CN106412728B - The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception - Google Patents

The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception Download PDF

Info

Publication number
CN106412728B
CN106412728B CN201610800235.8A CN201610800235A CN106412728B CN 106412728 B CN106412728 B CN 106412728B CN 201610800235 A CN201610800235 A CN 201610800235A CN 106412728 B CN106412728 B CN 106412728B
Authority
CN
China
Prior art keywords
domain
path
business
security
link
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610800235.8A
Other languages
Chinese (zh)
Other versions
CN106412728A (en
Inventor
赵永利
宁贤
郁小松
张�杰
李亚杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201610800235.8A priority Critical patent/CN106412728B/en
Publication of CN106412728A publication Critical patent/CN106412728A/en
Application granted granted Critical
Publication of CN106412728B publication Critical patent/CN106412728B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0005Switch and router aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/12Shortest path evaluation
    • H04L45/123Evaluation of link metrics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The routing of multiple domain elastic optical network and frequency spectrum distributing method and system of attack perception provided by the invention, this method comprises: classifying according to the path of business to business when business is reached, determining LRpsType, LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink node all in the domain;Step determines optional path set;For each of optional path set alternative path, path in its domain is assessed using security evaluation matrix, to determine the path of general safety least risk;Optical path is transmitted based on the traffic assignments that identified path is each type;It is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.The present invention can assess the security threat being likely to occur, and be routed according to the result of assessment and distributed with frequency spectrum, can effectively perceive attack in this way, enhance the safety of physical layer of multiple domain elastic optical network.

Description

The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception
Technical field
The invention belongs to field of communication technology, in particular to the multiple domain elastic optical network routing of a kind of attack perception and frequency spectrum Distribution method and system.
Background technique
In multi-area optical network, hyperchannel carries the data of vast capacity between domain.If boundary node without Photoelectric conversion, since there is the loopholes in physical layer, such as different clients to share optical module and can bring for optical-fiber network itself Multiple physical layers security threat (inter-channel crosstalk, gain competition etc.).Nowadays transparent optical networks are by high-speed, low time delay, low The advantage of cost already becomes the important directions that future optical networks develop evolution, and capital branch can be greatly increased by implementing photoelectric conversion It is paid out with operation, can not meet the needs of optical-fiber network transparence.Elastic optical network can realize a variety of speed data flows Effectively carrying, the frequency spectrum resource distribution of high-efficient elastic, are the new networks for meeting development of optical network direction.With fixed frequency spectrum interval Wavelength-division multiplex technique compare, the availability of frequency spectrum, and energy is greatly improved in the elastic optical network technology based on flexible grid Enough flexible bandwidth granularity is provided for user.Assuming that multiple domain elastic optical network be it is transparent or translucent, boundary node without Electric treatment is crossed, under such a scenario if using service request between business offer scheme processing domain internal area in existing domain, suddenly The safety problem of physical layer slightly between domain, once meet with attack, caused by loss will be difficult to imagine.For example attacker can be from adjacent domains Implement cross-domain attack progress listening in information by insertion interference signal, distort, will be greatly reduced the transmission quality of hyperchannel, Carry out great security threat to Netowrk tape.
It can be seen that the business offer scheme of safety of physical layer becomes particularly important between research joint consideration domain internal area.
Summary of the invention
The safety of physical layer of one object of the present invention enhancing multiple domain elastic optical network.
In order to achieve the above object, in a first aspect, the present invention provides a kind of multiple domain elastic optical network roads of attack perception By with frequency spectrum distributing method, comprising:
Step S1 classifies to business according to the path of business, determines LR when business is reachedpsType, LRstType And LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink Node is all in the domain;
Step S2, determines optional path set;
Step S3, for each of optional path set alternative path, using security evaluation matrix to its road Yu Nei Diameter is assessed, to determine the path of general safety least risk;The security evaluation matrix is shared for evaluating multiple optical paths Security threat when identical optical module;
Step S4 is that all types of traffic assignments transmit optical path based on identified path;
Step S5 is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.
Optionally, the step S3 includes:
Step S31, for each alternative path, according to security risk value, root in security evaluation matrix A computational domain in domain According to security risk value between security evaluation matrix B computational domain between domain;And pacify between security risk value and domain according in the domain being calculated Full value-at-risk determines general safety value-at-risk;Wherein, in domain between alternative path of the security evaluation matrix A for business in description field Security risk;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsType service it is alternative Corresponding security risk between path;
Step S32 selects security risk to be worth the smallest alternative path the smallest path of security risk as a whole.
Optionally, LR is classified as when the businessinWhen type, the step S4 is specifically included:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
Optionally, the step S5 includes:
Step S51 traverses all links that the Work route of all types of business passes through, searches and these link sharing sections The link set of point;
Step S52, in incompatible business shared link, is added and protects for the link in the link set found Protect the constraint of frequency band;
Step S53, for the link in the link set found, in incompatible business unshared link but shared node When, the constraint for avoiding spectrum overlapping is added.
Optionally, the step S2 includes: to determine transmission path number according to the security level of business in domain, determines alternative road Diameter set.
Second aspect, the present invention provides it is a kind of attack perception multiple domain elastic optical network routing and spectrum allocation system, Include:
Taxon, for classifying according to the path of business to business, determining LR when business reachespsType, LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRin Indicate sourcesink node all in the domain;
Alternative path determination unit, for determining optional path set;
Path determining unit carries out path in its domain using security evaluation matrix for being directed to each alternative path Assessment, to determine the path of general safety least risk;The security evaluation matrix for evaluate multiple optical paths share it is identical Security threat when optical module;
Optical path distribution unit, for being that all types of traffic assignments transmit optical path based on identified path;
Frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.
Optionally, the path determining unit is used to be directed to each alternative path, using security evaluation matrix to its domain Interior path is assessed, to determine the path of general safety least risk, comprising:
For each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, pacify according between domain Security risk value between full evaluating matrix B computational domain;And according to security risk value between security risk value and domain in the domain being calculated Determine general safety value-at-risk;Wherein, security evaluation matrix A is used for the safety wind in description field between the alternative path of business in domain Danger;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsPhase between the alternative path of type service The security risk answered;
Security risk is selected to be worth the smallest alternative path the smallest path of security risk as a whole.
Optionally, LR is classified as when the businessinWhen type, the optical path distribution unit is also used to:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
Optionally, the frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as industry Business distribution frequency spectrum, comprising:
All links that the Work route of all types of business passes through are traversed, the link with these link sharing nodes is searched Collection;
Guard band is added in incompatible business shared link for the link in the link set found Constraint;
For the link in the link set found, in incompatible business unshared link but shared node, addition is kept away Exempt from the constraint of spectrum overlapping.
Optionally, the alternative path determination unit, for determining optional path set, comprising:
Transmission path number is determined according to the security level of business in domain, determines optional path set.
The routing of multiple domain elastic optical network and frequency spectrum distributing method and system of attack perception provided by the invention, can be to can The security threat that can occur is assessed, and is routed according to the result of assessment and is distributed with frequency spectrum, in this way can be effective Perception attack, enhances the safety of physical layer of multiple domain elastic optical network.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, embodiment will be described below Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some Example for those of ordinary skill in the art without creative efforts, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 is the routing of multiple domain elastic optical network and the frequency spectrum distribution side for a kind of attack perception that one embodiment of the invention provides The flow diagram of method;
Fig. 2 is that a kind of multiple domain elastic optical network routing for attack perception that yet another embodiment of the invention provides is distributed with frequency spectrum The flow diagram of method;
Fig. 3 is a kind of flow chart of embodiment of the part steps in Fig. 2;
Fig. 4 is the routing of multiple domain elastic optical network and the frequency spectrum distribution side for a kind of attack perception that one embodiment of the invention provides The schematic diagram of network scenarios applied by method;
Fig. 5 is that the multiple domain elastic optical network routing of the attack perception provided using one embodiment of the invention is distributed with frequency spectrum Frequency spectrum resource occupancy situation in network when method;
Fig. 6 is a kind of multiple domain elastic optical network routing for attack perception that one embodiment of the invention provides and frequency spectrum distribution is The structural schematic diagram of system.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, ordinary skill people every other reality obtained without creative efforts Example is applied, shall fall within the protection scope of the present invention.
In a first aspect, the present invention provides a kind of multiple domain elastic optical network routing of attack perception and frequency spectrum distributing method, Referring to Fig. 1, comprising:
Step S1 classifies to business according to the path of business, determines LR when business is reachedpsType, LRstType And LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink Node is all in the domain;
Step S2, determines optional path set;
Step S3, for each of optional path set alternative path, using security evaluation matrix to its road Yu Nei Diameter is assessed, to determine the path of general safety least risk;The security evaluation matrix is shared for evaluating multiple optical paths Security threat when identical optical module;
Step S4 is LR based on identified pathinEach traffic assignments of type transmit optical path;
Step S5 is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.
The routing of multiple domain elastic optical network and frequency spectrum distributing method and system of attack perception provided by the invention, can be to can The security threat that can occur is assessed, and is routed according to the result of assessment and is distributed with frequency spectrum, in this way can be effective Perception attack, enhances the safety of physical layer of multiple domain elastic optical network.
In the specific implementation, above-mentioned each step can have numerous embodiments, such as in the specific implementation, step Rapid S3 can specifically be implemented as follows:
Step S31, for each alternative path, according to security risk value, root in security evaluation matrix A computational domain in domain According to security risk value between security evaluation matrix B matrix computational domain between domain;And according to security risk value and domain in the domain being calculated Between security risk value determine general safety value-at-risk;Wherein, alternative road of the security evaluation matrix A for business in description field in domain Security risk between diameter;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsType service Corresponding security risk between alternative path;
Step S32 selects security risk to be worth the smallest alternative path the smallest path of security risk as a whole.
Certainly in the specific implementation, those skilled in the art can also be real by establishing other kinds of security evaluation matrix Now to the assessment of risk.
For another example, above-mentioned step S4 can be specifically included: use data be dispersed in the mode transmitted in a plurality of optical path for LRinEach traffic assignments of type transmit optical path.
In some embodiments, the step S5 can be specifically included:
Step S51 traverses LRinAll links that the Work route of type service passes through are searched and these link sharing sections The link set of point;
Protection is added for the link in the link set found in step S52 when to incompatible business shared link The constraint of frequency band;
Step S53, for the link in the link set found, to incompatible business unshared link but shared node When, the constraint for avoiding spectrum overlapping is added.
In some embodiments, the step S2 may include: to determine transmission path according to the security level of business in domain Number, determines optional path set.
It is understandable to be, regardless of one of step in above-mentioned each step is implemented especially by which kind of mode, As long as this kind of mode can reach mutually should step purpose to be achieved, corresponding technical solution can achieve the present invention Basic object, should also fall into protection scope of the present invention.
In order to make it easy to understand, being distributed with frequency spectrum the multiple domain elastic optical network routing of attack perception provided by the invention below Method is described in more detail.The basic concepts being related to first to each embodiment of the invention are illustrated:
Network model
The safety problem of a transparent domain in multi-area optical network is analyzed, G (V, E) represents the network topology in this domain, and V is indicated Node set, E indicate link set,Indicate boundary node set, i.e., the entry/exit node requested between domain.Root of the present invention According to the risk and protection level of business optical path, the optical path request in G (V, E) is divided into three types: LRps(passes through or terminate In the domain), LRst(starting from the domain), LRin(sourcesink node is all in the domain).Due to LRpsEnter from boundary node, may carry There is crosstalk signal caused by being attacked as hyperchannel, it is believed that LRpsIt is that risk is highest, LRin、LRstRisk compared with It is low, for LRinHighest priority protection rank is taken, for LRstTake principle of doing one's best.Make it is assumed hereinafter that: 1) in order to save About resource saves expense, does not consider to undergo photoelectric conversion when cross-domain optical path enters boundary section, the signal in G (V, E) is all built It stands and is transmitted under the environment of full light;2) it can change the routing frequency spectrum distribution of service request between domain when necessary;3)E In each of the links e on have F frequency band (FS), S frequency band (FS) is used as guard band.
Use LRi *(s, d, b) indicates that optical path requests i.Wherein, * can be ps/st/in, indicate request type;S, d ∈ V points Sourcesink node is not represented, and b indicates required bandwidth resources, unit FS.
One, the security evaluation factor
Security evaluation factor (Security-evaluating Factor, SF) is defined to assess difference between the internal area of domain Optical path shares corresponding security threat when optical module.There are three types of situations for shared optical module, are that node is non-intersecting first, do not deposit In security threat;Followed by node intersection but Link-disjoint paths, it is understood that there may be crosstalk in inter-channel crosstalk and channel;It is finally chain Road intersection, it is not only possible to which there are crosstalks in inter-channel crosstalk and channel, it is also possible to there are problems that gain competition.It can thus be appreciated that three kinds The degree of danger of situation is the relationship of ascending arrangement.Assuming that SF points that node intersects but Link-disjoint paths intersect with link are ε1、ε2, corresponding SF can be calculated by formula 3.1 between two different light paths, wherein n1、n2Respectively indicate this two optical paths Node intersection occurs but the number of Link-disjoint paths and link intersection.
SF=n1·ε1+n2·ε2 (1)
It is an object of the invention to provide flexible RSA scheme for each service request, so that total by the SF in network Value is minimum.In the case where attack may all be met between the internal area of domain, there are two types of the SF of type, and one kind is for incredible industry between domain Business optical path in optical path of being engaged in and domain, for assessing the dangerous situation between domain, another kind is counted for for business in the same domain According to the different light paths in transmission optical path group, for assessing the dangerous situation in domain.(formula is not different both in calculation method 3.1), but two kinds of degree of danger is different.Due to LRpsBusiness optical path enters from boundary node between the domain of type, If meeting with, the extent of injury caused by attack is bigger, and risk is higher, and caused SF ratio is big as caused by optical path in other domains.Cause This need to be according to meeting with the probability of attack and cause when finally using security threat existing for SF quantization RSA scheme between the internal area of domain The extent of injury add weight to two kinds of SF, the degree of danger both being distinguish.
Two, security evaluation matrix
Security evaluation matrix B between security evaluation matrix A (formula 3.2) and domain is established in domain according to security evaluation factor S F (formula 3.3), for reflecting in network security situation between the internal area of domain, for SF value between the internal area of domain when assistance is routed It calculates.
(1) security evaluation matrix A in domain
Security evaluation matrix A is N × N square matrix in domain, is used to business LR in description fieldiAlternative path between corresponding SF Situation, N are alternative path sum, see formula 3.2.For LRiOptional path set, amnIt indicates LRiAlternative optical path m SF corresponding with alternative optical path n, can be calculated according to formula 3.1.It follows that matrix A is one Symmetrical matrix, aiiThere is no essential meaning, therefore is indicated in a matrix without specific value with *.
(2) security evaluation matrix B between domain
Assuming that there are 1 LRin, 2 LRpsThe optical path of type is requested, then security evaluation matrix B is N × 2M square between domain Battle array, for LR between the alternative path and domain of business in description fieldpsCorresponding SF situation between the alternative path of type service, N, M points Not Wei in each domain, between domain business alternative path number, wherein Respectively represent LRi∈LRin、LRj、LRk∈LRpsAlternative path collection.Indicate LRiThe m articles Alternative pathWith LRjNth alternative pathBetween corresponding SF, similarly known toMeaning.Specific SF value equally may be used It is calculated by formula 3.1.
Fig. 2 is the routing for the attack perception that one embodiment of the invention provides and the flow diagram of frequency spectrum distributing method.
When business reaches, classification processing is carried out to business first, is then determined and is passed according to the security level of business in domain Defeated number of path calculates alternative path collection using KSP algorithm business, according to corresponding SF between the calculating alternative path of formula 3.1, and builds It stands in domain, security evaluation matrix A and B between domain.For every kind of Route Selection, respectively according to SF in matrix A and matrix B computational domain with SF between domain, and network entirety SF value is acquired by formula 3.4.Select network entirety SF the smallest as final Route Selection.Such as Fruit is not successfully selected routing, then business establishes failure, otherwise to LRinBusiness carries out piecemeal processing and distributes transmission path, most Frequency spectrum distribution is carried out based on attack perception constraint afterwards to remove the link if can not find suitable frequency spectrum on certain road Tiao Lian E, resume at step one, otherwise business is successfully established.
Route Selection based on security evaluation matrix
In the present invention, for LRps、LRstBusiness only selects a transmission paths, alternative road between the domain of both types Diameter number is M;And for LRinThe business of type need to determine required number of path L (1 < L < N), safety level according to its security level Not higher L is bigger, and alternative path number is N.Route Selection process is as shown in Figure 2.
Alternative path is calculated using KSP algorithm first, and establishes security evaluation matrix A and B between the internal area of domain respectively.For LRinThe business of type is taken out L paths as transmission path from N alternative path, is formedKind Route Selection, with k table Show that kth kind selects, thenFor the L paths of kth kind selection, it is mutual that this L paths can be checked in from matrix A These SF values are added by the SF value of generation, can obtain SF value α in the domain of kth kind selectionk.Then is extracted in matrix B again The sum of every column element of row corresponding to the L paths of k kind selection, these corresponding rows represents business optical path between every alternative domain Corresponding SF summation, can thus be LR between selected L pathsjAnd LRkSF summation is chosen most in preceding M column and rear M column respectively Optical path corresponding to small column is as transmission path.The smallest two column SF summation is denoted as β at this timek, represent the domain of kth kind selection Between SF value.Assuming that according to the probability that attack is met between the internal area of domain and caused by the extent of injury obtain domain internal area between SF weight distinguish For λ1、λ2, meet λ12=1, then the network entirety SF of kth kind routing scheme is ρk, see formula 3.4.It willKind selection ρkAfter all calculating, the smallest ρ is selectedkCorresponding path is as LRi、LRj、LRkRouting plan.
For LRstBusiness between the domain of type may be other cross-domain in this overseas experience since destination node is in other domains Attack, the present invention is principle of doing one's best to its Preservation tactics.In selected LRi、LRj、LRkTransmission path after, establish matrix C (formula 3.5),For LRj、LRkSelected path,For LRstType service LRlIt is standby Path set is selected,It indicatesWithBetween corresponding SF,It indicatesWithBetween corresponding SF, specific SF value is by formula (3.1) it is calculated.Select the sum of column element i.e.In it is the smallest column it is correspondingAs LRlTransmission path.
ρk1·αk2·βk (4)
Traffic assignments transmission optical path rule in domain
To the business in domain, in such a way that data are dispersed in and transmit in a plurality of optical path, path allocation process such as Fig. 3 institute Show.First according to LRinType service LRiSecurity level determine number of sections K, higher grade, and K is bigger, then by data levelling It is cut into small pieces, respectively plus being packaged after location information field, recombinates number by these location information fields in destination node According to useIndicate LRiJ-th of data stripping and slicing, eachBandwidth demand beWherein 1≤j≤K.It is obtained by 3.3.1 One group of LRiTransmission pathKnown toIt willPeriodically distribute toIn every optical path, until Data block distribution terminates.Thus the data block for business in domain distributes transmission path.
Frequency spectrum distribution based on attack perception constraint
For LRinIts each data slicer is considered as common service request and carries out frequency spectrum distribution by the business of type.This hair It is bright by LRin/LRstWith LRpsIt is considered as incompatible business, to keep SF minimum, LRin/LRstWith LRpsBusiness optical path share optics Corresponding attack perception constraint is done when component: 1) node intersection but when Link-disjoint paths only considers inter-channel crosstalk, therefore want Avoid spectrum overlapping;2) gain competition is only considered when link intersects, therefore other than spectrum overlapping to be avoided, also need to be added and protect Frequency band (S FS).Due to LRinWith LRpsCompared to being more believable, therefore for LRinOptical path group does not make this when sharing optical module Constraint need to only meet general frequency spectrum distribution principle.Frequency spectrum allocation flow be broadly divided into the following three steps:
(1) LR is traversediWork route pass through all link { Em, find out the link set with these link sharing nodes {En}.Search all EmUpper available idle frequency range { [Fs,Fe], Fs、FeIndicate frequency band label.It is stored with Ω for LRiIt uses Frequency range.
(2) first to incompatible business shared link when be added guard band constraint.To every Em, select { [Fs, Fe] in position near preceding frequency range [Fs,Fe], check FsBefore and FeWhether S frequency band later is accounted for by not compatible business With, if occupied, Fs、FeIt increase accordingly or reduces.Update [Fs,Fe] after, if Fe-Fs≥bi Then by [Fs, Fe] be added in Ω, otherwise by [Fs,Fe] from { [Fs,Fe] in remove, repeat step (2).biFor service bandwidth demand.
(3) to incompatible business unshared link but shared node when, the constraint for avoiding spectrum overlapping is added.For { En} In each En, check [the F corresponded in Ωs,Fe] whether occupied by incompatible business.If occupied, by the frequency range It removes, repeats step (2) from Ω;It otherwise will be in [Fs,Fe] in by frequency spectrum distribution principle be the suitable frequency of traffic assignments Section.
A typical case example is named to better illustrate the specific implementation thinking of the present invention program.Fig. 4 is network Scene is made of three domains, and target is to improve the general safety level in domain 1.There are four service requests in network, it is carried out Classification:
Step 1: it is routed based on security evaluation matrix.
Alternative path is calculated with KSP algorithm, alternative path collection is obtained and is respectively as follows:Assuming that basisService security rank determine transmission path number be 2, then the target of scheme is in p1Two transmission of middle selection Path, in p2、p3、p4Middle to select a transmission paths respectively, the network entirety SF value that these paths selected generate is minimum.If ε1、ε2It is respectively as follows: 1,3, corresponding SF value can be calculated according to formula 3.1, establish matrixAnd matrixCorresponded to first according to matrix AThree kinds of selection Path selectionsDomain in SF be respectively: 4,2,2;Every kind of selection is then corresponded to, LR is obtained according to matrix B3LR4 Optimal path be respectively OrSF is respectively between obtaining domain: 4,6,5;Assuming that domain internal area Between meet with attack probability and caused by the extent of injury assessed after SF weight λ between the domain internal area that obtains1、λ2Be respectively as follows: 0.3, 0.7, it is respectively as follows: 4,4.8,4.1 according to the network entirety SF that formula 3.4 finds out these three selections, it can thus be appreciated that the first is routed The network overall security highest of selection, obtains Route SelectionAccording to for LR3LR4The road chosen DiameterEstablish matrixObtain LR2SelectionSF be respectively as follows: 1,2, it is known that should select Obtain final Route Selection are as follows:
Step 2: for business in domainCarry out path allocation.
Assuming that basisService security rank determine number of sections be 4, it is small that data flow is averagely cut into 4 Block is used respectively plus being packaged after location information fieldIndicate LR1J-th of data stripping and slicing, wherein 1≤j≤4.By 3.3.1 LR is obtained1Transmission path beThen final allocation result is?Upper transmission, ?Upper transmission.
Step 3: frequency spectrum distribution is carried out based on attack perception constraint.
Fig. 5 shows the distribution condition of frequency spectrum in network, other than the load of above four service requests, it is also contemplated that in network The frequency spectrum resource occupancy situation of original business.If giving?Frequency spectrum resource is distributed,Routing be 4-5- 8, i.e., three suitable frequency bands are distributed in 4-5 and 5-8 both links.Other than frequency spectrum consistency to be met, continuity, also need to examine Frequency is avoided when the shared optical module correlation attack perception constraint mentioned in worry 3.3.3, i.e. node intersection but Link-disjoint paths Spectrum overlapping, in addition to avoiding spectrum overlapping that guard band is also added when link intersects, it is assumed that need 2 FS as guard band, Finally the frequency band in 4-5 and 5-8 both links is distributed to
Second aspect, the present invention provides it is a kind of attack perception multiple domain elastic optical network routing and spectrum allocation system, Referring to Fig. 6, which includes:
Taxon 61, for classifying according to the path of business to business, determining LR when business reachespsClass Type, LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression start from the domain, LRinIndicate sourcesink node all in the domain;
Alternative path determination unit 62, for determining optional path set;
Path determining unit 63, for be directed to each alternative path, using security evaluation matrix to path in its domain into Row assessment, to determine the path of general safety least risk;The security evaluation matrix for evaluate multiple optical paths share it is identical Optical module when security threat;
Optical path distribution unit 64, for being LR based on identified pathinEach traffic assignments of type transmit optical path;
Frequency spectrum allocation unit 65, for being constrained in selected transmission optical path based on attack perception as traffic assignments frequency Spectrum.
In some embodiments, path determining unit 63 is used to be directed to each alternative path, utilizes security evaluation matrix Path in its domain is assessed, to determine the path of general safety least risk, comprising:
For each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, pacify according between domain Security risk value between full evaluating matrix B matrix computational domain;And according to safety wind between security risk value and domain in the domain being calculated Danger, which is worth, determines general safety value-at-risk;Wherein, security evaluation matrix A is used for the peace in description field between the alternative path of business in domain Full blast danger;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsThe alternative path of type service Between corresponding security risk;
Security risk is selected to be worth the smallest alternative path the smallest path of security risk as a whole.
In some embodiments, optical path distribution unit 64 is used to based on identified path be LRinEach business of type Distribution transmission optical path, comprising:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinEach traffic assignments of type transmit optical path.
In some embodiments, frequency spectrum allocation unit frequency spectrum allocation unit 65 is used to constrain in based on attack perception selected Transmission optical path on be traffic assignments frequency spectrum, comprising:
Traverse LRinAll links that the Work route of type service passes through search the link with these link sharing nodes Collection;
For the link in the link set found, the pact of guard band is added when to incompatible business shared link Beam;
For the link in the link set found, when to incompatible business unshared link but shared node, addition is kept away Exempt from the constraint of spectrum overlapping.
In some embodiments, alternative path determination unit alternative path determination unit 62 is for determining alternative path collection It closes, comprising:
Transmission path number is determined according to the security level of business in domain, determines optional path set.
It is understandable to be, the routing of multiple domain elastic optical network and frequency spectrum due to the attack perception of above-mentioned second aspect introduction The system of distribution is that the multiple domain elastic optical network routing that can execute the attack perception in the embodiment of the present invention and frequency spectrum distribute The device of method, so the routing of multiple domain elastic optical network and frequency spectrum point based on attack perception described in the embodiment of the present invention The method matched, those skilled in the art can understand the routing of multiple domain elastic optical network and the frequency of the attack perception of the present embodiment The specific embodiment and its various change form of the system of distribution are composed, so herein for the multiple domain elasticity of attack perception How the system of optical-fiber network routing and frequency spectrum distribution realizes the multiple domain elastic optical network road of the attack perception in the embodiment of the present invention It is no longer discussed in detail by the method distributed with frequency spectrum.As long as those skilled in the art implement to attack sense in the embodiment of the present invention Device used by method of the multiple domain elastic optical network routing known with frequency spectrum distribution, belongs to the model to be protected of the application It encloses.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments in this include institute in other embodiments Including certain features rather than other feature, but the combination of the feature of different embodiment means in the scope of the present invention Within and form different embodiments.For example, in the following claims, embodiment claimed it is any it One can in any combination mode come using.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame Claim.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (8)

1. the routing of multiple domain elastic optical network and the frequency spectrum distributing method of a kind of attack perception characterized by comprising
Step S1 classifies to business according to the path of business, determines LR when business is reachedpsType, LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink node All in the domain;Wherein, which is a domain in the multiple domain;
Step S2, determines optional path set;
Step S3, for each of optional path set alternative path, using security evaluation matrix to path in its domain into Row assessment, to determine the path of general safety least risk;The security evaluation matrix for evaluate multiple optical paths share it is identical Optical module when security threat;
Step S4 is that all types of traffic assignments transmit optical path based on identified path;
Step S5 is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum;
Wherein, the step S5 includes:
Step S51 traverses all links that the Work route of all types of business passes through, searches and these link sharing nodes Link set;
For the link in the link set found, in incompatible business shared link, protection frequency is added in step S52 The constraint of band;
Step S53 adds for the link in the link set found in incompatible business unshared link but shared node Enter to avoid the constraint of spectrum overlapping.
2. the method according to claim 1, wherein the step S3 includes:
Step S31, for each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, according to domain Between security risk value between security evaluation matrix B computational domain;And according to safety wind between security risk value and domain in the domain being calculated Danger, which is worth, determines general safety value-at-risk;Wherein, security evaluation matrix A is used for the peace in description field between the alternative path of business in domain Full blast danger;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsThe alternative path of type service Between corresponding security risk;
Step S32 selects security risk to be worth the smallest alternative path the smallest path of security risk as a whole.
3. the method according to claim 1, wherein being classified as LR when the businessinWhen type, the step S4 is specifically included:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
4. the method according to claim 1, wherein the step S2 includes: the safety etc. according to business in domain Grade determines transmission path number, determines optional path set.
5. the routing of multiple domain elastic optical network and spectrum allocation system of a kind of attack perception characterized by comprising
Taxon, for classifying according to the path of business to business, determining LR when business reachespsType, LRst Type and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIt indicates Sourcesink node is all in the domain;Wherein, which is a domain in the multiple domain;
Alternative path determination unit, for determining optional path set;
Path determining unit, for being assessed path in its domain using security evaluation matrix for each alternative path, To determine the path of general safety least risk;The security evaluation matrix shares identical optics group for evaluating multiple optical paths Security threat when part;
Optical path distribution unit, for being that all types of traffic assignments transmit optical path based on identified path;
Frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum;
Wherein, the frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as traffic assignments Frequency spectrum, comprising:
All links that the Work route of all types of business passes through are traversed, the link set with these link sharing nodes is searched;
The constraint of guard band is added in incompatible business shared link for the link in the link set found;
For the link in the link set found, in incompatible business unshared link but shared node, addition avoids frequency Compose the constraint of overlapping.
6. system according to claim 5, which is characterized in that the path determining unit is used to be directed to each alternative road Diameter is assessed path in its domain using security evaluation matrix, to determine the path of general safety least risk, comprising:
For each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, according to being commented safely between domain Estimate security risk value between matrix B computational domain;And according to security risk value determines between security risk value and domain in the domain being calculated General safety value-at-risk;Wherein, security evaluation matrix A is used for the security risk in description field between the alternative path of business in domain; Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsIt is corresponding between the alternative path of type service Security risk;
Security risk is selected to be worth the smallest alternative path the smallest path of security risk as a whole.
7. system according to claim 5, which is characterized in that be classified as LR when the businessinWhen type, the optical path Allocation unit is also used to:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
8. system according to claim 5, which is characterized in that the alternative path determination unit, for determining alternative road Diameter set, comprising:
Transmission path number is determined according to the security level of business in domain, determines optional path set.
CN201610800235.8A 2016-08-31 2016-08-31 The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception Active CN106412728B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610800235.8A CN106412728B (en) 2016-08-31 2016-08-31 The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610800235.8A CN106412728B (en) 2016-08-31 2016-08-31 The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception

Publications (2)

Publication Number Publication Date
CN106412728A CN106412728A (en) 2017-02-15
CN106412728B true CN106412728B (en) 2019-08-30

Family

ID=57998524

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610800235.8A Active CN106412728B (en) 2016-08-31 2016-08-31 The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception

Country Status (1)

Country Link
CN (1) CN106412728B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108574631B (en) * 2018-04-20 2021-04-30 中国联合网络通信集团有限公司 Route distribution method and device
CN110365589B (en) * 2019-07-30 2021-09-28 国网福建省电力有限公司 Electric power optical transmission route and frequency spectrum allocation method based on elastic optical network
CN112910778A (en) * 2021-02-03 2021-06-04 北京明未科技有限公司 Network security routing method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025615A (en) * 2010-11-25 2011-04-20 中兴通讯股份有限公司 Method and device for planning paths of small-granularity services in optical communication network
CN102523068A (en) * 2011-12-07 2012-06-27 北京邮电大学 Frequency spectrum resource distribution method in elastic optical network and system thereof
CN105357120A (en) * 2015-10-30 2016-02-24 中国人民武装警察部队工程大学 Multi-domain optical network attack perception multicast routing method based on game artificial fish swarm
CN105721130A (en) * 2016-02-23 2016-06-29 南京邮电大学 Spectrum distribution method based on sub-band virtual concatenation technology in elastic optical network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581006A (en) * 2012-08-10 2014-02-12 北京邮电大学 System architecture for global optimization of flexible grid optical networks and global optimization method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025615A (en) * 2010-11-25 2011-04-20 中兴通讯股份有限公司 Method and device for planning paths of small-granularity services in optical communication network
CN102523068A (en) * 2011-12-07 2012-06-27 北京邮电大学 Frequency spectrum resource distribution method in elastic optical network and system thereof
CN105357120A (en) * 2015-10-30 2016-02-24 中国人民武装警察部队工程大学 Multi-domain optical network attack perception multicast routing method based on game artificial fish swarm
CN105721130A (en) * 2016-02-23 2016-06-29 南京邮电大学 Spectrum distribution method based on sub-band virtual concatenation technology in elastic optical network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于频谱感知的业务分割-合并的弹性光网络资源分配策略;刘焕淋等;《电子与信息学报》;20160430;第38卷(第4期);第892-898页

Also Published As

Publication number Publication date
CN106412728A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
CN106412728B (en) The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception
Dikbiyik et al. Minimizing the risk from disaster failures in optical backbone networks
Goscien et al. Protection in elastic optical networks
Furdek et al. Attack-aware dedicated path protection in optical networks
Zhu et al. Physical-layer security in MCF-based SDM-EONs: Would crosstalk-aware service provisioning be good enough?
CA2171344C (en) Protection network design
Thiagarajan et al. Spectrum efficient super-channels in dynamic flexible grid networks–A blocking analysis
Yu et al. Hybrid fiber-wireless network: An optimization framework for survivable deployment
CN107257256B (en) A kind of WSON network planning plan-validation method
Ashraf et al. Disaster-resilient optical network survivability: a comprehensive survey
Randhawa et al. Static and dynamic routing and wavelength assignment algorithms for future transport networks
Kong et al. Availability-guaranteed virtual optical network mapping with shared backup path protection
CN104579965A (en) Photo-electric two-layer path calculation method and system supporting multiple restraint strategies
Pašić et al. efradir: An enhanced framework for disaster resilience
US8644703B2 (en) Resource utilization method and system
CN107135056A (en) It is a kind of to reduce frequency spectrum fragment and the Anycast service resource allocation method of time delay
Leesutthipornchai et al. Solving multi-objective routing and wavelength assignment in WDM network using hybrid evolutionary computation approach
Bao et al. Reliability threshold based service bandwidth recovery scheme for post-disaster telecom networks
Agrawal et al. Low-crosstalk-margin routing for spectrally-spatially flexible optical networks
Zeng et al. Multiple attention mechanisms-driven component fault location in optical networks with network-wide monitoring data
Agrawal et al. Core arrangement based spectrum-efficient path selection in core-continuity constrained SS-FONs
CN108260033A (en) A kind of multi-area optical network safe multicasting Wavelength allocation method and system
Ma et al. Joint emergency data and service evacuation in cloud data centers against early warning disasters
Júnior et al. Heuristics for routing and spectrum allocation in elastic optical path networks
Kantarci et al. Availability and cost constrained fast planning of Passive Optical Networks under various survivability policies

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant