Re: Security with mulitple organizations sharing an ONS backbone

jeff.alston · ‎01-30-2005

Has anyone ever connected two organization's 15454s together with either a subtend ring or PTP and NOT allowed one another access to each others CTC? We want to use our respective systems to transport another parties traffic, but despite organizational trust, want to keep everyone honest.

Rene Frank · ‎01-31-2005

Hi Jeff

If you only use in-band management, then just disable DCC on the links between the two organizations. We use this also as a security feature between different service providers. If the DCC is disabled, then no management traffic is sent in the SONET/SDH header frames. I do not really know how secure it is, but I never heard that a service provider was under attack on a SONET/SDH link by a management protokoll.

Cheers

Rene

jeff.alston · ‎01-31-2005

Thank you. I thought about that, but we are transporting ethernet circuits for this third party across our platforms. If we kill the DCC, can we still cut in circuits?

tgimmel · ‎01-31-2005

Jeff,

You have no worries, you are doing a mid span meet. Just make sure the STS's line up between the 2 systems. There is no requirement for the DCC's to be on except in your own network. All of your mid-span meets just need sts alignment.

Tim

Rene Frank · ‎01-31-2005

Hi Jeff

you have to split your ethernet circuit in two halfs. Create a circuit in the first 15454 network to the border (DCC disabled) and an other circuit in the second network also to the border. As Tim already said, you have to align the sts on both sides of the border. See also the procedure guide (NTP-D148 "Create a manual crossconnect for G-series or E-Series...").

Rene