[89592] in North American Network Operators' Group
Re: Security control in DSL access network
daemon@ATHENA.MIT.EDU (William Caban)
Mon Mar 27 18:36:06 2006
Date: Mon, 27 Mar 2006 19:35:16 -0500
From: William Caban <william.caban@netxar.com>
To: Christian Kuhtz <christian@kuhtz.com>
Cc: nanog@merit.edu
In-Reply-To: <3E7B8BB7-B162-472F-81AF-AF734E858276@kuhtz.com>
Errors-To: owner-nanog@merit.edu
Christian Kuhtz wrote:
> At the very least, you're making a big assumption here, and that is
> that there are no EMS in charge of managing configurations and no
> provisioning system to trigger and not triggering EMS configuration
> management. In effect, service provisioning doesn't exist in what
> you describe.
Being able to provision over point-and-clicks does not get away with the
rest of the configuration. I know you can do (depending on the EMS) a
certain types of security configurations. Personally, I haven't seen an
EMS capable of do a very good hardening of the configurations of DSLAMs
and CMTS's.
> Btw, if you don't mind, please point out to me a large scale
> deployment that actually has 10's of thousands of live customers on a
> single DSLAM or which DSLAM you propose this is even physically
> possible, as well as anticipated engineered bit rates for such a
> deployment.
1) Point out? I know but I can't. This is a public list and I would get
fired if I discuss in public anything from a client with name. But
believe me when I say _it does_ exist.
2) Well with a over subscription you can do it on the Junipers E Series
(and I've seen it).
It is on the technical docs of the ESeries but you can also see it in
this URL: (http://www.thinkjuniper.net/isp/information.asp?page=239)
3) It is not a configuration I will ever recommend; but sometimes due to
budget restrictions of what a provider set to spend for the servicing of
a location, the provisioning division just "make it work" doing this.
-W
