The Access Node Control Protocol (ANCP) aims to communicate QoS-
related, service-related and subscriber-related configurations and
operations between a Network Access Server (NAS) and an Access Node
(e.g., a Digital Subscriber Line Access Multiplexer (DSLAM)). The
main goal of this protocol is to allow the NAS to configure, manage
and control access equipments including the ability for the access
nodes to report information to the NAS.
This document investigates security threats that all ANCP
nodes could encounter. This document develops a threat model for
ANCP security aiming to decide which security functions are required.
Based on this, security requirements regarding the Access Node
Control Protocol are defined.
Working Group Summary
The origin of the working group can be traced back to the WT-147
"Layer 2 Control Protocol" document from the Broadband Forum. The
ANCP protocol being developed in the ANCP working group as a result
of that document is typically used in the access and aggregation
portions of a broadband access network, and also in inter-provider
environments. It was therefore decided as a part of the creation of
the working group to document the security threats that this
protocol could encounter to ensure that they were fully accounted
for in the protocol design and that operators deploying the protocol
were aware of any security threats. This draft is the result of that
The document is a security threats analysis, with the protocol being
specified in a separate WG draft (draft-ietf-ancp-protocol). The
latter has a number of implementations.
Document Shepherd: Matthew Bocci (firstname.lastname@example.org)
Responsible Area Director? Ralph Droms (email@example.com)