Security control in DSL access network

William Caban william.caban at
Tue Mar 28 00:35:16 UTC 2006

Christian Kuhtz wrote:
> At the very least, you're making a big assumption here, and that is 
> that there are no EMS in charge of managing configurations and no 
> provisioning system to trigger and not triggering EMS configuration 
> management.   In effect, service provisioning doesn't exist in what 
> you describe.
Being able to provision over point-and-clicks does not get away with the 
rest of the configuration. I know you can do  (depending on the EMS) a 
certain types of security configurations. Personally, I haven't seen an 
EMS capable of do a very good hardening of the configurations of DSLAMs 
and CMTS's.

> Btw, if you don't mind, please point out to me a large scale 
> deployment that actually has 10's of thousands of live customers on a 
> single DSLAM or which DSLAM you propose this is even physically 
> possible, as well as anticipated engineered bit rates for such a 
> deployment.
1) Point out? I know but I can't. This is a public list and I would get 
fired if I discuss in public anything from a client with name. But 
believe me when I say _it does_ exist.
2) Well with a over subscription you can do it on the Junipers E Series 
(and I've seen it).
It is on the technical docs of the ESeries but you can also see it in 
this URL: (
3) It is not a configuration I will ever recommend; but sometimes due to 
budget restrictions of what a provider set to spend for the servicing of 
a location, the provisioning division just "make it work" doing this.


More information about the NANOG mailing list