CN100438434C - Method for isolating rejection service source and its passive optical network system - Google Patents
Method for isolating rejection service source and its passive optical network system Download PDFInfo
- Publication number
- CN100438434C CN100438434C CNB2005101006519A CN200510100651A CN100438434C CN 100438434 C CN100438434 C CN 100438434C CN B2005101006519 A CNB2005101006519 A CN B2005101006519A CN 200510100651 A CN200510100651 A CN 200510100651A CN 100438434 C CN100438434 C CN 100438434C
- Authority
- CN
- China
- Prior art keywords
- optical network
- optical
- line terminal
- network unit
- unit onu
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The present invention discloses a method for isolating denial of service sources and a passive optical network system using the method. The present invention relates to the technology of a passive optical network. The method comprises that signal detection modules carry out real-time detection to all ascending data channels from optical network units to optical line terminals; if a test result indicates that an optical network system lies in a denial of service state, control modules control execution modules to switch off the ascending data channels with the denial of service state. The corresponding system comprises a switching unit which correspondingly controls the switching-on or the switching-off of the ascending data channels according to the test result, wherein the switching unit comprises the control modules and the execution modules; the control modules correspondingly control the execution modules to switch on or switch off the ascending data channels according to the test result. The present invention can carry out isolation to the denial of service sources and avoid the influence on other users in the network.
Description
[technical field]
The present invention relates to passive optical network technique, relate in particular to the method for isolating rejection service source and use the passive optical network of this method.
[background technology]
EPON, be PON (Passive Optical Network), a kind of technology of being born in beginning of the nineties late 1980s, passing through nearly 20 years development, obtain operator gradually and the consistent of equipment vendor favored, especially in prefect dielectric network and Optical Distribution Network (ODN:Optical Distribution Network), do not have the characteristic of source device, winning the praise of operator now especially, be considered to the developing direction of broadband access technology.But the survivability of EPON always is subjected to comprising many people's of equipment operator and equipment vendor query, reason is that the burst TDMA multiplex technique that EPON adopts can cause EPON denial of service (DOS:Denial ofService) to occur, even makes the EPON state that paralyses.
Fig. 1 is EPON tree topology figure, in EPON, down direction adopts broadcast mode, optical line terminal (OLT:Optical Line Termination) sends or broadcast data to all optical network units that is attached thereto (ONU:Optical Network Unit) by the power division mode of passive optical splitter, and optical network unit ONU is filtered according to the predefined ID of internal system and received the data that belong to self; And at up direction, then each passive optical splitter receives the upstream data from each optical network unit ONU, and the principle that converges by passive light power carries out data to send optical line terminal OLT to after multiplexing.In order to guarantee that the upstream data that each optical network unit ONU sends in the up direction does not clash, optical line terminal OLT equipment must be found range to each optical network unit ONU, control the moment and the duration that each optical network unit ONU is occupied up optical link according to the range finding result simultaneously, require each optical network unit ONU must adopt the time division multiple access multiplex mode (TDMA:Time DivisionMultiple Access) of burst to send upstream data simultaneously.Under normal circumstances, each optical network unit ONU all takies data feedback channel transmission data according to the mandate of optical line terminal OLT, and network signal conflict can not occur.But breaking down at optical network unit ONU equipment does not respond the mandate of optical line terminal OLT and when taking data feedback channel at random or forever, and when perhaps malicious user arbitrarily took data feedback channel, the DOS problem promptly appearred in the EPON state that can paralyse.At this moment, OLT can recognition system be absorbed in the DOS state, but because the sourceless characteristic of branch node, and can't locate is that problem has appearred in ONU equipment in which branch.In order to address the above problem, two kinds of methods are arranged at present:
First method is to adopt artificial investigation mode.Be provided with in passive optical network that identification denial of service (DOS) error code characteristic value---certain threshold value, OLT monitors the error code situation of upstream data afterwards, and compares with set point.When discovery is out-of-limit, all ONU equipment of OLT deexcitation, or in certain considerable time, forbid that all ONU take data feedback channel.At this moment, if OLT still can receive upstream data, then the faulted ONU equipment or the malicious user of denial of service appears causing in system really, OLT informing network management system provides effective warning information in view of the above, has faulted ONU equipment or malicious user in the system for prompting operator EPON and has caused the denial of service state to occur.
Though can recognition system there be the denial of service state in such scheme, and provides warning information, still has following shortcoming:
Can not locate the faulted ONU equipment or the malicious user of the problem that causes, if fault location ONU place branch road needs artificial investigation, thereby cause efficient low, the cost height; Can not the location malicious user because it is oversize manually to investigate the time, malicious user may temporarily be left away, or be revised as voluntarily legal; Network is very long break period, has a strong impact on network service quality.
Second method is to introduce uplink optical signal detection module (DET:Detector) in passive optical network.As shown in Figure 2, introduce an online uplink optical fibers state/signal detection module DET in system, online detection is from the upward signal of each ONU.When DOS appears in the OLT system of recognizing, then be positioned on which branch road to DET module inquiry DOS source, thereby judge it is where which ONU equipment fault or malicious user are positioned at by communication port C.
Though rejection service source can be discerned and locate to this kind method, can not disconnect or isolating rejection service source, if will disconnect or isolating rejection service source, then need artificial disconnection or other means.
In sum, there is following shortcoming in existing EPON:
On the one hand, although existing OLT equipment can be by up characteristic, the denial of service state appears in identification and affirmation system, and provides warning information, system for prompting operator system is in the denial of service state, but can't provide the concrete faulted ONU equipment or the position of malicious user; Although artificial arrange distinguish method can find the position of faulted ONU equipment or malicious user, can cause network long break period, inefficiency, cost height.On the other hand,, can not isolate, thereby have influence on other user of network rejection service source though can determine the position of rejection service source by signal detection module DET.
[summary of the invention]
The technical problem to be solved in the present invention provides a kind of method of isolating rejection service source and uses the passive optical network of this method, can discern and locate the rejection service source in the passive optical network, and this rejection service source is isolated.
The present invention realizes by following technical scheme:
The method of isolating rejection service source may further comprise the steps:
101, signal detection module detects in real time to the upstream data passage of all optical network units to optical line terminal, and optical network unit is at least two; 102, if testing result display light network system is in the denial of service state, then control module control Executive Module disconnects the upstream data passage of rejection service source correspondence.
Further comprise in the step 102: optical line terminal is inquired about the position of optical network unit in optical network system that the denial of service state occurs by communication port to signal detection module, sends the signal of the upstream data passage that disconnects this optical network unit correspondence at last to control module by communication port.
Further comprise in the step 102: signal detection module sends to control module to testing result, and control module is further controlled the upstream data passage that Executive Module disconnects the optical network unit correspondence that the denial of service state occurs according to predetermined strategy.
Further comprise in the step 101:
401, optical line terminal sends data with the time division multiple access multiplex mode to all optical network units by Optical Distribution Network, and all optical network units filter according to the predefined ID in optical network system inside and receive the data that belong to self;
402, all optical network units are shared the upstream data passage with burst time division multiple access multiplex mode, send upstream data to optical line terminal.
The inner predefined ID of optical network system can be the address in the step 401, also can be the attribute-bit of packet ownership.
Use the passive optical network of the method for isolating rejection service source, comprise: optical line terminal and the optical network unit that can realize data interaction, also comprise: signal detection module, be used for the upstream data passage of all optical network units to optical line terminal detected in real time, optical network unit is at least two; Switch element is used for correspondingly controlling the upstream data passage according to testing result and opens or turn-off.
Further improvement of the present invention is: described switch element comprises control module and Executive Module; Described control module is correspondingly controlled Executive Module according to testing result and is opened or turn-off described upstream data passage.
Further improvement of the present invention is that described control module comprises at least:
Be used for the communication interface modules that communicates with optical line terminal and Executive Module;
Be used to receive instruction, and change into the message processing module of the instruction that Executive Module can discern from optical line terminal.
Further improvement of the present invention is: described control module is positioned at the inside of optical line terminal.
Further improvement of the present invention is: described Executive Module is a switch or switch arrays.
Further improvement of the present invention is: described switch element is tunable optical splitter or controllable light switch arrays.
Owing to adopt above-mentioned technical scheme, the present invention does not need to disconnect EPON just can realize location to rejection service source, has improved the quality of network, does not need manual intervention, has saved working procedure, has reduced the cost of the network operation; The present invention can isolate rejection service source, avoids other user of network to be affected.
[description of drawings]
Fig. 1 is EPON tree topology figure.
Fig. 2 is the passive optical network figure with signal detection module DET.
Fig. 3 is passive optical network figure of the present invention.
Fig. 4 is the passive optical network figure that has faulted ONU equipment.
Fig. 5 is the passive optical network figure that has malicious user.
Fig. 6 is the connection diagram of control module (CON) concrete structure in passive optical network.
Fig. 7 is to use the passive optical network figure of tunable optical splitter.
Fig. 8 is to use the passive optical network figure of controllable light switch arrays.
[embodiment]
As shown in Figure 3, the passive optical network among the present invention comprises: optical communication subsystem Subsys_0, control module CON and Executive Module EXE, wherein, optical communication subsystem Subsys_0 comprises a signal detection module DET at least.Optical line terminal OLT is passed through by key light splitter SP with from optical branching device SP_sub0 and SP_sub1 and main fiber FR, branch road optical fiber (FB0_0, FB0_1, FB1_0, FB1_1) Optical Distribution Network ODN of Zu Chenging and optical network unit ONU 0 and ONU1 carry out data interaction, by from optical branching device SP_sub0 and SP_sub1 optical network unit ONU 0 and ONU1 being detected in real time to the upstream data passage of optical line terminal OLT, signal detection module DET and control module CON communicate by communication port C and optical line terminal OLT signal detection module DET respectively.Wherein, communication port C can be wired passage, can also be radio channel.Among the figure, the position of Executive Module EXE is positioned at from the outside of optical branching device SP_sub0 and SP_sub1, also can be positioned at from the inboard of optical branching device SP_sub0 and SP_sub1.
When passive optical network is under the normal state, optical line terminal OLT to optical network unit ONU 0 and ONU1 broadcast data, promptly sends data with time division multiple access multiplex mode TDMA; Optical network unit ONU 0 and ONU1 filter according to the predefined ID in optical network system inside and receive the data that belong to self, and wherein, the inner predefined ID of optical network system can be the address, also can be the attribute-bit of packet ownership; After optical line terminal OLT is found range to optical network unit ONU 0 and ONU1 and registered, control the moment and the duration that optical network unit ONU 0 and ONU1 take the upstream data passage according to the range finding result; Optical network unit ONU 0 and ONU1 share the upstream data passage with burst time division multiple access multiplex mode, send upstream data to optical line terminal OLT, thereby realize the data interaction between optical network unit ONU 0 and ONU1 and the optical line terminal OLT.Simultaneously, signal detection module DET detects in real time to the upstream data passage of optical network unit ONU 0 and ONU1, and under the effect of control module CON, Executive Module EXE keeps the upstream data passage of ONU0 and ONU1 unimpeded.
When passive optical network entered the DOS state, optical line terminal OLT knew that by communication port C system exists faulted ONU equipment or malicious user, and can accurately locate the up link or the optical fiber branch road of this equipment or user's correspondence.Passive optical network exists faulted ONU equipment and malicious user, respectively as shown in Figure 4 and Figure 5.
Practical capacity according to system strategy and control module CON has following 3 kinds of adoptable methods:
1, control module CON to testing result not directly between response or signal detection module DET and the control module CON no communication port and Executive Module EXE and optical line terminal OLT do not have communication link: optical line terminal OLT is assigned the order of closing ONU1 uplink optical fibers branch road by communication port C to control module CON, control module CON then controls the connection between Executive Module EXE cut-out optical fiber branch road FB1_0 and the FB1_1, thereby disconnects the upstream data passage of optical network unit ONU 1.
2, there are communication link in control module CON and signal detection module DET module: control module CON is according to predetermined strategy, directly control Executive Module EXE disconnects the optical fiber connection between FB1_0 and the FB1_1, thereby disconnects the upstream data passage of optical network unit ONU 1.
3, there are communication link in Executive Module EXE and optical line terminal OLT: Executive Module EXE directly under the control of wide line terminal OLT, disconnects the optical fiber link between FB1_0 and the FB1_1, thereby disconnects the upstream data passage of optical network unit ONU 1.
The control module CON of the two kinds of method kinds in front is relatively independent, becomes an independent module; And the control module CON in last a kind of method can be regarded as do not exist or its function very weak, even be positioned at the inside of optical line terminal OLT.
As shown in Figure 6, control module CON of the present invention comprises at least with lower module: communication interface modules CI, message processing module IP, communication interface modules CI communicate by local control interface C3 and communication port C and Executive Module EXE and optical line terminal OLT module respectively; Message processing module IP receives instruction from optical line terminal OLT by state and master information channel C 1 from communication interface modules CI, and change into the instruction that local Executive Module EXE can discern, by local control information channel C 2 instruction is sent to communication interface modules CI then, send to Executive Module EXE by communication interface modules CI again; Control module CON and DET module communicate in the process of implementation, can guarantee the effect of carrying out.
Executive Module EXE then is made up of some switches, can be a switch, also can be switch arrays, and its effect is to cut off or connect corresponding light path according to the instruction of control module CON.These switches can be mechanical, also can be the switches of other meaning, as the light path of cutting off and opening by the decay of adjusting light path.
As shown in Figure 7, the present invention has adopted the tunable optical splitter to finish the function of control module CON and Executive Module EXE, and its position is in the outside from optical branching device.Under the normal operation, the tunable optical splitter is in 50%: 50% operating state, and optical network unit ONU 0 and ONU1 can both to carry out normal data mutual with optical line terminal OLT.
When optical line terminal OLT discovery system enters the DOS state, communicate by letter with signal detection module DET by communication port C, and learn an existence faulted ONU equipment (supposing ONU1) or a failed subs criber (also hypothesis is ONU1) in the system.This moment, optical line terminal OLT was assigned instruction to the tunable optical splitter, indication tunable optical splitter changes the splitting ratio of optical network unit ONU 1, as adjust to 100%: 0% (Optical Receivers of supposing optical network unit ONU 0 saturation condition can not occur), this moment, optical network unit ONU 1 equipment will be opened from circuit interruption, under optical network unit ONU 0 impregnable situation, realized isolation to rejection service source.
As shown in Figure 8, the present invention has adopted the controllable light switch arrays to finish the function of control module CON and Executive Module EXE, basically identical when its operation principle and employing tunable optical splitter.
Claims (11)
1, a kind of method of isolating rejection service source is characterized in that, may further comprise the steps:
101, signal detection module DET detects in real time to the upstream data passage of all optical network unit ONU to optical line terminal OLT, and described optical network unit ONU is at least two;
102, if testing result display light network system is in the denial of service state, then control module CON control Executive Module EXE disconnects the described upstream data passage of rejection service source correspondence.
2, the method for isolating rejection service source according to claim 1, it is characterized in that, further comprise in the step 102: optical line terminal OLT is inquired about the position of the optical network unit ONU that the denial of service state occurs by communication port C to signal detection module DET, sends the signal of the upstream data passage that disconnects this optical network unit ONU correspondence at last to control module CON by communication port C.
3, the method for isolating rejection service source according to claim 1, it is characterized in that, further comprise in the step 102: signal detection module DET sends to control module CON to testing result, and control module CON further controls the upstream data passage that Executive Module EXE disconnects the optical network unit ONU correspondence that the denial of service state occurs according to predetermined strategy.
4, the method for isolating rejection service source according to claim 1 is characterized in that, further comprises in the step 101:
401, optical line terminal OLT sends data with the time division multiple access multiplex mode to all optical network unit ONU by Optical Distribution Network ODN, and all optical network unit ONU are filtered according to the predefined ID in optical network system inside and received the data that belong to self;
402, all optical network unit ONU are shared the upstream data passage with burst time division multiple access multiplex mode, send upstream data to optical line terminal OLT.
5, the method for isolating rejection service source according to claim 4 is characterized in that: the inner predefined ID of optical network system can be the address in the step 401, also can be the attribute-bit of packet ownership.
6, a kind of passive optical network comprises: can realize the optical line terminal OLT and the optical network unit ONU of data interaction, it is characterized in that, also comprise:
Signal detection module DET is used for the upstream data passage of all optical network unit ONU to optical line terminal OLT detected in real time, and described optical network unit ONU is at least two;
Switch element is used for correspondingly controlling described upstream data passage according to testing result and opens or turn-off.
7, passive optical network according to claim 6 is characterized in that: described switch element comprises control module CON and Executive Module EXE; Described control module CON correspondingly controls Executive Module EXE according to testing result and opens or turn-off described upstream data passage.
8, passive optical network according to claim 7 is characterized in that: described control module CON comprises at least:
Be used for the communication interface modules CI that communicates with optical line terminal OLT and Executive Module EXE;
Be used to receive instruction, and change into the message processing module IP of the instruction that Executive Module EXE can discern from optical line terminal OLT.
9, passive optical network according to claim 8 is characterized in that: described control module CON is positioned at the inside of optical line terminal OLT.
10, according to claim 7 or 8 described passive optical networks, it is characterized in that: described Executive Module EXE is a switch or switch arrays.
11, passive optical network according to claim 6 is characterized in that: described switch element is tunable optical splitter or controllable light switch arrays.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101006519A CN100438434C (en) | 2005-10-20 | 2005-10-20 | Method for isolating rejection service source and its passive optical network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101006519A CN100438434C (en) | 2005-10-20 | 2005-10-20 | Method for isolating rejection service source and its passive optical network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1859164A CN1859164A (en) | 2006-11-08 |
| CN100438434C true CN100438434C (en) | 2008-11-26 |
Family
ID=37298031
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101006519A Active CN100438434C (en) | 2005-10-20 | 2005-10-20 | Method for isolating rejection service source and its passive optical network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100438434C (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192888B (en) * | 2006-11-21 | 2012-01-11 | 中兴通讯股份有限公司 | Method for controlling GPON terminal service |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5548432A (en) * | 1990-10-18 | 1996-08-20 | British Telecommunications Public Limited Company | Passive optical network switchable between an operational mode and a diagnostic mode |
| JP2004032541A (en) * | 2002-06-27 | 2004-01-29 | Mitsubishi Electric Corp | Optical transmitting/receiving device |
| CN1479460A (en) * | 2003-05-29 | 2004-03-03 | 上海交通大学 | Passive optical network protection method |
-
2005
- 2005-10-20 CN CNB2005101006519A patent/CN100438434C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5548432A (en) * | 1990-10-18 | 1996-08-20 | British Telecommunications Public Limited Company | Passive optical network switchable between an operational mode and a diagnostic mode |
| JP2004032541A (en) * | 2002-06-27 | 2004-01-29 | Mitsubishi Electric Corp | Optical transmitting/receiving device |
| CN1479460A (en) * | 2003-05-29 | 2004-03-03 | 上海交通大学 | Passive optical network protection method |
Non-Patent Citations (2)
| Title |
|---|
| EPON的技术难点及解决方案. 高红,石旭刚,林盈盈,陈强.浙江工业大学学报,第33卷第1期. 2005 |
| EPON的技术难点及解决方案. 高红,石旭刚,林盈盈,陈强.浙江工业大学学报,第33卷第1期. 2005 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1859164A (en) | 2006-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2164189B1 (en) | Passive optical network system and fault determination method | |
| EP1802007B1 (en) | A passive optical network maintenance method, an optical network unit and an optical line terminal | |
| EP2683099B1 (en) | Optical network unit detection method and device, and passive optical network system | |
| CN101854566B (en) | Passive optical network protection method and active/standby switch device and system | |
| EP2556680B1 (en) | Method and arrangements for protection in an optical network | |
| US20050158048A1 (en) | Optical line terminal for managing link status of optical network units and gigabit ethernet passive optical network employing same | |
| CN101822070A (en) | Communications network | |
| US8224181B2 (en) | Protection device for removing signal interference in a passive optical network | |
| EP2124357A1 (en) | Method and apparatus for the passive optical network channel protection switch | |
| US6798991B1 (en) | Optical communication systems, optical communication system terminal facilities, optical communication methods, and methods of communicating within an optical network | |
| CN101931460A (en) | Link fault detection method, device and system | |
| CN100417090C (en) | Method and system for positioning DoS attack source | |
| EP0942544B1 (en) | A method to provide a management channel, a line terminator, a first network terminator card and a second network terminator card realizing such a method | |
| CN100438434C (en) | Method for isolating rejection service source and its passive optical network system | |
| CN113395106B (en) | Link protection method and system | |
| KR101310909B1 (en) | Relay apparatus and Method for protecting a path thereof | |
| KR100452887B1 (en) | Protection device and method of Optical network unit in passive optical network | |
| KR20210031239A (en) | System and method for blocking unauthorized line in passive optical network | |
| KR101078054B1 (en) | Optical line termination apparatus and method for control of abnormal optical network unit in TDM PON | |
| Kani et al. | Adaptive optical network unit for point-to-point and point-to-multipoint Gigabit Ethernet-based optical access networks | |
| KR20090132730A (en) | System and method for determining optical fiber failure section |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |