Hi there!
This time, I will share with you L1 Service Encryption.
Basic Concepts
Some customers who have high requirements for transmission security expect to establish an encryption channel for service transmission based on the physical layer.
The service encryption function uses an encryption algorithm to encrypt client services at the physical layer. Service encryption on a WDM/OTN network is called L1 service encryption.
With the convenient deployment of the following figure, the encryption processing module can be integrated into an OTU or a tributary board to implement encrypted transmission of services.
Compared with traditional encryption solutions such as L2 encryption and L3 encryption, L1 service encryption uses transport devices to transparently transmit client services. It has advantages in low bandwidth usage, low latency, and support for multiple services.
Application Scenarios
Bidirectional P2P Service Encryption
Bidirectional P2P services are encrypted and transmitted between two ends. After being encrypted at the source end, services are transmitted to the sink end through the WDM/OTN network. Then, the sink end decrypts the services. In this way, the real information from the source end can be received and prevented from being intercepted during transmission. The entire encryption process includes authentication, key negotiation, and encryption.
Unidirectional P2P/P2MP Service Encryption
Broadcast services, such as video services, are mostly unidirectional P2P/P2MP services. Such as the following figure shows the unidirectional P2P/P2MP networking. Services are encrypted at the source NE, transparently transmitted over a WDM/OTN network, and then decrypted at multiple sink NEs. The entire encryption process includes authentication, key calculation, and encryption.
Comparison between the traditional encryption solution and L1 service encryption solution
The principle and configuration procedure of L1 service encryption will be introduced in the next post.
That's all. thank you!
