Patent Application
20090074418
The present invention relates to optical add drop multiplexers (OADMs).
A number of papers, for example Jigesh K. Patel, Sung U. Kim, David H. Su, Suresh Subramaniam, Hyeonig -Ah Choi “A Framework for Managing Faults and Attacks in WDM Optical Networks”—supported in lo part by the DAPRA under grant N66001-00-18949 and Shut-Kit Chan, Frank Tong, Lian-Kuan Chen, Dennis Lam “Demonstration of a Fault-Tolerant WDM add-drop/branching Unit for Long Haul Optical Transmission Systems”. IEEE Photonics Technology Letters, vol 11, No. 8, August 1999 discuss a problem of managing faults and attacks in WDM optical networks, and a model of a fault-tolerant add-drop branching unit. Such a unit is planned to detect fiber cuts and failures of optical amplifiers. All operations performed in the discussed unit are based on checking and comparing power of the received, added and dropped signals.
US patent application 2004/0175179 describes a self-adjusting optical add-drop multiplexer (OADM), and optical network using same. The self-adjusting optical add-drop multiplexer monitors the power in a drop signal and attenuates the power in an add signal to match the power in express WDM channels (signals). When used in a fiber network, and more particularly, in a metro network, the deleterious effects of optical amplification are reduced. Power attenuation is also used in an optical switching assembly particularly useful in two-fiber ring network. The optical switching assembly monitors drop channels from the two rings of the network and attenuates the add channel(s) accordingly. An optical switch operates to direct the drop signal from one of the two rings to a receiver in accordance with a control signal based on the monitored drop channels. The self-adjusting optical add-drop multiplexer also monitors the power in the drop signals and issues an alarm if the drop signal is of a power level above or below predetermined levels.
It should be noted that the above self-adjusting OADM sets a task of adjusting (equalizing) powers of added, dropped and through channels. It does not pay any attention at all to a possibility of penetration, into the optical network, of a signal having a wrong (or non-exact) optical wavelength, or an optical wavelength issued from a foreigner source.
US published patent application 2004/0109685 A1 describes an OADM comprising a demultiplexer wherein each optical channel is being marked with a pilot tone for channel identification and monitoring. The pilot tones are detected, cleaned from ghost tones, and then re-inserted in the respective optical channels being fed into the multiplexer of the OADM, for multiplexing said optical channels into a WDM output signal.
The above-mentioned 2004/0109685 A1 is intended for monitoring the presence or absence of different optical channels in the network for purposes of management; it does not consider a task of channel authentication and/or security in optical networks. The problem of authentication of optical channels becomes especially important when optical networks utilize novel reconfigurable OADMs.
To the best of the Applicant's knowledge, solutions to such a problem have not been considered in the prior art.
It is therefore the object of the invention to provide a technological solution enabling more safe and secure operation in optical networks utilizing OADMs (especially reconfigurable or tunable OADMs).
The above object can be achieved by providing an OADM assembly comprising a drop unit and an add unit for serving an optical network (preferably, a multi-channel WDM optical network), wherein with respect to at least one optical channel assigned to an optical wavelength λ, said OADM assembly being capable of
In the frame of the present patent application, the term authentication of an optical channel should be understood as checking, for example:
The checking of the dropped channel can be performed by checking whether the signal (first signal) dropped at a port assigned at the OADM for said dropped channel, satisfies one or more specific requirements which are posed in the network and presented in the OADM (with the aid of equipment of its add unit) as one or more components of the second signal which can be produced at least for the purpose of the authentication.
The proposed OADM further incorporates a new feature of allowing or precluding the drop and/or add operations based on the authentication results obtained at the ACU unit.
However, there are other conditions, which should preferably be taken into account by the ACU for deciding whether to perform the add/drop operations, for example such conditions may be as follows:
It should be kept mind that, in the frame of the present application, the drop operation is to be understood as an operation of supplying information dropped from the OADM to an authorized client. The self- checking OADM and the corresponding method may further enable checking a predetermined key/ID/password submitted by a client to the OADM, and allowing the dropping operation only when this key is approved by the OADM.
For processing the authentication results and any additional conditions, and for making the decision concerning the add/drop operations, the ACU comprises a control and processing unit CP.
The most important implementation of such an authentication arrangement is for re-configurable OADMs (ROADM), where the added and the dropped channels can be varied and where the hardware responsible for selecting different channels to be dropped/added is always in a stand-by position. Tunable OADMs can be considered a type of ROADMs.
The authentication and control unit is preferably capable of continuously monitoring said at least one optical channel.
The authentication can be based on detecting, by said authentication and control unit ACU, presence or absence of a predetermined modulating tone in the first signal of an optical channel to be dropped and in the second signal of said optical channel to be added, thereby if both the first signal and the second signal comprise the predetermined modulating tone, said optical channel is authenticated. Preferably, the ACU preliminarily applies the predetermined modulating tone(s) to the carrier wavelength λ, thus obtaining the modulated second signal serving the reference.
For the purpose of the following description:
In one preferred embodiment, the authentication may comprise comparison of the carrier wavelength λd with the corresponding carrier wavelength λa=λ, (actually, with the expected carrier wavelength λ), by comparing their respective carrier frequencies ωλd and ωλ; the authentication and control unit ACU further decides whether to allow the dropping operation and/or the adding operation, based on a result of the comparison.
In the preferred embodiment,
Preferably, the comparator block includes an optic to electric (O/E) converter at its input, for converting optical energy detected at the optical fiber into electrical energy to be inputted into said comparator.
In a further embodiment, the ACU (more particularly, CP of the ACU) should be capable of allowing or not allowing operations of adding/dropping by further taking into account information about expected channels to be dropped/added at specific ports of the OADM, usually provided to the OADM by a Network Management System (NMS).
In this specific case, the ACU of the OADM assembly is capable of performing:
There is also provided a method for performing add/drop operations in an OADM assembly serving an optical network (such as a multi-channel WDM optical network) and comprising a drop unit having a number of ports and an add unit, the method comprises performing the following operations within the OADM assembly:
The method preferably comprises continuous or periodic monitoring of said at least one port of the drop unit for detecting said first signal.
As described above concerning the OADM assembly, the authentication may comprise, for example, checking the fact of presence of a predetermined modulating tone (s) in the first signal; said predetermined modulating tone(s) is/are preliminarily inserted in the second signal to make it suitable for being added to the network.
Further, the modulating tone can be periodically changed in a preliminarily agreed order (say, a digital code applied to the modulation), which is “known” to nodes originating the traffic in the discussed OADM network (but unknown to an intruder trying to penetrate the network with using false optical channels).
Preferably, (alternatively or in addition), the authentication step of said optical channel may comprise:
Using the above approach, the real carrier wavelength λd of the dropped signal is compared with the expected carrier wavelength λ. It can be performed by comparing their respective carrier frequencies ωλd and ωλa, (where ωλa=ω80),
Particularly, the comparison of the wavelengths λa and λd can be performed as follows:
It should be noted that, due to the generally sinusoidal character of the mixed signals, only in case that λb is essentially equal to λa, the filter detects considerable energy at a narrow frequency interval around the intermediate frequency ωλif corresponding to the wavelength λif.
Further, the step of allowing or blocking the operation of adding and dropping preferably comprises taking into account information about:
More specifically, the method may comprise checking a predetermined ID/password submitted to the OADM assembly by a client supposed to receive said first signal, and allowing the dropping operation to said client only when the ID/password is approved by the OADM.
The above method and the suitable OADM equipment allows detecting a) internal faults in the OADM assembly, b) faults/degradations of laser sources of the WDM optical network, which transmit signals to the discussed OADM, as well as c) interference of possible foreign/fraudulent sources of optical signals.
The invention will further be described with reference to the following non-limiting drawings, in which:
FIG. 2—illustrates one exemplary embodiment of the authentication and control unit ACU of the OADM, based on comparing wavelengths of a channel to be dropped and a corresponding channel ready to be added.
FIG. 3—illustrates another specific embodiment of the OADM, wherein its Authentication and Control unit ACU is based on detecting an expected modulating tone in an optical signal to be dropped.
a and 4b—illustrate exemplary tables presenting the proposed add/drop control mechanism of the self-checking OADM, taking into account instructions obtained at the OADM from a Network Management System (NMS).
Each of the tunable lasers TL1, TL2, . . . TLn is respectively associated with a data modulating block 17(1), 17(2) . . . 17(n) which can be placed either before switch 25, or after switch 25. A Network Management System NMS schematically marked 13 controls the OADM assembly 10 via its ACU 16.
In the illustrated diagram, the ACU 16 is adapted to continuously check an optical channel to be dropped, that has a carrier wavelength λ1d. The checking procedure is performed as follows:
If the two signals coincide (i.e., one or more of their components are substantially equal, depending on a number of conditions preliminarily set)—the channel associated with λ1d is authenticated and the drop operation can be allowed (control arrow 22 to the switch 23). We keep in mind that, in the frame of the present application, the drop operation is to be understood as an operation of supplying information dropped from the OADM, to an authorized client. The method and the corresponding self-checking OADM may further ensure checking a predetermined key/password submitted by a client 19 to the OADM (i.e., to its ACU), and allowing the dropping operation only when the key is approved by the OADM.
If the corresponding add operation is required according to the instruction of NMS 13, it can also be allowed, though detailed conditions of allowing the add/drop operations will be discussed later on, with reference to
In this drawing, functions of the ACU 16A are illustrated with respect to one optical channel only, but analogous operations can be simultaneously performed with respect to other optical channels, whenever required: similar ACU assemblies, or a combined ACU can be built to serve multiple optical channels.
The ACU 16A comprises a first mixer block 26 coupled with a generator 27 of frequency ωλif, a second mixer block 28, a narrowband optical filter 30 for detecting frequencies in close proximity to ωλif, an optic to electric (O/E) converter 31, a comparator 32 and a control processing unit CP 34. Input ports of CP 34 receive commands from NMS 13, optionally from a client 36. Output ports of CP 34 issue internal control instructions in the OADM assembly 10. Output ports of the CP 34 activate one or more required tunable lasers from the group 15, and control the drop operation and the add operation of the OADM assembly via the schematically shown switches 23 and 25, respectively. CP may also report results of the authentication process to the NMS.
The second signal 120 has the carrier frequency ωλ1a and optionally carries data added at the modulator 17(1). It is mixed (multiplied) at the first mixer block 26 with a signal having frequency ωλif, produced by the generator 27. The result of the first mixing is a control signal having the altered frequency ωλ1a±ωλif, which appears at the output of the first mixer block 26.
The control signal is further fed to the second optical mixer block 28, where it is mixed (multiplied) with the first signal 118 arriving from the drop unit 12 at the carrier frequency ωλ1d.
The result of the second mixing will be called a mixed signal; it is further fed to the fixed optical narrowband filter 30 adjusted to detect signals in the vicinity to the frequency ωλif.
For simplicity of the description, let us assume that all the signals are sinusoidal. Trigonometric mathematical transformations show that the mixed signal will comprise a detectable component around the above-mentioned frequency only when
λ1(d)=λ1(a), i.e., λ1(d)=λ.
(One example of the calculation will be presented below.)
Upon converting the signal detected by the optical filter 30 into electric form (by the O/E converter 31), the comparator 32 compares energy of the signal with a predetermined threshold Th, and provides the result to the CP block 34. Based on that, the CP 34 decides whether to confirm authentication of the optical channel to be dropped, and whether to allow the drop and/or add operations taking into account information obtained from the NMS 13 and, optionally, from modules 35 checking the dropped signal according to other parameters, and/or from the client 19.
Example of the calculation:
Let us check, using a specific example, how the proposed two-stage mixing of sinusoidal signals helps performing authentication of an optical channel to be dropped.
Remember that
cos(α)cos(62 )=½[cos(α+β)+cos(α−β)] (1)
Let the interacting three signals are as follows:
1. When a second signal is mixed (multiplied) with the control signal, the following signal is obtained:
B cos(ωλ1t)*cos(ωλift); (2)
2. When the obtained signal is further mixed (multiplied) with the first signal, the following mixed signal is obtained:
A(t)B cos(ωλ1t)*cos(ωλift)*cos(ωλdt) (3)
3. By applying the above-mentioned trigonometric transforming equation (1) to the first two “cos” functions in the signal (3), the above expression can be written down as follows:
½ A(t)B{cos[(ωλ1−ωλif)t]+cos[(ωλ1+ωλif)t]}cos(ωλdt) (4)
To transform the whole expression (4), let us multiply:
½ A(t)B{cos[(ωλ1−ωλif)t]*cos(ωλdt) (4a), and
½ A(t)B{cos[(ωλ1+ωλif)t]*cos(ωλdt) (4b)
If we apply the trigonometric equation (1) to (4a), we will obtain:
¼ A(t)B{cos[(ωλd−ωλ1+ωλif)t]+cos[(ωλd+ωλ1−ωλif)t]}
If we apply the trigonometric equation (1) to (4b), we will obtain:
¼ A(t)B{cos[(ωλ1+ωλif+ωλd)t]+cos[(ωλ1+ωλif−ωλd)t]}
4. If now we assume that λ1=λd, both the part (4a), and the part (4b) of the signal (4) will look as follows:
¼ A(t)B{cos(ωλift)+cos(2ωλ1−ωλif)t} (4c)
Therefore, the complete signal (4) will look as follows:
½ A(t)B{cos(ωλift)+cos(2ωλ1−ωλif)t} (4d)
The above means that if the assumption is true, the first component of the signal (4d) can be detected, with a considerable amplitude ½ A(t)B, by a narrowband filter at the frequency ωλif (or at the wavelength λif). The second component “cos(2ωλ1−ωλif)t” of the signal (4d) will be spaced, by wavelength and frequency, quite far from the first component and cannot be detected by the narrowband filter of frequency ωλif. Therefore, if λ1=λd of the dropped signal, that fact can be confirmed by detecting expected energy at the wavelength λif.
The remaining component “cos(2ωλ1−ωλif)t” will be just filtered out by the narrowband filter.
5. If, by any mistake or by purpose λd=λ2 ( i.e., λd is not equal to λ1), the signal (4) will comprise two components, each being as follows:
¼ A(t)B{cos[(ωλ1+ωλ2)t]+cos[(ωλ1+ωλif−ωλ2)t]}
In such a case, none of the components of signal (4) will be detected by the narrowband filter at the wavelength λif (no energy will be detected at the output of the narrowband filter of ωλif). This fact can serve the evidence that the dropped channel has the wavelength different than that of the channel which is supposed to be added instead of the dropped one.
A first optical signal 218 to be dropped via the OADM, having the carrier wavelength λ1d (or the carrier frequency ωλ1d) and supposedly modulated by a predetermined modulation tone(s), is applied to an optic/electric converter 40 illustrated as a light diode. The obtained electrical signal is applied to an electrical tunable filter 42 adjusted to the frequency of the expected predetermined modulation tone(s).
In the add block of the proposed OADM, the mentioned predetermined modulating tone (modulating frequency) should be preliminarily applied to the carrier wavelength λ1a of the optical channel which is ready for replacing the corresponding dropped channel having the wavelength λ1d. It is performed using a modulating frequency (MF) block 44 which can be controlled by NMS, and preferably via the CP 54 of ACU 16B. To provide a reference for checking the first signal, the modulating frequency is to be extracted from the second signal 220, using the O/E converter 46 and the tunable electrical filter 48. Further, for the case of FM modulation, two filtered signals are detected by two respective detectors of the modulation frequency: FM detector 50 and FM detector 52. Outputs of the detectors 50 and 52 are compared by a comparator (such as a correlator) 53, and the result of comparison is fed to one of inputs of a control-processing block CP which is marked 54 in this figure. Other inputs of the CP 54 serve for: receiving instructions from NMS or other managing entity (preferably), receiving ID data from a client supposed to obtain the dropped channel (optionally), and may also serve for receiving additional information (optionally), for example concerning other parameters checked in the channel to be dropped (say, its wavelength, as proposed in
It should be noted that an additional code may be transmitted over the predetermined modulation tone, for further detecting and identifying at the OADM. The additional code can be applied using modulation techniques other than that of the modulating tone, for example using PSK, etc.
a and 4b—illustrate an example of add/drop mechanism (in the table form) for the proposed self-checking OADM; the mechanism is based on monitoring the presence of the optical channel to be dropped and on the result of authentication of that channel and other conditions (though they are not all reflected in the tables, for example confirming the client's ID). The mechanism is implemented by a Control and Processing unit. One important assumption of the algorithm is that the Network Management System (NMS) is updated about the present status of channels which should exist in the network. Another important assumption is that NMS never requests adding a specific channel to the network link if that channel is considered by the NMS to be already present in that link. In the tables 4a and 4b, it is assumed that NMS has ordered adding the channel with the wavelength λ1a (either instead of the dropped one λ1d, or to the suitable free channel in a WDM link).
a illustrates an example of the add/drop mechanism in the self-checking OADM assembly 10, where the ACU is based on comparing the carrier wavelengths of a channel to be dropped and of a corresponding channel to be added. One may notice that in cases where the status of the dropped channel according to NMS contradicts to the internally checked presence of a signal in the expected channel (see lines 1, 4 of the table 4a), the ACU of the OADM states the situation of fault/fraud and does not allow the drop and add operations.
b illustrates a similar table, which can be built when another criterion is checked for authentication of an optical channel to be dropped via the OADM 10. In this table, the criterion is the presence or absence of a pre-determined modulating tone in the signal of a channel to be dropped, equal to that which is inserted in the signal of the corresponding channel to be added at the OADM. One may note that the table 4b is just the table 4a where the second column is replaced with analogous information related to the modulating tones (please refer to
One should appreciate that other embodiments of the Authentication and Control unit (ACU) of an OADM assembly could be presented and considered part of the invention, the ACU should be capable of comparing a signal created at the add unit of the OADM for a particular optical channel with a signal dropped by the drop unit of the OADM in the same optical channel, and capable of deciding whether to allow dropping of that channel to the client, and/or adding thereof to the network.
| Number | Date | Country | Kind |
|---|---|---|---|
| 174229 | Mar 2006 | IL | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/IL2007/000309 | 3/8/2007 | WO | 00 | 9/9/2008 |
