DOCSIS Cable Modem Connection Process

DOCSIS Cable Modem Connection Process 1

Objectives!Examine a DOCSIS system!define the DOCSIS modes! RF Return! Telco Return!Learn the DOCSIS Downstream and Upstream Parameters!Define the DOCSIS modem registration process 2

DOCSIS Block Diagram!Principal Function of the DOCSIS Cable Modem System Is to Transmit Internet Protocol (IP) Packets Transparently Between the Head end and the Subscriber Location.!The DOCSIS System Consists of:! Cable Modem Termination System (CMTS) located at the headed! Cable Network! Cable Modem (CM) located at the Customer Premise Wide-Area Network CMTS Network Side Interface Cable Modem Termination System (CMTS) Cable Network HFC Cable Modem (CM) CM Customer Premises Equipment Interface Customer Premises Equipment Transparent IP Traffic Through the System 3

DOCSIS Support Devices Headend or Central Office NM CMTS Satellite Data Services - High Speed - Packet Data -IP Routing - IP Multicast - CM open Architecture Internet On-line Services Local Server Video Local Programming Laser Combiner/ Splitter Fiber Node HFC COAX Splitter Cable Modem PC or MAC DHCP Server TOD Server TFTP Server TOD: Time of Day; TFTP: Trivial File Transfer Protocol; DHCP: Dynamic Host Configuration Protocol Television Home Subscriber 4

DOCSIS DHCP Server!DHCP Server DHCP Server! Assigns IP addresses to client computers " addresses are leased to clients (Cable Modems or CPE s) for a period of time " IP addresses can be reserved for specific clients or assigned from pools " clients may be authenticated based on their MAC address " address may be assigned from different pools based on extended options 5

DHCP Process DHCP Server!The following parameters will be requested by the Cable Modem (CM) from the DHCP server " IP address of the CM " IP address of the TFTP Server (for DOCSIS Configuration file) " IP address of the DHCP Relay Agent (if the DCHP server resides on a different network than the CM) " TFTP/DOCSIS Configuration file name " Subnet Mask to be used by the CM " Time offset of the CM from Universal Coordinated Time (UTC) " Default IP Gateway " Time of Day Server IP address " SYSLOG Server IP address 6

DOCSIS ToD Server!ToD Server! Internet Time Protocol (ITP) " RFC 868 ToD Server! UDP and TCP requests honored on port 37! 32-bit value defining the number of seconds since 00:00 (midnight January 1, 1900 GMT) 7

DOCSIS TFTP Server!TFTP Server! Trivial File Transfer Protocol " (RFC 1350) TFTP Server! UDP port 69! Small and easy to implement! Read and write to and from remote servers 8

TFTP Process!The following settings MUST be included in the configuration file: " Network Access Configuration Setting " Class of Service Configuration Setting TFTP Server! The following settings are optional: " Downstream Frequency " Upstream Channel ID " Vendor ID " Baseline Privacy " Software Upgrade filename " SNMP Write-Access Control " SNMP MIB Object " Software Server IP Address " CPE Ethernet MAC Address " Maximum Number of CPE s (32 Max) " SNMP IP Address (if applicable) " Telephone Settings (if applicable) " Vendor-Specific Configuration (if applicable) 9

!RF-Return Cable Modem Architectures RF Return!Suited for CATV networks that have been fully upgraded for two-way communications!delivers high-speed data downstream and upstream over broadband network!docsis establishes standard specification for data communications over HFC network 10

Cable Modem Architectures Telco Return!Telco-Return Suited for CATV networks without twoway capability!delivers high-speed data downstream over broadband network! Relies on dial-up networking technology for return data!does not require HFC plant upgrade to two-way RF!DOCSIS also specifies data communications using a telephone-return architecture!support for MMDS Wireless systems, DOCSIS does not support MMDS 2-Way 11

DOCSIS Protocol Signaling!Frames and Timing! MPEG Frames " 188 Bytes, 4 Byte header!synchronous Transmission " Clock Synch messages from head end (613 per second) " One source per downstream " Multiple sources per upstream requiring time sharing " Cable Modems identified by 16 bit Service ID (SID) 12

DOCSIS Protocol and Signaling contd.!frames and Timing! Upstream Time Sharing (TDMA)!Time allocation MAP from head end (every 4 ms)! Upstream time allocated for Cable Modems in mini slots " (Mini-slot = 8 ticks, Tick = 6.25 usec)!shared time slots for Maintenance & Requests (e.g. for new modems with no SID to come online) 13

DOCSIS Downstream Architecture!RF Channel Spacing!88-860 MHz!6 MHz» 64 QAM-Occupied bandwidth 5.057 MHz plus guard band» 256 QAM- Occupied bandwidth 5.4 MHz plus guard band 14

DOCSIS Downstream Architecture!RF performance requirements!cnr -- 23.5dB as measured for analog video performance. (assumes DOCSIS carrier at analog level and 64 QAM downstream.)! Amplitude ripple (response) -- 0.5 db!group delay -- 75ns!Power levels -15 dbmv to +15 dbmv 15

DOCSIS Downstream Architecture!The DOCSIS Specification Uses a Modulation and Coding Scheme Defined by ITU J.83 Annex-b, for the Downstream:! Modulation Type: 64-QAM or 256-QAM!Maximum Data Rate: 27 Mbps at 64-QAM, 38 Mbps at 256- QAM!Bandwidth: 6 MHz channel!frequency Range: 88-860 MHz!Transport Protocol: MPEG-2! Forward Error Correction (FEC) encoding: outer Reed- Solomon and inner Trellis code!1e-8 BER with a carrier to noise ratio (Es/No) of: 23.5 db for 64-QAM 30 db for 256-QAM 16

DOCSIS Upstream Architecture!Variable RF bandwidth and modulation.!200 khz,400 khz, 800 khz, 1600 khz, and 3200 khz!qpsk ( Quadrature Phase Shift Key) or 16 QAM (Quadrature Amplitude Modulation)!Frequency Range!5 to 42 MHz (Edge to Edge)!RF Performance requirements!cnr -- Not less than 25 db 17

DOCSIS Upstream Architecture!Motorola (GI) Developed and Designed the Flexible F/TDMA Upstream Approach to the Physical Layer in the DOCSIS Specification:! Modulation Type: 16-QAM or QPSK! Data Rates: 320Kbps - 10 Mbps! Symbol Rates: 160, 320, 640, 1280 and 2560 ksym/s! Bandwidth: 200, 400, 800, 1600 and 3200 khz! Frequency Range: 5-42 MHz (edge to edge)!range of available data rates and bandwidth used: Upstream Symbol Rate (ksps) Bandwidth Used (KHz) QPSK Data Rate (kbps) 16 QAM Data Rate (kbps) 160 200 320 640 320 400 640 1280 640 800 1280 2560 1280 1600 2560 5120 2560 3200 5120 10240 18

CMTS and Cable Modem Startup!Provision modem in the Cable Router (operator configured or automatically provisioned)!install modem at subscriber premise (cable and power) HFC MODEM CMTS 19

Downstream Channel Search!CM searches for a downstream data channel!synchronize with QAM!Synchronize with FEC and MPEG QAM Signal HFC MODEM CMTS 20

Monitor for SYNC Message!Periodically transmitted by CMTS!SYNC message contains a time stamp that exactly identifies when the CMTS transmitted the message!cm to synchronize its time-based reference clock so that its transmission on the upstream will fall into the correct minislots SYNC Message HFC MODEM CMTS 21

Obtain Upstream Parameters!Monitor for UCD message! periodically transmitted by CMTS! UCDs define characteristics of the upstream channel such as:» mini-slot size» upstream channel ID» downstream channel ID» burst descriptors UCD Message HFC MODEM CMTS UCD: Upstream Channel Descriptor 22

Initial Ranging!CMTS periodically transmits MAP messages!upstream Bandwidth Allocation Map (MAP) includes:! Initial Maintenance Interval (broadcast interval) with start and end of connection opportunity!cm responds with Ranging Request (RNG-REQ) MAP Message HFC MODEM CMTS RNG-REQ MAP: Media Access Protocol 23

Auto Adjustments!CMTS receives initial Ranging Request from CM!CMTS responds with Ranging Response (unicast)! assigns a SID and allocates bandwidth to this SID! adjust power level, timing offset, and frequency adjustment! Sets downstream and upstream channels!cmts starts Admission Control RNG-RSP HFC MODEM CMTS 24

Admission Control!CMTS allocates a Temporary SID for the CM and puts the CM in the Forwarding Tables!CMTS sends MAP with Station Maintenance opportunity for that SID!CM ranges with new settings!cmts sends RNG-RSP to indicate success or failure of Admission MAP Message HFC MODEM CMTS RNG-REQ 25

Bandwidth Requests! Uses special MAC frame (REQ - 6 bytes only)! Can also piggyback request on data frame! Uses a 4-byte Extended Header TLV! Request contains SID and number of minislots needed! Includes all FEC other PHY overhead! Requests may be sent in Request, Request/Data, or Data transmit intervals! The MAP has a special code to signal a request has been received although no grant is in the current MAP 26

MAPS!The upstream time is allocated to modems in the MAP message! MAP is variable length, typically 5-15 ms!cmts sends separate MAP messages for each upstream channel! Set of all MAPs for a channel covers all minislots!for each BW grant, contains: SID, Burst type, and Grant length!map contains US Channel ID and configuration count! Allows dynamic UCD changes 27

MAP Example 28

IP Connectivity!CM sends a broadcast DHCP request via the CMTS to the DHCP Server!DHCP server returns:! IP address and Subnet Mask! CM configuration file name and IP address of TFTP server! UTC time offset to establish local time! TOD Server IP address Server DHCP-REQ LAN/WAN HFC MODEM CMTS DHCP-RSP 29

Time of Day!CM sends a request to the ToD Server!ToD Server responds: GMT Server ToD-REQ LAN/WAN HFC MODEM CMTS ToD-RSP 30

Transfer Operational Parameters!After DHCP operation, CM must download the configuration file from the TFTP server!server address is specified in the siaddr field of the DHCP response Server TFTP-REQ LAN/WAN HFC MODEM CMTS TFTP-RSP 31

Registration!CM generates a Registration Request (REG-REQ)!Includes configuration parameters received from TFTP configuration file:! Downstream frequency, Upstream channel ID! Network access configuration settings! Class of Service! Modem Capabilities! Modem IP address REG-REQ HFC MODEM CMTS 32

Registration!CMTS! checks CM s MAC address and authentication signature on the parameters! assigns a SID! provides bandwidth for CM requested Class of Service! modifies forwarding table to allow full user data if the modem requested Network Access! sends REG-RSP to CM (CM can pass unencrypted data) REG-RSP HFC MODEM CMTS 33

Baseline Privacy!Follows modem registration!provides user data privacy by encrypting traffic flows, upstream and downstream!provides cable operators basic protection from theft of service!mechanisms for:! authentication: CM to CMTS and CMTS to CM! key distribution: traffic keys and lifetimes! data encryption applied to Sid's!56 bit DES Encryption 34

Security Association!If CM is configured for Baseline Privacy in the modem TFTP configuration file:! CM sends Authorization Request» Public key, MAC address, and SID s! CMTS responds with an Authorization Response» Authorization Key (encrypted KEK)» Key Sequence number and Lifetimes» List of SID s (for each requested Class of Service) AUTH-REQ HFC MODEM CMTS AUTH-RSP 35

Security Association!CM requests Key Request for each SID!CMTS responds with DES encrypted TEK for each SID!CM can now pass encrypted data KEY-REQ HFC MODEM CMTS TEK 36

DOCSIS Today! DOCSIS 1.0! Product Interoperability across available CMTS s! 64 and 256 QAM modulation (downstream) formats! 6-MHz occupied spectrum coexists with all other signals on the cable plant! Variable-depth interleaver supports both latency-sensitive and - insensitive data.! The features in the upstream direction are as follows: Flexible and programmable CM under control of the CMTS Frequency agility Time division multiple access QPSK and 16 QAM modulation formats Support of both fixed-frame and variable-length PDU formats Multiple symbol rates Programmable Reed-Solomon block coding Programmable preambles 37

DOCSIS 1.1 Enhancements!Telephony support a major driver for 1.1!QoS! Multiple (dynamic) Service Flows and classifiers! More upstream scheduling types (polling, periodic grants)! Fragmentation!Concatenation, PHS! Efficient use of upstream channels 38

DOCSIS 1.1 Enhancements!BPI+! Authentication of CMs with digital certificates! Longer keys and some new algorithms!secure code download! Uses PKCS certificates and code image signing!oss enhancements! SNMPv3! Full set of standard events and messages are specified 39

DOCSIS 1.1 Enhancements! DOCSIS 1.1! Packet Classification, based on fields in the Ethernet, IP, and UDP/TCP headers, into a Service Flow! Service Flow association with a DOCSIS Service Identifier! QoS MIB s! Fragmentation! Concatenation! Payload Header Suppression (for increased bandwidth efficiency, particularly in the case of relatively small Voice-over-IP [VoIP] packets)! Priority Queuing (e.g. Weighted Fair Queuing) at the CMTS! BPI+ (Base Line Privacy - Plus)! IGMP (Internet Group Management Protocol) Management 40

DOCSIS 1.0 and 1.1 Interoperability! Can DOCSIS 1.0 and 1.1 Modems Can Be Used in the Same System?! DOCSIS 1.1 is backward compatible with DOCSIS 1.0! DOCSIS 1.1 CMTS s are required to to support both DOCSIS 1.0 and 1.1 cable modems! DOCSIS 1.1 modems must be able to register as a DOCSIS 1.0 modem with a CMTS that only supports DOCSIS 1.0! Can DOCSIS 1.0 and 1.1 Modems Used on the Same Upstream Channel?! Yes.! Managing 1.0 and 1.1 modems on the same upstream channel is a more complex task for the CMTS! If QoS commitments cause conflicts, the CMTS can easily move a CM from one upstream channel to another 41

DOCSIS 1.1 Overview!Quality of Service (QoS)!Baseline Privacy Plus (BPI+)!Multicast!Secure code download!dynamic channel change!snmpv3!standardized event logging 42

Quality of Service E-mail Voice HFC HFC file CM CM In DOCSIS 1.0, all services compete for upstream bandwidth on a best effort basis. In DOCSIS 1.1, each service can get performance assurances based on QoS parameters (e.g. bandwidth, jitter) 43

Packet Processing Classifier Service Queues Upstream Scheduler Data Packet Classification IP Protocol Source/Dest IP Address Source/Dest Port ToS Source/Dest MAC Address Service Flow Max burst size Req/Transmission policy Max traffic rate Min reserved traffic rate Upstream scheduling type Grant/poll jitter Grant/poll interval Upstream Scheduling Unsolicited Grant Service (UGS) UGS w/ Activity Detection Real-Time Polling Non-Real-Time Polling Best Effort 44

Service Flow Types! Static! Provisioned when the CM registers! Defined in a CMs config file! Dynamic! Created as needed, based on demand! Dynamic service flow messages» Dynamic Service Add (DSA)» Dynamic Service Change (DSC)» Dynamic Service Delete (DSD)! Either CM or CMTS can create 45

Service Flow States!Provisioned! The CMTS has not yet reserved the resources in its MAC scheduler!admitted! The resources are reserved, but the flow is not active!active! The resources are in use, data is actively being transmitted on the flow 46

Dynamic Service Flow Example Two Phase Activation!When a voice call is originated:! Service flow created via DSA! Resources are admitted (phase 1)!When the far end answers:! DSC used to activate the resources (phase 2)! Call in progress!when call ends, service flow is terminated via DSD 47

Fragmentation 48

Concatenation! Transmission from single CM limited by the REQ/Grant handshake! Nominal latency for REQ/Grant sequence in idle network is ~2.5 msec, or ~400 Grants/sec for a single CM! Operationally, ~150 grants/sec is typical! Thus, transmission limited to ~150 bursts/sec! Concatenation allows multiple packets per burst! Improved upstream performance and efficiency 49

Payload Header Suppression!Allows repetitive portion of packet to be suppressed over the HFC link!a set of PHS rules defines the portion of the packet to suppress!set up during DSA or DSC signaling!improves bandwidth efficiency 50

PHS Example 51

BPI+ Enhances BPI Capability!Stronger crypto mechanisms!support of future upgrade of crypto capabilities!strong authentication!dynamic security associations 52

Strong Authentication!DOCSIS 1.0 does not have a secure mechanism to authenticate the CM!DOCSIS 1.1 adds strong authentication of the CM through the use of X.509 digital certificates!each CM issued a unique digital certificate that is verified through the DOCSIS root certificate authority 53

DOCSIS Trust Hierarchy 54

CM Authorization Auth Request (CM-ID, CM-Certificate, Security-Capability, primary SAID) CM Auth Reply (Auth-key, Key-Lifetime, Key-Sequence_Number, one or more SA-Descriptors) CMTS CM-ID : serial number, manufacturer ID, MAC addr, & RSA public key CM Certificate : X.509 certificate Security-Capability : crypto capability, BPI version Primary SAID : CM s primary SID Auth-Key : Authorization key encrypted with CM s public key Key-Lifetime : remaining time that key is valid in secs Key-Sequence-Number : Sequence number of Auth key SA-Descriptors : Properties of the security association, including SAID, SA-type, & cyrpto-suite 55

Basic Authentication (1)! CM sends: CM cert, manufacturer cert! CMTS verifies CM cert MAC addr, serial #, CM public key are correct! Expiration okay! CM cert issuer name matches manuf cert subject name! CM cert signature is valid, using manuf cert public key! CMTS verifies manufacturer cert! Expiration okay! Manuf cert issuer name is DOCSIS! Manuf cert signature is valid, using DOCSIS root public key! Success proves CM cert is valid, but still need to determine that CM is rightful owner 56

Basic Authentication (2)! CMTS RSA-encrypts authorization key using CM s public key in CM certificate! CM uses HMAC key (derived from authorization key) to generate HMAC on Key Request message! CMTS verifies the HMAC! Success proves CM knows the private key that matches public key in CM cert, hence CM is rightful owner 57

Dynamic Security Associations! Useful for encrypting traffic flows that are dynamic or temporal (e.g. multicast)! SA-MAP mechanism allows CM to learn of encrypted traffic flows and it s security association.! Currently applied to multicast downstream flow! Inter-operate with DOCSIS 1.1. IGMP management mechanism which triggers the establishment of dynamic SAs. 58

IGMP/SA-MAP Example CPE CM CMTS IGMP MR (Join) Set Multicast MAC Filter IGMP MR (Join) SA-MAP Request SA-MAP Reply Determine SAID Start TEK FSM Key Req/Reply Multicast Data Decrypt Multicast Encrypted Multicast Data Encrypt Multicast Multicast Data 59

Secure Code Download!DOCSIS provides a method to remotely download firmware updates to the CM!DOCSIS 1.1 adds a digital signature to the code file to verify the source and integrity of the downloaded code!allows for both the manufacturer and the MSO to digitally sign the code file. 60

Code Download Process!DOCSIS Root CA! Issues Manufacturer CVC!Manufacturer! Signs code file! Send code file w/ CVC to MSO!MSO! Verifies code file! Optionally, adds MSO co-signature and MSO CVC to code file! Send code file to CM on request!cable Modem! Download code file! Verify manufacturer s signature! Verify MSO signature, if present! If verified, install code image 61

Dynamic Channel Change!Enables CMTS to dynamically direct the CM to change its downstream and/or upstream channel!near seamless change with minimum interruption of service!useful for traffic balancing, noise avoidance, 62

SNMPv3! Enhances the SNMP v1/v2 framework to support:! Privacy & authentication! Authorization! SNMPv3 defines a modular architecture within which network management capabilities can evolve! SNMPv3 defines no new protocols! Documented in RFC 2571-2576 63

SNMPv3 Architecture 64

Standardized Event Logging!DOCSIS 1.1 defines a set of standardized event message formats and priorities.! ~250 standard event messages! 16 DOCSIS-specific trap types!eases network management operations! Common event message across CM products! Facilitates automated event processing 65

References!Specifications are publically available at www.cablemodem.com/specifications.html!ieee Communications, March 2001, p. 202! Good overview article, available as PDF file!cablelabs training on 1.0 MAC (VGs)!CableLabs training on 1.1 (VGs and video)! Video is of a presentation of the VG!Clive Holborow and Greg Nakanishi! BCS/IPNS, San Diego 66

Return to Introduction 67