North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security control in DSL access network

  • From: Christian Kuhtz
  • Date: Mon Mar 27 08:20:47 2006

Maybe you're just baiting trolls, and granted, I haven't had my coffee yet. But let's try to be perfectly straight up here. At the very least, you're making a big assumption here, and that is that there are no EMS in charge of managing configurations and no provisioning system to trigger and not triggering EMS configuration management. In effect, service provisioning doesn't exist in what you describe.

While OSS in carrier settings often -- put politely -- leave a lot to be desired, that is -- politely put -- a bit absurd. That would seem to be a very flawed at scale when you're talking 10's of thousands of DSLAMs, not to mention that it is really not matching reality in a carrier setting (rather than small time provider or other type of hack). There may have been periods in the past where that was true, but it is certainly not state of the art during any period of the recent past. This type of provisioning actually has been around as flow through provisioning for a while, and the flow specifically touches the port a customer would be provisioned on. The day this functionality arrived seems to generally have coincided within a relatively short period around offering variable DSL sync speeds, and it would simply be a business necessity for offering such service variants. Quite frankly, in such a world, anything more than a field crew making the device available to NMS is total overkill and a waste of time, multiplied by 10K's of DSLAMs, for a few actually provisioned customers.

Btw, if you don't mind, please point out to me a large scale deployment that actually has 10's of thousands of live customers on a single DSLAM or which DSLAM you propose this is even physically possible, as well as anticipated engineered bit rates for such a deployment.

Best regards,

On Mar 27, 2006, at 8:21 AM, William Caban wrote:

I could add that many of the implementations are done using "professional services" of whoever the manufacturer of the DSLAM is and it is a very simple and weak configuration. They make sure it works and thats it. No attention is given to security or performance in any form. Now, I should also mention that the reason for this is that the providers usually only pay for this basic configuration and think or assume they can do the rest. The problem is that a DSLAM configuration can become so huge once the service start rolling that it is hard for any one to go back a fix the configurations because of the impact it may have to the clients. It is not impossible to fix, it will just have an impact to all the clients arriving to the same DSLAM and this can be counted in tens of thousands of clients. So the solution is to do it right from the beginning.


Sean Donelan wrote:
On Sun, 26 Mar 2006, Joe Shen wrote:

Is there any books or papers on carrier level DSL
access network and LAN access network?  Specifically,
it should analysis the futures of DSL network and
security problems in DSL networks.

You probably want to start with the DSL Forum <http://>
After you get through their technical reports you should be very confused.

A problem you will discover is often the DSL folks don't think they
have any security problems. That all the security issues are with IP
and the ISP.

William Caban-Babilonia
Senior Network & System Consultant
Mobil: 787 378-7602