OTN Encryption at Layer 1

The Optical Transport Network (OTN), as described by the International Telecommunications Union-Telecom (ITU-T) in G.872.5, is the bitstream layer of the network between two hops. ITU-T G.709 defines the network interface. A G.709 frame consists of three elements: The overhead, the payload, and the error correction.

 

The Layer 2 frames are OTN payload, so the encryption of the OTN payload encrypts the complete Layer 2 frame.
Most Layer 1 encryptors do not fully and many not at all support authenticated encryption as they work in cut-through mode and thus have limitations in terms of replay and integrity protection. The reason the lack of proper authentication is the complexity of integrating the necessary elements into the limited space available. At higher network layers, full authentication  and integrity protection can be implemented more easily because sufficient space is available and store-and-forward mechanisms are supported. In "cut-through"-mode, neither authentity nor integrity can be verifeid before the first parts of the frame are passed on.

The International Telecommunication Union (ITU) is responsible for the OTN standards. There is currently no official encryption standard.