DSL testing on campus Part 2 of 2 (the NEW way)

This is part 2 of a 2 part post.


Post two: The NEW way of doing DSL on campus


About 2 years ago me and a co-worker were approached by 2 teams on campus that had a large number of DSL lines and did not want to pay the fee that Verizon charged. So I came up with the new way.


**Brief info on how DSL works (from a telco like Qwest)**

You have a DSL modem

This modem links via the phone line to a device called a DSLAM (Digital Subscriber line access Multiplexer)

The DSLAM then linked to the ATM or Frame-Relay network

The ISP (could be Qwest or any other ISP that has links to the ATM/Frame-Relay cloud) would have a link into the ATM/FR network

The ISP then routes the packets to the internet via its normal Path

**End of Brief info**


So Verizon in our case charged for the Analog line the DSL line and the ISP. This was about $2,000 per line per year. So what we were going to do is buy the DSLAMs and keep them in house then link them to the internet using our already internet access methods (MSN). So this would allow the test teams to have DSL lines with an upfront cost for hardware but never have a re-occurring cost.


The first issue we ran into in the beginning was the cost of a Cisco DSLAM was > $12,000 for ~24-48 lines (don’t remember the exact cost). So that price would hit into the cost savings if we had to throw out a huge amount of money just to get the hardware. So one day I was in a meeting with the networking team talking about another issue when someone mentioned they found a 24 port DSLAM for ~2,500.00. So after some looking I found Corecess (https://www.corecess.com). They have the DX6524 which is a 24 port DSLAM that goes from DSL to Ethernet. It removes the ATM/Frame-Relay requirements that other DSLAMs also had. So this allowed us to put in 4 DSLAMs into a single lab and connect them to our existing Internet taps.


The DSL modems we had with Verizon were DMT modems so they worked with this device. No new modems were required for the move only growth. So for the cost of 1 year of service on our normal DSL line we were able to get a device that would provide us 24 ports of DSL access. I was so happy the day I was able to place ~100 DSL disconnect orders with Verizon (Telcos are almost as bad as the cable company and Oil companies).


The ROI was so high that a 24 port DSLAM would pay for its self in only a few months. And when it comes time for the lab to move all they have to do is make sure there is an Internet tap installed in their new lab to connect their DSLAM to.


Testers could also in real-time (automated or manual) change the speed allotted for a DSL port. They could have it 128k/128k then up to 8mb/1mb within a few seconds. The DSLAM also provided VLAN support on a per DSL port basis. So we could have one DSL line connected to a PPPoE Access concentrator while another is on a Native IPv6 link. These VLAN assignments could also be changed automatically (SNMP).


From a security stand point this allowed Corp IT to monitor all internet traffic on the DSL lines (place IDS/IPS devices also), limit access to HIGH risk services (that are not used at 99.9% of homes), and removed the ANALOG line that could allow un-restricted dial-in access. If an inbound attack was detected corp sec could at least act on it now. Where with the OLD way they did not even know it happened.


This solution still provides all the requirements to capture the “Home Scenario” while lowing the cost and increasing security. So for those of you that need to do DSL testing but hate paying the super high costs owning your own DSLAM is the way to go. You can even add a spool of 3,000 feet of copper between your DSL modem and the DSLAM to simulate the copper length between most homes and the DSLAM.