Re: Security control in DSL access network

[Christian Kuhtz]

Maybe you're just baiting trolls, and granted, I haven't had my  
coffee yet. But let's try to be perfectly straight up here.  At the  
very least, you're making a big assumption here, and that is that  
there are no EMS in charge of managing configurations and no  
provisioning system to trigger and not triggering EMS configuration  
management.   In effect, service provisioning doesn't exist in what  
you describe.

While OSS in carrier settings often -- put politely -- leave a lot to  
be desired, that is -- politely put -- a bit absurd.  That would seem  
to be a very flawed at scale when you're talking 10's of thousands of  
DSLAMs, not to mention that it is really not matching reality in a  
carrier setting (rather than small time provider or other type of  
hack).  There may have been periods in the past where that was true,  
but it is certainly not state of the art during any period of the  
recent past.  This type of provisioning actually has been around as  
flow through provisioning for a while, and the flow specifically  
touches the port a customer would be provisioned on.  The day this  
functionality arrived seems to generally have coincided within a  
relatively short period around offering variable DSL sync speeds, and  
it would simply be a business necessity for offering such service  
variants.  Quite frankly, in such a world, anything more than a field  
crew making the device available to NMS is total overkill and a waste  
of time, multiplied by 10K's of DSLAMs, for a few actually  
provisioned customers.

Btw, if you don't mind, please point out to me a large scale  
deployment that actually has 10's of thousands of live customers on a  
single DSLAM or which DSLAM you propose this is even physically  
possible, as well as anticipated engineered bit rates for such a  
deployment.

Best regards,
Christian



On Mar 27, 2006, at 8:21 AM, William Caban wrote:

> I could add that many of the implementations are done using  
> "professional services" of whoever the manufacturer of the DSLAM is  
> and it is a very simple and weak configuration. They make sure it  
> works and thats it. No attention is given to security or  
> performance in any form. Now, I should also mention that the reason  
> for this is that the providers usually only pay for this basic  
> configuration and think or assume they can do the rest. The problem  
> is that a DSLAM configuration can become so huge once the service  
> start rolling that it is hard for any one to go back a fix the  
> configurations because of the impact it may have to the clients. It  
> is not impossible to fix, it will just have an impact to all the  
> clients arriving to the same DSLAM and this can be counted in tens  
> of thousands of clients. So the solution is to do it right from the  
> beginning.
>
> -W
>
> Sean Donelan wrote:
> > On Sun, 26 Mar 2006, Joe Shen wrote:
> >
> > > Is there any books or papers on carrier level DSL
> > > access network and LAN access network?  Specifically,
> > > it should analysis the futures of DSL network and
> > > security problems in DSL networks.
> > You probably want to start with the DSL Forum <http:// 
> > www.dslforum.org/>
> > After you get through their technical reports you should be very  
> > confused.
> >
> > A problem you will discover is often the DSL folks don't think they
> > have any security problems.  That all the security issues are with IP
> > and the ISP.
> --
> William Caban-Babilonia
> Senior Network & System Consultant
> Mobil: 787 378-7602