Application and management of epon system oriented to FTTH

1. Introduction

In recent years, with the popularization of the Internet and the development of broadband applications, especially the continuous emergence of some "bandwidth killer" application, make access network bandwidth resources increasingly "stretched", in order to completely solve the bandwidth bottleneck of access network, fiber to households (FTTH) This has been as the ultimate ideal of access network development, Already has the urgent need and the possibility to realize ahead of time. Epon is based on Gigabit Ethernet passive Optical network technology, inherited the low cost and ease of use of Ethernet and optical network of high bandwidth, is to achieve FTTH many technologies, "cost-effective" the highest one. With the--ieee802.3ah of Epon International Standard in 2004, Epon's Industry alliance has attracted many manufacturers ' active participation, from EPON core chip, optical module to system, Epon's industrial chain has been maturing.

2. FTTH-oriented epon system

First, the user-side devices of the FTTH-oriented epon system are rich in user interface and large in bandwidth. In the case of fiber to households, the user's business needs are no longer satisfied with the simple internet, but become a set of data, voice and video services in one integrated business access needs. This is also the promotion of "triple-net integration" the most important driving force. One of the major changes in user demand diversification is the significant increase in bandwidth requirements. To the current IPTV needs bandwidth for 2mbit/s, all the way high-definition TV bandwidth for 6-8mbit/s to calculate, each user (ONU) if you want to support 2-3 video streams (corresponding to 2-3 TV terminals), plus conventional Internet bandwidth, the need for bandwidth at least 20mbit/s above. This is now the ADSL can not meet, even if the use of adsl+ or VDSL technology can only be in short distance conditions to achieve such downlink bandwidth level, but also pay the cost of the line transformation. Therefore, the ONU side of the basic user interface is a 10/100m compatible Ethernet interface, for users with higher bandwidth requirements, this user interface can also be easily upgraded to 10/100/1000m compatible Ethernet interface. This interface can complete IPTV service, IP telephone and PC access. In addition to the basic interface, for the use of ɑ  scratch в test nu should provide a pots port. And for the use of "video overlay" technology to transfer the limited TV signal solution, ONU add a cable TV signal interface can be. In short, ONU will be a smart gateway to connect the home network, users through the EPON system to bring high bandwidth, you can enjoy the home network information brought about by the various life convenience.

Second, a single PON interface of a local device can support a large number of remote user side devices. At present, the main users of FTTH in China are urban residential district households, its outstanding characteristics are: High density of households, a single residential community generally has 500-3000 households. Technically, the tap ratio of the epon system can be 1:128, that is, a PON port with 128 ONU. Epon's control protocol can fully support more ONU. At present, transmission distance and shunt ratio are mainly limited by the performance index of optical module, which can be realized with the progress of optical module technology. For FTTH-oriented epon devices, which support a high ratio of taps, the cost of each line is reduced as compared to the current 1:32 ratio (which can support 10-20 km of transmission distance). At that time, if you want to completely cover a 3000 or so residential quarters, at the end of the board need only less than 30 pon interface stacked together, greatly reducing the complexity of project opening and maintenance.

Finally, in the Epon system for FTTH applications, the integration of the local-end equipment (OLT) is high. As the density of the PON port increases, the Olt expands flexibly to support more users by increasing the number of PON ports. Pon port is a single fiber two-way, a PON interface disk out of 2 pon port will be very easy to achieve, therefore, a PON interface disk number of users will be able to reach 256. Compared with the current level of 32 users, the FTTH-oriented epon system has advantages over the density of user access.

3. Security Management

In the complex access network environment, it is an increasingly concerned problem for operators and users to ensure the security of system and user data effectively. Easypathepon has also been fully considered in the design.

First, the protection of user data security. The threat of user data security comes mainly from the internal users of PON, including content monitoring and active attack. Because Epon downlink data takes the form of broadcasting, each ONU can receive all the downlink data, 802.3ah standard for each connection set llid logical link identification, each ONU can only receive packets with their own llid, the rest of the packets discarded no longer forwarded. However, Llid is mainly to distinguish between different connections, ONU side if it is simply based on llid filtering is obviously not enough, because the transfer is a standard Ethernet frame, so a certain ONU users technically can not distinguish between llid, and obtain information not the ONU, The privacy of the user's information is threatened, which is clearly not what the user wants to see. In order to isolate the user information and ensure the privacy of each ONU data, it is necessary to encrypt each ONU data in the downlink direction. The 802.3AH Standard recommends that the Advanced Encryption Standard (AES) algorithm be used to encrypt the user information in the physical layer. The user data encrypted by AES algorithm effectively reduces the possibility of information leakage, but if Epon is a simple two-tier switching system, the user's key information, such as MAC address, IP address, can still be obtained by listening to the link layer broadcast message. This information can be used by cyber hackers to implement various attacks. Therefore, to better protect the user information security, but also to consider the link layer isolation measures, based on the Privatevlan two layer isolation scheme is a good choice. As for the security threats from outside the epon system, users need to take other precautions.

Secondly, the security of the EPON system itself is protected. Because, once the EPON network itself security is threatened, then the affected will be all users within the system. Consider the characteristics of epon equipment in the following areas need to be taken precautions:

The MAC Address table overflowed. MAC Address Table is the basis for the correct Ethernet frame forwarding, if a malicious user through a large number of fake address to the MAC Address table overflow, will cause the normal data business interruption. Therefore, in FTTH applications, limit the number of MAC addresses of user ports, or simply bind a user's MAC address and port directly. Both of these methods prevent the overflow of MAC address tables, but it is better to use the first approach from a maintenance-friendly perspective.

The uplink system controls the frame counterfeiting. If the user can send the control frame of the system from the user interface, such as the multi-point Control Protocol (MPCP) frame or maintenance management (OAM) frame into the system, it will interfere with the normal operation of the system, so the general need in the system's user interface to the system control frame filtering, filtering out the intrusion system "counterfeit" control frame.

By analyzing the security threats faced by epon systems and comparing the existing solutions, we consider that Epon and ADSL access are equivalent in security. The AES encryption algorithm is used, even in the security aspect is better than the Fttx+lan access mode.

4. User Management

For residential district broadband access system, because a large number of user access needs management and billing, so support authentication, authorization, billing (AAA) function is Epon system must consider, specifically:

Authentication (authentication): Verifies the identity of the user and the available network services.

Authorization (Authorization): To open the Network service to the user according to the authentication result.

Billing (Accounting): Records the user's usage of various network services, and provides to the billing system.

The AAA function can not only effectively enhance the security of the network, prevent illegal users access to the network, but also to make the network has "operational, manageable and value-added" capacity of the important means. For example, the provision of flexible billing methods (such as time, flow, prepaid, rate switching, rate discount, real-time billing, differentiated business billing, etc.), to provide value-added services and broadband network value chain of all-round support.