Telecommunication-level management of Broadband Access Networks

There are many things worth learning about broadband access networks. Here we will mainly introduce the telecom-level management of broadband access networks. Ethernet was originally designed for internal applications of Local Area Network enterprises and enterprises, and lacks security mechanisms. Even if there is a need, it is also handled by high-level protocols. Ethernet cannot separate Network Management Information and user information as SDH does, and its security is inferior to SDH. When a large number of end users are provided by the same infrastructure after being expanded to MAN and WAN, the above processing methods using high-level protocols are unacceptable, new security and encryption mechanisms need to be developed.

The security requirements of the broadband access network mainly come from two aspects: one is the security of the device itself, and the other is the security of the network. Ethernet devices in the broadband access network must first consider the security at the network management layer. On the other hand, although most DDOS attacks target layer-3 devices, however, various Proxy/Snooping protocols may also become victims of DDOS attacks, so the security features of these protocols are equally important.

In terms of network security, the broadband access network should prevent ARP/ICMP/MAC attacks, prevent the occurrence of network broadcast storms, filter worm data frames, and prevent illegal eavesdropping. In these aspects, currently, features such as VLAN/QinQ isolation, MAC binding, MAC quantity limit, broadcast/ICMP suppression, MAC/IP/L4 filtering, SSHv2 encryption/SNMPv3 secure access, and VLANJump are available.

In the actual network environment, with the continuous improvement of computer performance, attacks against switches, routers, or other computers in the network become more and more serious, and the impact becomes more and more severe. As the main device for LAN information exchange, switches, especially switches in the operator's network, carry extremely high data traffic. In case of sudden abnormal data or attacks, they are prone to overload or downtime. In order to minimize the impact of attacks, reduce the load on switches, and ensure stable operation of the operating network, the ISCOM series switches apply some security technologies to enable and configure these technologies effectively, purify the LAN environment.

Telecom-level management

The Ethernet technology is not designed for the operation-level network. In some aspects, it does not have the characteristics that the operation-level network should have. The Ethernet technology originally used for LAN is difficult to provide end-to-end service management, fault detection, and performance monitoring. It mainly uses the IP-based OAM protocol, such as SNMP, IPping, and IPtraceroute to provide these functions, however, the Ethernet OAM Technology of LAN can only provide simple management such as accessibility, and cannot provide various necessary O & M methods based on the entire network; on the other hand, these simple management operations must also work properly on the Ethernet layer. Once the Ethernet Layer fails, management and maintenance cannot be performed. As a carrier-oriented Ethernet equipment supplier, ruisida, the ISCOM series switches not only implement link-based 802.3 ahOAM.

In addition, the domain-based 802.1 Agam is implemented to make up for the shortcomings of the original Ethernet in this aspect, and enhance its OAM capabilities in connection monitoring, fault locating, alarm indication, and performance management, in this way, the management and control over networks, equipment, and services can be improved to meet the requirements of operators for building operational, manageable, and profitable networks. The deployment of the OAM function on ISCOM series switches can help carrier users locate faults and identify whether the faults are in the end users such as private network users), service providers, or network operators, in this way, the management and maintenance scope and responsibility boundaries of each organization are clearer. After a user reports a fault, the service provider can quickly and accurately troubleshoot the fault, it will make the management of a large operation network simpler and more effective!