Learn how to manage IP Broadband Access networks at the telecom level

Broadband access networks are still commonly used. So I studied the telecom-level management of IP Broadband Access networks. Here I will share it with you, hoping it will be useful to you. Ethernet was originally designed for internal applications of Local Area Network enterprises and enterprises, and lacks security mechanisms. Even if there is a need, it is also handled by high-level protocols. Ethernet cannot separate Network Management Information and user information as SDH does, and its security is inferior to SDH. When a large number of end users are provided by the same infrastructure after being expanded to MAN and WAN, the above processing methods using high-level protocols are unacceptable, new security and encryption mechanisms need to be developed.

The security requirements of the broadband access network mainly come from two aspects: one is the security of the device itself, and the other is the security of the network. Ethernet devices in the broadband access network must first consider the security at the network management layer. On the other hand, although most DDOS attacks target layer-3 devices, however, various Proxy/Snooping protocols may also become victims of DDOS attacks, so the security features of these protocols are equally important.

In terms of network security, the broadband access network should prevent ARP/ICMP/MAC attacks, prevent the occurrence of network broadcast storms, filter worm data frames, and prevent illegal eavesdropping. In these aspects, currently, features such as VLAN/QinQ isolation, MAC binding, MAC quantity limit, broadcast/ICMP suppression, MAC/IP/L4 filtering, SSHv2 encryption/SNMPv3 secure access, and VLANJump are available.

In the actual network environment, with the continuous improvement of computer performance, attacks against switches, routers, or other computers in the network become more and more serious, and the impact becomes more and more severe. As the main device for LAN information exchange, switches, especially switches in the operator's network, carry extremely high data traffic. In case of sudden abnormal data or attacks, they are prone to overload or downtime. In order to minimize the impact of attacks, reduce the load on switches, and ensure stable operation of the operating network, the ISCOM series switches apply some security technologies to enable and configure these technologies effectively, purify the LAN environment.

Telecom-level management

The Ethernet technology is not designed for the operation-level network. In some aspects, it does not have the characteristics that the operation-level network should have. The Ethernet technology originally used for LAN was difficult to provide end-to-end service management, fault detection, and performance monitoring, mainly using the IP-based OAM protocol, for example, SNMP, IP ping, and IP traceroute provide these functions. However, the Ethernet OAM Technology of LAN can only provide simple management such as accessibility, it cannot provide various necessary O & M methods based on the entire network. On the other hand, these simple management methods must also run properly at the Ethernet layer, once the Ethernet layer is faulty, management and maintenance cannot be performed.

As a carrier-oriented Ethernet device supplier, ruisida not only implements link-based 802 on ISCOM series switches. 3ah OAM, and also implements domain-based 802. 1ag OAM makes up for the shortcomings of the original Ethernet in this aspect, and enhances its OAM capabilities in connection monitoring, fault locating, alarm indication, and performance management, in this way, the management and control over networks, equipment, and services can be improved to meet the requirements of operators for building operational, manageable, and profitable networks,

The deployment of the OAM function on ISCOM series switches can help carrier users locate faults and identify whether the fault lies in end users (such as private network users), service providers, or network operators, in this way, the management and maintenance scope and responsibility boundaries of each organization are clearer. After a user reports a fault, the service provider can quickly and accurately troubleshoot the fault, it will make the management of a large operation network simpler and more effective!