AN ALGORITHMIC FRAMEWORK FOR PROTECTION SWITCHING IN
WDM NETWORKS

Kayi Lee Kai-Yeung (Sunny) Siu
1

Massachusetts Institute of Technology Raza Foundries, Inc.



Abstract

In a WDM network, a single component failure may lead to multiple failures in the logical topology.
Protection switching schemes that adopt traditional edge-disjoint or node-disjoint path-selection
algorithms may not be able to protect the active connections properly. In this paper, we generalize the
disjoint path problem by providing a framework that can model arbitrary types of failures, so that a
solution to the problem can be applied to protection switching in WDM networks. We prove the
necessary and sufficient condition for the existence of disjoint paths that are free from simultaneous
disruption by a single failure. The necessary and sufficient condition suggests a way to find such disjoint
paths. Based on the result, we formulate an integer linear program (ILP) that finds the disjoint paths.


1. Introduction

Protection switching is a mechanism designed for providing reliable connection-oriented services
resilient to network failures. With protection switching, a network provisions a working path and a
protection path between the source and destination when a connection request is initiated. The working
and protection paths are routed in the network such that any network failure would affect at most one of
the paths. In a normal situation, the source/destination pair of a connection communicate over the
working path. However, when there is a network failure breaking the working path, the source and
destination can immediately switch their communication channel to the protection path, so that

transmission of data will not be disrupted by the network failure. Figure 1 illustrates the concept of
protection switching. Under normal conditions, the nodes A and B communicate via the working path. In
the case of a link failure, the working path is broken. As a result of protection switching, the two end
nodes switch to the protection path to communicate. From the perspective of the end users, the link failure
is invisible to them as long as the switching is fast enough.










Figure 1: Protection Switching


1
K Y. Siu is currently on leave from MIT.
Working path

Protection path

A

B


In practice, there are different ways to implement protection switching. For example, the source

node may transmit data over the working and protection paths simultaneously. The destination node will
try to retrieve the data from the working path. In the case of a failure on the working path, the destination
node will detect the loss of connection and switch to the protection path for the data. This is usually called
1+1 protection. On the other hand, the source may only transmit data along the working path, but not the
protection path, during normal operation of the network. When a failure breaks the working path, the
destination node will detect the failure and signal the source node to switch to the protection path. Since
the protection path is not normally used, the bandwidth along the protection path can be shared with other
protection paths [2, 3, 4]. The latter implementation, typically referred to as shared protection, is more
bandwidth efficient but requires a more complicated signaling protocol. The actual implementation
adopted for protection switching is outside the scope of this paper. For more previous work about
protection switching in optical networks, please refer to [2-8, 13, 14].

This paper focuses on the routing issue for protection switching. In particular, we study the
problem of finding a pair of disjoint paths in the network, so that a single failure on a network will disrupt
at most one of the paths. A special case of this general disjoint path problem has been widely studied in
the literature, which mostly focused on link failures. This gives rise to an interesting problem of finding
edge-disjoint paths in the network. Two paths are edge-disjoint if they do not share any edge. Similarly,
node failures in a network have also been considered, which results in a similar problem of finding node-
disjoint paths. In a network where single node or link failure is the primary concern, node-disjoint or
edge-disjoint paths between the source and destination can serve well as the working and protection paths
for the purpose of protection switching. Fast algorithms have been designed to find node and edge disjoint
paths [9-12, 15-18].

However, in WDM networks [20], diverse routing of working and protection paths can be more
complicated. For a WDM network, traffic is routed on a logical topology, which is formed by establishing
lightpaths over the physical network [21]. A single failure of an optical component, however, may result
in a number of lightpaths failing simultaneously. In an example of a fiber cut, all the lightpaths that
traverse the fiber will be broken. Figure 2 and 3 give a simple example illustrating the problem. Figure 2
illustrates the physical topology of a WDM network that supports 2 wavelengths. Lightpaths are
established and routed on the physical topology using the 2 wavelengths. In Figure 3, the corresponding

logical topology formed by the lightpaths is illustrated. Note that between nodes A and F, there are 2
edge-disjoint paths A-C-F and A-D-E-F on the logical topology. Now consider a failure at the physical
link C-D. Since there are two lightpaths A-C and D-E traversing the link, they will be broken on the
logical topology at the same time. As a result, multiple failures on the logical topology occur even if only
a single component fails, and the two edge-disjoint paths are broken simultaneously. Therefore, routing
algorithms based on the assumption of single node/edge failure are not particularly useful in WDM
logical networks. In addition, sometimes it may be necessary to consider other failure events in addition
to a single node or link failure, such as a power outage in a region that causes multiple nodes to break
down. It is difficult to augment such specially designed algorithms to accommodate the more general
problem.

In this paper, we consider a unified framework for the disjoint path problem, where arbitrary
failure events can be modeled as input parameters. In particular, the assumptions about the single node
and single edge failure can be easily captured in the framework as special cases. The framework is closely
tied to the concept of “shared risk link group” (SRLG) proposed in the IETF IP-over-WDM standard [1].
Within this framework, we prove the necessary and sufficient condition for the existence of a pair of paths
that are free from simultaneous disruption by a single failure. This necessary and sufficient
condition suggests a way to find such disjoint paths. Based on this result, we present an integer linear
program (ILP) formulation to find disjoint paths.














Figure 2: Physical topology with lightpath connections










Figure 3: Logical topology and the broken logical links


The paper is organized as follows. In Section 2, we describe the framework and formulate the
disjoint path problem as a graph problem. Section 3 discusses some of the most related work to our
problem and points out the contribution of our work. In Section 4, we present some graph theoretic results
related to the disjoint path problem and, in particular, state the necessary and sufficient condition for a
pair of disjoint paths to exist. We also discuss how this result may lead us to algorithms for finding the
disjoint paths. In Section 5, we formulate the disjoint path problem as an optimization problem, and
present an integer linear program to solve it. Section 6 concludes the paper and suggests some future
work.


2. Problem Formulation

We are interested in finding a pair of disjoint paths, that is, a pair of paths that are not vulnerable
to a common failure. We describe a framework that captures arbitrary types of failure events and

formulate the disjoint path problem as a graph problem. We first describe the input parameters of the
framework, and then define the disjoint path problem.

The logical topology of the network is modeled by an undirected graph G=(V, E), where V is the
set of nodes and E is the set of edges. The input parameters consist of a pair of source and destination
E

B

C

F

E

D

A

Lightpaths

λ
1

λ
2

C

F


B

D

A

nodes (s, t), where s and t are nodes in V, and a family of edge-sets F = {S
1
, S
2
, … S
k
} that models the
failure events. Each S
i
is a subset of E and corresponds a single failure event. Specifically, each S
i

contains the set of edges in the graph G that are affected by the failure. For example, if S
i
corresponds to a
fiber cut in a WDM network, then S
i
will contain all the lightpaths on the logical topology that traverse
the fiber. By assuming each S
i
to be arbitrary, we allow a very general framework to model different types
of failures.


Let P be a path in the graph and let S
i
be an edge-set. The path P hits the set S
i
if P contains an
edge in S
i
. Also, given a family of failure events F = {S
1
, S
2
, … S
k
}, two paths are F-disjoint if they do
not hit a common edge-set in F. Given the above definitions, the disjoint path problem is formulated as
finding a pair of F-disjoint paths between nodes s and t, given the input parameters.

We note that this framework can easily capture the node-disjoint and edge-disjoint paths
problems, by defining F in different ways. For example, if each S
i
in F contains exactly one edge in G
such that each edge in the graph is represented by a set in F, the problem is reduced to finding a pair of
edge-disjoint paths. On the other hand, if each S
i
corresponds to a node v in the graph and contains all the
edges adjacent to the node v, the problem is reduced to finding a pair of node-disjoint paths.

Before we proceed, we first define some notions for the framework. Most of these definitions are
extensions from classical graph theory, with the family of failure events F incorporated into the
notions.


1. F-disjoint paths: As defined above, two paths are F-disjoint if they do not hit a common
edge-set in F.

2. F-biconnectivity: A graph G with a family of failure events F is F-biconnected if
removing any edge-set in F from the graph G does not disconnect G.
Note that this generalizes the notions of node-biconnectivity and edge-
biconnectivity in graph theory.

3. Cut Set: A set of edges is a cut set for a graph if removal of the edges makes the
graph disconnected. Similarly, a family of edge-sets F = {S
1
, S
2
, … S
k
}
is a cut set if

F∈ S
i
i
S is a cut set.

4. s-t Cut: A set of edges is an s-t cut for a node pair (s, t) if removal of the edges
disconnects s and t in the graph. Similarly, a family of edge-sets F =
{S
1
, S
2

, … S
k
} is an s-t cut if

F∈ S
i
i
S is an s-t cut.

5. Minimal s-t Cut: A family of edge-sets F is a minimal s-t cut if it is an s-t cut and any
proper sub-family of F is not.



3. Related Work

The complexity of the disjoint path problem formulated in the previous section remains to be an
open question. To the best of our knowledge there is neither a proof of NP-completeness nor a polynomial
time algorithm that solves the problem. In the paper of Bhandari [9] and subsequently the book written by
the same author [11], the same problem presented in a different setting was tackled. In [11], it was
suggested that this general problem is very complicated and believed to be NP-complete. However, a
formal proof was not given. As a result, in [11] an algorithm that enumerates all the feasible disjoint paths
exhaustively was proposed. In [11, 12], heuristic algorithms were presented.

The problem of survivable routing of logical topologies, studied by Armitage et al [13] and
Modiano et al [14], is closely related to our problem. A survivable routing of a given logical topology is
an embedding (that is, a routing of every lightpmath on the logical network over the physical topology,)
of the logical topology over a given physical topology, so that a failure of any physical link does not
disconnect the logical network (we call this the connectivity requirement). In [13], the authors proposed
an algorithm minimizing the number of disconnected node pairs on the logical topology upon a single

physical link failure. In [14], the authors proved the necessary and sufficient condition for a routing to be
survivable, and formulated the problem as an integer linear program, the solution of which represents a
survivable routing of the logical network over the physical topology. However, the connectivity
requirement considered in the problem in [13, 14] only enables an alternate path to be discovered after a
failure occurs (known as restoration in the literature). For mission-critical services that require traffic
switch to the protection path instantaneously when a failure occurs, it is necessary to predetermine the
protection path a priori, independent of the type of failure that may affect the working path, so that the
end nodes can switch to the protection path without further path computation. As we will show in the
following section, the connectivity requirement is not sufficient to guarantee the existence of such a
predetermined protection path. In fact, a more stringent requirement on the logical network is needed. We
will state the requirement precisely in the following section.


4. Some Graph Theoretic Results

Efficient algorithms for finding node-disjoint and edge-disjoint paths can be designed based on
the famous Menger’s Theorem [19], a version of which states that a pair of node/edge-disjoint paths exist
between the node pair (s, t) if and only if removing any node/edge in the network does not disconnect the
nodes, that is, the node pair is node/edge-biconnected.

It is tempting to generalize Menger’s Theorem to our framework and then apply the similar
techniques used in existing algorithms for finding node/edge-disjoint paths. A natural conjecture for the
generalized Menger’s Theorem would be that there exists a pair of F-disjoint paths between two nodes in
the graph G if and only if the two nodes are F-biconnected. This is not true, however, as illustrated in the
Figure 4. In Figure 4, a connection request is to be established between s and t. Consider the case where
the family of failure events F is
{{a, b}, {b, c}, {a, c}}. Even though removing any of the edge-sets
from the graph does not disconnect the pair of nodes, it is impossible to find a pair of F disjoint paths
connecting s and t, since any s-t path in the graph hits two of the three edge-sets. Therefore, even if a
logical network remains connected upon a single failure, it cannot guarantee a predetermined protection

path for the working path. A more stringent condition on the logical network is required to provide such a
guarantee.

The necessary and sufficient condition for the existence of F-disjoint paths on a network is stated
in Theorem 1. Before we proceed, we assume that the family of edge-sets F is a cut set. This assumption
is justified for the following reason: If F is not a cut set, then there is an s-t path in the graph that does not
hit any of the edge-sets in F at all. In other words, this particular path is not vulnerable to any failures,
and it is not necessary to find a protection path for it.



a




b



c


Figure 4: A network with the failure event descriptions



Theorem 1
Given an undirected graph G=(V, E), a pair of nodes (s ,t) and a family F of subsets of E, there is a pair
of F-disjoint paths between s and t if and only if F can be partitioned into two non-empty sub-families F

1
and F
2
, such that none of them is an s-t cut.

Proof
Suppose F can be partitioned into F
1
and F
2
such that none of them is an s-t cut. Then we can
find a pair of F-

disjoint paths connecting the two nodes, in the following way: First, remove all the edges
in F
1
from the graph G. Since F
1
does not cut s and t, there is a path between s and t in the resulting graph.
Let this path be P
1
. By the way P
1
is constructed, it does not hit any set in F
1
. Now we remove all the
edges in F
2
from G and let a path connecting s and t in the resulting graph be P
2

. This path does not hit
any edge-set in F
2
. As a result, P
1
and P
2
are F-

disjoint.

On the other hand, suppose there is a pair of F-disjoint paths between s and t, namely P
1
and
P
2
. Let F
1
be the sub-family of edge-sets hit by P
1
and set F
2
= F \F
1
. Then F
1
and F
2
form a partition of
F. Also, note that both F

1
and F
2
are non-empty, since otherwise this would imply that F is not a cut set,
contradicting our assumption.

Now we prove that none of F
1
and F
2
is an s-t cut. First, by the way F
1
and F
2
are constructed, the
path P
1
does not hit any sets in F
2
. Therefore, if all the edges in F
2
are removed from the graph, the path
P
1
still remains in the graph. Therefore, F
2
is not an s-t cut. In addition, since P
1
and P
2

are F-disjoint, P
2

does not hit any set in F
1
. Therefore, the path P
2
will remain in the graph if all the edges in F
1
are
removed. Therefore, F
1
is not an s-t cut either. 

From the proof of Theorem 1, once we find a partition for the family F, obtaining a pair of F-
disjoint paths is straightforward. This suggests a way of finding F-disjoint paths between a pair of nodes.
In particular, the disjoint path problem is reduced to the problem of partitioning F into two non-cut sub-
families. In the next section, this partitioning problem is reconsidered as an optimization problem, which
will be formulated as an integer linear program.
t



s

Failure Events

Event 1

Event 2


Event 3


5. An Integer Linear Program Formulation

In the case where a pair of F-disjoint paths cannot be found in the network, it is still desirable to
find a pair of paths that are the least likely to be both affected by a single failure. This can be formulated
as an optimization problem, where the objective function is the number of common failures that the two
paths are vulnerable to. If each failure event is given a certain weight that captures its likelihood, the
objective would be to minimize the total weight of the common failures.

Equivalently, we can reformulate the partitioning problem to achieve the same objective.
Assuming each edge-set in the family F is weighted, the reformulated problem would be partitioning the
family of edge-sets F into 3 sub-families F
1
, F
2
and F
3
, such that neither F
1
nor F
2
are cut sets. The
objective is to minimize the total weight of the elements in F
3
. The reasoning of the formulation can be
explained as follows. If F
1

is not a cut set, then we can find a path P
1
in the graph without the edges in F
1
.
Potentially, P
1
may hit the sets in F
2
and F
3
. Similarly, with the edges in F
2
removed from the graph, we
can find a path P
2
that potentially hits the sets only in F
1
and F
3
. As a result, F
3
contains the edge-sets
corresponding to failures that are potentially disruptive to both paths. Therefore, the objective of
minimizing the weight of F
3
helps to reduce the likelihood that two paths are disrupted by a single failure.

To formulate the partitioning problem as an integer linear program, we create 3 variables x
i

, y
i
, z
i

for each edge-set S
i
in F. These variables take the values of 0 or 1 indicating whether the set S
i
belongs to
partition F
1
, F
2
or F
3
. Given that the weight of each set S
i
is w
i
, the integer program can be formulated as
follows:


Min
ii
zw




s.t. 1|| −≤

∈
C
C
i
S
i
x

∀
minimal s-t cut C

1||
−≤

∈
C
C
i
S
i
y

∀
minimal s-t cut C

x
i
+y

i
+z
i
=1
∀
S
i

∈
F

x
i
, y
i
, z
i

∈
{0, 1}


A solution given by the integer program determines how the family F

should be partitioned. If
x
i
=1, the edge-set S
i
belongs to F

1
. If y
i
=1, the edge-set S
i
belongs to F
2
. Similarly, if z
i
=1, the edge-set S
i

belongs to F
3
.

In the integer program formulation, the first two sets of constraints make sure that neither F
1
nor
F
2

contains a minimal s-t cut. This implies none of the sub-families F
1
and F
2
are s-t cuts. The third
constraint requires that each edge-set S
i
belong to exactly one of the three sub-families. In other words,

the constraint ensures a partitioning of F. The objective of the integer program is to minimize the total
weight of edge-sets in F
3
. Therefore, by solving this ILP, we can find a pair of s-t paths that are the least
likely to be disrupted by a single failure.


6. Conclusion and Future Work

We describe a framework for the general disjoint path problem. The general framework allows us
to model arbitrary types of failure events by capturing them as input parameters. We show that this
generalization from the traditional node/edge-disjoint paths problem is non-trivial, and may make the
disjoint path problem considerably harder. We also prove a necessary and sufficient condition for the
logical network under which a pair of disjoint paths can be found. This necessary and sufficient condition
is useful in two ways: First, it helps us look at the problem in a different way and reduces the disjoint path
problem to a set partitioning problem, for which an integer linear program is formulated. Second, the
necessary and sufficient condition describes a requirement for the design of a logical network that
supports protection switching. Such a requirement sets an important guideline for routing lightpaths on
the physical network.

There are a number of interesting problems related to our work. First, design and performance
study of heuristic or approximation algorithms for the disjoint path problem would be useful when
solving the integer linear program is considered impractical. Second, our work has only considered
protection switching for a single connection on the logical topology. A natural extension of the problem is
to consider multiple connections, in which case the capacity of the logical links would become an issue if
they can be shared by several connections. Finally, the survivable routing problem studied in [13, 14] can
be reconsidered, with the notion survivable routing defined differently. Instead of routing the lightpaths
such that the logical network remains connected upon a single link failure, lightpaths should be routed in
a way that satisfies the necessary and sufficient condition presented in this paper. In that case, the logical
network created is able to support protection switching.



References

[1] R. Doverspike and J. Yates, “Challenges for MPLS in optical network restoration,” IEEE
Communications Magazine, vol. 39, no. 2, pp.89-96, February 2001.

[2] S. Ramamurthy and B. Mukherjee, “Survivable WDM mesh networks, part I – protection,” in
Proceedings of IEEE INFOCOM ’99.

[3] S. Ramamurthy and B. Mukherjee, “Survivable WDM mesh networks, part II – restoration,” in
Proceedings of the IEEE International Conference on Communications, 1999.

[4] G. Sahin and M. Azizoglu, “Optical layer survivability: single service class case,” in Proceedings
of Opticomm 2000.

[5] M. Alanyali and E. Ayanoglu, “Provisioning algorithms for WDM optical networks,” in
Proceedings of IEEE INFOCOM ’98.

[6] S. Lumetta and M. Medard, “Towards a deeper understanding of link restoration algorithms for
mesh networks,” in Proceedings of IEEE INFOCOM ’01.

[7] R. Barry, S. Finn and M. Medard, “WDM loop-back in mesh networks,” in Proceedings of IEEE
INFOCOM ’99.
[8] T. Wu, Fiber Network Service Survivability, Artech House, 1992.

[9] R. Bhandari, “Optimal diverse routing in telecommunication fiber networks,” in Proceedings of
IEEE INFOCOM ’94.

[10] R. Bhandari, “Optimal physical diversity algorithms and survivable networks”, in Proceedings of

IEEE Symposium on Computers and Communication, 1997.

[11] R. Bhandari, Survivable Networks: Algorithms for Diverse Routing, Kluwer Academic Publishers,
1999.

[12] S. Shaikh, “Span-disjoint paths for physical diversity in networks,” in Proceedings of IEEE
Symposium on Computers and Communications, 1995.

[13] J. Armitage, O. Crochat and J Y. Le Boudec, “Design of a survivable WDM photonic network,” in
Proceedings of IEEE INFOCOM ’97.

[14] E. Modiano and A. Narula-Tam, “Survivable routing of logical topologies in WDM networks,” in
Proceedings of IEEE INFOCOM ’01.

[15] J. Suurballe, “Disjoint paths in a network,” Networks, vol. 4, 1974, pp. 125-145.

[16] J. Suurballe and R. Tarjan, “A quick method for finding shortest pairs of disjoint paths,” Networks,
vol. 14, 1984, pp.325-336.
[17] D. Sidhu, R. Nair and S. Abdallah, “Finding disjoint paths in networks,” in Proceedings of the
conference on Communications architecture and protocols, SIGCOMM ’91.

[18] R. Ogier and N. Shacham, “A distributed algorithm for finding shortest pairs of disjoint paths,” in
Proceedings of IEEE INFOCOM ’89.

[19] R. Diestel, Graph Theory, Springer-Verlag, 2000, pp.50-55.

[20] R. Ramaswami and K. Sivarajan, Optical Networks: A Practical Perspective, Morgan Kaufmann
Publishers, 1998.

[21] R. Ramaswami and K. Sivarajan, “Design of logical topologies for wavelength-routed optical

networks,” IEEE JSAC/JLT Special Issue on Optical Networks, vol. 14, no. 5, June 1996.