Having only dealt with "internal" network gear, how would an ISPs network setup look like? Do the DSLAMs do any routing or do they act like a switch almost? Is each "interface" like a switch port or what? Is the routing done back at the CO or right there at the DSLAMs? I'm thinking they act more like a switch because otherwise you would need to use a bunch of /30 just to connect the customer to the router.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
ISP Gear Questions
- Thread starter /usr/home
- Start date
You can use private vlan to bypass the need of /30 per interface.
Like so:
Private vlan Primary: 100
ip: x.x.x.x/24 (this will become the defgw for the clients)
Private vlan Secondary Isolated: 101-148
Then you just either (if its the same L3-switch) put vlan101 to int1 up to vlan148 to int48, or use 802.1Q to trunk this as tagged vlan to another (L2) device which will do the same (put vlan101 to int1 up to vlan148 which goes to int48).
Use of isolated/community means if clients within the same secondary vlan should be able to see each other or not.
If you want customers connected to the same equipment still be able to send data to each other (when you have private vlan setup) you need to use proxy-arp enabled on the primary vlan.
This way when a client on int1 (vlan101) sends "arp whohas x.x.x.22" then the primary vlan interface will reply "I have this ip, use this mac: xx:xx:xx:xx:xx:xx" - the mac address is the mac address of the primary vlan.
This way the client on int1 (vlan101) sends the packet to mac xx:xx:xx:xx:xx:xx (which is the virtual interface of primary vlan) which receives the packet and route it down into vlan122 (int22, assuming x.x.x.22 belongs to that vlan).
However using private vlan and thinking "good, now the clients are isolated from each other" isnt really try (specially not when proxy arp is being used or a client manuelly sends data to the mac of primary vlan (defgw ip)) which gives you still needs ACL at the primary vlan in case you want to fully block communication between clients in vlan101 and vlan102.
But even if you do this the clients (specially when connected to internet) can still bounce somewhere else further up in the chain and still talk to each other. If not so at least by connecting to the same irc-network or such.
Like so:
Private vlan Primary: 100
ip: x.x.x.x/24 (this will become the defgw for the clients)
Private vlan Secondary Isolated: 101-148
Then you just either (if its the same L3-switch) put vlan101 to int1 up to vlan148 to int48, or use 802.1Q to trunk this as tagged vlan to another (L2) device which will do the same (put vlan101 to int1 up to vlan148 which goes to int48).
Use of isolated/community means if clients within the same secondary vlan should be able to see each other or not.
If you want customers connected to the same equipment still be able to send data to each other (when you have private vlan setup) you need to use proxy-arp enabled on the primary vlan.
This way when a client on int1 (vlan101) sends "arp whohas x.x.x.22" then the primary vlan interface will reply "I have this ip, use this mac: xx:xx:xx:xx:xx:xx" - the mac address is the mac address of the primary vlan.
This way the client on int1 (vlan101) sends the packet to mac xx:xx:xx:xx:xx:xx (which is the virtual interface of primary vlan) which receives the packet and route it down into vlan122 (int22, assuming x.x.x.22 belongs to that vlan).
However using private vlan and thinking "good, now the clients are isolated from each other" isnt really try (specially not when proxy arp is being used or a client manuelly sends data to the mac of primary vlan (defgw ip)) which gives you still needs ACL at the primary vlan in case you want to fully block communication between clients in vlan101 and vlan102.
But even if you do this the clients (specially when connected to internet) can still bounce somewhere else further up in the chain and still talk to each other. If not so at least by connecting to the same irc-network or such.
CO-fed ADSL2+ IPDSLAM is fed like this:
Modem(Public IP)>DSLAM in the CO (ip address of DSLAM is the default gateway that is assigned to the modem)>DSLAM is connected to the ISP's PTM Fiber ring that feeds the CO.
Remote Terminal ADSL2+ IPDSLAM:
Modem(public ip)>DSLAM in the remote terminal(still the modem's default gateway>Fiber ring from the CO>ISP's PTM fiber ring that feeds the CO.
A router is a router, the only real difference between the CO's network and a private network is the firewall and routing table.
Modem(Public IP)>DSLAM in the CO (ip address of DSLAM is the default gateway that is assigned to the modem)>DSLAM is connected to the ISP's PTM Fiber ring that feeds the CO.
Remote Terminal ADSL2+ IPDSLAM:
Modem(public ip)>DSLAM in the remote terminal(still the modem's default gateway>Fiber ring from the CO>ISP's PTM fiber ring that feeds the CO.
A router is a router, the only real difference between the CO's network and a private network is the firewall and routing table.
But is the dslam a router or is it where the customer lines terminate and are later routed? Basically, where is the first router located after a customer's modem?
easy answer: the dslam is a router.
Well, technically the DSLAM is the physical device that generates the ADSL2+ signal, and it does have multiple 10gbe fiber connections that each have an IP address, and then is typically connected to Alcatel-Lucent 7550's. That being said, the DSLAM does have an IP address and is a Layer3 device, making it a router. I'm talking about CO-Based IPDSLAM anyways.
Remote Terminals are a dslam that connects to the 7550's in the co with multiple 1gbps links.
The uplinks from the 7550 to the PTM ring typically are 100gbps.
Last edited:
Gotcha, so my WAN gateway address is the address of the DSLAM. Forgive my seemingly dumb questions, what used to be CO's are now basically the telco's pedestal in the back alley, correct? So I have 2 static IPs as well as my 2Wire gets a DHCP address that is in the ISPs DHCP range. The two are completely different subnets. How does the ISP route those two IPs to me? Do they use something like OSPF or RIP? Does the DSLAM route to the appropriate interface or does it act like a switch and just forward it according to a MAC address table?
Do you work for an ISP? I've always wanted to see an ISPs infrastructure and have always been curious about it.
Do you work for an ISP? I've always wanted to see an ISPs infrastructure and have always been curious about it.
When you enter the information into the router for the static IP's all it does is create a static route.
Lets say your modem's IP address is 1.1.1.2 and it's default gateway is 1.1.1.1
Your ISP assigns you a static IP address range of 2.2.2.1 - 2.2.2.8
The address 2.2.2.8 is a interface on a router 1 step past the CO, 2.2.2.1 is your broadcast address, 2.2.2.2 - 2.2.2.7 is your usable IP addresses.
You set up your server to have the address 2.2.2.2 with the default gateway of 2.2.2.8.
This is how the packets will go when it enters the ISP side headed for 2.2.2.2:
ISP's backbone>100gbps interface above the CO>2.2.2.8>100gbps interface in the CO>10gbps interface in the co>DSLAM(1.1.1.1)>Modem(1.1.1.2)>2.2.2.2.
As far as you question about the physcal locations of the DSLAM's, CO fed IPDSL uses a DSLAM in the CO, Remote terminal (FTTN) DSLAM's are located in the field aka. the side of the road. (usually within either 4500ft of your home for VDSL2+ or 12000ft for ADSL2+)
Lets say your modem's IP address is 1.1.1.2 and it's default gateway is 1.1.1.1
Your ISP assigns you a static IP address range of 2.2.2.1 - 2.2.2.8
The address 2.2.2.8 is a interface on a router 1 step past the CO, 2.2.2.1 is your broadcast address, 2.2.2.2 - 2.2.2.7 is your usable IP addresses.
You set up your server to have the address 2.2.2.2 with the default gateway of 2.2.2.8.
This is how the packets will go when it enters the ISP side headed for 2.2.2.2:
ISP's backbone>100gbps interface above the CO>2.2.2.8>100gbps interface in the CO>10gbps interface in the co>DSLAM(1.1.1.1)>Modem(1.1.1.2)>2.2.2.2.
As far as you question about the physcal locations of the DSLAM's, CO fed IPDSL uses a DSLAM in the CO, Remote terminal (FTTN) DSLAM's are located in the field aka. the side of the road. (usually within either 4500ft of your home for VDSL2+ or 12000ft for ADSL2+)
Last edited:
Not saying bds is wrong but in my 10 years in the telco industry I've never seen a setup like that. All the DSLAMs I've setup over the years were similar to a l2 switch in what they do. The newer DSLAMs have some l3 features but still don't run any routing protocols in my experience. Some may run a modified version of STP like Occam/Calix' s EPS (Ethernet Protection Switching) to provided fail over before it reaches the routed network as well. If I get some time I'll break out a sanitized Visio of a couple places I've worked for, might help clear some things up.
Not saying bds is wrong but in my 10 years in the telco industry I've never seen a setup like that. All the DSLAMs I've setup over the years were similar to a l2 switch in what they do. The newer DSLAMs have some l3 features but still don't run any routing protocols in my experience. Some may run a modified version of STP like Occam/Calix' s EPS (Ethernet Protection Switching) to provided fail over before it reaches the routed network as well. If I get some time I'll break out a sanitized Visio of a couple places I've worked for, might help clear some things up.
If you run a tracert from a newer IPDSL (ADSL2+ or VDSL2) you will see the DSLAM as the first hop after the local modem, CO as the second (and sometimes third also, depends on the CO), VHO as the third , SHO as the 4th and the I/O as the 5th. (in the case of a major telco company in the us anyways)
There are often times more equipment involved, but are not routed, therefor no hop.
Not saying bds is wrong but in my 10 years in the telco industry I've never seen a setup like that. All the DSLAMs I've setup over the years were similar to a l2 switch in what they do. The newer DSLAMs have some l3 features but still don't run any routing protocols in my experience. Some may run a modified version of STP like Occam/Calix' s EPS (Ethernet Protection Switching) to provided fail over before it reaches the routed network as well. If I get some time I'll break out a sanitized Visio of a couple places I've worked for, might help clear some things up.
A Visio diagram would be awesome.