1. Field of the Invention
The present invention relates to packet switching in communication networks. More specifically, the present invention relates to a method and an apparatus for switching packets in an Ethernet passive optical network.
2. Related Art
In order to keep pace with increasing Internet traffic, optical fibers and optical transmission equipment have been widely deployed to substantially increase the capacity of backbone networks. However, this capacity increase in backbone networks has not been accompanied by a corresponding capacity increase in access networks. Therefore, even with broadband access solutions such as digital subscriber line (DSL) and cable modem (CM), the limited bandwidth offered by current access networks remains to be a severe bottleneck in delivering high bandwidth to end users.
Among the different technologies presently being developed, Ethernet passive optical networks (EPONs) are among the best candidates for next-generation access networks. EPONs combine ubiquitous Ethernet technology with inexpensive passive optics. They offer the simplicity and scalability of Ethernet with the cost-efficiency and high capacity of passive optics. Because of optical fiber's high bandwidth, EPONs can carry broadband voice, data, and video traffic simultaneously. Such integrated services are difficult to provide with DSL or CM technology. Furthermore, EPONs are more suitable for Internet Protocol (IP) traffic, because Ethernet frames can encapsulate native IP packets with different-sizes. In contrast, ATM passive optical networks (APONs) use fixed-size ATM cells and require packet fragmentation and reassembly.
Typically, EPONs reside in the “first mile” of the network, which provides connectivity between the service provider's central offices and business or residential subscribers. This first mile network is often a logical point-to-multipoint network, with a central office servicing a number of subscribers. In a typical tree-topology EPON, one fiber couples the central office to a passive optical coupler, which divides and distributes downstream optical signals to users (subscribers). The coupler also combines upstream signals from subscribers (see FIG. 1).
Transmissions in an EPON are typically between an optical line terminal (OLT) and optical networks units (ONUs) (see FIG. 2). The OLT generally resides in the central office and couples the optical access network to an external network (e.g., a carrier network). An ONU can be located either at the curb or at an end-user location, and can provide broadband voice, data, and video services. ONUs are typically coupled to a one-by-N (1×N) passive optical coupler, which is coupled to the OLT through a single optical link. (Note that a number of optical couplers can be cascaded.) This configuration can achieve significant savings in the number of fibers and amount of hardware.
Communications within an EPON are divided into downstream traffic (from OLT to ONUs) and upstream traffic (from ONUs to OLT). In the upstream direction, the ONUs share channel capacity and resources, since there is only one link coupling the passive optical coupler to the OLT. In the downstream direction, because of the broadcast nature of the 1×N passive optical coupler, packets are broadcast by the OLT to all ONUs and are subsequently extracted by their destination ONUs. Each network device is assigned a Logical Link ID (LLID), according to the IEEE 802.3ah standard. A downstream packet is first processed at the OLT, where the packet receives the LLID of its destination, and is then transmitted to the ONUs. Although a packet is broadcast to all the ONUs, only the ONUs with an LLID that matches the one with the packet is allowed to receive the packet. Therefore, the OLT switches packets by attaching proper LLIDs to the packets. Note that in certain cases where broadcast or multicast is desired, the OLT attaches a corresponding broadcast/multicast LLID to a downstream packet so that a number of ONUs are allowed to receive the packet.
One challenge in designing a secure and cost effective EPON is to reduce undesired broadcast packets. Undesired broadcast packets exist in an EPON because certain packets used for performing IP-layer functions (also called layer-three or L3 functions) are defined to be broadcast packets in the IP layer (such as address resolution protocol (ARP) packets or dynamic host configuration protocol (DHCP) packets). In a conventional EPON, an OLT generally is regarded as a layer-two (L2) device and is expected to be transparent to L3 functionalities. Hence, an L3 broadcast packet is typically broadcast to all the ONUs within an EPON by the OLT. This creates a security concern because different ONUs may accommodate different subscribers, and a malicious subscriber can breach the security in the IP layer by, for example, spoofing an IP address which belongs to another subscriber.
Hence, what is needed is a method and apparatus for reducing these security risks in an EPON.