Lecture: 6 Network Survivability and Robustness

Ajmal Muhammad, Robert ForchheimerInformation Coding Group

ISY Department

Outline

Introduction to Network Survivability Protection Techniques Classification

Link failure, equipment failure Path protection, link protection Dedicated resources, shared resources

Physical Layer Attacks Optical Network Component Vulnerabilities

Fibers, switches, amplifiers Protection and Prevention of Attacks

Network Survivability

A very important aspect of modern networks Optical fibers with extremely large capacity has becomes dominant

transport medium. Interruption for even short period of time may have disastrous

consequences. No service provider is willing to accept unprotected networks anymore.

Restoration = function of rerouting failed connections

Survivability = property of a network to be resilient to failure

Requires physical redundancy and restoration protocols.

Optics in the Internet

SONET

DataCenter SONET

SONET

SONET

DWDM DWD

M

Access

Long HaulAccess

MetroMetro

Protection and Restoration in Internet

A well defined set of restoration techniques already exists in the upper electronic layers:

ATM/MPLS IP TCP

Restoration speeds in different layers: BGP-4: 15 – 30 minutes OSPF: 10 seconds to minutes SONET: 50 milliseconds Optical Mesh: currently hundred milliseconds to minutes

Why Optical Layer Protection?

Advantages: Speed Efficiency

Limitations Detection of all faults not possible (3R). Protects traffic in units of lightpaths. Race conditions when optical and client layer both try

to protect against same failure.

Protection Techniques Classification

Restoration techniques can protect the network against: Link failures

Fiber-cables cuts and link devices failures (amplifiers) Equipment failures

OXCs, OADMs, electro-optical interface

Protection can be implemented in: Optical channel sub-layer (path protection) Optical multiplex sub-layer (link protection)

Different protection techniques for: Ring networks Mesh networks

Protection in Ring Network

1+1 Path Protection

Used in access rings for traffic aggregation into

central office

1:1 Link Protection

Used for inter-office rings

1:1 Span and Link Protection

Used in metropolitan or long- haul rings

Unidirectional Path Switched Ring Bidirectional Link Switched Ring Bidirectional Link Switched Ring

Unidirectional Path Switched Ring (UPSR)

Signal sent on both working and

protected path

Best quality signal selected

Receiving Traffic

N1 send data to N2

N1N2

Outside Ring = WorkingInside Ring = Protection

Sending Traffic

N4

N3

1+1 Protection

Traffic is sent over two parallel paths, and the destination selects a better one.

In case of failure, the destination switch onto the other path.

Pros: simple for implementation and fast restoration

Cons: waste of bandwidth

Bidirectional Link Switched Ring (2-Fiber BLSRs)

Sending/ReceivingTraffic

Sending/ReceivingTraffic

N1 send data to N2 & N2 replies to N1

Both Rings = Working & Protection

N1N2

N4

N3

1:1 Protection

During normal operation, no traffic or low priority traffic is sent across the backup path.

In case failure both the source and destination switch onto the protection path.

Pros: better network utilization. Cons: required signaling overhead, slower restoration.

Protection in Mesh Networks

Working Path

Backup Path

Network planning and survivability design Disjoint path idea: service working route and its backup

route are topologically diverse Lightpaths of a logical topology can withstand physical

link failures

Reactive A search is initiated to find a

new lightpath which does not use the failed components after the failure happens.

It can not guarantee successful recovery,

Longer restoration time

Proactive Backup lightpaths are

identified and resources are reserved at the time of establishing the primary lightpath itself.

100 percent restoration Faster recovery

Reactive / Proactive

Taxonomy

Path Protection

Dedicated Path Protection Shared Path Protection

• Backup resources are used for protection of multiple links• Assume independent failure and handle single failure• The capacity reserved for protection is greatly reduced

Link and Channel Based Protection

Link-based Protection

Channel-based Protection

Path Switching: restoration is handled by the source and the destination.

Normal Operation

Link Switching: restoration is handled by the nodes adjacent to the failure.

Span Protection: if additional fiber is available.

Link Switching: restoration is handled by the nodes adjacent to the failure.

Link Protection

Path Protection / Link Protection

Outline

Introduction to Network Survivability Protection Techniques Classification

Link failure, equipment failure Path protection, link protection Dedicated resources, shared resources

Physical Layer Attacks Optical Network Component Vulnerabilities

Fibers, switches, amplifiers Protection and Prevention of Attacks

Physical Layer Attacks

Attack: Intentional action against the ideal and secure functioning of the network

Attacks are much more hazardous than component failures as the damage they cause is more difficult to prevent:

Attacks Classification

Service disruption: prevents communication or degrades the quality of service (QoS)All connections and components appear to be functioning well in the optical domain, but the electrical bit error rates (BERs) of the legitimate channels are already impaired

Tapping: compromises privacy by providing unauthorized users access to data, which can then be used for eavesdropping or traffic analyses

Component Vulnerabilities: FibersBending the fiber violates the total internal reflection and causes light to leak outside the fiber

Exploiting fiber nonlinearities: cross-phase modulation and Raman effects may cause a signal on one wavelength to amplify or attenuate a signal on another wavelengthCo-propagate a malicious signal on a fiber and decrease QoS or tap legitimate signals

Commercial tapping devices introduce losses less than 0.5 dB and some even below 0.1 dB

Photodetector can pick up such leakage anddeliver the transmitted content to the intruder

Optical SwitchesOptical switches are prone to signal leakage, giving rise to crosstalk

Inter-channel crosstalk: occurs between signals on adjacent channels. Can be eliminated by using narrow pass-band receivers.

Intra-channel crosstalk: occurs among signals on the same wavelengths, or signals whose wavelengths fall within each other’s receiver pass-band.

Crosstalk levels of optical switches range from -35 dB (SOA, liquid crystal, electro-optical, thermo-optical) to -55 dB for MEMS.

Malicious users can take advantage ofthis to cause service degradation and/or perform eavesdropping

ExamplesTapping attack exploiting intra-channel crosstalk in an optical switch

Jamming attack exploiting intra-channel crosstalk in an optical switch

If a tapper gains access to upper output port, part of the signal at lambda 2 is delivered straight into his hands

Attacker injects a high-powered signal on the sameWavelength (in-band jamming) as other legitimate data signals.

Components of the high-power signal will leak onto adjacent channels, impairing the quality of thetransmission on those signals

Optical AmplifiersErbium-doped fiber amplifiers (EDFAs) are the most commonly used amplifier in today’s WDM networks.

An optical amplifier is characterized by its gain, gain bandwidth, gain saturation, polarization sensitivity and amplifier noise.

The distribution of excited electrons is not uniformat various levels within a band

The gain of an EDFA depends on the wavelength of the incoming signal with a peak around 1532 nm

Can be compensated by employing passive or dynamicgain equalization

Gain Competition in EDFAThe limited number of available upper-state photons necessary for signal amplification must be divided among all incoming signals.

Each of the signals is granted photons proportional to its power level, which can lead to gain competition.

Stronger incoming signals receive more gain, while weaker signals receive less

Gain competition can be exploited to create service disruptionA malicious user can inject a powerful signal on a wavelength different from those of other legitimate signals (out-of-band jamming), but still within the pass-band of the amplifier.

The stronger malicious signal will get more gain than weaker legitimate signals, robbing them of power.

Qos level of the legitimate signals will deteriorate, potentially leading to service denial.

Equip amplifiers with input and output power monitoring capability

Low Power QoS AttackOptical splitter is attached at the head of link AB to attenuate the propagation power by a certain amount (7 dB).

Link AB OSNR degradation for LP1 & LP3 exacerbate to 18.5 dB.

Attack is able to propagate by taking advantage of the OXC equalizations.

Equalizer in node B will attenuate LP2

to ensure the flat power spectrum on link

BC

7 dB attenuation

The amplifier (with gain control of 15 dB) are placed such that each can exactly compensate the loss introduced by the preceding fiber spans

75 km

Performance metrics of each channel measured at different places of the network

Make the network moresensitive to the abnormalchanges

Performance monitoring at the amps & OXCs shouldbe aware of the real-timeLP configuration and varythe alarming thresholdsaccordingly

Protection and Prevention of AttacksAchieving complete protection requires large investments by the network operator.

Hardware measures- shielding the fiber, additional equipment capable of limiting excessive power (e.g., optical limiting amplifiers, variable optical attenuators or optical fuses). Use components with lower crosstalk levels.

Transmission schemes- applying different modulation and coding techniques, limiting the bandwidth and power of certain signals.

Architecture and protocol design- identifying and avoiding risky links or assigning different routes and wavelengths to separate trusted from untrusted users.

Optical encryption- protect communication confidentiality by making it incomprehensible to an eavesdropper.