(19)
(11)EP 3 058 686 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
29.04.2020 Bulletin 2020/18

(21)Application number: 13783875.1

(22)Date of filing:  15.10.2013
(51)International Patent Classification (IPC): 
H04L 12/707(2013.01)
H04L 12/723(2013.01)
H04L 12/721(2013.01)
H04Q 11/00(2006.01)
(86)International application number:
PCT/EP2013/071491
(87)International publication number:
WO 2015/055230 (23.04.2015 Gazette  2015/16)

(54)

TRANSMITTING COMMUNICATIONS TRAFFIC ACROSS AN OPTICAL COMMUNICATION NETWORK

KOMMUNIKATIONSÜBERTRAGUNG VON DATENVERKEHR ÜBER EIN OPTISCHES KOMMUNIKATIONSNETZWERK

ÉMISSION DE TRAFIC DE COMMUNICATION SUR UN RÉSEAU DE COMMUNICATION OPTIQUE


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(43)Date of publication of application:
24.08.2016 Bulletin 2016/34

(73)Proprietor: Telefonaktiebolaget LM Ericsson (publ)
164 83 Stockholm (SE)

(72)Inventors:
  • MAGRI, Roberto
    I-56100 Pisa (IT)
  • BOTTARI, Giulio
    I-56100 Pisa (IT)

(74)Representative: Brann AB 
P.O. Box 3690 Drottninggatan 27
103 59 Stockholm
103 59 Stockholm (SE)


(56)References cited: : 
US-A1- 2004 258 407
  
  • CONTE G ET AL: "A multilayer solution for path provisioning in new-generation optical/MPLS networks", JOURNAL OF LIGHTWAVE TECHNOLOGY, IEEE SERVICE CENTER, NEW YORK, NY, US, vol. 21, no. 5, 1 May 2003 (2003-05-01), pages 1141-1155, XP011098688, ISSN: 0733-8724, DOI: 10.1109/JLT.2003.811424
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description

Technical Field



[0001] The invention relates to a method of transmitting communications traffic in an optical communication network comprising a plurality of nodes, a method of receiving communications traffic in an optical communication network comprising a plurality of nodes, a method of operating an optical communication network comprising a plurality of nodes, an optical communication network transmitter module, an optical communication network receiver module, and an optical communication network.

Background



[0002] Fibre tapping attacks are a real threat in optical networks. The tap consists, for example, of bending the fibre to the point that it leaks light, enabling an attacker to gain access to communications traffic being carried by optical channels propagating through the fibre. When a successful tap is made, packet-sniffer software can be used to filter through the packet headers of the traffic. This means that specified IP addresses, MAC addresses or DNS information can be gathered from the tapped traffic. If an attacker is successful in using an unobtrusive method to retrieve traffic directly from the fibre optic cable, then the attacker does not need access to a network in order to access the communications traffic being sent across it. Encryption techniques can improve the security of the traffic but encryption can be broken.

[0003] Fibre tapping techniques may be hard to be detected since the loss introduced by the tapping device may be so low that network management and monitoring systems may not be able to identify the attack. In some cases, attackers cut the fibre at a given point so that the network operator detects a link failure. While the operator goes in field to repair the fibre cut, the attacker applies a fibre tap some kilometres away from the fibre cut point. By operating during this network maintenance period, when the fibre is under repair, an attacker can avoid a network monitoring system detecting the optical power transient that typically occurs when a fibre tap is inserted. After the fibre repair is complete, it is impossible to detect whether a tap has been inserted because the effect of the tap on the quality of the optical signal is very limited and could be easily confused with the effect of a patch used to repair the cut fibre. Other fibre tapping methods are also used, including the permanent installation of optical splitters on an optical fibre to enable continuous eavesdropping. This technique can be easily used along hundreds of kilometres of unmonitored and un-watched optical network cable.

[0004] The most obvious way to protect optical fibre cables from this type of attack is to prevent physical access to them. However there are millions of kilometres of optical fibre cables spanning across the globe and it is not possible to protect optical fibre cables out in the field in the way in which the central offices of communication networks are protected.

[0005] Current solutions to the problem of fibre tapping attacks are either based on protection at higher network layers, specifically cryptography and steganography, or on the use of complex, expensive and not very reliable network monitoring infrastructures, such as a combination of embedded optical time domain reflectometry, OTDR, vibration monitoring systems, and optical network parameter monitoring. US2010/119225 discloses a transceiver card for providing secure optical transmission over optical fibre. The transceiver card comprises an optical time domain reflectometer connected to the receiver side of the card, upstream from the receiver. Cryptography may be used to protect communications traffic content but not to prevent access to the traffic. A malicious attacker with access to encrypted data can, if motivated and with a suitable amount of money and time, successfully open the encryption. The methods based on monitoring systems to detect malicious intrusion on an optical link are very expensive, cannot react to fast transients in optical signal power, and are prone to false alarms and to alarms failing to go off; a threshold set too high can fail to detect an attack while a threshold set too low will generate many false alarms as a consequence of changes in fibre parameters due to normal ageing, stress, faults, etc.

[0006] US2004/258407 describes an optical network, which includes edge and switching nodes, optically communicating information formatted in a statistically multiplexed control and data bursts and/or metadata. Control bursts are transmitted prior to the data bursts to configure optical switches in selected switching nodes so that the data bursts do not require 0-E-0 conversion. Each edge node consists of an adaptive PBS medium-access layer (MAC) component in order to achieve the transmission throughput improvement. The adaptive PBS MAC component enables the PBS data burst size to adapt to the TCP flow, allowing the PBS data burst to be transmitted immediately for the TCP flow experiencing TCP slow start.

Summary



[0007] This invention is defined by the appended claims. It is an object to provide an improved method of transmitting communications traffic in an optical communication network comprising a plurality of nodes. It is a further object to provide an improved method of receiving communications traffic in an optical communication network comprising a plurality of nodes. It is a further object to provide an improved method of operating an optical communication network comprising a plurality of nodes. It is a further object to provide an improved optical communication network transmitter module. It is a further object to provide an improved optical communication network receiver module. It is a further object to provide an improved optical communication network.

[0008] A first aspect of the invention provides a method of transmitting communications traffic in an optical communication network comprising a plurality of nodes. The method comprises receiving communications traffic at a source node, the communications traffic to be transmitted across the optical communication network to a target node. The method comprises, at the source node, obtaining a path sequence. The path sequence defines an order in which a plurality of optical paths from the source node to the target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The method comprises, at the source node, transmitting the communications traffic as a series of traffic portions. Each traffic portion is transmitted for a respective preselected transmission period on a respective optical path according to the path sequence, wherein the path sequence is a preselected sequence.

[0009] The method may ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted. The method may therefore provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The method may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The method is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0010] The method may enable the source of the communications traffic to implement a defence to a fibre tapping attack even when they do not directly control the optical fibres across which the communications traffic is to be transmitted.

[0011] The method does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems.

[0012] In an embodiment, the communications traffic in each said traffic portion can only be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0013] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion.

[0014] In an embodiment, the method comprises obtaining information identifying a respective different optical channel assigned to each said optical path and digitally wrapping the communications traffic. The digitally wrapped communications traffic is transmitted as a series of traffic portions, each traffic portion being transmitted on the optical channel assigned to its respective optical path. Switching the digitally wrapped traffic between different optical channels enables the switching to be implemented in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0015] In an embodiment, the communications traffic is transmitted on a single optical channel. The optical channel is transmitted on each optical path of the path sequence for a respective preselected transmission period.

[0016] In an embodiment, the method comprises obtaining information identifying a respective different optical channel assigned to each said optical path and the communications traffic is digitally wrapped communications traffic. The digitally wrapped communications traffic is transmitted as a series of traffic portions, each traffic portion being transmitted on the optical channel assigned to its respective optical path. Switching the digitally wrapped traffic between different optical channels enables the switching to be implemented in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0017] In an embodiment, the digitally wrapped traffic is transmitted on each optical channel for said transmission period.

[0018] In an embodiment, transmission of the digitally wrapped traffic is switched onto the optical channel of the next optical path in the path sequence on the elapsing of a timer.

[0019] In an embodiment, transmission of the digitally wrapped traffic is switched onto the optical channel of the next optical path in the path sequence in response to the detection of a false alarm signal. Detection of the false alarm signal initiates a switching mechanism arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence. Using an existing switching mechanism within an optical communication network may offer the advantage of ease of implementation. No hardware protocols may need to be changed.

[0020] In an embodiment, the switching mechanism is a protection switching mechanism. The action of switching the traffic portions onto different optical paths for anti-tapping purposes may therefore have the same complexity as switching traffic for failure recovery purposes.

[0021] In an embodiment, the communications traffic is wrapped in a multi protocol label switching, MPLS, label switched path, LSP, and the MPLS LSP is transmitted as a series of traffic portions. The action of switching LSPs among alternative paths for anti-tapping purposes has the same complexity as switching an LSP for failure recovery purposes.

[0022] In an embodiment, the received communications traffic is wrapped in a plurality of MPLS LSPs and the MPLS LSPs are each transmitted as a series of traffic portions. Each MPLS LSP commences transmission at a different optical path of the path sequence. The MPLS LSPs are transmitted simultaneously.

[0023] In an embodiment, the communications traffic is wrapped in an optical transport network, OTN, container and the OTN container is transmitted as a series of traffic portions. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0024] In an embodiment, the received communications traffic is wrapped in a plurality of OTN containers and the OTN containers are each transmitted as a series of traffic portions. Each OTN container commences transmission at a different optical path of the path sequence. The OTN containers are transmitted simultaneously.

[0025] In an embodiment, the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0026] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0027] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The spatially separate parts of the optical paths are located in different network parts Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0028] In an embodiment, the physically distinct paths across the optical communication network may be paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0029] In an embodiment, the communications traffic is transmitted as a series of traffic portions by transmitting the communications traffic on the respective optical channel of each optical path of the path sequence for a preselected transmission period.

[0030] In an embodiment, a part of an optical path may be shared if said part is in a location which is known to be secure.

[0031] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the source node and the target node know the path sequence and the source node can switch to the next path at the same time as the target node.

[0032] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic.

[0033] In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0034] In an embodiment, the communications traffic to be transmitted during each transmission period may be stored in a buffer for a period at least equal to a switching time for changing to the next optical path in the path sequence. The communications traffic has a data rate and the communication traffic is transmitted from the buffer at a higher data rate. This may enable continuous transmission of the communications traffic without loss of traffic, which may mitigate transmission performance degradation.

[0035] In an embodiment, the received communications traffic is stored in a buffer before being transmitted. The communications traffic is stored in the buffer for a period at least equal to a total switching time. This may enable the time required to switch the communications traffic onto each of the optical paths of the path sequence to be absorbed, which may mitigate transmission performance degradation.

[0036] In an embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The method comprises determining whether the communications traffic has a said security marker and only transmitting the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0037] A second aspect of the invention provides a method of receiving communications traffic in an optical communication network comprising a plurality of nodes. The method comprises obtaining a path sequence. The path sequence defines an order in which a plurality of optical paths from a source node to the target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The method comprises receiving a series of traffic portions at the target node. Each traffic portion is received for a respective preselected transmission period from a respective optical path according to the path sequence. The method comprises reconstructing the communications traffic from the received traffic portions according to the path sequence.

[0038] The method may ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted. The method may therefore provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The method may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The method is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0039] The method may enable a recipient of the communications traffic to benefit from a defence to a fibre tapping attack even when neither they nor the source of the communications traffic directly control the optical fibres across which the communications traffic is transmitted to them.

[0040] The method does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems. In an embodiment, each traffic portion is a portion of digitally wrapped communications traffic.

[0041] In an embodiment, the communications traffic is wrapped in a multi protocol label switching, MPLS, label switched path, LSP, and the MPLS LSP is transmitted as a series of traffic portions. The action of receiving LPSs among alternative paths for anti-tapping purposes has the same complexity as for failure recovery purposes.

[0042] In an embodiment, the received communications traffic is wrapped in a plurality of MPLS LSPs and the MPLS LSPs are each received as a series of traffic portions. Receipt of each MPLS LSP commences from a different optical path of the path sequence. The MPLS LSPs are received simultaneously.

[0043] In an embodiment, the communications traffic is wrapped in an optical transport network, OTN, container and the OTN container is transmitted as a series of traffic portions. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0044] In an embodiment, the received communications traffic is wrapped in a plurality of OTN containers and the OTN containers are each received as a series of traffic portions. Receipt of each OTN container commences from a different optical path of the path sequence. The OTN containers are received simultaneously.

[0045] In an embodiment, the communications traffic in each said traffic portion can only be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0046] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion.

[0047] In an embodiment, the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0048] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0049] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The spatially separate parts of the optical paths are located in different network parts Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0050] In an embodiment, the physically distinct paths across the optical communication network may be paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0051] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the source node and the target node know the path sequence and the target node can switch to the next path at the same time as the source node.

[0052] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic.

[0053] In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0054] A third aspect of the invention provides a method of operating an optical communication network comprising a plurality of nodes. The method comprises configuring a plurality of optical paths from a source node to a target node across the optical communication network. At least part of each optical path is spatially separate from each other optical path. The method of operating an optical communication network comprises, at the source node, transmitting the communications traffic according to the following method of transmitting communications traffic in an optical communication network comprising a plurality of nodes. The method of transmitting communications traffic comprises receiving communications traffic at a source node, the communications traffic to be transmitted across the optical communication network to a target node. The method of transmitting communications traffic comprises, at the source node, obtaining a path sequence. The path sequence defines an order in which a plurality of optical paths from the source node to the target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The method of transmitting communications traffic comprises, at the source node, transmitting the communications traffic as a series of traffic portions. Each traffic portion is transmitted for a respective preselected transmission period on a respective optical path according to the path sequence. The method of operating an optical communication network comprises, at the target node, receiving the communications traffic according to a method of receiving communications traffic in an optical communication network comprising a plurality of nodes. The method of receiving communications traffic comprises obtaining a path sequence. The path sequence defines an order in which a plurality of optical paths from a source node to the target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The method of receiving communications traffic comprises receiving a series of traffic portions at the target node. Each traffic portion is received for a respective preselected transmission period from a respective optical path according to the path sequence. The method of receiving communications traffic comprises reconstructing the communications traffic from the received traffic portions according to the path sequence.

[0055] The method may ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted. The method may therefore provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The method may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The method is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0056] The method may enable the source of the communications traffic to implement a defence to a fibre tapping attack even when they do not directly control the optical fibres across which the communications traffic is to be transmitted.

[0057] The method does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems.

[0058] In an embodiment, the optical communication network is to be operated for communications traffic having a security level and the plurality of optical paths configured is proportional to the security level. This may enable a longer and more complex path sequence to be configured, which may enable the security of transmission of the communications traffic to be increase proportionally to the security level of the traffic.

[0059] In an embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The method comprises determining whether the communications traffic has a said security marker and only transmitting the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0060] In an embodiment, the security marker comprises information identifying the security level. The method additionally comprises reading said information to obtain the security level.

[0061] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the source node and the target node know the path sequence and can switch to the next path at the correct time.

[0062] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic.

[0063] In an embodiment, the dynamically changing path sequence is obtained by pseudo randomly generating a sequence of the optical paths. The method comprises securely communicating the path sequence to the source node and to the target node. This may further increase the complexity of the path sequence and may increase the security of transmission of the communications traffic.

[0064] In an embodiment, the communications traffic in each said traffic portion can only be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion in never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0065] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion.

[0066] In an embodiment, the method comprises obtaining information identifying a respective different optical channel assigned to each said optical path and digitally wrapping the communications traffic. The digitally wrapped communications traffic is transmitted as a series of traffic portions, each traffic portion being transmitted on the optical channel assigned to its respective optical path. Switching the digitally wrapped traffic between different optical channels enables the switching to be implemented in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0067] In an embodiment, the communications traffic is transmitted on a single optical channel. The optical channel is transmitted on each optical path of the path sequence for a respective preselected transmission period.

[0068] In an embodiment, the method comprises obtaining information identifying a respective different optical channel assigned to each said optical path and the communications traffic is digitally wrapped communications traffic. The digitally wrapped communications traffic is transmitted as a series of traffic portions, each traffic portion being transmitted on the optical channel assigned to its respective optical path. Switching the digitally wrapped traffic between different optical channels enables the switching to be implemented in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0069] In an embodiment, the digitally wrapped traffic is transmitted on each optical channel for said transmission period.

[0070] In an embodiment, transmission of the digitally wrapped traffic is switched onto the optical channel of the next optical path in the path sequence on the elapsing of a timer.

[0071] In an embodiment, transmission of the digitally wrapped traffic is switched onto the optical channel of the next optical path in the path sequence in response to the detection of a false alarm signal. Detection of the false alarm signal initiates a switching mechanism arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence. Using an existing switching mechanism within an optical communication network may offer the advantage of ease of implementation. No hardware protocols may need to be changed.

[0072] In an embodiment, the switching mechanism is a protection switching mechanism. The action of switching the traffic portions onto different optical paths for anti-tapping purposes may therefore have the same complexity as switching traffic for failure recovery purposes.

[0073] In an embodiment, the communications traffic is wrapped in a multi protocol label switching, MPLS, label switched path, LSP, and the MPLS LSP is transmitted as a series of traffic portions. The action of switching LPSs among alternative paths for anti-tapping purposes has the same complexity of switching LSP for failure recovery purposes.

[0074] In an embodiment, the communications traffic is wrapped in a plurality of MPLS LSPs and the MPLS LSPs are each transmitted as a series of traffic portions. Each MPLS LSP commences transmission at a different optical path of the path sequence. The MPLS LSPs are transmitted simultaneously.

[0075] In an embodiment, the communications traffic is wrapped in an optical transport network, OTN, container and the OTN container is transmitted as a series of traffic portions. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0076] In an embodiment, the communications traffic is wrapped in a plurality of OTN containers and the OTN containers are each transmitted as a series of traffic portions. Each OTN container commences transmission at a different optical path of the path sequence. The OTN containers are transmitted simultaneously.

[0077] In an embodiment, the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0078] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0079] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The spatially separate parts of the optical paths are located in different network parts Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0080] In an embodiment, the physically distinct paths across the optical communication network may be paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0081] In an embodiment, the communications traffic is transmitted as a series of traffic portions by transmitting the communications traffic on the respective optical channel of each optical path of the path sequence for a preselected transmission period.

[0082] In an embodiment, a part of an optical path may be shared if said part is in a location which is known to be secure.

[0083] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the source node and the target node know the path sequence and can switch to the next path at the correct time.

[0084] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic.

[0085] In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0086] In an embodiment, the communications traffic to be transmitted during each transmission period may be stored in a buffer for a period at least equal to a switching time for changing to the next optical path in the path sequence. The communications traffic has a data rate and the communication traffic is transmitted from the buffer at a higher data rate. This may enable continuous transmission of the communications traffic without loss of traffic, which may mitigate transmission performance degradation.

[0087] In an embodiment, the communications traffic is stored in a buffer before being transmitted. The communications traffic is stored in the buffer for a period at least equal to a total switching time. This may enable the time required to switch the communications traffic onto each of the optical paths of the path sequence to be absorbed, which may mitigate transmission performance degradation.

[0088] In an embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The method comprises determining whether the communications traffic has a said security marker and only transmitting the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0089] A fourth aspect of the invention provides an optical communication network transmitter module comprising an input, a plurality of outputs, an optical transmitter and a module controller. The input is arranged to receive communications traffic to be transmitted. Each of the outputs is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network. The module controller is arranged to obtain a path sequence defining an order in which a plurality of optical paths from the transmitter module to a target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The module controller is additionally arranged to generate and transmit at least one transmitter control signal containing instructions arranged to cause the optical transmitter to transmit the communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period on a respective optical path according to the path sequence.

[0090] The transmitter module may be used to ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted. The transmitter module may provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The transmitter module may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The transmitter module is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0091] The transmitter module may be used to implement a defence to a fibre tapping attack even when the owner of the transmitter module does not directly control the optical fibres across which the communications traffic is to be transmitted.

[0092] The transmitter module does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems.

[0093] In an embodiment, the optical communication network transmitter module comprises a plurality of optical transmitters and a digital wrapping element. Each optical transmitter is arranged to operate at a different one of a plurality of optical channels and is coupled to a respective one of the optical outputs. The digital wrapping element is arranged to digitally wrap the communications traffic. The at least one transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the digitally wrapped communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period by a respective optical transmitter according to the path sequence.

[0094] Switching the digitally wrapped traffic between different optical channels enables the transmitter module to implement the switching in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0095] In an embodiment, the module controller is arranged to obtain information identifying a respective different optical channel assigned to each said optical path.

[0096] In an embodiment, the communications traffic in each said traffic portion is only able to be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0097] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion.

[0098] In an embodiment, the module controller is arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence on the elapsing of a timer.

[0099] In an embodiment, the module controller is configured with a switching mechanism. The module controller is arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence by implementing the switching mechanism in response to detecting a false alarm signal. Using an existing switching mechanism may offer the advantage of ease of implementation. No hardware protocols may need to be changed.

[0100] In an embodiment, the switching mechanism is a protection switching mechanism. The action of switching the traffic portions onto different optical paths for anti-tapping purposes may therefore have the same complexity as switching traffic for failure recovery purposes.

[0101] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a multi protocol label switching, MPLS, label switched path, LSP. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the MPLS LSP as a series of traffic portions. The action of switching LPSs among alternative paths for anti-tapping purposes has the same complexity of switching LSP for failure recovery purposes.

[0102] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in an optical transport network, OTN, container. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the optical transport network container as a series of traffic portions. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0103] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a plurality of MPLS LSPs. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit each MPLS LSP as a series of traffic portions. The transmitter control signal contains instructions arranged to cause transmission of each MPLS LSP to commence at a different optical path of the path sequence. The MPLS LSPs are transmitted simultaneously.

[0104] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a plurality of OTN containers. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit each OTN container as a series of traffic portions. The transmitter control signal contains instructions arranged to cause transmission of each OTN container to commence at a different optical path of the path sequence. The transmitter control signal contains instructions arranged to cause the OTN containers to be transmitted simultaneously.

[0105] In an embodiment, the digital wrapping element is an IP/MPLS switch.

[0106] In an embodiment, the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0107] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0108] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The spatially separate parts of the optical paths are located in different network parts. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0109] In an embodiment, the physically distinct paths across the optical communication network may be paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0110] In an embodiment, a part of an optical path may be shared if said part is in a location which is known to be secure.

[0111] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the transmitter module and the target node may both know the path sequence and the transmitter module can switch to the next path at the same time as the target node.

[0112] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic.

[0113] In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0114] In an embodiment, the transmitter module further comprises a buffer. The communications traffic to be transmitted during each transmission period is stored in the buffer for a period at least equal to a switching time for changing to the next optical path in the path sequence. The communications traffic has a data rate and the module controller is arranged to transmit the communication traffic from the buffer at a higher data rate. This may enable continuous transmission of the communications traffic without loss of traffic, which may mitigate transmission performance degradation.

[0115] In an embodiment, the transmitter module further comprises a buffer. The received communications traffic is stored in the buffer before being transmitted. The communications traffic is stored in the buffer for a period at least equal to a total switching time. This may absorb the time required to switch the communications traffic onto each of the optical paths of the path sequence, which may mitigate transmission performance degradation.

[0116] In an embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The module controller is additionally arranged to determine whether the communications traffic has a said security marker and the module controller is arranged to transmit the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0117] A fifth aspect of the invention provides an optical communication network receiver module comprising a plurality of inputs, a plurality of optical receivers, and a module controller. Each input is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network from a source node to the receiver module. At least part of each optical path is spatially separate from each other optical path. Each optical receiver is coupled to a respective one of the inputs. The module controller is arranged to obtain a path sequence defining an order in which the plurality of optical paths across the optical communication network are to be used. The module controller is additionally arranged to receive a series of traffic portions. Each traffic portion is received for a respective preselected transmission period. The module controller is additionally arranged to reconstruct the communications traffic from the received traffic portions according to the path sequence.

[0118] The receiver module may be used to receive communications traffic which even if it has suffered a fibre tapping attack, the attacker is not able to access the whole of the communications traffic received at the receiver module. The receiver module may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided.

[0119] The receiver module may enable a recipient of the communications traffic to benefit from a defence to a fibre tapping attack even when neither they nor the source of the communications traffic directly control the optical fibres across which the communications traffic is transmitted to them.

[0120] The receiver module does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems.

[0121] In an embodiment, each traffic portion is a portion of digitally wrapped communications traffic.

[0122] In an embodiment, each traffic portion is a portion of a multi protocol label switching, MPLS, label switched path, LSP. Receiving LPSs among alternative paths for anti-tapping purposes has the same complexity as for failure recovery purposes.

[0123] In an embodiment, the module controller is arranged to simultaneously receive a plurality of traffic portions, each being a portion of a different LSP.

[0124] In an embodiment, each traffic portion is a portion of an optical transport network, OTN. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0125] In an embodiment, the module controller is arranged to simultaneously receive a plurality of traffic portions, each being a portion of a different OTN container.

[0126] In an embodiment, the communications traffic in each said traffic portion is only able to be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0127] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion in never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0128] In an embodiment, the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0129] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0130] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The spatially separate parts of the optical paths are located in different network parts Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0131] In an embodiment, the physically distinct paths across the optical communication network may be paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0132] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the receiver module and the source node may both know the path sequence and the receiver module can switch to the next path at the same time as the source node.

[0133] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic. In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0134] A sixth aspect of the invention provides an optical communication network node comprising at least one of a communication network transmitter module and a communication network receiver module. The optical communication network transmitter module comprises an input, a plurality of outputs, an optical transmitter and a module controller. The input is arranged to receive communications traffic to be transmitted. Each of the outputs is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network. The module controller is arranged to obtain a path sequence defining an order in which a plurality of optical paths from the transmitter module to a target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The module controller is additionally arranged to generate and transmit at least one transmitter control signal containing instructions arranged to cause the optical transmitter to transmit the communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period on a respective optical path according to the path sequence. The optical communication network receiver module comprises a plurality of inputs, a plurality of optical receivers, and a module controller. Each input is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network from a source node to the receiver module. At least part of each optical path is spatially separate from each other optical path. Each optical receiver is coupled to a respective one of the inputs. The module controller is arranged to obtain a path sequence defining an order in which the plurality of optical paths across the optical communication network are to be used. The module controller is additionally arranged to receive a series of traffic portions. Each traffic portion is received for a respective preselected transmission period on a respective optical channel from a respective optical path according to the path sequence. The module controller is additionally arranged to reconstruct the communications traffic from the received traffic portions according to the path sequence.

[0135] The node may be used to ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted or received. The node may provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The transmitter module may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The node is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0136] The node may be used to implement a defence to a fibre tapping attack even when the owner of the transmitter module does not directly control the optical fibres across which the communications traffic is to be transmitted.

[0137] The node does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems. In an embodiment, the optical communication network transmitter module comprises a plurality of optical transmitters and a digital wrapping element. Each optical transmitter is arranged to operate at a different one of a plurality of optical channels and is coupled to a respective one of the optical outputs. The digital wrapping element is arranged to digitally wrap the communications traffic. The at least one transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the digitally wrapped communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period by a respective optical transmitter according to the path sequence.

[0138] In an embodiment, the optical communication network transmitter module comprises a plurality of optical transmitters and a digital wrapping element. Each optical transmitter is arranged to operate at a different one of a plurality of optical channels and is coupled to a respective one of the optical outputs. The digital wrapping element is arranged to digitally wrap the communications traffic. The at least one transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the digitally wrapped communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period by a respective optical transmitter according to the path sequence.

[0139] Switching digitally wrapped traffic between different optical channels enables the transmitter module to implement the switching in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0140] In an embodiment, the transmitter module controller is arranged to obtain information identifying a respective different optical channel assigned to each said optical path.

[0141] In an embodiment, the communications traffic in each said traffic portion is only able to be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0142] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion.

[0143] In an embodiment, the transmitter module controller is arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence on the elapsing of a timer.

[0144] In an embodiment, the transmitter module controller is configured with a switching mechanism. The transmitter module controller is arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence by implementing the switching mechanism in response to detecting a false alarm signal. Using an existing switching mechanism may offer the advantage of ease of implementation. No hardware protocols may need to be changed.

[0145] In an embodiment, the switching mechanism is a protection switching mechanism. The action of switching the traffic portions onto different optical paths for anti-tapping purposes may therefore have the same complexity as switching traffic for failure recovery purposes.

[0146] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a multi protocol label switching, MPLS, label switched path, LSP. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the MPLS LSP as a series of traffic portions. The action of switching LPSs among alternative paths for anti-tapping purposes has the same complexity of switching LSP for failure recovery purposes.

[0147] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in an optical transport network, OTN, container. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the optical transport network container as a series of traffic portions. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0148] In an embodiment, the digital wrapping element is arranged to wrap the received communications traffic is wrapped in a plurality of MPLS LSPs. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit each MPLS LSP as a series of traffic portions. The transmitter control signal contains instructions arranged to cause transmission of each MPLS LSP to commence at a different optical path of the path sequence. The MPLS LSPs are transmitted simultaneously.

[0149] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a plurality of OTN containers. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit each OTN container as a series of traffic portions. The transmitter control signal contains instructions arranged to cause transmission of each OTN container to commence at a different optical path of the path sequence. The transmitter control signal contains instructions arranged to cause the OTN containers to be transmitted simultaneously.

[0150] In an embodiment, the digital wrapping element is an IP/MPLS switch.

[0151] In an embodiment, the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0152] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0153] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The spatially separate parts of the optical paths are located in different network parts. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0154] In an embodiment, the physically distinct paths across the optical communication network may be paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0155] In an embodiment, a part of an optical path may be shared if said part is in a location which is known to be secure.

[0156] In an embodiment, the path sequence is preselected and deterministic. This may mitigate transmission performance degradation since the transmitter module and the target node may both know the path sequence and the transmitter module can switch to the next path at the same time as the target node.

[0157] In an embodiment, the path sequence is a dynamic path sequence. This may further increase the security of transmission of the communications traffic.

[0158] In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0159] In an embodiment, the transmitter module further comprises a buffer. The communications traffic to be transmitted during each transmission period is stored in the buffer for a period at least equal to a switching time for changing to the next optical path in the path sequence. The communications traffic has a data rate and the module controller is arranged to transmit the communication traffic from the buffer at a higher data rate. This may enable continuous transmission of the communications traffic without loss of traffic, which may mitigate transmission performance degradation.

[0160] In an embodiment, the transmitter module further comprises a buffer. The received communications traffic is stored in the buffer before being transmitted. The communications traffic is stored in the buffer for a period at least equal to a total switching time. This may absorb the time required to switch the communications traffic onto each of the optical paths of the path sequence, which may mitigate transmission performance degradation.

[0161] In an embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The transmitter module controller is additionally arranged to determine whether the communications traffic has a said security marker and the module controller is arranged to transmit the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0162] In an embodiment, each traffic portion received at the receiver module is a portion of digitally wrapped communications traffic.

[0163] In an embodiment, each traffic portion received at the receiver module is a portion of a multi protocol label switching, MPLS, label switched path, LSP. Receiving LPSs among alternative paths for anti-tapping purposes has the same complexity as for failure recovery purposes.

[0164] In an embodiment, the receiver module controller is arranged to simultaneously receive a plurality of traffic portions, each being a portion of a different LSP.

[0165] In an embodiment, each traffic portion received at the receiver module is a portion of an optical transport network, OTN. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0166] In an embodiment, the receiver module controller is arranged to simultaneously receive a plurality of traffic portions, each being a portion of a different OTN container.

[0167] A seventh aspect of the invention provides an optical communication network comprising a source node, a target node, a plurality of intermediate nodes, a plurality of optical fibre links each connecting a pair of the nodes, and a network control element. The source node comprises an optical communication network transmitter module comprising an input, a plurality of outputs, an optical transmitter and a module controller. The input is arranged to receive communications traffic to be transmitted. Each of the outputs is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network. The module controller is arranged to obtain a path sequence defining an order in which a plurality of optical paths from the transmitter module to a target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path. The module controller is additionally arranged to generate and transmit at least one transmitter control signal containing instructions arranged to cause the optical transmitter to transmit the communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period on a respective optical path according to the path sequence. The target node comprises an optical communication network receiver module comprising a plurality of inputs, a plurality of optical receivers, and a module controller. Each input is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network from a source node to the receiver module. At least part of each optical path is spatially separate from each other optical path. Each optical receiver is coupled to a respective one of the inputs. The module controller is arranged to obtain a path sequence defining an order in which the plurality of optical paths across the optical communication network are to be used. The module controller is additionally arranged to receive a series of traffic portions. Each traffic portion is received for a respective preselected transmission period on a respective optical channel from a respective optical path according to the path sequence. The module controller is additionally arranged to reconstruct the communications traffic from the received traffic portions according to the path sequence. The network control element is arranged to configure a plurality of optical paths from the source node to the target node across the optical communication network. At least part of each optical path is spatially separate from each other optical path. The network control element is additionally arranged to generate a path sequence defining an order in which the optical paths from the plurality of optical paths are to be used, where the path sequence is a preselected sequence. Further, the communications traffic is transmitted as a series of traffic portions, where each traffic portion is transmitted for a respective preselected transmission period on a respective optical path according to the path sequence.

[0168] The network may be used to ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted or received. The network may provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The network may be used to ensure that even where a fibre tapping attack occurs, the attacker is not able to access the whole of the communications traffic being transmitted or received. The network may provide a further line of defence against malicious eavesdropping and tapping of optical fibres. The network may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The network is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0169] The network does not require radical changes in communication network equipment architectures and may therefore avoid the high implementation costs associated with prior art security systems, such as surveillance and monitoring systems. may also be used in conjunction with the prior art methods of protection implemented at higher network layers, specifically cryptography and steganography, because the action of switching transmission of the communications traffic onto different optical paths is transparent to the network transport layers where conventional security methods and protocols are provided. The network is similarly transparent to embedded optical time domain reflectometry, vibration monitoring systems, and optical network parameter monitoring and may be used in conjunction with these security systems also.

[0170] In an embodiment, the optical communication network transmitter module comprises a plurality of optical transmitters and a digital wrapping element. Each optical transmitter is arranged to operate at a different one of a plurality of optical channels and is coupled to a respective one of the optical outputs. The digital wrapping element is arranged to digitally wrap the communications traffic. The at least one transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the digitally wrapped communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period by a respective optical transmitter according to the path sequence.

[0171] Switching digitally wrapped traffic between different optical channels enables the transmitter module to implement the switching in the digital domain rather than at the optical layer. This may enable faster switching times to be achieved, which may mitigate any transmission performance degradation caused by the optical path hopping.

[0172] In an embodiment, the transmitter module controller is arranged to obtain information identifying a respective different optical channel assigned to each said optical path.

[0173] In an embodiment, the communications traffic in each said traffic portion is only able to be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0174] The amount of traffic in a traffic portion is set by setting the transmission period so that the amount of traffic is such that it can only be reconstructed when recombined with at least one other said traffic portion.

[0175] In an embodiment, the transmitter module controller is arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence on the elapsing of a timer.

[0176] In an embodiment, the transmitter module controller is configured with a switching mechanism. The transmitter module controller is arranged to switch transmission of the digitally wrapped traffic onto the optical channel of the next optical path in the path sequence by implementing the switching mechanism in response to detecting a false alarm signal. Using an existing switching mechanism may offer the advantage of ease of implementation. No hardware protocols may need to be changed.

[0177] In an embodiment, the switching mechanism is a protection switching mechanism. The action of switching the traffic portions onto different optical paths for anti-tapping purposes may therefore have the same complexity as switching traffic for failure recovery purposes.

[0178] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a multi protocol label switching, MPLS, label switched path, LSP. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the MPLS LSP as a series of traffic portions. The action of switching LPSs among alternative paths for anti-tapping purposes has the same complexity of switching LSP for failure recovery purposes.

[0179] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in an optical transport network, OTN, container. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit the optical transport network container as a series of traffic portions. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0180] In an embodiment, the digital wrapping element is arranged to wrap the received communications traffic is wrapped in a plurality of MPLS LSPs. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit each MPLS LSP as a series of traffic portions. The transmitter control signal contains instructions arranged to cause transmission of each MPLS LSP to commence at a different optical path of the path sequence. The MPLS LSPs are transmitted simultaneously.

[0181] In an embodiment, the digital wrapping element is arranged to wrap the communications traffic in a plurality of OTN containers. The transmitter control signal contains instructions arranged to cause the optical transmitters to transmit each OTN container as a series of traffic portions. The transmitter control signal contains instructions arranged to cause transmission of each OTN container to commence at a different optical path of the path sequence. The transmitter control signal contains instructions arranged to cause the OTN containers to be transmitted simultaneously.

[0182] In an embodiment, the digital wrapping element is an IP/MPLS switch.

[0183] In an embodiment, the transmitter module further comprises a buffer. The communications traffic to be transmitted during each transmission period is stored in the buffer for a period at least equal to a switching time for changing to the next optical path in the path sequence. The communications traffic has a data rate and the module controller is arranged to transmit the communication traffic from the buffer at a higher data rate. This may enable continuous transmission of the communications traffic without loss of traffic, which may mitigate transmission performance degradation.

[0184] In an embodiment, the transmitter module further comprises a buffer. The received communications traffic is stored in the buffer before being transmitted. The communications traffic is stored in the buffer for a period at least equal to a total switching time. This may absorb the time required to switch the communications traffic onto each of the optical paths of the path sequence, which may mitigate transmission performance degradation.

[0185] In an embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The transmitter module controller is additionally arranged to determine whether the communications traffic has a said security marker and the module controller is arranged to transmit the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0186] In an embodiment, each traffic portion received at the receiver module is a portion of digitally wrapped communications traffic.

[0187] In an embodiment, each traffic portion received at the receiver module is a portion of a multi protocol label switching, MPLS, label switched path, LSP. Receiving LPSs among alternative paths for anti-tapping purposes has the same complexity as for failure recovery purposes.

[0188] In an embodiment, the receiver module controller is arranged to simultaneously receive a plurality of traffic portions, each being a portion of a different LSP.

[0189] In an embodiment, each traffic portion received at the receiver module is a portion of an optical transport network, OTN. In an embodiment, the OTN container is an optical data unit, ODU, such as ODU1, ODU2, etc.

[0190] In an embodiment, the receiver module controller is arranged to simultaneously receive a plurality of traffic portions, each being a portion of a different OTN container.

[0191] In an embodiment, the network control element is arranged to configure the optical paths such that the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibres following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.

[0192] In an embodiment, the optical communication network is a meshed network and the physically distinct paths are different paths across the meshed network.

[0193] In an embodiment, the optical communication network comprises a plurality of network parts, each network part being operated by a different network operator. The network control element is arranged to configure the optical paths so that the spatially separate parts are located in different network parts. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0194] In an embodiment, the network control element is arranged to configure the optical paths so that the physically distinct paths across the optical communication network are paths across parts of the optical communication network operated by different network operators. Using paths across network parts operated by different network operators may further increase the security of transmission across the network. By hopping among optical paths crossing networks operated by, for example, two different operators, the risks cause where one of the operators less stringently monitors for fibre tapping attacks or has easier access to its fibre infrastructure may be reduced.

[0195] In an embodiment, a part of an optical path may be shared if said part is in a location which is known to be secure.

[0196] In an embodiment, the communications traffic is packet traffic. In an embodiment, the communications traffic is internet protocol, IP, packet traffic.

[0197] In an embodiment, the communications traffic has a security level. The network control element is arranged to configure a plurality of optical paths proportional to the security level. This may enable a longer and more complex path sequence to be configured, which may enable the security of transmission of the communications traffic to be increase proportionally to the security level of the traffic.

[0198] In an embodiment, the network control element is arranged to generate a preselected and deterministic path sequence. The network control element is further arranged to generate and transmit a path sequence signal to the first node and to the second node. This may mitigate transmission performance degradation since the transmitter module and the target node may both know the path sequence and the transmitter module can switch to the next path at the same time as the target node.

[0199] In an embodiment, the network control element is arranged to generate a dynamically changing path sequence by pseudo randomly generating a sequence of the optical paths. The network control element is further arranged to generate and transmit a path sequence signal to the first node and to the second node. This may further increase the security of transmission of the communications traffic.

[0200] In an embodiment, the network comprises a network management system and the network control element is within the network management system.

[0201] In an embodiment, the network management system comprises a path computation engine and the network control element is within the path computation engine.

[0202] An eighth aspect of the invention provides a data carrier having computer readable instructions embodied therein. The computer readable instructions are for providing access to resources available on a processor and the computer readable instructions comprise instructions to cause the processor to perform any of the steps of the above method of transmitting communications traffic in an optical communication network comprising a plurality of nodes.

[0203] A ninth aspect of the invention provides a data carrier having computer readable instructions embodied therein. The computer readable instructions are for providing access to resources available on a processor and the computer readable instructions comprise instructions to cause the processor to perform any of the steps of the above method of receiving communications traffic in an optical communication network comprising a plurality of nodes.

[0204] A tenth aspect of the invention provides a data carrier having computer readable instructions embodied therein. The computer readable instructions are for providing access to resources available on a processor and the computer readable instructions comprise instructions to cause the processor to perform any of the steps of the above method of operating an optical communication network comprising a plurality of nodes.

[0205] In an embodiment, the data carrier is a non-transitory data carrier.

[0206] Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings.

Brief Description of the drawings



[0207] 

Figure 1 shows the steps of a method according to a first embodiment of the invention of transmitting communications traffic in an optical communication network comprising a plurality of nodes;

Figure 2 shows the steps of a method according to a second embodiment of the invention of transmitting communications traffic in an optical communication network comprising a plurality of nodes;

Figure 3 shows the steps of a method according to a third embodiment of the invention of transmitting communications traffic in an optical communication network comprising a plurality of nodes;

Figure 4 shows the steps of a method according to a fourth embodiment of the invention of transmitting communications traffic in an optical communication network comprising a plurality of nodes;

Figure 5 shows the steps of a method according to a fifth embodiment of the invention of receiving communications traffic in an optical communication network comprising a plurality of nodes;

Figure 6 shows the steps of a method according to a sixth embodiment of the invention of operating an optical communication network comprising a plurality of nodes;

Figure 7 shows the steps of a method according to an eighth embodiment of the invention of operating an optical communication network comprising a plurality of nodes;

Figure 8 shows the steps of a method according to a ninth embodiment of the invention of operating an optical communication network comprising a plurality of nodes;

Figure 9 shows the steps of a method according to a tenth embodiment of the invention of operating an optical communication network comprising a plurality of nodes;

Figure 10 illustrates transmission of communications traffic on an MPLS LSP using a prior art method;

Figure 11 illustrates transmission of communications traffic on an MPLS LSP according to an eleventh embodiment of the invention;

Figure 12 illustrates transmission of communications traffic on two MPLS LSPs according to the eleventh embodiment of the invention;

Figure 13 is a schematic representation of a communication network transmitter module according to a twelfth embodiment of the invention;

Figure 14 is a schematic representation of a communication network transmitter module according to a thirteenth embodiment of the invention;

Figure 15 is a schematic representation of a communication network transmitter module according to a fourteenth embodiment of the invention;

Figure 16 is a schematic representation of a communication network receiver module according to a fifteenth embodiment of the invention;

Figure 17 is a schematic representation of a communication network node according to a sixteenth embodiment of the invention; and

Figure 18 is a schematic representation of a communication network according to a seventeenth embodiment of the invention.


Detailed description



[0208] Referring to Figure 1, a first embodiment of the invention provides a method 10 of transmitting communications traffic in an optical communication network comprising a plurality of nodes. The method 10 comprises, at a source node within an optical communication network, receiving communications traffic to be transmitted across the network to a target node 12. The target node is a different node to the source node and is located remote from the source node within the network.

[0209] The method 10 comprises obtaining a path sequence which defines an order in which a plurality of optical paths from the source node to the target node across the optical communication network are to be used 14. At least part of each optical path is spatially separate from each other optical path.

[0210] The method 10 comprises transmitting the communications traffic as a series of traffic portions. Each traffic portion is transmitted for a respective preselected transmission period on a respective optical path according to the path sequence. A first traffic portion is transmitted on the first optical path of the path sequence 16. The next traffic portion is transmitted on the next optical path of the path sequence 18. If all of the communications traffic has been transmitted, the method ends 22. If there is traffic still to be transmitted, the method 10 continues to transmitting the next traffic portion on the next optical path of the path sequence 18, and so on. If all of the optical paths in the path sequence have been used 24, the method returns to the first optical path in the path sequence 26 and so on, following the path sequence until the last traffic portion has been transmitted.

[0211] As will be well known by the person skilled in the art, in an optical network communications traffic is transmitted on an optical channel, also known as a 'lightpath', which has a respective wavelength. Typically, traffic is transmitted on a plurality of optical channels, each of which has a different wavelength. In this embodiment, the communications traffic can be transmitted in one of two different ways, as follows. A single optical channel can be used to transmit all of the traffic, with the optical channel being switched onto a respective optical path for each traffic portion. Alternatively, as will be described in more detail below, the traffic portions can be switched onto different optical channels, with each optical channel being transmitted on a different optical path.

[0212] Referring to Figure 2, a second embodiment of the invention provides a method 30 of transmitting communications traffic in an optical communication network comprising a plurality of nodes which is similar to the method 10, with the following modifications. The same reference numbers are retained for corresponding steps.

[0213] In this embodiment, the method comprises obtaining information identifying an optical channel assigned to each optical path 32; each optical path has a respective, different optical channel assigned to it. The communications traffic is digitally wrapped prior to being transmitted 34. Each traffic portion is therefore a portion of the digitally wrapped traffic.

[0214] The first traffic portion is transmitted on the first optical path of the path sequence, on the optical channel assigned to the first optical path 36. The next traffic portion is transmitted on the next optical path of the path sequence, on the optical channel assigned to that optical path 38. If all of the communications traffic has been transmitted, the method ends 22. If there is traffic still to be transmitted, the method 10 continues to transmitting the next traffic portion on the next optical path of the path sequence on the optical channel assigned to that optical path 38, and so on. If all of the optical paths in the path sequence have been used 24, the method returns to the first optical path in the path sequence, transmitting the next traffic portion on the first optical path, on the optical channel assigned to the first optical path 39, and so on, following the path sequence until the last traffic portion has been transmitted. The traffic portions are therefore switched onto different optical channels for transmission on the respective optical paths of the path sequence.

[0215] Referring to Figure 3, a third embodiment of the invention provides a method 40 of transmitting communications traffic in an optical communication network comprising a plurality of nodes which is similar to the method 30, with the following modifications. The same reference numbers are retained for corresponding steps.

[0216] In this embodiment, the communications traffic is digitally wrapped in a multi protocol label switching, MPLS, label switched path, LSP, prior to being transmitted 42. Each traffic portion is therefore a portion of the MPLS LSP.

[0217] Referring to Figure 4, a fourth embodiment of the invention provides a method 50 of transmitting communications traffic in an optical communication network comprising a plurality of nodes which is similar to the method 30, with the following modifications. The same reference numbers are retained for corresponding steps.

[0218] In this embodiment, the communications traffic is digitally wrapped in an optical transport network, OTN, container, for example an optical data unit, ODU, such as ODU1, ODU2 etc., prior to being transmitted 52. Each traffic portion is therefore a portion of the OTN container.

[0219] Referring to Figure 5, a fifth embodiment of the invention provides a method 60 of receiving communications traffic in an optical communication network comprising a plurality of nodes.

[0220] The method 60 comprises obtaining a path sequence defining an order in which a plurality of optical paths from a source node to the target node across the optical communication network are to be used 62. At least part of each optical path is spatially separate from each other optical path.

[0221] The method comprises receiving a series of traffic portions at a target node within the optical communication network 64. Each traffic portion is received for a respective preselected transmission period from a respective optical path according to the path sequence. The communications traffic may be digitally wrapped communications traffic.

[0222] The method comprises reconstructing the communications traffic from the received traffic portions according to the path sequence 66.

[0223] Referring to Figure 6, a sixth embodiment of the invention provides a method 70 of operating an optical communication network comprising a plurality of nodes.

[0224] The method comprises configuring a plurality of optical paths from a source node to a target node across the optical communication network 72. At least part of each optical path is spatially separate from each other optical path.

[0225] The method comprises, at the source node, transmitting the communications traffic according to any of the methods 10, 30, 40, 50 described above and shown in Figures 1 to 4.

[0226] The method comprises, at the target node, receiving the communications traffic according to the method 60 as described above and shown in Figure 5.

[0227] In a seventh embodiment of the invention, which is similar to the method 70 shown in Figure 6, the spatially separate parts of the optical paths may be physically distinct paths across the optical communication network. Where the network comprises a plurality of smaller networks each operated by a different network operator, the physically distinct paths may additionally be operated by different network operators.

[0228] Alternatively, the spatially separate parts of the optical paths may be different optical fibre cables following a shared physical path across the optical communication network or different optical fibres within an optical fibre cable within the optical communication network.

[0229] Where parts of two or more optical paths are not physically separate, that is, where they share an optical link or a node within the network, the link or node is required to be in a secure location with guaranteed protection against a tapping attack.

[0230] Referring to Figure 7, an eighth embodiment of the invention provides a method 170 of operating an optical communication network comprising a plurality of nodes which is similar to either of the methods of the sixth and seventh embodiments. The same reference numbers are retained for corresponding steps.

[0231] In this embodiment, the method 170 additionally comprises assigning a different optical channel to each of the optical paths which have been configured.

[0232] Referring to Figure 8, a ninth embodiment of the invention provides a method 80 of operating an optical communication network comprising a plurality of nodes which is similar to either of the methods of the sixth and seventh embodiments. The same reference numbers are retained for corresponding steps.

[0233] In this embodiment, the optical communication network is to be operated for communications traffic having a security level. The method 80 comprises configuring a plurality of optical paths proportional to the security level 82.

[0234] A twentieth embodiment of the invention provides a method operating an optical communication network comprising a plurality of nodes which is similar to the method 80 of Figure 8, with the following modifications.

[0235] In this embodiment, the communications traffic comprises a security marker if the communications traffic has a security level. The method comprises determining whether the communications traffic has a security marker and only transmitting the communications traffic as a series of traffic portions if the communications traffic has a said security marker.

[0236] The security marker may comprise information identifying the security level. Where this is the case, the method additionally comprises reading the information to obtain the security level and then configuring the plurality of optical paths to be proportional to the said security level.

[0237] Referring to Figure 9, a tenth embodiment of the invention provides a method 180 of operating an optical communication network comprising a plurality of nodes which is similar to the method 170 shown in Figure 7.

[0238] The path sequence is either a preselected sequence or a dynamically changing sequence. In this embodiment, a dynamically changing path sequence is used and the method comprises pseudo randomly generating a path sequence of the optical paths which have been configured 182. The path sequence is securely communicated to both the source node and the target node each time it changes 184.

[0239] Figure 10 illustrates transmission of packet based communications traffic in a conventional manner that will be well known to the person skilled in the art. The traffic is wrapped in an MPLS LSP (LSP1) 92.

[0240] Three optical paths, PATH1 98, PATH2 102, PATH3 104 have been configured from a source node (node A) 94 to a target node (node B) 96 across an optical communication network 100. Each optical path comprises a plurality of intermediate nodes and optical links connecting the nodes.

[0241] In this example, LSP1 is transmitted on a selected optical channel across PATH 1 and the transmission of LSP1 takes a certain amount of time, ΔT, to complete.

[0242] Figure 11 illustrates a method of operating an optical communication network according to an eleventh embodiment of the invention.

[0243] Three optical paths are configured, as in Figure 10, and a different optical channel is assigned to each optical path. The optical paths are entirely spatially separate from each other in this embodiment. However, the optical paths do not have to be spatially separate and may alternatively comprise two optical fibres following the same point to point path across the network, either in the form of separate optical cables or two optical fibres within the same optical cables.

[0244] Communications traffic is received and is wrapped in an MPLS LSP (LSP1) 92. LSP1 is transmitted across the network using the three paths PATH1, PATH2 and PATH3 in a "circular" sequence of the paths. As shown in Figure 11(a), LPS1 is transmitted over PATH1 for a preselected transmission period ΔT1. A first portion of LSP1 is thereby transmitted on the first optical path in the path sequence. Then LSP1 is switched to PATH2, shown in Figure 11(b), on which it is transmitted for a preselected transmission period ΔT2. A second portion of LSP1 is thereby transmitted on the second optical path in the path sequence. After that LSP1 is switched to PATH3, as shown in Figure 11(c) for a preselected transmission period ΔT3. A third portion of LSP1 is thereby transmitted on the third optical path in the path sequence. At the end of this sequence of spatial hops, that is to say once the end of the path sequence has been reached, LSP1 is switched back onto PATH1, so the fourth portion of LSP1 will be transmitted on the first optical path in the path sequence, and so on. This process continues, following the path sequence, while LSP1 remains active, i.e. until the whole of LSP1 has been transmitted.

[0245] The switching of LSP1 from one path to the next may be achieved using a known protection switching mechanism, which is used for conventional failure recovery at the packet layer. In this scenario, when an optical path is no longer available, for example due to a fibre cut, the LSP which was using this path is sent to an alternative path. In this embodiment, the action of rerouting LSPs for failure recovery is used to reroute LSP1 from PATH1 to PATH2, etc. to achieve spatial hopping.

[0246] The switching of LSP1 from one path to the next may be instigated on expiry of a timer set to the preselected transmission period. Alternatively, switching of LSP1 may be effected by periodically inserting a fictitious signal degrade at the source node, to cause the network's protection switching mechanism to cause the switching of LSP1 onto its next optical path of the path sequence. This may be implemented as follows:
  1. a) configure a pair of worker and protection paths according to the path sequence, the pair having a non-revertive mode;
  2. b) create a fictitious signal degrade on the worker path to be switched;
  3. c) allow the protection switching to switch from the worker path to its paired protection path;
  4. d) change the worker/protection path pair configuration to create new protection/worker pairs according to next switching step in the path sequence;
  5. e) restart at b).


[0247] Using an existing protection switching mechanism within an optical communication network has the advantage of ease of implementation. No hardware protocols need to be changed.

[0248] Considering a switching time, Ts, of 50 ms and a hopping frequency, Rh, being the number of times per second that the optical path being used to transmit LSP1 is changed, the method may cause a reduction in communication traffic throughput of Ts*Rh. To keep the thoughput loss less than 1% a hopping frequency of less than 0.2Hz should be used.

[0249] In order to reduce transmission performance degradation due to switching transmission of LSP1 onto different optical paths, the communications traffic to be transmitted during each transmission period may be stored in a buffer for a period at least equal to the switching time to change from one optical path to the next in the path sequence and then released at higher rate to enable continuous transmission of LSP1 without loss of traffic. As alternative, before starting transmission the whole of LSP1 may be stored in a buffer for a period at least equal to the total of the switching times required, in order to adsorb the time required to switch LSP1 onto each of the optical paths of the path sequence.

[0250] Alternatively, transmission performance degradation may be reduced by communicating the path sequence to both the source node and the target node and synchronising transmission and reception so that the source node and target node automatically switch to the optical transmitter and optical receiver assigned to the next optical path of the path sequence. A protocol similar to that used in Bluetooth wireless communication systems to implement frequency hopping to counteract narrowband interference may be used to implement this.

[0251] In this embodiment it is the MPLS LSP that is switched onto the different optical channels assigned to each optical path rather than the optical channel itself which is switched. So the action of switching the traffic onto the different optical paths in the path sequence is done in the digital domain at the IP/MPLS level and not at the optical layer.

[0252] Alternatively, the communications traffic may be wrapped in an OTN container, such as ODU1, ODU2 etc., which is switched onto the different optical paths in the same manner. In addition, the communications traffic may be transmitted on a single optical channel which is switched onto the different optical paths, using for example an optical-electrical-optical, OEO, switch.

[0253] If an attacker taps an optical link within PATH1 they will be able to tap LSP1 only for the transmission period during which LSP1 is transmitted on PATH1. The transmission period is set such that the traffic transmitted during the preselected transmission period, i.e. the traffic within the first traffic portion transmitted over PATH1, is not auto-consistent, that is to say the traffic can only be reconstructed when recombined with at least one other traffic portion of LSP1. This means that the traffic within one single traffic portion is never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker. The transmission period may for example be selected according to a known cryptographic data splitting algorithm or a known cloud storage data splitting algorithm.

[0254] For simplicity, Figure 11 only shows spatial hopping between three alternative optical paths. In general, a larger number of optical paths may be configured. In this embodiment the path sequence is deterministic: PATH1, PATH2, PATH3.

[0255] The path sequence may be pre-established, and the source node and target node configured with the path sequence during network configuration, to avoid the requirement for any signalling at the optical layer during network operation. Alternatively, the path sequence may be configured statically in the source node and the target node and communicated to the nodes periodically. To increase the security of transmission of the communications traffic the path sequence may be scrambled and communicated to the source and target nodes (Node A and Node B in Figure 11) on a path sequence signal sent on a secure connection between the network controller and the nodes themselves. This may add an additional security level.

[0256] Figure 12 illustrates how the method of the eleventh embodiment, shown in Figure 11, may be extended to transmit two MLPS LSPs, LSP1 92 and LSP2 106, each containing respective communications traffic.

[0257] Conventionally, two LSPs would be transmitted either on two optical channels, on two optical paths of the network 100, or on the same optical channel, on the same optical path. In this embodiment, each LSP is transmitted on the optical paths following the path sequence as illustrated in Figure 11, but while transmission of LSP1 starts on PATH1 98, transmission of LSP2 starts on PATH2 102.

[0258] LPS1 is transmitted over PATH1 for transmission period ΔT1 and during same transmission period LSP2 is transmitted over PATH2, as shown in Figure 12(a). LSP1 is then switched to PATH2 and LSP2 is switched to PATH3, on which they are transmitted for transmission period ΔT2, as in Figure 12(b). LSP1 is then switched to PATH3 and LPS2 is switched to PATH1, for transmission period ΔT3. At the end of the path sequence LSP1 is switched backed onto PATH1 and LSP2 is switched back on PATH2. This process continues while LSP1 remains active and continues while LSP2 remains active, i.e. until the whole of LSP1 and LSP2 have each been transmitted.

[0259] Referring to Figure 13, a twelfth embodiment of the invention provides an optical communication network transmitter module 120 comprising an input 122, a plurality of outputs 124, an optical transmitter 126 and a module controller 128.

[0260] The input 122 is arranged to receive communications traffic to be transmitted. Each output 124 is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network.

[0261] The module controller 128 is arranged to obtain a path sequence defining an order in which a plurality of optical paths from the transmitter module to a target node across the optical communication network are to be used. At least part of each optical path is spatially separate from each other optical path.

[0262] The module controller 128 is arranged to generate and transmit a transmitter control signal 130 containing instructions arranged to cause the optical transmitter to transmit the communications traffic as a series of traffic portions. The instructions are arranged to cause each traffic portion to be transmitted for a respective preselected transmission period on a respective optical path according to the path sequence.

[0263] In this embodiment, the transmitter module 120 also comprises an optical switch 132 between the optical transmitter 126 and the outputs 124. The optical switch is configurable to connect the optical transmitter 126 to a selected on of the outputs 124, to follow the path sequence.

[0264] Referring to Figure 14, a thirteenth embodiment of the invention provides an optical communication network transmitter module 140 which is similar to the optical communication network transmitter module 120 of Figure 13, with the following modifications. The same reference numbers are retained for corresponding features.

[0265] In this embodiment, the transmitter module 140 comprises a plurality of optical transmitters 126 and a digital wrapping element 142.

[0266] Each optical transmitter is arranged to operate at a different one of a plurality of optical channels. Each is coupled to a respective one of the optical outputs 124.

[0267] The digital wrapping element 142 is arranged to digitally wrap the communications traffic.

[0268] In this embodiment, a transmitter control signal 146 is transmitted to each optical transmitter. The transmitter control signals contain instructions arranged to cause the optical transmitters to transmit the digitally wrapped communications traffic as a series of traffic portions. The instructions are arranged to cause each optical transmitter to transmit the digitally wrapped communications traffic on its respective optical channel for a respective preselected transmission period according to the path sequence. The communications traffic is thereby split into traffic portions each of which are transmitted on a respective optical path of the path sequence.

[0269] Referring to Figure 15, a fourteenth embodiment of the invention provides an optical communication network transmitter module 150 which is similar to the optical communication network transmitter module 140 of Figure 14, with the following modifications. The same reference numbers are retained for corresponding features.

[0270] The transmitter module of this embodiment is a packet-optical transmitter module comprising an IP/MPLS switch 152 and an optical switch 158, for example a reconfigurable optical add-drop multiplexer, ROADM. The optical switch is coupled to the outputs 124 by optical multiplexers 154, such as an arrayed waveguide grating, AWG, or a wavelength selective switch, WSS. The IP/MPLS switch is arranged to generate control signals 156 comprising instructions arranged to request optical connectivity at the optical layer. Communications traffic packets received at the transmitter module 150 are wrapped in MPLS LSPs by the IP/MPLS switch 152.

[0271] The IP/MPLS switch 152 has a first input 121 for receiving communications traffic which is not to be transmitted as traffic portions. As can be seen, a single control signal 156 is generated, since all of the communications traffic is to be transmitted on a single optical path. The IP/MPLS switch 152 also has a second input 122 for receiving communications traffic which is to be wrapped in an MPLS LSP, to be transmitted as traffic portions on different optical paths of the path sequence, as described above.

[0272] Referring to Figure 16, a fifteenth embodiment of the invention provides an optical communication network receiver module 160 comprising a plurality of inputs 162, a plurality of optical receivers 164 and a module controller 166.

[0273] Each input is arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network from a source node to the receiver module. At least part of each optical path is spatially separate from each other optical path. Each optical receiver 164 is coupled to a respective one of the inputs.

[0274] The module controller 166 is arranged to:

obtain a path sequence defining an order in which the plurality of optical paths across the optical communication network are to be used;

receive a series of traffic portions, each traffic portion being received for a respective preselected transmission period on a respective optical channel from a respective optical path according to the path sequence; and

reconstruct the communications traffic from the received traffic portions according to the path sequence.



[0275] The communications traffic in each traffic portion may only be reconstructed when recombined with at least one other said traffic portion. This means that one single traffic portion in never sufficient to allow an attacker to reconstruct the communications traffic, which may ensure that even if there is an optical fibre tapping attack on an optical fibre of one of the optical paths, the communications traffic obtained by the attacker cannot provide any useful information to the attacker.

[0276] Referring to Figure 17, a sixteenth embodiment of the invention provides an optical communication network node 170 comprising an optical communication network transmitter 120 as shown in Figure 13 and an optical communication network receiver 160 as shown in Figure 16.

[0277] The node 170 may alternatively comprise an optical communication network transmitter 140 as shown in Figure 14 or an optical communication network transmitter 150 as shown in Figure 15.

[0278] Referring to Figure 18, a seventeenth embodiment of the invention provides an optical communication network 190 comprising a source node 192, a target node 194, a plurality of intermediate nodes 196, a plurality of optical fibre links 198 each connecting a pair of the nodes and a network control element 200.

[0279] The source node 192 comprises an optical communication network transmitter module 120 as shown in Figure 13. It will be understood that the optical transmitter modules 140, 150 shown in Figures 14 and 15 may alternatively be used. The target node 194 comprises an optical communication network receiver module 160 as shown in Figure 16.

[0280] The network 190 is shown here as being a meshed network but other network configurations may be used. The network does not have to be a meshed network, it is sufficient that at least two disjointed/spatially separate paths exist between the source and target nodes. A meshed network may provide an advantage that a larger number of spatially separate paths may be configured.

[0281] The network control element 200 is arranged to configure a plurality of optical paths from the source node 192 to the target node 194 across the network 190. Each optical path comprises at least one optical link 198 and may comprise one or more of the intermediate nodes 196. At least part of each optical path is spatially separate from each other optical path. In this embodiment the optical paths are physically distinct paths across the network. The optical paths may alternatively comprise different optical fibres sharing the same point to point path across the network, which may be implemented as optical fibres in different optical cables following the same path or as different optical fibres sharing the same optical cables along the path.

[0282] The network control element 200 is additionally arranged to generate a path sequence defining an order in which the optical paths are to be used. In this embodiment, the network control element is additionally arranged to generate and transmit a path sequence signal 202 containing the path sequence to the source node.

[0283] An eighteenth embodiment of the invention provides an optical communication network having the same structure as the network 190 shown in Figure 18. In this embodiment, the communications traffic has a security level and the network control element 200 is arranged to configure a plurality of optical paths proportional to the security level.

[0284] The communications traffic may comprise a security marker to indicate that it is to be transmitted as a series of traffic portions according to the path sequence. The transmitter module controller may additionally be arranged to determine whether a security marker is present on the communications traffic and to transmit the communications traffic as a series of traffic portions only if a security marker is present.

[0285] The security marker may contain information identifying the security level of the communications traffic and the network control element is arranged to configure a plurality of optical paths proportional to that security level.

[0286] A nineteenth embodiment of the invention provides an optical communication network having the same structure as the network 190 shown in Figure 18. In this embodiment, the network control element 200 is arranged to generate a dynamically changing path sequence by pseudo randomly generating a sequence of the optical paths. The network control element is additionally arranged to generate and transmit a path sequence signal 202 containing the path sequence to the first node and to the second node.


Claims

1. A method (10, 30, 40, 50) of transmitting communications traffic in an optical communication network comprising a plurality of nodes, the method (10, 30, 40, 50) comprising, at a source node:

receiving (12) communications traffic to be transmitted across the optical communication network to a target node;

obtaining (14) a path sequence defining an order in which a plurality of optical paths from the source node to the target node across the optical communication network are to be used, at least part of each optical path being spatially separate from each other optical path; and

transmitting (16, 18, 20, 22, 24, 26, 36, 38, 39) the communications traffic as a series of traffic portions, each traffic portion being transmitted for a respective preselected transmission period on a respective optical path according to the path sequence, wherein the path sequence is a preselected sequence.


 
2. The method (10, 30, 40, 50) as claimed in claim 1, wherein the method comprises obtaining information identifying a respective different optical channel assigned to each said optical path and digitally wrapping (34, 42, 52) the communications traffic, and wherein the digitally wrapped communications traffic is transmitted (36, 38, 39) as the series of traffic portions, each traffic portion being transmitted on the optical channel assigned to its respective optical path.
 
3. A method (60) of receiving communications traffic in an optical communication network comprising a plurality of nodes, the method comprising:

obtaining (62) a path sequence defining an order in which a plurality of optical paths from a source node to a target node across the optical communication network are to be used, at least part of each optical path being spatially separate from each other optical path;

receiving (64) a series of traffic portions at the target node, each traffic portion being received for a respective preselected transmission period from a respective optical path according to the path sequence; and

reconstructing (66) the communications traffic from the received traffic portions according to the path sequence, wherein the path sequence is a preselected sequence.


 
4. The method (60) as claimed in claim 3, wherein each traffic portion is a portion of digitally wrapped communications traffic.
 
5. The method as claimed in any preceding claim, wherein the communications traffic in each said traffic portion can only be reconstructed when recombined with at least one other said traffic portion, and/or, wherein the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network, different optical fibre cables following a shared physical path across the optical communication network and different optical fibres within an optical fibre cable within the optical communication network.
 
6. A method (70, 80, 172, 180) of operating an optical communication network comprising a plurality of nodes, the method comprising:

configuring (72, 82) a plurality of optical paths from a source node to a target node across the optical communication network, at least part of each optical path being spatially separate from each other optical path;

at the source node, transmitting the communications traffic according to the method (10, 30, 40, 50) as claimed in any of claims 1, 2, and 5; and

at the target node, receiving the communications traffic according to the method (60) as claimed in any of claims 3 to 6, wherein the path sequence is a preselected sequence.


 
7. The method (70, 80, 172, 180) as claimed in claim 6, wherein the optical communication network is to be operated for communications traffic having a security level and the plurality of optical paths configured (82) is proportional to the security level.
 
8. An optical communication network transmitter module (120, 140, 150) comprising:

an input (122) arranged to receive communications traffic to be transmitted;

a plurality of outputs (124), each arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network;

an optical transmitter (126); and

a module controller (128, 144, 152) arranged to:

obtain a path sequence defining an order in which a plurality of optical paths from the transmitter module (120, 140, 150) to a target node across the optical communication network are to be used, at least part of each optical path being spatially separate from each other optical path; and

generate and transmit at least one transmitter control signal (130, 146) containing instructions arranged to cause the optical transmitter (126) to transmit the communications traffic as a series of traffic portions, the instructions arranged to cause each traffic portion to be transmitted for a respective preselected transmission period on a respective optical path according to the path sequence, wherein the path sequence is a preselected sequence.


 
9. The optical communication network transmitter module (120, 140, 150) as claimed in claim 8 and comprising:

a plurality of optical transmitters (126) each arranged to operate at a different one of a plurality of optical channels and each coupled to a respective one of the optical outputs; and

a digital wrapping element (142, 152) arranged to digitally wrap the communications traffic, and wherein the at least one transmitter control signal (130, 146) contains instructions arranged to cause the optical transmitters (126) to transmit the digitally wrapped communications traffic as the series of traffic portions, the instructions arranged to cause each traffic portion to be transmitted for a respective preselected transmission period by a respective optical transmitter (126) according to the path sequence, and/or,

wherein the communications traffic in each said traffic portion can only be reconstructed when recombined with at least one other said traffic portion.


 
10. An optical communication network receiver module (160) comprising:

a plurality of inputs (162), each arranged to be coupled to a respective one of a plurality of optical paths across an optical communication network from a source node to the receiver module (160), at least part of each optical path being spatially separate from each other optical path;

a plurality of optical receivers (164) each coupled to a respective one of the inputs; and a module controller (166) arranged to:

obtain a path sequence defining an order in which the plurality of optical paths across the optical communication network are to be used;

receive a series of traffic portions, each traffic portion being received for a respective preselected transmission period on a respective optical channel from a respective optical path according to the path sequence; and

reconstruct the communications traffic from the received traffic portions according to the path sequence, wherein the path sequence is a preselected sequence.


 
11. An optical communication network (190) comprising:

a source node (192) comprising an optical communication network transmitter module (120, 140, 150) as claimed in any of claims 8 to 9;

a target node (194) comprising an optical communication network receiver module (160) as claimed in claim 10;

a plurality of intermediate nodes (196);

a plurality of optical fibre links (198) each connecting a pair of the nodes; and

a network control element (200) arranged to:

configure a plurality of optical paths from the source node (192) to the target node (194) across the optical communication network (190), at least part of each optical path being spatially separate from each other optical path; and

generate a path sequence defining an order in which the optical paths are to be used, wherein the path sequence is a preselected sequence.


 
12. The optical communication network (190) as claimed in claim 11, wherein the network control element (200) is arranged to configure the optical paths such that the spatially separate parts of the optical paths comprise one of physically distinct paths across the optical communication network (190), different optical fibres following a shared physical path across the optical communication network (190) and different optical fibres within an optical fibre cable within the optical communication network (190).
 
13. The optical communication network (190) as claimed in claim 11 or claim 12, wherein the communications traffic has a security level and the network control element (200) is arranged to configure a plurality of optical paths proportional to the security level, and/or, wherein the network control element (200) is arranged to generate a dynamically changing path sequence by pseudo randomly generating a sequence of the optical paths and wherein the network control element (200) is further arranged to generate and transmit a path sequence signal (202) to the source node (192) and to the target node (194).
 
14. A data carrier having computer readable instructions embodied therein, the computer readable instructions being for providing access to resources available on a processor and the computer readable instructions comprising instructions to cause the processor to perform any of the steps of the method of transmitting communications traffic in an optical communication network (190) comprising a plurality of nodes as claimed in any of claims 1 to 2 and 4 to 5.
 
15. A network control element (200) arranged to configure a source node (192), a target node (194) and one or more intermediate nodes (196) in an optical communication network (190), wherein the network control element (200) is arranged to:

configure a plurality of optical paths from the source node (192) to the target node (194) across the optical communication network (190), at least part of each optical path being spatially separate from each other optical path; and

generate and transmit a path sequence to the source node and to the target node defining an order in which the optical paths from the plurality of optical paths are to be used, wherein the path sequence is a preselected sequence, and

wherein communications traffic is to be transmitted by the source node as a series of traffic portions, each traffic portion being transmitted for a respective preselected transmission period on a respective optical path according to the path sequence.


 


Ansprüche

1. Verfahren (10, 30, 40, 50) zum Übertragen von Kommunikationsverkehr in einem optischen Kommunikationsnetzwerk, das eine Vielzahl von Knoten umfasst, wobei das Verfahren (10, 30, 40, 50) an einem Quellknoten umfasst:

Empfangen (12) von Kommunikationsverkehr, der über das optische Kommunikationsnetzwerk zu einem Zielknoten übertragen werden soll;

Erhalten (14) einer Pfadsequenz, die eine Reihenfolge definiert, in der eine Vielzahl optischer Pfade vom Quellknoten zum Zielknoten über das optische Kommunikationsnetzwerk zu verwenden ist, wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist; und

Übertragen (16, 18, 20, 22, 24, 26, 36, 38, 39) des Kommunikationsverkehrs als Reihe von Verkehrsabschnitten,

wobei jeder Verkehrsabschnitt während eines jeweiligen vorgewählten Übertragungszeitraums auf einem jeweiligen optischen Pfad gemäß der Pfadsequenz übertragen wird, wobei die Pfadsequenz eine vorgewählte Sequenz ist.


 
2. Verfahren (10, 30, 40, 50) nach Anspruch 1, wobei das Verfahren ein Erhalten von Informationen umfasst, die den jeweiligen anderen optischen Kanal kennzeichnen, der jedem optischen Pfad zugewiesen ist, und den Kommunikationsverkehr digital umhüllen (34, 42, 52), und der digital umhüllte Kommunikationsverkehr als Reihe von Verkehrsabschnitten übertragen wird (36, 38, 39), wobei jeder Verkehrsabschnitt auf dem optischen Kanal übertragen wird, der dessen jeweiligem optischen Pfad zugewiesen ist.
 
3. Verfahren (60) zum Empfangen von Kommunikationsverkehr in einem optischen Kommunikationsnetzwerk, das eine Vielzahl von Knoten umfasst, wobei das Verfahren umfasst:

Erhalten (62) einer Pfadsequenz, die eine Reihenfolge definiert, in der eine Vielzahl optischer Pfade von einem Quellknoten zu einem Zielknoten über das optische Kommunikationsnetzwerk zu verwenden ist, wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist;

Empfangen (64) einer Reihe von Verkehrsabschnitten am Zielknoten, wobei jeder Verkehrsabschnitt während eines jeweiligen vorgewählten Übertragungszeitraums von einem jeweiligen optischen Pfad gemäß der Pfadsequenz empfangen wird; und

Rekonstruieren (66) des Kommunikationsverkehrs aus den empfangenen Verkehrsabschnitten gemäß der Pfadsequenz, wobei die Pfadsequenz eine vorgewählte Sequenz ist.


 
4. Verfahren (60) nach Anspruch 3, wobei jeder Verkehrsabschnitt ein Abschnitt von digital umhülltem Kommunikationsverkehr ist.
 
5. Verfahren nach einem der vorhergehenden Ansprüche, wobei der Kommunikationsverkehr in jedem Verkehrsabschnitt nur rekonstruiert werden kann, wenn er mit mindestens einem anderen Verkehrsabschnitt rekombiniert wird, und/oder wobei die räumlich getrennten Teile der optischen Pfade eines aus physisch getrennten Pfaden über das optische Kommunikationsnetzwerk, unterschiedlichen Lichtwellenleiterkabeln, die einem gemeinsam genutzten physischen Pfad über das optische Kommunikationsnetzwerk folgen, und unterschiedlichen Lichtwellenleitern innerhalb eines Lichtwellenleiterkabels innerhalb des optischen Kommunikationsnetzwerks umfassen.
 
6. Verfahren (70, 80, 172, 180) zum Betreiben eines optischen Kommunikationsnetzwerks, das eine Vielzahl von Knoten umfasst, wobei das Verfahren umfasst:

Konfigurieren (72, 82) einer Vielzahl optischer Pfade von einem Quellknoten zu einem Zielknoten über das optische Kommunikationsnetzwerk, wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist;

am Quellknoten Übertragen des Kommunikationsverkehrs gemäß dem Verfahren (10, 30, 40, 50) nach einem der Ansprüche 1, 2 und 5; und

am Zielknoten Empfangen des Kommunikationsverkehrs gemäß dem Verfahren (60) nach einem der Ansprüche 3 bis 6, wobei die Pfadsequenz eine vorgewählte Sequenz ist.


 
7. Verfahren (70, 80, 172, 180) nach Anspruch 6, wobei das optische Kommunikationsnetzwerk für Kommunikationsverkehr betrieben werden soll, der eine Sicherheitsebene aufweist, und die Vielzahl optischer Pfade proportional zur Sicherheitsebene konfiguriert ist (82).
 
8. Sendermodul (120, 140, 150) eines optischen Kommunikationsnetzwerks, umfassend:

einen Eingang (122), der eingerichtet ist, um zu übertragenden Kommunikationsverkehr zu empfangen;

eine Vielzahl von Ausgängen (124), die jeweils eingerichtet sind, um mit einem jeweiligen einer Vielzahl optischer Pfade über ein optisches Kommunikationsnetzwerk verbunden zu werden;

einen optischen Sender (126); und

eine Modulsteuereinheit (128, 144, 152), die eingerichtet ist, um:

eine Pfadsequenz zu erhalten, die eine Reihenfolge definiert, in der eine Vielzahl optischer Pfade vom Sendermodul (120, 140, 150) zu einem Zielknoten über das optische Kommunikationsnetzwerk zu verwenden ist, wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist; und

mindestens ein Sendersteuersignal (130, 146) zu erzeugen und zu übertragen, das Anweisungen enthält, die eingerichtet sind, um zu bewirken, dass der optische Sender (126) den Kommunikationsverkehr als Reihe von Verkehrsabschnitten überträgt, wobei die Anweisungen eingerichtet sind, um zu bewirken, dass jeder Verkehrsabschnitt während eines jeweiligen vorgewählten Übertragungszeitraums auf einem jeweiligen optischen Pfad gemäß der Pfadsequenz übertragen wird, wobei die Pfadsequenz eine vorgewählte Sequenz ist.


 
9. Sendermodul (120, 140, 150) eines optischen Kommunikationsnetzwerks nach Anspruch 8 und umfassend:

eine Vielzahl optischer Sender (126), von denen jeder eingerichtet ist, um auf einem anderen einer Vielzahl optischer Kanäle zu arbeiten und jeder mit einem jeweiligen der optischen Ausgänge verbunden ist; und

ein digitales Umhüllungselement (142, 152), das eingerichtet ist, um den Kommunikationsverkehr digital zu umhüllen, und

wobei das mindestens eine Sendersteuersignal (130, 146) Anweisungen enthält, die eingerichtet sind, um zu bewirken,

dass die optischen Sender (126) den digital umhüllten Kommunikationsverkehr als Reihe von Verkehrsabschnitten übertragen, wobei die Anweisungen eingerichtet sind, um zu bewirken, dass jeder Verkehrsabschnitt während eines jeweiligen vorgewählten Übertragungszeitraums durch einen jeweiligen optischen Sender (126) gemäß der Pfadsequenz übertragen wird, und/oder wobei der Kommunikationsverkehr in jedem Verkehrsabschnitt nur rekonstruiert werden kann, wenn er mit mindestens einem anderen Verkehrsabschnitt rekombiniert wird.


 
10. Empfängermodul (160) eines optischen Kommunikationsnetzwerks, umfassend:

eine Vielzahl von Eingängen (162), die jeweils eingerichtet sind, um mit einem jeweiligen einer Vielzahl optischer Pfade über ein optisches Kommunikationsnetzwerk von einem Quellknoten mit dem Empfängermodul (160) verbunden zu werden,

wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist;

eine Vielzahl optischer Empfänger (164), von denen jeder mit einem jeweiligen der Eingänge verbunden ist; und eine Modulsteuereinheit (166), die eingerichtet ist, um:

eine Pfadsequenz zu erhalten, die eine Reihenfolge definiert, in der die Vielzahl optischer Pfade über das optische Kommunikationsnetzwerk zu verwenden ist;

eine Reihe von Verkehrsabschnitten zu empfangen, wobei jeder Verkehrsabschnitt während eines jeweiligen vorgewählten Übertragungszeitraums auf einem jeweiligen optischen Kanal von einem jeweiligen optischen Pfad gemäß der Pfadsequenz empfangen wird; und

den Kommunikationsverkehr aus den empfangenen Verkehrsabschnitten gemäß der Pfadsequenz zu rekonstruieren,

wobei die Pfadsequenz eine vorgewählte Sequenz ist.


 
11. Optisches Kommunikationsnetzwerk (190), umfassend:

einen Quellknoten (192), der ein Sendermodul (120, 140, 150) des optischen Kommunikationsnetzwerks nach einem der Ansprüche 8 bis 9 umfasst;

einen Zielknoten (194), der ein Empfängermodul (160) des optischen Kommunikationsnetzwerks nach Anspruch 10 umfasst;

eine Vielzahl von Zwischenknoten (196);

eine Vielzahl von Lichtwellenleiterverbindungen (198), die jeweils ein Paar der Knoten verbinden; und

ein Netzwerksteuerelement (200), das eingerichtet ist, um:

eine Vielzahl optischer Pfade vom Quellknoten (192) zum Zielknoten (194) über das optische Kommunikationsnetzwerk (190) zu konfigurieren, wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist; und

eine Pfadsequenz zu erzeugen, die eine Reihenfolge definiert, in der die optischen Pfade zu verwenden sind, wobei die Pfadsequenz eine vorgewählte Sequenz ist.


 
12. Optisches Kommunikationsnetzwerk (190) nach Anspruch 11, wobei das Netzwerksteuerelement (200) eingerichtet ist, um die optischen Pfade derart zu konfigurieren, dass die räumlich getrennten Teile der optischen Pfade eines aus physisch getrennten Pfaden über das optische Kommunikationsnetzwerk (190), unterschiedlichen Lichtwellenleitern, die einem gemeinsam genutzten physischen Pfad über das optische Kommunikationsnetzwerk (190) folgen, und unterschiedlichen Lichtwellenleitern innerhalb eines Lichtwellenleiterkabels innerhalb des optischen Kommunikationsnetzwerks (190) umfassen.
 
13. Optisches Kommunikationsnetzwerk (190) nach Anspruch 11 oder Anspruch 12, wobei der Kommunikationsverkehr eine Sicherheitsebene aufweist und das Netzwerksteuerelement (200) eingerichtet ist, um eine Vielzahl optischer Pfade proportional zur Sicherheitsebene zu konfigurieren und/oder wobei das Netzwerksteuerelement (200) eingerichtet ist, um eine sich dynamisch ändernde Pfadsequenz durch pseudozufälliges Erzeugen einer Sequenz der optischen Pfade zu erzeugen und wobei das Netzwerksteuerelement (200) ferner eingerichtet ist, um ein Pfadsequenzsignal (202) zu erzeugen und zum Quellknoten (192) und zum Zielknoten (194) zu übertragen.
 
14. Datenträger, der darauf verkörperte computerlesbare Anweisungen aufweist, wobei die computerlesbaren Anweisungen zum Bereitstellen eines Zugriffs auf Ressourcen vorliegen, die auf einem Prozessor verfügbar sind, und die computerlesbaren Anweisungen Anweisungen umfassen, die bewirken, dass der Prozessor beliebige der Schritte des Verfahrens zum Übertragen von Kommunikationsverkehr in einem optischen Kommunikationsnetzwerk (190) durchführt, das eine Vielzahl von Knoten gemäß einem der Ansprüche 1 bis 2 und 4 bis 5 umfasst.
 
15. Netzwerksteuerelement (200), das eingerichtet ist, um einen Quellknoten (192), einen Zielknoten (194) und einen oder mehrere Zwischenknoten (196) in einem optischen Kommunikationsnetzwerk (190) zu konfigurieren, wobei das Netzwerksteuerelement (200) eingerichtet ist, um:

eine Vielzahl optischer Pfade vom Quellknoten (192) zum Zielknoten (194) über das optische Kommunikationsnetzwerk (190) zu konfigurieren, wobei mindestens ein Teil jedes optischen Pfads von jedem anderen optischen Pfad räumlich getrennt ist; und

eine Pfadsequenz zu erzeugen und zum Quellknoten und zum Zielknoten zu übertragen, die eine Reihenfolge definiert, in der die optischen Pfade aus der Vielzahl optischer Pfade zu verwenden sind, wobei die Pfadsequenz eine vorgewählte Sequenz ist und wobei Kommunikationsverkehr durch den Quellknoten als Reihe von Verkehrsabschnitten zu übertragen ist, wobei jeder Verkehrsabschnitt während eines jeweiligen vorgewählten Übertragungszeitraums auf einem jeweiligen optischen Pfad gemäß der Pfadsequenz zu übertragen ist.


 


Revendications

1. Procédé (10, 30, 40, 50) d'émission de trafic de communication dans un réseau de communication optique comprenant une pluralité de nœuds, le procédé (10, 30, 40, 50) comprenant, au niveau d'un nœud source :

la réception (12) du trafic de communication à transmettre sur le réseau de communication optique à un nœud cible ;

l'obtention (14) d'une séquence de trajets définissant un ordre dans lequel une pluralité de trajets optiques allant du nœud source au nœud cible sur le réseau de communication optique doivent être utilisés, au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ; et

l'émission (16, 18, 20, 22, 24, 26, 36, 38, 39) du trafic de communication sous la forme d'une série de parties de trafic,

chaque partie de trafic étant émise pendant une période d'émission présélectionnée respective sur un trajet optique respectif selon la séquence de trajets, dans lequel la séquence de trajets est une séquence présélectionnée.


 
2. Procédé (10, 30, 40, 50) selon la revendication 1, dans lequel le procédé comprend l'obtention d'informations identifiant un canal optique différent respectif attribué à chaque dit trajet optique et l'encapsulation numérique (34, 42, 52) du trafic de communication, et dans lequel le trafic de communication encapsulé numériquement est émis (36, 38, 39) sous la forme de la série de parties de trafic, chaque partie de trafic étant émise sur le canal optique attribué à son trajet optique respectif.
 
3. Procédé (60) de réception de trafic de communication dans un réseau de communication optique comprenant une pluralité de nœuds, le procédé comprenant :

l'obtention (62) d'une séquence de trajets définissant un ordre dans lequel une pluralité de trajets optiques allant d'un nœud source à un nœud cible sur le réseau de communication optique doivent être utilisés, au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ;

la réception (64) d'une série de parties de trafic au niveau du nœud cible, chaque partie de trafic étant reçue pendant une période d'émission présélectionnée respective à partir d'un trajet optique respectif selon la séquence de trajets ; et

la reconstitution (66) du trafic de communication à partir des parties de trafic reçues selon la séquence de trajets, dans lequel la séquence de trajets est une séquence présélectionnée.


 
4. Procédé (60) selon la revendication 3, dans lequel chaque partie de trafic est une partie de trafic de communication encapsulée numériquement.
 
5. Procédé selon une quelconque revendication précédente, dans lequel le trafic de communication dans chaque dite partie de trafic ne peut être reconstitué que lorsqu'il est reformé avec au moins une autre dite partie de trafic, et/ou, dans lequel les parties spatialement séparées des trajets optiques comprennent les uns parmi des trajets physiquement distincts sur le réseau de communication optique, des câbles à fibres optiques différents suivant un trajet physique partagé sur le réseau de communication optique et des fibres optiques différentes à l'intérieur d'un câble à fibres optiques à l'intérieur du réseau de communication optique.
 
6. Procédé (70, 80, 172, 180) d'exploitation d'un réseau de communication optique comprenant une pluralité de nœuds, le procédé comprenant :

la configuration (72, 82) d'une pluralité de trajets optiques allant d'un nœud source à un nœud cible sur le réseau de communication optique, au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ;

au niveau du nœud source, l'émission du trafic de communication selon le procédé (10, 30, 40, 50) selon l'une quelconque des revendications 1, 2 et 5 ; et

au niveau du nœud cible, la réception du trafic de communication selon le procédé (60) selon l'une quelconque des revendications 3 à 6, dans lequel la séquence de trajets est une séquence présélectionnée.


 
7. Procédé (70, 80, 172, 180) selon la revendication 6, dans lequel le réseau de communication optique doit être exploité pour le trafic de communication ayant un niveau de sécurité et la pluralité de trajets optiques configurés (82) est proportionnelle au niveau de sécurité.
 
8. Module émetteur de réseau de communication optique (120, 140, 150) comprenant :

une entrée (122) conçue pour recevoir le trafic de communication à émettre ;

une pluralité de sorties (124), chacune conçue pour être couplée à un trajet respectif parmi une pluralité de trajets optiques sur un réseau de communication optique ;

un émetteur optique (126) ; et

un dispositif de commande de module (128, 144, 152) conçu pour :

obtenir une séquence de trajets définissant un ordre dans lequel une pluralité de trajets optiques allant du module émetteur (120, 140, 150) à un nœud cible sur le réseau de communication optique doivent être utilisés, au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ; et

générer et émettre au moins un signal de commande d'émetteur (130, 146) contenant des instructions conçues pour amener l'émetteur optique (126) à émettre le trafic de communication sous la forme d'une série de parties de trafic, les instructions étant conçues pour amener chaque partie de trafic à être émise pendant une période d'émission présélectionnée respective sur un trajet optique respectif selon la séquence de trajets, dans lequel la séquence de trajets est une séquence présélectionnée.


 
9. Module émetteur de réseau de communication optique (120, 140, 150) selon la revendication 8 et comprenant :

une pluralité d'émetteurs optiques (126) conçus chacun pour fonctionner au niveau d'un canal différent parmi une pluralité de canaux optiques et couplé chacun à une sortie respective des sorties optiques ; et

un élément d'encapsulation numérique (142, 152) conçu pour encapsuler numériquement le trafic de communication, et dans lequel l'au moins un signal de commande d'émetteur (130, 146) contient des instructions conçues pour amener les émetteurs optiques (126) à émettre le trafic de communication encapsulé numériquement sous la forme la série de parties de trafic, les instructions étant conçues pour amener chaque partie de trafic à être émise pendant une période d'émission présélectionnée respective par un émetteur optique respectif (126) selon la séquence de trajets, et/ou,

dans lequel le trafic de communication dans chaque dite partie de trafic ne peut être reconstitué que lorsqu'il est reformé avec au moins une autre dite partie de trafic.


 
10. Module récepteur de réseau de communication optique (160) comprenant :

une pluralité d'entrées (162), chacune conçue pour être couplée à un trajet optique respectif parmi une pluralité de trajets optiques sur un réseau de communication optique allant d'un nœud source au module récepteur (160), au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ;

une pluralité de récepteurs optiques (164) couplés chacun à une entrée respective des entrées ; et un dispositif de commande de module (166) conçu pour :

obtenir une séquence de trajets définissant un ordre dans lequel la pluralité de trajets optiques sur le réseau de communication optique doivent être utilisés ;

recevoir une série de parties de trafic, chaque partie de trafic étant reçue pendant une période d'émission présélectionnée respective sur un canal optique respectif à partir d'un trajet optique respectif selon la séquence de trajets ; et

reconstituer le trafic de communication à partir des parties de trafic reçues selon la séquence de trajets, dans lequel la séquence de trajets est une séquence présélectionnée.


 
11. Réseau de communication optique (190) comprenant :

un nœud source (192) comprenant un module émetteur de réseau de communication optique (120, 140, 150) selon l'une quelconque des revendications 8 à 9 ;

un nœud cible (194) comprenant un module récepteur de réseau de communication optique (160) selon la revendication 10 ;

une pluralité de nœuds intermédiaires (196) ;

une pluralité de liaisons à fibres optiques (198) connectant chacune une paire des nœuds ; et

un élément de commande de réseau (200) conçu pour :

configurer une pluralité de trajets optiques allant du nœud source (192) au nœud cible (194) sur le réseau de communication optique (190), au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ; et

générer une séquence de trajets définissant un ordre dans lequel les trajets optiques doivent être utilisés, dans lequel la séquence de trajets est une séquence présélectionnée.


 
12. Réseau de communication optique (190) selon la revendication 11, dans lequel l'élément de commande de réseau (200) est conçu pour configurer les trajets optiques de sorte que les parties spatialement séparées des trajets optiques comprennent les uns parmi des trajets physiquement distincts sur le réseau de communication optique (190), des fibres optiques différentes suivant un trajet physique partagé sur le réseau de communication optique (190) et des fibres optiques différentes à l'intérieur d'un câble à fibres optiques à l'intérieur du réseau de communication optique (190).
 
13. Réseau de communication optique (190) selon la revendication 11 ou la revendication 12, dans lequel le trafic de communication a un niveau de sécurité et l'élément de commande de réseau (200) est conçu pour configurer une pluralité de trajets optiques proportionnels au niveau de sécurité, et/ou, dans lequel l'élément de commande de réseau (200) est conçu pour générer une séquence de trajets changeant dynamiquement en générant de manière pseudo-aléatoire une séquence des trajets optiques et dans lequel l'élément de commande de réseau (200) est en outre conçu pour générer et transmettre un signal de séquence de trajets (202) au nœud source (192) et au nœud cible (194) .
 
14. Support de données comportant des instructions lisibles par ordinateur, les instructions lisibles par ordinateur étant destinées à fournir un accès à des ressources disponibles sur un processeur et les instructions lisibles par ordinateur comprenant des instructions pour amener le processeur à mettre en œuvre l'une quelconque des étapes du procédé d'émission de trafic de communication dans un réseau de communication optique (190) comprenant une pluralité de nœuds selon l'une quelconque des revendications 1 à 2 et 4 à 5.
 
15. Élément de commande de réseau (200) conçu pour configurer un nœud source (192), un nœud cible (194) et un ou plusieurs nœuds intermédiaires (196) dans un réseau de communication optique (190), dans lequel l'élément de commande de réseau (200) est conçu pour :

configurer une pluralité de trajets optiques allant du nœud source (192) au nœud cible (194) sur le réseau de communication optique (190), au moins une partie de chaque trajet optique étant spatialement séparée de chaque autre trajet optique ; et

générer et transmettre une séquence de trajets au nœud source et au nœud cible définissant un ordre dans lequel les trajets optiques de la pluralité de trajets optiques doivent être utilisés, dans lequel la séquence de trajets est une séquence présélectionnée et dans lequel le trafic de communication doit être émis par le nœud source sous la forme d'une série de parties de trafic, chaque partie de trafic étant émise pendant une période d'émission présélectionnée respective sur un trajet optique respectif selon la séquence de trajets.


 




Drawing





















































Cited references

REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description