A. Field of Art
This application relates generally to optical communications based on optical wavelength-division multiplexing (WDM), and in particular to systems and techniques for security at the optical (physical) layer of the Open Systems Interconnection (OSI) Seven Layer Model.
B. Description of Related Art
Optical WDM communication systems transmit multiple optical channels at different WDM carrier wavelengths through a single fiber. The infrastructures of many deployed optical fiber networks today are based on 10 Gb/s per channel. As the demand for higher transmission speeds increases, there is a need for optical networks at 40 Gb/s, 100 Gb/s or higher speeds per channel.
WDM networks transmit client traffic from multiple sources over an optical fiber network. The traffic is multiplexed on the fiber by transmitting each signal with a laser set at a different channel on the International Telecommunication Union (ITU) channel plan defined in Standard G.692. Optical filters designed to function according to the ITU channel plan are used to demultiplex the signals and thereby direct each signal to its designated receiver. These standard ITU channels are hereinafter referred to simply as “channels.”
Various forms of subchannel modulation have been proposed as a means to reduce the dispersion penalties associated with high bit rate transmission in optical fibers (see, eg, WO 2009/105281) and increase spectral efficiency (see, eg, U.S. Pat. No. 6,525,857). These “subchannels” (eg, subchannels of ITU channels) are typically generated by microwave modulators or comb generators with a single laser. Examples of optical comb generators are described in U.S. patent application Ser. No. 12/175,439, entitled “Optical Wavelength-Division Multiplexed (WDM) Comb Generator Using a Single Laser” and filed on Jul. 17, 2008, which is incorporated by reference herein. These subchannels are closely spaced relative to the source laser and are not independently tunable across a wide wavelength range, i.e. they are tuned in parallel as the source laser is tuned. Although an embodiment of one of the previously referenced patent applications (WO 2009/105281) proposes the use of more than one laser to generate the subchannels, such lasers are constrained to operate in parallel within a single ITU G.692 window.
Lower-rate subcarriers support a simplified upgrade of an installed DWDM network. For example, a legacy 2.5 Gb/s network may have transmitters with a reach of 600 km. When that network is upgraded to 10 Gb/s, dispersion compensators may have to be installed, since the reach of the 10 Gb/s transmitter may be only 80 km. Installing dispersion compensation and amplifiers to compensate for their loss can be very disruptive since operators may have to break the traffic multiple times and at multiple sites. If four subcarriers are used instead, with each subcarrier transmitting at 2.5 Gb/s to get 10 Gb/s composite bandwidth, they can have comparable dispersion-limited reach to the installed 2.5 Gb/s channels. The use of subcarriers therefore provides system operators with a means of upgrading an installed WDM network to increase the network capacity without having to change the dispersion map.
An improved implementation of subchannels (eg, using independently tunable lasers to generate independent subcarrier frequencies) is described in U.S. patent application Ser. No. 12/961,432, filed Dec. 6, 2010, entitled “Subchannel Photonic Routing, Switching and Protection with Simplified Upgrades of WDM Optical Networks,” which is hereby incorporated by reference in its entirety. This implementation not only increases bandwidth and spectral efficiency by enabling multiple client circuits to be assigned to respective subchannels of a single ITU channel, but also allows those client circuits to be divided and/or combined with one another and assigned independently to subchannels within and across ITU channels. Such flexibility enables various routing, switching, concatenation and protection capabilities that allow system designers to fully realize the benefit of increasing the number of available optical circuits in a single fiber.
FIG. 1A shows an embodiment of a currently deployed WDM subchannel muxponder 100a in which client traffic (eg, 1 to N discrete client signals) is mapped onto corresponding subchannels. Client traffic is connected via a short-reach fiber interface to client interface transceivers 110a. These are typically pluggable devices such as an XFP [a MSA standard], shown in client transceivers 110b in FIG. 1B, which may support one or more different client protocols (eg, Ethernet, SONET, Fibre Channel, etc). As will be discussed below in the context of the present invention, other standards (eg, SFP, CFP, etc) may also be employed separately or in combination.
After each optical signal is converted to an equivalent electrical signal, it can be processed digitally by FEC-SERDES block 120a to optionally (1) extract performance monitoring information, (2) add channel overhead for remote network management, and (3) encode the data for forward error correction.
In this embodiment, subcarrier multiplexing is employed (as described in U.S. Pat. No 6,525,857) to generate a group of subcarriers using a single laser (eg, via transceiver 140a) with a common wavelocker (λ-locker) 130a to maintain the stability of the subcarrier frequencies (subchannels). Subcarrier multiplexing would, of course, be unnecessary if only one client signal was supported per ITU channel. In other embodiments (as described in U.S. patent application Ser. No. 12/961,432), each subchannel can have its own independently tuned and modulated laser, and each subcarrier can carry independent protocols. Moreover, there are no restrictions at the transmit side on the frequency spacing between subchannels, and each subchannel can be transmitted in a different ITU channel, and received via a corresponding independently tuned filter on the receive side.
In this embodiment, optical modulators/demodulators 135a modulate the laser generated via transceiver 140a (at each subcarrier frequency/wavelength within a single ITU channel) to produce modulated laser beams that carry the information from the respective lower speed electronic signals 122a. As will be discussed below in the context of the present invention, modulation of each subchannel can be selectively chosen to be one of many different types of modulation, such as Optical DuoBinary, Non-return to Zero, Differential Quadrature Phase Shift Keying, etc. Moreover, in the event that multiple subcarriers (ie, subchannels) are employed, different modulation schemes may be utilized across subchannels.
In this embodiment, the modulated signals generated by transceiver 140a consists of 1 to N subchannels that are combined by multiplexer 150a and then transmitted onto the transmission fiber. The transmitted light signal can be combined with light signals from other WDM transponders/muxponders (containing client signals carried on additional ITU channels) onto a single transmission fiber via an optical multiplexer (not shown). In other embodiments, one or more lasers may be employed to generate virtually any number of subchannels (within or across ITU channels).
On the receive side, the optical signal is received from the transmission fiber, filtered into individual ITU channels (filters also not shown), with each ITU channel being demultiplexed (eg, via demultiplexer 160a) into separate subchannels that are then converted back into equivalent electrical signals 122a by the receive circuitry in transceiver 140a. Note that external means may be required to select the particular wavelength that is being dropped, though this filter function can be integrated onto the same line card (see, eg, U.S. Pat. No. 6,525,857). The electrical signal from the line receiver can be processed digitally by FEC-SERDES block 120a to optionally (1) extract performance monitoring information, (2) drop the channel overhead for remote network management, and (3) correct errors according to the Forward Error Correction (FEC) algorithm. The client signals are then returned to the client equipment via their respective client-side transceivers 110a. 
A slightly more detailed embodiment of the muxponder described in FIG. 1A is illustrated in FIG. 1B. In this embodiment, four XFP transceivers 110b are employed to interface with four discrete client signals which, as also noted above, could each carry a different client protocol (such as Ethernet, SONET, Fibre Channel, etc). Transceivers 110b communicate with four corresponding encoders/decoders in FEC-SERDES block 120b. In other embodiments, FEC-SERDES block 120b could share a fewer number of encoders/decoders (depending upon the application and the various protocols employed). These four encoded client signals 122b are transmitted to/from transceiver 140b (in this embodiment, combined with modulation/demodulation circuitry, shown separately as block 135a in FIG. 1A). Transceiver 140b generates four subcarrier signals (subchannels), utilizing common wavelocker 130b, which are combined by multiplexer 150b (and demultiplexed on the receive side via demultiplexer 160b) to interface with the line side of the transmission fiber.
As will be discussed below in the context of the present invention, the basic muxponder illustrated in FIGS. 1A and 1B can include various embodiments employing differing combinations of client signal protocols, client transceiver interface standards, modulation schemes, and optional subcarrier multiplexing with one or more fixed or independently tuned lasers (as well as fixed or tunable filters) to implement virtually any number of subchannels.
Regardless of which embodiment is employed, however, the client traffic remains potentially vulnerable to attack. For example, sophisticated eavesdroppers may tap the fiber, extract the information from a particular ITU channel (or subchannel) and attempt to decrypt the associated client signal (or portion thereof, if the client signal is divided among subchannels across multiple ITU channels).
Most existing security schemes for protecting client traffic in WDM networks involve encryption of data at the data link layer. Significantly enhanced security can be attained, however, by also securing the physical transmission of client traffic at the optical layer.