Switching Coordinator: An SDN Application for Flexible QKD-Networks

Abstract

A monitor and control framework for quantum-key-distribution (QKD) networks equipped with switching capabilities was developed. On the one hand, this framework provides real-time visibility into operational metrics. Specifically, it extracts essential data, such as the switching capabilities of QKD modules, the number of keys stored in buffer queues of the QKD links, and the respective key generation and consumption rates along these links. On the other hand, this framework allows software-defined networking (SDN) applications to operate on the collected information and address the cryptographic needs of the network. The SDN applications dynamically adapt the configuration of the switched network to align with its changing demands, e.g.,~prioritizing key availability on critical paths, responding to link failures, or reallocating generation capacity to prevent bottlenecks. This contribution demonstrates that the combination of switched QKD, centralized control, and global optimization strategies enables efficient, policy-driven operation of QKD networks. The cryptographic resources are allocated to maximize performance and resilience while remaining aligned with the specific policies set by network administrators.

Figures (8)

• Figure S1: Example hexagonal network with QKD modules interconnected through beam splitters (not necessarily a physically accurate depiction). QTX $A_{k}$ are QKD transmitters, and QRX $B_{l}$ are QKD receivers, $\lambda_{k}$ is the wavelength of the QKD signal of QTX $A_k$. Each receiver can see signals from multiple transmitters, represented with the plus symbol. By tuning the reception wavelength, a receiver can decide which transmitted signal it is detecting. Light gray arrows indicate unused ports of a beam splitter, dotted boxes the perimeter of a node.
• Figure S2: Graph derived from the network in Figure \ref{['fig:splitter network']} with abstract QKD links on the key forwarding layer. The nodes are transmitters or receivers, while the edges represent the abstract links, directed from a transmitter to a receiver.
• Figure S3: QKD-network abstractions: The key-service layer presents end-to-end keys (bold line) to key consumers; it handles access control and user prioritization. These end-to-end keys are generated with low delay on the key-forwarding layer based on keys taken from module-to-module link buffers along a key-forwarding route (bold line). The link buffers are continuously being filled by active physical links (bold lines) on the key generation layer. The set of active physical links changes on a comparatively slow time scale.
• Figure S4: SDN adaptation for QKD networks. The logically centralized SDN controller provides network views of the switching and key-forwarding capabilities of the distributed network elements to the SDN applications. According to a given policy, the SDN applications, e.g., the switching coordinator, provide decisions on how the SDN controller should configure the network elements. The communication between the different network elements within a (trusted) node and the SDN controller is typically channeled through an SDN agent in the node.
• Figure S5: The 22 useful network configurations of the hexagonal network from Figure \ref{['fig:splitter network']}. Configurations $\mathcal{C}_1$, $\mathcal{C}_2$, and $\mathcal{C}_3$ contain three physical links each. While these links are without supporting receivers, the remaining configurations contain a physical link that is boosted by one or two supporting receivers (dashed lines). Any other configuration is either a subset of a given configuration, e.g., $\{\mathrm{A1B1.1}\}\subset\mathcal{C}_1$, or the physical links in the configuration are subsets of the physical links of a given configuration, e.g., $\mathrm{A1B1.1}\subset\mathrm{A1B1.3}$ when comparing $\{\mathrm{A1B1.1}, \mathrm{A3B2.1}\}$ and $\mathcal{C}_6$.