GPON

Special Topic 8 GPON Terminal Authentication and Management

8 GPON Terminal Authentication and

Management

About This Chapter

GPON terminal authentication is a mechanism in which an OLT authenticates an ONU

according to the authentication information reported by the ONU and in this way denies
access to unauthorized ONUs. In the GPON system, only authenticated ONUs can access the
system. After the ONU passes authentication and goes online, data can be transmitted
between ONUs and the OLT.
8.1 GPON Terminal Authentication (ONU Is Not Preconfigured)
8.2 GPON Terminal Authentication (ONU Has Been Pre-configured)
8.3 GPON Terminal Management

8.1 GPON Terminal Authentication (ONU Is Not

Preconfigured)
Figure 8-1 shows the authentication process of an ONU that is not preconfigured.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 34

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Figure 8-1 Authentication process of an ONU that is not preconfigured

1. The OLT sends an serial number (SN) request to the ONU.

2. The ONU responds to the SN request message sent from the OLT.
3. Upon receiving the SN response from the ONU, the OLT assigns a temporary ONU ID
to the ONU.
4. After the ONU enters the operation state, the OLT sends a password request message to
the ONU. The ONU then responds with a password. The password is not configured on
the OLT.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 35

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

– If the automatic discovery function is not enabled on the PON port to which the
ONU is connected, the OLT sends a deregister message to the ONU. Upon
receiving this message, the ONU sends a register request message to the OLT.
– If the automatic discovery function is enabled on the PON port to which the ONU is
connected, the port reports an alarm to the command line interface (CLI) or network
management system (NMS), indicating that the ONU is automatically discovered.
The ONU can go online only after being confirmed.

8.2 GPON Terminal Authentication (ONU Has Been Pre-

configured)
A pre-configured ONU can be authenticated in three modes: SN, SN+password, and
password.

SN/SN+Password Authentication
In SN authentication, the OLT matches only the ONU SN. In SN+password authentication,
the OLT matches both the ONU SN and password. Figure 8-2 shows the authentication flow.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 36

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Figure 8-2 SN/SN+password authentication flow

NOTE
If an ONU is authenticated in SN mode, no password is required in the authentication process.

l After receiving an SN response message from an ONU, the OLT checks whether another
ONU with the same SN is online. If yes, the OLT reports an SN conflict alarm to the CLI
or NMS. If no, the OLT directly assigns a user-defined ONU ID to the ONU.
l After the ONU enters the operation state,
– For the ONU that is authenticated in SN mode, the OLT does not send a password
request message to this ONU. Instead, the OLT automatically configures a GEM
port that has the same ID as the ONU ID for the ONU for carrying OMCI messages,
and allows the ONU to go online. In addition, the OLT reports an ONU online
alarm to the CLI or NMS.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 37

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

– For the ONU that is authenticated in SN+password mode, the OLT sends a
password request to the ONU, and compares the password reported by the ONU
with the local password. If the two passwords are the same, the OLT directly
configures a GEM port for the ONU to carry OMCI messages, and allows the ONU
to go online. In addition, the OLT reports an ONU online alarm to the CLI or NMS.
If the two passwords are not the same, the OLT reports a password error alarm to
the CLI or NMS. The OLT does not report an ONU automatic discovery message
even if the ONU automatic discovery function is enabled on the PON port. Instead,
the OLT sends the Deactivate_ONU-ID PLOAM message to deregister the ONU.

Password Authentication
An ONU that uses password authentication is added to a PON port on an OLT in advance, and
then this ONU is connected to the PON port. In password authentication, if finding that the
SN or password of the ONU to be authenticated conflicts with that of an online ONU, the
OLT deregisters the ONU to be authenticated. This does not affect the online ONU. Password
authentication is available in two modes: once-on and always-on.

Figure 8-3 Initial ONU authentication in once-on mode

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 38

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

NOTE
During the authentication in always-on mode, the OLT does not need to record the SN of the ONU that
goes online for the first time.

Once-on Application Scenarios

A carrier allocates a password to a user and requires the user to go online within a specified
time. After going online, the user cannot change the ONU. To change the ONU, the user must
notify the carrier. In once-on mode, the aging time is configurable. After the aging time is set,
the ONU must register with the OLT and go online within the preset aging time. Otherwise,
the ONU is not allowed to register with the OLT or go online. Once the ONU is authenticated,
its SN cannot be changed.
In once-on mode,
l Only the initial authentication of an ONU is performed by password, as shown in Figure
8-3.
l In subsequent authentications, the ONU can be authenticated by SN or SN+password
according to the CLI configuration, as shown in Figure 8-2.

NOTE

In once-on mode, before the ONU registration times out or before the ONU successfully registers with
the OLT for the first time, the ONU discovery status is ON. Only the ONU whose discovery status is ON
is allowed to register with the OLT and go online. After the ONU registration times out or after the ONU
successfully registers with the OLT for the first time, the OLT sets the ONU discovery status to OFF.
l The ONU whose registration times out is not allowed to register with the OLT or go online. The
registration timeout flag of the ONU needs to be reset at the central office (CO), and then the ONU
can go online.
l An ONU that successfully registers for the first time is allowed to register and go online again.

Always-on Application Scenarios

The always-on mode applies to the following scenario: A carrier allocates a password to a
user, and the user can use different ONUs with this password and different SNs. The user can
change the ONU without informing the carrier. In always-on mode, there is no restriction on
the time when the user goes online.
l An ONU is authenticated by password when it goes online for the first time. After the
ONU passes the password authentication and goes online successfully, the OLT
generates an SN+password entry according to the SN and password of the ONU. Figure
8-3 shows the authentication process.
l The following scenarios are involved if it is not the first time that an ONU goes online:
– If the SN and password of the ONU are the same as the SN and password of the
ONU that successfully goes online for the first time, the ONU is authenticated by
SN+password. Figure 8-2 shows the authentication process.
– If the user replaces the ONU with an ONU that has the same password but a
different SN, the new ONU is authenticated by password. After this ONU passes
authentication and goes online successfully, the original SN+password entry is
updated. Figure 8-3 shows the authentication process.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 39

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

8.3 GPON Terminal Management

The ONUs in a GPON system are managed using physical layer OAM (PLOAM) messages
and OMCI messages.
PLOAM, defined in ITU-T Recommendation G.984.3, is used for exchanging management
and maintenance messages, such as DBA and DBRu messages, between the GPON physical
layer and TC layer.
GPON ONUs, including MDUs and ONTs, are managed using OMCI messages. The ONUs
are plug and play and support offline deployment and automatic service provisioning. For
details about OMCI management functions, see OMCI.
l OMCI messages are used for maintaining and managing service hierarchies, such as
discovering device hardware capabilities and configuring alarm maintenance and service
capabilities.
l OMCI enables ONUs to support offline configuration so that the ONUs do not need to
store configuration data locally, facilitating service provisioning.

MDU Management
Figure 8-4 shows the process of configuring a management channel for an MDU.

Figure 8-4 Process of configuring a management channel for an MDU

1. The NMS issues MDU inband management parameters to the OLT through the OLT
inband management channel.
2. The OLT configures the MDU inband management parameters and Simple Network
Management Protocol (SNMP) parameters through the OMCI or OAM channel to set up
the MDU inband management channel.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 40

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

3. The NMS issues service configuration data through the MDU inband management
channel. After the MDU inband management channel is set up, the NMS configures and
manages the MDU through the SNMP channel. In such a manner, the OLT only needs to
forward the MDU inband management data.

ONT Management
GPON terminals are managed using one of these protocols: optical network terminal
management and control interface (OMCI), Extensible Markup Language (XML), or
Technical Report 069 (TR069).
l The optical network terminal management and control interface (OMCI) protocol is
defined by ITU-T G.984.4, which applies to managing optical network terminals (ONTs)
in a GPON system. Huawei ONTs comply with OMCI. OMCI messages are transmitted
between an optical line terminal (OLT) and an ONT over a dedicated permanent virtual
channel (PVC) in asynchronous transfer mode (ATM) or a GPON encapsulation mode
(GEM) port. The OMCI protocol manages and provides O&M for the ONT.
l Extensible Markup Language (XML) is a text format used for message interaction
between devices. The iManager U2000 Unified Network Management System (U2000)
uses XML to manage ONTs in a Huawei FTTx system. XML is also a management
mode extended from OAM because not all voice and Layer 3 gateway services are
defined in the OAM.
l Technical Report 069 (TR069) is a network management protocol defined by the DSL
Forum. The full name of TR069 is CPE WAN Management Protocol (CWMP). CPE is
the acronym for customer premises equipment and WAN is the acronym for wide area
network. TR069 defines a new network management structure consisting of management
models, interaction interfaces, and basic management parameters. In the network
management structure, the management server functions as an Auto-Configuration
Server (ACS) and is responsible for managing the CPE. The ACS and CPE use
Hypertext Transfer Protocol (HTTP) to communicate with each other. The ACS serves as
an HTTP server and the CPE serves as a client. Management operations are implemented
using XML-based remote procedure call (RPC).
Optical network terminals (ONTs) are classified into three types: bridge type, bridge+voice
type, and gateway type.
l A bridge-type ONT provides Layer 2 data and multicast services.
l A bridge+voice-type ONT provides Layer 2 data, Layer 2 multicast services, and voice
over IP (VoIP) services.
l A gateway-type ONT provides Layer 3 data, Layer 3 multicast services, and VoIP
services.
Each different type of terminal management protocol has a unique service management scope.
Based on terminal types, provides three GPON terminal management solutions: OMCI,
OMCI+XML, and OMCI+TR069. The advantages and disadvantages of each solution as well
as the recommended solution for each type of ONT are listed at the end of this chapter.
l The OMCI protocol manages Layer 2 services, voice services and the PON link layer.
This protocol cannot manage Layer 3 services.
l The XML protocol manages Layer 3 services and voice services. Using OMCI+XML
enables you to manage Layer 2, voice, and Layer 3 services.
l The TR069 protocol manages Layer 3 services and voice services, and identifies remote
faults. When this protocol is used, OMCI is still used to manage Layer 2 services and the
PON link layer.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 41

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

OMCI
A standard optical network terminal management and control interface (OMCI) solution
enables you to manage optical network terminals (ONTs) supplied by different vendors in
diverse types of scenarios. An optical line terminal (OLT) and an ONT are closely coupled
with each other. If a new service requirement is not defined in the OMCI, a new OMCI entity
must be defined. An OMCI solution enables you to manage Layer 2 features and voice
services. The OLT communicates with the ONT in OMCI mode.
Figure 8-5 shows the general principles of the OMCI solution for U2000+OLT+ONT
deployment scenarios.

Figure 8-5 General principles of the OMCI solution

1. The Operations Support System (OSS) issues service configuration parameters to the
iManager U2000 Unified Network Management System (U2000) using the TL1
northbound interface (NBI).
2. The U2000 uses Simple Network Management Protocol (SNMP) to manage the OLT.
3. The OLT issues service configuration parameters to the ONT through an OMCI channel.

XML+OMCI
To overcome the limitations of the OMCI solution, Huawei provides a solution that combines
the XML protocol with the OMCI protocol. In the XML+OMCI solution, the U2000 uses
XML files transmitted over an IP channel to communicate with the OLT, and the OLT uses
XML files transmitted over an OMCI channel to communicate with the ONT. The OMCI
protocol manages Layer 2 services and the XML protocol manages Layer 3 and voice
services.
Figure 8-6 shows the general principles of the XML+OMCI solution for U2000+OLT+ONT
deployment scenarios.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 42

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Figure 8-6 General principles of the XML+OMCI solution

As part of the general principles, the U2000 uploads XML files to a File Transfer Protocol
(FTP)/Trivial File Transfer Protocol (TFTP)/Secure File Transfer Protocol (SFTP) server.
Then the OLT obtains the XML files from the FTP/TFTP/SFTP server and transparently
transmits the files to the ONT through the OMCI channel.
NOTE
SFTP loading is recommended to load a XML files for an ONT.

1. The OSS issues service configuration parameters to the U2000 using the TL1 NBI.
2. The U2000 converts service information to XML files and uploads the files to the FTP/
TFTP/SFTP server.
3. The U2000 issues ONT configuration update commands to the OLT and asks the OLT to
download the files.
4. The OLT obtains the XML files from the FTP/TFTP/SFTP server.
5. The OLT issues the XML files to the ONT through the OMCI channel.
6. The ONT returns execution results to the OLT using the OMCI entity.
7. The OLT reports the results to the U2000 in traps.
The XML+OMCI solution meets all requirements for configuring the ONT but configuration
files are transmitted in unidirectional mode. Due to this limitation, the configuration files only
implement service configurations and status performance management, but cannot provide
operation and maintenance (O&M) functions such as query of ONT status and configuration,
and test and diagnose functions. To overcome XML+OMCI limitations, Huawei provides
TR069 over OMCI. As a supplement to XML+OMCI, TR069 over OMCI is used for remote
O&M and fault identification. The U2000 can use TR069 to remotely maintain the ONT
without a dedicated TR069 server.
Figure 8-7 shows the general principles of the TR069 over OMCI solution for U2000+OLT
+ONT deployment scenarios.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 43

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Figure 8-7 General principles of the TR069 over OMCI solution

The solution manages configuration, performance, faults, and status of IP-based services by
applying the associated methods described in the TR069 solution to the OMCI solution. The
OLT and ONT transparently transmit data between each other.
1. The U2000 manages and maintains the ONT, and queries the ONT status. The U2000
encapsulates management, maintenance, and query data to character strings or binary
code streams in a specific format and sends them to the OLT through a management
information base (MIB) interface.
2. The OLT transparently transmits the character strings or binary code streams to the ONT
using an extended OMCI entity.
3. The ONT returns execution results to the OLT using the OMCI entity.
4. The OLT reports the results to the U2000 in traps.

OMCI+TR069
This solution allows an Auto-Configuration Server (ACS) to manage all the terminals on the
network, locate faults, provide services, and collect performance statistics. Based on SNMP
and TR069, this solution allows the ACS to manage home terminals in a unified manner,
reducing O&M costs. TR069 automatically implements ONT configuration, dynamically
provisions services, remotely locates faults, and rapidly collects terminal statistics.
Figure 8-8 shows the general principles of the OMCI+TR069 solution.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 44

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Figure 8-8 General principles of the OMCI+TR069 solution

This solution allows the U2000 to manage the OLT using SNMP, manage voice and Layer 3
services using TR069, and manage PON link layer using OMCI.
1. The OSS issues service configuration parameters to the U2000 using the TL1 NBI.
2. The U2000 manages the OLT using SNMP.
3. The OLT issues PON link layer configuration to the ONT using OMCI.
4. The ONT returns execution results to the OLT. Then the IP channel is set up.
5. The ONT registers with the ACS.
6. The ACS encapsulates user information in a TR069-compliant format and sends it to the
ONT through the IP channel. The user information includes operations, maintenance
items, and queries performed by a user. The IP channel is bidirectional.

Advantages and Disadvantages of the Terminal Management Solutions

Bridge type, bridge+voice type, and gateway type ONTs provide different types of services.
Therefore, different solutions are used to manage these ONTs. Table 8-1 lists the advantages
and disadvantages of each solution. Table 8-2 lists the recommended solution for each type of
ONT.

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 45

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Table 8-1 Advantages and disadvantages of each solution

Terminal Advantage Disadvantage
Management
Solution

OMCI l A unified interface is used l The OLT and ONT are closely
for ONT service coupled with on each other. New
management. services on the ONT require the
l The OLT and ONT OLT's support, adding to the
communicate with each other difficulty in deploying new
using OMCI-associated services.
standards. l The OMCI standard is not fully
l The ONT does not require a developed. If a new service
management IP address. requirement is not defined in the
OMCI, a new OMCI entity must
be defined.

OMCI+XML l The ONT does not require a l This is a Huawei's proprietary

management IP address. solution and cannot interact with
l The OLT and ONT are not devices from other vendors.
closely coupled with each l Voice and Layer 3 services cannot
other to certain extent. be configured using a command
l A unified management server on the OLT.
is used for swift service
deployment.

OMCI+TR069 An OLT version and an ONT l TR069 is based on the IP protocol

version are not bound to each and requires an extra IP
other. In other words, an OLT management network.
upgrade does not require an l Different interfaces are used to
ONT upgrade; the opposite is manage the ONT. The network
also true. management system (NMS)
TR069 provides an enhanced manages the link layer and the
definition and deployment ACS manages IP-based services.
scenario for the IP-based
customer premises equipment
(CPE) service management
model. Therefore, ONT vendors
can easily deploy new gateway
and voice services.

Table 8-2 Recommended solutions for each type of ONT

Terminal Type Optional Solution Recommended Solution

Bridge type OMCI OMCI

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 46

Copyright © Huawei Technologies Co., Ltd.
GPON
Special Topic 8 GPON Terminal Authentication and Management

Terminal Type Optional Solution Recommended Solution

Bridge+voice type OMCI+XML or OMCI OMCI+XML (NMS provisions

services)
OMCI (OLT is connected to the
third-party ONT)

Gateway type OMCI+XML or OMCI OMCI+TR069

+TR069

Issue 02 (2018-06-15) Huawei Proprietary and Confidential 47

Copyright © Huawei Technologies Co., Ltd.