Abstract: Systems and methods for mitigating network attacks include, responsive to detection of malicious traffic in a network, causing creation of an isolated network slice in the network where the isolated network slice is a set of connection resources that are allocated to a flow of traffic and that spans a plurality of network devices in the network; and causing rerouting of the malicious traffic from a source node of the malicious traffic to a deceptive network resource along the isolated network slice.

Abstract: Systems and methods for mitigating network attacks include, responsive to detection of malicious traffic in a network, causing creation of an isolated network slice in the network where the isolated network slice is a set of connection resources that are allocated to a flow of traffic and that spans a plurality of network devices in the network; and causing rerouting of the malicious traffic from a source node of the malicious traffic to a deceptive network resource along the isolated network slice.

Abstract: A method for mitigating network attacks includes receiving traffic status information from sentries distributed in a network, and analyzing the traffic status information to detect an attack on the network. In response to the attack, an isolated network slice is created. For the isolated network slice, a deceptive network resource is created in isolated network slice. The method further includes transmitting instructions to route malicious traffic to the deceptive network resource.

Abstract: A method for mitigating network attacks includes receiving traffic status information from sentries distributed in a network, and analyzing the traffic status information to detect an attack on the network. In response to the attack, an isolated network slice is created. For the isolated network slice, a deceptive network resource is created in isolated network slice. The method further includes transmitting instructions to route malicious traffic to the deceptive network resource.

Abstract: The present disclosure provides distributed domain network planning systems and methods. The network planning systems and methods include a distributed domain network planning system that adapts planning concepts to networks operated by modern distributed control planes, such as ASON/ASTN, GMPLS, etc. The network planning systems and methods operate on a multi-domain network utilizing a control plane and local planning systems associated with each individual domain in the multi-domain network. The network planning systems and methods also operate on a single domain network utilizing a control plane and local planning systems associated with the single domain network. The network planning systems and methods build on a distributed control plane philosophy that the network is the database of record. There is significant operational value to distributing the planning function of a large network using the systems and methods disclosed herein.

Abstract: The present invention provides a directionless optical architecture for reconfigurable optical add/drop multiplexers (ROADMs) and wavelength selective switches (WSSs). The directionless architecture utilizes a directionless wavelength switch coupled between client devices and ROADMs/WSSs to eliminate the need to hard-wire client devices to a wavelength division multiplexed (WDM) network. Accordingly, client device connections can be automatically routed without manual intervention to provide a highly resilient network design which can recover route diversity during failure scenarios. Additionally, the present invention minimizes deployments of costly optical transceivers while providing superior resiliency. Further, the present invention couples the directionless optical architecture and associated optical protection mechanisms with existing mesh restoration schemes to provide additional resiliency.

Abstract: The present invention provides a directionless reconfigurable optical add/drop multiplexer (ROADM) system. The present invention provides a scalable all-optical switching element that includes a combination of 1×N wavelength selective switches (WSS), 1×N splitters/combiners, optical amplifiers, and tunable filters to provide a fully non-blocking solution which can be deployed in a scalable manner. The 1×N splitters are configured to split multiples copies of a plurality of drop wavelengths which can be amplified and sent to a tunable filter which selects out a particular wavelength for drop. The 1×N combiners are configured to combine multiple add wavelengths for egress transmission.

Abstract: The present disclosure provides hybrid packet-optical private network systems and methods for a private and dedicated multi-point Ethernet Private Local Area Network (EPLAN). The network systems and methods include a Layer 1 infrastructure service with the inclusion of reserved, dedicated packet switch capacity upon which clients can build their personal, private packet networks. In the systems and methods described herein, packet networking methods are not used to partition the isolated LAN connectivity. Instead, dedicated Ethernet Private LANs (EPLs) are defined between dedicated virtual switching instances (VSIs) that are defined, as necessary, within larger packet-optical switches. Each VSI is partitioned from the remainder of its packet switch fabric as a dedicated, private resource for a specific EPLAN. A packet network is then built by the customer on top of the private EPLAN bandwidth and operated as an isolated, private network with no influence by other carrier's network resources.

Abstract: The present disclosure relates a network, a network element, a system, and a method providing an efficient allocation of protection capacity for network connections and/or services. These may be for services within a given Virtual Private Network (VPN) or Virtual Machine (VM) instance flow. Network ingress/egress ports are designed to be VM instance aware while transit ports may or may not be depending on network element capability or configuration. A centralized policy management and a distributed control plane are used to discover and allocate resources to and among the VPNs or VM instances. Algorithms for efficient allocation and release of protection capacity may be coordinated between the centralized policy management and the distributed control plane. Additional coupling of attributes such as latency may provide more sophisticated path selection algorithms including efficient sharing of protection capacity.

Abstract: The present disclosure provides hybrid packet-optical private network systems and methods for a private and dedicated multi-point Ethernet Private Local Area Network (EPLAN). The network systems and methods include a Layer 1 infrastructure service with the inclusion of reserved, dedicated packet switch capacity upon which clients can build their personal, private packet networks. In the systems and methods described herein, packet networking methods are not used to partition the isolated LAN connectivity. Instead, dedicated Ethernet Private LANs (EPLs) are defined between dedicated virtual switching instances (VSIs) that are defined, as necessary, within larger packet-optical switches. Each VSI is partitioned from the remainder of its packet switch fabric as a dedicated, private resource for a specific EPLAN. A packet network is then built by the customer on top of the private EPLAN bandwidth and operated as an isolated, private network with no influence by other carrier's network resources.

Abstract: The present disclosure provides distributed domain network planning systems and methods. The network planning systems and methods include a distributed domain network planning system that adapts planning concepts to networks operated by modern distributed control planes, such as ASON/ASTN, GMPLS, etc. The network planning systems and methods operate on a multi-domain network utilizing a control plane and local planning systems associated with each individual domain in the multi-domain network. The network planning systems and methods also operate on a single domain network utilizing a control plane and local planning systems associated with the single domain network. The network planning systems and methods build on a distributed control plane philosophy that the network is the database of record. There is significant operational value to distributing the planning function of a large network using the systems and methods disclosed herein.

Abstract: The present disclosure relates a network, a network element, a system, and a method providing an efficient allocation of protection capacity for network connections and/or services. These may be for services within a given Virtual Private Network (VPN) or Virtual Machine (VM) instance flow. Network ingress/egress ports are designed to be VM instance aware while transit ports may or may not be depending on network element capability or configuration. A centralized policy management and a distributed control plane are used to discover and allocate resources to and among the VPNs or VM instances. Algorithms for efficient allocation and release of protection capacity may be coordinated between the centralized policy management and the distributed control plane. Additional coupling of attributes such as latency may provide more sophisticated path selection algorithms including efficient sharing of protection capacity.

Abstract: The present invention provides a directionless reconfigurable optical add/drop multiplexer (ROADM) system. The present invention provides a scalable all-optical switching element that includes a combination of 1×N wavelength selective switches (WSS), 1×N splitters/combiners, optical amplifiers, and tunable filters to provide a fully non-blocking solution which can be deployed in a scalable manner. The 1×N splitters are configured to split multiples copies of a plurality of drop wavelengths which can be amplified and sent to a tunable filter which selects out a particular wavelength for drop. The 1×N combiners are configured to combine multiple add wavelengths for egress transmission.

Abstract: The present invention provides a directionless optical architecture for reconfigurable optical add/drop multiplexers (ROADMs) and wavelength selective switches (WSSs). The directionless architecture utilizes a directionless wavelength switch coupled between client devices and ROADMs/WSSs to eliminate the need to hard-wire client devices to a wavelength division multiplexed (WDM) network. Accordingly, client device connections can be automatically routed without manual intervention to provide a highly resilient network design which can recover route diversity during failure scenarios. Additionally, the present invention minimizes deployments of costly optical transceivers while providing superior resiliency. Further, the present invention couples the directionless optical architecture and associated optical protection mechanisms with existing mesh restoration schemes to provide additional resiliency.

Abstract: A method and system for providing tandem protection in a communication system. Path protection is provided using at least two redundant communication paths and selecting the communication path having a higher signal quality. Interface protection is provided through a protection transceiver. The interface protection may be delayed while the path protection attempts to restore communication.

Abstract: A method and system for providing tandem protection in a communication system. Path protection is provided using at least two redundant communication paths and selecting the communication path having a higher signal quality. Interface protection is provided through a protection transceiver. The interface protection may be delayed while the path protection attempts to restore communication.