User guide
EDA System Design
1/1551-HSC 901 35/3 Uen C 2005-12-02
95
• Security Requirements - Different security measures can be deployed
in order to protect the EDA system and the end-users connected to it.
Some of the security settings may overlap but can be activated
simultaneously to improve the security.
The following measures can be used:
− Using PPP as access method can be used for verifying the identity
of an end-user before granting access to the services. PPP
sessions can be forwarded towards remote Service Providers using
secure tunnels.
− The IP DSLAMs can be configured to filter out unwanted traffic
based on a variety of parameters.
− VLANs can be used to create logically separate network within the
Access Domain Ethernet. In this way different traffic types, as for
example management traffic and subscriber traffic, are separated.
− Using Forced Forwarding towards the Service Provider’s default
gateway.
− Using DHCP Relay agent configuration (Option 82) to authenticate
end-users and to allow access to specific services.
− Using Virtual MAC addresses to prevent MAC spoofing.
Although not all of the functions above are the responsibility of the Access
Provider, the Access Provider creates the EDA network and functions that
enables the services to be offered to end-users. For more detailed
description of security measures please see section 9 on page 81.
10.2.1 Designing the Actual EDA System
In addition to function requirements and MDF deployment scenario, the
total solution is influenced by a number of performance requirements to the
system:
• The number of subscribers connected to the local exchange, and the
expected DSL penetration forecast.
• The bandwidth allocated to individual subscribers, and the degree of
aggregation.
• The requirements to different quality of service levels.
• The requirements to redundancy.