1. Field of the Invention
This invention relates generally to optical communication systems and, more particularly, to a multicasting optical system, characterized by high throughput and low latency network traffic, which deploys an optical signaling header propagating with the data payload to convey multicast, security and survival information, as well as information to configure a virtual optical private network.
2. Description of the Background
2.1 Overview of the Background
Recent research advances in optical Wavelength Division Multiplexing (WDM) technology have fostered the development of networks that are orders of magnitude higher in transmission bandwidth and lower in latency than existing commercial networks. While the increase in throughput and the decrease in latency are impressive, it is also necessary to provide multicasting capability combined with secure and survivable propagation as well as the capability to configure virtual optical private networks in order to realize the Next Generation Internet (NGI) vision of providing the next generation of ultra-high speed networks that can meet the requirements for supporting new applications, including national initiatives. Towards this end, current research efforts have focused on developing an ultra-low latency Internet Protocol (IP) over WDM optical packet switching technology that promises to deliver the four-fold goal of high throughput, low latency, secure and survivable networks, and optical virtual private networks. Such efforts, while promising, have yet to fully realize this four-fold goal.
The most relevant reference relating to achieving this four-fold goal is U.S. Pat. No. 6,111,673 issued to Chang and Yoo (hereinafter Chang) on Aug. 29, 2000, entitled “High-Throughput, Low-Latency Next Generation Internet Networks Using Optical-Tag Switching”, and assigned to the same assignee as the present invention. As discussed in Chang, there are a number of challenging requirements in realizing IP/WDM networks of the type required for the NGI initiative. First, the NGI network must inter-operate with the existing Internet and avoid protocol conflicts. Second, the NGI network must provide not only ultra low-latency, but must take advantage of both packet-switched (that is, bursty) IP traffic and circuit-switched WDM networks. Third, the NGI network requires no synchronization between signaling and data payload. Finally, the NGI network must accommodate data traffic of various protocols and formats so that it is possible to transmit and receive IP as well as non-IP signals without the need for complicated synchronization or format conversion.
Chang devised a methodology and concomitant network that satisfy the above requirements. As discussed in Chang, the optical packet header is carried over the same wavelength as the packet payload data. This approach eliminates the issue of header and payload synchronization. Furthermore, with a suitable use of optical delay at each intermediate optical switch, the approach also eliminates the need to estimate the initial burst delay by incorporating the optical delay directly at the switches. This approach is strikingly difference with “just-in-time” signaling in which the delay at each switch along the path needs to be known ahead of time and must be entered in the calculation for the total delay. Lastly, there is little time wasted in requesting a connection time and actually achieving a connection. In comparison to a few second delays over techniques prior to Chang, the delay is minimal, only limited by the actual hardware switching delays at each switch. The current switching technology realizes delays of only several microseconds, and shorter delays will be possible in the future. This short delay can be compensated for by using an optical fiber delay line at each network element (or, equivalently, a network node or, in short, a node) utilizing switches.
Chang utilizes a unique optical signaling header technique applicable to optical networks. Packet routing information is embedded in the same wavelength as the data payload so that both the header and data information propagate through the network with the same path and the associated delays. However, the header routing information has sufficiently different characteristics from the data payload so that the signaling header can be detected without being affected by the data payload and that the signaling header can also be stripped off without affecting the data payload. Such a unique signal routing method is overlaid onto the conventional network elements, in a modular manner, by adding two types of ‘Plug-and-Play’ modules.
As explicitly disclosed by Chang, a method for propagating a data payload from an input network element to an output network element in a wavelength division multiplexing system composed of a plurality of network elements, given that the data payload has a given format and protocol, includes the following steps: (a) generating and storing a local routing table in each of the network elements, each local routing table determining a local route through the associated one of the network elements; (b) adding an optical header to the data payload and embedded in the same wavelength as the data payload prior to inputting the data payload to the input network element, the header having a format and protocol and being indicative of the local route through each of the network elements for the data payload and the header, the format and protocol of the data payload being independent of the format and protocol of the header; (c) optically determining the header at each of the network elements as the data payload and header propagate through the WDM network; (d) selecting the local route for the data payload and the header through each of the network elements as determined by looking up the header in the corresponding local routing table; and (e) routing the data payload and the header through each of the network elements in correspondence to the selected route.
As further explicitly disclosed by Chang, the overall system is arranged in combination with (a) an electrical layer; and (b) an optical layer composed of a wavelength division multiplexing (WDM) network including a plurality of network elements, for propagating a data payload generated by a source in the electrical layer and destined for a destination in the electrical layer, the data payload having a given format and protocol. The system includes: (i) a first type of optical header module, coupling the source in the optical layer and the WDM network, for adding an optical header ahead of the data payload and embedded in the same wavelength as the data payload prior to inputting the data payload to the WDM network, the header being indicative of a local route through the network elements for the data payload and the header, the format and protocol of the data payload being independent of those of the header; and (ii) a second type of optical header module, appended to each of the network elements, for storing a local routing table in a corresponding one of the network elements, each local routing table determining a routing path through the corresponding one of the network elements, for optically determining the header at the corresponding one of the network elements as the data payload and header propagate over the WDM network, for selecting the local route for the data payload and the header through the corresponding one of the network elements as determined by looking up the header in the corresponding local routing table, and for routing the data payload and the header through the corresponding one of the network elements in correspondence to the selected route.
Chang offers numerous features and benefits including: (1) extremely low latency limited only by hardware delays; (2) high throughput and bandwidth-on-demand offered by combining multi-wavelength networking and optical label switching; (3) priority based routing which allows higher throughput for higher priority datagrams or packets; (4) scalable and modular upgrades of the network from the conventional WDM to the inventive optical label-switched WDM; (5) effective routing of long datagrams, consecutive packets, and even non-consecutive packets; (6) cost-effective utilization of optical components such as multiplexers and fibers; (7) interoperability in a multi-vendor environment; (8) graceful and step-by-step upgrades of network elements; (9) transparent support of data of any format and any protocol; and (10) high quality-of-service communications.
While Chang has contributed a significant advance to the optical communications art, there are no teachings or suggestions pertaining to techniques for optically multicasting information through the disclosed NGI network. This limitation is inherent because the optical switch disclosed in Chang is conventional in the general sense that each optical signal arriving at an input port of the optical switch is switched to a single output port. This is evident by referring to FIG. 6 of Chang (also shown as FIG. 6 herein, but with the terminology “tag-switch state” (reference numeral 611) replaced by “label-switch state” which will also be used in the sequel), wherein optical switch 601 is shown as being 1:1, that is, each input signal composed of both the header and the payload (e.g., the optical signal propagating on input path 6022 and arriving at port 510) is switched to a single output port (e.g., port 511) to deliver the input optical signal as an output signal (e.g., the output signal propagating on path 604).
Moreover, Chang teaches that a header is added to each packet incoming to the NGI network at an input node, and that this header is parsed to determine the route through each intermediate node of the network. This is evident with reference, initially, to FIG. 9 (also shown as FIG. 9 herein) of Chang which depicts circuitry for detecting the header shown as appearing on lead 902—the signal on lead 902 conveys routing information. An example of routing information contained in the header is bit stream ‘11101011000’ shown by reference numeral 615 of FIG. 6. This bit stream is compared to the “label-switch state” entry in table 610 of FIG. 6 to determine the local route through optical switch 601 of FIG. 6 (namely, the route from input port 01 to output port 11). It is clear from a detailed review of Chang that each header can convey only a single label-switch state, that is, each header is incapable of providing multiple label-switch states as part of the header information. Moreover, the sole header is never overwritten or swapped, that is, deleted and replaced, nor is there any teaching relevant to appending a new header to the original header, such new header being used further downstream to provide routing information. Thus Chang is devoid of teachings that are generally necessary for multicasting, or for responding to dynamic changes occurring within the network, such as an outage of a network node.
In addition, there are no teachings or suggestions in Chang to render an optical multicast network both secure and survivable. There is a growing need within the NGI to attain fast, secure, and simultaneous communications among communities of interest (e.g., a group of nations) or with different security requirements. Thus, Chang has not provided the techniques nor circuitry necessary to engender a secure optical multicast network for high capacity, resilient optical backbone transport networks where information, in units of per flow, per burst, or per packet, can be distributed securely according to assigned security levels and multicast addresses in the optical domain independent of data payload and protocols. With such a network, in accordance with the present invention, there is the opportunity for a quantum leap in cutting edge communications technologies into an environment of ever changing coalitions among nations or communities of interest armed with different policies, priorities, ethnic interest, and procedures. The subject matter in accordance with the present invention significantly enhances the capabilities of optical multicast networks well beyond what is available with current approaches. A secure optical layer multicast (SOLM) mechanisms fosters a secure resilient optical multicast network (SROMN). Accordingly, a coalition, composed of members with multiple security levels, can be established quickly, within seconds or minutes, and can distribute information simultaneously, according to multicast addresses, to each member in the coalition with different security levels—in effect, engendering the dynamic set-up of a virtual private network with a hierarchy of security levels.
2.2 Background Specific to Header Processing
As alluded to above, there is an issue of how to effectively provide multiple headers or, equivalently, a header composed of multiple sub-headers conveying multicasting information. Moreover, there is an additional issue of how to detect and/or re-insert a header which is combined with a data payload for propagation over the network using the same optical wavelength.
The primary focus in the literature has been on a technique for combining sub-carrier headers together with a baseband data payload. Initially, this was accomplished in the electrical domain where sub-carriers where combined with the data payload. One version of this technique combined a 2.56 Gb/s data payload with a 40 Mb/s header on 3 GHz carrier, and another version of this technique combined a 2.488 Gb/s data payload with a tunable microwave pilot tone (tuned between 2.520 and 2.690 GHz) to route SONET packet in a WDM ring network via acousto-optical tunable. Both techniques used a single laser diode to carry the data payload and sub-carrier header. A variation of this technique has also been studied for use in a local-area DWDM optical packet-switched network, and several other all-optical networks.
Instead of combing a sub-carrier headers with the data payload in the electrical domain, they have also been combined in the optical domain by using two laser diodes at different wavelengths. However, using two wavelengths to transport data payload and header separately may not be practical in the following sense; in an all-optical DWDM network, it is preferred that the header, which may contain network operations information, travels along the same routes as data payload so that it can truthfully report the updated status of the data payload. If the header and the data payload were carried by different wavelengths, they could be routed in the network with entirely different paths, and the header may not report what the data payload has really experienced. Therefore, although it is preferred that the sub-carrier header and the data payload be carried by the same wavelength, the art is devoid of such teachings and suggestions.
The sub-carrier pilot-tone concept was later extended to multiple pilot tones, mainly for the purpose of increasing the number of network addresses.
Recently, consideration has been given to ‘header replacement’ for the high-throughput operation in a packet-switched network in which data paths change due to link outages, output-port contention, and variable traffic patterns. Moreover, header replacement could be useful for maintaining protocol compatibility at gateways between different networks. However, the only method which has been reported is for time-division-multiplexed header and data payload requires an extremely high accuracy of timing synchronization among network nodes.
Most recently, Blumenthal et al., in an article entitled “WDM Optical and Subcarrier Multiplexed Addressing”, OFC 1999, Conference Digest, pages 162-164, report experimental results of all-optical IP label switching for WDM switched networks. However, the experimental system is a non-burst system and, moreover, no propagation of the resultant signal over actual fiber is discussed. It is anticipated that the propagation distance will be substantially limited whenever the system is deployed with optical fiber because of phase dispersion effects in the optical fiber.
From this foregoing discussion of the art pertaining to details of header generation and detection, it is readily understood that the art is devoid of teachings and suggestions wherein sub-carrier multiplexed packet data payload and multiple sub-carrier headers (including old and new ones) are deployed so that a >2.5 Gbps IP packet can be routed through a national all-optical multi cast WDM network by the (successive) guidance of these sub-carrier headers, with the total number of sub-carrier headers that can be written is in the range of forty or more. Moreover, there are no teachings or suggestions of how to utilize the multiple sub-carriers to convey multicasting information.
2.3 Background Specific to Security and Survivability
A. Possible “Attack” Methods
New forms of Optical Layer Survivability and Security (OLSAS) are essential to counter signal misdirection, eavesdropping (signal interception), and denial of service (including jamming) attacks that can be applied to currently deployed and future optical networks. The signal misdirection scenario can be thought of as a consequence of an enemy taking control of a network element or a signaling (control) channel. Possible optical eavesdropping (signal interception) methods can include (i) non-destructive fiber tapping, (ii) client layer tapping, and (iii) non-linear mixing. (Destructive fiber tapping is also a possibility, but this scheme is readily detectable by monitoring power on individual channels.) A description of each of these methods is now summarized:
(i) Non-destructive fiber tapping can be the result of: (a) fiber bending resulting in 1-10% of the optical signal (all wavelengths if a WDM system are used) being emitted out of the fiber cladding and being gathered and amplified by an eavesdropper; (b) fiber-side fusion involving stripping the fiber cladding and fusing two fiber cores together as another way to perform signal interception (not that this is an extremely difficult technique to implement); (c) acousto-optic diffraction involving placing acousto-optic devices on the fiber, which results in the leakage of 1-10% of the optical signal (all wavelengths) outside the fiber cladding. There are three examples of non-destructive fiber tapping, as follows:
(ii) Client layer tapping is the result of measuring the non-zero residuals of other channels by the switches of the multiplexers/demultiplexers. When the signal goes through the optical switches, part of the optical signal that is not dropped at the client layer will appear at the client interface. Even though this signal will have very low power levels, in many instances it can result in recognizable information.
(iii) Non-linear mixing involves sending a high-power pump wave to achieve, for example, four-wave-mixing and in turn map all channels to different wavelengths that are monitored by a malicious user. This technique requires phase matching at dispersion zero wavelength on the fiber.
Finally, denial of service can be the result of a variety of attacks. Some of these attacks include using a high-intensity saturating source, a UV bleach, or a frequency chirped source to jam the optical signal.
B. Comparison With Other Approaches
The three approaches that are currently used to perform encryption of the electronic data in the optical layer are the following: (i) chaotic optical encryption; (ii) quantum optical encryption; and (iii) optical spread spectrum encryption. All three schemes can be used underneath the electronic encryption layer to protect the information from possible attacks.
(i) Chaotic Optical Encryption
The chaotic optical encryption technique uses what is called “chaotic systems” as the optical encryption method. These are single wavelength chaotic synchronous fiber lasing systems that use amplitude or frequency modulation to introduce a “chaotic state” in the network. The information transmitted through the network is encoded onto chaos at the transmitter side and decoded at the receiver side. This is accomplished by using a synchronized “chaotic state” at the receiving end in order to “de-encrypt” the original optical signal. Communication methods using chaotic lasers have been demonstrated, with a representative reference being C. Lee, J. Lee, D. Williams, “Secure Communications Using Chaos”, Globecom 1995. These schemes utilize a relatively small message embedded in the larger chaotic carrier that is transmitted to a receiver system where the message is recovered from the chaos. The chaotic optical source and receiver are nearly identical, so that the two chaotic behaviors can synchronize. There are a number of shortcomings for this method, which the technique in accordance with the present invention overcomes.
First, the chaotic behaviors are highly susceptible to changes in the initial conditions. The probability for the receiving end chaotic laser to synchronize its chaotic behavior gets much smaller as the initial conditions wander. For instance, if the two chaotic lasers drift in their relative cavity length due to changes in the ambient, the probability of synchronization drops very rapidly. Hence, multiple receiving users must all synchronize the path length of their lasers. The situation becomes more complex for WDM networks deployed in the field, since cross-modulations in polarization, phase, and amplitude between multiple channels are bound to alter the initial conditions seen by the receiving users. In fact, nonlinear optical effects such as self-phase-modulation will even alter the spectrum of the chaotic carrier. It is difficult to expect such synchronization to be successful for every packet in multiwavelength optical networks. Previously it has been shown with optical network elements equipped with clamped erbium-doped fiber amplifiers (EDFAs) and Channel Power Equalizers (CPEs), lasing in the closed cycles does affect transport characteristics of other wavelength channels, even if it does not saturate the EDFAs. Chaotic oscillations in a transparent optical network due to lasing effect in a closed cycle have been observed. They are attributed to the operation of multiple channel power equalizers within the optical ring. The presence of unstable ring lasers can cause power penalties to other wavelength channels through EDFA gain fluctuation, even though these EDFAs are gain clamped. It has also been found that the closed cycle lasing does not saturate the gain clamped EDFAs in the cycle because the lasing power is regulated by the CPEs. This observation and analysis have significant impacts on the design and operation of network elements in transparent WDM networks.
Second, the noise and the chaotic behaviors are highly frequency dependent. Such a chaotic method, even if it works well for one particular data format, cannot work well for a wide range of data formats.
Third, the accommodation of chaotic optical carrier is made at the expense of useful signal bandwidth, network coverage, and network capacity. To enhance the probability of synchronization, the chaotic optical carrier must possess reasonably high optical power and consequently sacrifices the power available for the data. A simple signal-to-noise argument leads us to the conclusion that the network capacity and network reach will significantly drop due to excessive power in the chaotic carrier.
Fourth, the network must agree on a fixed configuration of the chaotic lasers for both transmitters and receivers. Once the eavesdropper acquires or learns this information, the entire network will be open to this eavesdropper. The method in accordance with the present invention, on the other hand, can vary the security coding from packet to packet for every wavelength channel.
(ii) Quantum Optical Encryption
The second method applies optical encryption at the quantum level by using the state of photons (e.g., polarization of the photons) to detect a security breach. The main idea behind this approach is the encoding of the information in a string of randomly chosen states of single photons. Anyone trying to eavesdrop by tapping part of the light must perform a measurement on the quantum state, thus modifying the state of the light. This modification of the state of the photons can then be used to detect a security breach. A representative reference pertaining to this subject matter is C. Bennett et al., “Experimental Quantum Cryptography”, Journal of Cryptology, Vol. 5, No. 3, 1992. One of the fundamental problems of this technique is that it is slow (data rates of only a few Mb/sec can be accommodated) and it can only be applied to communications that span short distances (a few Km). Furthermore, when the optical signal travels relatively long distances, the polarization of the photons may change (even if polarization dispersion fiber is used). This will generate a false alarm. Finally, another problem that arises is whether an attack (security breach) may be carried out that will be undetectable to the parties involved in the secure communication (i.e., the polarization of the photons does not change when an eavesdropper taps part of the light).
(iii) Spread Spectrum Techniques in Optical Domain
The third approach uses the spread spectrum technique to distribute the information packets to a number of different wavelengths. The section that follows tries to identify how this new technique compares to the classical spread spectrum techniques that are currently being used to provide security in mobile systems.
Spread spectrum communication was originated 60 years ago; the main purpose then was to protect military communication signals against jamming. In that scheme, frequency hopping and frequency agile multiple access (FDMA) techniques were employed. Later on, CDMA (code-division multiple access) and SDMA (space-division multiple access) were developed to enhance the communication channel capacity and performance.
The CDMA method can increase the channel capacity by almost 10-fold over other access methods, but it is sensitive to both terrestrial signal interference and the noise added in-band by the simultaneous presence of multiple users. Thus, transmitter power control and forward error control (FEC) adjustment is very crucial to the performance of CDMA systems. These systems operate with low bit error rate (BER) (10−3 is a typical number) and low data rates (on the order of Kbps).
The inventive OLSAS multicast mechanism combines all three approaches employed in the RF domain, namely, frequency hopping and frequency division multiple access (FDMA), CDMA, and SDMA. Rather than increasing the system access capacity at the expense of adding noise in the signal band, a different view of the performance and bandwidth/capacity management in dense WDM optical networks is taken. The abundant bandwidth provided by the WDM optical cross-connects with more wavelengths (e.g., 128) at higher bit rates (10 Gb/s) is traded for each fiber port.
From this foregoing discussion of the art pertaining to details of secure and survivable communications, it is readily understood that the art is devoid of teachings and suggestions wherein sub-carrier multiplexed packet data payload and multiple sub-carrier headers (including old and new ones) are deployed so that a >2.5 Gbps IP packet can be routed through a national all-optical multicast WDM network by the (successive) guidance of these sub-carrier headers, with the total number of sub-carrier headers that can be written is in the range of forty or more, to therefore foster a secure and survivable network.