Passive Optical Networking (PON) is an old idea with a recent implementation. It refers to a technology used to provide fibre to the end consumer using a point-to-multipoint architecture, in which an unpowered fibre optic “splitter“ is used to distribute data from a single optic fibre to multiple end devices.
While originally conceived for FTTx (fibre-to-the-premises, fibre-to-the-home) applications, PONs are seeing increased use for campus and building networks – a solution called Passive Optical LAN (POL). The adoption of PON – deceptively simple in its technology – was spearheaded by the US Department of Defense and then picked up throughout the industry.
If you are curious to know why it has attracted the attention of such important players in the London data networking market, and how this technology can apply to your organisation, read on!
A Passive Optical Network (PON) is a telecommunications system or a network that transmits data over fibre optic lines. It is called “passive” because it relies on unpowered splitters for routing data to multiple destinations from one central location.
The greatest asset of PON technology is its simplicity. To understand why that is the case, let us start with a quick review of traditional network designs.
Traditional networks in London have a three-tiered design. The tiers are usually called Access, Distribution and Core, in order of distance from the end-user equipment (laptops, tablets, smartphones).
The access tier consists of low-cost, low-speed equipment which connects end-user equipment to the rest of the network.
The distribution tier consists of high-complexity switching equipment which does the routing and filtering of packets between sections of the access tier and bridges the access tier to the distribution tier.
Finally, the access tier consists of high-speed switching equipment, which provides a high-speed (and sometimes redundant) uplink for your network.
Passive optical networks take a radical approach to network design: they push most routing and filtering to the access and (to a smaller degree, if at all) core tiers, replace the distribution layer with a passive, essentially unpowered optical “hub/splitter” called an Optical Line Terminal (OLT), and push the handling of bulk data transfer between sections of the access tier to a core switch.
The OLT consolidates upstream traffic from the end devices over a single line to the ISP, and broadcasts downstream traffic from the ISP to all (or, in some cases, some) downstream devices, instead of sending each packet to the right device. Devices discard traffic not addressed to them and retain the one they need.
Downstream, access-tier devices are connected to the rest of the network using devices called Optical Network Terminals (ONTs) or Optical Network Units (ONUs). These devices convert between optical and electrical signals, optimise, and sometimes encrypt data (why encryption is needed will become apparent in a minute).
In terms of topology, then, a PON looks a lot like a traditional network – except that the complex, expensive and power-hungry switches in the middle layer are replaced with much simpler devices, and a larger portion of the network is cabled using fibre optic cables.
Astute (and nostalgic) readers may have already noticed that OLT is somewhat like a hub. They are not, strictly speaking, “dumb” hubs – they do implement a relevant subset of switch functionality, so that they can enable some types of traffic (such as multicast traffic, extensively used for IP video, VoIP, IoT and some security applications). However, they are significantly simpler – and cheaper – than traditional distribution switches.
This radical approach works well for campus and building networks, where much of the traffic between end user equipment (east-west) at the access tier has been replaced with traffic to the cloud or storage servers (north-south), which requires only minimal “global” intervention. Much of whatever east-west traffic is left is now constrained to self-contained office networks, in small-volume bursts. PONs have excellent performance for this type of traffic.
Distribution tier implements routing and filtering for access tier, and bridges the latter to the core tier. The core tier, the backbone of the network, provides high-speed connectivity. Distribution and core tiers can use redundant switches for higher reliability.
PON network design: the distribution tier uses simpler, passive equipment. A single port can service several (up to 32) devices. Filtering and routing have been mostly pushed to Core and Access tiers. Most of the links are fast, reliable fibre cables, rather than copper. Core tier and (rarely, but possibly) distribution tier can use additional devices for redundancy
The technology behind OLTs, ONTs and ONUs is not only cheaper but significantly simpler and more reliable than that of a typical high-performance L3 switch. They are easier to maintain and less likely to fail. When they do fail, they are easier to replace, since there is typically very little configuration to migrate.
So, when we say that PON networks are fast and reliable, how fast and reliable are we talking about?
Current technology standards split the landscape between EPON and GPON. Both are active and important standards.
Both use a technology called optical Wavelength Division Multiplexing (WDM) to allow multiple endpoints to connect (via individual fibre links) to a single fibre upstream, and work over distances of up to 20 kilometers.
As always, though, the devil is in the details. The two standards are not interchangeable, neither in practice nor in terms of equipment: they have different capabilities, and EPON and GPON devices aren’t interchangeable.
EPON (Ethernet PON) is essentially an implementation of Ethernet over PON. It can deliver 1 Gbit/s symmetrical bandwidth (with a version of it, called GE-EPON – not to be confused with GPON below – offering 1 Gbit/s for data and 250 Mbit/s for encoding). EPON equipment is typically cheaper than GPON equipment, and integrates well with traditional Gigabit Ethernet office equipment, making EPON a cost-effective solution for most typical networking applications.
GPON (Gigabit PON) allows for speeds of 1.25 Gbit/s or 2.5 Gbit/s downstream, and between 155 Mbit/s and 2.5 Gbit/s upstream, for each ONT/ONU. This high bandwidth capability is enhanced by excellent QoS support. Superficially, this looks like GPON is faster, and therefore just better. However, GPON suffers from a difficult technological baggage.
GPON was designed to support a number of technologies that are, by now, so out of date that mentioning them makes us feel nostalgic, such as ATM. The higher speeds often remain unused, since what sits downstream from an 1.25 Gbit/s ONT is often a 1 Gbit/s Ethernet link, and GPON does not support multicast.
This makes certain applications, such as IP video, more difficult to implement efficiently. Although things aren’t so black and white. Both standards, for example, have native support for a CATV overlay).
Finally, there is a compromise in terms of security. EPON uses an industry-standard, AES-based encryption system, which is cheap, efficient and well-supported. GPON also supports encryption, but only on downstream traffic (while EPON supports both upstream and downstream encryption), and based on a less popular technology.
A 10 Gbit/s PON standard known as XG-PON has also been adopted by the ITU (the same body that adopted GPON), but its use is largely constrained to FTTx applications.
Most London campus and building networks use EPON, but this does not mean that GPON is a poor technological solution. There are cases where it makes sense, especially for campus networks.
Furthermore, the cost analysis is far from trivial, too. For example, GPON equipment tends to be more expensive upfront than EPON equipment, but scaling it can be cheaper for certain types of traffic.
Ultimately, you should base your choice in an analysis of your traffic and bandwidth requirements, not industry trends.
This almost sounds too good to be true. Clearly, if hub-era technology were that good, there would have been no point to changing it – the whole industry cannot have been misguided.
Besides, it’s not like Ethernet networking equipment is a dying business. It forms the bulk of the revenue for established companies like Cisco, Juniper or Arista. Clearly, they couldn’t subsist on snake oil.
We weren’t misguided, and Cisco isn’t selling snake oil. PONs derive their better cost of ownership and reliability numbers from simplicity.
But this simplicity comes at the price of flexibility.
Traditional campus networks deal well with every kind of traffic (and, with minimal effort, can be adapted to situations where east-west traffic is abundant). Dealing with this kind of flexibility requires complex equipment, but it can cover all traffic profiles.
PONs cannot efficiently deal with any kind of traffic. They do happen to deal well with the type of traffic that campus and building networks are moving towards.
Historically, they only dealt well with FTTx traffic – but as companies in the UK and everywhere are moving towards cloud-driven working models, this traffic profile is becoming increasingly prevalent beyond the premises’ borders.
You may have already noticed an interesting problem, which we alluded to, but never discussed in detail so far. Without the distribution-tier switches, all switching is done at the core tier.
But then the OLT broadcasts data to all equipment downstream – so, in effect, all clients get each other’s data. This can’t be good for security, can it?
That’s why, for security-critical applications, data can be encrypted at the ONT. In effect, this makes each link somewhat like a VPN to the core switch. The encryption technology is of the same type and caliber as in commercial-grade VPNs, it’s just that the network isn’t exactly virtual.
In some types of networks, it is enough if downstream traffic is encrypted, which is what GPON does. These are campus networks where ONTs bridge entire, self-contained networks to the core network (or the OLT has native support for network segregation).
It is hard to scale this type of network, but it may be a good trade-off under some circumstances, especially when legacy equipment is involved.
In other cases, both upstream and downstream traffic needs to be encrypted. EPON natively supports this mode of operation, which also has the advantage that a malicious actor who intercepts traffic at the OLT cannot read any communication.
The introduction to this section makes it sound like PON security is somewhat of a trade-off, too, but that’s really not the case. PONs can be a significantly more secure solution than other networking technologies.
Fibre optic cables do not leak radio or electrical signals like copper cables do, and are harder to splice intrusively. Furthermore, the security model of ONTs was designed from the very beginning with the assumption that other ONTs on the network may be controlled by malicious users.
It would be too bold and too general a statement to say that the security model of PONs is superior to that of Ethernet networks. However, it has fewer edge cases to cover, and – assuming the hardware encryption at the ONTs isn’t broken – it is easier to implement a secure communication model over PON than over Ethernet, at least at the most basic level of the network stack.
Exact numbers are hard to give: they depend on traffic profile, already-installed equipment and so on. But in our experience, even upfront cost savings can get into the 20-40% under some circumstances, especially in scenarios such as:
Cost savings originate not only from cheaper equipment and cabling, but also from less obvious mechanisms. For example, PON connections to data centers can result in lower specialised cooling requirements and decreased power consumption.
Consolidating voice, data and video streams not only improves reliability, but also reduces installation time and costs, as well as overall lifecycle operation costs.
The equipment you need is not too surprising. You still need at least one core switch. You need one or more OLTs (the upper limit on port density for OLTs is in the 100-port region, but smaller models, with as little as 4 ports, also exist). And, of course, you will need a number of ONTs.
A single port on an OLT can serve several ONTs, using an optical splitter – typically up to 32, so a single OLT can deal with fairly large networks. And, of course, ONTs can be used to connect end devices directly, but also wireless access points or office routers, which allow you to contain east-west traffic and filter upstream traffic.
ONTs and OLTs add to the cost of equipment, and they are not strictly passive devices – they do need to be plugged into a power socket to work. But overall, and especially with EPON, the physical infrastructure may cost less, and be more power-efficient, than a typical Ethernet network.
Passive Optical Networking (PON) is an efficient, well-established technology that is making inroads in the campus and building networking space throughout the UK. Well-suited for the traffic profile of these networks, PONs are a simpler, more reliable, and often cheaper alternative to traditional network technologies.
PONs are not a universal solution, but companies whose traffic patterns are a good match for its structure and capabilities can save a great deal of time and money by using a PON for their campus network.
Not sure if PON is the right solution for you? Take a look at our installation services and book your FREE, no-obligations on-site survey with our specialists.