CN115150688A

CN115150688A - Endogenous safe optical network service mapping method and related equipment

Info

Publication number: CN115150688A
Application number: CN202210564883.3A
Authority: CN
Inventors: 王伟; 刘天和; 张�杰; 李亚杰; 赵永利
Original assignee: Beijing University of Posts and Telecommunications
Current assignee: Beijing University of Posts and Telecommunications
Priority date: 2022-05-23
Filing date: 2022-05-23
Publication date: 2022-10-04

Abstract

The application provides an endogenous secure optical network service mapping method, an endogenous secure optical network service mapping device, electronic equipment and a storage medium. The method comprises the following steps: and dividing the safety level of the optical path by using the bit number, and mapping the services with different requirements to the corresponding paths after determining the safety level required by the services. The device comprises: the system comprises a security level division module, a service security level determination module and a service mapping module. The electronic device includes: a memory, a processor, and a computer program stored on the memory and executable on the processor to implement the endogenous secure optical network traffic mapping method. The storage medium is a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform an endogenous secure optical network traffic mapping method. The method and the device give consideration to network resources and user requirements, ensure the best use of things and avoid random occupation and waste of the network resources.

Description

Endogenous safe optical network service mapping method and related equipment

Technical Field

The present application relates to the field of secure optical communications technologies, and in particular, to a method and an apparatus for mapping an endogenous secure optical network service, an electronic device, and a storage medium.

Background

In the field of secure optical communication, in an endogenous secure optical network constructed based on an endogenous secure transmission technology, key negotiation capabilities on each optical path are different. The services applied by different users have different requirements on the key negotiation capability. Therefore, when mapping services, how to map services with different requirements to corresponding optical paths on the basis of ensuring service security needs to be considered.

Disclosure of Invention

In view of the above, an object of the present application is to provide an endogenous secure optical network service mapping method, an endogenous secure optical network service mapping device, an electronic device, and a storage medium. The method and the device solve the problems of random occupation and waste of network resources caused by incapability of mapping the service to the corresponding optical path according to requirements when the optical path bears the multi-element service.

Based on the above purpose, the present application provides an endogenous secure optical network service mapping method, including:

dividing the safety level of the optical path according to the bit number;

determining the security level required by the service;

and mapping the service to a corresponding path on the basis of meeting the security level required by the service according to the requirement of the user on the service.

Optionally, the dividing the safety level of the optical path according to the number of bits includes:

coding each symbol in each wavelength signal by using a bit number; wherein the wavelength signal is located within an endogenous secure optical transport network;

establishing a light path to obtain a high bit number for data transmission and a middle bit number for key agreement in the wavelength signal;

respectively quantizing data transmission and key negotiation capabilities by using bandwidth and key resources, and determining the sizes of the bandwidth and the key resources;

and dividing the safety level of the optical path according to the bandwidth and the size of the key resource.

Optionally, the determining the security level required by the service includes:

pre-configuring an optical path topology G (V, E) with the security level; the optical path topology G (V, E) is composed of nodes V and optical paths E communicated with the nodes, each optical path comprises bandwidth D (i, j, t) and key resources K (i, j, t), wherein i, j, t represents the tth optical path from the ith node to the jth node;

determining the security level required by the service according to the setting of a gamma value by a user; the value Γ is the proportion of key resources occupying bandwidth on the t-th light path from the node i to the node j, and is represented as:

optionally, the mapping the service to a corresponding path on the basis of meeting the security level required by the service according to the requirement of the user on the service includes:

acquiring the optical path topology G (V, E) and the service request C (s, d, b, tau); the service request C (s, d, b, tau) represents a service request with a bandwidth of b and a security of tau from a source node s to a destination node d;

acquiring k shortest paths from a source node s to a destination node d, and storing the k shortest paths to a set P _K (ii) a The K shortest paths are obtained based on a K shortest path algorithm;

traverse the set P _K Each path p stored in the system is used for distributing an available light path for each hop on the path p;

calculating H according to the optimization index, and storing all candidate paths into a set P _v (ii) a The candidate path is a path in which each hop in one path is allocated with a light path;

judgment set P _v Whether it is empty;

if the set P is _v If not, the set P is divided into a plurality of groups according to the H _v Arranging in ascending order, mapping the service to the first path, and allocating bandwidth and cipher to the first pathA key resource; if the set P _v Empty, the traffic map is blocked.

Optionally, the allocating an available optical path for each hop on the path p includes:

and according to the service requirement, allocating the available optical paths with the bandwidth not lower than the service required bandwidth and the security level not lower than the service required level.

Optionally, when there is more than one available optical path, the optical path with the lowest security level is preferentially selected.

Optionally, the optimization index includes a safety deviation; the security deviation is the standard deviation between the requested security level and the provided path, which represents the degree to which the path provides security above the requested security, expressed as:

wherein phi _m And the safety level of the mth hop optical path in one path is shown, tau is the safety level of the service requirement, and M is the total hop number of the path.

In view of the above, the present application also provides an endogenous secure optical network traffic mapping electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the method according to any one of the above when executing the program.

Based on the above object, the present application further provides an endogenous secure optical network service mapping apparatus, including:

the safety grade dividing module is configured to divide the safety grade of the optical path according to the bit number;

the service security level determining module is configured to determine the security level required by the service;

and the service mapping module is configured to map the service to a reasonable path on the basis of meeting the security level required by the service according to the requirement of the user on the service.

In view of the above, the present application also provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method as described in any one of the above.

As can be seen from the above, according to the endogenous secure optical network service mapping method, device, electronic device, and storage medium provided by the present application, the security level of the optical path is divided by using the number of bits, the security level required by the service is determined, and then the service is mapped to the corresponding optical path on the basis of meeting the security level required by the service according to the requirement of the user on the service. The technical scheme meets the requirements of users and avoids random occupation and waste of network resources.

Drawings

In order to more clearly illustrate the technical solutions in the present application or the related art, the drawings needed to be used in the description of the embodiments or the related art will be briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a schematic diagram of an endogenous secure optical network service mapping method according to an embodiment of the present application;

fig. 2 is a schematic diagram illustrating a method for dividing optical path security levels according to bit numbers in an endogenous secure optical network service mapping method according to an embodiment of the present application;

FIG. 3 is a schematic diagram of an intrinsic safety transport model provided in an embodiment of the present application;

fig. 4 is a schematic diagram illustrating a method for determining a security level required by a service in an endogenous secure optical network service mapping method according to an embodiment of the present application;

fig. 5 is a schematic diagram of an endogenous secure optical transport network and an optical path topology according to an embodiment of the present application;

fig. 6 is a flowchart of an algorithm for mapping a service to a corresponding path as required on the basis of meeting a security level required by the service in the method for mapping an endogenous secure optical network service according to the embodiment of the present application;

fig. 7 is a schematic diagram illustrating a minimum hop count priority method and an optimal level priority method according to an embodiment of the present application;

fig. 8 is a schematic diagram of an electronic device for mapping an endogenous secure optical network service according to an embodiment of the present application;

fig. 9 is a schematic diagram of an endogenous secure optical network service mapping apparatus according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is further described in detail below with reference to specific embodiments and the accompanying drawings.

It should be noted that technical terms or scientific terms used in the embodiments of the present application should have a general meaning as understood by those having ordinary skill in the art to which the present application belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item preceding the word comprises the element or item listed after the word and its equivalent, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.

Fiber optic communication systems have become a vital component in modern communication systems, and with the dramatic increase in access and usage, secure optical communication has become of particular importance. The first line of defense to secure communications, like other networks, begins with an encryption protocol. The security of cryptographic protocols is mainly derived from computational complexity, however, as the computing power of computers increases day by day, the security of communications based on computational complexity is at risk of being deciphered. Second, the high transmission rates in fiber optic communication systems pose new challenges to communication security, as encryption protocols have not been able to achieve real-time encryption at high rates.

The physical layer (also referred to as optical layer) security mechanisms of optical communication systems can solve the above problems well. Firstly, the optical layer security can enhance the security of the protocol stack high-level encryption protocol, and the overall security of the system is realized. Secondly, since the optical signal does not generate electromagnetic radiation, the optical communication system has less risk of electromagnetic interference, and is not easily influenced by side channel eavesdropping based on electromagnetism per se. Therefore, to avoid the optical network security from being compromised, it is necessary to secure the optical layer of the optical communication system.

The quantum key distribution technology is a future-oriented optical layer security technology, aims to ensure the security negotiation of keys, and can enhance the security of communication by improving the key refreshing frequency. In a communication system applying quantum key distribution technology, a classical channel is used for transmitting user data after key encryption, and a quantum channel is used for key agreement. Based on the basic principle of quantum mechanics, two communication endpoints in the communication system can detect the existence of any third party trying to illegally obtain a key, and the normal key negotiation process is interrupted once the third party is found out, so that the risk of deciphering and eavesdropping can be obviously greatly reduced by the quantum key distribution technology, and the safety of the system is enhanced. However, the interruption of the negotiation process also destroys the communication process of the legitimate receiver, which affects the stability of the communication. In addition, the quantum key distribution technology performs key agreement through an additional external key agreement system, which increases the complexity and cost of the system. In order to solve the above problems, the endogenous secure transmission technology incorporates a key negotiation function inside the communication system, so as to reduce the complexity of the system and improve the stability of the system.

The endogenous safe transmission technology is a safe optical communication mode which does not depend on an additional external key negotiation system and completely provides endogenous protection for information transmission by a communication system. In the process of endogenous safe transmission, because the eavesdropping party cannot know the sending state of the sender and is difficult to decipher the key and the data information, the eavesdropping difficulty is increased and the information interception resistance is improved. The endogenous secure optical network deploying the endogenous secure transmission technology can provide both data transmission capability and key negotiation capability when carrying user services. However, since the key negotiation capability on each optical path in the intrinsic secure optical network is different, and the requirements of the services applied by different users on the key negotiation capability are also different, how to map the services onto the corresponding optical paths as required is a problem to be solved urgently.

In view of the above problems, embodiments of the present application provide an endogenous secure optical network service mapping scheme, where the scheme uses a bit number to divide security levels of optical paths, and after the security levels required by services are determined, services with different requirements are mapped to corresponding paths. The scheme gives consideration to network resources and user requirements, ensures the best use of the things and avoids the random occupation and waste of the network resources.

Fig. 1 is a schematic diagram of an endogenous secure optical network service mapping method provided in an embodiment of the present application, including:

s101: and dividing the safety level of the optical path according to the bit number.

The method for dividing the safety level of the optical path by using the bit number can control the intensity of the encryption strategy and improve the rationality and effectiveness of service encryption. Specifically, as an alternative, as shown in fig. 2, the method is applied to the endogenous secure transmission model shown in fig. 3, and includes:

s201: each symbol in the respective wavelength signal is encoded in bits.

In the endogenous safety optical network, a plurality of wavelength signals can transmit data in the same optical fiber through the wavelength division multiplexing technology. The wavelength division multiplexing technology is a technology that optical carrier signals (carrying various information) with two or more different wavelengths are converged together at a sending end through a multiplexer and are coupled to the same optical fiber of an optical line for transmission; at the receiving end, the optical carriers of the various wavelengths are separated by a demultiplexer and then further processed by an optical receiver to recover the original signal.

In this embodiment, each symbol in a wavelength signal is encoded by a bit number, such as bits 1-8 shown in fig. 3, where bits 1-2 are the lowest bit number and are safely covered by noise, and the higher bit number is less affected by noise, so the higher bit number has a higher signal-to-noise ratio and a lower bit error rate, and the lower bit number has a lower signal-to-noise ratio and a higher bit error rate.

S202: and establishing an optical path to obtain the high-order bit number used for data transmission and the middle-order bit number used for key agreement in the wavelength signal.

Once a light path is established, the number of bits used for each function within its wavelength signal is determined. In this embodiment, as shown in fig. 3, bits 6-8 are high-bit bits and can be used for high-quality transmission of user data, and bits 3-5 are intermediate-bit bits and can be used for transmission of a measurement sequence used for key agreement. Thus, the transmission data and the key agreement capability within one channel are determined.

S203: and quantizing the data transmission and key negotiation capabilities by using bandwidth and key resources respectively, and determining the sizes of the bandwidth and the key resources.

In this embodiment, as shown in fig. 3, the capabilities of transmitting data and key agreement are quantized with bandwidth and key resources, respectively, in bits per second.

S204: and dividing the safety level of the optical path according to the bandwidth and the size of the key resource.

The more the key resources are, the faster the transmission speed of the measurement sequence is, and the faster the key is generated, the higher the data transmission security is. That is, each wavelength signal contains limited bandwidth and key resources, and the more key resources, the higher the security.

S102: the required level of security for the service is determined.

In an endogenous security optical network, diversified services have different requirements on security. For example, financial services require high security to ensure user privacy, while entertainment audio and video services are more real-time intensive than security, requiring less or even no security. Therefore, before distributing the traffic to the corresponding paths as required, the security level required by the traffic needs to be determined.

Specifically, as shown in fig. 4, an alternative manner includes:

s401: pre-configuring the optical path topology with the security level.

In this embodiment, as shown in fig. 5, the left graph is an endogenous secure optical transport network, and a light path topology G (V, E) with a security level is formed after the left graph is preconfigured, and the topology structure is composed of nodes V and light paths E communicating with each node.

It should be noted that, the optical path, i.e. the path established by using the same wavelength in one or more adjacent optical fibers, has a common wavelength λ between

nodes

1,2,3,6 in the endogenous secure optical transport network ₁ A lightpath can be established from node 1 through node 6 as in the right hand graph of fig. 5. In addition, multiple optical paths may exist between any two adjacent nodes, for example, two optical paths exist between node 5 and node 6 in fig. 5, so E (i, j, t) is used to represent the t optical path from the i-th node to the j-th node. Within each lightpath, there are also included bandwidth D (i, j, t) and key resource K (i, j, t), the size of which is determined as the lightpath is established.

S402: and determining the security level required by the service according to the setting of the gamma value by the user.

The bandwidth and the key resource of the optical path of the endogenous secure optical network coexist, but the bandwidth and the key resource contained in different optical paths are different. Using τ _n Indicating a security level, the larger n, the lower the traffic security requirements. Using gamma (i, j, t) to represent the proportion of key resources occupying the bandwidth on the t-th light path from the node i to the node j, and the formula is

And determining the security level required by the service according to the setting of the gamma value by the user.

In this embodiment, as shown in FIG. 5, there are three security levels within the optical path topology G (V, E), and τ ₁ ＞τ ₂ ＞τ ₃ . When the user of node 1 requests a security level τ to node 6 ₂ May connect the one-hop path between node 1 and node 6, or may route the path throughThe path reached by the node 5 in multiple hops is taken into consideration for path selection. Wherein, a plurality of optical paths exist between the node 5 and the node 6 in the multi-hop arrival path, and the security level is tau ₃ The light path does not meet the service requirement, so the light path does not take into consideration; otherwise, the security level is tau ₁ May be used as candidate paths.

S103: and mapping the service to a corresponding path on the basis of meeting the security level required by the service according to the requirement of the user on the service.

The security-aware service mapping algorithm provided by the application is used for the path mapping decision of S103. When a user applies for a service connection, the network controller needs to calculate a path satisfying its security and bandwidth requirements for the service and allocate a corresponding amount of resources. Specifically, as an optional manner, as shown in fig. 6, the flowchart of the security-aware service mapping algorithm for mapping path decision in the embodiment of the present application mainly includes the following steps:

s601: an optical path topology G (V, E) is acquired.

S602: a service request C (s, d, b, τ) is obtained.

In this embodiment, C (s, d, b, τ) is used to represent a traffic request with bandwidth b and security τ from the source node s to the destination node d.

S603: calculating k shortest paths and outputting set P _K 。

In this embodiment, based on the K shortest path algorithm, K shortest paths from the source node s to the destination node d are obtained and stored in the set P _K 。

In this embodiment, the set P needs to be traversed _K And each path p is stored in the storage module, and an available optical path is allocated to each hop on the path p. It should be noted that, the optical path is constrained by bandwidth and security level, and the available bandwidth in one optical path is not lower than the bandwidth required by the service and the security level is not lower than the level required by the service. Only if each hop in a path is assigned a lightpath, the path can be considered as a candidate path. Where there may be more than one optical path available, the lowest ranked optical path will preferably be selected. Finally, according toOptimizing the index calculation H and storing all candidate paths into a set P _v . As shown in fig. 6, includes:

s604: judgment set P _K Whether it is empty.

S605: selection of P _K The inner first path p.

If the set P is determined in S604 _K Not null (no at S604), this step is executed.

S606：i＝1。

S607: and judging whether i is not more than the hop count of p.

S608: the ith hop endpoint (s ', d') is selected.

If S607 determines that i is not greater than p (yes in S607), this step is executed.

S609: all the light path outputs L meeting the requirements of bandwidth b and grade tau between (s ', d') are collected _M 。

S610: judgment of L _M Whether it is empty.

S611: according to the grade level, L is adjusted _M And (4) arranging in an ascending order.

If L is determined in S610 _M Not null (no at S610), this step is executed.

S612: the first optical path is selected and stored in p.

S613：i+＝1。

After i is updated to i +1, S607 is executed again.

S614: from P _K The inner deletion path p.

If L is determined in S610 _M Is empty (yes in S610), this step is executed. From P _K After the path p is deleted, S604 is executed again.

S631: and calculating an optimization index H.

If S607 determines that i is the number of hops greater than p (no in S607), this step is executed.

S632: storing (P, H) in set P _v 。

Note that (P, H) is stored in the set P _v Thereafter, S6 is executed again14。

S621: judging set P _v Whether it is empty.

If the set P is determined in S604 _K If it is empty (yes in S604), this step is executed.

S622: according to H to P _v And (5) arranging in an ascending order.

If it is determined in S621 that set P is present _v Not null (no at S621), this step is executed; if it is determined in S621 that set P is present _v Null (yes at S621), the piece of traffic is blocked.

S623: the first path p is selected.

S624: and mapping the service to p, and allocating service bandwidth and key resources.

Fig. 7 is a schematic diagram of a minimum hop count priority method and an optimal level priority method according to an embodiment of the present application.

The hop count indicates the number of optical paths that pass through a path. It further indicates the number of photoelectric light conversion times in the transmission process, and the index may be used for the service sensitive to time delay. The security deviation represents the standard deviation between the requested security level and the provided path, which represents the degree to which the provided security of the path is higher than the requested security, and can be used to avoid wasting bandwidth at high security levels, and the calculation formula is:

In the present embodiment, as shown in fig. 7, the light path topology shown in the left diagram is used as the implementation object, the topology is composed of four light paths, and each light path level is taken from { τ [ ] ₁ ，τ ₂ ，τ ₃ }. The user applies for the service and is connected from the node 1 to the node 6, and the security level required is tau ₂ . Two shortest paths can be calculated for the K shortest paths by the shortest path algorithm, namely a path (1,6) and a path (1,5,6). Suppose thatThe optical path has sufficient bandwidth, so that the optical path number (1) can be selected for the path (1,6), and the optical paths number (2) and (4) can be selected for the path (1,5,6). Wherein, the security level of the No. 3 optical path is lower than the security level tau required by the service ₂ Therefore, it is not considered. Since the hop count of the path (1,6) is 1 and the hop count of the path (1,5,6) is 2, the path (1,6) is finally selected to carry the user traffic according to the minimum hop count principle.

In the present embodiment, as shown in fig. 7, the light path topology shown in the left diagram is used as the implementation object, the topology is composed of four light paths, and each light path level is taken from { τ [ ] ₁ ，τ ₂ ，τ ₃ }. The user applies for the service and is connected from the node 1 to the node 6, and the security level of the requirement is tau ₂ . Two shortest paths can be calculated for the K shortest paths by the shortest path algorithm, namely a path (1,6) and a path (1,5,6). According to the calculation method of the safety deviation, the safety deviation of the calculation path (1,6) is as follows:

the safety deviation of path (1,5,6) is:

it can be seen that the security deviation value of the path (1,5,6) is smaller, which indicates that the path is closer to the traffic requirement, so the path (1,5,6) is finally selected to carry the traffic.

The embodiment of the application provides an endogenous safe optical network service mapping method. The method gives consideration to network resources and user requirements, and aims to select a globally optimal or locally optimal mapping path for the service. In addition, the method can perform service mapping according to different optimization indexes, including a minimum hop count priority mapping method based on hop count and an optimal grade priority mapping method based on safety deviation. The former can minimize the number of hops for establishing service, and indirectly reduce the transmission delay; the latter can distribute the path which is most suitable for the service requirement for the service, thereby ensuring the best use of the things and avoiding the random occupation and waste of the bandwidth and the key resource between the grades.

It should be noted that the method of the embodiment of the present application may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and is completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the multiple devices may only perform one or more steps of the method of the embodiment, and the multiple devices interact with each other to complete the method.

It should be noted that the above describes some embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Based on the same inventive concept, corresponding to the method in any of the embodiments, the present application further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the method for mapping the intrinsic safe optical network service in any of the embodiments when executing the program.

Fig. 8 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.

The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.

The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.

The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.

The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (for example, USB, network cable, etc.), and can also realize communication in a wireless mode (for example, mobile network, WIFI, bluetooth, etc.).

Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.

It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.

The electronic device of the foregoing embodiment is used to implement the corresponding endogenous secure optical network service mapping method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.

Based on the same inventive concept, corresponding to the method of any embodiment, the application also provides an endogenous secure optical network service mapping device.

Referring to fig. 9, the endogenous secure optical network traffic mapping apparatus includes:

a safety grade dividing module 1 configured to divide the safety grade of the optical path according to the bit number;

a service security level determining module 2 configured to determine a security level required for a service;

and the service mapping module 3 is configured to map the service to a reasonable path according to the requirement of the user on the service on the basis of meeting the security level required by the service.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations as the present application.

The apparatus in the foregoing embodiment is used to implement the corresponding mapping method for an intrinsic safety optical network service in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.

Based on the same inventive concept, corresponding to any of the above embodiments, the present application further provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the method for mapping the traffic of the intrinsic safe optical network according to any of the above embodiments.

Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.

The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the method for mapping an endogenous secure optical network service according to any of the foregoing embodiments, and have the beneficial effects of the corresponding method embodiments, which are not described herein again.

Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the context of the present application, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.

In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the application. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the application are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that the embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.

While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.

The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made without departing from the spirit or scope of the embodiments of the present application are intended to be included within the scope of the claims.

Claims

1. An endogenous secure optical network service mapping method includes:

dividing the safety level of the optical path according to the bit number;

determining the security level required by the service;

2. The method of claim 1, wherein the dividing the security level of the optical path according to the number of bits comprises:

3. The method of claim 1, wherein the determining a level of security required for a service comprises:

4. the method of claim 3, wherein the mapping the service onto a corresponding path on the basis of meeting the security level required by the service according to the requirement of the user for the service comprises:

acquiring the optical path topology G (V, E) and a service request C (s, d, b, tau); wherein, the service request C (s, d, b, τ) represents a service request with a bandwidth b and security τ from a source node s to a destination node d;

traverse the set P _K Each path p stored in the system is used for distributing an available optical path for each hop on the path p;

judgment set P _v Whether it is empty;

if the set P is _v If not, the set P is divided into a plurality of groups according to the H _v Arranging in ascending order, mapping the service to the first path, and allocating bandwidth and key resources for the first path; if the set P is _v Empty, the traffic map is blocked.

5. The method of claim 4, wherein the allocating available lightpaths for each hop on the path p comprises:

6. A method according to claim 4 or 5, wherein when there is more than one said available lightpaths, the lightpath with the lowest security level is preferably selected.

7. The method of claim 4, wherein the optimization indicator comprises a safety deviation; the security deviation is the standard deviation between the requested security level and the provided path, which represents the degree to which the path provides security above the requested security, expressed as:

wherein phi is _m And the safety level of the mth hop optical path in one path is shown, tau is the safety level of the service requirement, and M is the total hop number of the path.

8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 7 when executing the program.

9. An endogenous secure optical network traffic mapping apparatus, comprising:

10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.