CN108390825A - Multi-area optical network safety light tree method for building up and system based on layering PCE - Google Patents
Multi-area optical network safety light tree method for building up and system based on layering PCE Download PDFInfo
- Publication number
- CN108390825A CN108390825A CN201810072313.6A CN201810072313A CN108390825A CN 108390825 A CN108390825 A CN 108390825A CN 201810072313 A CN201810072313 A CN 201810072313A CN 108390825 A CN108390825 A CN 108390825A
- Authority
- CN
- China
- Prior art keywords
- request
- node
- cpce
- domain
- source node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/16—Multipoint routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/27—Arrangements for networking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/48—Routing tree calculation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0062—Network aspects
- H04Q2011/0073—Provisions for forwarding or routing, e.g. lookup tables
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention discloses a kind of multi-area optical network safety light tree method for building up and system based on layering PCE, for security threat present in multi-area optical network multicast routing protocol, it is theoretical using nested hash chain and trust model, devise corresponding security mechanisms, and process is established with light tree by optimizing original light tree calculating, realize the foundation of multi-area optical network safety light tree;This method, it can be achieved that the calculating and foundation of multi-area optical network safety light tree, and has lower blocking rate and smaller light tree setup delay while ensureing self-security.
Description
Technical field
The present invention relates to a kind of multi-area optical network safety light tree method for building up and system based on layering PCE.
Background technology
Current optical communication technique and the rapid development of real time flow medium multicast application, transmit information in the way of optical network multicast
Become more and more extensive, how to establish and safeguard that the multicast tree that one meets demand for security becomes particularly significant in multi-area optical network
The problem of.
2010, IETF (The Internet Engineering Task Force, Internet engineering task force)
In GMPLS (Generalized Multi- described in RFC (Request For Comments, request for comments document) 5920
Protocol Label Switching, multi-scalar multiplication agreement) multicast procedures in the various security threats that face, propose anti-
Imperial technology and detection and report mechanism, but do not refer to that safety establishes the scheme of multicast tree;It proposes to restore full in the prior art
The method of the light tree of sufficient delay constraint, but do not have safety problem present in related mechanism reply optical network multicast;In addition
Pertinent literature by be based on RSVP-TE (Resource Reservation Protocol-Traffic Engineering,
Logic based MINLP) protocol reliability mechanism concrete analysis, discuss that RSVP-TE agreements may face
Safety problem, and corresponding countermeasure is proposed, but both of the above does not form relevant multicast protocol;Further it is proposed that passing through
Parallel mode create light path method, can the effectively save resource distribution time, but the agreement be unicast protocol, can not achieve peace
The purpose of full multicast.
Invention content
For the above-mentioned prior art the problem of, the present invention propose a kind of multi-area optical network based on layering PCE
Safety light tree method for building up can realize that the safety of multicast tree is established, be showed in terms of blocking rate and light tree setup delay good.
To achieve the goals above, the present invention adopts the following technical scheme that:
A kind of multi-area optical network safety light tree method for building up based on layering PCE, includes the following steps:
Step 1, the source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to source node
The cPCE in place domain, cPCE subpath computing unit;
Step 2, the cPCE in domain where source node, which is received, contributes request R1 and utilizes the two-way authentication based on nested hash chain
Method carries out authentication to the request R1 that contributes, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Source node institute
CPCE in domain, which will contribute, asks R1 to be sent to pPCE, and pPCE is father path computing unit;
Step 3, after the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, using based on nested Hash
The mutual authentication method of chain carries out authentication to the request R1 that contributes, and carries out source to the request R1 that contributes using TCP-AO mechanism and recognize
Card;Optimal be abstracted is calculated using the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief
Multicast tree routing iinformation;Achievement request R1, which forms to contribute with optimal abstract multicast tree routing iinformation, asks R2, pPCE that will contribute
Request R2 is sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Step 4, intra-domain multicast is calculated in the cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through
Set routing iinformation;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain will contribute
Request R3 is sent to pPCE;
Step 5, distribution wavelength is determined;All intra-domain multicast tree routing iinformations obtained in step 4 are combined to be formed sternly
Lattice multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE will contribute and ask R4
It is sent in the cPCE of management source node or branch node;
Step 6, it after the cPCE of the management source node or branch node in step 5 receives achievement request R4, utilizes
TCP-AO mechanism carries out source certification to the request R4 that contributes;The cPCE for managing source node or branch node asks R4 from contributing respectively
Middle to read stringent multicast tree routing iinformation, the source node in domain where managing the cPCE interceptions of source node is between branch node
Routing iinformation, the routing iinformation and distribution wavelength generate the request R5 that contributes, and the cPCE for managing source node sends achievement request R5
To source node;Manage the routing iinformation between the branch node where the cPCE interceptions of branch node in domain, the routing iinformation with
The wavelength of distribution generates the request R5 that contributes, and achievement request R5 is sent to each branch node by the cPCE for managing branch node;
Step 7, it after source node and each branch node receive achievement request R5, is asked using TCP-AO mechanism contributing
R5 carries out source certification, respectively obtains source node to the routing iinformation between branch node and the routing between each branch node and believes
Breath, and obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength
Information forms PATH message, and PATH message is sent to downstream node;
Step 8, after downstream node receives PATH message, judge to distribute wavelength the downstream node and next node it
Between chain road it is whether occupied, if unoccupied, PATH message is passed into next node;If occupied, return to step
5;
Step 9, after all tail nodes in step 8 in transmit process receive PATH message, TCP-AO mechanism pair is utilized
PATH message carries out source certification, generates RESV message, the source node of transmitting path back transfer in step 8 to upstream and each
A branch node, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node;
Step 10, after source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that and disappear
The cPCE in domain where breath is sent to respectively;CPCE will confirm that message is forwarded to pPCE;PPCE acknowledges receipt of all confirmation messages
Afterwards, pPCE sends achievement success message to the cPCE in domain where source node, and the cPCE transmissions in domain where source node, which are contribute, successfully to disappear
It ceases to source node;Source node can start multicast transmission data.
Another aspect of the present invention provide it is a kind of based on layering PCE multi-area optical network safety light tree establish system, packet
Reception achievement is included to ask R1 modules, send request R1 modules of contributing, formation achievement request R2 modules, formed to contribute and ask R3 moulds
Block forms to contribute and R4 modules, formation achievement request R5 modules, PATH message is asked to form module, transmit PATH message modules, life
At RESV message modules and confirmation message generation module, wherein
Request R1 modules of contributing are received, for realizing following functions:
Source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to domain where source node
CPCE;
Request R1 modules of contributing are sent, for realizing following functions:
The cPCE in domain where source node, which is received, to contribute request R1 and utilizes the mutual authentication method pair based on nested hash chain
The request R1 that contributes carries out authentication, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Domain where source node
CPCE, which will contribute, asks R1 to be sent to pPCE;
Request R2 modules of contributing are formed, for realizing following functions:
After the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, pair based on nested hash chain is utilized
Authentication is carried out to the request R1 that contributes to authentication method, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;It adopts
Optimal abstract multicast is calculated with the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief
Set routing iinformation;The request R1 that contributes will contribute with optimal the formation achievement request of abstract multicast tree routing iinformation R2, pPCE to be asked
R2 is sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Request R3 modules of contributing are formed, for realizing following functions:
The routing of intra-domain multicast tree is calculated in cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through
Information;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, asks R3
It is sent to pPCE;
Request R4 modules of contributing are formed, for realizing following functions:
Determine distribution wavelength;Request R3 modules of contributing will be formed, in obtained all intra-domain multicast tree routing iinformation groups
Conjunction forms stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE will be built
Tree request R4 is sent in the cPCE of management source node or branch node;
Request R5 modules of contributing are formed, for realizing following functions:
Formed contribute request R4 moulds it is in the block management source node or branch node cPCE receive achievement request R4 after,
Source certification is carried out to the request R4 that contributes using TCP-AO mechanism;The cPCE of management source node or branch node is asked from achievement respectively
Ask and read stringent multicast tree routing iinformation in R4, manage source node where the cPCE interceptions of source node in domain to branch node it
Between routing iinformation, which generates the request R5 that contributes with distribution wavelength, manages the cPCE of source node and will contribute and asks R5
It is sent to source node;The routing iinformation between branch node in domain where managing the cPCE interceptions of branch node, routing letter
Achievement request R5 is sent to each branch's section by breath and the wavelength of distribution generation achievement request R5, the cPCE for managing branch node
Point;
PATH message forms module, for realizing following functions:
After source node and each branch node receive achievement request R5, the request R5 that contributes is carried out using TCP-AO mechanism
Source certification respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, and
Obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength information shape
It is sent to downstream node at PATH message, and by PATH message;
PATH message modules are transmitted, for realizing following functions:
After downstream node receives PATH message, judge to distribute chain of the wavelength between the downstream node and next node
Whether road is occupied, if unoccupied, PATH message is passed to next node;If occupied, enter to be formed to contribute and ask
Seek R4 modules;
RESV message modules are generated, for realizing following functions:
After all tail nodes in transmission PATH message modules in transmit process receive PATH message, TCP-AO machines are utilized
System carries out source certification to PATH message, generates RESV message, the source node of the transmitting path back transfer in step 8 to upstream
With each branch node, and according to the wavelength of distribution complete adjacent node between chain road wavelength configuration;
Confirmation message generation module, for realizing following functions:
After source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent
To the cPCE in respective place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, pPCE
The cPCE in domain where to source node sends achievement success message, and the cPCE in domain where source node sends achievement success message to source and saves
Point;Source node can start multicast transmission data.
Compared with prior art, the present invention has the following technical effects:, it can be achieved that more while ensureing self-security
The calculating and foundation of domain optical-fiber network safety light tree, and there is lower blocking rate and smaller light tree setup delay.
Explanation and illustration in further detail is made to the solution of the present invention with reference to the accompanying drawings and examples.
Description of the drawings
Fig. 1 is the relational graph of multicast request number and average blocking rate;
Fig. 2 is the relational graph of domain quantity and average blocking rate;
Fig. 3 is the relationship of network load and average light tree settling time;
Fig. 4 is the relationship of network signal number and network operation time.
Specific implementation mode
The multi-area optical network safety light tree method for building up based on layering PCE of the present invention, it is of the invention in source node and purpose
Node in a domain, does not specifically include following steps:
Step 1, the source node in optical-fiber network receives the multicast connects request of customer network, and source node sends request of contributing
R1 to domain where source node cPCE;
Step 2, the cPCE in domain where source node, which is received, contributes request R1 and utilizes the two-way authentication based on nested hash chain
Method carries out authentication to the request R1 that contributes, and carries out source certification, destination node to the request R1 that contributes using TCP-AO mechanism
With source node not in a domain, this request R1 that contributes asks for cross-domain achievement, and the cPCE in domain where source node will contribute and ask
R1 is sent to pPCE;
Step 3, after the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, using based on nested Hash
The mutual authentication method of chain carries out authentication to the request R1 that contributes, and carries out source to the request R1 that contributes using TCP-AO mechanism and recognize
Card;According to domain where domain where source node and destination node, using the multi-area optical network safety based on artificial immunity and degree of belief
Optimal abstract multicast tree routing iinformation is calculated in Multicast Routing computational algorithm;It contributes and asks R1 and optimal abstract multicast tree
Routing iinformation, which forms to contribute, asks R2, and achievement request R2 is sent to the optimal abstract multicast tree routing iinformation by pPCE to be passed through
Domain in cPCE.
Step 4, intra-domain multicast is calculated in the cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through
Set routing iinformation;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain will contribute
Request R3 is sent to pPCE;
Step 5, distribution wavelength is obtained using initial hit algorithm, optionally, can also be used herein it is maximum using algorithm or
Person's minimum obtains distribution wavelength using algorithm;Group in each domain that cPCE in each domain obtained in step 4 is calculated
Tree routing iinformation is broadcast to combine to form stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength, which form to contribute, asks
Seek R4;PPCE, which will contribute, asks R4 to be sent in the cPCE of management source node or branch node;
Step 6, it after the cPCE of the management source node or branch node in step 5 receives achievement request R4, utilizes
TCP-AO mechanism carries out source certification to the request R4 that contributes;
Each cPCE asks to read stringent multicast tree routing iinformation in R4 from contributing, and the cPCE interceptions for managing source node should
For source node in domain where cPCE to the routing iinformation between branch node, which generates request of contributing with distribution wavelength
Achievement request R5 is sent to source node by R5, the cPCE for managing source node;The cPCE of management branch node intercepts the management branch
The wavelength of the routing iinformation between branch node in domain where the cPCE of node, the routing iinformation and distribution generates request of contributing
Achievement request R5 is sent to each branch node by R5, the cPCE for managing branch node.
Step 7, it after source node and each branch node receive achievement request R5, is asked using TCP-AO mechanism contributing
R5 carries out source certification, respectively obtains source node to the routing iinformation between branch node and the routing between each branch node and believes
Breath, and obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength
Information forms PATH message, and PATH message is sent to downstream node.
Step 8, after downstream node receives PATH message, judge the wavelength of distribution in the downstream node and next node
Between chain road it is whether occupied, if unoccupied, PATH message is passed into next node;If occupied, step is returned
Rapid 5.
Step 9, after all tail nodes in step 8 in transmit process receive PATH message, TCP-AO mechanism pair is utilized
PATH message carries out source certification, generates RESV message, the source node of transmitting path back transfer in step 8 to upstream and each
A branch node, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node.
Step 10, after source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that and disappear
The cPCE in domain where breath is sent to;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of whole confirmation messages, say
Bright wavelength resource configuration finishes, and pPCE sends achievement success message to the cPCE in domain where source node, domain where source node
CPCE sends achievement success message to source node;Source node can start multicast transmission data.
Another aspect of the present invention provide it is a kind of based on layering PCE multi-area optical network safety light tree establish system, packet
Reception achievement is included to ask R1 modules, send request R1 modules of contributing, formation achievement request R2 modules, formed to contribute and ask R3 moulds
Block forms to contribute and R4 modules, formation achievement request R5 modules, PATH message is asked to form module, transmit PATH message modules, life
At RESV message modules and confirmation message generation module, wherein
Request R1 modules of contributing are received, for realizing following functions:
Source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to domain where source node
CPCE;
Request R1 modules of contributing are sent, for realizing following functions:
The cPCE in domain where source node, which is received, to contribute request R1 and utilizes the mutual authentication method pair based on nested hash chain
The request R1 that contributes carries out authentication, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Domain where source node
CPCE, which will contribute, asks R1 to be sent to pPCE;
Request R2 modules of contributing are formed, for realizing following functions:
After the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, pair based on nested hash chain is utilized
Authentication is carried out to the request R1 that contributes to authentication method, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;It adopts
Optimal abstract multicast is calculated with the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief
Set routing iinformation;The request R1 that contributes will contribute with optimal the formation achievement request of abstract multicast tree routing iinformation R2, pPCE to be asked
R2 is sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Request R3 modules of contributing are formed, for realizing following functions:
The routing of intra-domain multicast tree is calculated in cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through
Information;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, asks R3
It is sent to pPCE;
Request R4 modules of contributing are formed, for realizing following functions:
Determine distribution wavelength;Request R3 modules of contributing will be formed, in obtained all intra-domain multicast tree routing iinformation groups
Conjunction forms stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE will be built
Tree request R4 is sent in the cPCE of management source node or branch node;
Request R5 modules of contributing are formed, for realizing following functions:
Formed contribute request R4 moulds it is in the block management source node or branch node cPCE receive achievement request R4 after,
Source certification is carried out to the request R4 that contributes using TCP-AO mechanism;The cPCE of management source node or branch node is asked from achievement respectively
Ask and read stringent multicast tree routing iinformation in R4, manage source node where the cPCE interceptions of source node in domain to branch node it
Between routing iinformation, which generates the request R5 that contributes with distribution wavelength, manages the cPCE of source node and will contribute and asks R5
It is sent to source node;The routing iinformation between branch node in domain where managing the cPCE interceptions of branch node, routing letter
Achievement request R5 is sent to each branch's section by breath and the wavelength of distribution generation achievement request R5, the cPCE for managing branch node
Point;
PATH message forms module, for realizing following functions:
After source node and each branch node receive achievement request R5, the request R5 that contributes is carried out using TCP-AO mechanism
Source certification respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, and
Obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength information shape
It is sent to downstream node at PATH message, and by PATH message;
PATH message modules are transmitted, for realizing following functions:
After downstream node receives PATH message, judge to distribute chain of the wavelength between the downstream node and next node
Whether road is occupied, if unoccupied, PATH message is passed to next node;If occupied, enter to be formed to contribute and ask
Seek R4 modules;
RESV message modules are generated, for realizing following functions:
After all tail nodes in transmission PATH message modules in transmit process receive PATH message, TCP-AO machines are utilized
System carries out source certification to PATH message, generates RESV message, the source node of the transmitting path back transfer in step 8 to upstream
With each branch node, and according to the wavelength of distribution complete adjacent node between chain road wavelength configuration;
Confirmation message generation module, for realizing following functions:
After source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent
To the cPCE in respective place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, pPCE
The cPCE in domain where to source node sends achievement success message, and the cPCE in domain where source node sends achievement success message to source and saves
Point;Source node can start multicast transmission data.
Embodiment
The present invention is effective using the multi-area optical network analogue system SSANS verifications (PB-PCE) of the invention based on NS-2
Property.The light path request of the present invention is generated with Poisson distribution, and the Connection Time meets exponential distribution;Network load unit is Erl
(Erlang);W wavelength is set, and the bandwidth of wavelength is 2.5Gbps;Be arranged account for total quantity be 5% malicious node carry out at random
Attack.Simulation result is as follows:
(1) blocking rate is connected
Fig. 1 is the emulation experiment carried out in the case where domain quantity is 10, gives blocking rate with multicast request quantity
It influences;Fig. 2 is the emulation experiment carried out in the case where network load is 100Erlang, gives domain quantity to average connection
The influence of blocking rate.
The emulation experiment of analysis chart 1 it is found that in the case where optical-fiber network number of wavelengths W is respectively set to 10,15,20, with
The increase of multicast request quantity, connection blocking rate are all obviously rising, and after wavelength number increase, connection blocking rate has significantly
Improve.
The emulation experiment of analysis chart 2 can obtain following as a result, being respectively set to 10,15,20 in optical-fiber network number of wavelengths W
In the case of, when domain quantity increases, connection blocking rate increases more steady.This is because using parallel branch in the present invention
Achievement mode carries out the foundation of multicast tree, effectively reduces the resource contention that wavelength contention is brought, and apply multiple safe mechanism
Malicious act has been sanctioned, the efficiency of connection can be improved.After number of wavelengths increase, connection blocking rate is declined.
(2) multicast tree settling time
Under conditions of number of wavelengths is 10, situation is influenced by network load to the time delay that light tree is established and is emulated.
Fig. 3 gives influence of the network load to average light tree settling time.
The simulation result of analysis chart 3 can obtain, and in the case that quantity D is respectively set to 5,10,15 in domain, work as optical-fiber network
Load increase when, load it is small when increase it is more slow, start when high load is run linearly increasing.This is because
Branch parallel achievement method is used in the method for the present invention, when the increase of low-load time domain quantity will not cause light tree to be established
Between dramatically increase;And in the situation of load too high, business operation and the achievement request message number such as routing and Wavelength Assignment
It has exceeded the bearing capacity of PCE, and quickly increases since resource anxiety that size of message increase is brought will also result in light tree settling time;
But due to safe wavelength distribution mechanism can reasonable distribution resource effectively avoid Wavelength conflict, light tree setup delay is still acceptable
In range.
(3) Message Payload
In domain, quantity is 10, and number of wavelengths is emulated under conditions of being 10, and Fig. 4 gives the signaling number network operation time
Relationship.
Figure 4, it is seen that in the case where network load L is respectively set to 50Erl 100Erl, when optical-fiber network
When domain quantity increases, signaling number is linear at any time to be increased.But when load is 150Erl, optical-fiber network wavelength resource is tight
, it needs to send out the multiple modules mitigation whole network pressure of a large amount of signalings calling, therefore signaling sum increases when loading 150Erl
It is long very fast, but still optical-fiber network can be in tolerance range.
Claims (2)
1. a kind of multi-area optical network safety light tree method for building up based on layering PCE, which is characterized in that include the following steps:
Step 1, the source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to source node place
The cPCE in domain;
Step 2, the cPCE in domain where source node, which is received, contributes request R1 and utilizes the mutual authentication method based on nested hash chain
Authentication is carried out to the request R1 that contributes, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;Domain where source node
CPCE by contribute request R1 be sent to pPCE;
Step 3, after the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, using based on nested hash chain
Mutual authentication method carries out authentication to the request R1 that contributes, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;
Optimal abstraction set is calculated using the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief
Broadcast tree routing iinformation;Achievement request R1, which forms to contribute with optimal abstract multicast tree routing iinformation, asks R2, pPCE to ask achievement
R2 is asked to be sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Step 4, intra-domain multicast tree road is calculated in the cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through
By information;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, to be asked
R3 is sent to pPCE;
Step 5, distribution wavelength is determined;All intra-domain multicast tree routing iinformations obtained in step 4 are combined to form stringent group
Broadcast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE, which will contribute, asks R4 to send
To in the cPCE of management source node or branch node;
Step 6, after the cPCE of the management source node or branch node in step 5 receives achievement request R4, TCP-AO is utilized
Mechanism carries out source certification to the request R4 that contributes;The cPCE of management source node or branch node asks to read in R4 from contributing respectively
Stringent multicast tree routing iinformation, source node to the routing between branch node managed in the cPCE interceptions place domain of source node are believed
Breath, the routing iinformation and distribution wavelength generate the request R5 that contributes, and achievement request R5 is sent to source section by the cPCE for managing source node
Point;The routing iinformation between branch node in domain where managing the cPCE interceptions of branch node, the routing iinformation and distribution
Wavelength generates the request R5 that contributes, and achievement request R5 is sent to each branch node by the cPCE for managing branch node;
Step 7, source node and each branch node receive achievement request R5 after, using TCP-AO mechanism to contribute request R5 into
The certification of row source, respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node,
And obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength information
PATH message is formed, and PATH message is sent to downstream node;
Step 8, after downstream node receives PATH message, judge to distribute wavelength between the downstream node and next node
Whether chain road is occupied, if unoccupied, PATH message is passed to next node;If occupied, return to step 5;
Step 9, after all tail nodes in step 8 in transmit process receive PATH message, using TCP-AO mechanism to PATH
Message carries out source certification, generates RESV message, the transmitting path back transfer in step 8 to the source node of upstream and each point
Zhi Jiedian, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node;
Step 10, after source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent out
It send to the cPCE in respective place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages,
PPCE sends achievement success message to the cPCE in domain where source node, and the cPCE in domain sends achievement success message extremely where source node
Source node;Source node can start multicast transmission data.
2. a kind of multi-area optical network safety light tree based on layering PCE establishes system, which is characterized in that including receiving request of contributing
R1 modules send request R1 modules of contributing, form request R2 modules of contributing, form request R3 modules of contributing, form request of contributing
R4 modules form request R5 modules of contributing, PATH message formation module, transmission PATH message modules, generate RESV message modules
With confirmation message generation module, wherein
Request R1 modules of contributing are received, for realizing following functions:
Source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to domain where source node
cPCE;
Request R1 modules of contributing are sent, for realizing following functions:
The cPCE in domain where source node, which receives to contribute, asks R1 and using the mutual authentication method based on nested hash chain to contributing
It asks R1 to carry out authentication, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;The cPCE in domain where source node
The request R1 that will contribute is sent to pPCE;
Request R2 modules of contributing are formed, for realizing following functions:
After the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, recognize using based on the two-way of nested hash chain
Card method carries out authentication to the request R1 that contributes, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Using base
Optimal abstract multicast tree road is calculated in the multi-area optical network safe multicasting router-level topology algorithm of artificial immunity and degree of belief
By information;It contributes and asks R1 and optimal abstract multicast tree routing iinformation formation achievement request R2, pPCE by achievement request R2 hairs
The cPCE being sent in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Request R3 modules of contributing are formed, for realizing following functions:
Intra-domain multicast tree routing iinformation is calculated in cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through;
Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, asks R3 to be sent to
pPCE;
Request R4 modules of contributing are formed, for realizing following functions:
Determine distribution wavelength;Request R3 modules of contributing will be formed, in obtained all intra-domain multicast tree routing iinformations combine shapes
At stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE asks achievement
R4 is asked to be sent in the cPCE of management source node or branch node;
Request R5 modules of contributing are formed, for realizing following functions:
Formed contribute request R4 moulds it is in the block management source node or branch node cPCE receive achievement request R4 after, utilize
TCP-AO mechanism carries out source certification to the request R4 that contributes;The cPCE for managing source node or branch node asks R4 from contributing respectively
Middle to read stringent multicast tree routing iinformation, the source node in domain where managing the cPCE interceptions of source node is between branch node
Routing iinformation, the routing iinformation and distribution wavelength generate the request R5 that contributes, and the cPCE for managing source node sends achievement request R5
To source node;Manage the routing iinformation between the branch node where the cPCE interceptions of branch node in domain, the routing iinformation with
The wavelength of distribution generates the request R5 that contributes, and achievement request R5 is sent to each branch node by the cPCE for managing branch node;
PATH message forms module, for realizing following functions:
After source node and each branch node receive achievement request R5, source is carried out to the request R5 that contributes using TCP-AO mechanism and is recognized
Card, respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, and
To distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively form routing iinformation and wavelength information
PATH message, and PATH message is sent to downstream node;
PATH message modules are transmitted, for realizing following functions:
After downstream node receives PATH message, judge to distribute wavelength on the chain road between the downstream node and next node
It is whether occupied, if unoccupied, PATH message is passed into next node;If occupied, enter and form the request R4 that contributes
Module;
RESV message modules are generated, for realizing following functions:
After all tail nodes in transmission PATH message modules in transmit process receive PATH message, TCP-AO mechanism pair is utilized
PATH message carries out source certification, generates RESV message, the source node of transmitting path back transfer in step 8 to upstream and each
A branch node, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node;
Confirmation message generation module, for realizing following functions:
After source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent to respectively
CPCE from place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, pPCE is to source
The cPCE in domain where node sends achievement success message, and the cPCE in domain where source node sends achievement success message to source node;
Source node can start multicast transmission data.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810008698 | 2018-01-04 | ||
CN201810008698X | 2018-01-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108390825A true CN108390825A (en) | 2018-08-10 |
CN108390825B CN108390825B (en) | 2020-10-16 |
Family
ID=63076548
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810072313.6A Active CN108390825B (en) | 2018-01-04 | 2018-01-25 | Multi-domain optical network security optical tree establishment method and system based on layered PCE |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108390825B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110120836A (en) * | 2019-03-26 | 2019-08-13 | 中国人民武装警察部队工程大学 | A kind of multi-area optical network crosstalk attack detecting node is determining and localization method |
CN111030933A (en) * | 2019-11-22 | 2020-04-17 | 中国人民武装警察部队工程大学 | Multi-domain optical network secure multicast routing method based on distributed PCE |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1773947A (en) * | 2004-11-09 | 2006-05-17 | 中兴通讯股份有限公司 | Method for realizing optical group broadcasting in intelligent optical network |
CN102447674A (en) * | 2010-10-08 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for security negotiation |
CN103259768A (en) * | 2012-02-17 | 2013-08-21 | 中兴通讯股份有限公司 | Method, system and device of message authentication |
CN104579946A (en) * | 2013-10-21 | 2015-04-29 | 华为技术有限公司 | Method for determining path calculation unit and communication device |
CN106169996A (en) * | 2016-07-04 | 2016-11-30 | 中国人民武装警察部队工程大学 | Multi-area optical network key management method based on key hypergraph and identification cipher |
CN106851441A (en) * | 2017-01-13 | 2017-06-13 | 中国人民武装警察部队工程大学 | The safe light path of multi-area optical network based on layering PCE sets up agreement |
US20170295089A1 (en) * | 2014-09-05 | 2017-10-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Explicit control of aggregation links via is-is |
-
2018
- 2018-01-25 CN CN201810072313.6A patent/CN108390825B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1773947A (en) * | 2004-11-09 | 2006-05-17 | 中兴通讯股份有限公司 | Method for realizing optical group broadcasting in intelligent optical network |
CN102447674A (en) * | 2010-10-08 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for security negotiation |
CN103259768A (en) * | 2012-02-17 | 2013-08-21 | 中兴通讯股份有限公司 | Method, system and device of message authentication |
CN104579946A (en) * | 2013-10-21 | 2015-04-29 | 华为技术有限公司 | Method for determining path calculation unit and communication device |
US20170295089A1 (en) * | 2014-09-05 | 2017-10-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Explicit control of aggregation links via is-is |
CN106169996A (en) * | 2016-07-04 | 2016-11-30 | 中国人民武装警察部队工程大学 | Multi-area optical network key management method based on key hypergraph and identification cipher |
CN106851441A (en) * | 2017-01-13 | 2017-06-13 | 中国人民武装警察部队工程大学 | The safe light path of multi-area optical network based on layering PCE sets up agreement |
Non-Patent Citations (2)
Title |
---|
HIROSHI MATSUURA ET AL.: "Hierarchically Distributed PCE for Flexible Multicast Traffic Engineering", 《IEEE:GLOCOM》 * |
耿新元: "基于人工免疫与信任度的多域光网络安全组播路由算法", 《科学技术与工程》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110120836A (en) * | 2019-03-26 | 2019-08-13 | 中国人民武装警察部队工程大学 | A kind of multi-area optical network crosstalk attack detecting node is determining and localization method |
CN111030933A (en) * | 2019-11-22 | 2020-04-17 | 中国人民武装警察部队工程大学 | Multi-domain optical network secure multicast routing method based on distributed PCE |
CN111030933B (en) * | 2019-11-22 | 2021-11-02 | 中国人民武装警察部队工程大学 | Multi-domain optical network secure multicast routing method based on distributed PCE |
Also Published As
Publication number | Publication date |
---|---|
CN108390825B (en) | 2020-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Liu et al. | Field trial of an OpenFlow-based unified control plane for multilayer multigranularity optical switching networks | |
CN111371905B (en) | Block chain layering consensus proving system and method based on cloud computing | |
CN109711192B (en) | Method and system for inter-node transaction of block chain system | |
Ahmed et al. | Efficient inter-thread scheduling scheme for long-reach passive optical networks | |
CN108390825A (en) | Multi-area optical network safety light tree method for building up and system based on layering PCE | |
Shacham et al. | An experimental validation of a wavelength-striped, packet switched, optical interconnection network | |
Cai et al. | SD‐MAC: Design and evaluation of a software‐defined passive optical intrarack network in data centers | |
CN114844902A (en) | SDN controller and equipment interaction method based on block chain technology | |
CN101616340B (en) | Secure lightpath establishment method based on automatically switching optical network (ASON) | |
Balamurugan et al. | Optical burst switching issues and its features | |
CN110299939A (en) | Shared guard method and device towards time division multiplexing QKD optical-fiber network | |
Lv et al. | Study on the solutions to heterogeneous onu propagation delays for energy-efficient and low-latency EPONs | |
Tariq et al. | Performance evaluation of MPTCP over optical burst switching in data centers | |
Ahmed et al. | Concurrent processing of multiple LSP request bundles on a PCE in a WDM network | |
Li et al. | Towards low-latency distributed tasks collaboration by joint optimization of transmission, computation and storage resources allocation in edge computing | |
Li et al. | Experiment of Extended Segment Routing Enabled Fast End-to-End Service Provisioning in Multi-Domain for the Fifth Generation Fixed Network (F5G) | |
CN110443616A (en) | Byzantine failure tolerance common recognition method based on random thresholding signature mechanism | |
Luo et al. | Security Signaling Optimization in Optical Network for Smart Power Station | |
Li et al. | A cost and load balancing based FiWi network ONU planning method for multimedia services | |
Gumaste et al. | Multihop light-trails (MLT)-a solution to extended metro networks | |
CN114501440B (en) | Authentication key protocol for block chain application at edge of wireless sensor network | |
Wang et al. | Trust based partially distributed key management scheme for aeronautical ad hoc networks | |
Tasneem et al. | Improving QoS of Peer to Peer Multimedia Services by Employing Multiple Upstream Wavelengths in EPON | |
CN111030934B (en) | Multi-domain optical network security optical tree establishment system and method based on distributed PCE | |
CN101605279A (en) | A kind of shortest path of double layers implementation method based on cluster computing unit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |