I have received many Christmas gifts， but the best one is meet you，merry Christmas！Happy new year！
I have received many Christmas gifts， but the best one is meet you，merry Christmas！Happy new year！
With the increase of PON networks’ services, it is necessary to implement PON protection switching technology to ensure the stability of engineering applications stability and deal with service interruptions caused by various communication failures. This article mainly introduces several different PON protection technologies on OLT and describes some implementation points based on a dual PON port protection solution. The ONU remains online, and services are not interrupted before and after the solution is switched. And the delay is less than 100 ms, which greatly guarantees network stability.
PON (Passive Optical Network) is an optical fiber broadband access technology covering the last mile. It only needs to install a simple optical splitter at the optical branch point, which has the advantages of saving optical cable resources, bandwidth resource sharing, no electromagnetic interference, equipment safety, high performance, and low-cost comprehensive network construction. Among them, saving the backbone fiber is a huge advantage of the PON system, but it also brings greater risk. Once the backbone fiber in the PON system fails, it will cause all-optical network units (ONUs) connected to the backbone fiber interrupted simultaneously.
Besides, the system also has the probability of the optical module’s failure and the failure of the port, which is connected to the main fiber. To ensure the service’s stability in engineering applications and deal with the service interruption caused by various communication failures, an efficient and reliable protection switching solution is required. When the backbone fiber fails, the protection switching can be realized in the shortest possible time and recover the services without affecting users’ use.
1、Introduction to PON Protection Switching Technology
1.1 PON ProtectionOverview
At present, the commonly used PON protection technologies are the four protection types A, B, C, and D defined in the ITU-TG.984 standards. The protection range of types A and B is the protection from the PON port of the OLT to the optical splitter. The difference between the two is whether the OLT’s PON port is included in the protection range. The protection scope of types C and D is comprehensive protection from the PON port of the OLT to the PON port of the ONU. The difference between the two is whether the ONU’s PON port is included in the protection scope.
1.2 PON Protection Type A
PON protection type A mainly uses a single PON port for the OLT, which has a built-in 1×2 optical switch for the optical module’s gating and then switches the working line. In the optical distribution network (ODN), a 2: N optical splitter is used, and two relatively independent and mutually backup optical fiber links are established between the optical splitter and the OLT. The OLT will detect the line status periodically. When the optical link fails, it switches to the backup optical link.
1.3 PON Protection Type B
The OLT’s two PON ports in the PON protection type B adopt independent PON MAC chips and optical modules and are identified as the main PON port and the backup PON port. The main PON port is in a working state, and the standby PON port is in a cold backup state.
In ODN’s optical splitter use, two relatively independent and mutually backup optical fiber links are simultaneously connected between the optical splitter and the OLT. The OLT ensures that the main PON port’s business information can be backed up synchronously and periodically inspect line status and PON port operating status. When the main fiber link or PON port fails, the OLT immediately switches to the backup PON port and fiber link. The backup PON port can maintain the ONU’s service attributes unchanged, and the service is transferred to the backup link.
1.4 PON Protection Type C
PON protection type C uses two PON ports on the OLT, and the main standby PON ports are mutually hot backup. ONU uses a PON MAC and different optical modules; a 1×2 optical switch is built in front of the PON port. Two 1: N optical splitters are used to establish two independent and mutually backup optical fiber links between ONU and OLT. The OLT guarantees that the main PON port’s service information can be backed up to the backup PON port simultaneously. Both the ONU and the OLT detect the link status and decide whether to switch according to the link status.
1.5 PON Protection Type D
In PON protection type D, OLT dual PON ports, ONU dual PON ports, backbone fiber, optical splitter, and distribution fiber are all dual redundant. Both the main and standby OLT PON ports are in working condition. OLT guarantees that the active PON port’s service information can be backed up to the backup PON port synchronously. As a result, the backup PON port can maintain the ONU’s service attributes unchanged during the protection switching process.
ONU uses different PON MAC chips and different optical modules. The ONU should ensure that the primary PON port’s service information can be backed up to the backup PON port simultaneously so that the ONU can maintain the local service attributes during the PON port protection switching process. The ONU’s main and backup PON ports are in a working state. The backup PON port does not need to perform the ONU’s initialization configuration and service attribute configuration during the PON port protection switching process. Both ONU and OLT detect the link status and decide whether to switch according to the link status.
1.6 Choice of 4 Types of PON Protection
The four PON protection types A, B, C, and D protection solutions are introduced above. The OLT’s two PON ports in Type A use 1 PON MAC chip, which is connected to 2 optical modules through a 1×2 switch to realize 2 PON ports’ protection. This type is only applicable to the protection in the same PON board. Although the C and D protection types protect the entire network, making the system the best reliable, the protection cost is too high. Simultaneously, ONU equipment also needs to support the corresponding PON protection function, which only high-end users can afford. So, it is hardly used in actual projects.
Considering the access cost and practicability, Type B protection is more economical and practical. In Type B protection, the OLT’s two PON ports adopt independent PON MAC chips and optical modules to realize the protection of two PON ports, which is suitable for protection between any 2 PON ports of the same OLT.
2、Realization of PON Protection Switching Function
2.1 PON Protection Group
The PON protection group consists of two access PON ports. The members of the protection group have two roles: work and protect. One is a working port, and the other is a protecting port. Under normal working conditions, the working port carries services. When the optical fiber link in the working port fails, the system automatically switches the working port’s service to the protected port to ensure service transmission.
2.2 Status of Protection Group Member
There are two states of protection group members: active and standby. The port in the active state forwards data and the port in the standby state does not forward data.
2.3 Type of Switching
There are two types of protection group switching: automatic switching triggered by failure and protection switching performed manually. The manual protection switching performed is also called forced switching:
(1) Automatic switching means that the OLT and ONU do not need human intervention to automatically switch the optical fiber link when the switching conditions are met.
(2) Forced switching refers to operating force-switch on the OLT so that optical link switching occurs regardless of whether the designated target member is normal.
3、 Key Points of PON Protection Switching Technology
To ensure smooth service transition after PON protection switching, the PON protection group’s initial configuration needs to be issued synchronously. The dynamic data during the operation of the protection group also needs to be synchronized. Initial configuration refers to the primary PON port’s static service configuration information in the protection group, such as VLAN, bandwidth, voice configuration, and multicast video service configuration. Dynamic data includes the MAC address learning table, multicast member group information, DHCP binding table, key information.
3.1 Configuration Synchronization
The configuration of the same ONU on the two PON ports in the protection group must be synchronized. The key to configuration synchronization is as follows:
1) All ONUs authenticated on the primary PON port should be synchronized to the standby PON port, allowing the ONU to update its online state structure. The active PON port module should also synchronize the configuration status information with the standby PON port module to avoid repeated configurations and affecting services.
2) Dynamic data synchronization: Dynamic data synchronization refers to synchronizing data from the PON port in the working state to the PON port in the standby state when the data changes. It requires a host CPU for real-time data synchronization.
3.2 Service Recovery
After performing the PON port’s active/standby switchover, the original standby PON port becomes the active port. All PON related configurations and ONU configurations under the PON port should be the same as the original working PON port. After the PON protection switch is completed, all services can be automatically restored when the new working PON port is normally available.
3.3 PON Protection Switching of C-Data OLT Products
With more and more types of services carried by PON networks, to ensure the stability of the services in engineering applications, C-Data combines PON protection in actual engineering, considering the access cost and practicality, and has fully supported PON for protection type B. The user does not need to pay attention to which PON port of the protection group is currently working. All operations are based on the main PON port. When the protection switching is triggered, the standby port state changes to the working state and replace the main PON port to continue to carry services.
As far as we know, the PON protection function implemented by OLT of some manufacturer does not actually implement protection switching but backs up the configuration of the active port to the backup port. The result is that all ONU will be disconnected after the switching, and the service will be lost, which will cause great distress to operation and maintenance personnel. However, our OLT solutions has achieved true protection switching. When the PON port is fully loaded with ONU, ONU can be kept online before and after the switching without service interruption, ensuring network stability safely and quickly.
With the popularization of information technologies such as big data, artificial intelligence, cloud computing, and the internet of things, PON technology efficiently supports various industries’ digital development by its technical reliability and practicality and relatively reasonable price advantages. As a professional supplier of network access products, C-Data will provide reliable and stable network deployment to the industries worldwide and apply more PON protection technologies to products. At the same time, it is great for consumers to choose OLT solutions that supports the PON protection of C-Data and jointly promoting the steady development of global digital networks.
The rapid development of the Internet had brought a large number of intelligent terminals to our home and increasingly exhausted the IPv4 address resources we are using. Although NAT technology helps to delay the speed of the IPv4 address consumption, the world Internet technology is still developing towards IPv6 technology which has become one of the key basic technologies required by 5G, cloud computing and Internet of things technologies.
In the past two years, the world has advocated and accelerated the deployment of IPv6 technology to meet the urgent needs of the connection of massive intelligent terminals, the innovation of technology industries, and the enhancement of network security capability. Almost all ISP/Operators are building the next generation of the Internet based on IPv6 technology.
C-Data, as a professional manufacturer in access network technology, will discuss the following related topics to help you understand IPv6 technology more comprehensively.
1.1 What is IPv6?
IPv6 (Internet Protocol Version 6) is the next generation of the current Internet Protocol (IPv4). Composed of 128-bit binary numbers, IPv6 provides a huge resource of IP address enough for every living creature and even every grain of sand on the earth to be assigned one or more IP addresses. IPv6 is to divide the 128-bit address into segments per 16 bits, and each segment is separated by colons when converted into hexadecimal digits.
An example of IPv4 address: 192.168.101.1
An example of IPv6 address: 2002:0db8:85a3:08d3:1319:8a2e: 0370:7344
1.2 Why use IPv6 technology?
IPv4 technology is a 32-bit binary address, which can address 16 million networks and 4 billion hosts. However, with the adoption of A, B, and C addressing methods, the number of available network addresses and host machines is greatly reduced. Moreover, as the core technology and about 3 / 4 IP resources are mastered by European and American countries due to their developed Internet, many developing countries fall into the predicament of insufficient IP address resources. In fact, with the increasing number of global Internet users and the vigorous development of intelligent terminals and network technology, the lack of IP address resources will seriously restrict the application and development of the Internet in many countries around the world.
1.3 Current situation of IPv6 Technology
If to realize the complete transition from IPv4 to IPv6, it requires the network software, hardware, and terminal equipment in the global Internet infrastructure to support IPv6 protocol, which will involve a lot of transformation work. Although IPv6 technology has been proposed as early as the 2010 year, it has only been promoted by governments and major ISP/Operators in recent two years. Moreover, the long-term coexistence of IPv4 and IPv6 is still a compatibility issue that we need to consider.
1.4 What are the advantages of IPv6 over IPv4?
Compared with IPv4, IPv6 has the following advantages:
In view of the advantages of IPv6, IPv6 will eventually completely replace IPv4 and occupy a dominant position on the Internet after a long period of coexistence of IPv4 and IPv6.
Since IPv6 will eventually replace IPv4, how to achieve a network environment fully IPv6 compatible? The initial network transformation from IPv4 to IPv6 reveals that there is a thorough adjustment from protocol to hardware, including the client and server. Therefore, the issue of backward compatibility has been taken into account by IETF when designing IPv6 from the very beginning. The ISP/Operator will provide an intermediate node and uses DNS64 / NAT64 technologies, which are responsible for protocol conversion to connect the link between IPv6 and IPv4.
2.1. Tunnel technology for the initial transition
At the tunnel entrance between the IPv6 and the IPv4, the router encapsulates the entire IPv6 datagram into the data field of the IPv4 datagram. The source address and destination address of the IPv4 packet are respectively the tunnel entrance and exit of IPv4 addresses. At the exit of the tunnel, the IPv6 packet is taken out and forwarded to the destination node.
2.2. Dual-stack technology for IPv4 / IPv6 coexistence
Dual-stack technology is an effective technology for the transition from IPv4 to IPv6. The nodes in the network support both IPv4 and IPv6 protocol stacks. The source node selects different protocol stacks according to the different destination nodes while networking equipment according to the protocol type of the message. A dual-stack can be implemented on a single device or a dual-stack backbone. For a dual-stack backbone network, all devices must support IPv4 / IPv6 protocol stack at the same time, and the interface connecting the dual-stack network must be configured with both IPv4 and IPv6 addresses.
The IPv6 network is divided into a backbone network and an access network. As the backbone network carries a lot of IPv6 services, most ISP/Operators have completed the deployment of the IPv6 backbone network but the access network is used for the access of terminal users. Nowadays, given that almost every family is connected with optical fiber, how to integrate IPv6 function on PON products to solve the problem of IPv6 compatibility is a difficult problem faced by many a ONU manufacturer.
In order to realize fast and easy access to IPv6 network in FTTH and adapt to the needs of global IPv6 network development, C-Data has spared no effort to make ONU support IPv6 service, and a graphical interface is released for end-users to use IPv6 on C-Data ONU easily. Furthermore, C-Data ONU supports IPv4 / IPv6 dual-stack transition technology and has revived the Anatel certification to meet the IPv6 networks in most of the countries. Some countries’ networks have used C-Data ONU as IPv6 network access.
There are two IPv6 network scenarios of C-Data ONU discussing as follows:
Scenario 1: transparent transmission of IPv4 / IPv6 services by ONU bridge mode
This scenario is mainly used for PPPoE or IPoE of IPv4 / IPv6, with user computers attached to ONU devices or wireless routers attached to ONU devices. Both OLT and ONU during transmission act as middle transmission devices, and only bridge mode is configured to transparently transmit IPv4 / IPv6 services. It is worth noting that whether the intermediate OLT and ONU devices support transparent IPv6 services needs to be considered because there are many OLT and ONU devices on the market that do not support transparent transmission of IPv6 services.
Scenario 2: ONU routing mode carries IPv4 / IPv6 services
In this scenario, the routing mode on ONU should support PPPoE or IPoE services of IPv4 / IPv6, and then allocates IPv4 / IPv6 address to the attached user computer or wireless router through DHCPV4 / DHCPv6 to realize the network access of IPv4 / IPv6. It is available for the OLT devices and the transparent transmission of IPv4 / IPv6. In this scenario, many manufacturers’ ONU products are difficult to implement. However, a lot of ONU manufacturers fail to apply their products to this scenario as there is a couple of issues to figure out, such as the compatibility of IPv6, the implementation of IPv6 Routing, the coexistence of IPv4 and IPv6, and the distribution of IPv6 address.
|No.||ONU Form||ONU Models||Function Description|
|1||EPON&GPON&XPON 1GE/1GE+CATV||FD511G&FD701G Series||1. Support PPPoE / IPoE, DHCPv6, IPv4 / IPv6 dual stack functions of IPv4 and IPv6 in routing mode;
2. Support transparent transmission of IPv4 / IPv6 service in bridge mode.
|FD511GW&FD512XW&FD702XW&FD604GW&FD804GW Series||1. Support PPPoE / IPoE, DHCPv6, IPv4 / IPv6 dual stack functions of IPv4 and IPv6 in routing mode;
2. Support transparent transmission of IPv4 / IPv6 service in bridge mode.
|FD50X&FD704X&FD504G Series||1. Only transparent transmission of IPv4 / IPv6 service in bridge mode.|
AI, big data, cloud computing, and the Internet of things technologies have an important connection with TCP / IP protocol. IP is the network layer protocol standardizing the exchange and routing of Internet packet information. As an infrastructure, IPv6 will construct a new Internet era.
As a professional FTTH broadband access product supplier, C-Data will accelerate the deployment of the IPv6 network together with the global ISP/Operators and apply more IPv6 technologies to the products. If you are interested in IPv6 technology, C-Data welcomes the chance to provide C-Data ONU for you and discuss IPv6 technology together.
On September 9, 2020, C-Data took part in the 3-day CIOE 2020 (The 22nd China International Optoelectronic Exposition) held at Shenzhen World Exhibition & Convention Center, China. At the booth 4C28 of the information and communication expo, C-Data presented the advanced communication equipment, including FTTH GPON/EPON OLT& ONU, EDFA, and EOC (Ehternet over Coaxial), to catch the eyes of a large number of participants and gained a lot.
With the fading negative impact of the epidemic, CIOE 2020, the 22nd China International Optoelectronic Expo, will continue to showcase the entire optoelectronic ecosystem, including information and communication, laser, infrared technology, photoelectric sensors, and so forth, providing an important communication platform for manufacturers, distributors and service providers to develop their businesses and enter the global market.
At this unique exhibition covering the entire global optoelectronic ecosystem, in addition to 3000 exhibitors, more than 60 concurrent forums, seminars, and network activities during the CIOE 2020 will also be organized to help exhibitors expand the possibility of more business.
The sudden outbreak of the COVID-19 in 2020 deals a direct blow at the foreign trade industry, causing a mounting number of international exhibitions and businesses to be shelved. However, the good news is that with the gradual containing of the epidemic in China, the China International Optoelectronic Expo went smoothly in the second half of 2020.
Considering that there are foreign exhibitors unable to attend the CIOE 2020 due to irresistible factors that the outbreak of the epidemic has blocked the direct contact and communication between people, C-Data broadcasted the details of the exhibition to foreign partners in the form of live broadcast through Internet online platforms such as WhatsApp, Skype, and YouTube, and introduced C-Data’s characteristic communication products.
Several star products of C-Data, such as GPON/EPON OLT, ONU, EYDFA, EOC and WIFI Router, were displayed during the exhibition. The ONU is a fiber to the home multi-service access GPON/EPON. ONU based on not only stable and cost-effective EPON technology but also HFC technology, integrated WDM and optical receiver. PON technology is the best technology using passive optical network to deliver Internet service to the home, which is a kind of Point TO Multi-Point technology to dynamic share Gigabit bandwidth in users. Some ONU integrated WiFi access, it has the characteristics of strong penetration and wide coverage to provide users with more convenient and safer data transmission.
The EYDFA supports selecting 8, 16, and 32 output ports, and the laser can be turned on and off through the laser key. Moreover, designed for large-scale distribution of CATV broadcast or video coverage in the FTTH PON system, it can provide up to 40dBm total optical with multiple ports in a 2U rack. The design of independent pluggable optical module and EMS management integrated with PON system are widely praised by users.
As for EOC Master and SLAVE based on Homeplug AV protocol are used for CATV system with Ethernet over coaxial cable technology. The EOC system has a high anti-jamming capability of OFDM technology and construct data network channel in the established cable TV system upgrading the CATV system rapidly to support both TV and data services.
At the event, C-Data’s information and communication products attracted the attention of exhibitors in mounting numbers, making the booth always crowded. In addition to the successful offline display, the online display has also received praise from clients. One of our customers who were unable to attend the exhibition due to the epidemic stated that although he could not attend the exhibition this year, he was informed about the exhibition through the online broadcast from C-Data. Admiring C-Data’s expertise in communication network technology and believing that our products met the needs of ISP networking, he was looking forward to establishing a long-term cooperative relationship with C-Data.
Through participating in the CIOE 2020, C-Data received many a request for cooperation and had gained a lot of traffic and exposure on brand and product promotion.
The advent of the 5G era will bring subversive changes in digital applications, as well as more business innovation opportunities. However, the current communication network has been operating overload. As a matter of fact, the increasing network applications have always created a great bandwidth demand for communication networks. C-Data has been committed to the technical innovation and product development of the communication network.
Preface:At present,most enterprise networks use traditional copper wire LAN, which are showing more and more drawbacks. With the rapid development of cloud computing, big data, and 4K video, more and more businesses are gradually migrating to cloud data centers. Followed by changes in traffic and architecture, the majority of traffic has shifted from a local switching architecture to a cloud switching architecture. On the other hand, with the explosive development of video, IoT, and the Internet, these applications have increasingly higher requirements for high bandwidth and low latency. In the age of digital transformation, enterprises urgently need a network that can carry all “things” access, and the POL network is the best choice.
POL is an enterprise LAN based on PON technology that provides users with integrated data, voice, video and other services through optical fibers. It is not a new technology, but applies the PON network technology that has been proven for a long time in the ISP network to the enterprise network. POL can bring great value to customers, at the same time, it will not change the existing business planning and customers network connection mode, and can provide all the functions provided by the traditional LAN network.
POL provides a Layer 2 transmission network, adopts PON technology to provide gigabit access to user, and uses a single optical fiber to converge sevaral services such as video, data, wireless, and voice.
In the POL network, the aggregation switch in the traditional LAN will be replaced by the OLT, the copper cable will be replaced by the optical fiber, and the access switch will be replaced by the passive optical splitter. The ONU provides Layer 2/Layer 3 functions and provide data, voice and video services by wired or wireless.
The downstream of PON network adopts the broadcast mode: the optical signal is sent by the OLT and divided into multiple optical signals to each ONU with the same information through the optical splitter. The ONU selectively receives its own packages according to the tags carried in the message and discard the packages that tags are not match.
The upstream of PON network: the OLT uniformly allocates a time slice to each ONU. The ONU strictly transmits signals according to this time slice window.ONU will shutdown the optical port when the time slice does not belong to its own time slice. The upstream time window scheduling mechanism is highly dependent on the PON distance measurement technology.
An understanding of PON technology principles will help us to apply this technology more proficiently in network design,In particular, the passive (no power supply required) characteristics of its optical distribution network, and the point distribution planning and design caused by the difference from traditional switches require special attention.To ensure the traffic packets in both directions are forwarded on a single-core fiber, PON uses wavelength division to process two-way signal transmission at the same time. Upstream and downstream signals use different wavelengths, but are transmitted on the same fiber. The direction from OLT to ONU/ONT is the downstream direction, and vice versa is the upstream direction. The downstream direction uses 1490nm and the upstream direction uses 1310nm.
Line structure comparison:
Device selection comparison::
|Subsystem Name||Traditional solution equipments||POL solution equipments|
|1||Device room/machine house system||ODF、Voice distribution frame||ODF，Splitter (centrally placed)|
|2||Backbone wiring/vertical wiring subsystem||Most copper cables or indoor multimode optical cables||Indoor single-mode optical fiber|
|3||Floor management/floor machine house system||Rack/cabinet, copper cable distribution frame, optical fiber distribution frame||Floor distribution box, optical fiber connector, optical splitter (dispersing device)|
|4||Horizontal wiring subsystem||Twisted pair, indoor multi-mode optical cable||Butterfly fiber|
|5||Work area subsystem||Copper module, copper panel, copper cable||Fiber and fiber connectors|
Through the comparison between POL and traditional LAN in the previous section, we can find the challenges of traditional LAN and the unique advantages of POL.
Challenges of traditional LAN:
A large number of switches occupy the space of the computer room, high power consumption, and difficult heat dissipation.
The connection between aggregation routers is complicated,and it takes up pipeline space, making wiring and maintenance difficult.
Switch locations are scattered,management is complicated, and a large maintenance team is required.
Transmission distance limitation.
It is complicated to add new network equipment.
It is difficult to upgrade and expand network.
Whether its transmission distance,smooth network upgrades,high reliability,flexible networking,easy deployment,and simplified operation and maintenance,the traditional integrated wiring system has completely lagged behind POL. The POL integrates the transmission of traditional integrated wiring with fiber to the desktop, fiber to user unit, and fiber to the public area and turns the original L3 network into a flat L2 architecture.Enterprises can integrate different systems such as data,voice,video security,and wireless into a single optical fiber network, which has incomparable advantages over traditional integrated wiring.
POL advantage analysis:
Advanced architecture:POL network uses single-mode fiber,with almost unlimited bandwidth potential, and smooth broadband upgrades on demand.
Safe and reliable:Full optical fiber transmission,anti-detection,anti-electromagnetic interference, PON device provides strong DoS defense capabilities, reducing network attacks.
Converged bearer: The POL solution can bear data, voice, video and other services on one network.
Space saving: The POL solution is super convergent. The park only needs to provide a core computer room and don’t need many floor computer rooms.
Wide coverage: Covered distance is 20km,meeting the coverage requirements of super-high buildings and super-large parks.
Green and energy-saving: The POL solution uses passive optical splitters to replace convergence equipment of the traditional network,and the equipment room does not require air conditioning,which is more energy-efficient.
Convenient maintenance: PON technology adopts a centralized management method to avoid the disadvantages of decentralized management of traditional schemes and reduce the difficulty of operation and maintenance.
Cost advantage: Based on past experience, using 1000 points as a sample, choosing POL’s FTTD (Fiber To The Desktop) method will save 15% cost compared to traditional switch networks, and choosing FTTO (Fiber To The Office) will save cost more than 58% compared to switch networks.
POL is in the early development stages currently, and the current utilization rate is not high, but significant changes will occur in the next five years. The degree of POL solutions selection by enterprise users is not high enough,but manufacturers and social groups have been vigorously promoting this technology,and the IoT demand will become an important driving force to promote POL.
When it comes to POL applicable scenarios,most people may think of places such as corporate offices,education parks,and hotels.It cannot be denied that these places are the most widely used places,but from the unique advantages of POL,we can see that POL helps reduce energy consumption and operating costs.The IoT is the key to truly promoting the adoption of POL technology by enterprises. In the IoT application solution,a large number of terminal devices scattered in various places need to be connected to the network,Traditional LAN cannot meet such demand, and POL can serve as a bridge to eliminate the gap in this demand.Therefore,POL will find greater applications in the urban infrastructure, manufacturing,processing,solar,wind,and smart energy fields.The reason is that the current cable lines in these industrial facilities usually extend several miles,while POL can extend a long distance,and nodes can be deployed along the line through multi-fiber co-cables and optical splitters.Take the manufacturing industry as an example,it involves sensors such as flow meters, filters,or temperature,these devices need to be connected to the Internet,and traditional LAN are difficult to meet their networking needs.What is needed is to be able to operate stably in the working environment of these sensor devices.And does not produce electromagnetic interference or radiation.POL is just such a technology.It has a long transmission distance,can be networked through an optical splitter,does not produce electromagnetic interference and radiation,and can be used for the connection of most equipment.It has great needs in manufacturing and processing industries.Play a role in the large area and wide coverag application scenarios.
POL is an amazing technology because it is based on optical fiber transmission,has a simple network structure,is easy to manage,and has certain advantages in both construction and operation and maintenance costs.With the continuous development of enterprises,users put forward higher requirements for bandwidth, and the use of optical fibers will become more and more common,expanding from campus networks,backbone networks to the access field.IT users try to accept it,and good technology will prove its value through time.But I have to admit that there is still huge resistance to POL’s promotion.Enterprises that have invested heavily in traditional LAN may not change to POL,at least not immediately.For small organizations,POL solutions may be not a good idea.Compared with twisted-pair copper-based networks,user may not use all the capacity that POL can provide,and the solution may become very expensive. Therefore,these two technologies may coexist in the future,and POL will be used to make up for the functions that traditional LAN cannot achieve.Moreover,for those who familiar with traditional network technology, it takes time to gradually learn, adapt, master and apply POL technology.
With the intelligentization of cities,the application of cloud computing and big data,and the popularization of IoT,more and more enterprise applications will become cloud-based in the future.For enterprise networks,the digital transformation is imperative,which requires a simple network.POL have the characteristics of one network with multiple services,cost-effectiveness, simplicity, flexibility,safety and reliability,effectively supports enterprise digitization.So it is becoming the best choice for digital transformation in education,hotel,electric power, transportation,smart security,industry and other fields.With the gradual improvement of customer recognition,the ecology is also growing. I believe that the POL will continue to grow rapidly in the future.
Preface:C-Data FD11xx Pizza-Box EPON OLT series products is 1U high 19 inch rack mount product. The features of the OLT are small, convenient, flexible, easy to deploy, high performance. It is appropriate to deploy in an compact room environment. This article proposes security suggestions based on experience and actual user scenarios in the OLT side to enhance the security of the access network.
1.1 Configuration suggestion for username and password
The first time when you log in to the device, please modify the user name and password, including ordinary accounts and super users. The user password must meet the password complexity principle: the length is between 8-12 digits, and the combination of numbers,uppercase and lowercase letters is used,and continuous numbers or continuous numbers are avoided.Do not use phone,birthday,personal name,ID and other information known to others as passwords,and change the password regularly
Case:Add new user test9,user role is superuser,password is Dscn@#0247
Case:Modify new password of user test9 as Wsdf#$9345
1.2 Configuration suggestion for SNMP
If you do not use ems, web and other network management platforms that use the snmp protocol, it is recommended not to open the snmp protocol. If you need to enable snmp, do not configure the two well-known communities, public and private, and customize the random read-write community;
Case:Config OLT SNMP read community is Pdfrd34#,wirte community is Yosjd34@
1.3 Configure management VLAN
The configuration of management VLAN can effectively isolate the device from other VLANs to achieve more secure protection.
Case:config inbind management vlan is 200
epon# system ipconfig mgmt-vlan 200
1.4 Enable OLT access control
The FD11xx series OLT version which built time is 200601 or later, Access control can be based on ip and mac address. For login security, it is recommended to configure this function, only add the ip or mac address of the administrator, and restrict other ip or mac to log in to the device .
Case:Only allow device which ip is 192.168.5.123 login OLT,Note:epon# system access-control admin enable must in the behind of the command of system access-control …
1.5 Disable web service
If you don’t use web to manage OLT,please disable web service,command as follows:
Summary:The FD11xx OLT has been used to IP Camera, Enterprise LAN and IOT applications.
The EPON OLT is popular used in ISP network, campus network, enterprise network. Since the users have different networking and application scenarios, this article proposes security recommendations on the EPON OLT side for users who lack an upper-level firewall or expose the OLT on the public network, in order to reduce the risk of hacker attacks.
What is pon
PON is a typical passive optical fiber network, which means that the optical distribution network does not contain any electronic devices and electronic power supplies, ODN is all composed of passive devices such as optical splitters and does not require expensive active electronic equipment. A passive optical network includes an optical line terminal (OLT) installed in the central control station, and a number of matching optical network units (ONUs) installed in the user’s premises. The industry has always believed that the passive optical network (PON) is the future development direction of the access network. On the one hand, because the bandwidth it provides can meet the needs of various broadband services now and in the future, it is generally optimistic about solving the problem of broadband access; On the other hand, its expenses are both in terms of equipment cost and operation and maintenance management overhead. Both are relatively low. Comprehensive economic and technical analysis shows that PON is the main technology for FTTB/FTTH.
The development of the PON
PON(Passive Optical Network) is a point-to-multipoint passive optical access technology, which originated in the 1990s.From the development of narrowband PON to various broadband PON technologies,the development of PON technology has gone through several stages.
Narrowband PON technology is the earliest proposed PON technology, which can only provide narrowband services such as POTS or ISDN with service access rates below 2Mbit/s. However, due to the inconsistent specifications of various manufacturers and the inability to reach agreement at that time, there is still no unified and complete standard for narrowband PON technology. In the era of continuous development of the Internet, narrowband PON has long withdrawn from the stage of history, and then APON technology appeared in the mid-1990s. APON used the ATM protocol, which was considered to be able to provide various types of communications at that time, as the bearer protocol, and the transmission rate has been greatly improved. Later, with the rapid development of Ethernet technology, APON is basically no longer applicable, so the concept of broadband passive optical network BPON appeared. BPON is an enhancement after the APON standard, and is also based on the ATM protocol, and the uplink and downlink rates have been greatly improved. ITU-TG.983.1, the first international standard for PON systems released in 1998, is also generally referred to as the BPON standard.
Since entering the 21st century, with the decline of ATM technology and the rapid rise of Internet IP technology, the high-cost deployment of BPON technology seems a bit outdated. At this time, the industry hopes to develop a new PON system to replace the outdated BPON technology. In this context, IEEE and ITU-T successively initiated the standardization of EPON and GPON in 2000 and 2001, and respectively issued the completed standards in 2004, laying the foundation for the large number of applications of EPON and GPON in the current network today. The EPON standard was completed by IEEE’s EFM (Ethernet in the First Mile) working group, and was approved by the IEEE as the IEEE 802.3ah standard in September 2004. The GPON standard is standardized by ITU-T Study Group 15. The GPON-related standards include G.984.1-G.984.6 six standards, covering the GPON system architecture, physical media related layers, transmission convergence layer, ONU control management Protocols and regulations for enhanced wavelength usage and distance extension. Compared with the BPON system, the upstream and downstream rates of EPON and GPON have been greatly improved. The upstream and downstream bandwidth of EPON is 1.25 Gbit/s, while the downstream bandwidth of GPON is 2.5 Gbit/s and the upstream bandwidth is 1.25 Gbit/s.
With the rapid development of IP business volume and the continuous increase in the number of users, 10GEPON and XG-PON supporting higher split ratio and higher bandwidth have also emerged. Beginning in 2005, IEEE and ITU have successively carried out standardization studies on the next-generation PON system. IEEE established a project in 2006 and began to formulate the standard IEEE 802.3av for EPON systems with a rate of 10 Gbit/s. In this standard, 10G EPON is divided into 2 types. One is the asymmetric method, that is, the downstream rate is 10 Gbit/s, but the upstream rate is the same as EPON and is still 1 Gbit/s. The second is the symmetrical approach, that is, the uplink and downlink rates are both 10 Gbit/s. As the first mature next-generation PON technology, 10GEPON technology is in line with network development trends. It has the advantages of large bandwidth, large optical splitting ratio, compatibility with EPON, unified network management, and smooth upgrade. ITU started the study of the next-generation GPON standard in 2008 and confirmed it in 2010. It is currently called the XG-PON standard. The XG-PON standard ITU-T G.987 series have been released one after another. The physical layer rate currently specified by XG-PON is asymmetric, that is, the downstream rate is 10 Gbit/s and the upstream rate is 2.5 Gbit/s. In 2015, the XGPON symmetrical solution that was cancelled in 2013 was restarted again and adopted the new name XGSPON. Unlike XGPON, the XGSPON upstream and downstream rates are both 10Gbit/s, and the ITU officially passed G.9807 in 2017. XGSPON international standard. In recent years, Internet applications such as video and games have developed rapidly, and users have a strong demand for network broadband, which has further stimulated the maturity of the 10GPON industry chain. Commercial deployment of 10G PON has begun in some cities in China.
After the establishment of the XGPON standard, FSAN started the study of NG-PON2. Its key requirements are mainly 40G downlink and 40G/10G uplink, achieving 20km transmission distance and 1:64 splitting. At that time, mainstream alternative technical solutions for NG-PON2 included high-speed TDMA-PON, TWDM PON, OFDM-PON and WDM-PON. After analysis and comparison, in April 2012, FSAN decided to adopt TWDM PON technology as the implementation plan of NG-PON2, and started to formulate the G.989.x series of standards, which was finally completed in 2015. The IEEE started NG-EPON research in 2013, and started the formulation of the 100G-EPON standard in July 2015, named IEEE802.3ca, and plans to release it within this year.
The future of the PON
It is not difficult to imagine that in the future, we need a PON technology with larger bandwidth, more users and higher efficiency. 25G/50G/100GPON has already been put on the agenda of the standards organization. In February 2018, China’s optical access network industry successfully promoted the establishment of the 50G TDM-PON standard, marking a key step taken by ITU-T in the field of next-generation PON standard research. Although IEEE did not accept the establishment of a single-wave 50G PON project, it at least clarified the future technological evolution route of PON. For the future 100G PON technology, China’s communication equipment vendors are actively investigating 100G PON technology to jointly promote standard formulation and maturity of the industry chain. The application of 100G PON is only a matter of time.
With the development of the times and the continuous advancement of science and technology, 200G/5OOG/1000G and even higher PON technologies will be slowly realized. However, in addition to studying the next generation of PON technologies, the industry is still paying close attention to a very important issue. That is, the convergence of the two technical schools of ITU-T and IEEE. EPON and GPON coexist for a long time, which is actually very unfavorable to the industry. On the one hand, it brings difficulties to the technical decisions of operators and equipment; on the other hand, it also increases the cost of the industrial chain, and industrial chain enterprises need to invest in two lines. Especially for the huge optical access network market like China, the influence of the differentiation of PON technology factions is even greater, and more waste of resources. In recent years, under the active promotion of domestic and foreign industries, ITU-T and IEEE have also made some positive “shows”, including issuing joint statements, forming working groups, and establishing liaison letter mechanisms. But for now, it will take a long time to truly realize the final integration.
What is PON?
PON refers to passive optical fiber networks.In other words, there are no electronic devices or electronic power sources in the optical distribution network, and ODN is composed of passive devices such as optical splitters, without the need for valuable active electronic equipment.A passive optical network consists of an optical line terminal (OLT) installed at a central control station and a number of ancillary optical network units (ONUs) installed at the user site.The optical distribution network (ODN) between OLT and ONU consists of an optical fiber and a passive spectrometer or coupler.At present, passive optical network PON is considered as the future development direction of access network.On the one hand, because the bandwidth it provides can meet the needs of all kinds of broadband services now and in the future, it is generally favored to solve the problem of broadband access.On the other hand, the cost is relatively low in both equipment cost and operation and maintenance management.Comprehensive economic and technical analysis shows that PON is the main technology to realize FTTB/FTTH.
What is EPON?
EPON means Ethernet Passive Optical Network. As the name implies, it is a PON technology based on Ethernet.It adopts point-to-multi-point structure, passive optical fiber transmission and provides multiple services over Ethernet.The EPON system is mainly composed of optical line terminal (OLT), optical distribution network (ODN) and optical network unit (ONU).In the EPON system, OLT is both a switch or router and a multi-service provider platform that provides fiber interfaces for passive fiber networks.
As an emerging broadband access technology, EPON achieves integrated data, voice and video service access through a single fiber optic access system with good economy.It is widely believed in the industry that FTTH is the ultimate solution for broadband access and EPON will become a mainstream broadband access technology.Due to the characteristics of EPON network structure, the special advantages of broadband access, and the organic combination with computer network, experts all over the world agree that passive optical network is the best transmission medium to realize the integration of “three networks” and solve the “last kilometer” of information superhighway.
In the EPON system, the downlink data flow adopts time division multiplexing (TDM) technology and the uplink data flow adopts time division multiple access (TDMA) technology. In this way, when the ONU receives the data packet, each ONU extracts the data packet according to the specific address information and there is no interference between ONU, which can avoid transmission conflicts.EPON technology combines low-cost and high-bandwidth Ethernet equipment with low-cost fiber network technology, which has the advantages of good compatibility, low construction and maintenance cost and high access reliability.However, it has the disadvantages of poor scalability and low cost advantage.
What is GPON?
GPON refers to gigabit-passive Optical Networks.GPON technology is the latest generation of broadband passive optical integrated access standard based on ITU.TG.984.x standard. It is regarded by most operators as an ideal technology to realize broadband and integrated transformation of access network services.GPON technology adopts the same network topology as EPON, which is mainly divided into ONU, ODN and OLT.OLT provides the interface between the network side and the core network, and connects with each ONU through ODN.As the core functional equipment of the PON system, OLT has the functions of centralized bandwidth allocation, control of ONU, real-time monitoring, operation, maintenance and management of the PON system.ONU provides user-side interface for access network, and provides access to voice, data, video and other multi-service streams and ODN, which is controlled centrally by OLT.The branch ratio supported by the system is 1:16/32/64. With the development and evolution of the optical transceiver module, the branch ratio supported will reach 1:128.
The transmission mechanism of GPON is completely the same as that of EPON. Single fiber bidirectional transmission mechanism is adopted. WDM technology is used to transmit upstream and downstream data with different wavelengths on the same optical fiber.On the same optical fiber, GPON can realize two-way signal transmission using WDM technology.Based on the traditional tree topology, the PON protection structure can be used to improve the network survivability.GPON has three major advantages, namely, longer transmission distance, higher bandwidth and strong spectral characteristics.But the technology is relatively complex and the equipment cost is high.
Comparison between EPON and GPON
The main difference between GPON and EPON is the use of completely different standards.On application,GPON has a bigger bandwidth than EPON, its business carrying more efficient, spectral ability stronger, can transmit more bandwidth business, achieve more users access, pay more attention to business and QoS guarantee, but more complex, so cost is responsible for its relative EPON is higher, but with the large-scale deployment of GPON technology, EPON and GPON is diminishing cost differences.EPON aims to be compatible with the current Ethernet technology. It is the continuation of 802.3 protocol in optical access network, fully inheriting the advantages of Ethernet, such as low price, flexible protocol, mature technology, etc., it has a wide market and good compatibility.GPON, on the other hand, is positioned as the telecommunications industry’s demand for multi-service, QoS guaranteed all-service access, and strives to seek an optimal solution that supports all services and has the highest efficiency, and proposes to “completely and completely reconsider the openness of all protocols”.EPON and GPON have different technical characteristics, which are as follows:
The technical features of EPON are as follows:
The technical features of GPON are as follows:
Due to different technical characteristics, EPON and GPON technology are actually two different market applications. EPON technology is more suitable for Internet access application type, while GPON technology is more suitable for full business operation and three-network integration application type.From the perspective of business, these are actually two market segments, but from the perspective of end users, both EPON and GPON are actually invisible to users, especially in the FTTB construction mode. Users’ terminal devices in their homes only see Ethernet interfaces and telephone interfaces, so there is no need to think about GPON and EPON.
GPON and EPON have their own features, with different application scopes and overlapping application scenarios, such as FTTB for residential users.Looking to the future of the broadband access market may not be who replaces who, should be complementary coexistence.For customers with high bandwidth, multi-service, QoS and security requirements and ATM technology as backbone network, GPON will be more suitable.For cost-sensitive, QoS and security requirements are not high customer base, EPON became the dominant.
Statement on Pierre Kim Revealing Security Vulnerabilities in C-data OLT products
We have noticed an article named “Multiple vulnerabilities found in C-Data OLTs” published in Github. C-Data admires the work of two professionals in technological circles, Pierre Kim and Alexandre Torres, and thanks for their identifying security breach problems through detailed testing, as well as for their active work in reducing the risks of users using network products. C-Data adheres to the philosophy of serving customers, and always puts customers’ interests in the first place, as well as pays special attention to the product safety problems. In this way, C-Data can provide customers with products with safety guarantee.
In the meantime, we have paid attention to some press releases published by the media, and have interpreted technical articles by Pierre Kim and Alexandre Torres. In order not to let the majority of customers misunderstand the safety design of our equipment, C-Data analyzes and clarifies the mentioned technical issues with a sincere and frank manner.
Excluding counterfeit products
The account mentioned in this article: panger123/suma123. We have investigated the account and the password. In addition, we have confirmed that the account and password are not from the C-Data OLT products, but are those used by other companies and people when they copy the C-Data OLT. The CLI style and most of its commands of the counterfeited OLT are all copied from the C-Data OLT. C-Data OLT equipment is now widely used around the world, and counterfeiters copy C-Data OLT for illegal profits.
According to the following screenshot, we can completely compare and analyze that the account of panger123/suma123 comes from an illegally copied OLT.
[Replica command line style and version information]
[C-Data FD11XX series OLT version information and command line style]
If you use the account of panger123/suma123, you can never access C-Data OLT. The following figure shows the information interception of the failed attempt to log into the C-Data OLT with panger123/suma123 account.
This article analyzes the problem regarding “Authentication process with hardcoded credentials”. The demonstration indicates that we log into the bcm-shell of OLT and receive the key information of OLT with the telnet method. The relevant information all comes from the replica, instead of the C-Data OLT. In the screenshots, the account and password information marked in red is that of the fakes.
Introduction to several factory setting accounts
OLT telnet account 1: debug/debug124
OLT telnet account 2: root/root126
This account and password are mainly used by C-Data to assist customers in debugging problems and writing production parameters. (OLT mac address information and SN information, etc.)
This account must be successfully logged in to the CONSOLE port by a local serial line on the OLT, then can entering the OLT bcm-shell mode to modify and view key information of the OLT. Use this accout under OLT TELENT mode, we can only enter the CLI of the device, can not entering OLT bcm-shell modify the key information of OLT.
If attacks want to enter the bcm-shell mode of OLT to obtain device privacy information or implant malicious programs into OLT, they must log into OLT by directly connecting the serial port line of the computer locally. In this way, by no means can the remote attackers use these two accounts to attack.
Therefore, there is no such situation as “Backdoor Access with telnet”.
In addition, as regards these two accounts, C-Data has revealed to the required customers without reservation. A common use of customers happens when they need to modify the MAC address.
[The following figure shows how to log into C-Data OLT remotely with debug/debug124 and root/root126, and how to attempt to enter the shell mode prompt. In addition, OLT prompt only supports entering bcm-shell under the direct connection of CONSOLE.]
Another usage scenario of debug/debug124 and root/root126 is when C-Data provides remote technical support at the request of customer. All C-Data’s remote access obtained customer’s consent after consultation with customers. When operating, the operator need to log in to the customer’s computer remotely, then log in to the device using the local serial ports of these two accounts, and work with the customer for positioning analysis of network problems in this way. Customer’s technicians will participate in and supervise the process of technical services throughout the process.
As for whether there is an issue where an attacker logs into the CLI using these two accounts through TELNET and then changes the configuration of the OLT, resulting in network security problems, we will further explain it in the security policy later.
OLT telnet Account3：guest/[empty]
The account and password are the account of factory default configuration, which can only check some basic information of OLT, and without having the authority to configure any OLT. The user can delete or modify the account as needed when using it.
More Secure Cryptographic Mechanism
For other models of C-Data OLTs(OLT named FD15XX, FD16XX, FD12XX, FD8000), the problem of “Backdoor Access with telnet” does not exist, because these OLTs adopt a more secure cryptographic mechanism. The device is configured with several general accounts by factory default, including root/admin, admin/admin and guest/guest, which can be used by customers to initially configure OLT. Customers need to create, delete and modify the login account and password of the device according to their own security policies when using the device. We do not recommend using the factory default username and password in the operation network.
The device retains a debugging account for assisting customers in debugging and solving problems, and this account can also be used by customer to find the forgotten password when they forget the login password of OLT. However, the account no longer uses the general password, and the password is calculated and generated according to the unique identification information of the customer’s OLT. Only when the customer provides the information of unique identification code in conjunction with the special password generation tool can the password be generated. The password of each OLT is different, which will better ensure the safety of the device.
The Requirement of WEB Login Management
The user name and password displayed in this article are actually the needs of numerous users. The account and password are the login user name and password in the web management interface of OLT. As many customers feedback that some of their junior maintenance personnel may easily forget login the username and password of OLT’s WEB management interface, and hope that higher-level managers can query the username and password of the WEB through OLT CLI, we provide this command at the customer’s request, so that customers can check the login username and password of the WEB by themselves through the command line. We believe that the customer can formulate an effective security management system, properly manage the use of usernames and passwords to avoid the risk of using this command.
Security strategies and suggestions
* Escape shell with root privileges
* Pre-Auth Remote DoS
* Credentials infoleak and credentials in clear-text (HTTP)
* Weak encryption algorithm
* Insecure management interfaces
Defense Strategy 1: In general network planning, all OLT management VLANs and service VLANs on the client-side are different. If the management VLAN used by the attacker is incorrect, this kind of planning makes it impossible to access the OLT equipment from the network-side of the OLT (uplink) or the user side (downlink to ONU).
Defense strategy 2: OLT is used as an access layer device. For many small and medium-sized ISPs, OLT is usually deployed on the intranet of its network. When the intranet goes to the public network, it will pass through the router or firewall device. Services such as telnet and http are disabled on the router and firewall equipment; Those who access the OLT are employees who have access to the OLT in the customer’s intranet; Indeed, if there are other personnel who need to access the OLT device in the intranet via the public network, they need to do port forwarding on the router or firewall, and only the customer knows the forwarding rules, so it is difficult for the attacker to obtain information and carry out attack.
Defense strategy 3: The OLT of C-Data has made a lot of control strategies, which are set by the customers themselves, and it can completely prevent network attackers from illegally logging into the device:
OLT configuring strategy 1:
It can be controlled by the OLT’s system access-control to allow certain specific IP addresses or mac to access the OLT device configured by the customer and is completely unknown to others.
OLT configuring strategy 2:
The OLT’s outband acess can be turned on or off by the customer. Customers can turn off outband management and use inband management. In this case, device management is achieved through a dedicated management channel separated from business data, thus the network security is higher.
OLT configuring strategy 3:
OLT’s Web access port can be modified by the customer and can be closed and opened by the customer.
OLT configuring strategy 4:
The OLT can be configured with a perfect acl function to prevent the device from being attacked easily.
The article by Pierre Kim and Alexandre Torres did summarize in detail, and seriously tests C-Data’s device from the perspective of security vulnerabilities. The original intention of the original article was to feedback security vulnerabilities in the device, so that technicians and users notice security risks and carry out effective security precautions, not the meaning of “OLT device backdoor” when the media relayed the dissemination, and should not be interpreted as C-Data intentionally left a backdoor on the product. C-Data expects that products will give customers the best experience and make it more convenient for them to use the device. C-Data has the ability to help customers better establish defense strategies in cyber security. C-Data also welcomes all parties to put forward reasonable suggestions, so that C-Data device can give more consideration to customers’ safety issues and confusion when using the device under the premise of providing convenience and practicality to customers. Thank you!
Original source of the document:
Online Media Reprint: