Security control in DSL access network

Sean Donelan sean at
Tue Mar 28 11:18:06 UTC 2006

On Tue, 28 Mar 2006, Peter Dambier wrote:
> I cannot tell you wether this is a DSLAM or a BRX but I guess it is both
> in a single one box.

Not unless Germany is a very, very small country.  The Holy See and Monaco
might be small enough to serve the entire country from a DSLAM.  DSL is
distance sensitive.  If your country is bigger than about 5 km, you have
lots of DSLAMs.

You are confusing a BRAS (Broadband Remote Access Server) with a DSLAM
(DSL access multiplexer).  The DSL access network does not show up in an
IP traceroute. As I suggested before, please read the technical reports
available from the DSL forum <>.

A misleading diagram, but for the purpose of reference, a typical
user connection:


In reality, these are protocol stacks such as IP over PPP over ATM over
DSL, but it makes the ASCII artwork very confusing.

Understanding the security issues involved with just one of components
in the diagram is a challenge.  Finding people who understand the
security issues involved with ALL of the components in the diagram is
a huge challenge.  Usually you rely on people responsible for each
of the components are doing a good job at keeping their part of the
picture secure and working.

More information about the NANOG mailing list