CN106412728B - The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception - Google Patents
The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception Download PDFInfo
- Publication number
- CN106412728B CN106412728B CN201610800235.8A CN201610800235A CN106412728B CN 106412728 B CN106412728 B CN 106412728B CN 201610800235 A CN201610800235 A CN 201610800235A CN 106412728 B CN106412728 B CN 106412728B
- Authority
- CN
- China
- Prior art keywords
- domain
- path
- business
- security
- link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/0001—Selecting arrangements for multiplex systems using optical switching
- H04Q11/0005—Switch and router aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/80—Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
- H04B10/85—Protection from unauthorised access, e.g. eavesdrop protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/12—Shortest path evaluation
- H04L45/123—Evaluation of link metrics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The routing of multiple domain elastic optical network and frequency spectrum distributing method and system of attack perception provided by the invention, this method comprises: classifying according to the path of business to business when business is reached, determining LRpsType, LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink node all in the domain;Step determines optional path set;For each of optional path set alternative path, path in its domain is assessed using security evaluation matrix, to determine the path of general safety least risk;Optical path is transmitted based on the traffic assignments that identified path is each type;It is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.The present invention can assess the security threat being likely to occur, and be routed according to the result of assessment and distributed with frequency spectrum, can effectively perceive attack in this way, enhance the safety of physical layer of multiple domain elastic optical network.
Description
Technical field
The invention belongs to field of communication technology, in particular to the multiple domain elastic optical network routing of a kind of attack perception and frequency spectrum
Distribution method and system.
Background technique
In multi-area optical network, hyperchannel carries the data of vast capacity between domain.If boundary node without
Photoelectric conversion, since there is the loopholes in physical layer, such as different clients to share optical module and can bring for optical-fiber network itself
Multiple physical layers security threat (inter-channel crosstalk, gain competition etc.).Nowadays transparent optical networks are by high-speed, low time delay, low
The advantage of cost already becomes the important directions that future optical networks develop evolution, and capital branch can be greatly increased by implementing photoelectric conversion
It is paid out with operation, can not meet the needs of optical-fiber network transparence.Elastic optical network can realize a variety of speed data flows
Effectively carrying, the frequency spectrum resource distribution of high-efficient elastic, are the new networks for meeting development of optical network direction.With fixed frequency spectrum interval
Wavelength-division multiplex technique compare, the availability of frequency spectrum, and energy is greatly improved in the elastic optical network technology based on flexible grid
Enough flexible bandwidth granularity is provided for user.Assuming that multiple domain elastic optical network be it is transparent or translucent, boundary node without
Electric treatment is crossed, under such a scenario if using service request between business offer scheme processing domain internal area in existing domain, suddenly
The safety problem of physical layer slightly between domain, once meet with attack, caused by loss will be difficult to imagine.For example attacker can be from adjacent domains
Implement cross-domain attack progress listening in information by insertion interference signal, distort, will be greatly reduced the transmission quality of hyperchannel,
Carry out great security threat to Netowrk tape.
It can be seen that the business offer scheme of safety of physical layer becomes particularly important between research joint consideration domain internal area.
Summary of the invention
The safety of physical layer of one object of the present invention enhancing multiple domain elastic optical network.
In order to achieve the above object, in a first aspect, the present invention provides a kind of multiple domain elastic optical network roads of attack perception
By with frequency spectrum distributing method, comprising:
Step S1 classifies to business according to the path of business, determines LR when business is reachedpsType, LRstType
And LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink
Node is all in the domain;
Step S2, determines optional path set;
Step S3, for each of optional path set alternative path, using security evaluation matrix to its road Yu Nei
Diameter is assessed, to determine the path of general safety least risk;The security evaluation matrix is shared for evaluating multiple optical paths
Security threat when identical optical module;
Step S4 is that all types of traffic assignments transmit optical path based on identified path;
Step S5 is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.
Optionally, the step S3 includes:
Step S31, for each alternative path, according to security risk value, root in security evaluation matrix A computational domain in domain
According to security risk value between security evaluation matrix B computational domain between domain;And pacify between security risk value and domain according in the domain being calculated
Full value-at-risk determines general safety value-at-risk;Wherein, in domain between alternative path of the security evaluation matrix A for business in description field
Security risk;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsType service it is alternative
Corresponding security risk between path;
Step S32 selects security risk to be worth the smallest alternative path the smallest path of security risk as a whole.
Optionally, LR is classified as when the businessinWhen type, the step S4 is specifically included:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
Optionally, the step S5 includes:
Step S51 traverses all links that the Work route of all types of business passes through, searches and these link sharing sections
The link set of point;
Step S52, in incompatible business shared link, is added and protects for the link in the link set found
Protect the constraint of frequency band;
Step S53, for the link in the link set found, in incompatible business unshared link but shared node
When, the constraint for avoiding spectrum overlapping is added.
Optionally, the step S2 includes: to determine transmission path number according to the security level of business in domain, determines alternative road
Diameter set.
Second aspect, the present invention provides it is a kind of attack perception multiple domain elastic optical network routing and spectrum allocation system,
Include:
Taxon, for classifying according to the path of business to business, determining LR when business reachespsType,
LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRin
Indicate sourcesink node all in the domain;
Alternative path determination unit, for determining optional path set;
Path determining unit carries out path in its domain using security evaluation matrix for being directed to each alternative path
Assessment, to determine the path of general safety least risk;The security evaluation matrix for evaluate multiple optical paths share it is identical
Security threat when optical module;
Optical path distribution unit, for being that all types of traffic assignments transmit optical path based on identified path;
Frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.
Optionally, the path determining unit is used to be directed to each alternative path, using security evaluation matrix to its domain
Interior path is assessed, to determine the path of general safety least risk, comprising:
For each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, pacify according between domain
Security risk value between full evaluating matrix B computational domain;And according to security risk value between security risk value and domain in the domain being calculated
Determine general safety value-at-risk;Wherein, security evaluation matrix A is used for the safety wind in description field between the alternative path of business in domain
Danger;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsPhase between the alternative path of type service
The security risk answered;
Security risk is selected to be worth the smallest alternative path the smallest path of security risk as a whole.
Optionally, LR is classified as when the businessinWhen type, the optical path distribution unit is also used to:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
Optionally, the frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as industry
Business distribution frequency spectrum, comprising:
All links that the Work route of all types of business passes through are traversed, the link with these link sharing nodes is searched
Collection;
Guard band is added in incompatible business shared link for the link in the link set found
Constraint;
For the link in the link set found, in incompatible business unshared link but shared node, addition is kept away
Exempt from the constraint of spectrum overlapping.
Optionally, the alternative path determination unit, for determining optional path set, comprising:
Transmission path number is determined according to the security level of business in domain, determines optional path set.
The routing of multiple domain elastic optical network and frequency spectrum distributing method and system of attack perception provided by the invention, can be to can
The security threat that can occur is assessed, and is routed according to the result of assessment and is distributed with frequency spectrum, in this way can be effective
Perception attack, enhances the safety of physical layer of multiple domain elastic optical network.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, embodiment will be described below
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Example for those of ordinary skill in the art without creative efforts, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the routing of multiple domain elastic optical network and the frequency spectrum distribution side for a kind of attack perception that one embodiment of the invention provides
The flow diagram of method;
Fig. 2 is that a kind of multiple domain elastic optical network routing for attack perception that yet another embodiment of the invention provides is distributed with frequency spectrum
The flow diagram of method;
Fig. 3 is a kind of flow chart of embodiment of the part steps in Fig. 2;
Fig. 4 is the routing of multiple domain elastic optical network and the frequency spectrum distribution side for a kind of attack perception that one embodiment of the invention provides
The schematic diagram of network scenarios applied by method;
Fig. 5 is that the multiple domain elastic optical network routing of the attack perception provided using one embodiment of the invention is distributed with frequency spectrum
Frequency spectrum resource occupancy situation in network when method;
Fig. 6 is a kind of multiple domain elastic optical network routing for attack perception that one embodiment of the invention provides and frequency spectrum distribution is
The structural schematic diagram of system.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, ordinary skill people every other reality obtained without creative efforts
Example is applied, shall fall within the protection scope of the present invention.
In a first aspect, the present invention provides a kind of multiple domain elastic optical network routing of attack perception and frequency spectrum distributing method,
Referring to Fig. 1, comprising:
Step S1 classifies to business according to the path of business, determines LR when business is reachedpsType, LRstType
And LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink
Node is all in the domain;
Step S2, determines optional path set;
Step S3, for each of optional path set alternative path, using security evaluation matrix to its road Yu Nei
Diameter is assessed, to determine the path of general safety least risk;The security evaluation matrix is shared for evaluating multiple optical paths
Security threat when identical optical module;
Step S4 is LR based on identified pathinEach traffic assignments of type transmit optical path;
Step S5 is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum.
The routing of multiple domain elastic optical network and frequency spectrum distributing method and system of attack perception provided by the invention, can be to can
The security threat that can occur is assessed, and is routed according to the result of assessment and is distributed with frequency spectrum, in this way can be effective
Perception attack, enhances the safety of physical layer of multiple domain elastic optical network.
In the specific implementation, above-mentioned each step can have numerous embodiments, such as in the specific implementation, step
Rapid S3 can specifically be implemented as follows:
Step S31, for each alternative path, according to security risk value, root in security evaluation matrix A computational domain in domain
According to security risk value between security evaluation matrix B matrix computational domain between domain;And according to security risk value and domain in the domain being calculated
Between security risk value determine general safety value-at-risk;Wherein, alternative road of the security evaluation matrix A for business in description field in domain
Security risk between diameter;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsType service
Corresponding security risk between alternative path;
Step S32 selects security risk to be worth the smallest alternative path the smallest path of security risk as a whole.
Certainly in the specific implementation, those skilled in the art can also be real by establishing other kinds of security evaluation matrix
Now to the assessment of risk.
For another example, above-mentioned step S4 can be specifically included: use data be dispersed in the mode transmitted in a plurality of optical path for
LRinEach traffic assignments of type transmit optical path.
In some embodiments, the step S5 can be specifically included:
Step S51 traverses LRinAll links that the Work route of type service passes through are searched and these link sharing sections
The link set of point;
Protection is added for the link in the link set found in step S52 when to incompatible business shared link
The constraint of frequency band;
Step S53, for the link in the link set found, to incompatible business unshared link but shared node
When, the constraint for avoiding spectrum overlapping is added.
In some embodiments, the step S2 may include: to determine transmission path according to the security level of business in domain
Number, determines optional path set.
It is understandable to be, regardless of one of step in above-mentioned each step is implemented especially by which kind of mode,
As long as this kind of mode can reach mutually should step purpose to be achieved, corresponding technical solution can achieve the present invention
Basic object, should also fall into protection scope of the present invention.
In order to make it easy to understand, being distributed with frequency spectrum the multiple domain elastic optical network routing of attack perception provided by the invention below
Method is described in more detail.The basic concepts being related to first to each embodiment of the invention are illustrated:
Network model
The safety problem of a transparent domain in multi-area optical network is analyzed, G (V, E) represents the network topology in this domain, and V is indicated
Node set, E indicate link set,Indicate boundary node set, i.e., the entry/exit node requested between domain.Root of the present invention
According to the risk and protection level of business optical path, the optical path request in G (V, E) is divided into three types: LRps(passes through or terminate
In the domain), LRst(starting from the domain), LRin(sourcesink node is all in the domain).Due to LRpsEnter from boundary node, may carry
There is crosstalk signal caused by being attacked as hyperchannel, it is believed that LRpsIt is that risk is highest, LRin、LRstRisk compared with
It is low, for LRinHighest priority protection rank is taken, for LRstTake principle of doing one's best.Make it is assumed hereinafter that: 1) in order to save
About resource saves expense, does not consider to undergo photoelectric conversion when cross-domain optical path enters boundary section, the signal in G (V, E) is all built
It stands and is transmitted under the environment of full light;2) it can change the routing frequency spectrum distribution of service request between domain when necessary;3)E
In each of the links e on have F frequency band (FS), S frequency band (FS) is used as guard band.
Use LRi *(s, d, b) indicates that optical path requests i.Wherein, * can be ps/st/in, indicate request type;S, d ∈ V points
Sourcesink node is not represented, and b indicates required bandwidth resources, unit FS.
One, the security evaluation factor
Security evaluation factor (Security-evaluating Factor, SF) is defined to assess difference between the internal area of domain
Optical path shares corresponding security threat when optical module.There are three types of situations for shared optical module, are that node is non-intersecting first, do not deposit
In security threat;Followed by node intersection but Link-disjoint paths, it is understood that there may be crosstalk in inter-channel crosstalk and channel;It is finally chain
Road intersection, it is not only possible to which there are crosstalks in inter-channel crosstalk and channel, it is also possible to there are problems that gain competition.It can thus be appreciated that three kinds
The degree of danger of situation is the relationship of ascending arrangement.Assuming that SF points that node intersects but Link-disjoint paths intersect with link are
ε1、ε2, corresponding SF can be calculated by formula 3.1 between two different light paths, wherein n1、n2Respectively indicate this two optical paths
Node intersection occurs but the number of Link-disjoint paths and link intersection.
SF=n1·ε1+n2·ε2 (1)
It is an object of the invention to provide flexible RSA scheme for each service request, so that total by the SF in network
Value is minimum.In the case where attack may all be met between the internal area of domain, there are two types of the SF of type, and one kind is for incredible industry between domain
Business optical path in optical path of being engaged in and domain, for assessing the dangerous situation between domain, another kind is counted for for business in the same domain
According to the different light paths in transmission optical path group, for assessing the dangerous situation in domain.(formula is not different both in calculation method
3.1), but two kinds of degree of danger is different.Due to LRpsBusiness optical path enters from boundary node between the domain of type,
If meeting with, the extent of injury caused by attack is bigger, and risk is higher, and caused SF ratio is big as caused by optical path in other domains.Cause
This need to be according to meeting with the probability of attack and cause when finally using security threat existing for SF quantization RSA scheme between the internal area of domain
The extent of injury add weight to two kinds of SF, the degree of danger both being distinguish.
Two, security evaluation matrix
Security evaluation matrix B between security evaluation matrix A (formula 3.2) and domain is established in domain according to security evaluation factor S F
(formula 3.3), for reflecting in network security situation between the internal area of domain, for SF value between the internal area of domain when assistance is routed
It calculates.
(1) security evaluation matrix A in domain
Security evaluation matrix A is N × N square matrix in domain, is used to business LR in description fieldiAlternative path between corresponding SF
Situation, N are alternative path sum, see formula 3.2.For LRiOptional path set, amnIt indicates
LRiAlternative optical path m SF corresponding with alternative optical path n, can be calculated according to formula 3.1.It follows that matrix A is one
Symmetrical matrix, aiiThere is no essential meaning, therefore is indicated in a matrix without specific value with *.
(2) security evaluation matrix B between domain
Assuming that there are 1 LRin, 2 LRpsThe optical path of type is requested, then security evaluation matrix B is N × 2M square between domain
Battle array, for LR between the alternative path and domain of business in description fieldpsCorresponding SF situation between the alternative path of type service, N, M points
Not Wei in each domain, between domain business alternative path number, wherein Respectively represent LRi∈LRin、LRj、LRk∈LRpsAlternative path collection.Indicate LRiThe m articles
Alternative pathWith LRjNth alternative pathBetween corresponding SF, similarly known toMeaning.Specific SF value equally may be used
It is calculated by formula 3.1.
Fig. 2 is the routing for the attack perception that one embodiment of the invention provides and the flow diagram of frequency spectrum distributing method.
When business reaches, classification processing is carried out to business first, is then determined and is passed according to the security level of business in domain
Defeated number of path calculates alternative path collection using KSP algorithm business, according to corresponding SF between the calculating alternative path of formula 3.1, and builds
It stands in domain, security evaluation matrix A and B between domain.For every kind of Route Selection, respectively according to SF in matrix A and matrix B computational domain with
SF between domain, and network entirety SF value is acquired by formula 3.4.Select network entirety SF the smallest as final Route Selection.Such as
Fruit is not successfully selected routing, then business establishes failure, otherwise to LRinBusiness carries out piecemeal processing and distributes transmission path, most
Frequency spectrum distribution is carried out based on attack perception constraint afterwards to remove the link if can not find suitable frequency spectrum on certain road Tiao Lian
E, resume at step one, otherwise business is successfully established.
Route Selection based on security evaluation matrix
In the present invention, for LRps、LRstBusiness only selects a transmission paths, alternative road between the domain of both types
Diameter number is M;And for LRinThe business of type need to determine required number of path L (1 < L < N), safety level according to its security level
Not higher L is bigger, and alternative path number is N.Route Selection process is as shown in Figure 2.
Alternative path is calculated using KSP algorithm first, and establishes security evaluation matrix A and B between the internal area of domain respectively.For
LRinThe business of type is taken out L paths as transmission path from N alternative path, is formedKind Route Selection, with k table
Show that kth kind selects, thenFor the L paths of kth kind selection, it is mutual that this L paths can be checked in from matrix A
These SF values are added by the SF value of generation, can obtain SF value α in the domain of kth kind selectionk.Then is extracted in matrix B again
The sum of every column element of row corresponding to the L paths of k kind selection, these corresponding rows represents business optical path between every alternative domain
Corresponding SF summation, can thus be LR between selected L pathsjAnd LRkSF summation is chosen most in preceding M column and rear M column respectively
Optical path corresponding to small column is as transmission path.The smallest two column SF summation is denoted as β at this timek, represent the domain of kth kind selection
Between SF value.Assuming that according to the probability that attack is met between the internal area of domain and caused by the extent of injury obtain domain internal area between SF weight distinguish
For λ1、λ2, meet λ1+λ2=1, then the network entirety SF of kth kind routing scheme is ρk, see formula 3.4.It willKind selection
ρkAfter all calculating, the smallest ρ is selectedkCorresponding path is as LRi、LRj、LRkRouting plan.
For LRstBusiness between the domain of type may be other cross-domain in this overseas experience since destination node is in other domains
Attack, the present invention is principle of doing one's best to its Preservation tactics.In selected LRi、LRj、LRkTransmission path after, establish matrix
C (formula 3.5),For LRj、LRkSelected path,For LRstType service LRlIt is standby
Path set is selected,It indicatesWithBetween corresponding SF,It indicatesWithBetween corresponding SF, specific SF value is by formula
(3.1) it is calculated.Select the sum of column element i.e.In it is the smallest column it is correspondingAs LRlTransmission path.
ρk=λ1·αk+λ2·βk (4)
Traffic assignments transmission optical path rule in domain
To the business in domain, in such a way that data are dispersed in and transmit in a plurality of optical path, path allocation process such as Fig. 3 institute
Show.First according to LRinType service LRiSecurity level determine number of sections K, higher grade, and K is bigger, then by data levelling
It is cut into small pieces, respectively plus being packaged after location information field, recombinates number by these location information fields in destination node
According to useIndicate LRiJ-th of data stripping and slicing, eachBandwidth demand beWherein 1≤j≤K.It is obtained by 3.3.1
One group of LRiTransmission pathKnown toIt willPeriodically distribute toIn every optical path, until
Data block distribution terminates.Thus the data block for business in domain distributes transmission path.
Frequency spectrum distribution based on attack perception constraint
For LRinIts each data slicer is considered as common service request and carries out frequency spectrum distribution by the business of type.This hair
It is bright by LRin/LRstWith LRpsIt is considered as incompatible business, to keep SF minimum, LRin/LRstWith LRpsBusiness optical path share optics
Corresponding attack perception constraint is done when component: 1) node intersection but when Link-disjoint paths only considers inter-channel crosstalk, therefore want
Avoid spectrum overlapping;2) gain competition is only considered when link intersects, therefore other than spectrum overlapping to be avoided, also need to be added and protect
Frequency band (S FS).Due to LRinWith LRpsCompared to being more believable, therefore for LRinOptical path group does not make this when sharing optical module
Constraint need to only meet general frequency spectrum distribution principle.Frequency spectrum allocation flow be broadly divided into the following three steps:
(1) LR is traversediWork route pass through all link { Em, find out the link set with these link sharing nodes
{En}.Search all EmUpper available idle frequency range { [Fs,Fe], Fs、FeIndicate frequency band label.It is stored with Ω for LRiIt uses
Frequency range.
(2) first to incompatible business shared link when be added guard band constraint.To every Em, select { [Fs,
Fe] in position near preceding frequency range [Fs,Fe], check FsBefore and FeWhether S frequency band later is accounted for by not compatible business
With, if occupied, Fs、FeIt increase accordingly or reduces.Update [Fs,Fe] after, if Fe-Fs≥bi Then by [Fs,
Fe] be added in Ω, otherwise by [Fs,Fe] from { [Fs,Fe] in remove, repeat step (2).biFor service bandwidth demand.
(3) to incompatible business unshared link but shared node when, the constraint for avoiding spectrum overlapping is added.For { En}
In each En, check [the F corresponded in Ωs,Fe] whether occupied by incompatible business.If occupied, by the frequency range
It removes, repeats step (2) from Ω;It otherwise will be in [Fs,Fe] in by frequency spectrum distribution principle be the suitable frequency of traffic assignments
Section.
A typical case example is named to better illustrate the specific implementation thinking of the present invention program.Fig. 4 is network
Scene is made of three domains, and target is to improve the general safety level in domain 1.There are four service requests in network, it is carried out
Classification:
Step 1: it is routed based on security evaluation matrix.
Alternative path is calculated with KSP algorithm, alternative path collection is obtained and is respectively as follows:Assuming that basisService security rank determine transmission path number be 2, then the target of scheme is in p1Two transmission of middle selection
Path, in p2、p3、p4Middle to select a transmission paths respectively, the network entirety SF value that these paths selected generate is minimum.If
ε1、ε2It is respectively as follows: 1,3, corresponding SF value can be calculated according to formula 3.1, establish matrixAnd matrixCorresponded to first according to matrix AThree kinds of selection Path selectionsDomain in SF be respectively: 4,2,2;Every kind of selection is then corresponded to, LR is obtained according to matrix B3LR4
Optimal path be respectively OrSF is respectively between obtaining domain: 4,6,5;Assuming that domain internal area
Between meet with attack probability and caused by the extent of injury assessed after SF weight λ between the domain internal area that obtains1、λ2Be respectively as follows: 0.3,
0.7, it is respectively as follows: 4,4.8,4.1 according to the network entirety SF that formula 3.4 finds out these three selections, it can thus be appreciated that the first is routed
The network overall security highest of selection, obtains Route SelectionAccording to for LR3LR4The road chosen
DiameterEstablish matrixObtain LR2SelectionSF be respectively as follows: 1,2, it is known that should select
Obtain final Route Selection are as follows:
Step 2: for business in domainCarry out path allocation.
Assuming that basisService security rank determine number of sections be 4, it is small that data flow is averagely cut into 4
Block is used respectively plus being packaged after location information fieldIndicate LR1J-th of data stripping and slicing, wherein 1≤j≤4.By
3.3.1 LR is obtained1Transmission path beThen final allocation result is?Upper transmission,
?Upper transmission.
Step 3: frequency spectrum distribution is carried out based on attack perception constraint.
Fig. 5 shows the distribution condition of frequency spectrum in network, other than the load of above four service requests, it is also contemplated that in network
The frequency spectrum resource occupancy situation of original business.If giving?Frequency spectrum resource is distributed,Routing be 4-5-
8, i.e., three suitable frequency bands are distributed in 4-5 and 5-8 both links.Other than frequency spectrum consistency to be met, continuity, also need to examine
Frequency is avoided when the shared optical module correlation attack perception constraint mentioned in worry 3.3.3, i.e. node intersection but Link-disjoint paths
Spectrum overlapping, in addition to avoiding spectrum overlapping that guard band is also added when link intersects, it is assumed that need 2 FS as guard band,
Finally the frequency band in 4-5 and 5-8 both links is distributed to
Second aspect, the present invention provides it is a kind of attack perception multiple domain elastic optical network routing and spectrum allocation system,
Referring to Fig. 6, which includes:
Taxon 61, for classifying according to the path of business to business, determining LR when business reachespsClass
Type, LRstType and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression start from the domain,
LRinIndicate sourcesink node all in the domain;
Alternative path determination unit 62, for determining optional path set;
Path determining unit 63, for be directed to each alternative path, using security evaluation matrix to path in its domain into
Row assessment, to determine the path of general safety least risk;The security evaluation matrix for evaluate multiple optical paths share it is identical
Optical module when security threat;
Optical path distribution unit 64, for being LR based on identified pathinEach traffic assignments of type transmit optical path;
Frequency spectrum allocation unit 65, for being constrained in selected transmission optical path based on attack perception as traffic assignments frequency
Spectrum.
In some embodiments, path determining unit 63 is used to be directed to each alternative path, utilizes security evaluation matrix
Path in its domain is assessed, to determine the path of general safety least risk, comprising:
For each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, pacify according between domain
Security risk value between full evaluating matrix B matrix computational domain;And according to safety wind between security risk value and domain in the domain being calculated
Danger, which is worth, determines general safety value-at-risk;Wherein, security evaluation matrix A is used for the peace in description field between the alternative path of business in domain
Full blast danger;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsThe alternative path of type service
Between corresponding security risk;
Security risk is selected to be worth the smallest alternative path the smallest path of security risk as a whole.
In some embodiments, optical path distribution unit 64 is used to based on identified path be LRinEach business of type
Distribution transmission optical path, comprising:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinEach traffic assignments of type transmit optical path.
In some embodiments, frequency spectrum allocation unit frequency spectrum allocation unit 65 is used to constrain in based on attack perception selected
Transmission optical path on be traffic assignments frequency spectrum, comprising:
Traverse LRinAll links that the Work route of type service passes through search the link with these link sharing nodes
Collection;
For the link in the link set found, the pact of guard band is added when to incompatible business shared link
Beam;
For the link in the link set found, when to incompatible business unshared link but shared node, addition is kept away
Exempt from the constraint of spectrum overlapping.
In some embodiments, alternative path determination unit alternative path determination unit 62 is for determining alternative path collection
It closes, comprising:
Transmission path number is determined according to the security level of business in domain, determines optional path set.
It is understandable to be, the routing of multiple domain elastic optical network and frequency spectrum due to the attack perception of above-mentioned second aspect introduction
The system of distribution is that the multiple domain elastic optical network routing that can execute the attack perception in the embodiment of the present invention and frequency spectrum distribute
The device of method, so the routing of multiple domain elastic optical network and frequency spectrum point based on attack perception described in the embodiment of the present invention
The method matched, those skilled in the art can understand the routing of multiple domain elastic optical network and the frequency of the attack perception of the present embodiment
The specific embodiment and its various change form of the system of distribution are composed, so herein for the multiple domain elasticity of attack perception
How the system of optical-fiber network routing and frequency spectrum distribution realizes the multiple domain elastic optical network road of the attack perception in the embodiment of the present invention
It is no longer discussed in detail by the method distributed with frequency spectrum.As long as those skilled in the art implement to attack sense in the embodiment of the present invention
Device used by method of the multiple domain elastic optical network routing known with frequency spectrum distribution, belongs to the model to be protected of the application
It encloses.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention
Example can be practiced without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: i.e. required to protect
Shield the present invention claims features more more than feature expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art will understand that can be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more devices different from this embodiment.It can be the module or list in embodiment
Member or component are combined into a module or unit or component, and furthermore they can be divided into multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it can use any
Combination is to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so disclosed
All process or units of what method or apparatus are combined.Unless expressly stated otherwise, this specification is (including adjoint power
Benefit require, abstract and attached drawing) disclosed in each feature can carry out generation with an alternative feature that provides the same, equivalent, or similar purpose
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments in this include institute in other embodiments
Including certain features rather than other feature, but the combination of the feature of different embodiment means in the scope of the present invention
Within and form different embodiments.For example, in the following claims, embodiment claimed it is any it
One can in any combination mode come using.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and ability
Field technique personnel can be designed alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be through the same hardware branch
To embody.The use of word first, second, and third does not indicate any sequence.These words can be explained and be run after fame
Claim.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (8)
1. the routing of multiple domain elastic optical network and the frequency spectrum distributing method of a kind of attack perception characterized by comprising
Step S1 classifies to business according to the path of business, determines LR when business is reachedpsType, LRstType and
LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIndicate sourcesink node
All in the domain;Wherein, which is a domain in the multiple domain;
Step S2, determines optional path set;
Step S3, for each of optional path set alternative path, using security evaluation matrix to path in its domain into
Row assessment, to determine the path of general safety least risk;The security evaluation matrix for evaluate multiple optical paths share it is identical
Optical module when security threat;
Step S4 is that all types of traffic assignments transmit optical path based on identified path;
Step S5 is constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum;
Wherein, the step S5 includes:
Step S51 traverses all links that the Work route of all types of business passes through, searches and these link sharing nodes
Link set;
For the link in the link set found, in incompatible business shared link, protection frequency is added in step S52
The constraint of band;
Step S53 adds for the link in the link set found in incompatible business unshared link but shared node
Enter to avoid the constraint of spectrum overlapping.
2. the method according to claim 1, wherein the step S3 includes:
Step S31, for each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, according to domain
Between security risk value between security evaluation matrix B computational domain;And according to safety wind between security risk value and domain in the domain being calculated
Danger, which is worth, determines general safety value-at-risk;Wherein, security evaluation matrix A is used for the peace in description field between the alternative path of business in domain
Full blast danger;Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsThe alternative path of type service
Between corresponding security risk;
Step S32 selects security risk to be worth the smallest alternative path the smallest path of security risk as a whole.
3. the method according to claim 1, wherein being classified as LR when the businessinWhen type, the step
S4 is specifically included:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
4. the method according to claim 1, wherein the step S2 includes: the safety etc. according to business in domain
Grade determines transmission path number, determines optional path set.
5. the routing of multiple domain elastic optical network and spectrum allocation system of a kind of attack perception characterized by comprising
Taxon, for classifying according to the path of business to business, determining LR when business reachespsType, LRst
Type and LRinThe business of type;Wherein, LRpsIt indicates to pass through or terminate at the domain, LRstExpression starts from the domain, LRinIt indicates
Sourcesink node is all in the domain;Wherein, which is a domain in the multiple domain;
Alternative path determination unit, for determining optional path set;
Path determining unit, for being assessed path in its domain using security evaluation matrix for each alternative path,
To determine the path of general safety least risk;The security evaluation matrix shares identical optics group for evaluating multiple optical paths
Security threat when part;
Optical path distribution unit, for being that all types of traffic assignments transmit optical path based on identified path;
Frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as traffic assignments frequency spectrum;
Wherein, the frequency spectrum allocation unit, for being constrained in selected transmission optical path based on attack perception as traffic assignments
Frequency spectrum, comprising:
All links that the Work route of all types of business passes through are traversed, the link set with these link sharing nodes is searched;
The constraint of guard band is added in incompatible business shared link for the link in the link set found;
For the link in the link set found, in incompatible business unshared link but shared node, addition avoids frequency
Compose the constraint of overlapping.
6. system according to claim 5, which is characterized in that the path determining unit is used to be directed to each alternative road
Diameter is assessed path in its domain using security evaluation matrix, to determine the path of general safety least risk, comprising:
For each alternative path, according to security risk value in security evaluation matrix A computational domain in domain, according to being commented safely between domain
Estimate security risk value between matrix B computational domain;And according to security risk value determines between security risk value and domain in the domain being calculated
General safety value-at-risk;Wherein, security evaluation matrix A is used for the security risk in description field between the alternative path of business in domain;
Security evaluation matrix is for LR between the alternative path and domain of business in description field between domainpsIt is corresponding between the alternative path of type service
Security risk;
Security risk is selected to be worth the smallest alternative path the smallest path of security risk as a whole.
7. system according to claim 5, which is characterized in that be classified as LR when the businessinWhen type, the optical path
Allocation unit is also used to:
Data are used to be dispersed in the mode transmitted in a plurality of optical path as LRinThe traffic assignments of type transmit optical path.
8. system according to claim 5, which is characterized in that the alternative path determination unit, for determining alternative road
Diameter set, comprising:
Transmission path number is determined according to the security level of business in domain, determines optional path set.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610800235.8A CN106412728B (en) | 2016-08-31 | 2016-08-31 | The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610800235.8A CN106412728B (en) | 2016-08-31 | 2016-08-31 | The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106412728A CN106412728A (en) | 2017-02-15 |
CN106412728B true CN106412728B (en) | 2019-08-30 |
Family
ID=57998524
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610800235.8A Active CN106412728B (en) | 2016-08-31 | 2016-08-31 | The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106412728B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108574631B (en) * | 2018-04-20 | 2021-04-30 | 中国联合网络通信集团有限公司 | Route distribution method and device |
CN110365589B (en) * | 2019-07-30 | 2021-09-28 | 国网福建省电力有限公司 | Electric power optical transmission route and frequency spectrum allocation method based on elastic optical network |
CN112910778A (en) * | 2021-02-03 | 2021-06-04 | 北京明未科技有限公司 | Network security routing method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025615A (en) * | 2010-11-25 | 2011-04-20 | 中兴通讯股份有限公司 | Method and device for planning paths of small-granularity services in optical communication network |
CN102523068A (en) * | 2011-12-07 | 2012-06-27 | 北京邮电大学 | Frequency spectrum resource distribution method in elastic optical network and system thereof |
CN105357120A (en) * | 2015-10-30 | 2016-02-24 | 中国人民武装警察部队工程大学 | Multi-domain optical network attack perception multicast routing method based on game artificial fish swarm |
CN105721130A (en) * | 2016-02-23 | 2016-06-29 | 南京邮电大学 | Spectrum distribution method based on sub-band virtual concatenation technology in elastic optical network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581006A (en) * | 2012-08-10 | 2014-02-12 | 北京邮电大学 | System architecture for global optimization of flexible grid optical networks and global optimization method thereof |
-
2016
- 2016-08-31 CN CN201610800235.8A patent/CN106412728B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102025615A (en) * | 2010-11-25 | 2011-04-20 | 中兴通讯股份有限公司 | Method and device for planning paths of small-granularity services in optical communication network |
CN102523068A (en) * | 2011-12-07 | 2012-06-27 | 北京邮电大学 | Frequency spectrum resource distribution method in elastic optical network and system thereof |
CN105357120A (en) * | 2015-10-30 | 2016-02-24 | 中国人民武装警察部队工程大学 | Multi-domain optical network attack perception multicast routing method based on game artificial fish swarm |
CN105721130A (en) * | 2016-02-23 | 2016-06-29 | 南京邮电大学 | Spectrum distribution method based on sub-band virtual concatenation technology in elastic optical network |
Non-Patent Citations (1)
Title |
---|
基于频谱感知的业务分割-合并的弹性光网络资源分配策略;刘焕淋等;《电子与信息学报》;20160430;第38卷(第4期);第892-898页 |
Also Published As
Publication number | Publication date |
---|---|
CN106412728A (en) | 2017-02-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106412728B (en) | The routing of multiple domain elastic optical network and frequency spectrum distributing method and the system of attack perception | |
Dikbiyik et al. | Minimizing the risk from disaster failures in optical backbone networks | |
Goscien et al. | Protection in elastic optical networks | |
Furdek et al. | Attack-aware dedicated path protection in optical networks | |
Zhu et al. | Physical-layer security in MCF-based SDM-EONs: Would crosstalk-aware service provisioning be good enough? | |
CA2171344C (en) | Protection network design | |
Thiagarajan et al. | Spectrum efficient super-channels in dynamic flexible grid networks–A blocking analysis | |
Yu et al. | Hybrid fiber-wireless network: An optimization framework for survivable deployment | |
CN107257256B (en) | A kind of WSON network planning plan-validation method | |
Ashraf et al. | Disaster-resilient optical network survivability: a comprehensive survey | |
Randhawa et al. | Static and dynamic routing and wavelength assignment algorithms for future transport networks | |
Kong et al. | Availability-guaranteed virtual optical network mapping with shared backup path protection | |
CN104579965A (en) | Photo-electric two-layer path calculation method and system supporting multiple restraint strategies | |
Pašić et al. | efradir: An enhanced framework for disaster resilience | |
US8644703B2 (en) | Resource utilization method and system | |
CN107135056A (en) | It is a kind of to reduce frequency spectrum fragment and the Anycast service resource allocation method of time delay | |
Leesutthipornchai et al. | Solving multi-objective routing and wavelength assignment in WDM network using hybrid evolutionary computation approach | |
Bao et al. | Reliability threshold based service bandwidth recovery scheme for post-disaster telecom networks | |
Agrawal et al. | Low-crosstalk-margin routing for spectrally-spatially flexible optical networks | |
Zeng et al. | Multiple attention mechanisms-driven component fault location in optical networks with network-wide monitoring data | |
Agrawal et al. | Core arrangement based spectrum-efficient path selection in core-continuity constrained SS-FONs | |
CN108260033A (en) | A kind of multi-area optical network safe multicasting Wavelength allocation method and system | |
Ma et al. | Joint emergency data and service evacuation in cloud data centers against early warning disasters | |
Júnior et al. | Heuristics for routing and spectrum allocation in elastic optical path networks | |
Kantarci et al. | Availability and cost constrained fast planning of Passive Optical Networks under various survivability policies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |