Conference PaperPDF Available

Attack-aware Lightpath Provisioning in Elastic Optical Networks with Traffic Demand Variations

Attack-aware Lightpath Provisioning in Elastic
Optical Networks with Traffic Demand Variations
Konstantinos Manousakis1, Tania Panayiotou1, Panayiotis Kolios1, Ioannis Tomkos2and Georgios Ellinas1
1KIOS Research and Innovation Center of Excellence, Department of Electrical and Computer Engineering,
University of Cyprus, 1678 Nicosia, Cyprus
{manouso, panayiotou.tania, pkolios, gellinas}
2Athens Information Technology, Marousi, 15125 Athens, Greece
Abstract—This work considers lightpath provisioning in elastic
optical networks with traffic demand variations while accounting
for the impact of jamming attacks. Traffic requests are modeled
based on their variation in traffic and a number of network traffic
scenarios are pre-computed. Variations in traffic are used in
order to design the network with improved resilience to jamming
attacks in the general case, without considering a specific traffic
matrix. The mathematical formulation and heuristic algorithms
proposed in this work jointly consider the routing and spectrum
allocation problem for the pre-computed network scenarios,
aiming to minimize the required lightpath reallocations and
the number of wavelength selective switches (WSSs) placed at
specific network nodes/ports so as to minimize the impact of
jamming attacks. Performance results demonstrate the benefits
of this approach in terms of required lightpath reallocations,
number of WSSs, as well as computational time required for
dynamically reconfiguring the network when considering traffic
demand variations.
The ever increasing traffic demand of core networks is
expected to be supported by elastic optical networks (EONs),
as in EONs the spectrum is more efficiently utilized, using
finer slot granularity, compared to wavelength division multi-
plexed (WDM) networks. In addition to the increasing traffic
demands, a big challenge for the network operators is to cope
with traffic demand variations and guarantee network availabil-
ity for the requested connections. For example, traffic demand
variations can occur due to several bandwidth consuming
applications/services (e.g., 3D video, cloud computing) as well
as popular events (e.g., Olympic Games, World Cup) and will
necessitate more frequent network reconfigurations so as to
satisfy the user demands and manage the network resources
more efficiently [1].
Usually, in order to satisfy the network requests, network
operators overprovision the network, leading to a waste of
resources and increased operational and capital expenditures
(opex/capex). For this reason, several other approaches have
been proposed in the literature that reconfigure the network
so that it closely follows the traffic demand variations [2]–[5].
Generally, proactive network optimization is initially required
prior to the demand requests, followed, in real time, by
network reconfiguration. With the right network design and
real-time support, network operators can handle the expected
traffic demand, even during popular events [6].
Further, for establishing a connection in EONs, the routing
and spectrum allocation (RSA) problem must be solved, satis-
fying the spectrum continuity, contiguity, and non-overlapping
constraints [7]. In addition to the aforementioned constraints,
the crosstalk effect must also be taken into account when
provisioning a new connection (both for the new connections
as well as the already established ones), since crosstalk not
only degrades the signal quality [8] but it can also be used
to spread a jamming attack throughout the network [9], [10].
These attacks can have an even more devastating effect during
popular events, as they can cause significant service disruption
and affect a large part of the telecommunication network.
A. Previous Work
The concept of attack-aware algorithms in WDM networks
to solve the routing and wavelength assignment (RWA) prob-
lem was presented in [11]–[13] having as an objective the
minimization of the impact of high-power jamming attacks.
In these works, apart from the attack-aware RWA problem,
equalizer placement [14], monitor placement [15], and dedi-
cated path protection [16] were also considered. The concept
of jamming attacks in EONs has been considered in [17]–[20].
Authors in [17] address the problem of physical-layer security
in multi-domain flexible grid optical networks, proposing
to differentiate the routing and spectrum allocation (RSA)
schemes of intra- and inter-domain requests with security con-
siderations. Authors in [18] solve the problem of attack-aware
service provisioning in one domain of multi-domain EONs
to improve network scalability using game theory techniques.
Further, authors in [19] propose an Integer Linear Program
(ILP) for the crosstalk-aware RSA problem, while in [20], they
propose a crosstalk-aware RSA together with a wavelength
selective switch (WSS) placement technique to eliminate intra-
band crosstalk. In that work, initially, all network nodes (re-
configurable add/drop multiplexers - ROADMs) are assumed
to have a broadcast-and-select (BS) architecture, with splitters
and WSSs at the input and output ports, respectively. The
algorithm decides on the replacement of some of the splitters
with WSSs at the input stage of the BS-based architecture
in order to compensate for the in-band crosstalk interactions
among lightpaths. In fact, the algorithm tries to achieve zero
crosstalk interactions and in the cases where it is not possible,
WSSs are placed to compensate for these interactions.
In the aforementioned works, the authors assume that the
traffic demand is static and that it can be known a priori.
Therefore, none of these works considers traffic demand
variations and lightpath reallocations that are required for such
traffic, while at the same time considering the impact of intra-
band jamming attacks, which is precisely the focus of this
Further, it is also important to note that there exist several
works in the literature that reallocate the lightpaths considering
dynamic traffic or variations in traffic [24]–[26]. However,
none of these works considers how one network configuration
can affect the other configurations, nor do they consider the
crosstalk effect, thus, the proposed solutions can result in high
network blocking probabilities.
B. Our Contribution
In this work, the attack-aware (Aa)-RSA and WSS place-
ment problems in EONs (with the WSS placement problem
following the procedure described above [20]) are solved for
satisfying jointly several sets of connection requests (demand
scenarios). A demand scenario is defined as a possible demand
state that can be found based on traffic demand variations (by
considering the stochastic nature of the traffic that varies with
time [21], [22]). The proposed algorithms use models that take
advantage of the fact that probability distributions governing
the traffic demands are known or can be estimated. Therefore,
the traffic is modeled in order to precompute a number of
possible configurations that have high probability to appear in
the network.
The output of the problem solution is a set of network
configurations, where a network configuration is a RSA so-
lution and the WSS placement for each demand scenario. The
network configurations are computed offline and can be used
online for dynamic reconfiguration of the network in order
to meet the traffic demand variations. One of the problem
objectives is to minimize the required lightpath reallocations
between different network configurations. Another objective
of the problem is to minimize the number of required WSSs
for all the possible demand scenarios in order to compensate
for the crosstalk effect and therefore to minimize the impact
of jamming attacks.
The novelty of this work is the design of optimization as
well as heuristic algorithms that jointly consider the crosstalk-
aware RSA problem with WSS placement and the lightpath
reallocations between different demand scenarios. Thus, the
solutions consider the network configurations jointly in order
to avoid lightpath reallocations. In addition, the WSS place-
ment considers the variations in traffic and places the WSSs
not only at specific nodes but also decides in which node
ports to place the WSSs in order to satisfy jointly the network
configurations, for every possible traffic demand scenario.
Consequently, the algorithms reduce both the capex, by
minimizing the required number of WSSs, and the opex, by
minimizing the number of lightpath reallocations and thus
reducing the computational complexity and time required in
the path computation element (PCE) for reconfiguring the
network upon variations in the traffic demand.
The reader should note that in this work the term reconfigu-
ration is used to denote the change between one configuration
of the network to another (in terms of established lightpaths),
while the term reallocation is used to denote the tear-down
and the setup of a lightpath (leading to service disruption) in
order to meet the variation in traffic.
The rest of the paper is organized as follows. Section II
presents the traffic demand modeling, while Section III
presents the concept of jamming attacks and WSS placement.
Section IV provides the mathematical formulation of the
problem. Section V presents the proposed attack-aware RSA
heuristic algorithms, while performance results are discussed
in Section VI. Finally, Section VII offers some concluding
remarks and avenues for future work.
In this work, without loss of generality, during normal
network operation, we assume traffic that is log-normally
distributed and each connection is described by its own
distribution as described in [21], [22] (note that any other
traffic distribution can also be applied in this work). Further,
regarding traffic modeling during popular events, we assume
that each connection is described by its expected bandwidth
demand during the occurrence of the specific event. On this
basis, the traffic demand for each connection nduring normal
network operation is described by ZnLN(µn, σ2
during popular events is described by a fixed value ei
n, where
ndenotes the expected bandwidth demand of connection n
during the occurrence of the ith event.
For normal network operation, we find the distribution
describing the probability of the network being at a particular
state (demand scenario) s={dn}N
n=1, where Nis the
number of connections in scenario s, and dnis the bandwidth
demand of connection n. For finding such a distribution,
Monte Carlo simulations are performed, by sampling the
discretized {Zn}N
n=1 distributions. Regarding popular events,
the assumption is that these events are known in advance and
occur with certainty at particular time intervals. Their related
states (demand scenarios) can be easily found by the {ei
values. Upon the occurrence of such events, the network
switches to some pre-computed network configurations.
Finding the discretized distribution allows us to find the
possible traffic demand scenarios of the network and accord-
ingly to solve the crosstalk-aware RSA problem for different
network configurations. Each distribution is a function of the
bandwidth demand that is measured according to the requested
number of spectrum slots. Even though the requested number
of spectrum slots depends on several factors, such as the trans-
mission distance, the modulation format, and the quality-of-
transmission (QoT) requirements, for simplicity, and without
loss of generality, we assume that the distributions directly
reflect the requested number of spectrum slots; an assumption
that does not affect the scope of this work. As the number
of possible scenarios may render the crosstalk-aware RSA
problem computationally intractable, the scenarios that rarely
appear, are not considered while solving this problem. These
scenarios, if they appear, can be handled dynamically.
In-band crosstalk in optical networks is the result of power
leakage between two signals on the same wavelength crossing
an optical node. In-band crosstalk must be addressed in optical
networks, as it not only causes optical signal degradation
but it can be potentially used to launch high-power in-band
jamming attacks in the network (an attacker injects a high-
power signal at an optical node on the same wavelength as
the information carrying signal). A high-power jamming signal
can cause significant leakage inside the switches between
lightpaths that are on the same wavelength as the attacking
signal, resulting in lightpath signals that cannot be recovered
at their respective receivers. It is further important to note that
these affected lightpaths become secondary attackers, affecting
other lightpaths on the same wavelength that they encounter
at other switching nodes along their path, and so on. Thus, the
high-power jamming attack can potentially spread through the
network affecting a large number of lightpaths [13]. Several
of the works mentioned in Section I tried to address this
problem by solving the RWA/RSA problems in WDM/EON
networks respectively in such a way that if an attack happens
the propagation effect is minimized [11]–[13], [19].
To address such an attack, other works [20] proposed algo-
rithms that initially aim to minimize the crosstalk interactions
among lightpaths as much as possible (through crosstalk-
aware RSA), trying to achieve zero interactions. If this is not
possible, then splitters are replaced by WSSs at the input stage
of the ROADMs where there are lightpath interactions through
in-band crosstalk (utilizing the minimum required number)
in order to further compensate for the crosstalk effect and
minimize the impact of a jamming attack. The replacement of
a few splitters with WSSs at specific locations of the network
will maintain the network cost low while at the same time the
crosstalk effect will be decreased with the use of the WSSs.
Therefore, the impact of jamming attacks will be minimized.
In this work, the problem of the placement of WSSs is
further explored in order to cover a set of demand scenarios.
In this case, each of the demand scenarios must be satisfied,
while the WSSs must be placed in positions that also satisfy
all the different demand scenarios. Thus, the RSA solution of
each set must be taken into account by the other demand sets in
order for the total number of required WSSs to be minimized.
A mathematical formulation is presented in this section
for the efficient establishment of connections in EONs with
traffic demand variations. To capture the uncertainties in
the traffic demand, mathematical optimization is employed
through scenario construction, where the number of required
lightpath reallocations as well as the number of WSSs are
minimized for the sum of deterministic equivalent instances.
Note that the in-band crosstalk interactions are minimized per
scenario, whereas the minimum number and the placement of
WSSs are chosen in order to satisfy all demand scenarios.
In particular, the attack-aware RSA and WSS placement
problem is solved having as an objective to minimize spectrum
utilization, the number of lightpath reallocations, and also the
number of required WSSs. The proposed algorithm consists of
two phases; in the first phase, kcandidate paths are identified
for each source-destination pair by employing a k-shortest
path algorithm [23], while in the second phase the problem
is formulated taking as input the output of the first phase (i.e.,
the set of kcandidate paths). Its parameters, variables, and
objective/constraints are shown below:
(d, s)Ds: a demand dfor scenario s
fF: a spectrum slot over the available spectrum slots
pP: a candidate path
lE: a network link
d: required number of slots for demand dof scenario s
S: set of all scenarios
Pd: set of candidate paths to serve demand d
πs: probability for scenario sto occur
B,M: large constants that are used to activate/deactivate
a constraint, where MB
pf : Boolean variable for the sth realization, equal to 1
if path pand frequency slot fare used to serve demand
dand equal to 0otherwise.
ypf Boolean variable, equal to 1if frequency slot fis the
starting spectrum slot of a contiguous spectrum to serve
demand dover path pand equal to 0otherwise.
zl: Boolean variable, equal to 1if there exists a WSS at
the end of link land equal to 0otherwise.
Objective:Minimize :
pf +X
c3·ypf (1)
Subject to the following constraints:
Demand constraint
pf =Fs
d,(d, s)Ds,sS(2)
Contiguity constraint
pf xs
p(f1) ypf ,pP, fF, sS(3)
Case: f= 1, then, xs
p(f1) = 0,sS
Non-overlapping spectrum
pf 1,lE, fF, sS(4)
Jamming interactions and WSS placement
pf M·zlB, (5)
lp, pP, fF, sS
The objective function, (Eq. 1) accounts for (i) the number
of required frequency slots, (ii) the number of required WSSs,
and (iii) the number of required reallocations. Each coefficient
ci(i= 1,2,3), declares the relative impact of each term of the
objective. The frequency slot minimization is considered based
on the probability πsassociated with a particular scenario.
This means that a scenario that is more probable to happen
will have a higher impact on the objective function.
In addition, a number of xs
pf Boolean variables are activated
to satisfy the different scenarios. Hence, a number of path-slot
pairs are assigned for each source-destination request, that are
jointly optimized to minimize the objective function. Note that
the assignment for each demand scenario sis decided based
on the assignment for every other scenario, thus the path-slot
pairs are chosen in such a way so as to minimize the overall
cost indicated in the objective function.
Constraint 1(Eq. 2) ensures that all lightpaths have a
total capacity equal to the requested demand for each of the
realizations and thus all incoming traffic is satisfied. Constraint
2(Eq. 3) ensures that each demand is assigned contiguous
spectrum on all the fibers of each path. Specifically, this
constraint counts the transitions from zero to one. In this
way, variable ypf keeps track of the starting frequency slot to
serve a demand. Variable ypf is the same for all the different
scenario realizations. Therefore, taking into account the ob-
jective and this constraint the spectrum and path reallocations
are minimized as much as possible. Constraint 3(Eq. 4)
is the non-overlapping spectrum constraint and ensures that
each spectrum slot is used at most once on each fiber for
each scenario realization. Note that the spectrum continuity
constraint (each demand is assigned the same spectrum along
all the edges of the path) in this formulation is taken into
account via the definition of the xs
pf variable. Finally, Con-
straint 4(Eq. 5) is included in order to account for the in-
band jamming interactions and to minimize the number of
required WSSs. In Constraint 4,Band Mare constants (taking
large values), where MB. The reason for introducing
constant Bis to take into account only the constraints for the
lightpaths that will be used from all the candidate lightpaths
(activate/deactivate the constraint). Additionally, the reason
for introducing constant Mis to account for the replacement
of splitters with WSSs (activate/deactivate the constraint). In
Constraint 4,P{p0|mp,p0}xs
p0fis the total number of in-
band crosstalk interfering sources that affect the signal of
lightpath (p, f )at node mfor the sth scenario, while variable
zlspecifies where to place the required WSSs. Note that node
nin Constraint 4is the end-node of link l. Based on the
objective function, the WSSs are placed at specific locations
inside the network nodes in order to satisfy all the different
scenarios under consideration.
To solve the problem utilizing an algorithmic approach,
we propose the attack-aware expansion/reduction RSA (Aa-
ER-RSA) heuristic algorithm that aims at finding a set of
network configurations that (i) supports all possible traffic
demand scenarios, (ii) minimizes the number of WSSs re-
quired for handling the crosstalk effect, and (iii) minimizes the
service interruptions that may occur during switching between
sequential (in time) configurations (including configurations
that support popular events). To achieve this, the proposed
algorithm finds a set of network configurations that are similar
(as much as possible) in their lightpaths (routing paths and
allocated spectrum) and support the possible future demand
when appropriately expanding/reducing [24] the allocated
spectrum of each lightpath. By doing so, we aim to reduce
the number of WSSs required for supporting all the possible
network configurations and minimizing the service disruptions
that may occur during switching between sequential (in time)
network configurations.
The Aa-ER-RSA algorithm is compared to a complete reallo-
cation attack-aware RSA algorithm (Aa-REC-RSA) that solves
the provisioning problem for each scenario without consid-
ering the configurations found in previous scenarios (only
the WSSs found from previous network configurations are
considered). Thus, a compete lightpath reallocation takes place
for each scenario, aiming to minimize the number of WSSs
required for supporting all the possible demand scenarios.
In general, with the usage of the expansion/reduction policy,
traffic interruptions can be avoided [25] but the resources may
not be efficiently utilized amongst the established connections.
Compared to the expansion/reduction policy, the complete
reallocation policy requires higher computational complexity
and complex algorithms in the PCE for minimizing traffic
interruptions [26]. Both the Aa-ER-RSA and Aa-REC-RSA
heuristics are described in Algorithm 1, while the expan-
sion/reduction (ER) procedure of the Aa-ER-RSA heuristic is
described in Algorithm 2.
Algorithm 1 Aa-x-RSA Heuristic Algorithm
Input: The set S={si}D
i=1, where siis a demand scenario with
πsi> p. Set Sis sorted in descending order with the scenario
demanding the maximum cumulative spectrum placed first on the
Output: The sets Wand {Csi}D
i=1, where Wis the set of WSSs
and Csiis the set of established lightpaths for demand scenario si.
1: W→ ∅
2: Csi ∅ ∀siS
3: for i= 1 to Ddo
4: if i= 1 OR x= Rec then
5: Solve the Aa-REC-RSA problem for all connections in si
6: Update sets Csiand W
7: else
8: Solve Algorithm 2
9: Update sets Csiand W(updates in Wmay occur only
from the reallocated connections)
10: end if
11: end for
12: Return sets CsisiS, and W
In general, both heuristics (Algorithm 1) start from the
traffic demand scenario sdemanding the maximum cumulative
bandwidth and continue to scenario s0with a cumulative
Algorithm 2 ER Algorithm
1: Identify in sithe connections that remain unchanged, need to be
reduced or expanded in their spectrum when compared to their
allocated spectrum at s(i1).
2: From Cs(i1) add in Csithe lightpaths that remain unchanged
or need to be reduced in their spectrum.
3: In Csiupdate the information regarding the allocated spectrum
of the lightpaths that need to be reduced in their spectrum
(by removing the necessary number of slots, starting from the
rightmost slot, and shifting the central frequency accordingly).
4: In Csiadd from Cs(i1) the lightpaths where expansion is
feasible and update in Csiinformation regarding their allocated
spectrum (by adding the necessary number of slots, starting from
the rightmost slot, and shifting the central frequency accord-
5: For each connection in sithat its expansion is not feasible, solve
the Aa-RSA problem (reallocate).
bandwidth that is closer to that of the previous scenario.
Specifically, the Aa-x-RSA problem is solved for each sce-
nario, s, by taking into account the previous WSS placement.
For the first scenario (s) on the sorted list or when reallocation
is needed (i.e., when the REC procedure is followed (x=REC)
or when connection expansion is not feasible in the ER
procedure (x=ER)), the heuristic solves the Aa-RSA problem
as follows: For the routing procedure, it calculates k-shortest
paths and for each one of the kpaths the spectrum allocation is
solved according to the first-fit scheme. Among the candidate
lightpaths, the one that yields the minimum crosstalk penalty is
chosen, where the crosstalk penalty, rj, for the jth lightpath is
defined as the number of nodes the jth lightpath overlaps (on
its allocated spectrum) with the already established lightpaths.
If the minimum crosstalk penalty is not zero, WSSs are placed
at the necessary network nodes’ input ports for eliminating the
crosstalk effect among the overlapping connections.
The reader should note that as the number of possible
scenarios may render the problem computationally intractable,
the scenarios that rarely appear are not be considered during
Aa-x-RSA. Specifically, in this work, the heuristics are solved
for all scenarios swith πs> p, where pis a probability
threshold used so as not to consider the scenarios that rarely
occur. These rare scenarios can be handled online given the
placement of the WSSs.
To evaluate the performance of the proposed optimization
and heuristic algorithms, a small network with 6nodes and 9
links, and the generic Deutsche Telekom (DT) network with
14 nodes and 23 links (Fig. 1), were considered, and each
spectrum slot was assumed to occupy 12.5GHz. For solving
the mathematical formulation, the Gurobi library was used [27]
and a PC with Core i52400@3.1GHz and 16GB memory was
used for the simulation environment. The proposed algorithms
are investigated and compared for different metrics; number of
required WSSs, number of lightpath reallocations, and running
times. In this work, it is assumed that the network has some
traffic demands that vary over time based on a log-normal
distribution (other distributions can be considered as well)
and some fixed connections, where their bandwidth demand
was set to be constant for all the different scenarios (the
requested number of slots was chosen uniformly between 0
and 5). For all connections, the source destination pairs were
chosen randomly. Further, ten (10) executions corresponding to
different traffic instances for each traffic load were performed
and for all simulations the network resources were enough to
establish all connections (i.e., the blocking probability was set
to zero in order to fairly compare all approaches in terms of
the investigated metrics). The mathematical formulation and
the Aa-ER-RSA heuristic algorithm are compared with the
Aa-REC-RSA heuristic algorithm to illustrate the benefits to
network planning and operation when jointly considering the
crosstalk-aware RSA problem with WSS placement and the
lightpath reallocations between different demand scenarios. It
is noted that the coefficients ciof the objective functions (Eq.
1) were set equal to one (ci= 1), since it is assumed that all
the terms equally contribute to the objective function. Different
values for these coefficients can be used when the monetary
cost of using a spectrum slot, reallocating a connection and
the cost of the WSS is determined.
Fig. 1. (a) 6-node network, and (b) DT network topology.
A. Results for the 6-node Network
For the 6-node network, six of the connections follow the
log-normal distribution, whereas the rest are set to be static.
We assume that the 6-node network supports 30 slots per link.
Each connection’s bandwidth demand was assumed to take
values between 2and 10 slots (increasing by 2slots between
sequential intervals). Monte Carlo simulations returned 23
scenarios with probability p102. The mean numbers
of requested slots (static and log-normal) per scenario are
shown in Table I. This table depicts a comparison of the pro-
posed mathematical formulation and the heuristic algorithms
for the requested connections with respect to the objective
performance and the required running time for different mean
numbers of requested slots per scenario.
The Aa-REC-RSA algorithm is used as a benchmark for
lightpath reallocations. In this case, the required number of
reallocations is high compared to the rest of the algorithms that
have as an objective the minimization of the lightpath reallo-
cations. Specifically, it is shown that the Aa-ER-RSA heuristic
Mean slot
Formulation Aa-ER-RSA Aa-REC-RSA
33 0 0 2.7m 0 0 0.55s 0 95 10s
47 0 0 25h 5 0 1.86s 6 329 38s
59 0 0 48h 10 0 2.5s 10 380 46s
75 4 0 48h 11 0 2.5s 15 483 53s
85 4 1 48h 11 0 2.55s 18 502 1m
100 7 2 48h 14 0 2.77s 18 512 1m
algorithm requires no lightpath reallocations for all cases under
consideration and has better performance compared to the
mathematical formulation, since the optimization algorithm re-
quires 12reallocations for the examined scenarios. However,
the mathematical formulation requires less number of WSSs
to compensate for the crosstalk-related interactions among
lightpaths compared to the Aa-ER-RSA heuristic algorithm.
This occurs due to the fact that the Aa-ER-RSA heuristic
algorithm has as a primary objective the minimization of the
number of lightpath reallocations and as a secondary objective
the minimization of WSSs, whereas the optimization algorithm
tries to jointly optimize the number of required frequency slots,
the number of lightpath reallocations, as well as the number
of required WSSs.
The mathematical formulation found the best bound (op-
timal solution) for the first two cases in 3minutes and 25
hours, respectively. For the rest of the cases, the optimal
solution cannot be found and the algorithm terminated due
to the time limit that was set to 48 hours, as the running
time of the mathematical formulation increases exponentially
with the traffic load. On the other hand, the Aa-ER-RSA
heuristic required less than 3minutes of running time for
all the cases under consideration. The reader should note
that this time period is just for planning purposes and that
the online adaptation can be performed on the order of
seconds or even milliseconds [28]. It must also be noted that
the performance of crosstalk-unaware algorithms exhibit high
number of lightpath interactions irrespective of the number of
scenarios considered (one or more scenarios) and thus require
a high number of WSSs [20].
B. Results for the DT Network
For the DT network, 10 of the connections follow the
log-normal distribution, whereas the rest are set to be static.
The DT network is assumed to support 300 slots per link.
Each connection’s bandwidth demand was assumed to take
values between 2and 10 slots (increasing by 2slots between
sequential intervals). Monte Carlo simulations returned 707
scenarios with probability p102. In this scenario, only the
heuristics are implemented and compared as the mathematical
formulation cannot be implemented due to the large network
As can be seen from Figs. 2 - 4, the Aa-ER-RSA algo-
rithm significantly outperforms Aa-REC-RSA for all metrics
considered. Note that due to the high running time (62 hours)
Fig. 2. Running time vs. mean requested number of slots per scenario.
required by Aa-REC-RSA for the case of 832 requested slots
(Fig. 2), we have chosen not to examine any other scenario
requesting a larger number of slots. Also, note that Aa-ER-
RSA, even for the case of 832 requested slots, ran in only a
few minutes, as it does not need to recompute the lightpaths
for every scenario and for every connection within each
scenario, since it follows an expansion/reduction policy for
adjusting the spectrum of the already established connections.
On the contrary, Aa-REC-RSA recomputes the lightpaths for
every scenario and for every connection within each scenario,
leading to both an increased computational time (Fig. 2)
and an increased number of reallocations (Fig. 4) and as a
consequence an increased number of service interruptions.
Fig. 3. Number of WSSs vs. mean requested number of slots per scenario.
Regarding the number of WSSs, Aa-ER-RSA requires signif-
icantly fewer WSSs than Aa-REC-RSA as can be seen in Fig. 3.
This is due to the fact that Aa-ER-RSA finds a set of network
configurations that are similar in their computed lightpaths and
for which the crosstalk effect can be mitigated by “almost”
the same set of WSSs. In contrast, Aa-REC-RSA has to find
a new network configuration for each scenario without taking
into account the WSSs that are already placed in the network.
This work proposed attack-aware RSA optimization and
heuristic algorithms in EONs, that consider a set of different
scenarios representing demands with uncertainty that vary
Fig. 4. Number of reallocations vs. mean requested number of slots per
over time. The aim of these algorithms is to minimize the
number of WSSs, placed at the input ports of specific network
nodes, required to mitigate the crosstalk effect, and thus the
spread of an attack, as well as to minimize the required light-
path reallocations between different traffic scenarios. Thus,
the proposed technique reduces both the network capex and
opex, by minimizing the required number of WSSs and the
number of lightpath reallocations upon variations in the traffic
demand. Performance results demonstrate the effectiveness of
the heuristic algorithm in terms of computational time, as
the proposed heuristic performs close to the results of the
mathematical formulation, while outperforming the complete
reallocation policy.
Future works will explore decomposition techniques for
the mathematical formulation so as to address larger network
problems. In addition, online reconfigurability of the network
with samples from the distributions of the connections will be
This work has been partially supported by the European
Union’s Horizon 2020 research and innovation programme
under grant agreement No 739551 (KIOS CoE) and from the
Government of the Republic of Cyprus through the Directorate
General for European Programmes, Coordination and Devel-
opment. It was also partially supported by the Cyprus Research
and Innovation Foundation under project CULTURE/AWARD-
YR/0418/0014. This article is based upon work from COST
Action CA15127 (Resilient communication services protecting
end-user applications from disaster-based failures RECODIS)
supported by COST (European Cooperation in Science and
[1] Cisco white paper, “The Zettabyte Era: Trends and Analysis,” 2017.
[2] R. Alvizu, S. Troia, G. Maier and A. Pattavina, “Matheuristic with
Machine-learning-based Prediction for Software-defined Mobile Metro-
core Networks,” IEEE/OSA Journal of Optical Communications and
Networking, 9(9):19–30, 2017.
[3] F. Morales, M. Ruiz, L. Gifre, L. M. Contreras, V. Lopez and L. Velasco,
“Virtual Network Topology Adaptability based on Data Analytics for
Traffic Prediction,IEEE/OSA Journal of Optical Communications and
Networking, 9(1):35–45, 2017.
[4] N. Fern´
andez et al., “Virtual Topology Reconfiguration in Optical Net-
works by means of Cognition: Evaluation and Experimental Validation,”
IEEE/OSA J. of Opt. Commun. Netw., 7(1):162–173, 2015.
[5] T. Panayiotou, K. Manousakis, S. P. Chatzis and G. Ellinas, “A Data-
Driven Bandwidth Allocation Framework with QoS Considerations for
EONs,” IEEE/OSA J. of Lightw. Techn., 37(9):1853–1864, May 2019.
[6] Ericsson, “Ericsson Mobility Report”,, 2018.
[7] K. Christodoulopoulos, I. Tomkos and E. A. Varvarigos, “Elastic
Bandwidth Allocation in Flexible OFDM-based Optical Networks,
IEEE/OSA Journal of Lightwave Technology, 29(9):1354–1366, 2011.
[8] M. Filer and S. Tibuleac, “N-degree ROADM Architecture Comparison:
Broadcast-and-select versus Route-and-select in 120 Gb/s DP-QPSK
Transmission Systems,Proc. IEEE/OSA OFC, San Francisco, CA,
[9] N. Skorin-Kapov, M. Furdek, S. Zsigmond and L. Wosinska, “Physical-
layer Security in Evolving Optical Networks,IEEE Comm. Magazine,
54(8):110-117, 2016.
[10] M. Furdek et al., “An Overview of Security Challenges in Commu-
nication Networks,” Proc. IEEE International Workshop on Resilient
Networks Design and Modeling (RNDM), Halmstad, pp. 43-50, 2016.
[11] N. Skorin-Kapov, et al., “A New Approach to Optical Networks Se-
curity: Attack-aware Routing and Wavelength Assignment,” IEEE/ACM
Transactions on Networking, 18(3):750760, 2010.
[12] N. Skorin-Kapov, et al., “Wavelength Assignment for Reducing In-band
Crosstalk Attack Propagation in Optical Networks: ILP Formulations
and Heuristic Algorithms,” Eur. J. of Oper. Res., 222(3):418–429, 2012.
[13] K. Manousakis and G. Ellinas, “Attack-aware Planning of Transparent
Optical Networks,” Optical Switc. and Netw., 19(2):97–109, 2016.
[14] K. Manousakis and G. Ellinas, “Equalizer Placement and Wavelength
Selective Switch Architecture for Optical Network Security,” Proc. IEEE
Symposium on Computers and Communication (ISCC), 2015.
[15] D. Monoyios, K. Manousakis, C. Christodoulou, K. Vlachos, and G.
Ellinas, “Attack-aware Resource Planning and Sparse Monitor Placement
in Optical Networks”, Optical Switching and Netw., 29:46–56, 2018.
[16] M. Furdek, N. Skorin-Kapov and L. Wosinska, “Attack-Aware Dedicated
Path Protection in Optical Networks,” IEEE/OSA Journal of Lightwave
Technology, 34(4):1050-1061, 2016.
[17] J. Zhu, B. Zhao, W. Lu, and Z. Zhu, “Attack-Aware Service Provisioning
to Enhance Physical-Layer Security in Multi-Domain EONs,” IEEE/OSA
Journal of Lightwave Technology, 34(11):2645-2655, 2016.
[18] J. Zhu, B. Zhao and Z. Zhu, “Leveraging Game Theory to Achieve Effi-
cient Attack-Aware Service Provisioning in EONs,” IEEE/OSA Journal
of Lightwave Technology, 35(10):1785–1796, 2017.
[19] K. Manousakis and G. Ellinas, “Crosstalk-aware Routing and Spectrum
Assignment in Flexible Grid Networks,” Proc. IEEE Symposium on
Computers and Communication (ISCC), Messina, Italy, 2016.
[20] K. Manousakis and G. Ellinas, “Crosstalk-Aware Routing Spectrum
Assignment and WSS Placement in Flexible Grid Optical Networks,
IEEE/OSA Journal of Lightwave Technology, 35(9):1477–1489, 2017.
[21] I. Antoniou, et al., “On the Log-normal Distribution of Network Traffic,
Physica D, Nonlinear Phenomena, 167(12):72–85, 2002.
[22] M. Kassim, et al., “Statistical Analysis and Modeling of Internet Traffic
IP-Based Network for Tele-traffic Engineering,” ARPN J. of Eng. and
Applied Sciences, 10(3):1505–1512, 2015.
[23] J.Y. Yen, “Finding the k Shortest Loopless Paths in a Network,
Management Science, 17(11):712–716, 1971.
[24] K. Christodoulopoulos, I. Tomkos, and E. Varvarigos, “Time-Varying
Spectrum Allocation Policies and Blocking Analysis in Flexible Optical
Networks,” IEEE J. on Sel. Areas in Commun., 31(1):13–25, 2013.
[25] F. Cugini, et al., “Push-pull Defragmentation without Traffic Disruption
in Flexible Grid Optical Networks,IEEE/OSA Journal of Lightwave
Technology, 31(1):125–133, 2013.
[26] M. Klinkowski, et al., “Elastic Spectrum Allocation for Time-Varying
Traffic in FlexGrid Optical Networks,IEEE J. on Sel. Areas in
Commun., 31(1):26–38, 2013.
[27] Gurobi Optimization, Inc. “Gurobi Optimizer Reference Manual,” 2016,
[28] Int. Telecommun. Union, “Architecture for the Automatically Switched
Optical Network”, Rec. ITU-T G.8080, Geneva, Switzerland, 2012.
For several decades, optical networks, due to their high capacity and long-distance transmission range, have been used as the major communication technology to serve network traffic, especially in the core and metro segments of communication networks. Unfortunately, our society has often experienced how the correct functioning of these critical infrastructures can be substantially hindered by massive failures triggered by natural disasters, weather-related disruptions and malicious human activities. In this position paper, we discuss the impact on optical networks of all major classes of disaster events mentioned above, and we overview recent relevant techniques that have been proposed to increase the disaster resilience of optical networks against the various classes of disaster events. We start by presenting some proactive methods to be applied before the occurrence of a disaster. Then we move our focus also on other preparedness methods that can be executed in the (typically short) time frame between the occurrence of an early alert of an incoming disaster and the time a disaster actually hits the network. Finally, we discuss reactive procedures that allow performing post-disaster recovery operations effectively. The analysis of disaster resilience mechanisms provided in this paper covers both wired and optical wireless communication infrastructures and also contains explicit remarks covering the role of emerging technologies (e.g., fixed-mobile convergence in the 5G era and beyond) in disaster resilience.
This work presents optimization algorithms on attack-aware routing and spectrum allocation (Aa-RSA) in conjunction with spectrum selective switch (SSS) placement, taking into account variations in traffic demands. The objectives of the algorithms are to minimize the required number of SSSs, as well as the number of lightpath re-allocations between different demand scenarios, taking into account the crosstalk interactions that could potentially be utilized during a jamming attack to facilitate the spread of the attack to additional lightpaths throughout the network. To solve the offline network design problem, first the proposed Aa-RSA algorithm is modeled as a mathematical formulation that jointly considers all the design parameters. Then, ILP-based decomposition techniques and graph-based heuristics are also proposed to address large-sized networks. Additionally, it is shown through a dynamic time-varying Aa-RSA scenario, that the offline pre-calculated network configurations are a good fit for the traffic demand variations, eliminating the computational time required in the path computation element (PCE) for dynamically reconfiguring the network. The benefits of each of the proposed algorithms with respect to the network’s operating and capital expenditures (measured in terms of performance metrics such as the number of SSSs deployed, the spectrum utilization, and the number of re-allocations) are reported and validated through extensive simulation results.
Full-text available
This work proposes a data-driven bandwidth allocation (BA) framework for periodically and dynamically reconfiguring an elastic optical network according to predictive bandwidth allocation (PBA) models. The proposed framework is scalable to the number of network connections and also adaptive to the increasing traffic of each network connection separately and to the overall network load as well. This is achieved by formulating the BA problem as a Partially Observable Markov Decision Process, which constitutes are reinforcement learning (RL) model. Specifically, RL is performed continuously and independently (locally) for each network connection according to the most recent data that describe the traffic demand behavior of each network connection. A central controller monitors the network performance that is jointly achieved from all the PBA models and is capable of dynamically modifying the reward function of the POMDP, ensuring that the quality-of-service requirements are met. A reward function R(C) is examined with a clear impact on the network performance when C is modified. For evaluating the network performance, for each R(C), the routing and spectrum allocation (RSA) problem is solved according to an Integer Linear Programming (ILP) algorithm and an RSA heuristic alternative, with both the ILP and the heuristic RSA taking as inputs the outputs of the inferred PBA models. Results indicate that with the appropriate settings of C, bandwidth is efficiently allocated, while ensuring that the QoS requirements are met.
Full-text available
This work presents joint optimization algorithms for lightpath establishment as well as sparse placement of optical performance monitoring (OPM) equipment in optical networks. OPMs are necessary to efficiently monitor the impact of physical layer attacks and are usually placed at locations that are more probable to be impacted by jamming attacks. A jamming attack is defined as a harmful signal interference with other signals, leading to service degradation, that is possible through intra-channel or inter-channel crosstalk effects. An Integer Linear Program (ILP) formulation is proposed to solve the problem of attack-aware routing and wavelength assignment (Aa-RWA), jointly with the placement of OPM equipment, in order to minimize the impact of physical layer jamming attacks in optical networks. Moreover, a Genetic Algorithm (GA) is proposed to solve the same optimization problem. The proposed GA algorithm is compared to the ILP formulation as well as to an attack-unaware RWA algorithm that has as an objective the minimization of the number of wavelengths required to accommodate all traffic demands, not accounting for the crosstalk interactions. Simulation results indicate that the proposed GA algorithm provides a solution that is close to the optimal in terms of crosstalk interactions, while also providing a very good solution in resource usage, measured in terms of the required number of wavelengths.
Full-text available
In general, humans follow a routine with highly predictable daily movements. For instance, we commute from home to work on a daily basis and visit a selected set of places for commercial and recreational purposes during the nights and weekends. The use of mobile phones increases when commuting via public transportation, during lunch breaks, and at night. Such regular behavior creates predictable spatiotemporal fluctuations of traffic patterns. In this paper, we introduce a matheuristic for dynamic optical routing, which can be implemented as an application into a software-defined mobile carrier network. We use machine learning to predict tidal traffic variations in a mobile metro-core network, which allows us to solve off-line mixed-integer linear programming instances of an optical routing (and wavelength) assignment optimization problem. The optimal results are used to favor near-optimal on-line routing decisions. Results demonstrate the effectiveness of our on-line methodology, with results that match almost perfectly the behavior of a network that performs optical routing reconfiguration with a perfect, oracle-like traffic prediction and the solution of an optimization problem.
Conference Paper
Full-text available
The ongoing transition towards a networked society requires reliable and secure network infrastructure and services. As networks evolve from simple point to point systems towards complex, software-defined, ultra-high capacity and reach, and distributed cloud environments, new security challenges emerge. The EU-funded RECODIS project aims at coordinating and fostering research collaboration in Europe on disaster resiliency in communication networks. One of the disaster types, considered by RECODIS Working Group (WG) 4, are deliberate human-made attacks aimed at gaining unauthorized access to the network or disrupting the service. In order to develop methods for increasing network security in the presence of attacks, it is crucial to first identify the security vulnerabilities and attack methods that exploit them, as well as the capabilities and shortcomings of existing security schemes. To this end, the members of RECODIS WG4 performed a comprehensive overview of attack methods and security approaches from the literature. This overview covers the security vulnerabilities inherent to the underlying physical layer, the implications of software-defined networking to security, and security challenges in cloud networks spanning geographically distributed data centers.
Due to crosstalk-induced interactions among different connections, malicious high-power jamming signals can potentially spread widely in a transparent optical network. Moreover, due to imperfect port isolation in wavelength selective switches (WSSs), present within optical switching nodes, crosstalk also affects the quality of the transmitted signal. Therefore, it is necessary to design an optical network in a way that the effect of crosstalk is minimized, while at the same time keeping the cost and the power consumption of the network low. This is achieved in this work by the design of appropriate WSS placement and crosstalk-aware Routing and Spectrum Assignment (RSA) algorithms in flexible grid optical networks, in the form of an Integer Linear Program (ILP) formulation and a heuristic algorithm analogous to vertex coloring. The objective of the optimization algorithms is to minimize the impact of the crosstalk effect, thus minimizing the impact to the normal operation of the network. The optimization objective is enhanced with proper functions in order to minimize the capital expenditure (CAPEX) and the operational expenditure (OPEX) of the networks investigated in terms of cost and power consumption respectively. Performance results indicate that the proposed algorithms minimize the number of WSSs required to compensate for the crosstalk effect, while only slightly increasing the spectrum utilization.
Multi-domain elastic optical networks (MD-EONs) help to improve network scalability, extend service coverage, and facilitate good inter-operability to orchestrate administrative domains managed by different carriers. Since the users in other domains can launch cross-domain physical-layer attacks to a domain, this paper studies the problem of attack-aware service provisioning in one domain of an MD-EON. We consider a realistic scenario that does not treat all the inter-domain lightpaths as malicious ones, and try to arrange the lightpaths' routing and spectrum assignment (RSA) schemes with the help of game theory to balance the spectrum utilization and security-level of the domain well. Specifically, we define a two-player Bayesian game to represent the provisioning procedure for each inter-domain request, and design the game strategies and utility functions for the players (i.e., the domain manager and the user from other domains). Then, we formulate a nonlinear programming (NLP) model, solve the game with it to obtain a Bayesian Nash equilibrium (BNE), and determine the best strategies for the players based on the BNE. Finally, with the game model, we propose a game-assisted RSA (Ga-RSA) algorithm to achieve attack-aware service provisioning efficiently. The proposed algorithm is evaluated with extensive simulations and the results confirm its effectiveness. Index Terms—Multi-domain elastic optical networks (MD-EONs), Bayesian game, Physical-layer security, Routing and spectrum assignment (RSA).
The introduction of new services requiring large and dynamic bitrate connectivity can cause changes in the direction of the traffic in metro and even core network segments throughout the day. This leads to large overprovisioning in statically managed virtual network topologies (VNTs), which are designed to cope with the traffic forecast. To reduce expenses while ensuring the required grade of service, in this paper we propose a VNT reconfiguration approach based on data analytics for traffic prediction (VENTURE). It regularly reconfigures the VNT based on the predicted traffic, thus adapting the topology to both the current and the predicted traffic volume and direction. A machine learning algorithm based on an artificial neural network is used to provide robust and adaptive traffic models. The reconfiguration problem that takes as its input the traffic prediction is modeled mathematically, and a heuristic is proposed to solve it in practical times. To support VENTURE, we propose an architecture that allows collecting and storing data from monitoring at the routers and that is used to train predictive models for every origin-destination pair. Exhaustive simulation results of the algorithm, together with the experimental assessment of the proposed architecture, are finally presented.