idnits 2.17.1 draft-li-rtgwg-photonic-firewall-rsa-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- -- The document has an IETF Trust Provisions (28 Dec 2009) Section 6.c(ii) Publication Limitation clause. If this document is intended for submission to the IESG for publication, this constitutes an error. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 2 instances of lines with non-ascii characters in the document. == It seems as if not all pages are separated by form feeds - found 0 form feeds but 9 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 29, 2021) is 1032 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 rtgwg X. Li 3 Internet Draft L. Zhang 4 Intended status: Informational Y. Tang 5 Expires: December 2021 Z. Shi 6 S. Huang 7 BUPT 8 June 29, 2021 10 Photonic firewall oriented routing and spectrum allocation strategy 11 in optical networks 12 draft-li-rtgwg-photonic-firewall-rsa-01.txt 14 Status of this Memo 16 This Internet-Draft is submitted in full conformance with the 17 provisions of BCP 78 and BCP 79. This document may not be modified, 18 and derivative works of it may not be created, and it may not be 19 published except as an Internet-Draft. 21 This document may contain material from IETF Documents or IETF 22 Contributions published or made publicly available before November 23 10, 2008. The person(s) controlling the copyright in some of this 24 material may not have granted the IETF Trust the right to allow 25 modifications of such material outside the IETF Standards Process. 26 Without obtaining an adequate license from the person(s) controlling 27 the copyright in such materials, this document may not be modified 28 outside the IETF Standards Process, and derivative works of it may 29 not be created outside the IETF Standards Process, except to format 30 it for publication as an RFC or to translate it into languages other 31 than English. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF), its areas, and its working groups. Note that 35 other groups may also distribute working documents as Internet- 36 Drafts. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 The list of current Internet-Drafts can be accessed at 44 http://www.ietf.org/ietf/1id-abstracts.txt 46 The list of Internet-Draft Shadow Directories can be accessed at 47 http://www.ietf.org/shadow.html 49 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 50 strategy in optical networks June 2021 52 This Internet-Draft will expire on June December 29, 2021. 54 Copyright Notice 56 Copyright (c) 2020 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (http://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. 66 Abstract 68 The photonic firewall oriented routing and spectrum allocation 69 strategy in elastic optical networks is proposed. For the security 70 detecting requirement, each light-path should pass through at least a 71 photonic firewall. To reduce the blocking rate and improve the 72 spectrum efficiency, the whole network is divided into several parts 73 according to the locations of all deployed photonic firewalls. A 74 photonic firewall is responsible for the security detecting for each 75 part. This strategy has a low complexity and is suitable for large- 76 scale optical networks. 78 Table of Contents 80 1. Introduction...................................................3 81 2. Conventions used in this document..............................4 82 3. Motivation.....................................................4 83 4. Photonic Firewall Oriented Routing and Spectrum Allocation 84 Strategy..........................................................4 85 4.1. Photonic Firewall.........................................4 86 4.2. Secure Connection Establishment Requirement...............6 87 4.3. Photonic Firewall oriented Routing and Spectrum Allocation 88 Strategy.......................................................6 89 5. Security Considerations........................................7 90 6. IANA Considerations............................................7 91 7. References.....................................................7 92 7.1. Normative References......................................7 93 7.2. Informative References....................................8 95 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 96 strategy in optical networks June 2021 98 1. Introduction 100 This document describes the photonic firewall oriented routing and 101 spectrum allocation strategy in optical networks. Optical networks 102 which take advantages of high-speed and large-capacity has been 103 widely applied to access, backbone transmission, data center 104 interconnection, inter-satellite link, etc. Many new technologies are 105 emerging with the aim of improving the capacity of optical fiber, 106 such as optical orthogonal frequency division multiplexing (O-OFDM) 107 and space division multiplexing (SDM). The accommodated traffic is 108 booming, and more services are emerging, such as cloud computing, big 109 data, augmented reality, and virtual reality. Since the accommodated 110 traffic is very large, the secure transmission becomes more and more 111 important. Due to the large amount of transmission information, wide 112 coverage, and QoT sensitivity, optical networks are highly vulnerable 113 to eavesdropping and attacks. The common attacks exist in optical 114 networks can be simply divided into two parts. One aims for optical 115 device and the other aims for network management. Attacks for optical 116 fiber include eavesdropping, interception, in-band interference, 117 signal delays [Fok2011]. To ensure secure data transmission, some 118 security technologies such as optical encryption, quantum key 119 distribution, chaotic encryption, node/line reinforcement, optical 120 steganography [Wang2010], etc., have been proposed. These 121 technologies help to ensure the confidentiality and integrity of data 122 transmission over optical networks. However, when invasions and 123 attacks are hidden in the transmitted data, these technologies are 124 useless. Photonic firewall is an important network security device. 125 It leverages the all-optical pattern matching to directly identify 126 the signals in the optical domain, then distinguish hidden network 127 intrusions and attacks, and finally selects corresponding defense 128 means according to the set security policy. Thus, it can directly 129 realize intrusion detection and security protection in the optical 130 domain. Since the processing rate of the photonic firewall is far 131 great than that of the electronic firewall, a photonic firewall can 132 replace tens of thousands of electronic firewalls. In future, we 133 believe the photonic firewall can be widely used in the optical 134 backbone network, optical access network, optical datacenter network, 135 etc. A photonic firewall is composed of multiple all-optical logic 136 gate, regenerators, optical amplifiers, etc. The cost of the photonic 137 firewall is very high. In the early stage, the photonic firewall can 138 only be deployed just in a few places. To ensure each established 139 light-path can be obtained the security detecting, the photonic 140 firewall oriented routing and spectrum allocation strategy should be 141 designed. To avoid the traffic congestion on some fiber links or a 142 certain photonic firewall, we divide the whole topology into several 143 parts according to the number of and the locations of all deployed 145 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 146 strategy in optical networks June 2021 148 photonic firewalls. A photonic firewall is responsible for the 149 security detecting for each connection in the each part. 150 2. Conventions used in this document 152 This document makes use of the following acronyms: 154 QoT: Quality of Transmission 156 AI: Artificial Intelligence 158 SDM: Space Division Multiplexing 159 O-OFDM: Optical Orthogonal Frequency Division Multiplexing 161 In this document, these words will appear with that interpretation 162 only when in ALL CAPS. Lower case uses of these words are not to be 163 interpreted as carrying significance described in RFC 2119 [RFC2119]. 164 3. Motivation 166 Photonic firewall can directly realize the intrusion detection and 167 security protection in optical domain. A photonic firewall can 168 replace tens of thousands of electronic firewalls. Since the cost of 169 the photonic firewall is very high, it can only be deployed just in a 170 few places. In order to ensure that each established light-path can 171 be obtained the security detecting, the photonic firewall oriented 172 routing and spectrum allocation strategy should be designed for each 173 user request. The strategy has a low complexity and is suitable for 174 large-scale optical networks. 175 4. Photonic Firewall Oriented Routing and Spectrum Allocation Strategy 177 This section first gives introduce the photonic firewall and its 178 applications in optical networks. Then, the secure connection 179 establishment requirement is elaborated. At last, the photonic 180 firewall oriented routing and spectrum allocation strategy is 181 elaborated. 183 4.1. Photonic Firewall 185 Photonic firewall is an optical network device. It leverages the all- 186 optical pattern matching to directly identify the signals in the 187 optical domain, and then distinguish hidden network intrusions and 189 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 190 strategy in optical networks June 2021 192 attacks. It selects corresponding defense means according to the set 193 security policy. As presented in Figure 1, it can be deployed in the 194 important optical switching node, gateway node, or access node. The 195 all-optical pattern recognition is the core part of photonic 196 firewall. It is composed of one all-optical XNOR gate, all-optical 197 AND gate, and a regenerator, as shown in Figure 2. 198 +------------------------+ +---------------------+ 199 | | | | 200 | IP/Ethernet | | Optical Network | 201 | | | | 202 | +--------|--------+ +-----|-----------+ | 203 +------------------------+ | | +---------------------+ 204 | Core Router | |Photonic Firewall| 205 |Photonic Firewall| | | 206 | +-------------------------+ | 207 +----|------------+ +------|----------+ 208 | | 209 | Optical Network | 210 | | 211 | | 212 +-------------------------+ 213 Photonic Firewall Applications 215 Loop 216 --<--- 217 | nT | 218 -->--- +------+ 219 Data sequence------------>| | +------+ 220 Probe-------------------->| XNOR |----------->| AND |------->Output 221 Target sequence---------->| | ---->---->| | | 222 +------+ | | +------+ | 223 | | | 224 | | Recirculating | 225 Initialing signal | Loop | 226 | --<--- | 227 | |(n+1)T| | 228 | -->--- | 229 | +-----------+ | 230 |--|Regenerator|<-| 231 +-----------+ 232 All-optical pattern matching 234 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 235 strategy in optical networks June 2021 237 4.2. Secure Connection Establishment Requirement 239 For the security detecting requirement, each light-path should pass 240 through at least a photonic firewall. As presented in Fig. 3, three 241 photonic firewalls are deployed in nodes A, F, and D. There are 242 three light-paths are established in the network (B->A->G, G->F->C, 243 and E->D->C). Each light-path passes through a photonic firewall. 245 +---+ +---+ 246 | B |--------------| C | 247 /+---+ /+---+\ 248 / / \ / A A \ 249 / / \ / / \ \ 250 / / \ / / \ \ 251 / / \ / +----+ \ \ 252 +----+ / / \ / /| PF | \ \ +----+ 253 | PF |+---+/ +---+ +----+ \+---+| PF | 254 +----+| A X--------------| F/|--------------X D |+----+ 255 +---+\ +---+ /+---+ 256 \ \ / / \ / / 257 \ \ / / \ / / 258 \ \ / / \ / / 259 \ \ / / \ / / 260 \ V / / \ / / 261 \+---+/ +---+/ 262 | G |-------------| E | 263 +---+ +---+ 264 Secure Connection Establishment (PF denotes photonic 265 firewall) 266 4.3. Photonic Firewall oriented Routing and Spectrum Allocation Strategy 268 The photonic firewall oriented routing and spectrum allocation 269 strategy adopts the greedy strategy. For each user, it calculates 270 the closest photonic firewall. Thus, each photonic firewall has a 271 user set in which any user is closest to it. In other words, the 272 whole network is divided into several parts according to the 273 locations of all deployed photonic firewalls. When a new user 274 request arrive the network, the user first calculates the shortest 275 path to its closest photonic firewall, and then calculates the 276 shortest path from the photonic firewall to its destination. 277 Finally, the First-Fit algorithm is used to conduct spectrum 278 allocation on the two shortest paths. 280 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 281 strategy in optical networks June 2021 283 +--------------------+ +------------+ 284 | +---+| / +---+ / 285 | | B |--------------| C | / 286 | /+---+| / /+---+\ / 287 | Area1 / / \ / / A A \ / 288 | / / |\ / / / \ \ 289 | / / | \ / / / \ \ +------------+ 290 | / / | \ / / +----+ / \ \ | 291 |+----+ / / | \/ / /| PF | / \ \ +----+ | 292 || PF |+---+/ | /+---+ +----+/ / \+---+| PF | | 293 |+----+| A X--------------| F/|--------------X D |+----+ | 294 | +---+\ | / +---+ / / /+---+ | 295 +----------\-\-------+/ / / \ / / / / | 296 \ \ / / / \ / / / / | 297 \ \ / / / \/ / / / | 298 \ \ / / / /\ / / / Area3 | 299 \ V/ / / Area2 / \/ / / | 300 \+---+/ / /+---+/ | 301 /| G |-------------| E | | 302 / +---+ / / +---+ | 303 +------------+ +--------------------------+ 304 Photonic Firewall Area 306 As presented in Fig. 4, the whole network is divided into three 307 parts. In each part, a photonic firewall is responsible for the 308 security detecting for each user in this part. This strategy has a 309 low complexity and is suitable for large-scale optical networks. 311 5. Security Considerations 312 TBD 314 6. IANA Considerations 316 This document makes no request of IANA. 317 7. References 319 7.1. Normative References 321 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 322 Requirement Levels", BCP 14, RFC 2119, March 1997. 324 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 325 strategy in optical networks December 2020 327 7.2. Informative References 329 [Fok2011] M. P. Fok, Z. Wang, Y. Deng, and P. R. Prucnal, "Optical 330 Layer Security in Fiber-Optic Networks", IEEE 331 Transactions On Information Forensics and Security, 332 vol. 6, no. 3, pp. 725–736, 2011. 334 [Wang2010] Z. Wang, M. P. Fok, L. Xu, J. Chang, and P. R. Prucnal, 335 "Improving the privacy of optical steganography with 336 temporal phase masks", Opt. Express, vol. 18, no. 6, pp. 337 6079–6088, 2010. 339 Internet-DraftPhotonic firewall oriented routing and spectrum allocation 340 strategy in optical networks June 2021 342 Authors' Addresses 344 Xin Li 345 Beijing University of Posts and Telecommunications 346 10 Xitucheng Road, Haidian District, Beijing, China 348 Email: xinli@bupt.edu.cn 350 Lu Zhang 351 Beijing University of Posts and Telecommunications 352 10 Xitucheng Road, Haidian District, Beijing, China 354 Email: luzhang@bupt.edu.cn 356 Ying Tang 357 Beijing University of Posts and Telecommunications 358 10 Xitucheng Road, Haidian District, Beijing, China 360 Email: ytang@bupt.edu.cn 362 Zicheng Shi 363 Beijing University of Posts and Telecommunications 364 10 Xitucheng Road, Haidian District, Beijing, China 366 Email: zchshi@bupt.edu.cn 368 Shanguo Huang 369 Beijing University of Posts and Telecommunications 370 10 Xitucheng Road, Haidian District, Beijing, China 372 Email: shghuang@bupt.edu.cn