Activation process details in captured data in real GPON networks.
This chapter discusses the extensibility of fiber to the x (FTTx) households, specifically in the territory of the European Union. The Czech Republic has made a commitment to other member states to provide connectivity of at least 100 Mbit/s for half of the households by 2020. Although Internet access in the Czech Republic is mostly dominated by wireless fidelity (WiFi), this technology is not capable of meeting the demanding current demands at a reasonable price. As a result, passive optical networks are on the rise in access networks and in mobile cell networks by fiber to the antenna (FTTA). Passive optical networks use much more complex networks. In cooperation with Orange Slovakia, the analysis of the transmitted data was conducted. The optical network unit management and control interface (OMCI) channel data, as well as the activation data associated with specific end units, were analyzed. We propose a complete analysis of the end-unit-related activation process, download, and initialization of the data image for setting the end units and voice over Internet protocol (VoIP) parameters. Finally, we performed an analysis of the transmission of dying gasp messages.
- dying gasp
- OMCI channel analysis
- ONU activation process analysis
- PON deployment
- transmission convergence layer
The optical infrastructure is essential for current applications that demand a high bandwidth [1, 2, 3]. The International Telecommunication Union (ITU) has been developing standards for passive optical networks (PONs) for over 20 years [4, 5]. The second most active organization in this area is the Institute of Electrical and Electronics Engineers (IEEE) [6, 7].
Passive optical networks are currently expanding, as the European Union (EU) has allocated budget to extend the coverage of these networks . Today, the access network is not only about transferring data streams from/to the Internet. The popularity of Amazon TV, Netflix, and so on puts increased demands on bandwidth. Current transmission speeds are not sufficient, and a bandwidth of at least 100 Mbit/s in every household is still under consideration. In the Czech Republic, the utilization of gigabit PON (GPON) standard still dominates. However, such standard was in its first version approved back in 2003 . This standard makes it possible to achieve a bandwidth of up to 2.5 Gbit/s in full duplex mode, but the disadvantage is that the bandwidth is fully shared by all end users (in theory, up to 128 customers per port). The available bandwidth can be operatively changed in time and according to the requirements using dynamic bandwidth allocation (DBA) algorithms [10, 11, 12, 13]. The decreasing cost of the necessary devices allows GPON optical line termination (OLT) to be used more often for service providers; on the other hand, the standard in use may not be sufficient for the future. The cost of the next-generation PON (XG-PON) terminal units is still quite high, regardless of the OLT unit price. The price of the technology itself is determined by the price of the optical network unit (ONU) terminal units. The advantage of deploying next-generation networks would be the ability to a share the transfer rate of up to 10 Gbit/s. Together with appropriate DBA algorithms, the full bandwidth utilization or its adequate distribution between endpoints would be efficiently used. GPON networks theoretically allow us to transfer data up to 19 Mbit/s for each ONU (considered for the maximum transfer rate and a split ratio of 1:128). XG-PON networks are limited by higher split ratios but have higher transfer rates available. Theoretically, 39 Mbit/s can be achieved for each ONU. In other words, the transfer rates are the maximum possible in both GPON and XG-PON networks. Usually, the guaranteed transfer rates are several times lower according to the use of a transmission container (T-CONT) .
2. Current state of the access networks in the Czech Republic
The Czech Republic has committed itself within the European Union to ensuring a transmission rate of at least 30 Mbit/s toward users by 2018 . In 2020, the next milestone is going to be to increase the downlink speed up to 100 Mbit/s for approximately half of all households . Both variables account for asymmetric transmission rates (usually higher transmission rates in the downstream direction). Based on , this “scarcity” should be eliminated by 2030. At that time, only a symmetric variant of Internet access will be considered.
Current technologies such as asymmetric digital subscriber line (ADSL) are no longer able to meet the previously mentioned bandwidth requirements. The plans of the Czech Republic include a GPON or a variant of an active optical network. As presented in , the formal definition for next-generation networks can be defined as follows: next-generation networks (NGNs) are networks based on data packet transfer technologies capable of providing electronic communications services, allowing for the use of various high technologies that are able to manage and control the quality of the provided services, and whose functions related to these services are independent of basic transmission technologies. The network provides subscribers with unlimited access to various providers of publicly available electronic communications services and consistently supports the provision of services to subscribers at any point in the network. Additionally, next-generation networks can be split into backbone and access networks. This work, however, deals exclusively with access networks.
On the other hand, the Czech Republic is not entirely prepared to satisfy the high demands on the connection speed in all locations. Based on , the dominant transmission rates were mostly up to 10 Mbit/s. No significant growth of higher transmission rates has been recorded.
In 2016, the Czech Telecommunication Office published an annual report summarizing current technologies for Internet access. The associated graph can be seen in Figure 1. Figure 1 clearly shows that the dominant technology in this area is wireless fidelity (WiFi) (26.8%), i.e., wireless transmission of information. The annual report does not include the frequencies used; however, the basic frequencies in the license-free band (2.5/5 GHz) can be assumed. The second technology with the highest penetration is represented by mobile networks (23.2%). The third technology combines all types of xDSL technologies. This area is dominated by Telefonica O2 Czech Republic, a.s., with a penetration of 20.6%. Other xDSL technologies only reach 3.5%. According to , fiber to the x (FTTx) connections at the same value of penetration (11.9%) as cable operator UPC Czech Republic, s.r.o., currently offers the fastest connection speed of 500/30 Mbit/s (depending on the location). Conversely, FTTx connections depend only on the selected standard as with the fiber to the home (FTTH) variant. FTTx connections can support transmission rates up to 10/10 Gbit/s (depending on the number of end units connected to the OLT control unit).
The properties of the next-generation access networks can be summarized as follows :
providing high transmission rates for subscribers and providing reliable services through optical networks or other comparable technologies,
supporting a variety of advanced digital and converged services based on Internet protocol (IP),
providing significantly higher transmission rates in the downstream direction, i.e., toward the user.
3. Household penetration
The current state of fiber to the building (FTTB) or FTTH connections is generally problematic to analyze. These data are usually not freely available, and the cost of these documents is high (on the order of thousands of dollars). A company named IDATE has published its market research for the FTTH Council Europe conference . The outcome of the analysis for Europe clearly shows that Latvia has the best FTTB/H (households) connection (see Figure 2). Their household penetration is approximately 50.6% (25.3% are FTTH connections). Another dominant country is Sweden, with a total penetration of 43.3% (only 8.5% are FTTH connections). The total penetration for the Czech Republic is very low compared to other countries, with a total penetration of 3.7% (only 2% are FTTH connections). Compared to the neighboring state, Slovakia has an overall penetration of 17.7% (7% are FTTH connections, and the remaining 10.7% are FTTB connections). This is mainly because in Slovakia, there is a very strong operator, Orange SK. Orange SK may test the use of new technologies in this relatively small market, and if this technology stands, it can be deployed, for example, in Orange home (formally France Telecom) in France.
Another objective of the current FTTB/H connection analysis is to focus on the global market (see Figure 3). Globally, the United Arab Emirates (UAE) has a total penetration of 94.3%. This penetration is completely composed of FTTH connections. Strong competitors for the UAE are Qatar and Singapore. Qatar has a penetration of 81% for FTTH connections and of 9.4% for FTTB connections. Singapore has a similar total penetration, but in a different ratio, 68% for FTTH connections and 22.3% for FTTB connections. FTTH-only countries are Mauritius, New Zealand, Spain, Vietnam, Portugal, Slovenia, Jamaica, Saudi Arabia, Australia, Macedonia, Switzerland, Oman, Kuwait, Chile, Ecuador, Colombia and Angola. The total penetration of the last 4 states does not exceed 5% .
The total penetration is strongly dependent on the number of individual connections. IDATE focused on the analysis of the global market and the comparison of the state of connections in buildings in four stages, December 2014, September 2015, September 2016, and September 2017 (see Figure 4). The largest increase in connections was in Poland, with a total difference of 46%. Italy was the second country with the largest increase in connections (35%), followed by Great Britain and France (31%), Spain (24%), and Portugal (22%). Unfortunately, the Czech Republic was not included in this analysis because the number of connections is not as significant. In other words, the trend of building connections is greater in Belarus, Norway, Lithuania, and Hungary.
A detailed view of the number of FTTB/H customers can be seen in report . The report shows that at the end of 2010, the total number of customers was balanced across the EU28 and the commonwealth of independent states (CIS). From a wider perspective, the EU39 reached approximately 8 million customers. However, this difference must be attributed, in particular, to 11 other countries that are counted in the EU39. The aligned trend between the EU28 and the CIS was maintained until 2015. Later, the number of customers increased in the EU28, and the previous dominance of the CIS was diminished. In September 2017, the total number of customers was approximately 25 million, while for the CIS “only,” it was 20.5 million. Most places for customers are connected to the provider’s network, but there have also been new locations for housing, new towns, and satellite residences created. During the preparation of the work, developers are working hard to build a data infrastructure and negotiations are taking place between Internet services providers (ISPs) and developers. EXFO defines these connections as home passed: premises to which an operator has the capability to connect in a service area, but the premises may or may not be connected to the network .
4. Access networks and 5G networks
The primary determination of all technologies for xPON is evident from their name, a passive optical (access) network. This trend continues from the original asynchronous transfer mode PON (APON), broadband PON (BPON), GPON, XG-PON, and the latest approved next-generation PON stage 2 (NG-PON2) recommendations. The latest recommendation has become the pioneer of extending the passive optical network to mobile customers as well. However, residential customers with a fixed connection (flat or house) still remain the priority. With the onset of 5G technology in mobile communications, it will be necessary to reduce the area of cells to ensure coverage of the entire territory by radio signals. This is mainly due to the increasing permeability and diminishing cell size, so it is necessary to build more cells that cover the same area. It is possible to divide the area according to its antenna density into low density (<20 small cells/km2), medium density (<75 small cells/km2), dense (<200 small cell/km2), and ultrahigh density (>200 small cells/km2). Current long-term evolution (LTE) technology has been providing broadband data services; however, these technologies seem to be inadequate for certain services (virtual reality or generally the most sensitive services for low latency, such as access to data networks of the Internet of things devices). Current customer needs may include gigabit transmissions per second, smart home/buildings, self-driving car, working and playing in the cloud, and 3D or UHD video. Minimal latency requirements will be determined mainly based on data transmission within the national network (10–200 km). The transmission delay in the current networks ranges from 5 to 41 ms, and the delay for the access part of the network (1–10 km) is approx. 7–12 ms. Another key factor that affects the delay is the time it takes to process incoming requests from a data center (approximately 8 ms). The round-trip time (RTT) of current networks is approximately 106 + 8 ms. 5G networks aim to limit this value to 14 + 8 ms. The major merit of RTT depreciation will be to move cloud services closer to the user. Then, the RTT will be reduced to 14 ms, which will primarily generate a delay (7 ms) on the access technology. However, the question remains how the operators will move the data centers closer to the customer, since until now, a distance of 200 km a data center from the customer has been enough. Such a distance is not sufficient for 5G networks.
Among the available technologies covering the 5G signal area, there are technologies for access networks: G.fast, data over cable service interface specification (DOCSIS) and NG-PON2. G.fast technology offers symmetric transmission speeds of up to 500 Mb/s over a short distance (up to 100 m). This speed can be increased to 10 Gb/s, but the overall system reach will be shortened. In theory, G.fast can only be deployed in special cases, such as brownfield scenarios, to ensure connectivity of very small cells in buildings. The basic prerequisite is the combination of functions within the baseband unit (BBU) and remote radio unit (RRU). DOCSIS 3.1 offers bandwidth of 10/1–2 Gb/s share per coaxial segment (192 MHz orthogonal frequency-division multiplexing (OFDM) channels). Full-duplex communication (current downstream and upstream) can take up to 10 Gb/s per coaxial segment. However, neither of these methods is capable of fully serving the 5G network because the available bandwidth is shared and the common public radio interface (CPRI) does not support the lowest possible latency for transmission.
The basic idea behind the NG-PON2 network is to provide all end stations with sufficient bandwidth. The station shares the total bandwidth that the associated OLT unit is able to handle properly. NG-PON2 network parameters such as distribution ratios, power levels, transfer rates, etc. are described in [22, 23, 24, 25]. In 5G network areas, there is ultradense deployment of basic radio stations required, and their radiations are constrained to prevent intra- and inter-cell interference. In general, the reach of NG-PON2 (up to 20 km from the OLT) is sufficient for covering an acceptable number of end users and for effective usage of its coverage (the division of covered territory into several smaller sectors/cells). The use of access technologies for data transfers or generally for triple play has already been noted out by ITU in . Figure 5 defines a possible scheme of the NG-PON2 network for its connection to the 5G network. The connection can be realized by dedicated wavelengths (λ). By using a coexistence element (CE), such a coexistence scheme for older PON standards under the ITU recommendations can be established. Regarding the aforementioned dedicated wavelengths, up to 4λ with a 10 Gbit/s transfer rate is considered. One disadvantage of this radio tower connection method is the custom lock method that is publicly available but is much more complex than in the case of the IEEE network. As a result, it will be necessary to use the conversion station to transmit the signal from the radio station toward the end customers.
5. GPON frame structure and activation process analysis
At present, GPON is one of the most promising solutions for modern access networks. Among other useful and important features, it provides us with triple play services on a single optical fiber, good scalability, DBA, simple topology management, etc. In comparison with the previous standards that only supported transmission over asynchronous transfer mode (ATM), GPON is the first standard that supports transmission over both ATM and ethernet technologies. In the ethernet mode, the ethernet frames are encapsulated using GPON encapsulation mode (GEM) and transferred inside GEM frames. As a result, some ethernet structures, such as interpacket gap, preamble, or start of frame delimiter, are not available. For more information, see Figure 6.
The basic GPON topology comprises the following three components: OLT, ONU, and optical distribution network (ODN). Typically, there is/are a single/more OLT/s in the network (depending on the preferences of the associated Internet service provider) performing encapsulation and de-encapsulation of downstream and upstream network traffic, respectively, for multiple end users (up to 128 end users per port). The ONU is located at the end user’s premises and converts the signals from the optical to the electrical domain. Finally, an ODN is composed of the elements placed between OLTs and ONUs such as optical fibers, splitters, and connectors.
The risk of passive interception of communications results directly from the nature of PON communication. Downstream communication can be secured; however, the major disadvantage is that security is only optional. A potential attacker could, therefore, modify the firmware of an ONU and eavesdrop on all the communication in the downstream direction [26, 27]. The traffic in this direction can also be captured using optical radiation detectors, not necessarily an ONU detector, so encryption of data in the downstream direction had to be introduced . However, the subsequent processing of the captured signal is an essential next step. The situation where the modified end unit receives all frames, including those not directly assigned to it, can be seen in Figure 7.
The previously mentioned passive interception could also occur in the upstream direction because no security is used for the upstream communication. This type of interception is complicated; however, it is feasible. The recommendations for use do not define any security for this direction of communication. The reason for this is based on the fact that it is not possible to capture the communication of other end users in the upstream direction via the ONU, so communication is not necessary to be encrypted. To eavesdrop on the communications in this direction, a potential attacker would have to disrupt the PON optical line. This situation would, however, affect the transmission properties of the network in question, which should be captured by the service provider’s surveillance center. This way of interception is therefore very unlikely .
The abovementioned reason resulted in the fact that no security standard has been provided for any of the individual PON standards. In the event of encryption of the downstream transmission, e.g., using advanced encryption standard (AES) or other secret key-based technology, these keys would have to be sent in an unsecured form—plain text in the upstream direction. It was based on the assumption that upstream communication was safe; therefore, it was not necessary to provide any additional security .
The research described in  focused specifically on the possibilities of interception of the communication in the upstream direction. The authors tested whether it was possible to intercept the communication through the back reflections of the optical signal. These reflections could be caused by a variety of commonly used optical components, such as passive optical hubs and/or connectors. Moreover, the optical positive-intrinsic-negative (PIN) detectors and avalanche photodiode (APD), as well as the preamplifiers, also had an effect on capturing the communications in the upstream direction. Testing was carried out at various ODN configurations, mainly aimed at testing the back reflection of the optical signal. The success of the potential attacker depended primarily on the type of connector used and the photodetector. A polished connector (PC) was considered inappropriate in terms of network security. The angled polish connector (APC) reduced signal reflections by virtual vertical grinding. Using an APD connector, however, increased the probability of a successful interception of the communicating ONU. Nevertheless, the capability of eavesdropping in the upstream direction was not dependent on the particular bit rate; it depended mostly on the power level of the retroreflection and the type of connector in use .
The following demonstrates how to intercept communication in both directions with a specialized tool in hand. Real-time network analysis of the transmitted data (ONU management and control interface (OMCI) channel and GEM data units for end units) was performed. For the purpose of the demonstration, the GPONxpert tool was used. This tool has been developed specifically for passive optical networks. The tool allows for the real-time analysis of ONU-ID, performance levels, and Alloc-ID. However, a detailed analysis of the transmitted data is still necessary to be implemented in the form of postprocessing. Although the manufacturer, TraceSpan, also has other modifications to this device, for our purposes, the most popular measuring device was used. The lite versions contained support for ONU-ID analysis. The real-time analysis of levels, Alloc-IDs, and other parameters was stored using field programmable gate array (FPGA) and sent to the device manufacturer for the postprocessing. The manufacturer then sent the report from the measurement back to the customer.
This work is focused on the analysis of downstream and upstream transmission in GPON standard topology. At the start of the measurement, all ONUs search for their associated network parameters (e.g., serial number, ONU-ID, etc.) that are stored inside the previously mentioned GEM frames. Since the distance between the ONUs and the OLT are different, it was also necessary to use an equalization delay parameter that is assigned by the OLT during the activation process. For more information, see [31, 32]. Consequently, all ONUs wait for a random period prior to starting data transmission. In the frame of this work, data are broadcasted in the downstream direction. In the upstream direction, time slots assigned by the OLT are used instead. Moreover, in this work, we did not use the DBA algorithm. Consequently, all ONUs are expected to transfer data in time slots with prespecified start and stop times.
To summarize, on the one hand, this work is interested in the analysis of user data and the activation process. However, on the other hand, the description of the activation process is omitted, as has already been described in our previous work . Since the user plane and control plane data are transferred using GEM frames, it is not possible to use a common packet analyzer such as Wireshark. For this purpose, we used a GPONxpert analyzer in a standalone mode in which all data are transferred and saved to a hard drive. Therefore, to perform a deeper inspection or analysis, all the data must to be postprocessed. In general, the control plane data can be divided into signaling, OMCI. First, we focused on the signaling data analysis. When the connection is established, messages such as Assign ONU-ID, Configure Port-ID, Assign Alloc-ID, Encrypted Port-ID, Encryption_key, key_request_message, and Key_switching_time are transmitted three times. This, as well as a complete GPON signalization, can be seen in Figure 8.
It can be seen that a physical layer operations, administrations and maintenance (PLOAM) message, specifically the “Serial number ONU,” are transferred from the ONU to the OLT. This message holds information such as the vendor serial number, a list of supported data profiles, and the value of random delay of 82 μs . The OLT uses these messages to extract the serial number and allocate the associated ONU-ID. Moreover, to minimize the impact of unequal distances among the ONUs and the OLT, it uses unique random delays for each of the ONUs that are based on the time between two successive “Serial number ONU” messages. As soon as the OLT receives the ONU-ID, it sends the PLOAM message: “Assign ONU-ID.” At this point, even though the OLT is aware of the assigned ONU-ID, it is not able to use unicast addressing because the ONU itself still cannot recognize the ONU-ID as its own, and therefore, broadcast addressing needs to be used (the ONU serial number is taken as the identifier) . This means that every ONU receives this message; however, based on the comparison of the incoming and internal serial numbers, only the targeted ONU processes the message. In Table 1, it can also be seen that ZTE company is the final unit manufacturer. Based on hard-defined bytes in the MAC address, the manufacturer can be checked directly using its unique label: “0xC03B4EB4.” GPON networks supported the transfer of ATM cells; however, in the last review in 2014, this support completely disappeared as these networks did not find their real application. For this reason, “ATM support Disable” can also be observed in the captured data. On the other hand, GEM support is necessary for any GPON data transfer: “GON support Enable.” The captured data also have a description of the signal’s power level, however, only with the following levels: low/medium/high power.
After the OLT sends the “Assign ONU-ID” message, it consequently sends the “Ranging request” message using the specific ONU-ID. Consequently, the ONU is capable of using a single grant to transmit data. The OLT unit’s response to the “Serial Number ONU” message is a PLOAM message, “Assign ONU-ID.” This message already carries a unique identifier for the designated end unit. From the nature of PON technology, it is clear that each end unit receives all messages. Using the unique ONU-ID, also called a serial number (if ONU-ID is not assigned), ONUs decide which messages to process. In this case, the assignment of ONU-ID = 1, i.e., the first end unit has already been replied to. The serial number of the unit equals “0x5A544547C03B4EB4”, the Psync field is fixed and does not change throughout the communication. This fact is evidenced by the other messages listed in Table 1. “Ident Superframe Counter: 499314877” specifies the order of the transmitted frame/s. The ONU endpoint activation process in the GPON network is based on the sending of specific messages three times in a row. The second copy of the message is left for the demonstration of the Superframe counter being incremented by 1. After that, the ONU responds with the “Serial number ONU” message using the maximum priority T-CONT class (i.e., urgent data). The OLT computes a new value for the equalization delay using the “Ranging Time” message sent by the ONU. In the initial ONU report, the unit generates a random delay of 82 μs. The control unit must virtually ensure the same distance for all ONU end units. Each unit is located at a different distance, different customer stores, and/or residential units or streets. Supporting up to 20 km in the distribution part allows for the entire housing estate to be connected. The OLT sends a “Ranging request” message to specify a unique ranging time for each ONU. For this particular message, ONUs are required to respond immediately with their ONU-IDs and serial numbers. The OLT unit repeats the “Ranging request” message three times in total. It is important to note the second response, where the ONU specifies the mandatory parameters such as ONU-ID, the serial number (now omitted), and adds information about the Urgent PLOAM waiting and Traffic waiting in type 2 T-CONTs. The individual T-CONTs represent the distribution of traffic according to their classification by importance. T-CONT 1 responds to urgent data, i.e., data with the highest priority (e.g., voice over Internet protocol—VoIP) and fixed bandwidth. TCONT2 + 3 transfer Internet protocol television (IPTV) data with guaranteed bandwidth, T-CONT 4 is commonly used for best-effort data, and the last T-CONT5 is a mixed type including all types of bandwidth and services. Based on the received OLT responses, the OLT unit evaluates the assigned delay for the given ONU and sends the delay value to the “Ranging time” message. GPON networks support so-called backup paths and link recovery systems when an alternative route is available. The message contains two fields: “Path EqD Descriptor: Main Path EqD” identifying the primary path and the backup path (the backup path was not available at the time of testing; therefore, it is not included in the message). The delay value specifies the delay for the end unit in “Delay: 265409,” but this value does not match the value in μs. These steps set the basic communication parameters, the assigned ONU-ID, and the equalization delay. During the measurement, secure communication was enabled. The definition of reached states in which communication security can be performed and the prerequisites for negotiating the key are given in [33, 34, 35]. The entire process is started with the PLOAM message, “request password” containing “Ident Superframe Counter: 499318309.” This message requires the end unit to respond with the same message with a password three times in a row. The captured data contain two fields: “Password (Hex): 0x47433033423445423400” and “Password (ASCII): GC03B4EB4.” Next, the “Request Key” message is sent, the content of the message is not fully defined in this case; it is necessary to respond to this message with the Encryption Key message. The “Encryption Key” message consists of “Key Index: 0,” “Fragment Index: 0” and “Key Bytes: 0x681A055363E86213.” The sequence of these messages is followed and sent three times in a row. In our case, a single message is not enough to deliver the key, so another three messages are used to deliver the remaining part of it. This fact is illustrated by the following: “Fragment Index entry: 1,” and “Key Bytes: 0x62677982F890BA9C.” The next “Key Switching Time” message should define the start time when a new key is used that was not reached because the tool did not detect these fields. It only detected “Superframe Counter field: 499321133.” The start time field contents must confirm the end unit using the “Acknowledge” message. The “Acknowledge” message contains the “Downstream Message Id: Key switching Time” field, confirming the previous message. Next, the OLT sends the “Configure Port-ID” message to the ONU specified by the ONU-ID. In the context of data transmission, the ONU-ID is used for the data flow allocation in a GEM frame. The ONU had to send the acknowledgement (ACK) messages three times (one for each of the received messages). As visualized in Table 1, the downstream message identification (DM_ID) contains a “Configure Port-ID” field that holds the confirmed message’s name, and an ONU ID equaling the ONU-ID of the end unit (in our case 1). Subsequently, the OLT checks whether the Port-ID is encrypted. If it is not (i.e., the ONU remains in the registration process), the ONU sends the ACK message as a response to each correctly received message. Next, the OLT sends a “BER” (Bit Error Rate) message to specify an accumulation interval for each of the ONUs (number of downstream frames per ONU) that is used to count the number of downstream bit errors . At this point, the ONU knows the Port-ID. However, to establish bidirectional data communication, the Alloc-ID is required to identify a traffic-bearing entity (e.g., T-CONT), which represents the recipient of the upstream data allocated during the BWmap procedure . It is important to note that each ONU requires at least a single Alloc-ID that is equal to the ONU-ID and that is not transmitted by the OLT in the “Assign Alloc-ID” message. In this work, the following Alloc-ID was provided by the OLT: 1. The end unit must always contain at least one ONU-ID identifier, but it may contain several Alloc-IDs. Often, the initial Alloc-ID corresponds to the assigned ONU-ID, which also occurred in this case. The ONU acknowledges each of the PLOAM messages. After that, the encryption of the Port-IDs is rechecked. Nevertheless, it should be mentioned that data encryption is optional, and in reality, many ISPs do not use Port-ID encryption.
5.1 OMCI channel analysis
After the signaling phase is over, the operation, administration and maintenance (OAM) can be transferred using the OMCI channel. In our work, the OMCI procedures begin when the OLT sends a “Get/Set request” message to the ONU. When the ONU receives such a message, it responds with its own “Get/Set” message. In this work, we used a single ONU, see Table 2. At this point, the crucial phase of the OMCI analysis is the software image entity type inspection, as the ONU is to be authorized by its own serial number against the database of the OLT (depending on the particular ISP implementation). In the case that the OLT does not have the record of the ONU in the database, the ONU is not allowed to download the software image along with the configuration. On the other hand, if the record is present, the ONU downloads the data. It is important to stress that because the ISPs may offer different transmission speeds, functions, etc., to customers, each customer should have his or her own distinct software image. The software image message responds to the image data transfer used to set the parameters. The message parameters are reported as “inactive” as they are in the initial phase of the file download. The next analyzed message informs about the software image being valid and active. As soon as the ONU has the software image, it is capable of transferring the customer service support data as well as the metadata. To support VoIP telephony, which is a QoS-demanding service, the ONU downloads an additional configuration containing information such as the type of codec, constant bit rate allocation, and T-CONT priority. The next step is to set the parameters for VoIP service. This service is a key service used for the highest priority end units. Their setting corresponds to the priority operation, i.e., T-CONT1, in which a fixed bandwidth must be assigned. In the case of most of the service providers, this value is set to 512 kbit/s. This speed must be guaranteed, even though it is considerably higher than the bandwidth of the G.711 codec (64 kbit/s). Successful reception and setting of the VoIP parameters are indicated with the message with ID 381 “Profile version: 00000000.” In addition to the previously mentioned OMCI channel procedures that take place on the side of the ONU, there are also procedures on the side of the OLT: channel synchronization, verification, alarm indication, FEC monitoring, and so on, see Table 2. In summary, by analyzing the OMCI channel data, we performed active monitoring of the alarms of the distribution network. As seen in the “Get all alarms” message (ID: 400), the end-point ONU has reported a message signaling a failure on the Ethernet port.
|ID||ONU-ID||Message type||Message type|
|2||Unassigned ONU ID||Serial number ONU||Vendor ID: ZTEG, Vendor SN: 0xC03B4EB4, Random Delay: 82 μs, ATM Support: Disable, GEM support: Enable, ONU TX power level: high power||PLOAM|
|117||Broadcast message||Assign ONU-ID||ONU ID: 1; serial number: 0x5A544547C03B4EB4; Psync: 0xB6AB31E0; Ident Superframe Counter: 499314877; PLOAM CRC: 142||PLOAM|
|118||Broadcast message||Assign ONU-ID||Ident superframe counter: 499314878||PLOAM|
|120||1||Ranging request||Psync: 0xB6AB31E0; Ident FEC Indicator: 1; Ident Superframe Counter: 499315777||BWmap|
|1||1||Serial number ONU||ONU ID: 1; vendor ID: ZTEG; vendor SN: 0xC03B4EB4; random delay: 0||PLOAM|
|121||1||Ranging request||Psync: 0xB6AB31E0; Ident FEC Indicator: 1; Ident Superframe Counter: 499315777||BWmap|
|2||1||Serial number ONU||Delimiter: 0xAB5983; ONU ID: 1; Urgent PLOAM waiting: 1; Traffic waiting in type 2, 3, 4, 5 T-CONTs: 0||PLOAM|
|122||1||Ranging time||Path EqD descriptor: main path EqD; delay: 265409||BWmap|
|125||1||Request password||Ident Superframe Counter: 499318309||PLOAM|
|1||1||Password||Password (Hex): 0x47433033423445423400; password (ASCII): GC03B4EB4||PLOAM|
|126||1||Request key||Psync: 0xB6AB31E0||PLOAM|
|4||1||Encryption key||Key index: 0; fragment index: 0; key bytes: 0x681A055363E86213||PLOAM|
|7||1||Encryption key||Key index: 0; fragment index: 1; key bytes: 0x62677982F890BA9C||PLOAM|
|127||1||Key switching time||Superframe counter: 499321133||PLOAM|
|10||1||Acknowledge||DM_ID: key switching time||PLOAM|
|130||1||Configure Port-ID||Activate: enable; port-ID: 1||PLOAM|
|13||1||Acknowledge||DM_ID: configure port-ID||PLOAM|
|133||1||Encrypted Port-ID/VPI||Port-ID: 1||PLOAM|
|16||1||Acknowledge||DM_ID: encrypted port-ID/VPI; ONU ID: 1||PLOAM|
|136||1||BER interval||BER interval: 40000||PLOAM|
|19||1||Acknowledge||DM_ID: BER interval||PLOAM|
|142||1||Assign Alloc-ID||Alloc-ID: 1; Alloc-ID: Type GEM payload||PLOAM|
|22||1||Acknowledge||DM_ID: assign Alloc-ID||PLOAM|
|367||Get||TCI priority: 1||ONU|
|368||Get response||TCI priority: 1; result reason: command processed successfully; vendor id: ZTEG||ONU|
|370||Get||TCI priority: 1||Software image|
|371||Get response||Result reason: command processed successfully; version: V3R016C00S917T; is committed: uncommitted; is active: inactive; is valid: valid||Software image|
|373||Get response||Is committed: committed; is active: active; is valid: valid||Software image|
|378||Get||VOIP configuration state||VOIP config data|
|379||Get response||VOIP configuration state inactive: configuration retrieval has not been attempted||VOIP config data|
|381||Get response||Profile version: 00000000||VOIP config data|
|400||Get all alarms||ONU DATA|
|401||Get all alarms response||OMCI alarms received on ME—physical path termination point ETHERNET UNI, instance—257, LAN-LOS No carrier at the Ethernet UNI.||ONU DATA|
In the case of OMCI channel measurement, it would be possible to summarize the transferred software image data, ONU data and the VoIP configuration file, see Figure 9.
A special case of the activation process is the message sequencing that can be seen in Table 3. This part of the activation is not mandatory for end units but is the last deactivation process aimed at the previously allocated parameters, most often the ONU-ID. This occurs when there is an immediate power outage. In the case of charged capacitors, the end unit sends a “Remote Error Indication” message. The message indicates that the ONU encountered an error. In the context of our experiments, this particular message was sent six times in total. When detecting a certain number of errors, most commonly defined by the manufacturer of the control unit, a “Dying Gasp” message follows. This message is dedicated to informing the control unit about an end unit failure, i.e., the loss of communication. The critical parameter of this message is the ONU-ID. After receiving such a message, the control unit sends the PLOAM message, “Deactivate ONU-ID,” that causes this identifier to be released and consequently be reused by another end unit within the activation process. The PLOAM message is sent three times. Other parameters are discarded as internal timers have expired and communication/synchronization has not been restored in the downstream direction.
|1||1||Remote error indication||Sequence number: 3|
|6||1||Remote error indication||Sequence number: 8|
|7||1||Dying gasp||ONU ID: 1|
|9||1||Dying gasp||ONU ID: 1|
|59||1||Deactivate ONU-ID||Ident superframe counter: 498791449|
|60||1||Deactivate ONU-ID||Ident superframe counter: 498791451|
According to its grant policy, the European Union should contribute to building high-speed networks in the member states. This chapter introduced the state of the art in the field of Internet access technologies in the Czech Republic. The Czech Republic, as a member of the European Union, has committed to building high-speed Internet access for at least half of the households by 2020. Current market research has shown that WiFi technology is still dominant in the Czech Republic. The Czech Republic is behind the trend in FTTH/FTTB high-speed fiber optic connections by up to 10 and 5% for FTTB and FTTH, respectively.
The key part of this chapter is dedicated to the analysis of data transmitted in the GPON network. In cooperation with the Internet service provider Orange Slovakia, an active capture of transmitted data on the network was performed. As soon as the activation process of the end unit was completed successfully, data communication in both directions in GPON networks was possible. On the one hand, the sequence of the associated messages was defined by ITU-T Recommendation G.984, but on the other hand, it was only a recommendation and the specific implementation was fully within the manufacturer’s competencies. Even though the end units were supposed to preserve the frame structure and the transmitted messages, as a result of the previously mentioned facts, it was often the case that the different manufacturers’ end units were not compatible among themselves. Within the context of our analysis, TraceSpan’s GPONxpert tool was used to capture network data. This device allowed for active listening of communication and real-time evaluation of its parameters. Detailed data analysis was a necessary form of postprocessing. To present the result of the activation process analysis, a sequence of key messages ensuring the activation of the end unit was displayed. Using these messages, it was possible to read the manufacturer and serial number of the end unit, set parameters such as ONU-ID and Alloc-ID. The OMCI channel provided end user parameters for a defined set of services, most often by downloading a profile image file corresponding to paid services and speeds. According to the reports, it was obvious that the VoIP parameters were also set.
Transmission of “Dying Gasp” messages was a special case of the activation process, or the logout and release of allocated parameters of the associated end units. These messages reflected a power outage of these units. Because the end units had unique UNU-ID/Alloc-ID parameters, the same parameters were used for other end units in the event of a power failure occurring in an already activated unit.
The presented research has been supported by a project of the Ministry of the Interior under grant no. VI20172019072, “E-infrastructure CESNET-modernization,” registration no. CZ.02.1.01/0.0/0.0/16 013/0001797, and the National Sustainability Program under grant no. LO1401. For the research, the infrastructure of the SIX Center was used.
Conflict of interest
The authors declare no conflict of interest.
Tomas Horvath would like to dedicate his part to his girlfriend (Lucie Baierova) and his family (Dagmar, Jan, and Petra). They have supported him during his University study. He also would like to give thanks to Ales Buksa for his support at the University. Ales has taught and inspired him with many things in his personal life.