerging, such as cloud computing, big
   data, augmented reality, and virtual reality. Since the accommodated
   traffic is very large, the secure transmission becomes more and more
   important. Due to the large amount of transmission information, wide
   coverage, and QoT sensitivity, optical networks are highly vulnerable
   to eavesdropping and attacks. The common attacks exist in optical
   networks can be simply divided into two parts. One aims for optical
   device and the other aims for network management. Attacks for optical
   fiber include eavesdropping, interception, in-band interference,
   signal delays [Fok2011]. To ensure secure data transmission, some
   security technologies such as optical encryption, quantum key
   distribution, chaotic encryption, node/line reinforcement, optical
   steganography [Wang2010], etc., have been proposed. These
   technologies help to ensure the confidentiality and integrity of data
   transmission over optical networks. However, when invasions and
   attacks are hidden in the transmitted data, these technologies are
   useless. Photonic firewall is an important network security device.
   It leverages the all-optical pattern matching to directly identify
   the signals in the optical domain, then distinguish hidden network
   intrusions and attacks, and finally selects corresponding defense
   means according to the set security policy. Thus, it can directly
   realize intrusion detection and security protection in the optical
   domain. Since the processing rate of the photonic firewall is far
   great than that of the electronic firewall, a photonic firewall can
   replace tens of thousands of electronic firewalls. In future, we
   believe the photonic firewall can be widely used in the optical
   backbone network, optical access network, optical datacenter network,
   etc. A photonic firewall is composed of multiple all-optical logic
   gate, regenerators, optical amplifiers, etc. The cost of the photonic
   firewall is very high. In the early stage, the photonic firewall can
   only be deployed just in a few places. To ensure each established
   light-path can be obtained the security detecting, the photonic
   firewall oriented routing and spectrum allocation strategy should be
   designed. To avoid the traffic congestion on some fiber links or a
   certain photonic firewall, we divide the whole topology into several
   parts according to the number of and the locations of all deployed


Li, et al.                  Expires December 29, 2021           [Page 3]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021

   photonic firewalls. A photonic firewall is responsible for the
   security detecting for each connection in the each part.
2. Conventions used in this document

   This document makes use of the following acronyms:

   QoT: Quality of Transmission

   AI: Artificial Intelligence

   SDM: Space Division Multiplexing
   O-OFDM: Optical Orthogonal Frequency Division Multiplexing

   In this document, these words will appear with that interpretation
   only when in ALL CAPS. Lower case uses of these words are not to be
   interpreted as carrying significance described in RFC 2119 [RFC2119].
3. Motivation

   Photonic firewall can directly realize the intrusion detection and
   security protection in optical domain. A photonic firewall can
   replace tens of thousands of electronic firewalls. Since the cost of
   the photonic firewall is very high, it can only be deployed just in a
   few places. In order to ensure that each established light-path can
   be obtained the security detecting, the photonic firewall oriented
   routing and spectrum allocation strategy should be designed for each
   user request. The strategy has a low complexity and is suitable for
   large-scale optical networks.
4. Photonic Firewall Oriented Routing and Spectrum Allocation Strategy

   This section first gives introduce the photonic firewall and its
   applications in optical networks. Then, the secure connection
   establishment requirement is elaborated. At last, the photonic
   firewall oriented routing and spectrum allocation strategy is
   elaborated.

4.1. Photonic Firewall

   Photonic firewall is an optical network device. It leverages the all-
   optical pattern matching to directly identify the signals in the
   optical domain, and then distinguish hidden network intrusions and


Li, et al.                  Expires December 29, 2021           [Page 4]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021


   attacks. It selects corresponding defense means according to the set
   security policy. As presented in Figure 1, it can be deployed in the
   important optical switching node, gateway node, or access node. The
   all-optical pattern recognition is the core part of photonic
   firewall. It is composed of one all-optical XNOR gate, all-optical
   AND gate, and a regenerator, as shown in Figure 2.
   +------------------------+                    +---------------------+
   |                        |                    |                     |
   |      IP/Ethernet       |                    |   Optical Network   |
   |                        |                    |                     |
   |               +--------|--------+     +-----|-----------+         |
   +------------------------+        |     |     +---------------------+
                   |   Core Router   |     |Photonic Firewall|
                   |Photonic Firewall|     |                 |
                   |    +-------------------------+          |
                   +----|------------+     +------|----------+
                        |                         |
                        |     Optical Network     |
                        |                         |
                        |                         |
                        +-------------------------+
                               Photonic Firewall Applications

                      Loop
                   --<---
                  |  nT  |
                   -->---    +------+
   Data sequence------------>|      |            +------+
   Probe-------------------->| XNOR |----------->| AND  |------->Output
   Target sequence---------->|      |  ---->---->|      |     |
                             +------+  |    |    +------+     |
                                       |    |                 |
                                       |    |  Recirculating  |
                         Initialing signal  |       Loop      |
                                            |      --<---     |
                                            |     |(n+1)T|    |
                                            |      -->---     |
                                            |  +-----------+  |
                                            |--|Regenerator|<-|
                                               +-----------+
                                All-optical pattern matching




Li, et al.                  Expires December 29, 2021           [Page 5]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021


4.2. Secure Connection Establishment Requirement

    For the security detecting requirement, each light-path should pass
    through at least a photonic firewall. As presented in Fig. 3, three
    photonic firewalls are deployed in nodes A, F, and D. There are
    three light-paths are established in the network (B->A->G, G->F->C,
    and E->D->C). Each light-path passes through a photonic firewall.

                    +---+              +---+
                    | B |--------------| C |
                   /+---+             /+---+\
                  /  /   \           / A   A \
                 /  /     \         / /     \ \
                /  /       \       / /       \ \
               /  /         \     / +----+    \ \
     +----+   /  /           \   / /| PF |     \ \    +----+
     | PF |+---+/             +---+ +----+      \+---+| PF |
     +----+| A X--------------| F/|--------------X D |+----+
           +---+\             +---+             /+---+
               \ \           / /  \            / /
                \ \         / /    \          / /
                 \ \       / /      \        / /
                  \ \     / /        \      / /
                   \ V   / /          \    / /
                    \+---+/            +---+/
                     | G |-------------| E |
                     +---+             +---+
                   Secure Connection Establishment (PF denotes photonic
                                       firewall)
4.3. Photonic Firewall oriented Routing and Spectrum Allocation Strategy

    The photonic firewall oriented routing and spectrum allocation
    strategy adopts the greedy strategy. For each user, it calculates
    the closest photonic firewall. Thus, each photonic firewall has a
    user set in which any user is closest to it. In other words, the
    whole network is divided into several parts according to the
    locations of all deployed photonic firewalls. When a new user
    request arrive the network, the user first calculates the shortest
    path to its closest photonic firewall, and then calculates the
    shortest path from the photonic firewall to its destination.
    Finally, the First-Fit algorithm is used to conduct spectrum
    allocation on the two shortest paths.





Li, et al.                   Expires December 29, 2021          [Page 6]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021


    +--------------------+            +------------+
    |               +---+|           / +---+      /
    |               | B |--------------| C |     /
    |              /+---+|         /  /+---+\   /
    | Area1       /  /   \        /  / A   A \ /
    |            /  /    |\      /  / /     \ \
    |           /  /     | \    /  / /       \ \ +------------+
    |          /  /      |  \  /  / +----+  / \ \             |
    |+----+   /  /       |   \/  / /| PF | /   \ \    +----+  |
    || PF |+---+/        |   /+---+ +----+/   / \+---+| PF |  |
    |+----+| A X--------------| F/|--------------X D |+----+  |
    |      +---+\        | /  +---+     /   /   /+---+        |
    +----------\-\-------+/  / /  \    /   /   / /            |
                \ \      /  / /    \  /   /   / /             |
                 \ \    /  / /      \/   /   / /              |
                  \ \  /  / /       /\  /   / /     Area3     |
                   \ V/  / / Area2 /  \/   / /                |
                    \+---+/       /   /+---+/                 |
                    /| G |-------------| E |                  |
                   / +---+      /   /  +---+                  |
                  +------------+   +--------------------------+
                                     Photonic Firewall Area

    As presented in Fig. 4, the whole network is divided into three
    parts. In each part, a photonic firewall is responsible for the
    security detecting for each user in this part. This strategy has a
    low complexity and is suitable for large-scale optical networks.

5. Security Considerations
    TBD

6. IANA Considerations

    This document makes no request of IANA.
7. References

7.1. Normative References

    [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", BCP 14, RFC 2119, March 1997.




Li, et al.                   Expires December 29, 2021          [Page 7]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks December 2020

7.2. Informative References

    [Fok2011] M. P. Fok, Z. Wang, Y. Deng, and P. R. Prucnal, "Optical
                Layer Security in Fiber-Optic Networks", IEEE
                Transactions On Information Forensics and Security,
                vol. 6, no. 3, pp. 725–736, 2011.

    [Wang2010] Z. Wang, M. P. Fok, L. Xu, J. Chang, and P. R. Prucnal,
                "Improving the privacy of optical steganography with
                temporal phase masks", Opt. Express, vol. 18, no. 6, pp.
                6079–6088, 2010.




Li, et al.                   Expires December 29, 2021          [Page 8]


Internet-DraftPhotonic firewall oriented routing and spectrum allocation
strategy in optical networks June 2021

Authors' Addresses

    Xin Li
    Beijing University of Posts and Telecommunications
    10 Xitucheng Road, Haidian District, Beijing, China

    Email: xinli@bupt.edu.cn

    Lu Zhang
    Beijing University of Posts and Telecommunications
    10 Xitucheng Road, Haidian District, Beijing, China

    Email: luzhang@bupt.edu.cn


    Ying Tang
    Beijing University of Posts and Telecommunications
    10 Xitucheng Road, Haidian District, Beijing, China

    Email: ytang@bupt.edu.cn


    Zicheng Shi
    Beijing University of Posts and Telecommunications
    10 Xitucheng Road, Haidian District, Beijing, China

    Email: zchshi@bupt.edu.cn

    Shanguo Huang
    Beijing University of Posts and Telecommunications
    10 Xitucheng Road, Haidian District, Beijing, China

    Email: shghuang@bupt.edu.cn




Li, et al.                   Expires December 29, 2021          [Page 9]