There are many known examples of communications network architectures which make use of shared medium communication between a transmitter and multiple receivers. Architectures include for example point-to-multipoint optical networks and wireless networks, in particular for (but not limited to) telecommunications access networks. Whilst these architectures have many problems in common, they are described here in the context of Passive Optical Networks (PON's) in general and Gigabit Ethernet PON's (GEPON's) in particular.
GEPON's have been proposed as a means of cost effectively providing fibre access to homes and businesses. In such a network, downstream traffic is broadcast to all nodes whereas a Time Division Multiple Access (TDMA) protocol is used to multiplex the upstream traffic onto the PON without collisions.
One significant problem with a GEPON is that all downstream traffic is broadcast and hence visible to all end-nodes, which are likely to be unrelated home or business customers. A security mechanism is required which can filter traffic at the end node in order that each customer will only receive traffic destined for his end-node.
A second problem with a GEPON is that, unlike a conventional Ethernet Access system based on point-to-point links, there are multiple customers associated with a single physical port at the headend. Thus, the headend Access Router or switch can no longer use physical port association as a means of differentiating customer traffic in order to enforce policies such as security, bandwidth allocation, access to particular traffic types, etc. A different mechanism for differentiating customers' traffic is therefore required.
One known approach to filtering downstream traffic destined for a specific Optical Network Unit (ONU) is to filter by MAC address. If each ONU has a single MAC address, and all Ethernet frames for that ONU use this address, then this provides the headend with a sufficient means of differentiation traffic for different customers. There are however several disadvantages to this approach. First, it is likely that the customer will have several Customer Premises Equipment (CPE) devices connected to a local network, each Ethernet device having its own distinct MAC address. Simple layer 2 bridging of traffic destined for these different CPE devices (e.g. PCs, Set Top Boxes etc) cannot therefore be used, forcing the use of a more complex solution such as layer 3 switching via a router. This solution is not however suitable for multicast traffic, such as multicast video, which uses a different multicast MAC address.
A second known approach to tackling the problem is to allow the ONU to use several MAC addresses for its CPE devices, with the ONU bridging the traffic destined for these CPE devices. This however can create significant security problems, as a CPE device such as a PC on one ONU could relatively easily impersonate a device on another ONU and hence steal traffic destined for that ONU. In addition, a PC or Set Top Box could “tune-in” to multicast video traffic purchased by another customer on the PON. Furthermore, a mechanism is required by which the list of MAC addresses to be passed through an ONU can be populated. In any practical system, this mechanism must be automatic and therefore adds further complexity in the ONU.
Both of the above approaches can work successfully if routing or security and multicast functions are built into the ONU, which is then owned and managed by the network provider. In such arrangements the ONU becomes a “trusted” device performing filtering and policing functions, together with other functions such as routing, Network Address Translation (NAT) etc as necessary, under the control of the network operator. This is however an expensive solution, and does not fit the commercial and perhaps regulatory requirements of many operators who require a minimal-functionality ONU capable of providing an inexpensive, simple and clear demarcation point at the edge of their network.