2020-cioe-2020-ftth

C-Data Attends The CIOE 2020 with Fruitful Result

On September 9, 2020, C-Data took part in the 3-day CIOE 2020 (The 22nd China International Optoelectronic Exposition) held at Shenzhen World Exhibition & Convention Center, China. At the booth 4C28 of the information and communication expo, C-Data presented the advanced communication equipment, including FTTH GPON/EPON OLT& ONU, EDFA, and EOC (Ehternet over Coaxial), to catch the eyes of a large number of participants and gained a lot.

2020-cioe-2020-ftth

With the fading negative impact of the epidemic, CIOE 2020, the 22nd China International Optoelectronic Expo, will continue to showcase the entire optoelectronic ecosystem, including information and communication, laser, infrared technology, photoelectric sensors, and so forth, providing an important communication platform for manufacturers, distributors and service providers to develop their businesses and enter the global market.

At this unique exhibition covering the entire global optoelectronic ecosystem, in addition to 3000 exhibitors, more than 60 concurrent forums, seminars, and network activities during the CIOE 2020 will also be organized to help exhibitors expand the possibility of more business.

The sudden outbreak of the COVID-19 in 2020 deals a direct blow at the foreign trade industry, causing a mounting number of international exhibitions and businesses to be shelved. However, the good news is that with the gradual containing of the epidemic in China, the China International Optoelectronic Expo went smoothly in the second half of 2020.

Considering that there are foreign exhibitors unable to attend the CIOE 2020 due to irresistible factors that the outbreak of the epidemic has blocked the direct contact and communication between people, C-Data broadcasted the details of the exhibition to foreign partners in the form of live broadcast through Internet online platforms such as WhatsApp, Skype, and YouTube, and introduced C-Data’s characteristic communication products.

2020-cioe-2020-report-news

Several star products of C-Data, such as GPON/EPON OLT, ONU, EYDFA, EOC and WIFI Router, were displayed during the exhibition. The ONU is a fiber to the home multi-service access GPON/EPON. ONU based on not only stable and cost-effective EPON technology but also HFC technology, integrated WDM and optical receiver. PON technology is the best technology using passive optical network to deliver Internet service to the home, which is a kind of Point TO Multi-Point technology to dynamic share Gigabit bandwidth in users. Some ONU integrated WiFi access, it has the characteristics of strong penetration and wide coverage to provide users with more convenient and safer data transmission.

2020-cioe-2020-catv-onu

The EYDFA supports selecting 8, 16, and 32 output ports, and the laser can be turned on and off through the laser key. Moreover, designed for large-scale distribution of CATV broadcast or video coverage in the FTTH PON system, it can provide up to 40dBm total optical with multiple ports in a 2U rack. The design of independent pluggable optical module and EMS management integrated with PON system are widely praised by users.

2020-cioe-2020-2u-edfa

As for EOC Master and SLAVE based on Homeplug AV protocol are used for CATV system with Ethernet over coaxial cable technology. The EOC system has a high anti-jamming capability of OFDM technology and construct data network channel in the established cable TV system upgrading the CATV system rapidly to support both TV and data services.

2020-cioe-2020-fttx

At the event, C-Data’s information and communication products attracted the attention of exhibitors in mounting numbers, making the booth always crowded. In addition to the successful offline display, the online display has also received praise from clients. One of our customers who were unable to attend the exhibition due to the epidemic stated that although he could not attend the exhibition this year, he was informed about the exhibition through the online broadcast from C-Data. Admiring C-Data’s expertise in communication network technology and believing that our products met the needs of ISP networking, he was looking forward to establishing a long-term cooperative relationship with C-Data.

Through participating in the CIOE 2020, C-Data received many a request for cooperation and had gained a lot of traffic and exposure on brand and product promotion.

The advent of the 5G era will bring subversive changes in digital applications, as well as more business innovation opportunities. However, the current communication network has been operating overload. As a matter of fact, the increasing network applications have always created a great bandwidth demand for communication networks. C-Data has been committed to the technical innovation and product development of the communication network.

2020-cioe-2020-cdata-optical-network

 

logo

Passive Optical LAN(POL) and application prospect

Preface:At present,most enterprise networks use traditional copper wire LAN, which are showing more and more drawbacks. With the rapid development of cloud computing, big data, and 4K video, more and more businesses are gradually migrating to cloud data centers. Followed by changes in traffic and architecture, the majority of traffic has shifted from a local switching architecture to a cloud switching architecture. On the other hand, with the explosive development of video, IoT, and the Internet, these applications have increasingly higher requirements for high bandwidth and low latency. In the age of digital transformation, enterprises urgently need a network that can carry all “things” access, and the POL network is the best choice.

I. POL Introduction

1.1 POL overview

POL is an enterprise LAN based on PON technology that provides users with integrated data, voice, video and other services through optical fibers. It is not a new technology, but applies the PON network technology that has been proven for a long time in the ISP network to the enterprise network. POL can bring great value to customers, at the same time, it will not change the existing business planning and customers network connection mode, and can provide all the functions provided by the traditional LAN network.

1.2 POL topology

POL provides a Layer 2 transmission network, adopts PON technology to provide gigabit access to user, and uses a single optical fiber to converge sevaral services such as video, data, wireless, and voice.

POL toplogy:

图片1

1.3 Comparison between POL and traditional LAN

In the POL network, the aggregation switch in the traditional LAN will be replaced by the OLT, the copper cable will be replaced by the optical fiber, and the access switch will be replaced by the passive optical splitter. The ONU provides Layer 2/Layer 3 functions and provide data, voice and video services by wired or wireless.
The downstream of PON network adopts the broadcast mode: the optical signal is sent by the OLT and divided into multiple optical signals to each ONU with the same information through the optical splitter. The ONU selectively receives its own packages according to the tags carried in the message and discard the packages that tags are not match.

The upstream of PON network: the OLT uniformly allocates a time slice to each ONU. The ONU strictly transmits signals according to this time slice window.ONU will shutdown the optical port when the time slice does not belong to its own time slice. The upstream time window scheduling mechanism is highly dependent on the PON distance measurement technology.
An understanding of PON technology principles will help us to apply this technology more proficiently in network design,In particular, the passive (no power supply required) characteristics of its optical distribution network, and the point distribution planning and design caused by the difference from traditional switches require special attention.To ensure the traffic packets in both directions are forwarded on a single-core fiber, PON uses wavelength division to process two-way signal transmission at the same time. Upstream and downstream signals use different wavelengths, but are transmitted on the same fiber. The direction from OLT to ONU/ONT is the downstream direction, and vice versa is the upstream direction. The downstream direction uses 1490nm and the upstream direction uses 1310nm.
Line structure comparison:

图片2

Device selection comparison::

Subsystem Name Traditional solution equipments POL solution equipments
1 Device room/machine house system ODF、Voice distribution frame ODF,Splitter (centrally placed)
2 Backbone wiring/vertical wiring subsystem Most copper cables or indoor multimode optical cables Indoor single-mode optical fiber
3 Floor management/floor machine house system Rack/cabinet, copper cable distribution frame, optical fiber distribution frame Floor distribution box, optical fiber connector, optical splitter (dispersing device)
4 Horizontal wiring subsystem Twisted pair, indoor multi-mode optical cable Butterfly fiber
5 Work area subsystem Copper module, copper panel, copper cable Fiber and fiber connectors

II. POL advantage analysis

Through the comparison between POL and traditional LAN in the previous section, we can find the challenges of traditional LAN and the unique advantages of POL.

Challenges of traditional LAN:

A large number of switches occupy the space of the computer room, high power consumption, and difficult heat dissipation.

The connection between aggregation routers is complicated,and it takes up pipeline space, making wiring and maintenance difficult.

Switch locations are scattered,management is complicated, and a large maintenance team is required.
Transmission distance limitation.
It is complicated to add new network equipment.

It is difficult to upgrade and expand network.

Whether its transmission distance,smooth network upgrades,high reliability,flexible networking,easy deployment,and simplified operation and maintenance,the traditional integrated wiring system has completely lagged behind POL. The POL integrates the transmission of traditional integrated wiring with fiber to the desktop, fiber to user unit, and fiber to the public area and turns the original L3 network into a flat L2 architecture.Enterprises can integrate different systems such as data,voice,video security,and wireless into a single optical fiber network, which has incomparable advantages over traditional integrated wiring.

POL advantage analysis:

Advanced architecture:POL network uses single-mode fiber,with almost unlimited bandwidth potential, and smooth broadband upgrades on demand.

Safe and reliable:Full optical fiber transmission,anti-detection,anti-electromagnetic interference, PON device provides strong DoS defense capabilities, reducing network attacks.

Converged bearer: The POL solution can bear data, voice, video and other services on one network.

Space saving: The POL solution is super convergent. The park only needs to provide a core computer room and don’t need many floor computer rooms.

Wide coverage: Covered distance is 20km,meeting the coverage requirements of super-high buildings and super-large parks.

Green and energy-saving: The POL solution uses passive optical splitters to replace convergence equipment of the traditional network,and the equipment room does not require air conditioning,which is more energy-efficient.

Convenient maintenance: PON technology adopts a centralized management method to avoid the disadvantages of decentralized management of traditional schemes and reduce the difficulty of operation and maintenance.

Cost advantage: Based on past experience, using 1000 points as a sample, choosing POL’s FTTD (Fiber To The Desktop) method will save 15% cost compared to traditional switch networks, and choosing FTTO (Fiber To The Office) will save cost more than 58% compared to switch networks.

III. Prospects of POL Development

POL is in the early development stages currently, and the current utilization rate is not high, but significant changes will occur in the next five years. The degree of POL solutions selection by enterprise users is not high enough,but manufacturers and social groups have been vigorously promoting this technology,and the IoT demand will become an important driving force to promote POL.

When it comes to POL applicable scenarios,most people may think of places such as corporate offices,education parks,and hotels.It cannot be denied that these places are the most widely used places,but from the unique advantages of POL,we can see that POL helps reduce energy consumption and operating costs.The IoT is the key to truly promoting the adoption of POL technology by enterprises. In the IoT application solution,a large number of terminal devices scattered in various places need to be connected to the network,Traditional LAN cannot meet such demand, and POL can serve as a bridge to eliminate the gap in this demand.Therefore,POL will find greater applications in the urban infrastructure, manufacturing,processing,solar,wind,and smart energy fields.The reason is that the current cable lines in these industrial facilities usually extend several miles,while POL can extend a long distance,and nodes can be deployed along the line through multi-fiber co-cables and optical splitters.Take the manufacturing industry as an example,it involves sensors such as flow meters, filters,or temperature,these devices need to be connected to the Internet,and traditional LAN are difficult to meet their networking needs.What is needed is to be able to operate stably in the working environment of these sensor devices.And does not produce electromagnetic interference or radiation.POL is just such a technology.It has a long transmission distance,can be networked through an optical splitter,does not produce electromagnetic interference and radiation,and can be used for the connection of most equipment.It has great needs in manufacturing and processing industries.Play a role in the large area and wide coverag application scenarios.

POL is an amazing technology because it is based on optical fiber transmission,has a simple network structure,is easy to manage,and has certain advantages in both construction and operation and maintenance costs.With the continuous development of enterprises,users put forward higher requirements for bandwidth, and the use of optical fibers will become more and more common,expanding from campus networks,backbone networks to the access field.IT users try to accept it,and good technology will prove its value through time.But I have to admit that there is still huge resistance to POL’s promotion.Enterprises that have invested heavily in traditional LAN may not change to POL,at least not immediately.For small organizations,POL solutions may be not a good idea.Compared with twisted-pair copper-based networks,user may not use all the capacity that POL can provide,and the solution may become very expensive. Therefore,these two technologies may coexist in the future,and POL will be used to make up for the functions that traditional LAN cannot achieve.Moreover,for those who familiar with traditional network technology, it takes time to gradually learn, adapt, master and apply POL technology.

Summary:

With the intelligentization of cities,the application of cloud computing and big data,and the popularization of IoT,more and more enterprise applications will become cloud-based in the future.For enterprise networks,the digital transformation is imperative,which requires a simple network.POL have the characteristics of one network with multiple services,cost-effectiveness, simplicity, flexibility,safety and reliability,effectively supports enterprise digitization.So it is becoming the best choice for digital transformation in education,hotel,electric power, transportation,smart security,industry and other fields.With the gradual improvement of customer recognition,the ecology is also growing. I believe that the POL will continue to grow rapidly in the future.

 

logo

Security Policy Configuration Guide For FD11xx EPON OLT

Preface:C-Data FD11xx Pizza-Box EPON OLT series products is 1U high 19 inch rack mount product. The features of the OLT are small, convenient, flexible, easy to deploy, high performance. It is appropriate to deploy in an compact room environment. This article proposes security suggestions based on experience and actual user scenarios in the OLT side to enhance the security of the access network.

1.Security configuration suggestions

1.1 Configuration suggestion for username and password

The first time when you log in to the device, please modify the user name and password, including ordinary accounts and super users. The user password must meet the password complexity principle: the length is between 8-12 digits, and the combination of numbers,uppercase and lowercase letters is used,and continuous numbers or continuous numbers are avoided.Do not use phone,birthday,personal name,ID and other information known to others as passwords,and change the password regularly

Case:Add new user test9,user role is superuser,password is Dscn@#0247

EPON OLT 1

 

Case:Modify new password of user test9 as Wsdf#$9345

EPON OLT 2

 

1.2 Configuration suggestion for SNMP

If you do not use ems, web and other network management platforms that use the snmp protocol, it is recommended not to open the snmp protocol. If you need to enable snmp, do not configure the two well-known communities, public and private, and customize the random read-write community;

Case:Config OLT SNMP read community is Pdfrd34#,wirte community is Yosjd34@

图片3

EPON OLT4

1.3 Configure management VLAN

The configuration of management VLAN can effectively isolate the device from other VLANs to achieve more secure protection.

Case:config inbind management vlan is 200

epon# system ipconfig mgmt-vlan 200

1.4 Enable OLT access control

The FD11xx series OLT version which built time is 200601 or later, Access control can be based on ip and mac address. For login security, it is recommended to configure this function, only add the ip or mac address of the administrator, and restrict other ip or mac to log in to the device .

Case:Only allow device which ip is 192.168.5.123 login OLT,Note:epon# system access-control admin enable must in the behind of the command of system access-control …

图片5

EPON OLT6

1.5 Disable web service

If you don’t use web to manage OLT,please disable web service,command as follows:

epon olt7

Summary:The FD11xx OLT has been used to IP Camera, Enterprise LAN and IOT applications.

The EPON OLT is popular used in ISP network, campus network, enterprise network. Since the users have different networking and application scenarios, this article proposes security recommendations on the EPON OLT side for users who lack an upper-level firewall or expose the OLT on the public network, in order to reduce the risk of hacker attacks.

optical network unit

Development and prospect of PON

What is pon

PON is a typical passive optical fiber network, which means that the optical distribution network does not contain any electronic devices and electronic power supplies, ODN is all composed of passive devices such as optical splitters and does not require expensive active electronic equipment. A passive optical network includes an optical line terminal (OLT) installed in the central control station, and a number of matching optical network units (ONUs) installed in the user’s premises. The industry has always believed that the passive optical network (PON) is the future development direction of the access network. On the one hand, because the bandwidth it provides can meet the needs of various broadband services now and in the future, it is generally optimistic about solving the problem of broadband access; On the other hand, its expenses are both in terms of equipment cost and operation and maintenance management overhead. Both are relatively low. Comprehensive economic and technical analysis shows that PON is the main technology for FTTB/FTTH.

The development of the PON

PON(Passive Optical Network) is a point-to-multipoint passive optical access technology, which originated in the 1990s.From the development of narrowband PON to various broadband PON technologies,the development of PON technology has gone through several stages.

Narrowband PON technology is the earliest proposed PON technology, which can only provide narrowband services such as POTS or ISDN with service access rates below 2Mbit/s. However, due to the inconsistent specifications of various manufacturers and the inability to reach agreement at that time, there is still no unified and complete standard for narrowband PON technology. In the era of continuous development of the Internet, narrowband PON has long withdrawn from the stage of history, and then APON technology appeared in the mid-1990s. APON used the ATM protocol, which was considered to be able to provide various types of communications at that time, as the bearer protocol, and the transmission rate has been greatly improved. Later, with the rapid development of Ethernet technology, APON is basically no longer applicable, so the concept of broadband passive optical network BPON appeared. BPON is an enhancement after the APON standard, and is also based on the ATM protocol, and the uplink and downlink rates have been greatly improved. ITU-TG.983.1, the first international standard for PON systems released in 1998, is also generally referred to as the BPON standard.

Since entering the 21st century, with the decline of ATM technology and the rapid rise of Internet IP technology, the high-cost deployment of BPON technology seems a bit outdated. At this time, the industry hopes to develop a new PON system to replace the outdated BPON technology. In this context, IEEE and ITU-T successively initiated the standardization of EPON and GPON in 2000 and 2001, and respectively issued the completed standards in 2004, laying the foundation for the large number of applications of EPON and GPON in the current network today. The EPON standard was completed by IEEE’s EFM (Ethernet in the First Mile) working group, and was approved by the IEEE as the IEEE 802.3ah standard in September 2004. The GPON standard is standardized by ITU-T Study Group 15. The GPON-related standards include G.984.1-G.984.6 six standards, covering the GPON system architecture, physical media related layers, transmission convergence layer, ONU control management Protocols and regulations for enhanced wavelength usage and distance extension. Compared with the BPON system, the upstream and downstream rates of EPON and GPON have been greatly improved. The upstream and downstream bandwidth of EPON is 1.25 Gbit/s, while the downstream bandwidth of GPON is 2.5 Gbit/s and the upstream bandwidth is 1.25 Gbit/s.

With the rapid development of IP business volume and the continuous increase in the number of users, 10GEPON and XG-PON supporting higher split ratio and higher bandwidth have also emerged. Beginning in 2005, IEEE and ITU have successively carried out standardization studies on the next-generation PON system. IEEE established a project in 2006 and began to formulate the standard IEEE 802.3av for EPON systems with a rate of 10 Gbit/s. In this standard, 10G EPON is divided into 2 types. One is the asymmetric method, that is, the downstream rate is 10 Gbit/s, but the upstream rate is the same as EPON and is still 1 Gbit/s. The second is the symmetrical approach, that is, the uplink and downlink rates are both 10 Gbit/s. As the first mature next-generation PON technology, 10GEPON technology is in line with network development trends. It has the advantages of large bandwidth, large optical splitting ratio, compatibility with EPON, unified network management, and smooth upgrade. ITU started the study of the next-generation GPON standard in 2008 and confirmed it in 2010. It is currently called the XG-PON standard. The XG-PON standard ITU-T G.987 series have been released one after another. The physical layer rate currently specified by XG-PON is asymmetric, that is, the downstream rate is 10 Gbit/s and the upstream rate is 2.5 Gbit/s. In 2015, the XGPON symmetrical solution that was cancelled in 2013 was restarted again and adopted the new name XGSPON. Unlike XGPON, the XGSPON upstream and downstream rates are both 10Gbit/s, and the ITU officially passed G.9807 in 2017. XGSPON international standard. In recent years, Internet applications such as video and games have developed rapidly, and users have a strong demand for network broadband, which has further stimulated the maturity of the 10GPON industry chain. Commercial deployment of 10G PON has begun in some cities in China.

After the establishment of the XGPON standard, FSAN started the study of NG-PON2. Its key requirements are mainly 40G downlink and 40G/10G uplink, achieving 20km transmission distance and 1:64 splitting. At that time, mainstream alternative technical solutions for NG-PON2 included high-speed TDMA-PON, TWDM PON, OFDM-PON and WDM-PON. After analysis and comparison, in April 2012, FSAN decided to adopt TWDM PON technology as the implementation plan of NG-PON2, and started to formulate the G.989.x series of standards, which was finally completed in 2015. The IEEE started NG-EPON research in 2013, and started the formulation of the 100G-EPON standard in July 2015, named IEEE802.3ca, and plans to release it within this year.

optical network unit

The future of the PON

It is not difficult to imagine that in the future, we need a PON technology with larger bandwidth, more users and higher efficiency. 25G/50G/100GPON has already been put on the agenda of the standards organization. In February 2018, China’s optical access network industry successfully promoted the establishment of the 50G TDM-PON standard, marking a key step taken by ITU-T in the field of next-generation PON standard research. Although IEEE did not accept the establishment of a single-wave 50G PON project, it at least clarified the future technological evolution route of PON. For the future 100G PON technology, China’s communication equipment vendors are actively investigating 100G PON technology to jointly promote standard formulation and maturity of the industry chain. The application of 100G PON is only a matter of time.

With the development of the times and the continuous advancement of science and technology, 200G/5OOG/1000G and even higher PON technologies will be slowly realized. However, in addition to studying the next generation of PON technologies, the industry is still paying close attention to a very important issue. That is, the convergence of the two technical schools of ITU-T and IEEE. EPON and GPON coexist for a long time, which is actually very unfavorable to the industry. On the one hand, it brings difficulties to the technical decisions of operators and equipment; on the other hand, it also increases the cost of the industrial chain, and industrial chain enterprises need to invest in two lines. Especially for the huge optical access network market like China, the influence of the differentiation of PON technology factions is even greater, and more waste of resources. In recent years, under the active promotion of domestic and foreign industries, ITU-T and IEEE have also made some positive “shows”, including issuing joint statements, forming working groups, and establishing liaison letter mechanisms. But for now, it will take a long time to truly realize the final integration.

 

optical-network-unit

Whether GPON will replace EPON in the future

What is PON?

PON refers to passive optical fiber networks.In other words, there are no electronic devices or electronic power sources in the optical distribution network, and ODN is composed of passive devices such as optical splitters, without the need for valuable active electronic equipment.A passive optical network consists of an optical line terminal (OLT) installed at a central control station and a number of ancillary optical network units (ONUs) installed at the user site.The optical distribution network (ODN) between OLT and ONU consists of an optical fiber and a passive spectrometer or coupler.At present, passive optical network PON is considered as the future development direction of access network.On the one hand, because the bandwidth it provides can meet the needs of all kinds of broadband services now and in the future, it is generally favored to solve the problem of broadband access.On the other hand, the cost is relatively low in both equipment cost and operation and maintenance management.Comprehensive economic and technical analysis shows that PON is the main technology to realize FTTB/FTTH.

What is EPON?

EPON means Ethernet Passive Optical Network. As the name implies, it is a PON technology based on Ethernet.It adopts point-to-multi-point structure, passive optical fiber transmission and provides multiple services over Ethernet.The EPON system is mainly composed of optical line terminal (OLT), optical distribution network (ODN) and optical network unit (ONU).In the EPON system, OLT is both a switch or router and a multi-service provider platform that provides fiber interfaces for passive fiber networks.

As an emerging broadband access technology, EPON achieves integrated data, voice and video service access through a single fiber optic access system with good economy.It is widely believed in the industry that FTTH is the ultimate solution for broadband access and EPON will become a mainstream broadband access technology.Due to the characteristics of EPON network structure, the special advantages of broadband access, and the organic combination with computer network, experts all over the world agree that passive optical network is the best transmission medium to realize the integration of “three networks” and solve the “last kilometer” of information superhighway.

In the EPON system, the downlink data flow adopts time division multiplexing (TDM) technology and the uplink data flow adopts time division multiple access (TDMA) technology. In this way, when the ONU receives the data packet, each ONU extracts the data packet according to the specific address information and there is no interference between ONU, which can avoid transmission conflicts.EPON technology combines low-cost and high-bandwidth Ethernet equipment with low-cost fiber network technology, which has the advantages of good compatibility, low construction and maintenance cost and high access reliability.However, it has the disadvantages of poor scalability and low cost advantage.

What is GPON?

GPON refers to gigabit-passive Optical Networks.GPON technology is the latest generation of broadband passive optical integrated access standard based on ITU.TG.984.x standard. It is regarded by most operators as an ideal technology to realize broadband and integrated transformation of access network services.GPON technology adopts the same network topology as EPON, which is mainly divided into ONU, ODN and OLT.OLT provides the interface between the network side and the core network, and connects with each ONU through ODN.As the core functional equipment of the PON system, OLT has the functions of centralized bandwidth allocation, control of ONU, real-time monitoring, operation, maintenance and management of the PON system.ONU provides user-side interface for access network, and provides access to voice, data, video and other multi-service streams and ODN, which is controlled centrally by OLT.The branch ratio supported by the system is 1:16/32/64. With the development and evolution of the optical transceiver module, the branch ratio supported will reach 1:128.

The transmission mechanism of GPON is completely the same as that of EPON. Single fiber bidirectional transmission mechanism is adopted. WDM technology is used to transmit upstream and downstream data with different wavelengths on the same optical fiber.On the same optical fiber, GPON can realize two-way signal transmission using WDM technology.Based on the traditional tree topology, the PON protection structure can be used to improve the network survivability.GPON has three major advantages, namely, longer transmission distance, higher bandwidth and strong spectral characteristics.But the technology is relatively complex and the equipment cost is high.

Comparison between EPON and GPON

The main difference between GPON and EPON is the use of completely different standards.On application,GPON has a bigger bandwidth than EPON, its business carrying more efficient, spectral ability stronger, can transmit more bandwidth business, achieve more users access, pay more attention to business and QoS guarantee, but more complex, so cost is responsible for its relative EPON is higher, but with the large-scale deployment of GPON technology, EPON and GPON is diminishing cost differences.EPON aims to be compatible with the current Ethernet technology. It is the continuation of 802.3 protocol in optical access network, fully inheriting the advantages of Ethernet, such as low price, flexible protocol, mature technology, etc., it has a wide market and good compatibility.GPON, on the other hand, is positioned as the telecommunications industry’s demand for multi-service, QoS guaranteed all-service access, and strives to seek an optimal solution that supports all services and has the highest efficiency, and proposes to “completely and completely reconsider the openness of all protocols”.EPON and GPON have different technical characteristics, which are as follows:

The technical features of EPON are as follows:

  • Ethernet is the best carrier for IP service
  • Easy to maintain, easy to extend and easy to upgrade
  • EPON equipment is mature and available. Millions of lines of EPON have been laid in Asia. The third-generation commercial chip has been launched
  • The EPON protocol is simple and has low implementation cost and low equipment cost. The most appropriate technology, rather than the best technology, is needed for urban access network
  • More suitable for domestic, metropolitan area network without ATM or BPON equipment burden
  • More suitable for the future, IP hosts all services, Ethernet hosts IP services

The technical features of GPON are as follows:

  • Access network for telecom operation
  • High bandwidth: line speed, 2.488GB /s downstream, 1.244GB /s upstream
  • High transmission efficiency: 94% down (actual bandwidth up to 2.4g) 93% up (actual bandwidth up to 1.1g)
  • Full service support: The G.984.x standard strictly defines the full service (voice, data, and video) that supports the telecommunications level
  • Strong management ability: rich functions, sufficient OAM domain is reserved in frame structure, and OMCI standard is established
  • High quality of service: a variety of QoS levels, can strictly guarantee the bandwidth and delay requirements of the service
  • Low comprehensive cost: long transmission distance, high spectral ratio, effective allocation of OLT cost, reduce user access cost

Due to different technical characteristics, EPON and GPON technology are actually two different market applications. EPON technology is more suitable for Internet access application type, while GPON technology is more suitable for full business operation and three-network integration application type.From the perspective of business, these are actually two market segments, but from the perspective of end users, both EPON and GPON are actually invisible to users, especially in the FTTB construction mode. Users’ terminal devices in their homes only see Ethernet interfaces and telephone interfaces, so there is no need to think about GPON and EPON.

Conclusion

GPON and EPON have their own features, with different application scopes and overlapping application scenarios, such as FTTB for residential users.Looking to the future of the broadband access market may not be who replaces who, should be complementary coexistence.For customers with high bandwidth, multi-service, QoS and security requirements and ATM technology as backbone network, GPON will be more suitable.For cost-sensitive, QoS and security requirements are not high customer base, EPON became the dominant.

logo

Technical statement

Statement on Pierre Kim Revealing Security Vulnerabilities in C-data OLT products

 

We have noticed an article named “Multiple vulnerabilities found in C-Data OLTs” published in Github. C-Data admires the work of two professionals in technological circles, Pierre Kim and Alexandre Torres, and thanks for their identifying security breach problems through detailed testing, as well as for their active work in reducing the risks of users using network products. C-Data adheres to the philosophy of serving customers, and always puts customers’ interests in the first place, as well as pays special attention to the product safety problems. In this way, C-Data can provide customers with products with safety guarantee.

In the meantime, we have paid attention to some press releases published by the media, and have interpreted technical articles by Pierre Kim and Alexandre Torres. In order not to let the majority of customers misunderstand the safety design of our equipment, C-Data analyzes and clarifies the mentioned technical issues with a sincere and frank manner.

 

Excluding counterfeit products

 图片1

 

The account mentioned in this article: panger123/suma123. We have investigated the account and the password. In addition, we have confirmed that the account and password are not from the C-Data OLT products, but are those used by other companies and people when they copy the C-Data OLT. The CLI style and most of its commands of the counterfeited OLT are all copied from the C-Data OLT. C-Data  OLT equipment is now widely used around the world, and counterfeiters copy C-Data OLT for illegal profits.

According to the following screenshot, we can completely compare and analyze that the account of panger123/suma123 comes from an illegally copied OLT.

[Replica command line style and version information]

图片2

 

[C-Data FD11XX series OLT version information and command line style]

图片3

 

If you use the account of panger123/suma123, you can never access C-Data OLT. The following figure shows the information interception of the failed attempt to log into the C-Data OLT with panger123/suma123 account.

图片4

This article analyzes the problem regarding “Authentication process with hardcoded credentials”. The demonstration indicates that we log into the bcm-shell of OLT and receive the key information of OLT with the telnet method. The relevant information all comes from the replica, instead of the C-Data OLT. In the screenshots, the account and password information marked in red is that of the fakes.

图片5

图片6
Introduction to several factory setting accounts

  1. The following two telnet login accounts and passwords mentioned in this article are actually used on the C-Data’s first generation OLT (OLT starting withFD11XX):

OLT telnet account 1: debug/debug124

OLT telnet account 2: root/root126

 

This account and password are mainly used by C-Data to assist customers in debugging problems and writing production parameters. (OLT mac address information and SN information, etc.)

 

This account must be successfully logged in to the CONSOLE port by a local serial line on the OLT, then can entering the OLT bcm-shell mode to modify and view key information of the OLT. Use this accout under OLT TELENT mode, we can only enter the CLI of the device, can not entering OLT bcm-shell modify the key information of OLT.

 

If attacks want to enter the bcm-shell mode of OLT to obtain device privacy information or implant malicious programs into OLT, they must log into OLT by directly connecting the serial port line of the computer locally. In this way, by no means can the remote attackers use these two accounts to attack.

 

Therefore, there is no such situation as “Backdoor Access with telnet”.

 

In addition, as regards these two accounts, C-Data has revealed to the required customers without reservation. A common use of customers happens when they need to modify the MAC address.

 

[The following figure shows how to log into C-Data OLT remotely with debug/debug124 and root/root126, and how to attempt to enter the shell mode prompt. In addition, OLT prompt only supports entering bcm-shell under the direct connection of CONSOLE.]

图片7
Another usage scenario of debug/debug124 and root/root126 is when C-Data provides remote technical support at the request of customer. All C-Data’s remote access obtained customer’s consent after consultation with customers. When operating, the operator need to log in to the customer’s computer remotely, then log in to the device using the local serial ports of these two accounts, and work with the customer for positioning analysis of network problems in this way. Customer’s technicians will participate in and supervise the process of technical services throughout the process.

As for whether there is an issue where an attacker logs into the CLI using these two accounts through TELNET and then changes the configuration of the OLT, resulting in network security problems, we will further explain it in the security policy later.

OLT telnet Account3:guest/[empty]

The account and password are the account of factory default configuration, which can only check some basic information of OLT, and without having the authority to configure any OLT. The user can delete or modify the account as needed when using it.

 

  1. Solution: As the FD11XX series OLT is the first generation models of C-DataOLT, the account and password rules of which are not fully considered. The default password is fixed and too simple, which may be taken advantage by criminals. C-Datawill immediately update and release the software version of this OLT product. In the latest version, the debugging account will no longer adopt the general fixed password, and the password will be generated by a special password generation tool according to the unique identification code bound to the device. If there is no unique identification code information of the device or password generation tool, the password cannot be obtained.

 

More Secure Cryptographic Mechanism

For other models of C-Data OLTs(OLT named FD15XX, FD16XX, FD12XX, FD8000), the problem of “Backdoor Access with telnet” does not exist, because these OLTs adopt a more secure cryptographic mechanism. The device is configured with several general accounts by factory default, including root/admin, admin/admin and guest/guest, which can be used by customers to initially configure OLT. Customers need to create, delete and modify the login account and password of the device according to their own security policies when using the device. We do not recommend using the factory default username and password in the operation network.

The device retains a debugging account for assisting customers in debugging and solving problems, and this account can also be used by customer to find the forgotten password when they forget the login password of OLT. However, the account no longer uses the general password, and the password is calculated and generated according to the unique identification information of the customer’s OLT. Only when the customer provides the information of unique identification code in conjunction with the special password generation tool can the password be generated. The password of each OLT is different, which will better ensure the safety of the device.

 

The Requirement of WEB Login Management

The user name and password displayed in this article are actually the needs of numerous users. The account and password are the login user name and password in the web management interface of OLT. As many customers feedback that some of their junior maintenance personnel may easily forget login the username and password  of OLT’s WEB management interface, and hope that higher-level managers can query the username and password of the WEB through OLT CLI, we provide this command at the customer’s request, so that customers can check the login username and password of the WEB by themselves through the command line. We believe that the customer can formulate an effective security management system, properly manage the use of usernames and passwords to avoid the risk of using this command.

图片8

 

 

Security strategies and suggestions

  1. The article introduces several schemes that can be used to attack the C-DataOLT after knowing the account and password of C-Data’s “Backdoor Access with telnet” from the perspective of network security risks. C-Databelieves that the majority of customers have a set of measures suitable for their own defense against cyber-attack. The following will list the common measures to defend against cyber-attack on the customer’s side. These measures can protect the OLT from the following attack means mentioned in the article:

* Escape shell with root privileges

* Pre-Auth Remote DoS

* Credentials infoleak and credentials in clear-text (HTTP)

* Weak encryption algorithm

* Insecure management interfaces

 

Defense Strategy 1: In general network planning, all OLT management VLANs and service VLANs on the client-side are different. If the management VLAN used by the attacker is incorrect, this kind of planning makes it impossible to access the OLT equipment from the network-side of the OLT (uplink) or the user side (downlink to ONU).

图片9

 

Defense strategy 2: OLT is used as an access layer device. For many small and medium-sized ISPs, OLT is usually deployed on the intranet of its network. When the intranet goes to the public network, it will pass through the router or firewall device. Services such as telnet and http are disabled on the router and firewall equipment; Those who access the OLT are employees who have access to the OLT in the customer’s intranet; Indeed, if there are other personnel who need to access the OLT device in the intranet via the public network, they need to do port forwarding on the router or firewall, and only the customer knows the forwarding rules, so it is difficult for the attacker to obtain information and carry out attack.

 

Defense strategy 3: The OLT of C-Data has made a lot of control strategies, which are set by the customers themselves, and it can completely prevent network attackers from illegally logging into the device:

OLT configuring strategy 1:

It can be controlled by the OLT’s system access-control to allow certain specific IP addresses or mac to access the OLT device configured by the customer and is completely unknown to others.

图片10

OLT configuring  strategy 2:

The OLT’s outband acess can be turned on or off by the customer. Customers can turn off outband management and use inband management. In this case, device management is achieved through a dedicated management channel separated from business data, thus the network security is higher.

图片11

 

 

OLT configuring strategy 3:

OLT’s Web access port can be modified by the customer and can be closed and opened by the customer.

图片12

 

OLT configuring strategy 4:

The OLT can be configured with a perfect acl function to prevent the device from being attacked easily.

图片13

图片14

 

Conclusion

The article by Pierre Kim and Alexandre Torres did summarize in detail, and seriously tests C-Data’s device from the perspective of security vulnerabilities. The original intention of the original article was to feedback security vulnerabilities in the device, so that technicians and users notice security risks and carry out effective security precautions, not the meaning of “OLT device backdoor” when the media relayed the dissemination, and should not be interpreted as C-Data intentionally left a backdoor on the product. C-Data expects that products will give customers the best experience and make it more convenient for them to use the device. C-Data has the ability to help customers better establish defense strategies in cyber security. C-Data also welcomes all parties to put forward reasonable suggestions, so that C-Data device can give more consideration to customers’ safety issues and confusion when using the device under the premise of providing convenience and practicality to customers. Thank you!

 

 

 

 

Apendix:

Original source of the document:

https://pierrekim.github.io/blog/2020-07-07-C-Data-olt-0day-vulnerabilities.html
图片17

 

Online Media Reprint:

https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
图片16

 

 

 

 

 

 

IMG_4144-2

C-DATA 2020 New Year Party Report

Time flies, C-Data’s first decade is a thing of the past.

In the past ten years, there have been hardships and joys. Everyone has been working hard and finally made what C-Data is today.

On January 4, 2020, all the staff of Shenzhen C-Data Technology Co., Ltd. and industry guests who have been accompanying and supporting C-Data, more than 500 people gathered in Nanrong Hotel to enjoy the C-Data 2019 Commendation Conference and the 2020 New Year Party.

IMG_4144-2

Mr. Tsui Yunliang, the general manager of the company, gave a speech at the beginning and shared the company’s development history and future plans. We have encountered setbacks in the past ten years, but never give up, In the coming 2020, we will also be full of passion to proceed and make a good start for the next decade.

IMG_4150

Success comes from the effort of every employee. This year we have set up many awards to commend excellent employees. The awards include Best New Employee、Progressive Star, Excellent Employee、Excellent Leader、Excellent Team、Great Diligence and Model Worker.

There are such a group of people rooted in various departments of the company, some are like screws, some are the mainstay, and they all have a rock-solid and immovable faith to escort the company’s growth. Therefore, in this year, C-Data specially set up Memorial Award and Rock Award for employees who have served the company for 5 years and 8 years respectively.

IMG_4189

The staff also conscientiously prepared the show to perform at this time. Dances, songs, comedies, and other performances have been brilliantly presented, which bring the audience cheers and applause. In particular, the management team also prepared a wonderful melodrama. Thanks for those who squeezed time in rehearsing the show, and present us wonderful performances and surprises!

IMG_4274

Dance

IMG_4231

Villain Dance

IMG_4289

Melodrama

After the show, it was a thrilling lucky draw and games sessions. There were more than 300 prizes of various kinds. Excitedly, the leadership continuously sponsored the lottery,which brought more applause, cheers and screams. Games sessions took place during the lucky draw and everyone was actively interacted, showing the joy and harmony of the big family, C-Data. The whole party lasted seven hours, and it was full of joyous atmosphere from the beginning till the end.

IMG_4134

We survived from the hardships of starting a business and experienced the challenging growth. In 2020, let us sail again and create a new chapter!

CIOE

C-Data exhibits at 2019 CIOE

On September 4-7th , 2019, the 21st CIOE Expo was held as scheduled at the Shenzhen Convention and Exhibition Center. CIOE is the world’s largest photoelectric professional exhibition, bringing together many related technologies such as optical communication exhibition, laser technology and intelligent manufacturing exhibition, infrared technology and application exhibition. Read more