Optical Networks Security: A Failure Management ... - CiteSeerX

Optical Networks Security: A Failure Management Framework

Carmen Masa* , Ioannis Tomkos a and Ozan K. Tonguz b a Athens Information Technology, Markopoulo Av, PO. BOX 68, 19002 Peania, Athens Greece b Carnegie Mellon University, Hamerschlag Hall B203, Pittsburgh, PA USA 15213-3890

ABSTRACT Network security is becoming a very sensitive and important topic for equipment manufacturers and network operators. In transparent optical networks, security is even more complex since the optical signals are not regenerated as in opaque networks and, therefore, the faults and attacks at the physical layer are more difficult to detect and isolate without significantly affecting the overall network performance. In this paper we define Failure Management as the prevention, detection, and reaction against failures. Failures are defined as the interruptions of the normal functioning of the network and comprise faults (accidental interruptions) as well as attacks (intentional interruptions which can be performed by service disruption or eavesdropping). Our work deals with a solution to detection of failures in transparent networks. For this purpose we have extended a Fault Location algorithm3 developed for opaque optical networks to be used in transparent networks and be able to also locate attacks. The proposed algorithm is called Transparent Failure Location Algorithm (TFLA). The first part of the extension is based on the study of other optical network elements such as Optical Add/Drop Multiplexers (OADMs), Optical Cross-Connects (OXCs), wavelength converters, Optical Line Terminators, etc. The vulnerability of these elements depends on their architecture and/or fabrication technology and, therefore, different attacks can be considered. A classification of these components based on the masking and alarming properties is proposed. The second part of the extension is based on the monitoring equipment that may be available in transparent networks. The TFLA was applied for the case of a transparent ring of the Pan-European network. Keywords: network security, fault location, all optical networks.

1. INTRODUCTION Today's optical WDM networks are opaque optical networks able to transmit up to 160 wavelengths per fiber and packing more than 800 fibers into a single cable. The advantage of optical networks is therefore the high capacity and transmission rate. On the other hand, when a cable breaks, thousands of connections are interrupted which leads to the loss of thousands of Gigabits of data. This shows that the problem of fault location and isolation has become crucial in optical networks. Faults at the physical layer should be located as fast as possible not only to avoid loosing a lot of data but so that higher layers do not see the fault and start performing their own fault mechanisms. Optical networks may have several layers (typically IP/ATM/SONET/WDM or IP/SONET/WDM) which all perform fault management independently from each other. Although today's networks cannot avoid task duplication, we believe that interoperability between layers will not only eliminate it, but will also improve the performance of the fault management tasks. More precisely, the fault location problem could be more efficient if the management system was able to correlate information from the different layers. At the physical layer, the management system receives information about the physical properties of the network, such as optical power and temperature of the equipment. At the WDM layer, if adequate testing equipment is deployed, the management system obtains information about the quality of the optical signals such as Signal to Noise Ratio (SNR) and crosstalk. The manager at the upper layers receives more detailed information about the quality of the signal such as Bit Error Rate (BER), which is specific to each transmission technology. Merging all this information may help to better locate faults and even to predict faults. As mentioned previously, fault location is based on the alarms received by the network management system. When there are two or more simultaneous faults, the number of alarms increases considerably, the alarms arrive intermingled to the management system, and the problem of locating the faults becomes even more difficult. The problem of locating

*Carmen Mas; [email protected]; Phone: +30 210 668 2773; Fax: +30 210 668 2703; www.ait.gr

multiple faults has been shown to be NP-hard 1 . Apart from the requirements of being fast and able to locate simultaneous faults, the fault management should be efficient, i.e., should be able to provide the smaller set of components that are fault candidates. In this way, the cost of repairing faults (digging or sending technicians) can be reduced. Other work targeting attack location15 has been based on the development and proposal of new protocols that provide messages which reveal the attack location. Transparent optical networks are optical networks where the data remains in the optical domain along its path without going through any optic-to-electric conversion. A lightpath is the end-to-end optical path which may use different wavelengths if the network has wavelength conversion capabilities. In transparent networks, optical signal may undergo through optical amplification, optical regeneration, optical switching and optical conversion. These networks are very promising as they reduce unnecessary, expensive optoelectronic conversions, offer high data-rate, provide flexible switching, and support multiple types of clients (different bit rates, modulation formats, protocols, etc.). However, fault location in these networks is more complex than in opaque networks mainly for two reasons. Firstly, the optical signal is more vulnerable to degradation without being noticed by the network management system. In opaque networks the quality of the signal is monitored at each regeneration point and it can be surveyed closely, which is not the case in transparent networks where the optical signal will be converted at the end of each lightpath. The second reason is that the information received by the network management system is more limited in transparent networks as it relies on analog signal measurements at some points of the network, whereas in opaque networks per bit or BER performance based monitoring is available. We should point out that BER monitoring is a well-known technique to supervise network performance. However, when the transmission speed increases, BER monitoring becomes very expensive as it imposes the requirement of electrically receiving the optical signal. The remainder of this paper is organized as follows: Section 2 introduces the failure management concept and its significance. Section 3 gives a classification of the components of a transparent optical network. The attacks and faults that may occur in a transparent network are shown in Section 4 together with the alarming properties of the optical components. Section 5 presents the Transparent Failure Location Algorithm which includes the proposed component classification, the input and methodology of the algorithm with a particular example. Section 6 shows the application of the algorithm to a ring of the Pan-European network and, finally, Section 7 concludes the paper.

2. FAILURE MANAGEMENT Fault management of optical networks deals with the prevention, detection, and reaction to faults. Prevention deals with the component and network design so that it can prevent faults. When the fault has occurred, detection takes care of learn ing about the existence of the fault and to identify it. Last but not least, reaction manages to restore the connections that have been disturbed by the fault. All these functionalities become even more important in optical networks because of (i) the high bit rates that cause a huge amount of information to be lost (ii) the high latency of the network that allows a lot of data to get into the network when the failure occurs, (iii) the failure identification that should be efficient and exact in order to restore the connections and isolate the fault efficiently 2 . This fault management can be extended to also cover attacks. Attack can be defined as an intentional action against the ideal and secure functioning of the network. Attacks can be classified as eavesdropping or service disruption. Hence, we can define as failure the set of faults and attacks that can interrupt the ideal functioning of the network. An important and unsolved issue from the network management point of view is a way to distinguish fault from attacks. One possible parameter can be time scale in which faults/attacks occur, since faults due to natural fatigue and aging of the components may be slower than an attack which is much faster. Another way to distinguish faults from attacks is the frequency of their occurrence, that is, a fault may occur once and remain as fault until it is repaired, whereas an attack may appear and disappear increasing the difficulty of its detection.

3.COMPONENTS OF A TRANSPARENT OPTICAL NETWORK This section describes the components of a transparent optical network. We distinguish two classes of network components. The first one, described in Section 3.1, contains the optical components which take care of the optical signal transmission and are not able to send alarms. The second one, described in Section 3.2, contains the Monitoring equipment which is able to send alarms and notifications when the optical signal is not the expected one. The alarms sent by monitoring equipment depend on the kind of equipment and its characteristics. The failure of the monitoring

equipment does not interrupt/modify the data transmission and therefore their failure is not as relevant as the failure of an optical component. Moreover, when monitoring equipment fails, it may result in the loose of an alarm which will be considered in the proposed algorithm as a lost alarm.

Failures

Faults

Attacks

Service Disruption or Degradation

Eavesdropping

Semantic security management

Failure Management

Prevention

Detection

Reaction

Figure 1. Relationship between failure classification and effects with failure and security management functions.

3.1.

Optical equipment

The optical equipment of a transparent optical network can be listed as follows: • Transmitters (Txs), which are located at the beginning of an optical channel, are lasers or laser arrays converting electrical signals into optical ones at a certain wavelength. The resolution of the laser limits the spacing between the different wavelengths of the different channels, and hence the number of channels in WDM networks. New lasers used in advanced WDM networks are tuneable and can change the emission wavelength within a prescribed range. Some lasers do include a wavelength locker so that when the emitted wavelength deviates from the expected value due, for example , to temperature changes, it resets the transmitter to the original wavelength. • Receivers (Rxs), which are located at the end of an optical channel, convert the received optical signal of a certain wavelength, into an electrical one. • Optical switches: There are different switches architectures, each of them having different crosstalk characteristics: crossbar, Clos, Spanke, Benes, and Spanke-Benes. Different technologies can be used for their implementation (except MEMS, all these technologies are used in crossbar architectures): • Micro-Electro-Mechanical System (MEMS) • Bulk mechanical • Bubble-based waveguide • Liquid crystal • Thermo -optical • SOA • Amplifiers, which output a signal at a higher power level than the input signal. Most amplifiers add distortion to the signal. A fault may occur when the pump laser (in the case of EDFA and Raman amplifiers) fails or when the fiber or a passive component within the amplifiers fails. Other faults may involve the failure of the gain monitoring system causing gain variations. They send alarms for example when the pump laser does not work properly, or when the incoming power below a threshold value. • Optical regenerators and wavelength converters: These two types of elements are included in the same category since they are based in similar physical principles and technologies. There are three techniques to perform optical wavelength conversion and regeneration: optical gating, interferometer, and “wave mixing” based.

• •

•

Couplers (Splitters/combiners): These elements are included in some demultiplexers/multiplexer architectures. Their key performance parameter is their insertion loss that may be kept low so that when included in serial architectures the overall loss is still acceptable. Optical filters: These components have two important applications: to be used to multiplex and demultiplex wavelengths in a WDM system, and to provide equalization of the gain and filtering of noise in optical amplifiers. The most important characteristics of optical filters are: insertion loss, temperature coefficient, flat passband, sharp passband skirts. Protection switches, which receive more than one optical signal, and select one among them having an acceptable power level. They send an alarm when they change the switch position due to an unacceptable incoming optical power.

3.2.

Monitoring equipment

Different types of monitoring equipment exist in the market and are used in transparent optical networks 13 . The monitoring equipment is used by tapping the optical signal using for example tapping couplers. We assume that for monitoring purposes, the optical signal can be converted to the electrical domain, as for example in the BER monitoring where the signal is electrically received so that the BER can be calculated. We distinguish six different types of monitoring equipment: • Optical Power Meter: This monitoring equipment is able to detect any change in the power of the optical signal. It may be able to send alarm when the measured power is different from the expected one. • Optical Spectrum Analyzer14 : This equipment is able to perform analog optical signal monitoring by measuring the spectrum of the optical signal. The parameters that can be measured are channel power, channel center wavelength and optical signal to noise ration (OSNR) which is useful and provides important information on the health and quality of the optical signal. For example, it is able to detect OSNR changes (even if they do not cause optical power variations) and out-band unexpected signals. • Eye Monitoring is able to monitor the eye diagram. This diagram gives information on the time distortion and interferences. From the eye diagram, the histogram can be derived which is used to study the statistical characteristics of the optical signal. However, to obtain the histogram, the amplitude of the eye should be measured which implies the sampling of the optical signal6,7 . • BER Monitoring: After converting the signal to the electrical domain, this equipment is able to calculate the Bit Error Rate which is sensitive to the noise and to time distortion. This equipment is sensitive to impairments such as crosstalk, chromatic and polarization mode dispersion, and optical non-linearities. Most of the BER techniques are based on the synchronous 10,11 or asynchronous7,9 sampling of the optical signal. • Wavemeter it is an accurate monitoring equipment able to detect any variation in the used wavelength. This equipment is used by the maintenance personnel to check and verify that the used wavelengths are the expected ones . • Pilot tones and OTDR (Optical Time Domain Reflectometry) techniques are other techniques to monitor the performance of the network. They are outside the scope of this paper. Power Optical Power Meter Optical Spectrum Analyzer Eye Monitoring BER Monitoring Wavemeter Pilot Tones

Yes Yes Yes Yes Yes Yes

In-band Jamming No No Yes Yes No No

Out-band Jamming No Yes Yes Yes No No

Wavelength misalignment No No 1 No No Yes No

Table 1 Failure detection capabilities of monitoring equipment.

1

OSAs have low resolution to detect small wavelength misalignments.

Time distortion No No Yes Yes No Yes

4. FAILURES IN TRANSPARENT NETWORKS This section focuses on the physical security of optical networks, i.e., the reliability of an optical network from the physical layer point of view. As discussed previously, transparent optical networks are more vulnerable than opaque networks. Opaque networks survey the signal quality at the regenerators and other network components performing optical-to-electrical signal conversion. At these nodes, the signal quality can be measured by calculating the bit-error rate (BER) and performing some error control on the digital signal. Conversely, transparent networks do not perform any electrical conversion and, therefore, they can only rely on the information obtained from the optical analog signal measured at the performance and monitoring equipment of the network. Another disadvantage of transparent networks is that a single failure can affect more channels than in opaque networks and the failure damage may have a greater impact, as there are no transparency boundaries supported by optoelectronic regenerators. Examples of some attacks in all-optical networks and their detection4 have been published. Most of them refer to extra components that perform new processing of the monitored data. The algorithm we propose in this paper is based on the data that monitoring equipment is already able to deliver.

a

λ1

λ2

λ1

b

λ1

λ2

λ1

λ2

λ2

λ 1 filter Fiber 1 λ2

Switch

c

Fiber 2 λ2

Figure 2. Example of attack and its propagation through different network components. Figure 2 shows the example of an attack: an attacker inserts optical power at a wavelength that is already used (λ2). This attack will cause an increase of the optical power at that wavelength that will disturb neighbouring channels. For example, when traversing an optical amplifier such as EDFA, the gain that λ2 channel will be greater than the gain of λ1 channel (case a of Figure 2). Even after filtering channel λ1, there is some residual optical power at λ2 higher than the one specified in the system, so it can degrade the performance of its neighbouring channels (case b of Figure 2). When there are optical switches, crosstalk is very critical. In our example, λ2 channel of Fibre 2 could be disturbed by λ2 channel of Fibre 1 due to crosstalk (case c of Figure 2). The degree of crosstalk is closely related to the optical power pumped by the attacker. Examples of attacks that may occur in a transparent optical network are: • In-band jamming power: An attacker may increase gradually the power of one channel with respect to the other channels at the input so that the output of some channels may be too low or too high (low power channels get less gain that high power channels: power equalization). • Out-band jamming power: An attacker may insert power at a wavelength outside the signal window and cause Raman effect and Cross-gain modulation (in SOAs) that will affect the signal. The disadvantage of this attack is that although a filter may remove the out-band disturbing signal, the damage is already within the data and it won’t be detected until being received and monitored by a BER or Eye monitor. • Crosstalk: SOA have higher crosstalk than other amplifiers due to internal functioning (the existence of one signal may decrease the population inversion of the other signal). However, Raman amplifiers show crosstalk at WDM signals as well. • Transients: Disadvantage of EDFAs and some SOAs that can be used for signal degradation of neighboring channels .

•

Optical fiber cut or bend: A fiber can be cut so that all the optical power is lost. A fiber can also be bent so that there is some leak out of power or an attacker may insert some high power signal. Also, the dispersion and attenuation characteristics of the fiber may change by warming the fiber. • Wavelength shift: transmitter may emit a signal with a wavelength slightly different than the expected one. Some operators use signal lockers to check the transmitted wavelength and if necessary correct it. However, this failure could be included and detected by the failure management. These attacks have been grouped into four different failure categories based on the effects that cause on the signal: power drop, in-band and out-band jamming and wavelength misalignment. Power drop includes the power decrease and cut. In-band jamming covers also intrachannel crosstalk, whereas out-band jamming covers also interchannel crosstalk and non-linearities. Optical Component Optical fiber Transmitter/Receiver Filter Switch Coupler Converter/Regenerator Amplifier

Power drop No No No No No Yes Yes (4)

Wavelength misalignment No No No No No Yes (3) No

In-band Jamming No No No No No Yes (2) No

Out-band Jamming No No Yes (1) No No Yes No

Category O0 O0 O2 O0 O0 O1 O3

Table 2 Masking relationships of the optical components. (1) Masking will occur when the filter bandwidth is sharp enough to get the signal and keep out the out-band signal. (2)Some techniques are able to suppress crosstalk. (3) Except when is based on the FWM effect. (4) True when there is not power monitoring at the input.

4.1.

Alarming properties

In this study, several failures have been studied as well as the network ele ments behavior when the failures occur. Based on this behavior, we have defined different alarming properties: • Power dropping masking: This property specifies whether the optical component masks or not any important drop of the optical power to any other monitoring equipment that follow it on the channel. For example, a regenerator will mask the power drop occurred before the regenerator to any other component located after it in the channel. • Misalignment masking: This property specifies whether the network component masks or not the wavelength misalignment failure to the network components that follow it on the channel. For example, a wavelength converter will mask any wavelength misalignment occurring at any optical component located before it in the channel (except if it uses the Four-Wave Mixing effect). • In-band Jamming masking: This property specifies whether the optical component masks or not the in-band jamming to the network components that follow it on the channel. For example, some regenerators are able to suppress crosstalk caused by in-band jamming. • Out-band Jamming masking: This property specifies whether the optical component masks or not the out-band jamming to the network components that follow it on the channel. For example, a filter should be able to eliminate the out-band signal when having a bandpass cutting it off.

5. FAILURE LOCATION ALGORITHM Time lo locate failure(s) is critical and therefore failure location algorithm must be as fast as possible. Unfortunately, the problem of locating mu ltiple failures has been shown to be NP-complete in the ideal scenario of receiving each of the expected alarms 1 . However, the computation that has to be carried out when new alarms reach the manager can be kept as small as possible. The proposed algorithm has two phases: a phase with the heavy computational charge, which is called Pre-computational phase (PCP) and another phase consisting in traversing a simple binary tree when alarms reach the manager, which is called Core phase (CP). The proposed PCP has been implemented on the basis of the algorithm used to locate multiple faults in non-ideal opaque networks 3 . We have extended this algorithm to cope with faults and also attacks in transparent networks and it is denoted as Transparent Failure Location Algorithm (TFLA).

5.1.

Network Component Classification

As already mentioned before, the network components can be classified into two different categories: optical components and monitoring equipment. The former takes care of the transmission of the optical signal, whereas the latter takes care of the optical signal motoring. The monitoring components are able to send alarms when the optical signal is degraded and do not mask any failure since they receive the optical signal though a tapping coupler. On the figures they are represented by a square. On the other hand, the optical components are able to mask failures and based on this masking property can be classified in different categories. These components are represented in the figures by a circle. • Optical Components: Let O denote the ser of optical components of the network. o The O0 Masking Components are the optical components that are not able to mask any failure such as for example an optical fiber. o The O1 Masking Components are the optical components able to mask all kinds of failures. For example, an optical regenerator with crosstalk suppression capabilities and not based on Four wave mixing property. o The O2 Masking Components are the optical components able to mask out of band jamming such as for example an optical filter. o The O3 Masking Components are the optical components able to mask power drop such as for example an optical amplifier when it does not have power monitoring capabilities at its input. • Monitoring components: The monitoring components are classified based on the failures they are able to detect. Let V denote the set of monitoring components of the network. o Let V0 denote the set of monitoring components able to detect just unexpected power variations such as powermeter. o Let V1 denote the set of monitoring comp onents able to detect unexpected power variations as well as out-band jamming such as OSNR. o Let V2 denote the set of monitoring components able to detect unexpected power variations as well as in-band and out-band jamming such as BER. o Let V3 denote the set of monitoring components able to detect unexpected power variations as well as wavelength misalignment. Power Optical Power Meter Optical Spectrum Analyzer Eye Monitoring BER Monitoring Wavemeter

Yes Yes Yes Yes Yes

In-band jamming No No Yes Yes No

Out-band jamming No Yes Yes Yes No

Wavelength misalignment No No No No Yes

Category V0 V1 V2 V2 V3

Table 3 Classification of the monitoring components based on their failure detection capabilities. The classification may change if the equipment is able to detect other failures.

5.2.

Problem Abstraction

The classification of the previous section enables us to derive and implement the Transparent Failure Location Algorithm (TFLA). The TFLA has to be able to locate the optical component or set of optical components that when failing have caused the alarms received by the manager. The classification of the optical and monitoring equipment is a proposed one, which corresponds to the characteristics of the network components described in the previous section. Of course, the classification may change when considering new characteristics of the components,. For example, a wavelength converter that is based on the Four Wave Mixing property won’t be classified as an O1 element since it won’t mask any wavelength misalignment.

5.3.

Inputs of the algorithm

The objects manipulated by the TFLA are the same as in FLA 3 except that in our case, the monitoring equipment does not send binary alarms but is able to send different alarms depending on the signal degradation they measure.

•

Set of the established channels CH={CHi }, which is updated every time there is a channel established, modified or clear down. A channel is an ordered list of network components denoted by CH,i ={comp j } where comp ∈ O. The monitoring equipment is considered within the channel at the tapping points where they are located. The channels are considered as unidirectional. Bi-directional channels are equivalent to a pair of unidirectional channels. Function

Pos (comp, CH i ) returns the position of comp within the channel CHi if comp belongs to this

channel and 0 otherwise. In other words,

0 if Pos( comp, CH i ) =   i if • •

5.4.

∀comp j ∈ CH i , comp j ≠ comp ∃comp j ∈ CH i , comp j = comp

Set of received alarms R. Every time there is a new alarm, the set R is updated and the TFLA is run. Mismatching thresholds m1 and m2 giving the maximum number of allowed lost and false alarms. The case when m1 = m2 =0 corresponds to the ideal scenario when no lost or false alarms are expected.

Domain definition

3

FLA introduced a new function called Domain(comp) which return the set of network elements that will send an alarm when comp fails. This function is also used in TFLA by applying it at the different failures presented in Section 4. Hence, four different kinds of Domain have been distinguished for every network component based on the nature of the failure: • PDomain(e1) is the set of monitoring equipment whose alarms are expected when e1 suffers a power decrease or cut. These elements are any V monitoring equipment that follows e1 in at least one channel and do not have any O1 or O3 component between them. Mathematically, PDomain(e1) can be expressed as follows:

PDomain( e1 ) = {e2 ∈ V | e1 P e 2 = 1}

where e1 Pe2 =1 if and only if o e2 is a V monitoring equipment, o ∃CH i ∈ CH with 0 < Pos( e1 , CH i ) < o •

∀e j

with

Pos( e2 , CH i ) Pos( e1 , CH i ) < Pos( e j , CH i ) < Pos (e 2 , CH i ) e j ∉ O1 , O3

MDomain(e1) is the set of monitoring equipment whose alarms are expected when e1 suffers a wavelength misalignment. These elements are any V4 monitoring equipment that follows e1 in at least one channel and do not have any O1 component between them. Mathematically, MDomain(e1) can be expressed as follows:

MDomain (e1 ) = {e2 ∈V4 | e1 M e 2 = 1}

where e1 Me2 =1 if and only if o e2 is a V4 monitoring equipment, o ∃CH i ∈ CH with 0 < Pos( e1 , CH i ) < o •

∀e j

with

Pos( e2 , CH i ) Pos( e1 , CH i ) < Pos( e j , CH i ) < Pos (e 2 , CH i ) e j ∉ O1

IBJDomain(e1 ) is the set of monitoring equipment whose alarms are expected when in e1 occurs an in-band jamming. This in-band jamming can be caused by intrachannel crosstalk, in-band insertion of power, etc. The elements of the domain are any V3 monitoring equipment that follows e1 in at least one channel and do not have any O1 component between them, where this M1 component can be regenerator or wavelength converter with IBJ suppression capabilities.. Mathematically, IBJDomain(e1) can be expressed as follows:

IBJDomain (e1 ) = {e2 ∈ V3 | e1 IBJ e2 = 1}

where e1 IBJ e2 =1 if and only if o e2 is a V3 monitoring equipment, o •

∃CH i ∈ CH with

0 < Pos( e1 , CH i ) < Pos( e2 , CH i ) e j ∉ O1

OBJDomain(e1 ) is the set of monitoring equipment whose alarms are expected when in e1 occurs an out-band jamming. This out-band jamming can be caused by non-linearities, interchannel crosstalk, etc. The elements of

this domain are any V2 or V4 monitoring equipment that follows e1 in at least one channel and do not have any O1 or O2 component between them. Mathematically, OBJDomain(e1) can be expressed as follows:

OBJDomain ( e1 ) = {e2 ∈ V | e1OBJ e 2 = 1}

where e1 OBJe2 =1 if and only if o e2 is a V2 or V3 monitoring equipment, o o

5.5.

∃CH i ∈ CH with 0 < Pos( e1 , CH i ) < Pos( e2 , CH i ) ∀e j with Pos( e1 , CH i ) < Pos( e j , CH i ) < Pos (e 2 , CH i ) e j ∉ O1 , O 2

Transparent Failure Location Algorithm (TFLA)

TFLA is based on the algorithm FLA developed to locate multiple faults in non-ideal opaque networks 3 . As already mentioned, the FLA consists of two different phases: the Pre-Computation Phase (PCP) and the Core Phase (CP). The PCP gathers most of the complexity and leaves few processing steps to be carried out by the CP. As an example, let us start solving the problem of locating failures within the simple network shown in Figure 3 where two lightpaths have been established. The monitoring equipment is connected through dashed lines. OSNR O3R Rx Tx1 BER M. OADM OF1 Tx2 O3R Rx Eye M. BER M. DCE OSNR OSNR

DCE

DSE Filter

Tx

Rx BER M.

Figure 3 Example of an ultra long haul WDM network including some monitoring equipment at some relevant components such as an amplifier with a Dynamic Spectrum Equalizer (DSE), or an Optical Add-Drop Multiplexer with a Wavelength Selective architecture. We assume that at each span there is a power meter. The figure also shows two established lightpaths. We denote: • the optical components by (i j) where i is an integer that identifies the type of component Oi and j is an integer that identifies the component. In the example shown in Figure 4, (0,1) represents Tx1, (0,2) represents Tx2, (2,1) represents the first multiplexer, etc. • the V0 monitoring equipment by (40,i) where i is an integer that identifies the component. In the example shown in Figure 4, (40,1) represents the powermeter of the first span, (40,2) represents the powermeter of the second span, etc. • the V1 monitoring equipment by (41,i) where i is an integer that identifies the component. In the example shown in Figure 4, (41,1) represents the first OSNR at the output of the first amplifier, (41,2) represents the next OSNR, etc. • the V2 monitoring equipment by (42 i) where i is an integer that identifies the component. In the example shown in Figure 4, (42,1) represents the BER at the OADM, (42,2) represents the BER at last receiver, etc. • the V3 monitoring equipment by (43 i) where i is an integer that identifies the component. However, in the example shown in Figure 3, we have not included any component of this category. The TFLA performs the PCP which consists in:

•

Computation of the domains of each optical component of the established channels. For example, the out-band jamming which could be done at the optical fiber OF2 (0,4) is expected to cause alarms at the OSNR of the amplifier with DSE and at the OSNR located at the amplifier at the end of OF3. After that, the multiplexer at the optical regeneration node removes the undesired signal. This is shown in Figure 4.

•

Grouping identical domains into equivalent classes C1 , C 2 , …, C m (m=n)

OBJDomain (( 0, 4)) = {( 41,2), ( 41,3), ( 41,4), ( 41,5), (41,6)}

For example,

C1 = OBJDomain (( 0,4)) = PDomain ((0,4)) OSNR OSNR Amp

01

Amp

Rx

41 10 0 8 41 8 0 9 3 7 41 9 0 10 3 8 2 4 0 11 42 2

Tx1

DCE Comb.OSNR OF4 DEMUX BER

12

MUX

OSNR Powerm.Powerm.

OSNR OSNR OSNR OSNR OSNR DEMUX MUX

0 2 2 1 3 1 41 1 0 3 40 1 3 2 40 2 0 4 41 2 3 3 41 3 0 5 41 4 3 4 41 5 0 6 41 6 3 5

Tx2

Amp

OF1

Amp

OF2

Amp

DSE

Amp OF3 Amp

22 11 23

Amp 41 7 0 7 3 6

Rx 2 5 0 12 42 1

O3R OSNRSplitterFilter

BER

Figure 4 Example of the modelization of the two channels shown in Figure 3. An out-band jamming signal has been marked in blue and the monitoring equipment that will send alarms have been highlighted. •

Associate to each Ci a binary vector Bin(Ci ) with as many elements as the monitoring equipment within the established channels (14 in our example). The jth component of Bin(Ci ) is equal to 1 if the jth monitoring equipment belongs to Bin(Ci ), and to 0 otherwise. In the example,

Bin( C1 ) = (00011111000000)

•

In order to consider multiple failures, the union of the domains of single failure should be performed. Hence, Bin ( Ci ∪ C j ) = Bin (Ci ) ∨ Bin (C j ) is calculated for all Ci .

•

Let P(Ci ) be the set of optical components and the associated failure whose domain is Ci :

P(C i ) = {(i , F ) with ( 0, i ) ∈ O FDomain (e ) = Ci and F = P, M , IBJ or OBJ } In our example, P(C1 ) = {(( 0, 4), OBJ ), (( 0,4), P)} •

A binary tree is built with a depth equal to V cardinal number (14 in our example) and whose leaves point to the set P(Ci) whose corresponding Bin(Ci) is the path from the root of the binary tree to the leaves. These steps can be pre-computed off-line and before receiving any alarm. Once the manager starts receiving alarms, a last and simple step should be done: Bin(R) is computed and the binary tree is traversed from the root to the corresponding leaf.

6.SIMULATION RESULTS The algorithm has been run on the Pan-European Topology network16 within a ring between Madrid, Barcelona, Lyon, Paris and Bordeaux (Figure 5) that is assumed to be transparent. OADMs are located at the cities of Madrid, Barcelona and Bordeaux using the architecture shown in Figure 6, whereas OXCs are located at Paris and Lyon using the architecture shown in Figure 6. The number of amplifiers needed for each link depends on the distance between the cities shown in Figure 5. Due to the overall ring length, optical regeneration is needed in some nodes (Barcelona, Paris and Bordeaux). In this example, the architecture considered at the OADM and OXC is shown in Figure 6.

Oslo

Paris

Stockholm Glasgow

OXC 49 8k m

Amsterdam Hamburg Berlin Frankfurt

Warsaw

Bordeaux

Brussels

Prague

Zurich

Vienna

Lyon Bordeaux

Madrid

Barcelona

Lyon

Budapest Belgrade

Milan

OXC

OADM 55 6k m

Paris Strasbourg Munich

Zagreb

53 0k m

London

km 396

Copenhagen Dublin

Rome

OADM Athens

Barcelona

OADM

447km

Madrid

Figure 5 The basic reference topology of the COST 266 Pan-European Network with the view of the considered transparent ring including the amplifiers and the regeneration nodes needed. OSNR OSNR

OSNR

OSNR

Switch

Filter

Switch

O3R O3R Tx

Rx BER

Filter Filter Rx Rx

O3R O3R Tx Tx

BER BER

Figure 6 Considered Broadcast and Select architectures at OADM and OXC with optical regeneration. The algorithm has been developed in Java. Through a Graphical User Interface (GUI), we are able to establish channels and send simulated alarms. Another option to create alarms is to select an element to be faulty and the expected alarms, which correspond to the domain of that element, are automatically issued with a certain probability of being lost. The GUI also enables the network manager to decide how many lost and false alarms will accept. 5 different channels have been established in the ring: Channel 1 between Bordeaux and Barcelona, Channel 2 between Madrid and Barcelona, Channel 3 between Madrid and Lyon, Channel 4 between Barcelona and Lyon and Channel 5 between Barcelona and Paris . Hence, only Channel 3 has optical regeneration. The total number of network elements was around 100. This number will change significantly if there are more/less monitoring equipment and/or if other OADMs and OXCs architectures are used. The simulations focused on OBJ and Optical power drop failure scenarios. For example, Failure Alarms Simulation result OBJ at last span between OSNRs located between the failure Optical fiber of the right span with 0 Barcelona and Lyon and DEMUX at Lyon (4 in our case). alarm mismatching (ideal scenario) Power drop at last span OSNR at the next amplifier (2 in our Optical fiber of the right span with 0 between Barcelona and Lyon case). alarm mismatching (ideal scenario)

The results of different failure scenarios match with the mathematical model showed in this article. However, we have foreseen some future work that will improve the performance. For example, when reducing the number of existing monitoring equipment, the TFLA offers more faulty candidates compared with the results of the FLA algorithm for opaque networks. Another possible improvement would be the correlation of neighboring channels that may suffer crosstalk effects.

7. CONCLUSION This paper described the fault location problem which is included in the network fault management. The fault location problem has been extended to also locate attacks. The problem is presented for transparent networks which are more vulnerable to failures due to the absence of electrical conversion of the optical signal and the cost of the optical monitoring equipment. Some work has been presented on attack location but it was limited to some network components. We have proposed an algorithm denoted by Transparent Failure Location algorithm (TFLA) that is able to locate fault and attacks in transparent networks. This algorithm is able to cope with future components of transparent optical networks including optical regenerators and wavelength converters. Some simulations results on the PanEuropean Network have been shown. The work was focused on a specific transparent ring between Barcelona, Madrid, Bordeaux, Paris and Lyon utilizing amplifiers, OADMs, OXCs and 3R optical regenerators. Future work will optimize the TFLA to decrease the number of faulty candidates and exploit even more the physical vulnerabilities of transparent optical networks.

REFERENCES 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.

N. S. V. Rao. “Computational Complexity Issues in operative Diagnosis of graph-based systems ”, IEEE Transactions on Computers, 42(4). pp.447-457, April 1993 M. Medard, S. R. Chinn and P. Saengudomlert , "Node wrappers for QoS monitoring in transparent optical nodes", Journal of High Speed Networks, Vol. 10, 2001, pp. 247-268 C. Mas and P. Thiran “An efficient algorithm for locating soft and hard failures in WDM networks” JSAC Special Issue on protocols and architectures for next generation WDM optical networks, Vol. 18, Oct. 2000. M. Medard, S. R. Chinn and P. Saengudomlert, “Attack detection in all-optical networks”, Optical Fiber Communication Conference OFC’98 ThD4. J. K. Patel, S. U. Kim and D. H. Su “Modeling attack problems and protection schemes for all-optical transport networks” Optical Networks Magazine July/August 2002 pp.61-72 K. Mueller et al. “Application of amplitude histograms for quality of service measurements of optical channels and fault identification”, ECOC 98, Madrid, Spain 1998 I. Shake, H. Takara, S. Kawanishi and Y. Yamabayashi, “Optical signal quality monitoring method based on optical sampling” Electronic Letters, October 1998, Vol. 34, No.22, pp. 2152. San-Liang Lee; Ching-Tang Pien; Yu -Yi Hsu “Wavelength monitoring in DWDM networks using low cost semiconductor laser diode/amplifiers“ OFC’2000 , Vol. 2, pp: 168-170 vol.2 N. Hanik, A. Gladisch, C. Caspar and B. Strebel “Application of amplitude histograms to monitor performance of optical channels ” Electronics Letters Vol. 35, pp. 403, 1999. S. Ohteru and N. Takachio “Optical Signal quality monitor using direct Q-factor measurement” IEEE Photonics Technology Letters, Vol.11 pp.1307, 1999. R. Wiesmann, O. Bleck and H. Heppner “Cost-effective performance monitoring in WDM systems ” Fiber Communication Conference OFC 2000, Baltimore. J. Downie and D. Tebben “Performance monitoring of optical networks with synchronous and asynchronous sampling” Optical Fiber Communication Conference OFC2001. R. Habel, K. Roberts, A. Solheim and J. Harley “Optical domain performance monitoring” Optical Fiber Communication Conference OFC’2000 , Vol. 2 , Pp. 174 -175. S. K. Shin, K. J. Park and Y. C. Chung “A novel optical signal-to-noise ratio monitoring technique for WDM networks” Optical Fiber Communication Conference OFC’2000. R. Bergman, M. Medard and S. Chan “Distributed algorithms for attack localization in all-optical networks” Network and Distributed System Security Symposium 1998, Session 3, Paper 2. Sophie De Maesschalck , Christian Mauz, Didier Colle, Christoph Gauger, Tibor Cinkler, Francesco Matera, Branko Mikac, Robert Inkret, Dominic Schupke, “Reference Scenario for a Pan-European Network” COST 266 Report, August 2002