CN108390825A - Multi-area optical network safety light tree method for building up and system based on layering PCE - Google Patents

Multi-area optical network safety light tree method for building up and system based on layering PCE Download PDF

Info

Publication number
CN108390825A
CN108390825A CN201810072313.6A CN201810072313A CN108390825A CN 108390825 A CN108390825 A CN 108390825A CN 201810072313 A CN201810072313 A CN 201810072313A CN 108390825 A CN108390825 A CN 108390825A
Authority
CN
China
Prior art keywords
request
node
cpce
domain
source node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810072313.6A
Other languages
Chinese (zh)
Other versions
CN108390825B (en
Inventor
吴启武
姜灵芝
耿新元
李芳�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Publication of CN108390825A publication Critical patent/CN108390825A/en
Application granted granted Critical
Publication of CN108390825B publication Critical patent/CN108390825B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/27Arrangements for networking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/48Routing tree calculation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects
    • H04Q2011/0073Provisions for forwarding or routing, e.g. lookup tables

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention discloses a kind of multi-area optical network safety light tree method for building up and system based on layering PCE, for security threat present in multi-area optical network multicast routing protocol, it is theoretical using nested hash chain and trust model, devise corresponding security mechanisms, and process is established with light tree by optimizing original light tree calculating, realize the foundation of multi-area optical network safety light tree;This method, it can be achieved that the calculating and foundation of multi-area optical network safety light tree, and has lower blocking rate and smaller light tree setup delay while ensureing self-security.

Description

Multi-area optical network safety light tree method for building up and system based on layering PCE
Technical field
The present invention relates to a kind of multi-area optical network safety light tree method for building up and system based on layering PCE.
Background technology
Current optical communication technique and the rapid development of real time flow medium multicast application, transmit information in the way of optical network multicast Become more and more extensive, how to establish and safeguard that the multicast tree that one meets demand for security becomes particularly significant in multi-area optical network The problem of.
2010, IETF (The Internet Engineering Task Force, Internet engineering task force) In GMPLS (Generalized Multi- described in RFC (Request For Comments, request for comments document) 5920 Protocol Label Switching, multi-scalar multiplication agreement) multicast procedures in the various security threats that face, propose anti- Imperial technology and detection and report mechanism, but do not refer to that safety establishes the scheme of multicast tree;It proposes to restore full in the prior art The method of the light tree of sufficient delay constraint, but do not have safety problem present in related mechanism reply optical network multicast;In addition Pertinent literature by be based on RSVP-TE (Resource Reservation Protocol-Traffic Engineering, Logic based MINLP) protocol reliability mechanism concrete analysis, discuss that RSVP-TE agreements may face Safety problem, and corresponding countermeasure is proposed, but both of the above does not form relevant multicast protocol;Further it is proposed that passing through Parallel mode create light path method, can the effectively save resource distribution time, but the agreement be unicast protocol, can not achieve peace The purpose of full multicast.
Invention content
For the above-mentioned prior art the problem of, the present invention propose a kind of multi-area optical network based on layering PCE Safety light tree method for building up can realize that the safety of multicast tree is established, be showed in terms of blocking rate and light tree setup delay good.
To achieve the goals above, the present invention adopts the following technical scheme that:
A kind of multi-area optical network safety light tree method for building up based on layering PCE, includes the following steps:
Step 1, the source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to source node The cPCE in place domain, cPCE subpath computing unit;
Step 2, the cPCE in domain where source node, which is received, contributes request R1 and utilizes the two-way authentication based on nested hash chain Method carries out authentication to the request R1 that contributes, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Source node institute CPCE in domain, which will contribute, asks R1 to be sent to pPCE, and pPCE is father path computing unit;
Step 3, after the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, using based on nested Hash The mutual authentication method of chain carries out authentication to the request R1 that contributes, and carries out source to the request R1 that contributes using TCP-AO mechanism and recognize Card;Optimal be abstracted is calculated using the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief Multicast tree routing iinformation;Achievement request R1, which forms to contribute with optimal abstract multicast tree routing iinformation, asks R2, pPCE that will contribute Request R2 is sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Step 4, intra-domain multicast is calculated in the cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through Set routing iinformation;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain will contribute Request R3 is sent to pPCE;
Step 5, distribution wavelength is determined;All intra-domain multicast tree routing iinformations obtained in step 4 are combined to be formed sternly Lattice multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE will contribute and ask R4 It is sent in the cPCE of management source node or branch node;
Step 6, it after the cPCE of the management source node or branch node in step 5 receives achievement request R4, utilizes TCP-AO mechanism carries out source certification to the request R4 that contributes;The cPCE for managing source node or branch node asks R4 from contributing respectively Middle to read stringent multicast tree routing iinformation, the source node in domain where managing the cPCE interceptions of source node is between branch node Routing iinformation, the routing iinformation and distribution wavelength generate the request R5 that contributes, and the cPCE for managing source node sends achievement request R5 To source node;Manage the routing iinformation between the branch node where the cPCE interceptions of branch node in domain, the routing iinformation with The wavelength of distribution generates the request R5 that contributes, and achievement request R5 is sent to each branch node by the cPCE for managing branch node;
Step 7, it after source node and each branch node receive achievement request R5, is asked using TCP-AO mechanism contributing R5 carries out source certification, respectively obtains source node to the routing iinformation between branch node and the routing between each branch node and believes Breath, and obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength Information forms PATH message, and PATH message is sent to downstream node;
Step 8, after downstream node receives PATH message, judge to distribute wavelength the downstream node and next node it Between chain road it is whether occupied, if unoccupied, PATH message is passed into next node;If occupied, return to step 5;
Step 9, after all tail nodes in step 8 in transmit process receive PATH message, TCP-AO mechanism pair is utilized PATH message carries out source certification, generates RESV message, the source node of transmitting path back transfer in step 8 to upstream and each A branch node, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node;
Step 10, after source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that and disappear The cPCE in domain where breath is sent to respectively;CPCE will confirm that message is forwarded to pPCE;PPCE acknowledges receipt of all confirmation messages Afterwards, pPCE sends achievement success message to the cPCE in domain where source node, and the cPCE transmissions in domain where source node, which are contribute, successfully to disappear It ceases to source node;Source node can start multicast transmission data.
Another aspect of the present invention provide it is a kind of based on layering PCE multi-area optical network safety light tree establish system, packet Reception achievement is included to ask R1 modules, send request R1 modules of contributing, formation achievement request R2 modules, formed to contribute and ask R3 moulds Block forms to contribute and R4 modules, formation achievement request R5 modules, PATH message is asked to form module, transmit PATH message modules, life At RESV message modules and confirmation message generation module, wherein
Request R1 modules of contributing are received, for realizing following functions:
Source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to domain where source node CPCE;
Request R1 modules of contributing are sent, for realizing following functions:
The cPCE in domain where source node, which is received, to contribute request R1 and utilizes the mutual authentication method pair based on nested hash chain The request R1 that contributes carries out authentication, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Domain where source node CPCE, which will contribute, asks R1 to be sent to pPCE;
Request R2 modules of contributing are formed, for realizing following functions:
After the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, pair based on nested hash chain is utilized Authentication is carried out to the request R1 that contributes to authentication method, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;It adopts Optimal abstract multicast is calculated with the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief Set routing iinformation;The request R1 that contributes will contribute with optimal the formation achievement request of abstract multicast tree routing iinformation R2, pPCE to be asked R2 is sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Request R3 modules of contributing are formed, for realizing following functions:
The routing of intra-domain multicast tree is calculated in cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through Information;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, asks R3 It is sent to pPCE;
Request R4 modules of contributing are formed, for realizing following functions:
Determine distribution wavelength;Request R3 modules of contributing will be formed, in obtained all intra-domain multicast tree routing iinformation groups Conjunction forms stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE will be built Tree request R4 is sent in the cPCE of management source node or branch node;
Request R5 modules of contributing are formed, for realizing following functions:
Formed contribute request R4 moulds it is in the block management source node or branch node cPCE receive achievement request R4 after, Source certification is carried out to the request R4 that contributes using TCP-AO mechanism;The cPCE of management source node or branch node is asked from achievement respectively Ask and read stringent multicast tree routing iinformation in R4, manage source node where the cPCE interceptions of source node in domain to branch node it Between routing iinformation, which generates the request R5 that contributes with distribution wavelength, manages the cPCE of source node and will contribute and asks R5 It is sent to source node;The routing iinformation between branch node in domain where managing the cPCE interceptions of branch node, routing letter Achievement request R5 is sent to each branch's section by breath and the wavelength of distribution generation achievement request R5, the cPCE for managing branch node Point;
PATH message forms module, for realizing following functions:
After source node and each branch node receive achievement request R5, the request R5 that contributes is carried out using TCP-AO mechanism Source certification respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, and Obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength information shape It is sent to downstream node at PATH message, and by PATH message;
PATH message modules are transmitted, for realizing following functions:
After downstream node receives PATH message, judge to distribute chain of the wavelength between the downstream node and next node Whether road is occupied, if unoccupied, PATH message is passed to next node;If occupied, enter to be formed to contribute and ask Seek R4 modules;
RESV message modules are generated, for realizing following functions:
After all tail nodes in transmission PATH message modules in transmit process receive PATH message, TCP-AO machines are utilized System carries out source certification to PATH message, generates RESV message, the source node of the transmitting path back transfer in step 8 to upstream With each branch node, and according to the wavelength of distribution complete adjacent node between chain road wavelength configuration;
Confirmation message generation module, for realizing following functions:
After source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent To the cPCE in respective place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, pPCE The cPCE in domain where to source node sends achievement success message, and the cPCE in domain where source node sends achievement success message to source and saves Point;Source node can start multicast transmission data.
Compared with prior art, the present invention has the following technical effects:, it can be achieved that more while ensureing self-security The calculating and foundation of domain optical-fiber network safety light tree, and there is lower blocking rate and smaller light tree setup delay.
Explanation and illustration in further detail is made to the solution of the present invention with reference to the accompanying drawings and examples.
Description of the drawings
Fig. 1 is the relational graph of multicast request number and average blocking rate;
Fig. 2 is the relational graph of domain quantity and average blocking rate;
Fig. 3 is the relationship of network load and average light tree settling time;
Fig. 4 is the relationship of network signal number and network operation time.
Specific implementation mode
The multi-area optical network safety light tree method for building up based on layering PCE of the present invention, it is of the invention in source node and purpose Node in a domain, does not specifically include following steps:
Step 1, the source node in optical-fiber network receives the multicast connects request of customer network, and source node sends request of contributing R1 to domain where source node cPCE;
Step 2, the cPCE in domain where source node, which is received, contributes request R1 and utilizes the two-way authentication based on nested hash chain Method carries out authentication to the request R1 that contributes, and carries out source certification, destination node to the request R1 that contributes using TCP-AO mechanism With source node not in a domain, this request R1 that contributes asks for cross-domain achievement, and the cPCE in domain where source node will contribute and ask R1 is sent to pPCE;
Step 3, after the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, using based on nested Hash The mutual authentication method of chain carries out authentication to the request R1 that contributes, and carries out source to the request R1 that contributes using TCP-AO mechanism and recognize Card;According to domain where domain where source node and destination node, using the multi-area optical network safety based on artificial immunity and degree of belief Optimal abstract multicast tree routing iinformation is calculated in Multicast Routing computational algorithm;It contributes and asks R1 and optimal abstract multicast tree Routing iinformation, which forms to contribute, asks R2, and achievement request R2 is sent to the optimal abstract multicast tree routing iinformation by pPCE to be passed through Domain in cPCE.
Step 4, intra-domain multicast is calculated in the cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through Set routing iinformation;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain will contribute Request R3 is sent to pPCE;
Step 5, distribution wavelength is obtained using initial hit algorithm, optionally, can also be used herein it is maximum using algorithm or Person's minimum obtains distribution wavelength using algorithm;Group in each domain that cPCE in each domain obtained in step 4 is calculated Tree routing iinformation is broadcast to combine to form stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength, which form to contribute, asks Seek R4;PPCE, which will contribute, asks R4 to be sent in the cPCE of management source node or branch node;
Step 6, it after the cPCE of the management source node or branch node in step 5 receives achievement request R4, utilizes TCP-AO mechanism carries out source certification to the request R4 that contributes;
Each cPCE asks to read stringent multicast tree routing iinformation in R4 from contributing, and the cPCE interceptions for managing source node should For source node in domain where cPCE to the routing iinformation between branch node, which generates request of contributing with distribution wavelength Achievement request R5 is sent to source node by R5, the cPCE for managing source node;The cPCE of management branch node intercepts the management branch The wavelength of the routing iinformation between branch node in domain where the cPCE of node, the routing iinformation and distribution generates request of contributing Achievement request R5 is sent to each branch node by R5, the cPCE for managing branch node.
Step 7, it after source node and each branch node receive achievement request R5, is asked using TCP-AO mechanism contributing R5 carries out source certification, respectively obtains source node to the routing iinformation between branch node and the routing between each branch node and believes Breath, and obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength Information forms PATH message, and PATH message is sent to downstream node.
Step 8, after downstream node receives PATH message, judge the wavelength of distribution in the downstream node and next node Between chain road it is whether occupied, if unoccupied, PATH message is passed into next node;If occupied, step is returned Rapid 5.
Step 9, after all tail nodes in step 8 in transmit process receive PATH message, TCP-AO mechanism pair is utilized PATH message carries out source certification, generates RESV message, the source node of transmitting path back transfer in step 8 to upstream and each A branch node, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node.
Step 10, after source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that and disappear The cPCE in domain where breath is sent to;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of whole confirmation messages, say Bright wavelength resource configuration finishes, and pPCE sends achievement success message to the cPCE in domain where source node, domain where source node CPCE sends achievement success message to source node;Source node can start multicast transmission data.
Another aspect of the present invention provide it is a kind of based on layering PCE multi-area optical network safety light tree establish system, packet Reception achievement is included to ask R1 modules, send request R1 modules of contributing, formation achievement request R2 modules, formed to contribute and ask R3 moulds Block forms to contribute and R4 modules, formation achievement request R5 modules, PATH message is asked to form module, transmit PATH message modules, life At RESV message modules and confirmation message generation module, wherein
Request R1 modules of contributing are received, for realizing following functions:
Source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to domain where source node CPCE;
Request R1 modules of contributing are sent, for realizing following functions:
The cPCE in domain where source node, which is received, to contribute request R1 and utilizes the mutual authentication method pair based on nested hash chain The request R1 that contributes carries out authentication, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Domain where source node CPCE, which will contribute, asks R1 to be sent to pPCE;
Request R2 modules of contributing are formed, for realizing following functions:
After the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, pair based on nested hash chain is utilized Authentication is carried out to the request R1 that contributes to authentication method, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;It adopts Optimal abstract multicast is calculated with the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief Set routing iinformation;The request R1 that contributes will contribute with optimal the formation achievement request of abstract multicast tree routing iinformation R2, pPCE to be asked R2 is sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Request R3 modules of contributing are formed, for realizing following functions:
The routing of intra-domain multicast tree is calculated in cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through Information;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, asks R3 It is sent to pPCE;
Request R4 modules of contributing are formed, for realizing following functions:
Determine distribution wavelength;Request R3 modules of contributing will be formed, in obtained all intra-domain multicast tree routing iinformation groups Conjunction forms stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE will be built Tree request R4 is sent in the cPCE of management source node or branch node;
Request R5 modules of contributing are formed, for realizing following functions:
Formed contribute request R4 moulds it is in the block management source node or branch node cPCE receive achievement request R4 after, Source certification is carried out to the request R4 that contributes using TCP-AO mechanism;The cPCE of management source node or branch node is asked from achievement respectively Ask and read stringent multicast tree routing iinformation in R4, manage source node where the cPCE interceptions of source node in domain to branch node it Between routing iinformation, which generates the request R5 that contributes with distribution wavelength, manages the cPCE of source node and will contribute and asks R5 It is sent to source node;The routing iinformation between branch node in domain where managing the cPCE interceptions of branch node, routing letter Achievement request R5 is sent to each branch's section by breath and the wavelength of distribution generation achievement request R5, the cPCE for managing branch node Point;
PATH message forms module, for realizing following functions:
After source node and each branch node receive achievement request R5, the request R5 that contributes is carried out using TCP-AO mechanism Source certification respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, and Obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength information shape It is sent to downstream node at PATH message, and by PATH message;
PATH message modules are transmitted, for realizing following functions:
After downstream node receives PATH message, judge to distribute chain of the wavelength between the downstream node and next node Whether road is occupied, if unoccupied, PATH message is passed to next node;If occupied, enter to be formed to contribute and ask Seek R4 modules;
RESV message modules are generated, for realizing following functions:
After all tail nodes in transmission PATH message modules in transmit process receive PATH message, TCP-AO machines are utilized System carries out source certification to PATH message, generates RESV message, the source node of the transmitting path back transfer in step 8 to upstream With each branch node, and according to the wavelength of distribution complete adjacent node between chain road wavelength configuration;
Confirmation message generation module, for realizing following functions:
After source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent To the cPCE in respective place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, pPCE The cPCE in domain where to source node sends achievement success message, and the cPCE in domain where source node sends achievement success message to source and saves Point;Source node can start multicast transmission data.
Embodiment
The present invention is effective using the multi-area optical network analogue system SSANS verifications (PB-PCE) of the invention based on NS-2 Property.The light path request of the present invention is generated with Poisson distribution, and the Connection Time meets exponential distribution;Network load unit is Erl (Erlang);W wavelength is set, and the bandwidth of wavelength is 2.5Gbps;Be arranged account for total quantity be 5% malicious node carry out at random Attack.Simulation result is as follows:
(1) blocking rate is connected
Fig. 1 is the emulation experiment carried out in the case where domain quantity is 10, gives blocking rate with multicast request quantity It influences;Fig. 2 is the emulation experiment carried out in the case where network load is 100Erlang, gives domain quantity to average connection The influence of blocking rate.
The emulation experiment of analysis chart 1 it is found that in the case where optical-fiber network number of wavelengths W is respectively set to 10,15,20, with The increase of multicast request quantity, connection blocking rate are all obviously rising, and after wavelength number increase, connection blocking rate has significantly Improve.
The emulation experiment of analysis chart 2 can obtain following as a result, being respectively set to 10,15,20 in optical-fiber network number of wavelengths W In the case of, when domain quantity increases, connection blocking rate increases more steady.This is because using parallel branch in the present invention Achievement mode carries out the foundation of multicast tree, effectively reduces the resource contention that wavelength contention is brought, and apply multiple safe mechanism Malicious act has been sanctioned, the efficiency of connection can be improved.After number of wavelengths increase, connection blocking rate is declined.
(2) multicast tree settling time
Under conditions of number of wavelengths is 10, situation is influenced by network load to the time delay that light tree is established and is emulated. Fig. 3 gives influence of the network load to average light tree settling time.
The simulation result of analysis chart 3 can obtain, and in the case that quantity D is respectively set to 5,10,15 in domain, work as optical-fiber network Load increase when, load it is small when increase it is more slow, start when high load is run linearly increasing.This is because Branch parallel achievement method is used in the method for the present invention, when the increase of low-load time domain quantity will not cause light tree to be established Between dramatically increase;And in the situation of load too high, business operation and the achievement request message number such as routing and Wavelength Assignment It has exceeded the bearing capacity of PCE, and quickly increases since resource anxiety that size of message increase is brought will also result in light tree settling time; But due to safe wavelength distribution mechanism can reasonable distribution resource effectively avoid Wavelength conflict, light tree setup delay is still acceptable In range.
(3) Message Payload
In domain, quantity is 10, and number of wavelengths is emulated under conditions of being 10, and Fig. 4 gives the signaling number network operation time Relationship.
Figure 4, it is seen that in the case where network load L is respectively set to 50Erl 100Erl, when optical-fiber network When domain quantity increases, signaling number is linear at any time to be increased.But when load is 150Erl, optical-fiber network wavelength resource is tight , it needs to send out the multiple modules mitigation whole network pressure of a large amount of signalings calling, therefore signaling sum increases when loading 150Erl It is long very fast, but still optical-fiber network can be in tolerance range.

Claims (2)

1. a kind of multi-area optical network safety light tree method for building up based on layering PCE, which is characterized in that include the following steps:
Step 1, the source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to source node place The cPCE in domain;
Step 2, the cPCE in domain where source node, which is received, contributes request R1 and utilizes the mutual authentication method based on nested hash chain Authentication is carried out to the request R1 that contributes, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;Domain where source node CPCE by contribute request R1 be sent to pPCE;
Step 3, after the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, using based on nested hash chain Mutual authentication method carries out authentication to the request R1 that contributes, and carries out source certification to the request R1 that contributes using TCP-AO mechanism; Optimal abstraction set is calculated using the multi-area optical network safe multicasting router-level topology algorithm based on artificial immunity and degree of belief Broadcast tree routing iinformation;Achievement request R1, which forms to contribute with optimal abstract multicast tree routing iinformation, asks R2, pPCE to ask achievement R2 is asked to be sent to the cPCE in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Step 4, intra-domain multicast tree road is calculated in the cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through By information;Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, to be asked R3 is sent to pPCE;
Step 5, distribution wavelength is determined;All intra-domain multicast tree routing iinformations obtained in step 4 are combined to form stringent group Broadcast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE, which will contribute, asks R4 to send To in the cPCE of management source node or branch node;
Step 6, after the cPCE of the management source node or branch node in step 5 receives achievement request R4, TCP-AO is utilized Mechanism carries out source certification to the request R4 that contributes;The cPCE of management source node or branch node asks to read in R4 from contributing respectively Stringent multicast tree routing iinformation, source node to the routing between branch node managed in the cPCE interceptions place domain of source node are believed Breath, the routing iinformation and distribution wavelength generate the request R5 that contributes, and achievement request R5 is sent to source section by the cPCE for managing source node Point;The routing iinformation between branch node in domain where managing the cPCE interceptions of branch node, the routing iinformation and distribution Wavelength generates the request R5 that contributes, and achievement request R5 is sent to each branch node by the cPCE for managing branch node;
Step 7, source node and each branch node receive achievement request R5 after, using TCP-AO mechanism to contribute request R5 into The certification of row source, respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, And obtain distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively by routing iinformation and wavelength information PATH message is formed, and PATH message is sent to downstream node;
Step 8, after downstream node receives PATH message, judge to distribute wavelength between the downstream node and next node Whether chain road is occupied, if unoccupied, PATH message is passed to next node;If occupied, return to step 5;
Step 9, after all tail nodes in step 8 in transmit process receive PATH message, using TCP-AO mechanism to PATH Message carries out source certification, generates RESV message, the transmitting path back transfer in step 8 to the source node of upstream and each point Zhi Jiedian, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node;
Step 10, after source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent out It send to the cPCE in respective place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, PPCE sends achievement success message to the cPCE in domain where source node, and the cPCE in domain sends achievement success message extremely where source node Source node;Source node can start multicast transmission data.
2. a kind of multi-area optical network safety light tree based on layering PCE establishes system, which is characterized in that including receiving request of contributing R1 modules send request R1 modules of contributing, form request R2 modules of contributing, form request R3 modules of contributing, form request of contributing R4 modules form request R5 modules of contributing, PATH message formation module, transmission PATH message modules, generate RESV message modules With confirmation message generation module, wherein
Request R1 modules of contributing are received, for realizing following functions:
Source node in optical-fiber network receives multicast connects request, and source node, which sends to contribute, asks R1 to domain where source node cPCE;
Request R1 modules of contributing are sent, for realizing following functions:
The cPCE in domain where source node, which receives to contribute, asks R1 and using the mutual authentication method based on nested hash chain to contributing It asks R1 to carry out authentication, and source certification is carried out to the request R1 that contributes using TCP-AO mechanism;The cPCE in domain where source node The request R1 that will contribute is sent to pPCE;
Request R2 modules of contributing are formed, for realizing following functions:
After the achievement request R1 that the cPCE in domain where pPCE receives source node is sent, recognize using based on the two-way of nested hash chain Card method carries out authentication to the request R1 that contributes, and carries out source certification to the request R1 that contributes using TCP-AO mechanism;Using base Optimal abstract multicast tree road is calculated in the multi-area optical network safe multicasting router-level topology algorithm of artificial immunity and degree of belief By information;It contributes and asks R1 and optimal abstract multicast tree routing iinformation formation achievement request R2, pPCE by achievement request R2 hairs The cPCE being sent in the domain that the optimal abstract multicast tree routing iinformation is passed through;
Request R3 modules of contributing are formed, for realizing following functions:
Intra-domain multicast tree routing iinformation is calculated in cPCE in each domain that optimal abstract multicast tree routing iinformation is passed through; Intra-domain multicast tree routing iinformation and the request R2 that contributes form the request R3 that contributes;CPCE in each domain, which will contribute, asks R3 to be sent to pPCE;
Request R4 modules of contributing are formed, for realizing following functions:
Determine distribution wavelength;Request R3 modules of contributing will be formed, in obtained all intra-domain multicast tree routing iinformations combine shapes At stringent multicast tree routing iinformation;Stringent multicast tree routing iinformation and distribution wavelength form the request R4 that contributes;PPCE asks achievement R4 is asked to be sent in the cPCE of management source node or branch node;
Request R5 modules of contributing are formed, for realizing following functions:
Formed contribute request R4 moulds it is in the block management source node or branch node cPCE receive achievement request R4 after, utilize TCP-AO mechanism carries out source certification to the request R4 that contributes;The cPCE for managing source node or branch node asks R4 from contributing respectively Middle to read stringent multicast tree routing iinformation, the source node in domain where managing the cPCE interceptions of source node is between branch node Routing iinformation, the routing iinformation and distribution wavelength generate the request R5 that contributes, and the cPCE for managing source node sends achievement request R5 To source node;Manage the routing iinformation between the branch node where the cPCE interceptions of branch node in domain, the routing iinformation with The wavelength of distribution generates the request R5 that contributes, and achievement request R5 is sent to each branch node by the cPCE for managing branch node;
PATH message forms module, for realizing following functions:
After source node and each branch node receive achievement request R5, source is carried out to the request R5 that contributes using TCP-AO mechanism and is recognized Card, respectively obtains source node to the routing iinformation between branch node and the routing iinformation between each branch node, and To distribution wavelength;Source node and each branch node start RSVP-TE agreements, respectively form routing iinformation and wavelength information PATH message, and PATH message is sent to downstream node;
PATH message modules are transmitted, for realizing following functions:
After downstream node receives PATH message, judge to distribute wavelength on the chain road between the downstream node and next node It is whether occupied, if unoccupied, PATH message is passed into next node;If occupied, enter and form the request R4 that contributes Module;
RESV message modules are generated, for realizing following functions:
After all tail nodes in transmission PATH message modules in transmit process receive PATH message, TCP-AO mechanism pair is utilized PATH message carries out source certification, generates RESV message, the source node of transmitting path back transfer in step 8 to upstream and each A branch node, and according to the wavelength configuration of the chain road between the wavelength of distribution completion adjacent node;
Confirmation message generation module, for realizing following functions:
After source node and all branch nodes receive RESV message, each self-generating confirmation message will confirm that message is sent to respectively CPCE from place domain;CPCE will confirm that message is forwarded to pPCE;After pPCE acknowledges receipt of all confirmation messages, pPCE is to source The cPCE in domain where node sends achievement success message, and the cPCE in domain where source node sends achievement success message to source node; Source node can start multicast transmission data.
CN201810072313.6A 2018-01-04 2018-01-25 Multi-domain optical network security optical tree establishment method and system based on layered PCE Active CN108390825B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810008698 2018-01-04
CN201810008698X 2018-01-04

Publications (2)

Publication Number Publication Date
CN108390825A true CN108390825A (en) 2018-08-10
CN108390825B CN108390825B (en) 2020-10-16

Family

ID=63076548

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810072313.6A Active CN108390825B (en) 2018-01-04 2018-01-25 Multi-domain optical network security optical tree establishment method and system based on layered PCE

Country Status (1)

Country Link
CN (1) CN108390825B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110120836A (en) * 2019-03-26 2019-08-13 中国人民武装警察部队工程大学 A kind of multi-area optical network crosstalk attack detecting node is determining and localization method
CN111030933A (en) * 2019-11-22 2020-04-17 中国人民武装警察部队工程大学 Multi-domain optical network secure multicast routing method based on distributed PCE

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773947A (en) * 2004-11-09 2006-05-17 中兴通讯股份有限公司 Method for realizing optical group broadcasting in intelligent optical network
CN102447674A (en) * 2010-10-08 2012-05-09 中兴通讯股份有限公司 Method and device for security negotiation
CN103259768A (en) * 2012-02-17 2013-08-21 中兴通讯股份有限公司 Method, system and device of message authentication
CN104579946A (en) * 2013-10-21 2015-04-29 华为技术有限公司 Method for determining path calculation unit and communication device
CN106169996A (en) * 2016-07-04 2016-11-30 中国人民武装警察部队工程大学 Multi-area optical network key management method based on key hypergraph and identification cipher
CN106851441A (en) * 2017-01-13 2017-06-13 中国人民武装警察部队工程大学 The safe light path of multi-area optical network based on layering PCE sets up agreement
US20170295089A1 (en) * 2014-09-05 2017-10-12 Telefonaktiebolaget Lm Ericsson (Publ) Explicit control of aggregation links via is-is

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1773947A (en) * 2004-11-09 2006-05-17 中兴通讯股份有限公司 Method for realizing optical group broadcasting in intelligent optical network
CN102447674A (en) * 2010-10-08 2012-05-09 中兴通讯股份有限公司 Method and device for security negotiation
CN103259768A (en) * 2012-02-17 2013-08-21 中兴通讯股份有限公司 Method, system and device of message authentication
CN104579946A (en) * 2013-10-21 2015-04-29 华为技术有限公司 Method for determining path calculation unit and communication device
US20170295089A1 (en) * 2014-09-05 2017-10-12 Telefonaktiebolaget Lm Ericsson (Publ) Explicit control of aggregation links via is-is
CN106169996A (en) * 2016-07-04 2016-11-30 中国人民武装警察部队工程大学 Multi-area optical network key management method based on key hypergraph and identification cipher
CN106851441A (en) * 2017-01-13 2017-06-13 中国人民武装警察部队工程大学 The safe light path of multi-area optical network based on layering PCE sets up agreement

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HIROSHI MATSUURA ET AL.: "Hierarchically Distributed PCE for Flexible Multicast Traffic Engineering", 《IEEE:GLOCOM》 *
耿新元: "基于人工免疫与信任度的多域光网络安全组播路由算法", 《科学技术与工程》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110120836A (en) * 2019-03-26 2019-08-13 中国人民武装警察部队工程大学 A kind of multi-area optical network crosstalk attack detecting node is determining and localization method
CN111030933A (en) * 2019-11-22 2020-04-17 中国人民武装警察部队工程大学 Multi-domain optical network secure multicast routing method based on distributed PCE
CN111030933B (en) * 2019-11-22 2021-11-02 中国人民武装警察部队工程大学 Multi-domain optical network secure multicast routing method based on distributed PCE

Also Published As

Publication number Publication date
CN108390825B (en) 2020-10-16

Similar Documents

Publication Publication Date Title
Liu et al. Field trial of an OpenFlow-based unified control plane for multilayer multigranularity optical switching networks
CN111371905B (en) Block chain layering consensus proving system and method based on cloud computing
CN109711192B (en) Method and system for inter-node transaction of block chain system
Ahmed et al. Efficient inter-thread scheduling scheme for long-reach passive optical networks
CN108390825A (en) Multi-area optical network safety light tree method for building up and system based on layering PCE
Shacham et al. An experimental validation of a wavelength-striped, packet switched, optical interconnection network
Cai et al. SD‐MAC: Design and evaluation of a software‐defined passive optical intrarack network in data centers
CN114844902A (en) SDN controller and equipment interaction method based on block chain technology
CN101616340B (en) Secure lightpath establishment method based on automatically switching optical network (ASON)
Balamurugan et al. Optical burst switching issues and its features
CN110299939A (en) Shared guard method and device towards time division multiplexing QKD optical-fiber network
Lv et al. Study on the solutions to heterogeneous onu propagation delays for energy-efficient and low-latency EPONs
Tariq et al. Performance evaluation of MPTCP over optical burst switching in data centers
Ahmed et al. Concurrent processing of multiple LSP request bundles on a PCE in a WDM network
Li et al. Towards low-latency distributed tasks collaboration by joint optimization of transmission, computation and storage resources allocation in edge computing
Li et al. Experiment of Extended Segment Routing Enabled Fast End-to-End Service Provisioning in Multi-Domain for the Fifth Generation Fixed Network (F5G)
CN110443616A (en) Byzantine failure tolerance common recognition method based on random thresholding signature mechanism
Luo et al. Security Signaling Optimization in Optical Network for Smart Power Station
Li et al. A cost and load balancing based FiWi network ONU planning method for multimedia services
Gumaste et al. Multihop light-trails (MLT)-a solution to extended metro networks
CN114501440B (en) Authentication key protocol for block chain application at edge of wireless sensor network
Wang et al. Trust based partially distributed key management scheme for aeronautical ad hoc networks
Tasneem et al. Improving QoS of Peer to Peer Multimedia Services by Employing Multiple Upstream Wavelengths in EPON
CN111030934B (en) Multi-domain optical network security optical tree establishment system and method based on distributed PCE
CN101605279A (en) A kind of shortest path of double layers implementation method based on cluster computing unit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant