Layer 1 Encryption in WDM Transport Systems. Dr. Henning Hinderthür, PLM

Similar documents
WDM Systems and Applications

Adventures in Multi-Layer, Multi- Vendor Network Control. Wes Doonan Control Plane R&D July 2010

InfiniBand and Next Generation Enterprise Networks

Encryption in high-speed optical networks

INNOVATIVE PACKET-OPTICAL NETWORKS FROM ACCESS TO CORE THE TRANSMODE TM-SERIES

Packet-Optical SDN Field Trial for Multi-Layer Network Optimization. Jim Theodoras May 2016

WaveReady Eight-Port Any Service OTN Muxponder WRM-8008T000B

Small and Macro Cell deployment Mobile Operator- A case Study. Anil K Reddy Director BD APAC

Universal Network Demarcation. Enabling Ethernet and wave services with the Nokia 1830 PSD. Application note. 1 Application note

Network Encryption. Dr. Michael Ritter. September 18 th, 2015

Innovative and Open Network Architectures for research and education networks and automated operation through SDN

Complete Solutions for WDM and Dark Fiber Applications

Trends and evolution of transport networks. F.-Joachim Westphal SL SI, IBU Telco, SSC ENPS (known as Technology Center before)

Optical Business Services

BRINGING PACKET-OPTICAL NETWORKING TO THE NEXT LEVEL THE TRANSMODE TM-SERIES

Optical Networking Solutions

Optical Transport Networks- Enhanced Hierarchy Standards Ghani Abbas Ericsson Broadband Networks Rome 3-5 Nov 2009

Mobile Backhaul Synchronization

OTN Technology, Standards and Applica7ons

OptiDriver 100 Gbps Application Suite

Data Center Applications and MRV Solutions

OPCOM600 series CWDM/DWDM System

1 COPYRIGHT 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Gaoyao Tang Applications Engineer, Innocor Ltd April Copyright Innocor Ltd.

Optical Network Tester (ONT)

Alcatel-Lucent 1830 Photonic Service Switch-1 Alcatel-Lucent 1830 Photonic Service Switch-4 RELEASE 3.6

Tunable OTN XFP MSA Compliant DWDM 11.1Gb/s Transceiver with Integrated G.709 and FEC

METRO/ENTERPRISE WDM PLATFORM

A Practical Approach for Migrating DCI to 100G Transport Cisco Knowledge Network Series

Wholesale Optical Product handbook. March 2018 Version 7

Netherlands = Finland?

Verifying Optical Transport Networks

OTN Reference Guide Quick Terminology, Structure, Layers, Errors & Alarms Definitions

Expanding your network horizons

Standardization Activities for the Optical Transport Network

Tunable OTN XFP MSA Compliant DWDM 11.1Gb/s Transceiver With Integrated G.709 Framer and FEC P/N : GXT-CXXX-XX(XX)

Lowering the Costs of Optical Transport Networking

Multilayer Design. Grooming Layer + Optical Layer

OPTICAL TRANSCEIVERS. Harnessing more network power

WaveReady WRT-882. Dual 10 G Tunable Transponder

Provision Transponder and Muxponder Cards

Cisco NCS Gbps DWDM Line Card with Soft Decision FEC

Optical Network Control

Suppliers' Information Note. Optical Spectrum Access. Hub and Spoke, Service & Interface Description

CONVERGE EXTEND SWITCH AGGREGATE CONNECT CONNECT SWITCH CONVERGE EXTEND AGGREGATE. BTI 7000 Series BTI Product Brochure. the network you need.

Suppliers Information Note. 21CN Optical Solution. Service & Interface Description

Optical Metro 5040/5080 platforms

Innovation & Leadership: Ciena s FlexSelect Vision

Optical Network Control Protocols

Delivering100G and Beyond. Steve Jones Phone: blog.cubeoptics.

Next-Generation Cisco Nexus 7000 Series Switches and Modules and Cisco NX-OS Software Release 6.1

FLASHWAVE 7120 Micro Packet Optical Networking Platform

PL INSTALLATION AND CONFIGURATION MANUAL

- 128 x Gigabit Ethernet connections - 32 x 4G Fibre Channel connections - 8 x 8G Fibre Channel connections - down to 2 Mbps

iaccess Multi-Service Platform-DM In Band Managed Multi-Service Platform-FRM220 Series

Sharing Direct Fiber Channels Between Protection and Enterprise Applications Using Wavelength Division Multiplexing

The T-BERD 8000 Transport Module SONET/SDH, PDH, Fibre Channel, OTN, Jitter, Wander and Ethernet Test Module for the T-BERD 8000 platform

Cisco ONS Gbps CP-DQPSK Full C-Band Tunable DWDM Trunk Card

Cisco 7200VXR Series NPE-G2 Network Processing Engine

FTBx-88200NGE Power Blazer

10G OTN Tunable DWDM XFP Optical Transceiver GXT-Cxxx-80A/GXT-Cxxx-00A/GXT-Cxxx-80P

Suppliers' Information Note. Optical Spectrum Access. Service & Interface Description

Bridging between ODU1 and ODU0 based OTN networks. Apodis Application Note

GMPLS The Unified Control Plane For Multi-layer Optical Transport Networks

Key Features. 1GbE/ 10GbE OTN. Handheld All In One Tester OTN, SDH/SONET, 1G/10G Ethernet, Fiber Channel SDH/ SONET

Contents. About Aliathon Why Aliathon? Markets Products Partners Contact Details.

Packet-Optical, the Future of Transmission Networks?

Optical Network Tester (ONT) Module-E, Jitter Module

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

MORE SYNERGY. MORE SPEED. MORE SERVICES. Empowering Network Equipment Manufacturers TRANSPORT

Dynamic Optical Transport for Metro, Regional and Long Haul DWDM 10G >100G

Safe City Transmission Solution

VIAVI ONT-600 N-PORT Test Module

Extending InfiniBand Globally

FLASHWAVE 9500 Packet Optical Networking Platform

OTN Optical Transport Network

Cyan Z22 Platform. Edge-Optimized P-OTP. Introduction. Benefits

T-VT2/ L2. Jaromír Pilař, Consulting Systems Engineer, CCIE 2910

Sun Dual Port 10GbE SFP+ PCIe 2.0 Networking Cards with Intel GbE Controller

Configuring Dense Wavelength Division Multiplexing Controllers

Cisco NCS Gbps Coherent DWDM Trunk Card with CPAK Client Interface

Optimized Multi-Layer Transport. Rafal Klauzo Sales Engineer Central East Europe BU

Switching Types OTN MPLS-TP: VPWS MPLS-TP: VPLS CE: VLAN XC CE: Bridging SONET/SDH N/A

Cisco ONS Port CFP Line Card

Joint ITU-T/IEEE Workshop on Carrier-class Ethernet

Juniper And 100G/OTU4 [Download: PDF] [Digital] By Telecom Pragmatics READ ONLINE

Industry s Highest Bandwidth FPGA Enables World s First Single-FPGA Solution for 400G Communications Line Cards

FLASHWAVE 9500 Packet Optical Networking Platform

Data Center & Cloud Computing DATASHEET. FS.COM WDM Transport Networks Data Center & Cloud Computing Infrastruture Solutions

G.709 The Optical Transport Network (OTN) By Andreas Schubert

Creating and Analyzing Networks

EKINOPS 360. Dynamic Optical Transport for Metro, Regional and Long Haul SMALL FORM FACTOR LOW-POWER CONSUMPTION LEADING EDGE TECHNOLOGY

Prep4Pass. IT certification exam prep provide, High passing rate

T-BERD /MTS /100 G Transport Module

Coriant Metro Transport Solutions

Part 2! Physical layer! Part2: Lecture 01! Optical technologies! Part2: Lecture 01! Optical technologies! 19/04/16

Securing Data-at-Rest

Service-centric transport infrastructure

Datasheet. SONET/SDH SFP+ Optical Transceiver Product Features SPS-81D-K010T31. Applications. Description

ROADMs & Control Plane for Research & Educational Networks

Transcription:

Layer 1 Encryption in WDM Transport Systems Dr. Henning Hinderthür, PLM

Security in Telco "What last year's revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default Edward Snowden - Guardian Interview, Moscow July 2014 2

Data Center Environment & Security APPS APPS 3

Data Center Environment & Security Physical Access to the Data Center APPS APPS 4

Data Center Environment & Security Hardware Security APPS APPS 5

Data Center Environment & Security Software Security APPS APPS 6

Data Center Environment & Security and what about the Fiber Connection? APPS APPS 7

Fiber Optic Networks Tapping Possibilities Where to get access? Street cabinet Splice boxes / cassettes (Outdoor / Inhouse) How to get access? Y-Bridge for service activities Fiber Coupling device There are multiple ways to access fiber 8 Protocol Analyzer

Encryption What is Key? Highest level of security Speed - Low Latency 100% Throughput No Jitter Role Based Management (Multi Tenant Management for Carriers) Encryption on the lowest possible layer 9

Encryption Basics Key Lengths Magnitude Number of grains in 1 m 3 sand from the beach 2 40 Number of atoms in a human body 2 92 Number of atoms in the earth 2 165 Number of atoms in the sun 2 189 Number of atoms in the Milky Way 2 226 Number of atoms in the universe 2 259 AES 256 10

High Speed Encryption Modes Point-to-Point Protocol/ I/F agnostic (Ethernet, FC, IB, Sonet/SDH) Integrated Solution with lowest latency Bulk Mode (0 Bytes) Hop-by-Hop only Ethernet only Overhead creates latency and throughput issues MacSec +32 Bytes Cisco TrustSec +40 Bytes Huge overhead IP VPN Services Cisco Nexus Cisco Overlay Transport Virtualization (OTV) +82 Bytes 11

Throughput Encryption Performance Comparison of Maximum Throughput Framesize / Bytes 12

ROW Encryption using G.709 / OTH Link Protocol 5TCE link protocol Supports OTU-2 OTU-2e OTU-2f OCH Overhead Och payload FEC data Optical channel frame structure Column number 1.. 14 15. 16 17. 3824 3825. 4080 1 Key Exchange 2 3 OTU/ODU overhead OPU overhead Encrypted Encryption Payload FEC area 4 Automatic key exchange using DH AES 256 encrypted OPU2 payload 13

FSP 3000 Encryption Highlights Protection Building Blocks Authentication via initial authentication key to protect from man in the middle attacks AES256 encryption to offer maximum data security Diffie Hellman (DH) key exchange for secure encryption key generation New encryption key every 1min/10mins for additional security Key lifetime configurable Lowest latency (100ns) while providing 100% throughput 14

10G Muxponder with Encryption 5TCE-PCN-10GU+AES10G AES Encryption Universal Enterprise Mux-/Transponder AES256 encryption Dynamic key exchange every 10 minutes 5x Any Multi-service clients Transparent / Framed mode SDH Network variant 5TCE-PCN-8GU+AES10GS 3x Client SFP 2x Client SFP/SFP+ Network Interface CWDM Grey SFP SFP SFP SFP (+) SFP (+) Client 5x GbE 5x 1G/2G FC 3 x 4G FC 8G/10G FC 5G IB/10G IB STM-16/64 10GbE TDM Prop. framing Prop. framing OTN-, Eth-PM GCC0 Module Module ODU2 STM-64 OTU2 GFEC Network Pluggable SFP+ DWDM CWDM Grey 15

100G Metro Muxponder with Encryption 10TCE-PCN-16GU+AES100G AES Encryption Universal Enterprise Muxponder 100G AES256 encryption with 2048bit key Dynamic key exchange every 1 minute Up to 10 x any multi-service 10GE, FC8/10/16, 5G Infiniband 40GE/100GE by means of 4x/10x 10GbE via break out cable (SR4, LR4 and SR10) Network DWDM CFP 10x Client SFP+ CWDM Grey SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ Client 10x 10GbE (WAN/LAN) 10x 8G FC 8x 10G FC 7x 16G FC 10x STM-64/OC-192 10x 5G IB GMP ODUFlex Module Module ODU4 config. EFEC OTN PM OTU4 Network DWDM CFP 4x 28G DWDM (96ch C-band) 16

Layer 1 Encryption Solution Suite 100GbE 40GbE FC 16G FC 10G 10GbE STM-64/OC-192 FC 8G IB 5G FC 4G STM-16/OC-48 FC 2G FC 1G GbE AES 100G Encryption AES 10G Encryption 1G 5G 5G 15G 40G 100G 17

Encryption Management & Operations 18

Data Center Networks Encryption Management for Private Networks Scenario 1 - User of encryption is the operator of equipment LAN FSP EM or LCT/CLI DCN FSP NM Server FSP NM Clients 3 rd Party NE 3 rd Party NE 3 rd Party NE Crypto Manager running on FSP NM 19

Data Center Networks Encryption Management for Private Networks Scenario 2 - Encryption user does not own the network LAN WWW. FSP NM Server FSP NM Clients GUI Server running NM client apps DCN Customer A 3 rd Party NE 3 rd Party NE 3 rd Party NE Crypto Manager running on GUI Server 20

Crypto Management Management Levels Provided Operational management Deals with all operational aspects (FCAPS) User access is handled on the NCU Security management Control of all security relevant activities Separated from operational management Access control handling on the AES Muxponder not on the NCU Security relevant activities are performed using the security relevant credentials ROOT users have no access to security management 21

Encryption over OTN Networks 22

Encryption over OTN Networks 1GbE & 10GbE Services FSP Network & Crypto Manager Site A Site B LAN OTN Network Carrier Managed Service LAN n*1gbe, 10GbE STM-64c OTU-2e STM-64c OTU-2e n*1gbe, 10GbE 5TCE-PCN+AES10G 5TCE-PCN+AES10G 23

Encryption over OTN Networks 10GbE, 40GbE, 100GbE Services FSP Network & Crypto Manager GCC2 used for key exchange & other functions Setup via ECC (GCC0) or an external DCN connection Site A Site B LAN OTN Network Carrier Managed Service LAN Multi rate LR10R OTU-4 111,809 Gb/s LR10R OTU-4 111,809 Gb/s Multi rate 10TCE-PCN-16GU+AES100G 10TCE-PCN-16GU+AES100G 24

Layer 1 Encryption In Operation 25

Where ADVA-Encryption is in Operation ADVA sells ~10% of layer 1 encryption into Government > 150 links ADVA sells ~16% of layer 1 encryption into Other large industry > 250 links ADVA sells ~10% of layer 1 encryption into HealthCare > 150 links ADVA sells ~62% of layer 1 encryption into Finance > 1.000 links ADVA sells ~2% of layer 1 encryption into Utilities > 50 links Department of Business Innovation & Skills: 2013 Information Security Breaches Survey www.gov.uk/bis 1.600 x 10G encrypted links in operation 62% Finance (50 customers) 10% Government (13 customers) 10% Healthcare (7 customers) 10% Large Industry (14 customers) 4% Cloud SPs (9 customers) 4% other industry 2% Utilities (3 customers) 26

Thank You info@advaoptical.com IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright for the entire content of this presentation: ADVA Optical Networking.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback