In this chapter I will describe the Ananda Bell DSL setup. A picture is worth a thousand words, hence the following picture. If you find this not detailed enough, let me know and I will add some more comments.
Well, Peter didn't let me get away with just a picture, so I'll write a few words about our DSL setup at Ananda Bell.
Our internet access consists of 3 T1 links bundled together as a single point-to-point link to the Internet cloud. The Cisco 2600 router that hosts these 3T1 links uses Multi-Frame-Relay technology to provide one logical link to the Internet, SBC/PacBell (now AT&T) being our Internet Service Provider. These 3 T1 links also act as a backup to each other because if one fails, the others continue to function, thereby eliminating single point of failure on our link to the Internet. The Cisco 2600 acts as our gateway to the internet, our NAT (Network Address Translator) server, our DHCP (Dynamic Host Configuration Protocol) server and our firewall. The Cisco 2600 is connected to a 100Mbps switch on its LAN side. Three Occam BLC 6208's connect to the same 100Mbps switch creating a large local area network comprised by [the majority of] village residents and offices. The BLCs (Broadband Loop Carrier) perform the interworking function between DSL and Ethernet. They aggregate DSL traffic from the subscribers and send them to the Cisco router over an Ethernet link. Since they act as "bridges" they logically extend an Ethernet wire from each home (or office) and connect it to the Cisco router. So, all our data traffic converge at the Cisco 2600.
Most village residents get a private IP address from the Cisco 2600 via the NAT functionality. This makes up the 192.168.146.x network. These addresses are valid inside the village, but not valid outside, because they are not routable IP addresses. When packets originating from this network leave the village their source IPs take the form of a routable (public) IP address, which is shared among many people. This allows [most of] us to appear as one IP address (one host) from outside the village. We also have several users and offices that each have their own unique public IP address for other reasons. Some people need to run servers or services that require them to have a private IP address (VPN - Virtual Private Networks, some video-conferencing applications, web servers hosted inside the village, etc). We have three different IP subnets we can pick IP addresses from so that we can assign them to people with such needs.
The Cisco router assigns IP addresses from the 192.168.146.x pool to people who do not require a public IP address. The firewall on the WAN (T1/FR) link of the Cisco 2600 provides ample protection for people using DHCP. The main function of the firewall is to prevent any TCP connection originating from outside to connect to a machine inside the village. TCP connections can only be initiated from inside the village. As for public IP users, they are required to have their own firewall and provide their own protection.
We also have a few off-the-land users (not in diagram) who have a wireless radio link (about 3 to 5 miles) from their homes to the village. The radio pairs use the 802.11b technology and require line-of-sight. The users who approached us about the technology have spent their own time and money to buy and install the radio pairs. Ananda Bell simply brought a DSL modem and power to the line-of-sight location within the village.
The three BLCs at Ananda Bell have a total of 3 x 48 = 144 ports. About 110 of these ports are already in use. Some of these serve dedicated DSL lines, but most of them share the copper phone line with voice. In that case a splitter is needed to separate the voice and data frequencies. We have two Wilcom splitter chassis, each with two cards. Each card has 24 ports on it. Thich cables (telco cables with champ connectors) carry 24 phone lines each. This cable connects to one splitter card into the voice+DSL port. Two other telco cables leave out of two separate ports on each splitter card, one port bundling 24 data lines and the other one bundling 24 phone lines. The data cable goes to the BLC and the phone cable goes to the phone switch. The splitter cards do not require power to operate them (much like the low pass filters connected to your home phones).
All this critical equipment (Cisco router, BLCs, ethernet switch, phone switch) is connected to multiple UPS (Uninterruptible Power Supply) units so that they can have clean power and they can continue to operate in case of power failures. After a few seconds of power failure, a generator kicks in to provide power to the UPSs, because UPSs battery capacity only last for a few minutes.
The Occam BLCs have a lot more functionality than traditional DSLAMs that do only DSL to Ethernet interworking function. The BLCs provide filtering capabilities on each DSL port to prevent, for instance, Windows Netbios packets from entering the village network (so you can't see your neighbor's computer in your Network Neighborhood). The BLCs are capable of providing voice/video/data (called triple play) over the same DSL line. We are only using them for data service (VoIP services such as Skype would be considered derived voice). The video capability would require expensive head-end equipment and who wants 250 channels of video in a spiritual community? However, there are many other customers of Occam who heavily depend on the video capabilities (such as Surewest in Roseville) and who use that capability to compete with cable operators. The BLCs are also capable of doing DHCP and ARP snooping to reduce network chatter and to ensure that users only use the IP addresses they are assigned. This prevents many types of malicious attacks originating from subscribers. We are not using all of these features at Ananda Bell, but some are going to be implemented in the days to come.
