EPON vs. GPON: The Standards
- EPON (Ethernet PON) is essentially an implementation of Ethernet over PON. It can deliver 1 Gbit/s symmetrical bandwidth (with a version of it, called GE-EPON – not to be confused with GPON below – offering 1 Gbit/s for data and 250 Mbit/s for encoding). EPON equipment is typically cheaper than GPON equipment, and integrates well with traditional Gigabit Ethernet office equipment, making EPON a cost-effective solution for most typical networking applications.
- GPON (Gigabit PON) allows for speeds of 1.25 Gbit/s or 2.5 Gbit/s downstream, and between 155 Mbit/s and 2.5 Gbit/s upstream, for each ONT/ONU. This high bandwidth capability is enhanced by excellent QoS support. Superficially, this looks like GPON is faster, and therefore just better. However, GPON suffers from difficult technological baggage.
GPON was designed to support a number of technologies that are, by now, so out of date that mentioning them makes us feel nostalgic, such as ATM. The higher speeds often remain unused, since what sits downstream from a 1.25 Gbit/s ONT is often a 1 Gbit/s Ethernet link, and GPON does not support multicast.
This makes certain applications, such as IP video, more difficult to implement efficiently. Although things aren’t so black and white. Both standards, for example, have native support for a CATV overlay).
Real-World Network Calculation: Sizing Your PON
When planning a PON deployment, it’s essential to calculate the aggregate bandwidth demands of your users—peak usage, not just averages. For example, if you have 30 users, each with a maximum expected throughput of 50 Mbit/s, your total peak requirement would be 1.5 Gbit/s. Factor in some headroom for bursts and overhead, and you’ll quickly see whether EPON’s symmetrical gigabit links suffice or if GPON’s higher downstream rates are warranted.
Security Considerations
Finally, there is a compromise in terms of security. EPON uses an industry-standard, AES-based encryption system, which is cheap, efficient and well-supported. GPON also supports encryption, but only on downstream traffic (while EPON supports both upstream and downstream encryption), and based on a less popular technology.
- A 10 Gbit/s PON standard known as XG-PON has also been adopted by the ITU (the same body that adopted GPON), but its use is largely constrained to FTTx applications.
Most London campus and building networks use EPON, but this does not mean that GPON is a poor technological solution. There are cases where it makes sense, especially for campus networks.
Furthermore, the cost analysis is far from trivial, too. For example, GPON equipment tends to be more expensive upfront than EPON equipment, but scaling it can be cheaper for certain types of traffic.
Ultimately, you should base your choice on an analysis of your traffic and bandwidth requirements, not industry trends.
Performance and Flexibility Trade-offs
This almost sounds too good to be true. Clearly, if hub-era technology were that good, there would have been no point to changing it – the whole industry cannot have been misguided.
Besides, it’s not like Ethernet networking equipment is a dying business. It forms the bulk of the revenue for established companies like Cisco, Juniper or Arista. Clearly, they couldn’t subsist on snake oil.
We weren’t misguided, and Cisco isn’t selling snake oil. PONs derive their better cost of ownership and reliability numbers from simplicity.
But this simplicity comes at the price of flexibility.
Traditional campus networks deal well with every kind of traffic (and, with minimal effort, can be adapted to situations where east-west traffic is abundant). Dealing with this kind of flexibility requires complex equipment, but it can cover all traffic profiles.
PONs cannot efficiently deal with any kind of traffic. They do happen to deal well with the type of traffic that campus and building networks are moving towards.
Historically, they only dealt well with FTTx traffic – but as companies in the UK and everywhere are moving towards cloud-driven working models, this traffic profile is becoming increasingly prevalent beyond the premises’ borders.
How Secure Are PONs?
You may have already noticed an interesting problem, which we alluded to, but never discussed in detail so far. Without the distribution-tier switches, all switching is done at the core tier.
But then the OLT broadcasts data to all equipment downstream – so, in effect, all clients get each other’s data. This can’t be good for security, can it?
That’s why, for security-critical applications, data can be encrypted at the ONT. In effect, this makes each link somewhat like a VPN to the core switch. The encryption technology is of the same type and calibre as in commercial-grade VPNs, it’s just that the network isn’t exactly virtual.
In some types of networks, it is enough if downstream traffic is encrypted, which is what GPON does. These are campus networks where ONTs bridge entire, self-contained networks to the core network (or the OLT has native support for network segregation).
It is hard to scale this type of network, but it may be a good trade-off under some circumstances, especially when legacy equipment is involved.
In other cases, both upstream and downstream traffic need to be encrypted. EPON natively supports this mode of operation, which also has the advantage that a malicious actor who intercepts traffic at the OLT cannot read any communication.
A Quick Tour of PON Varieties
All Passive Optical Network (PON) systems start with the same basic trick: a single fiber link shared by many users. But the details—especially how bandwidth is divvied up and secured—vary with the protocol.
- APON/BPON were the pioneers, handling downstream speeds of 155 Mbps or 622 Mbps (the latter being most common). Upstream, you’d get cell bursts at 155 Mbps. Not exactly mind-boggling today, but at the time, it was cutting-edge.
- GPON upped the ante, offering symmetrical speeds of 622 Mbps, or asymmetric links up to 2.5 Gbps down and 1.25 Gbps up. It’s a bit of a hybrid—ATM for voice, Ethernet for data—and it’s widely used in fiber-to-the-home.
- EPON, and its flashier cousin 10G-EPON, ditched ATM entirely, embracing Ethernet and boosting downstream rates up to 10 Gbps, with upstream at 2.5 Gbps. Next-generation standards are already lurking on the horizon, promising future speeds up to 80 Gbps.
To serve multiple users, PONs rely on optical splitters and sometimes wavelength division multiplexing, letting them cater to entire neighborhoods or buildings. In practice, that means the core switch gets to play traffic cop for a very large, very fast crowd—while the ONTs, with their encryption, keep everyone’s business to themselves.
The introduction to this section makes it sound like PON security is somewhat of a trade-off, too, but that’s not the case. PONs can be a significantly more secure solution than other networking technologies.
Fibre optic cables do not leak radio or electrical signals like copper cables do and are harder to splice intrusively. Furthermore, the security model of ONTs was designed from the very beginning with the assumption that other ONTs on the network may be controlled by malicious users.
It would be too bold and too general a statement to say that the security model of PONs is superior to that of Ethernet networks. However, it has fewer edge cases to cover, and – assuming the hardware encryption at the ONTs isn’t broken – it is easier to implement a secure communication model over PON than over Ethernet, at least at the most basic level of the network stack.