I contacted Parasun technologies today to look into implementing thier third party solution. We provide wireless broadband as well as cable modem services... here is their response from the initial engineer looking at how my network is setup:
Regarding the switched end:
Switches need to be managed. This is a requirement for any access switch that connects to a user device. If unmanaged switches are used then port spanning cannot be implemented, and port-port traffic cannot be forwarded to the probe. There are unmanaged switches in the diagram.
Regarding the wireless RF end:
There are wireless routers missing from the bottom left of the diagram (not CPE, but infrastructural routers). I'll need detailed info on how they're connected. Wireless is a different kind of problem - our probe doesn't have a wirless interface. So the wireless router has to support LI, at the very least bridging. Bridging will require internal network renumbering, since the wireless network will spill over up to the primary Mikrotik router. A quick check of this companies LI/CALEA support position suggests these units may need replacement:
http://forum.mikrotik.com/viewtopic.php ... a470d3ec44
It may be possible to re-engineer this network by introducing tagged traffic port mirroring on the units. This requires a lot more info than that in the diagram, starting with vendor and software release on each device, free ports on each unit, VLAN's that have been configured on the switches, etc.
Many vendors don't implement full port mirroring - like SMC which allows mirroring of sent or received port traffic but not both - this may require replacement of the unit in such cases.
The cheapest solution for this customer may end up being the purchase of a replacement provisioning system from us.
My apologies for the number of issues and questions raised.
Here are some companies i have com across offering Third party solutions for providers:
(thier solution starts at approx $800-$1000 and up based on subs, and currently requires Cisco routers although Juniper support is coming soon. they were unsure how to proceed with the mikrotik part of it.)
(I am still waiting for a call back from this company but my initial conversation with them seemed positive)
http://www.verisign.com/products-servic ... index.html
(Have not contacted them yet, but they are next on the list, with the history of verisign though i assume thier pricing will be high)
(The quote above is from one of thier engineers. Thier solution requires them to install a server into your network which costs approx $3500-$4000 then requires you to pay monthly either $300 (under 1000 subs) or $700 (up to ?? subs) but it sounds like they may not even be able to help me due to the mikrotik, and it also sounds like they want full access to every device on my network... don't think i like this idea!)
http://www.verint.com/communications_in ... l2a_id=200
(Supposedly have a cost effective product for rural broadband providers, I have requested more information)
Informational sites regarding CALEA:
http://en.wikipedia.org/wiki/Communicat ... cement_Act
http://www.eff.org/Privacy/Surveillance ... f=faq.html
(has examples of the forms to file)
(search for Keywords like CALEA LAES etc)
http://www.ss8.com/calea.php?gclid=CKiU ... WAodWT4y3Q
Link to DRAFT specs:
http://contributions.atis.org/UPLOAD/PT ... -014R2.doc
Hopefully this will help, I myself am still trying to get a grip on all of this so I do not know the technical requirements of the devices, however. maybe someone else can find somehting in this mound of reading..
From my point of view this whole thing seems unrealistic for small providers, it would almsot seem like they want to put us all out of business. There has got to be either a way around it, or a way to do this economically for the small guys....
Enjoy! IF I figure anything else out, ill let you all know here.
I will update this list as i aquire more information.