1 / 28

Lecture: 6 Network Survivability and Robustness

Lecture: 6 Network Survivability and Robustness. Ajmal Muhammad, Robert Forchheimer Information Coding Group ISY Department. Outline. Introduction to Network Survivability Protection Techniques Classification Link failure, e quipment failure Path protection, link protection

serge
Download Presentation

Lecture: 6 Network Survivability and Robustness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture: 6 Network Survivability and Robustness Ajmal Muhammad, Robert Forchheimer Information Coding Group ISY Department

  2. Outline • Introduction to Network Survivability • Protection Techniques Classification • Link failure, equipment failure • Path protection, link protection • Dedicated resources, shared resources • Physical Layer Attacks • Optical Network Component Vulnerabilities • Fibers, switches, amplifiers • Protection and Prevention of Attacks

  3. Network Survivability A very important aspect of modern networks • Optical fibers with extremely large capacity has becomes dominant transport medium. • Interruption for even short period of time may have disastrous consequences. • No service provider is willing to accept unprotected networks anymore. Restoration= function of rerouting failed connections Survivability = property of a network to be resilient to failure Requires physical redundancy and restoration protocols.

  4. Data Center SONET SONET SONET SONET DWDM DWDM Metro LongHaul Metro Access Access Optics in the Internet

  5. Protection and Restoration in Internet A well defined set of restoration techniques already exists in the upper electronic layers: • ATM/MPLS • IP • TCP Restoration speeds in different layers: • BGP-4: 15 – 30 minutes • OSPF: 10 seconds to minutes • SONET: 50 milliseconds • Optical Mesh: currently hundred milliseconds to minutes

  6. Why Optical Layer Protection? Advantages: • Speed • Efficiency Limitations • Detection of all faults not possible (3R). • Protects traffic in units of lightpaths. • Race conditions when optical and client layer both try to protect against same failure.

  7. Protection Techniques Classification Restoration techniques can protect the network against: • Link failures • Fiber-cables cuts and link devices failures (amplifiers) • Equipment failures • OXCs, OADMs, electro-optical interface Protection can be implemented in: • Optical channel sub-layer (path protection) • Optical multiplex sub-layer (link protection) Different protection techniques for: • Ring networks • Mesh networks

  8. Protection in Ring Network Unidirectional Path Switched Ring Bidirectional Link Switched Ring Bidirectional Link Switched Ring 1+1 Path Protection Used in access rings for traffic aggregation into central office 1:1 Span and Link Protection Used in metropolitan or long- haul rings 1:1 Link Protection Used for inter-office rings

  9. Unidirectional Path Switched Ring (UPSR) Signal sent on both working and protected path Best quality signal selected Receiving Traffic Sending Traffic N2 N1 Outside Ring = Working Inside Ring = Protection N3 N4 N1 send data to N2

  10. 1+1 Protection • Traffic is sent over two parallel paths, and the destination selects a better one. • In case of failure, the destination switch onto the other path. • Pros: simple for implementation and fast restoration • Cons: waste of bandwidth

  11. Bidirectional Link Switched Ring (2-Fiber BLSRs) Sending/Receiving Traffic Sending/Receiving Traffic N2 N1 Both Rings = Working &Protection N3 N4 N1 send data to N2 & N2 replies to N1

  12. 1:1 Protection • During normal operation, no traffic or low priority traffic is sent across the backup path. • In case failure both the source and destination switch onto the protection path. • Pros: better network utilization. • Cons: required signaling overhead, slower restoration.

  13. Protection in Mesh Networks Network planning and survivability design • Disjoint path idea: service working route and its backup route are topologically diverse • Lightpaths of a logical topology can withstand physical link failures Working Path Backup Path

  14. Reactive / Proactive Reactive • A search is initiated to find a new lightpath which does not use the failed components after the failure happens. • It can not guarantee successful recovery, • Longer restoration time Proactive • Backup lightpaths are identified and resources are reserved at the time of establishing the primary lightpath itself. • 100 percent restoration • Faster recovery Taxonomy

  15. Path Protection Dedicated Path Protection Shared Path Protection • Backup resources are used for protection of multiple links • Assume independent failure and handle single failure • The capacity reserved for protection is greatly reduced

  16. Link and Channel Based Protection Link-based Protection Channel-based Protection

  17. Normal Operation Path Switching: restoration is handled by the source and the destination. Link Switching: restoration is handled by the nodes adjacent to the failure. Span Protection: if additional fiber is available. Link Switching: restoration is handled by the nodes adjacent to the failure. Link Protection Path Protection / Link Protection

  18. Outline • Introduction to Network Survivability • Protection Techniques Classification • Link failure, equipment failure • Path protection, link protection • Dedicated resources, shared resources • Physical Layer Attacks • Optical Network Component Vulnerabilities • Fibers, switches, amplifiers • Protection and Prevention of Attacks

  19. Physical Layer Attacks Attack: Intentional action against the ideal and secure functioning of the network Attacks are much more hazardous than component failures as the damage they cause is more difficult to prevent:

  20. Attacks Classification Service disruption: prevents communication or degrades the quality of service (QoS) • All connections and components appear to be functioning well in the optical domain, but the electrical bit error rates (BERs) of the legitimate channels are already impaired Tapping: compromises privacy by providing unauthorized users access to data, which can then be used for eavesdropping or traffic analyses

  21. Component Vulnerabilities: Fibers Bending the fiber violates the total internal reflection and causes light to leak outside the fiber Exploiting fiber nonlinearities: cross-phase modulation and Raman effects may cause a signal on one wavelength to amplify or attenuate a signal on another wavelength • Co-propagate a malicious signal on a fiber and decrease QoS or tap legitimate signals Commercial tapping devices introduce losses less than 0.5 dB and some even below 0.1 dB Photodetector can pick up such leakage and deliver the transmitted content to the intruder

  22. Optical Switches Optical switches are prone to signal leakage, giving rise to crosstalk Inter-channel crosstalk: occurs between signals on adjacent channels. Can be eliminated by using narrow pass-band receivers. Intra-channel crosstalk: occurs among signals on the same wavelengths, or signals whose wavelengths fall within each other’s receiver pass-band. Crosstalk levels of optical switches range from -35 dB (SOA, liquid crystal, electro-optical, thermo-optical) to -55 dB for MEMS. Malicious users can take advantage of this to cause service degradation and/or perform eavesdropping

  23. Examples Tapping attack exploiting intra-channel crosstalk in an optical switch Jamming attack exploiting intra-channel crosstalk in an optical switch If a tapper gains access to upper output port, part of the signal at lambda 2 is delivered straight into his hands Attacker injects a high-powered signal on the same Wavelength (in-band jamming) as other legitimate data signals. Components of the high-power signal will leak onto adjacent channels, impairing the quality of the transmission on those signals

  24. Optical Amplifiers Erbium-doped fiber amplifiers (EDFAs) are the most commonly used amplifier in today’s WDM networks. An optical amplifier is characterized by its gain, gain bandwidth, gain saturation, polarization sensitivity and amplifier noise. The distribution of excited electrons is not uniform at various levels within a band The gain of an EDFA depends on the wavelength of the incoming signal with a peak around 1532 nm Can be compensated by employing passive or dynamic gain equalization

  25. Gain Competition in EDFA The limited number of available upper-state photons necessary for signal amplification must be divided among all incoming signals. Each of the signals is granted photons proportional to its power level, which can lead to gain competition. Stronger incoming signals receive more gain, while weaker signals receive less Gain competition can be exploited to create service disruption A malicious user can inject a powerful signal on a wavelength different from those of other legitimate signals (out-of-band jamming), but still within the pass-band of the amplifier. The stronger malicious signal will get more gain than weaker legitimate signals, robbing them of power. Qos level of the legitimate signals will deteriorate, potentially leading to service denial. Equip amplifiers with input and output power monitoring capability

  26. Low Power QoS Attack Optical splitter is attached at the head of link AB to attenuate the propagation power by a certain amount (7 dB). Link AB OSNR degradation for LP1 & LP3 exacerbate to 18.5 dB. Attack is able to propagate by taking advantage of the OXC equalizations. Equalizer in node B will attenuateLP2 to ensure the flat power spectrum on link BC Make the network more sensitive to the abnormal changes Performance monitoring at the amps & OXCs should be aware of the real-time LP configuration and vary the alarming thresholds accordingly The amplifier (with gain control of 15 dB) are placed such that each can exactly compensate the loss introduced by the preceding fiber spans 75 km Performance metrics of each channel measured at different places of the network 7 dB attenuation

  27. Protection and Prevention of Attacks Achieving complete protection requires large investments by the network operator. Hardware measures- shielding the fiber, additional equipment capable of limiting excessive power (e.g., optical limiting amplifiers, variable optical attenuators or optical fuses). Use components with lower crosstalk levels. Transmission schemes- applying different modulation and coding techniques, limiting the bandwidth and power of certain signals. Architecture and protocol design- identifying and avoiding risky links or assigning different routes and wavelengths to separate trusted from untrusted users. Optical encryption- protect communication confidentiality by making it incomprehensible to an eavesdropper.

More Related