Security control in DSL access network
William Caban
william.caban at netxar.com
Tue Mar 28 00:35:16 UTC 2006
Christian Kuhtz wrote:
> At the very least, you're making a big assumption here, and that is
> that there are no EMS in charge of managing configurations and no
> provisioning system to trigger and not triggering EMS configuration
> management. In effect, service provisioning doesn't exist in what
> you describe.
Being able to provision over point-and-clicks does not get away with the
rest of the configuration. I know you can do (depending on the EMS) a
certain types of security configurations. Personally, I haven't seen an
EMS capable of do a very good hardening of the configurations of DSLAMs
and CMTS's.
> Btw, if you don't mind, please point out to me a large scale
> deployment that actually has 10's of thousands of live customers on a
> single DSLAM or which DSLAM you propose this is even physically
> possible, as well as anticipated engineered bit rates for such a
> deployment.
1) Point out? I know but I can't. This is a public list and I would get
fired if I discuss in public anything from a client with name. But
believe me when I say _it does_ exist.
2) Well with a over subscription you can do it on the Junipers E Series
(and I've seen it).
It is on the technical docs of the ESeries but you can also see it in
this URL: (http://www.thinkjuniper.net/isp/information.asp?page=239)
3) It is not a configuration I will ever recommend; but sometimes due to
budget restrictions of what a provider set to spend for the servicing of
a location, the provisioning division just "make it work" doing this.
-W
More information about the NANOG
mailing list