Security-aware Planning of Packet-over-Optical Networks in Consideration of OTN Encryption

The fast development of cloud computing and Big Data applications has promoted virtualization technologies such as network function virtualization (NFV), which in turn dramatically increased the amount of sensitive data being transmitted over the optical networks for datacenter interconnections (DCIs). To ensure the physical-layer security in DCIs, people have developed optical transport network (OTN) encryption technologies, i.e., leveraging high-speed encryption cards (ECs) to encrypt OTN payload frames. Although experimental studies have confirmed the benefits of ECs in terms of line-speed processing, low latency, and small encryption overhead, the problem of how to utilize them to build a secure packet-over-optical network with high cost-effectiveness has not been explored yet. In this paper, we study how to realize cost-effective and security-aware multilayer planning in a packet-over-optical network that covers both trusted and untrusted zones, in consideration of OTN encryption. We first formulate an integer linear programming (ILP) model to minimize the total capital expenditure (CAPEX) of the multilayer planning, which includes the costs of OTN linecards (LCs), ECs, and bandwidth resources, and solve the optimization exactly. Then, we prove the $\mathcal {NP}$ -hardness of the multilayer planning, and to reduce the time complexity, we propose a column generation (CG) model and design a more time-efficient approximation algorithm based on it. Our simulation results confirm the performance and advantages of our CG-based proposal, i.e., it is much more time-efficient than solving the ILP directly, and outperform the existing heuristic in terms of total CAPEX and costs of used LCs and ECs.