Secure lightpath establishment method based on automatically switching optical network (ASON)

Abstract

The invention provides a secure lightpath establishment method based on an automatically switching optical network (ASON), relating to the establishment of lightpaths or light connection in a control plane of the ASON. The method can prevent malevolence or selfishness of internal nodes by employing the comprehensive wavelength reservation strategy to carry out integrity protection on the important objects in the GMPLS RSVP-TE message through the security mechanisms such as digital signature and message feedback. In addition, the method designs a corresponding key management mechanism according to the characteristic of close coupling between a routing module and a signaling module in the ASON and distributes a node public key certificate needed in the process of establishing the lightpath by adopting the PKLSA message of OSPF-TE. The method has the characteristics of fast lightpath establishment, short attack detection and low message load while ensuring secure establishment of the lightpaths, and is especially suitable for secure establishment of light connection in the control plane in the ASON.

Description

Technical field: [0001] The invention belongs to the technical field of signaling and routing in the automatic switching optical network ASON, and in particular relates to the safe establishment of the optical path in the ASON network. The method can ensure the safe establishment of the optical path, and at the same time has lower connection blocking probability, shorter optical path establishment time, and lower message load. Background technique: [0002] ASON (Automatically Switching Optical Networks) is the mainstream technology of the next-generation optical network. It introduces the concept of control plane to the traditional optical network, enabling the optical network to realize automatic switching under the control of routing and signaling. At the same time, it also enables ASON to provide many functions that traditional optical networks do not have in the environment of heterogeneous network interconnection of multi-vendor equipment, such as end-to-end connection...

AI Technical Summary

Problems solved by technology

For example, attackers use abnormal means or spam PATH or RESV messages to exhaust resources such as wavelengths on optical links, so as to reduce communication performance or destroy communication

Moreover, the effect of this attack is likely to be amplified after passing through multiple switching network elements, so that the quality of service of a single autonomous domain or the entire optical transport network is greatly reduced

[0015] (2) Passive attack

Compared with the Hop-by-Hop protection mechanism and the SDS / CD method, it is a compromise security solution between the two in terms of performance, which has strong scalability but high overhead

In addition, there are no invention patents involving optical network control plane security technology in domestic and foreign patents

[0021] To sum up, on the one hand, the current security mechanism for the signaling protocol RSVP is still far from perfect, and it is difficult to achieve an acceptable balance between security and performance

Images