Journal of Networks - Academy Publisher

More documents

Recommendations

Info

132 JOURNAL OF NETWORKS, VOL. 5, NO. 2, FEBRUARY 2010 Control and Management Issues in All-Optical Networks Abstract—As more intelligence and control mechanisms are added into optical networks, the need for the deployment of a reliable and secure management system using efficient control techniques has become increasingly relevant. While some of available control and management methods are applicable to different types of network architectures, many of them are not adequate for all-optical networks. These emerging transparent optical networks have particularly unique features and requirements in terms of security and quality of service thus requiring a much more targeted approach in terms of network management. In particular, the peculiar behavior of all-optical components and architectures bring forth a new set of challenges for network security. In this article, we briefly overview security and management issues that arise in all-optical networks. We then discuss the key management functions that are responsible for ensuring the secure and continued functioning of the network. Consequently, we present a framework for the realization of an appropriate management system that can meet the challenges posed by all-optical networks. Index Terms—all-optical networks, optical network security, fault and attack management. I. INTRODUCTION All-Optical Networks (AONs) are emerging as a promising technology for very high data rates, flexible switching and broadband application support. Specifically, they provide transparency capabilities and new features allowing routing and switching of traffic without any regression or modification of signals within the network. Although AONs offer many advantages for high data rate communications, they have unique features and requirements in terms of security and management that distinguish them from traditional communication networks. In particular, the unique characteristics of AON © 2010 ACADEMY PUBLISHER doi:10.4304/jnw.5.2.132-139 Ridha Rejeb Institute for Advanced Engineering and Research, Germany Email: ridha.rejeb@iaer.eu Mark S. Leeson School of Engineering, University of Warwick, UK Email: mark.leeson@warwick.ac.uk Carmen M. Machuca Munich University of Technology, Germany Email: cmas@tum.de Ioannis Tomkos Athens Information Technology Center, Greece Email: itom@ait.edu.gr components and network architectures bring forth a set of new challenges for network security. By their nature, AON components are particularly vulnerable to various forms of denial of service, Quality of Services (QoS) degradation, and eavesdropping attacks. Since even short (in terms of duration) faults and attacks can cause large amounts of data to be lost, the need for securing and protecting optical networks has become increasingly significant [1-3]. In emerging AONs, efficient monitoring and estimation of signal quality along a lightpath 1 are of highest interest because of their importance in diagnosing and assessing the overall health of the network. One of the main reasons for continuous monitoring and controlling of the proper functioning of AON components is related to the fact that transmission in AONs is limited by a number of effects such as optical crosstalk, amplified spontaneous emission noise, laser saturation, fiber nonlinearities, reflections, jitter accumulation, and signal bandwidth narrowing caused by filter concatenation. Despite a careful design of AONs, enabling pre-estimation of the worst possible impact on QoS degradations and the provision of sufficient margins to tolerate it, a resourceful attacker or nefarious user can exploit these transmission limiting effects to perform disruptive attacks upon the whole network. Another important characteristic of AONs is that the impact of subtle forms of attacks and miscellaneous transmission impairments accumulate while traveling through the network and can thus degrade the signal quality enough to reduce the QoS without precluding all network services. Such disruptive faults or attacks are totally 1 A lightpath is defined as an end-to-end optical connection between a source and a destination all-optical node.
JOURNAL OF NETWORKS, VOL. 5, NO. 2, FEBRUARY 2010 133 beyond control and is quite difficult to be detected by monitoring the network equipment. In this article, Section II and III give a brief overview on the security and management issues that may arise in AONs from their employed components, respectively. Section IV presents the key management functions that are responsible for ensuring the secure and continued functioning of the network. In Section V we propose a framework for the realization of an appropriate Network Management System (NMS) that can meet the challenges posed by AONs. Section VI introduces several control plane architectures taking into consideration still open and unsolved development issues. Finally, we present the conclusions of this article. II. SECURITY ISSUES In the context of this work, an attack is defined as an intentional action against the ideal and secure functioning of the network, whereas a fault is defined as an unintentional action against the ideal and secure functioning of the network. Failures are referred to as the faults and attacks that can interrupt the ideal functioning of the network [2]. Security attacks upon AONs may range from a simple physical access to more complex attacks exploiting: a) the peculiar behaviors of optical fibers, b) the unique characteristics of AON components, and c) the shortcomings of available supervisory techniques and monitoring methods. Attacks can be classified as eavesdropping or service disruption. In this scenario, they are different in nature ranging from malicious users (i.e., users inserting higher signal power) to eavesdroppers. Thus, attacks differ from conventional faults and should be therefore treated differently. This is because they appear and disappear sporadically and can be launched elsewhere in the network. In particular, the attacker may thwart simple detection methods, which are in general not sensitive enough to detect small and sporadic performance degradations. Furthermore a disruptive attack, which is erroneously identified as a component failure, can spread rapidly through the network causing additional failures and triggering multiple erroneous alarms. Security attacks therefore must be detected and identified at any node in the network where they may occur. Moreover, the speed of attack detection and localization must be commensurate with the data transmission rate [3]. Furthermore, transparency in AONs may introduce significant miscellaneous transmission impairments such as optical crosstalk, amplified spontaneous emission noise, and power divergence [4]. In AONs, those impairments accumulate as they propagate and can impact the signal quality so that the received bit error rate at the destination node might become unacceptable high. III. MANAGEMENT ISSUES Network management is an indispensable constituent of communication systems since it is responsible for ensuring the secure and continued functioning of any © 2010 ACADEMY PUBLISHER network. Specifically, a network management system should be capable of handling the configuration, fault, performance, security, and safety in the network Network management for AONs faces additional security and management challenges. One of the main premises of AONs is the establishment of a robust and flexible control plane for managing network resources, provisioning lightpaths, and maintaining them across multiple control domains. Such a control plane must have the ability to select lightpaths for requested end-to-end connections, assign wavelengths to these lightpaths, and configure the appropriate resources in the network. Furthermore, it should be able to provide updates for link state information to reflect which wavelengths are currently being used on which fiber links so that routers and switches may make updated routing decisions. An important issue that arises in this regard is how to address the trade-off between service quality and resource utilization. Addressing this issue requires different scheduling and sharing mechanisms to maximize resource utilization while ensuring adequate QoS guarantees. One possible solution is the aggregation of traffic flows to maximize the optical throughput and to reduce operational and capital costs, taking into account qualities of optical transmission in addition to protection and restoration schemes to ensure adequate service differentiation and QoS assurance. A control plane should therefore offer dynamic provisioning and accurate performance monitoring, plus efficient restoration in the network and most of these functions need to move to the optical domain. Connection provisioning, for example, should enable a fast automatic setup and teardown of lightpaths across the network thereby allowing dynamic reconfiguration of traffic patterns without conversion to the electrical domain. Another related issue arises from the fact that the implementation of a control plane requires information exchange between the control and management entities involved in the control process. To achieve this, fast signaling channels need to be in place between switching nodes. These channels might be used to exchange up-todate control information that is needed for managing all supported connections and performing other control functions. In general, control channels can be realized in different ways; one might be implemented in-band while another may be implemented out-of-band. There are, however, compelling reasons for decoupling control channels from their associated data links. An important reason for this is that data traffic carried in the optical domain is transparently switched to increase the efficiency of the network and there is thus no need for switching nodes to have any understanding of the protocol stacks used for handling the control information. Another reason is that there may not be any active channels available while the data links are still in use, for example when bringing one or more control channels down gracefully for maintenance purposes. From a management point of view, it is unacceptable to teardown a data traffic link, simply because the control channel is no longer available. Moreover, between a pair of
Page 1 and 2: Journal of Networks ISSN 1796-2056
Page 3 and 4: JOURNAL OF NETWORKS, VOL. 5, NO. 2,
Page 5: JOURNAL OF NETWORKS, VOL. 5, NO. 2,
Page 23 and 24: APPENDIX EVALUATION OF THE OPTICAL
Page 57 and 58:
JOURNAL OF NETWORKS, VOL. 5, NO. 2,
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Aims and Scope. Call for Papers and
show all

Journal of Networks - Academy Publisher

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?