1. Field of the Invention
This invention relates generally to optical communication systems and, more particularly, to a multicasting optical system, characterized by high throughput and low latency network traffic, which deploys an optical signaling header propagating with the data payload to convey multicast, security and survival information, as well as information to configure a virtual optical private network.
2. Description of the Background
2.1 Overview of the Background
Recent research advances in optical Wavelength Division Multiplexing (WDM) technology have fostered the development of networks that are orders of magnitude higher in transmission bandwidth and lower in latency than existing commercial networks. While the increase in throughput and the decrease in latency are impressive, it is also necessary to provide multicasting capability combined with secure and survivable propagation as well as the capability to configure virtual optical private networks in order to realize the Next Generation Internet (NGI) vision of providing the next generation of ultra-high speed networks that can meet the requirements for supporting new applications, including national initiatives. Towards this end, current research efforts have focused on developing an ultra-low latency Internet Protocol (IP) over WDM optical packet switching technology that promises to deliver the four-fold goal of high throughput, low latency, secure and survivable networks, and optical virtual private networks. Such efforts, while promising, have yet to fully realize this four-fold goal.
The most relevant reference relating to achieving this four-fold goal is U.S. Pat. No. 6,111,673 issued to Chang and Yoo (hereinafter Chang) on Aug. 29, 2000, entitled xe2x80x9cHigh-Throughput, Low-Latency Next Generation Internet Networks Using Optical-Tag Switchingxe2x80x9d, and assigned to the same assignee as the present invention. As discussed in Chang, there are a number of challenging requirements in realizing IP/WDM networks of the type required for the NGI initiative. First, the NGI network must inter-operate with the existing Internet and avoid protocol conflicts. Second, the NGI network must provide not only ultra low-latency, but must take advantage of both packet-switched (that is, bursty) IP traffic and circuit-switched WDM networks. Third, the NGI network requires no synchronization between signaling and data payload. Finally, the NGI network must accommodate data traffic of various protocols and formats so that it is possible to transmit and receive IP as well as non-IP signals without the need for complicated synchronization or format conversion.
Chang devised a methodology and concomitant network that satisfy the above requirements. As discussed in Chang, the optical packet header is carried over the same wavelength as the packet payload data. This approach eliminates the issue of header and payload synchronization. Furthermore, with a suitable use of optical delay at each intermediate optical switch, the approach also eliminates the need to estimate the initial burst delay by incorporating the optical delay directly at the switches. This approach is strikingly difference with xe2x80x9cjust-in-timexe2x80x9d signaling in which the delay at each switch along the path needs to be known ahead of time and must be entered in the calculation for the total delay. Lastly, there is little time wasted in requesting a connection time and actually achieving a connection. In comparison to a few second delays over techniques prior to Chang, the delay is minimal, only limited by the actual hardware switching delays at each switch. The current switching technology realizes delays of only several microseconds, and shorter delays will be possible in the future. This short delay can be compensated for by using an optical fiber delay line at each network element (or, equivalently, a network node or, in short, a node) utilizing switches.
Chang utilizes a unique optical signaling header technique applicable to optical networks. Packet routing information is embedded in the same wavelength as the data payload so that both the header and data information propagate through the network with the same path and the associated delays. However, the header routing information has sufficiently different characteristics from the data payload so that the signaling header can be detected without being affected by the data payload and that the signaling header can also be stripped off without affecting the data payload. Such a unique signal routing method is overlaid onto the conventional network elements, in a modular manner, by adding two types of xe2x80x98Plug-and-Playxe2x80x99 modules.
As explicitly disclosed by Chang, a method for propagating a data payload from an input network element to an output network element in a wavelength division multiplexing system composed of a plurality of network elements, given that the data payload has a given format and protocol, includes the following steps: (a) generating and storing a local routing table in each of the network elements, each local routing table determining a local route through the associated one of the network elements; (b) adding an optical header to the data payload and embedded in the same wavelength as the data payload prior to inputting the data payload to the input network element, the header having a format and protocol and being indicative of the local route through each of the network elements for the data payload and the header, the format and protocol of the data payload being independent of the format and protocol of the header; (c) optically determining the header at each of the network elements as the data payload and header propagate through the WDM network; (d) selecting the local route for the data payload and the header through each of the network elements as determined by looking up the header in the corresponding local routing table; and (e) routing the data payload and the header through each of the network elements in correspondence to the selected route.
As further explicitly disclosed by Chang, the overall system is arranged in combination with (a) an electrical layer; and (b) an optical layer composed of a wavelength division multiplexing (WDM) network including a plurality of network elements, for propagating a data payload generated by a source in the electrical layer and destined for a destination in the electrical layer, the data payload having a given format and protocol. The system includes: (i) a first type of optical header module, coupling the source in the optical layer and the WDM network, for adding an optical header ahead of the data payload and embedded in the same wavelength as the data payload prior to inputting the data payload to the WDM network, the header being indicative of a local route through the network elements for the data payload and the header, the format and protocol of the data payload being independent of those of the header; and (ii) a second type of optical header module, appended to each of the network elements, for storing a local routing table in a corresponding one of the network elements, each local routing table determining a routing path through the corresponding one of the network elements, for optically determining the header at the corresponding one of the network elements as the data payload and header propagate over the WDM network, for selecting the local route for the data payload and the header through the corresponding one of the network elements as determined by looking up the header in the corresponding local routing table, and for routing the data payload and the header through the corresponding one of the network elements in correspondence to the selected route.
Chang offers numerous features and benefits including: (1) extremely low latency limited only by hardware delays; (2) high throughput and bandwidth-on-demand offered by combining multi-wavelength networking and optical label switching; (3) priority based routing which allows higher throughput for higher priority datagrams or packets; (4) scalable and modular upgrades of the network from the conventional WDM to the inventive optical label-switched WDM; (5) effective routing of long datagrams, consecutive packets, and even non-consecutive packets; (6) cost-effective utilization of optical components such as multiplexers and fibers; (7) interoperability in a multi-vendor environment; (8) graceful and step-by-step upgrades of network elements; (9) transparent support of data of any format and any protocol; and (10) high quality-of-service communications.
While Chang has contributed a significant advance to the optical communications art, there are no teachings or suggestions pertaining to techniques for optically multicasting information through the disclosed NGI network. This limitation is inherent because the optical switch disclosed in Chang is conventional in the general sense that each optical signal arriving at an input port of the optical switch is switched to a single output port. This is evident by referring to FIG. 6 of Chang (also shown as FIG. 6 herein, but with the terminology xe2x80x9ctag-switch statexe2x80x9d (reference numeral 611) replaced by xe2x80x9clabel-switch statexe2x80x9d which will also be used in the sequel), wherein optical switch 601 is shown as being 1:1, that is, each input signal composed of both the header and the payload (e.g., the optical signal propagating on input path 6022 and arriving at port 510) is switched to a single output port (e.g., port 511) to deliver the input optical signal as an output signal (e.g., the output signal propagating on path 604).
Moreover, Chang teaches that a header is added to each packet incoming to the NGI network at an input node, and that this header is parsed to determine the route through each intermediate node of the network. This is evident with reference, initially, to FIG. 9 (also shown as FIG. 9 herein) of Chang which depicts circuitry for detecting the header, shown as appearing on lead 902xe2x80x94the signal on lead 902 conveys routing information. An example of routing information contained in the header is bit stream xe2x80x9811101011000xe2x80x99 shown by reference numeral 615 of FIG. 6. This bit stream is compared to the xe2x80x9clabel-switch statexe2x80x9d entry in table 610 of FIG. 6 to determine the local route through optical switch 601 of FIG. 6 (namely, the route from input port 01 to output port 11). It is clear from a detailed review of Chang that each header can convey only a single label-switch state, that is, each header is incapable of providing multiple label-switch states as part of the header information. Moreover, the sole header is never overwritten or swapped, that is, deleted and replaced, nor is there any teaching relevant to appending a new header to the original header, such new header being used further downstream to provide routing information. Thus Chang is devoid of teachings that are generally necessary for multicasting, or for responding to dynamic changes occurring within the network, such as an outage of a network node.
In addition, there are no teachings or suggestions in Chang to render an optical multicast network both secure and survivable. There is a growing need within the NGI to attain fast, secure, and simultaneous communications among communities of interest (e.g., a group of nations) or with different security requirements. Thus, Chang has not provided the techniques nor circuitry necessary to engender a secure optical multicast network for high capacity, resilient optical backbone transport networks where information, in units of per flow, per burst, or per packet, can be distributed securely according to assigned security levels and multicast addresses in the optical domain independent of data payload and protocols. With such a network, in accordance with the present invention, there is the opportunity for a quantum leap in cutting edge communications technologies into an environment of ever changing coalitions among nations or communities of interest armed with different policies, priorities, ethnic interest, and procedures. The subject matter in accordance with the present invention significantly enhances the capabilities of optical multicast networks well beyond what is available with current approaches. A secure optical layer multicast (SOLM) mechanisms fosters a secure resilient optical multicast network (SROMN). Accordingly, a coalition, composed of members with multiple security levels, can be established quickly, within seconds or minutes, and can distribute information simultaneously, according to multicast addresses, to each member in the coalition with different security levelsxe2x80x94in effect, engendering the dynamic set-up of a virtual private network with a hierarchy of security levels.
2.2 Background Specific to Header Processing
As alluded to above, there is an issue of how to effectively provide multiple headers or, equivalently, a header composed of multiple sub-headers conveying multicasting information. Moreover, there is an additional issue of how to detect and/or re-insert a header which is combined with a data payload for propagation over the network using the same optical wavelength.
The primary focus in the literature has been on a technique for combining sub-carrier headers together with a baseband data payload. Initially, this was accomplished in the electrical domain where sub-carriers where combined with the data payload. One version of this technique combined a 2.56 Gb/s data payload with a 40 Mb/s header on 3 GHz carrier, and another version of this technique combined a 2.488 Gb/s data payload with a tunable microwave pilot tone (tuned between 2.520 and 2.690 GHz) to route SONET packet in a VDM ring network via acousto-optical tunable. Both techniques used a single laser diode to carry the data payload and sub-carrier header. A variation of this technique has also been studied for use in a local-area DWDM optical packet-switched network, and several other all-optical networks.
Instead of combing a sub-carrier headers with the data payload in the electrical domain, they have also been combined in the optical domain by using two laser diodes at different wavelengths. However, using two wavelengths to transport data payload and header separately may not be practical in the following sense: in an all-optical DWDM network, it is preferred that the header, which may contain network operations information, travels along the same routes as data payload so that it can truthfully report the updated status of the data payload. If the header and the data payload were carried by different wavelengths, they could be routed in the network with entirely different paths, and the header may not report what the data payload has really experienced. Therefore, although it is preferred that the sub-carrier header and the data payload be carried by the same wavelength, the art is devoid of such teachings and suggestions.
The sub-carrier pilot-tone concept was later extended to multiple pilot tones, mainly for the purpose of increasing the number of network addresses.
Recently, consideration has been given to xe2x80x98header replacementxe2x80x99 for the high-throughput operation in a packet-switched network in which data paths change due to link outages, output-port contention, and variable traffic patterns. Moreover, header replacement could be useful for maintaining protocol compatibility at gateways between different networks. However, the only method which has been reported is for time-division-multiplexed header and data payload requires an extremely high accuracy of timing synchronization among network nodes.
Most recently, Blumenthal et al., in an article entitled xe2x80x9cWDM Optical Label Switching with Packet-Rate Wavelength Conversion and Subcarrier Multiplexed Addressingxe2x80x9d, OFC 1999, Conference Digest, pages 162-164, report experimental results of all-optical IP label switching for WDM switched networks. However, the experimental system is a non-burst system and, moreover, no propagation of the resultant signal over actual fiber is discussed. It is anticipated that the propagation distance will be substantially limited whenever the system is deployed with optical fiber because of phase dispersion effects in the optical fiber.
From this foregoing discussion of the art pertaining to details of header generation and detection, it is readily understood that the art is devoid of teachings and suggestions wherein sub-carrier multiplexed packet data payload and multiple sub-carrier headers (including old and new ones) are deployed so that a  greater than 2.5 Gbps IP packet can be routed through a national all-optical multicast WDM network by the (successive) guidance of these sub-carrier headers, with the total number of sub-carrier headers that can be written is in the range of forty or more. Moreover, there are no teachings or suggestions of how to utilize the multiple sub-carriers to convey multicasting information.
2.3 Background Specific to Security and Survivability
A. Possible xe2x80x9cAttackxe2x80x9d Methods
New forms of Optical Layer Survivability and Security (OLSAS) are essential to counter signal misdirection, eavesdropping (signal interception), and denial of service (including jamming) attacks that can be applied to currently deployed and future optical networks. The signal misdirection scenario can be thought of as a consequence of an enemy taking control of a network element or a signaling (control) channel. Possible optical eavesdropping (signal interception) methods can include (i) non-destructive fiber tapping, (ii) client layer tapping, and (iii) non-linear mixing. (Destructive fiber tapping is also a possibility, but this scheme is readily detectable by monitoring power on individual channels.) A description of each of these methods is now summarized:
(i) Non-destructive fiber tapping can be the result of: (a) fiber bending resulting in 1-10% of the optical signal (all wavelengths if a WDM system are used) being emitted out of the fiber cladding and being gathered and amplified by an eavesdropper; (b) fiber-side fusion involving stripping the fiber cladding and fusing two fiber cores together as another way to perform signal interception (note that this is an extremely difficult technique to implement); (c) acousto-optic diffraction involving placing acousto-optic devices on the fiber, which results in the leakage of 1-10% of the optical signal (all wavelengths) outside the fiber cladding. There are three examples of non-destructive fiber tapping, as follows:
(ii) Client layer tapping is the result of measuring the non-zero residuals of other channels by the switches of the multiplexers/demultiplexers. When the signal goes through the optical switches, part of the optical signal that is not dropped at the client layer will appear at the client interface. Even though this signal will have very low power levels, in many instances it can result in recognizable information.
(iii) Non-linear mixing involves sending a high-power pump wave to achieve, for example, four-wave-mixing and in turn map all channels to different wavelengths that are monitored by a malicious user. This technique requires phase matching at dispersion zero wavelength on the fiber.
Finally, denial of service can be the result of a variety of attacks. Some of these attacks include using a high-intensity saturating source, a UV bleach, or a frequency chirped source to jam the optical signal.
B. Comparison With Other Approaches
The three approaches that are currently used to perform encryption of the electronic data in the optical layer are the following: (i) chaotic optical encryption; (ii) quantum optical encryption; and (iii) optical spread spectrum encryption. All three schemes can be used underneath the electronic encryption layer to protect the information from possible attacks.
(i) Chaotic Optical Encryption
The chaotic optical encryption technique uses what is called xe2x80x9cchaotic systemsxe2x80x9d as the optical encryption method. These are single wavelength chaotic synchronous fiber lasing systems that use amplitude or frequency modulation to introduce a xe2x80x9cchaotic statexe2x80x9d in the network. The information transmitted through the network is encoded onto chaos at the transmitter side and decoded at the receiver side. This is accomplished by using a synchronized xe2x80x9cchaotic statexe2x80x9d at the receiving end in order to xe2x80x9cde-encryptxe2x80x9d the original optical signal. Communication methods using chaotic lasers have been demonstrated, with a representative reference being C. Lee, J. Lee, D. Williams, xe2x80x9cSecure Communications Using Chaosxe2x80x9d, Globecom 1995. These schemes utilize a relatively small message embedded in the larger chaotic carrier that is transmitted to a receiver system where the message is recovered from the chaos. The chaotic optical source and receiver are nearly identical, so that the two chaotic behaviors can synchronize. There are a number of shortcomings for this method, which the technique in accordance with the present invention overcomes.
First, the chaotic behaviors are highly susceptible to changes in the initial conditions. The probability for the receiving end chaotic laser to synchronize its chaotic behavior gets much smaller as the initial conditions wander. For instance, if the two chaotic lasers drift in their relative cavity length due to changes in the ambient, the probability of synchronization drops very rapidly. Hence, multiple receiving users must all synchronize the path length of their lasers. The situation becomes more complex for WDM networks deployed in the field, since cross-modulations in polarization, phase, and amplitude between multiple channels are bound to alter the initial conditions seen by the receiving users. In fact, nonlinear optical effects such as self-phase-modulation will even alter the spectrum of the chaotic carrier. It is difficult to expect such synchronization to be successful for every packet in multiwavelength optical networks. Previously it has been shown with optical network elements equipped with clamped erbium-doped fiber amplifiers (EDFAs) and Channel Power Equalizers (CPEs), lasing in the closed cycles does affect transport characteristics of other wavelength channels, even if it does not saturate the EDFAs. Chaotic oscillations in a transparent optical network due to lasing effect in a closed cycle have been observed. They are attributed to the operation of multiple channel power equalizers within the optical ring. The presence of unstable ring lasers can cause power penalties to other wavelength channels through EDFA gain fluctuation, even though these EDFAs are gain clamped. It has also been found that the closed cycle lasing does not saturate the gain clamped EDFAs in the cycle because the lasing power is regulated by the CPEs. This observation and analysis have significant impacts on the design and operation of network elements in transparent WDM networks.
Second, the noise and the chaotic behaviors are highly frequency dependent. Such a chaotic method, even if it works well for one particular data format, cannot work well for a wide range of data formats.
Third, the accommodation of chaotic optical carrier is made at the expense of useful signal bandwidth, network coverage, and network capacity. To enhance the probability of synchronization, the chaotic optical carrier must possess reasonably high optical power and consequently sacrifices the power available for the data. A simple signal-to-noise argument leads us to the conclusion that the network capacity and network reach will significantly drop due to excessive power in the chaotic carrier.
Fourth, the network must agree on a fixed configuration of the chaotic lasers for both transmitters and receivers. Once the eavesdropper acquires or learns this information, the entire network will be open to this eavesdropper. The method in accordance with the present invention, on the other hand, can vary the security coding from packet to packet for every wavelength channel.
(ii) Quantum Optical Encryption
The second method applies optical encryption at the quantum level by using the state of photons (e.g., polarization of the photons) to detect a security breach. The main idea behind this approach is the encoding of the information in a string of randomly chosen states of single photons. Anyone trying to eavesdrop by tapping part of the light must perform a measurement on the quantum state, thus modifying the state of the light. This modification of the state of the photons can then be used to detect a security breach. A representative reference pertaining to this subject matter is C. Bennett et al., xe2x80x9cExperimental Quantum Cryptographyxe2x80x9d, Journal of Cryptology, Vol. 5, No. 3, 1992. One of the fundamental problems of this technique is that it is slow (data rates of only a few Mb/sec can be accommodated) and it can only be applied to communications that span short distances (a few Km). Furthermore, when the optical signal travels relatively long distances, the polarization of the photons may change (even if polarization dispersion fiber is used). This will generate a false alarm. Finally, another problem that arises is whether an attack (security breach) may be carried out that will be undetectable to the parties involved in the secure communication (i.e., the polarization of the photons does not change when an eavesdropper taps part of the light).
(iii) Spread Spectrum Techniques in Optical Domain
The third approach uses the spread spectrum technique to distribute the information packets to a number of different wavelengths. The section that follows tries to identify how this new technique compares to the classical spread spectrum techniques that are currently being used to provide security in mobile systems.
Spread spectrum communication was originated 60 years ago; the main purpose then was to protect military communication signals against jamming. In that scheme, frequency hopping and frequency agile multiple access (FDMA) techniques were employed. Later on, CDMA (code-division multiple access) and SDMA (space-division multiple access) were developed to enhance the communication channel capacity and performance.
The CDMA method can increase the channel capacity by almost 10-fold over other access methods, but it is sensitive to both terrestrial signal interference and the noise added in-band by the simultaneous presence of multiple users. Thus, transmitter power control and forward error control (FEC) adjustment is very crucial to the performance of CDMA systems. These systems operate with low bit error rate (B ER) (10xe2x88x923 is a typical number) and low data rates (on the order of Kbps).
The inventive OLSAS multicast mechanism combines all three approaches employed in the RF domain, namely, frequency hopping and frequency division multiple access (FDMA), CDMA, and SDMA. Rather than increasing the system access capacity at the expense of adding noise in the signal band, a different view of the performance and bandwidth/capacity management in dense WDM optical networks is taken. The abundant bandwidth provided by the WDM optical cross-connects with more wavelengths (e.g., 128) at higher bit rates (10 Gb/s) is traded for each fiber port.
From this foregoing discussion of the art pertaining to details of secure and survivable communications, it is readily understood that the art is devoid of teachings and suggestions wherein sub-carrier multiplexed packet data payload and multiple sub-carrier headers (including old and new ones) are deployed so that a  greater than 2.5 Gbps IP packet can be routed through a national all-optical multicast VVDM network by the (successive) guidance of these sub-carrier headers, with the total number of sub-carrier headers that can be written is in the range of forty or more, to therefore foster a secure and survivable network.
These and other shortcomings and limitations of the prior art are obviated, in accordance with the present invention, by a methodology and concomitant circuitry for multicasting an input data payload received from a source over an optical network to a plurality of destinations by supplying appropriate multicasting information as part of the header information.
In accordance with a broad system aspect of the present invention, a A system for multicasting a data payload through an optical network composed of a plurality of nodes interconnected by links wherein a given one of the nodes multicasts over two outgoing links, the data payload having a given format and protocol, the system includes (a) a route generator for generating and storing a local routing look-up table in each of the nodes, each local look-up table listing local addresses for determining alternative local routes through each of the nodes; (b) an adder for adding two headers to the data payload with each of the headers being embedded in the same wavelength as the data payload prior to inputting the data payload at an input one of the nodes to produce an optical signal, each of the headers having a format and protocol and conveying multicast information indicative a local route through the given node for the data payload and the headers, the format and protocol of the data payload being independent of the format and protocol of the headers; (c) a detector for detecting the multicast information at the given one of the nodes to determine two switch control signals with reference to the multicast information as the data payload and the headers propagate through the optical network; (d) an optical splitter for splitting the optical signal into two split optical signals; (e) a selector for selecting two local routes through the given one of the nodes in correspondence to the two switch control signals; (f) an optical switch having input ports and output ports wherein one of the split optical signals couples to a first input port and the second of the split optical signals couples to a second input port, and wherein one of the outgoing links couples to a first output port and the second of the outgoing links couples to a second output port; and (g) a switch controller, coupled to the optical switch and responsive to the two switch control signals, for switching the optical switch in response to the multicast information to optically couple the first input port with the first output port and the second input port with the second output port,
wherein the headers are conveyed by a single sideband signal occupying a given frequency band above the data payload, the detector further comprising (i) an opto-electrical converter for converting the optical signal to detect the headers, and (ii) a processor, coupled to opto-electrical converter, for processing the headers to detect the multicast information, the system further comprising (1) an optical notch filter for filtering the optical signal with a reflective part of the notch filter to delete the headers and recover the data payload, and (2) means, coupled to the notch filter, for inserting new single-sideband headers at the given frequency band into the optical signal in place of the deleted headers.