CN117353914A - Protection method and system for dynamic service perception - Google Patents
Protection method and system for dynamic service perception Download PDFInfo
- Publication number
- CN117353914A CN117353914A CN202311388923.4A CN202311388923A CN117353914A CN 117353914 A CN117353914 A CN 117353914A CN 202311388923 A CN202311388923 A CN 202311388923A CN 117353914 A CN117353914 A CN 117353914A
- Authority
- CN
- China
- Prior art keywords
- service
- time slot
- path
- protection
- quantum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000008447 perception Effects 0.000 title claims description 7
- 238000009826 distribution Methods 0.000 claims abstract description 53
- 230000003287 optical effect Effects 0.000 claims abstract description 31
- 238000013468 resource allocation Methods 0.000 claims abstract description 19
- 230000006870 function Effects 0.000 claims description 25
- 239000013307 optical fiber Substances 0.000 claims description 21
- 238000004422 calculation algorithm Methods 0.000 claims description 16
- 238000010276 construction Methods 0.000 claims description 11
- 230000008859 change Effects 0.000 claims description 3
- 238000009827 uniform distribution Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 238000005259 measurement Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001747 exhibiting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Optics & Photonics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a protection method and a protection system for dynamic service awareness, and relates to the technical field of optical network security. In the invention, when the route is calculated, the route with the minimum loss of the time slot resource availability is selected to transmit the service by a time slot availability sensing method, so that the reasonable route and the time slot resource are selected. In addition, considering that the manners of the time slots occupied by the working path and the protection path are different, the shared time slot can only be used for establishing the protection path and cannot be used for establishing the working path. Therefore, different allocation methods are adopted for the working path and the protection path respectively in time slot resource allocation. Meanwhile, in order to alleviate the problem of frequent time slot resource conflict caused by the arrival and departure of a large number of dynamic services, a dynamic service adjustment method is adopted. The scheme remarkably improves the success rate of quantum key distribution and the utilization rate of time slot resources.
Description
Technical Field
The invention relates to the technical field of optical network security, in particular to a protection method and system for dynamic service awareness.
Background
With the rapid development of cloud computing, data centers and related services, the amount of data carried by an optical network has increased substantially. Meanwhile, optical networks are becoming an important channel for transmitting private and sensitive data. This trend exacerbates a range of security issues including eavesdropping and data leakage. Compared with the traditional encryption method, quantum key distribution (quantum key distribution, abbreviated as QKD) has remarkable advantages in key generation and security, has the potential of providing theoretical unconditional security, and provides new possibility for solving the security problem of an optical network.
In view of the commercialization of optical fiber-based quantum key distribution systems, optical wavelength division multiplexing technology can be adopted to integrate quantum channels, measurement channels and traditional data channels, so that the actual deployment of quantum key distribution is greatly accelerated. A 200GHz guard band is reserved between the quantum channel and the classical channel to prevent interference between the quantum signal and the classical signal. Furthermore, in view of limited wavelength resources in optical networks, each quantum channel and measurement channel may be divided into a plurality of fixed-size time slots by optical time division multiplexing techniques. This enables the limited quantum channels and measurement channels to meet additional traffic while minimizing the impact of quantum key distribution on conventional data transmission in an optical network. For each service, in order to reduce the situation that the quantum key cannot be distributed due to faults in the transmission process, a protection path is additionally established for each service to carry out quantum key distribution. When the working path fails, the quantum key transmission on the working path can be rapidly switched to the protection path, the stability of key distribution is improved, and the transmitted data can be safely encrypted. And because of the limited available slot resources, shared path protection is more viable than dedicated path protection because it can share limited slot resources among multiple services.
Therefore, how to efficiently and reasonably perform routing and time slot resource allocation, and improve the utilization rate of network time slot resources, so that more services can smoothly use the quantum key for encryption protection is an important problem. In addition, the sharing degree of the time slot resources is further improved, so that the usability of the time slot resources is also very important.
Disclosure of Invention
Therefore, the embodiment of the invention provides a protection method and a system for dynamic service perception, which are used for solving the problem of low availability of a link time slot caused by unreasonable time slot resource allocation and low time slot sharing degree in a quantum key distribution optical network in the prior art.
In order to solve the above problems, an embodiment of the present invention provides a protection method for dynamic service awareness, where the method includes:
step S1: initializing a quantum key distribution light network model G (N, L, W, S), wherein N is a switching node set of the quantum key distribution light network, L is a directed optical fiber link set, W is an available quantum channel set, S is an available time slot set of each quantum channel, and I N I, I L I, I W I and I S I respectively represent the switching nodes of the quantum key distribution light network, the optical fiber links, the quantum channels and the number of available time slots in each quantum channel;
step S2: generating a service R (s, d, t based on a quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d and a service arrival time t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition;
step S3: based on the generated service, establishing an alternative working path and an alternative protection path set;
step S4: adopting different time slot resource allocation strategies to allocate time slots for the working path and the protection path;
step S5: according to different security levels of each service, carrying out key updating on the quantum key according to different periods;
step S6: when the service leaves, the dynamic service adjustment is carried out on all links occupied by the service protection path, and the time slot allocation is carried out again for the service to be adjusted.
Preferably, in step S1, the method for initializing the quantum key distribution network model G (n, L, W, S) is as follows:
the method comprises the steps of reading an optical network topological structure, the link state in an optical network, the number of network quantum nodes, the number of optical fiber links, the number of all available quantum channels of each optical fiber link and the number of available time slots of each quantum channel.
Preferably, in step S2, a traffic R (S, d, t a ,γ,t s ) The method of (1) is as follows:
and generating services according to the uniform distribution of the source nodes and the destination nodes, and configuring the number of connected services, the source nodes and the destination nodes which are connected with the services differently, the service arrival time, the service duration time, the security level required by the services and the time slot required by the services.
Preferably, in step S3, the method for establishing the alternative working path and the alternative protection path set based on the generated service specifically includes:
based on the generated service, calculating the time slot availability of each link according to a defined availability function;
when working paths are calculated, K paths with the least time slot availability loss are selected by adopting K shortest path algorithms according to a path building cost function to form an alternative working path set;
when the protection paths are calculated, K paths with the least time slot availability loss are selected by adopting K shortest path algorithms according to the path construction cost function, so that an alternative protection path set is formed.
Preferably, when calculating the protection path, in order to ensure that the service can timely resume key distribution when the working path fails, a path which does not intersect with the working path needs to be selected; therefore, each link of the working path is disconnected, and K paths with the least time slot availability loss are selected according to the construction cost function to form an alternative protection path set.
Preferably, the availability function is expressed as follows:
in which W is l Representing the slot availability of link l, a represents the set of current free slot blocks, |a| represents the number of free slot blocks, α ω Indicating the number of slots contained in the omega free slot block. V (V) l w The time slot change degree of the link l is represented, and the definition is shown in the following formula:
wherein t is 0 Indicating the time of arrival of the current service;is a Boolean variable, if t 0 The ith time slot on time link l is occupied by any traffic, then +.>Equal to 1; otherwise equal to 0; />Representing a logical exclusive-or operation; />Indicated at t 0 The total number of all the time slots available at the time instant.
Preferably, the cost function is expressed as follows:
wherein C is p Representing the cost function of path p, W l a And W is l b Indicating the availability of time slots on link l before and after the time slot pre-allocation, respectively.
Preferably, in step S4, the method for allocating timeslots to the working path and the protection path by adopting different timeslot resource allocation policies specifically includes:
when time slots are allocated for the working paths, a first hit algorithm is adopted on a quantum channel corresponding to the current service security level, alternative working path sets are traversed in sequence from low to high according to the road construction cost to find available time slots, namely continuous available time slot blocks are searched from the earliest time slot, and the first traversed continuous idle time slot blocks meeting the service requirements are used for establishing the working paths for the current service;
when time slots are allocated for the protection paths, a tail hit algorithm is adopted on a quantum channel corresponding to each service security level, continuous available time slot blocks are searched from the last time slot, and the first traversed idle time slot blocks meeting the service requirements are used for establishing the protection paths for the current service.
Preferably, in step S6, when there is a traffic departure, the method for dynamically adjusting the traffic on all links occupied by the traffic protection path specifically includes:
when the service leaves, firstly, before releasing the time slot resource occupied by the current protection path, two indexes I are set for each link occupied by the service 1 And I 2 Wherein I 1 Index corresponding to the earliest slot among the slots occupied by all the protected paths on the link, I 2 An index corresponding to a first time slot occupied by a currently leaving service on the link; then traversing all links belonging to I in the protection path occupied by the service 1 To I 2 If a certain time slot is occupied by a protection path, adding the service occupying the time slot into a small root pile ordered from small to large according to the number of occupied time slots, and releasing the currently-leaving service; finally, the business needing to be adjusted is ejected from the small root stacks in sequence, and the tail life is reusedStarting searching from the last available time slot, and re-allocating time slots for the service to be regulated.
The embodiment of the invention also provides a protection system for the dynamic service perception, which is used for realizing the protection method for the dynamic service perception, and specifically comprises the following steps:
the quantum key distribution lighting network initialization module is used for initializing a quantum key distribution lighting network model G (N, L, W, S), wherein N is a switching node set of the quantum key distribution lighting network, L is a directed optical fiber link set, W is an available quantum channel set, S is an available time slot set of each quantum channel, and N, L, W and S respectively represent the switching node of the quantum key distribution lighting network, the optical fiber link, the quantum channel and the number of available time slots in each quantum channel;
a service generation module for generating a service R (s, d, t) based on the quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d and a service arrival time t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition;
the alternative working path and alternative protection path set establishing module is used for establishing an alternative working path and an alternative protection path set based on the generated service;
the time slot resource allocation module is used for allocating time slots for the working path and the protection path by adopting different time slot resource allocation strategies;
the quantum key updating module is used for updating the quantum key according to different security levels of each service and different periods;
and the dynamic service adjustment module is used for carrying out dynamic service adjustment on all links occupied by the service protection path when the service leaves, and carrying out time slot allocation again for the service to be adjusted.
From the above technical scheme, the invention has the following advantages:
the embodiment of the invention provides a protection method and a system for dynamic service perception, which firstly introduce the concept of time slot availability of a link and can effectively reflect the current and subsequent bearing capacity of the link to quantum key distribution service. In the route calculation process, definition of the route construction cost is introduced, and a more reasonable alternative working set and a protection path set are found through K shortest path algorithms. When the time slot is allocated, different time slot allocation methods are adopted for the working path and the protection path respectively when the time slot resource is allocated by considering the difference of the time slot occupation modes of the working path and the protection path. Meanwhile, in order to alleviate the problem of frequent time slot resource conflict caused by the arrival and departure of a large number of dynamic services, a dynamic service adjustment method is adopted, so that the time slot sharing degree is improved again, and the time slot availability of the link occupied by the released protection path is improved. Therefore, the invention can obviously improve the success rate of quantum key distribution and the utilization rate of time slot resources, and simultaneously ensure the service quality of the service in the transmission process. The invention can greatly improve the success rate of quantum key distribution and the time slot resource utilization rate, and simultaneously improve survivability by using a sharing protection method.
Drawings
For a clearer description of embodiments of the invention or of solutions in the prior art, reference will be made to the accompanying drawings, which are intended to be used in the examples, for a clearer understanding of the characteristics and advantages of the invention, by way of illustration and not to be interpreted as limiting the invention in any way, and from which, without any inventive effort, a person skilled in the art can obtain other figures. Wherein:
FIG. 1 is a flow chart of a method of dynamic traffic aware protection provided in an embodiment;
FIG. 2 is a flow chart showing the implementation of the method of the present invention;
FIG. 3 is a schematic diagram of one example of the method of the present invention in an embodiment;
a block diagram of a dynamic traffic aware protection system is provided in the embodiment of fig. 4.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
In order to solve the problem of low availability of a link time slot caused by unreasonable time slot resource allocation and low time slot sharing degree in a quantum key distribution optical network, the invention provides a dynamic service aware protection method for improving the success rate of key allocation and the utilization rate of the time slot resources. In the method, the service is divided into three security levels, the system can automatically allocate a proper quantum channel for the service according to the security level required by the service, and the key used for service encryption can be updated according to different security levels of each service and corresponding key updating periods.
As shown in fig. 1, an embodiment of the present invention proposes a protection method for dynamic service awareness, where the method includes:
step S1: initializing a quantum key distribution light network model G (N, L, W, S), wherein N is a switching node set of the quantum key distribution light network, L is a directed optical fiber link set, W is an available quantum channel set, S is an available time slot set of each quantum channel, and I N I, I L I, I W I and I S I respectively represent the switching nodes of the quantum key distribution light network, the optical fiber links, the quantum channels and the number of available time slots in each quantum channel;
step S2: generating a service R (s, d, t based on a quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d and a service arrival time t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition;
step S3: based on the generated service, establishing an alternative working path and an alternative protection path set;
step S4: adopting different time slot resource allocation strategies to allocate time slots for the working path and the protection path;
step S5: according to different security levels of each service, carrying out key updating on the quantum key according to different periods;
step S6: when the service leaves, the dynamic service adjustment is carried out on all links occupied by the service protection path, and the time slot allocation is carried out again for the service to be adjusted.
As can be seen from the above technical solutions, the embodiments of the present invention provide a protection method for dynamic service awareness, which introduces the concept of time slot availability of a link, and can effectively reflect the current and subsequent carrying capacities of the link for quantum key distribution services. In the route calculation process, definition of the route construction cost is introduced, and a more reasonable alternative working set and a protection path set are found through K shortest path algorithms. When the time slot is allocated, different time slot allocation methods are adopted for the working path and the protection path respectively when the time slot resource is allocated by considering the difference of the time slot occupation modes of the working path and the protection path. Meanwhile, in order to alleviate the problem of frequent time slot resource conflict caused by the arrival and departure of a large number of dynamic services, a dynamic service adjustment method is adopted, so that the time slot sharing degree is improved again, and the time slot availability of the link occupied by the released protection path is improved. Therefore, the invention can obviously improve the success rate of quantum key distribution and the utilization rate of time slot resources, and simultaneously ensure the service quality of the service in the transmission process. The invention can greatly improve the success rate of quantum key distribution and the time slot resource utilization rate, and simultaneously improve survivability by using a sharing protection method.
Further, in step S1, a quantum key distribution luminescent network model G (N, L, W, S) is initialized. The method comprises the steps of reading an optical network topological structure, the link state in an optical network, the number of network quantum nodes, the number of optical fiber links, the number of all available quantum channels of each optical fiber link and the number of available time slots of each quantum channel. Wherein, N is a quantum key distribution light network exchange node set, L is a directed optical fiber link set, W is an available quantum channel set, S is an available time slot set of each quantum channel, and N, L, W, S respectively represent the number of quantum nodes, optical fiber links, quantum channels, and available time slots in each quantum channel in the quantum key distribution light network.
Further, in step S2, a service R (S, d, t) is generated based on the quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d and a service arrival time t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition is prepared. Specifically, the service is generated according to the uniform distribution of the source node and the destination node, and the number of the connection services, the source node and the destination node which are connected with the service in different ways, the service arrival time, the service duration time, the security level required by the service and the time slot required by the service are configured.
Further, in step S3, based on the generated service, an alternative working path and an alternative protection path set are established, which specifically includes:
availability function defined first:
in which W is l Representing the slot availability of link l, a represents the set of current free slot blocks, |a| represents the number of free slot blocks, α ω Indicating the number of slots contained in the omega free slot block. V (V) l w The time slot change degree of the link l is represented, and the definition is shown in the following formula:
wherein t is 0 Indicating the time of arrival of the current service;is a Boolean variable, if t 0 Time link lThe ith time slot on the channel is occupied by any traffic, then +.>Equal to 1; otherwise equal to 0; />Representing a logical exclusive-or operation; />Indicated at t 0 The total number of all the time slots available at the time instant.
In order to increase the probability of successful establishment of the working path and the protection path, the path with the least loss of time slot availability is preferentially selected to transmit the current service. To achieve this, the present invention defines a cost function C for path p p The following are provided:
wherein C is p Representing the cost function of path p, W l a And W is l b Indicating the availability of time slots on link l before and after the time slot pre-allocation, respectively.
When selecting a path, the cost function C is used p Set as the road construction cost. When working paths are calculated, K paths with the least time slot availability loss are selected by adopting K shortest path algorithms (KSP) according to a path building cost function to form an alternative working path set; if the set of alternative working paths is empty, the service is blocked. When calculating the protection paths, adopting K shortest path algorithms according to the path building cost function, and selecting K paths with the least time slot availability loss to form an alternative protection path set; if the set of alternative protection paths is empty, the service is blocked.
Further, in step S4, since the shared slot can only be used to establish the protection path, it cannot be used to establish the working path. If the same time slot allocation method is adopted when the working path and the protection path are established, the success rate of the service is lower. Thus, the present invention adopts different slot resource allocation policies when establishing the two types of paths.
Specifically, when time slots are allocated to the working paths, a first hit algorithm (FF) is adopted on a quantum channel corresponding to the current service security level, alternative working path sets are traversed in sequence from low to high according to the construction cost to find available time slots, namely continuous available time slot blocks are searched from the earliest time slot, and the first traversed continuous idle time slot blocks meeting the service requirements are used for establishing the working paths for the current service. When time slots are allocated for the protection paths, a tail hit algorithm is adopted on a quantum channel corresponding to each service security level, continuous available time slot blocks are searched from the last time slot, and the first traversed idle time slot blocks meeting the service requirements are used for establishing the protection paths for the current service.
Further, in step S5, to further enhance security and avoid eavesdropping attacks, the key used for data encryption needs to be periodically updated, making it difficult for an eavesdropper to crack. The invention updates the key of the quantum key according to different periods according to different security levels of each service.
Further, in step S6, slot resource collision may frequently occur when a limited quantum channel is used to transmit a large amount of traffic due to dynamic arrival and departure of traffic. To alleviate this problem, the present invention adopts a method of dynamic service adjustment, which can improve the sharing degree of time slot resources and reduce service conflicts.
Specifically, when a service leaves, firstly, before releasing the time slot resources occupied by the current protection path, two indexes I are set for each link occupied by the service 1 And I 2 Wherein I 1 Index corresponding to the earliest slot among the slots occupied by all the protected paths on the link, I 2 An index corresponding to a first time slot occupied by a currently leaving service on the link; then traversing all links belonging to I in the protection path occupied by the service 1 To I 2 Time slots within range, if a certain time slot is occupied by a protection pathAdding the service occupying the time slot into a small root pile which is ordered from small to large according to the number of occupied time slots, and releasing the currently leaving service; and finally, sequentially ejecting the service to be adjusted from the small root pile, reusing a tail hit algorithm, starting searching from the last available time slot, and re-allocating the time slot for the service to be adjusted.
As can be seen from the above scheme, the specific implementation flow of the method of the present invention is shown in FIG. 2.
Example two
To further illustrate the advantages of the present invention, the following description is provided in connection with specific examples.
As shown in fig. 3, in the embodiment of the present invention, it is described how to calculate the availability of the link time slot, how to select the working path and the protection path according to the cost function, how to allocate the time slot resources for the working path and the protection path, and how to perform dynamic traffic adjustment. Thus, the success rate of service establishment is increased while the survivability is considered. Specific examples are as follows:
(1) The network is initialized. As shown in fig. 3 (a), it is a network topology structure diagram composed of 4 nodes and 5 links. Each quantum channel of each link is further divided into 6 time slots by a time division multiplexing technique. Meanwhile, the state of the slot on each link thereof is already given in fig. 3 (a).
(2) And generating a service. Establishing a service R 1 (3,2,1,8,2,2). It represents the traffic R 1 When the time 1 arrives, for 8 time units, one working path and one protection path each with the consumption time slot number of 3 need to be established from 3 nodes to 2 nodes, and the security level of the service is 2.
(3) Working path selection and slot resource allocation. There are three alternative paths 3-2,3-1-2,3-4-2 from node 3 to node 2. The number of available free slots on path 3-4-2 is removed from the alternative set because it is less than 2. And respectively adopting a first hit method to pre-allocate time slot resources for the two selectable paths, and calculating the cost of establishing a working path on each path through the defined path establishment cost. The link slot states before and after the pre-allocation and the inverse of the slot availability of each link on the two alternative paths are shown in fig. 3 (b) and fig. 3 (c), respectively. The construction costs for the routes 3-2 and 3-1-2 are calculated to be 0.419 and 0.993, respectively. Therefore, the path 3-2 with lower cost is finally selected to establish the working path, and the time slot used is selected as the 2 nd to 3 rd time slot.
(4) Protection path selection and slot resource allocation. There are three alternative paths 3-2,3-1-2,3-4-2 from node 3 to node 2. The number of available free slots on path 3-2 and path 3-4-2 is removed from the alternative set because they are less than 2. And (5) adopting a tail hit method to pre-allocate time slot resources for the optional paths. And finally, selecting a path 3-1-2 to establish a protection path, wherein the time slot used in the selection is the 5 th to 6 th time slot. The status of each link slot after the protection path establishment is completed is shown in fig. 3 (d).
(5) And (5) leaving the business. Exhibiting previously completed traffic R 3 (3,2,0,2,2,1) leaving procedure with a working path of 3-2, occupying the 4 th time slot. The protection path is 3-4-2, and occupies the 5 th time slot. When R is 3 After the service duration time of the (b) is reached, the time slot resources occupied by the working path and the protection path are released. The status of each link slot after release is shown in fig. 3 (e).
(6) Dynamic traffic adjustment. And when one service leaves, carrying out dynamic service adjustment on all links occupied by the service protection path. In service R 3 And when leaving, the traffic on the path link 3-4 and the path link 4-2 is regulated. With service R 4 The adjustment of (3,2,0,3,2,1) is exemplified by the guard path being 3-4-2, occupying the 4 th slot. R is R 4 To a small root heap ordered from small to large in the number of occupied slots and to release this occupied slot. R is then removed from the root stack 4 And (3) popping up, re-using a tail hit method to allocate the time slot, and allocating the time slot to the 6 th time slot on the link 3-4 and the link 4-2 for transmission, wherein the 6 th time slot is shared with other protection paths. The method improves the time slot sharing degree and the time slot availability of the link. The inverse of the time slot availability of each link on the release path before and after implementing the dynamic traffic adjustment method is shown in fig. 3 (e) and fig. 3 (f), respectively.
Example III
As shown in fig. 4, the present invention provides a dynamic traffic aware protection system comprising:
the quantum key distribution optical network initializing module 10 is configured to initialize a quantum key distribution optical network model G (N, L, W, S), where N is a set of switching nodes of the quantum key distribution optical network, L is a set of directed optical fiber links, W is a set of available quantum channels, S is a set of available time slots of each quantum channel, and N, L, W, S respectively represent the number of available time slots in the switching nodes of the quantum key distribution optical network, the optical fiber links, the quantum channels, and each quantum channel;
a service generation module 20 for generating a service R (s, d, t based on the quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d and a service arrival time t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition;
an alternative working path and alternative protection path set establishing module 30, configured to establish an alternative working path and an alternative protection path set based on the generated service;
a time slot resource allocation module 40, configured to allocate time slots for the working path and the protection path by adopting different time slot resource allocation policies;
the quantum key updating module 50 is configured to update the quantum key according to different security levels of each service and different periods;
the dynamic service adjustment module 60 is configured to dynamically adjust all links occupied by the service protection path when the service leaves, and re-allocate time slots for the service to be adjusted.
The embodiment of the dynamic service aware protection system in the present embodiment is applicable to implementing the foregoing dynamic service aware protection method, so that the detailed implementation of the dynamic service aware protection system in the quantum key distribution optical network may refer to the description of the corresponding embodiments of each part, for example, the quantum key distribution optical network initialization module 10, the service generation module 20, the alternative working path and the alternative protection path set establishment module 30, the timeslot resource allocation module 40, the quantum key update module 50, and the dynamic service adjustment module 60, which are respectively used to implement steps S1, S2, S3, S4, S5, and S6 in the foregoing dynamic service aware protection method, so that redundancy is avoided.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations and modifications of the present invention will be apparent to those of ordinary skill in the art in light of the foregoing description. It is not necessary here nor is it exhaustive of all embodiments. And obvious variations or modifications thereof are contemplated as falling within the scope of the present invention.
Claims (10)
1. A method for protecting dynamic service awareness, comprising:
step S1: initializing a quantum key distribution light network model G (N, L, W, S), wherein N is a switching node set of the quantum key distribution light network, L is a directed optical fiber link set, W is an available quantum channel set, S is an available time slot set of each quantum channel, and I N I, I L I, I W I and I S I respectively represent the number of switching nodes of the quantum key distribution light network, optical fiber links, quantum channels and the number of available time slots in each quantum channel;
step S2: generating a service R (s, d, t based on a quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d and a service arrival time t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition;
step S3: based on the generated service, establishing an alternative working path and an alternative protection path set;
step S4: adopting different time slot resource allocation strategies to allocate time slots for the working path and the protection path;
step S5: according to different security levels of each service, carrying out key updating on the quantum key according to different periods;
step S6: when the service leaves, the dynamic service adjustment is carried out on all links occupied by the service protection path, and the time slot allocation is carried out again for the service to be adjusted.
2. The method for protecting dynamic traffic perception according to claim 1, wherein in step S1, the method for initializing the quantum key distribution network model G (N, L, W, S) is as follows:
the method comprises the steps of reading an optical network topological structure, the link state in an optical network, the number of network quantum nodes, the number of optical fiber links, the number of all available quantum channels of each optical fiber link and the number of available time slots of each quantum channel.
3. The method according to claim 1, wherein in step S2, the traffic R (S, d, t a ,γ,t s ) The method of (1) is as follows:
and generating services according to the uniform distribution of the source nodes and the destination nodes, and configuring the number of connected services, the source nodes and the destination nodes which are connected with the services differently, the service arrival time, the service duration time, the security level required by the services and the time slot required by the services.
4. The method for protecting dynamic service awareness according to claim 1, wherein in step S3, the method for establishing the alternative working path and the alternative protection path set based on the generated service specifically comprises:
based on the generated service, calculating the time slot availability of each link according to a defined availability function;
when working paths are calculated, K paths with the least time slot availability loss are selected by adopting K shortest path algorithms according to a path building cost function to form an alternative working path set;
when the protection paths are calculated, K paths with the least time slot availability loss are selected by adopting K shortest path algorithms according to the path construction cost function, so that an alternative protection path set is formed.
5. The protection method for dynamic service awareness according to claim 4, wherein when calculating the protection path, in order to ensure that the service can resume key distribution in time when the working path fails, a path that does not intersect with the working path needs to be selected; therefore, each link of the working path is disconnected, and K paths with the least time slot availability loss are selected according to the construction cost function to form an alternative protection path set.
6. The method of dynamic traffic-aware protection according to claim 4, wherein the availability function is expressed as follows:
in which W is l Representing the slot availability of link l, a represents the set of current free slot blocks, |a| represents the number of free slot blocks, α ω Indicating the number of slots contained in the omega free slot block.The time slot change degree of the link l is represented, and the definition is shown in the following formula:
wherein t is 0 Indicating the time of arrival of the current service;is a Boolean variable, if t 0 The ith time slot on time link l is occupied by any traffic, then +.>Equal to 1; otherwise equal to 0; and represents a logical exclusive-or operation; />Indicated at t 0 The total number of all the time slots available at the time instant.
7. The method of dynamic traffic-aware protection according to claim 4, wherein the cost function is expressed as follows:
wherein C is p Representing the cost function of path p, W l a And W is l b Indicating the availability of time slots on link l before and after the time slot pre-allocation, respectively.
8. The method for protecting dynamic service awareness according to claim 1, wherein in step S4, the method for allocating timeslots for the working path and the protection path by adopting different timeslot resource allocation policies specifically comprises:
when time slots are allocated for the working paths, a first hit algorithm is adopted on a quantum channel corresponding to the current service security level, alternative working path sets are traversed in sequence from low to high according to the road construction cost to find available time slots, namely continuous available time slot blocks are searched from the earliest time slot, and the first traversed continuous idle time slot blocks meeting the service requirements are used for establishing the working paths for the current service;
when time slots are allocated for the protection paths, a tail hit algorithm is adopted on a quantum channel corresponding to each service security level, continuous available time slot blocks are searched from the last time slot, and the first traversed idle time slot blocks meeting the service requirements are used for establishing the protection paths for the current service.
9. The method for protecting dynamic service awareness according to claim 1, wherein in step S6, when there is a service departure, the method for dynamically adjusting the service for all links occupied by the service protection path specifically includes:
when the service leaves, firstly, before releasing the time slot resource occupied by the current protection path, two indexes I are set for each link occupied by the service 1 And I 2 Wherein I 1 Index corresponding to the earliest slot among the slots occupied by all the protected paths on the link, I 2 An index corresponding to a first time slot occupied by a currently leaving service on the link; then traversing all links belonging to I in the protection path occupied by the service 1 To I 2 If a certain time slot is occupied by a protection path, adding the service occupying the time slot into a small root pile ordered from small to large according to the number of occupied time slots, and releasing the currently-leaving service; and finally, sequentially ejecting the service to be adjusted from the small root pile, reusing a tail hit algorithm, starting searching from the last available time slot, and re-allocating the time slot for the service to be adjusted.
10. A protection system for dynamic service awareness, characterized in that the system is configured to implement the protection method for dynamic service awareness according to any one of claims 1 to 9, and specifically includes:
the quantum key distribution lighting network initialization module is used for initializing a quantum key distribution lighting network model G (N, L, W, S), wherein N is a switching node set of the quantum key distribution lighting network, L is a directed optical fiber link set, W is an available quantum channel set, S is an available time slot set of each quantum channel, and N, L, W and S respectively represent the switching node of the quantum key distribution lighting network, the optical fiber link, the quantum channel and the number of available time slots in each quantum channel;
a service generation module for generating a service R (s, d, t) based on the quantum key distribution optical network model a ,γ,t s ) The service R consists of a source node s, a destination node d,Time of arrival of traffic t a Duration t of service d A security level gamma required for the service and a number t of time slots required for the service s Composition;
the alternative working path and alternative protection path set establishing module is used for establishing an alternative working path and an alternative protection path set based on the generated service;
the time slot resource allocation module is used for allocating time slots for the working path and the protection path by adopting different time slot resource allocation strategies;
the quantum key updating module is used for updating the quantum key according to different security levels of each service and different periods;
and the dynamic service adjustment module is used for carrying out dynamic service adjustment on all links occupied by the service protection path when the service leaves, and carrying out time slot allocation again for the service to be adjusted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311388923.4A CN117353914A (en) | 2023-10-25 | 2023-10-25 | Protection method and system for dynamic service perception |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311388923.4A CN117353914A (en) | 2023-10-25 | 2023-10-25 | Protection method and system for dynamic service perception |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117353914A true CN117353914A (en) | 2024-01-05 |
Family
ID=89362806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311388923.4A Pending CN117353914A (en) | 2023-10-25 | 2023-10-25 | Protection method and system for dynamic service perception |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117353914A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711517A (en) * | 2020-07-23 | 2020-09-25 | 苏州大学 | Quantum key distribution protection method and system based on service security level |
| CN112653766A (en) * | 2020-12-25 | 2021-04-13 | 中国电子科技集团公司第三十四研究所 | Intelligent service perception method |
| CN113766433A (en) * | 2021-09-09 | 2021-12-07 | 中国电子科技集团公司第三十四研究所 | Topology service sensing method of wireless channel equipment |
| WO2023108714A1 (en) * | 2021-12-13 | 2023-06-22 | 苏州大学 | Resource allocation method and system in quantum key distribution optical network |
-
2023
- 2023-10-25 CN CN202311388923.4A patent/CN117353914A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711517A (en) * | 2020-07-23 | 2020-09-25 | 苏州大学 | Quantum key distribution protection method and system based on service security level |
| CN112653766A (en) * | 2020-12-25 | 2021-04-13 | 中国电子科技集团公司第三十四研究所 | Intelligent service perception method |
| CN113766433A (en) * | 2021-09-09 | 2021-12-07 | 中国电子科技集团公司第三十四研究所 | Topology service sensing method of wireless channel equipment |
| WO2023108714A1 (en) * | 2021-12-13 | 2023-06-22 | 苏州大学 | Resource allocation method and system in quantum key distribution optical network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | Impairment-aware routing in translucent spectrum-sliced elastic optical path networks | |
| WO2022016593A1 (en) | Quantum key distribution protection method and system based on service security level | |
| Yuan et al. | A spectrum assignment algorithm in elastic optical network with minimum sum of weighted resource reductions in all associated paths | |
| CN108322392B (en) | Link damage perception energy efficiency routing method for differentiated services in elastic optical network | |
| Savva et al. | Physical layer-aware routing, spectrum, and core allocation in spectrally-spatially flexible optical networks with multicore fibers | |
| Oliveira et al. | Protection, routing, modulation, core, and spectrum allocation in SDM elastic optical networks | |
| CN112769550B (en) | Load balancing quantum key resource distribution system facing data center | |
| US20230308352A1 (en) | Optimization method and system for minimizing network energy consumption based on traffic grooming | |
| CN112737776B (en) | Data center-oriented quantum key resource allocation method for load balancing | |
| WO2023108715A1 (en) | Dedicated protection spectrum allocation method and system for space-division multiplexing optical network of data center | |
| Fujii et al. | Dynamic resource allocation with virtual grid for space division multiplexed elastic optical network | |
| Morita et al. | Dynamic spectrum allocation method for reducing crosstalk in multi-core fiber networks | |
| WO2023065705A1 (en) | Load-balancing traffic grooming method and system based on ip over quasi-cwdm network | |
| Zhang et al. | Dynamic service provisioning in space-division multiplexing elastic optical networks | |
| CN107204935B (en) | Fault probability and load balancing compromise method and system for spectrum flexible optical network | |
| Moura et al. | Multipath routing in elastic optical networks with space-division multiplexing | |
| CN109167637B (en) | Key pool filling resource determination method, device, equipment and readable storage medium | |
| CN113132827B (en) | Modulation adaptive route calculation method and device under elastic optical network | |
| CN101909223B (en) | Resource-based WDM optical network path protective P-cycle optimized configuration method | |
| Liu et al. | Resource efficiency improved approach for shared path protection in EONs | |
| JPWO2015182070A1 (en) | Optical network management apparatus and optical network management method | |
| CN117353914A (en) | Protection method and system for dynamic service perception | |
| CN115765988A (en) | Time slot perception shared path protection method and system in QKD optical network | |
| Yamada et al. | Survivable hierarchical optical path network design with dedicated wavelength path protection | |
| US10231035B2 (en) | Optical network controller and optical network control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |