DOCSIS Cable Modem Connection Process

Objectives
!Examine a DOCSIS system !Define the DOCSIS modes
! RF Return ! Telco Return

!Learn the DOCSIS Downstream and Upstream Parameters !Define the DOCSIS modem registration process

DOCSIS Block Diagram

!Principal Function of the DOCSIS Cable Modem System Is to
Transmit Internet Protocol (IP) Packets Transparently Between the Head end and the Subscriber Location. !The DOCSIS System Consists of:
! Cable Modem Termination System (CMTS) located at the headed ! Cable Network ! Cable Modem (CM) located at the Customer Premise

Wide-Area Network CMTS Network Side Interface

Cable Modem Termination System (CMTS)

Cable Network HFC

Cable Modem (CM)

CM Customer Premises Equipment Interface

Customer Premises Equipment

Transparent IP Traffic Through the System

3

DOCSIS Support Devices

Data Services - High Speed - Packet Data - IP Routing - IP Multicast - CM open Architecture

Headend or Central Office NM CMTS

Satellite

Internet On-line Services Local Server

Laser Combiner/ Splitter

Video Local Programming

HFC COAX Cable Modem

Splitter

Fiber Node

PC or MAC Television

DHCP Server

TOD Server

TFTP Server

Home Subscriber
4

TOD: Time of Day; TFTP: Trivial File Transfer Protocol; DHCP: Dynamic Host Configuration Protocol

DOCSIS DHCP Server

! DHCP Server
! Assigns IP addresses to client computers
" addresses are leased to clients (Cable Modems or CPEs) for a period of time
DHCP Server

" IP addresses can be reserved for specific clients or assigned from pools " clients may be authenticated based on their MAC address " address may be assigned from different pools based on extended options

DHCP Process
! The following parameters will be requested by the Cable Modem (CM) from the DHCP server
" IP address of the CM " IP address of the TFTP Server (for DOCSIS Configuration file) " IP address of the DHCP Relay Agent (if the DCHP server resides on a different network than the CM) " TFTP/DOCSIS Configuration file name " Subnet Mask to be used by the CM " Time offset of the CM from Universal Coordinated Time (UTC) " Default IP Gateway " Time of Day Server IP address " SYSLOG Server IP address

DHCP Server

DOCSIS ToD Server

! ToD Server
! Internet Time Protocol (ITP)
" RFC 868

! UDP and TCP requests honored on port 37

ToD Server

! 32-bit value defining the number of seconds since 00:00

(midnight January 1, 1900 GMT)

DOCSIS TFTP Server

! TFTP Server
! Trivial File Transfer Protocol
" (RFC 1350)
TFTP Server

! UDP port 69 ! Small and easy to implement ! Read and write to and from remote servers

TFTP Process
! The following settings MUST be included in the configuration file:
" Network Access Configuration Setting " Class of Service Configuration Setting

! The following settings are optional:

" " " " " " " " " " " " " Downstream Frequency Upstream Channel ID Vendor ID Baseline Privacy Software Upgrade filename SNMP Write-Access Control SNMP MIB Object Software Server IP Address CPE Ethernet MAC Address Maximum Number of CPEs (32 Max) SNMP IP Address (if applicable) Telephone Settings (if applicable) Vendor-Specific Configuration (if applicable)
9

TFTP Server

Cable Modem Architectures RF Return

! RF-Return
! Suited for CATV networks that have been fully upgraded for two-way communications ! Delivers high-speed data downstream and upstream over broadband network ! DOCSIS establishes standard specification for data communications over HFC network

10

Cable Modem Architectures Telco Return

! Telco-Return Suited for CATV networks without twoway capability
! Delivers high-speed data downstream over broadband network ! Relies on dial-up networking technology for return data ! Does not require HFC plant upgrade to two-way RF ! DOCSIS also specifies data communications using a telephone-return architecture ! Support for MMDS Wireless systems, DOCSIS does not support MMDS 2-Way

11

DOCSIS Protocol Signaling

! Frames and Timing
! MPEG Frames
" 188 Bytes, 4 Byte header

! Synchronous Transmission
" " " " Clock Synch messages from head end (613 per second) One source per downstream Multiple sources per upstream requiring time sharing Cable Modems identified by 16 bit Service ID (SID)

12

DOCSIS Protocol and Signaling contd.

! Frames and Timing
! Upstream Time Sharing (TDMA) ! Time allocation MAP from head end (every 4 ms) ! Upstream time allocated for Cable Modems in mini slots
" (Mini-slot = 8 ticks, Tick = 6.25 usec)

! Shared time slots for Maintenance & Requests (e.g. for new modems with no SID to come online)

13

DOCSIS Downstream Architecture

! RF Channel Spacing
! 88 - 860 MHz ! 6 MHz
64 QAM-Occupied bandwidth 5.057 MHz plus guard band 256 QAM- Occupied bandwidth 5.4 MHz plus guard band

14

DOCSIS Downstream Architecture

! RF performance requirements
! CNR -- 23.5dB as measured for analog video performance. (assumes DOCSIS carrier at analog level and 64 QAM downstream.) ! Amplitude ripple (response) -- 0.5 dB ! Group delay -- 75ns ! Power levels -15 dBmV to +15 dBmV

15

DOCSIS Downstream Architecture

! The DOCSIS Specification Uses a Modulation and Coding Scheme Defined by ITU J.83 Annex-b, for the Downstream:
! Modulation Type: 64-QAM or 256-QAM ! Maximum Data Rate: 27 Mbps at 64-QAM, 38 Mbps at 256QAM ! Bandwidth: 6 MHz channel ! Frequency Range: 88 - 860 MHz ! Transport Protocol: MPEG-2 ! Forward Error Correction (FEC) encoding: outer ReedSolomon and inner Trellis code ! 1E-8 BER with a carrier to noise ratio (Es/No) of:
23.5 dB for 64-QAM 30 dB for 256-QAM
16

DOCSIS Upstream Architecture

! Variable RF bandwidth and modulation.
! 200 kHz,400 kHz, 800 kHz, 1600 kHz, and 3200 kHz ! QPSK ( Quadrature Phase Shift Key) or 16 QAM (Quadrature Amplitude Modulation)

! Frequency Range
! 5 to 42 MHz (Edge to Edge)

! RF Performance requirements
! CNR -- Not less than 25 dB

17

DOCSIS Upstream Architecture

!Motorola (GI) Developed and Designed the Flexible F/TDMA
Upstream Approach to the Physical Layer in the DOCSIS Specification:
! Modulation Type: 16-QAM or QPSK ! Data Rates: 320Kbps - 10 Mbps ! Symbol Rates: 160, 320, 640, 1280 and 2560 ksym/s ! Bandwidth: 200, 400, 800, 1600 and 3200 kHz ! Frequency Range: 5 - 42 MHz (edge to edge)

!Range of available data rates and bandwidth used:

U p s tre a m S ym b o l R a te (k s p s ) 160 320 640 1280 2560 B a n d w id t h U s e d (K H z ) 200 400 800 1600 3200 QPSK D a ta R a te (k b p s ) 320 640 1280 2560 5120 16 Q AM D a ta R a te (k b p s ) 640 1280 2560 5120 10240
18

CMTS and Cable Modem Startup

!Provision modem in the Cable Router (operator configured or
automatically provisioned) !Install modem at subscriber premise (cable and power)

HFC

MODEM

CMTS

19

Downstream Channel Search

!CM searches for a downstream data channel !Synchronize with QAM !Synchronize with FEC and MPEG

QAM Signal

HFC

MODEM

CMTS

20

Monitor for SYNC Message

!Periodically transmitted by CMTS !SYNC message contains a time stamp that exactly identifies
when the CMTS transmitted the message !CM to synchronize its time-based reference clock so that its transmission on the upstream will fall into the correct minislots

SYNC Message
HFC

MODEM

CMTS

21

Obtain Upstream Parameters

!Monitor for UCD message
! periodically transmitted by CMTS ! UCDs define characteristics of the upstream channel such as: mini-slot size upstream channel ID downstream channel ID burst descriptors
UCD Message
HFC

MODEM

CMTS

22

UCD: Upstream Channel Descriptor

Initial Ranging
!CMTS periodically transmits MAP messages !Upstream Bandwidth Allocation Map (MAP) includes:
! Initial Maintenance Interval (broadcast interval) with start and end of connection opportunity

!CM responds with Ranging Request (RNG-REQ)

MAP Message
HFC

MODEM

CMTS

RNG-REQ

23

MAP: Media Access Protocol

Auto Adjustments
!CMTS receives initial Ranging Request from CM !CMTS responds with Ranging Response (unicast)
! assigns a SID and allocates bandwidth to this SID ! adjust power level, timing offset, and frequency adjustment ! Sets downstream and upstream channels

!CMTS starts Admission Control

RNG-RSP
HFC

MODEM

CMTS

24

Admission Control
!CMTS allocates a Temporary SID for the CM and puts the CM in
the Forwarding Tables !CMTS sends MAP with Station Maintenance opportunity for that SID !CM ranges with new settings !CMTS sends RNG-RSP to indicate success or failure of Admission
MAP Message
HFC

MODEM

CMTS

RNG-REQ

25

Bandwidth Requests
! Uses special MAC frame (REQ - 6 bytes only) ! Can also piggyback request on data frame
! Uses a 4-byte Extended Header TLV

! Request contains SID and number of minislots needed

! Includes all FEC other PHY overhead

! Requests may be sent in Request, Request/Data, or Data

transmit intervals ! The MAP has a special code to signal a request has been received although no grant is in the current MAP

26

MAPS
!The upstream time is allocated to modems in the MAP
message
! MAP is variable length, typically 5-15 ms

!CMTS sends separate MAP messages for each upstream

channel
! Set of all MAPs for a channel covers all minislots

!For each BW grant, contains:

SID, Burst type, and Grant length !MAP contains US Channel ID and configuration count
! Allows dynamic UCD changes

27

MAP Example

28

IP Connectivity
!CM sends a broadcast DHCP request via the CMTS to the
DHCP Server !DHCP server returns:
! IP address and Subnet Mask ! CM configuration file name and IP address of TFTP server ! UTC time offset to establish local time ! TOD Server IP address
Server DHCP-REQ

LAN/WAN

HFC

MODEM

CMTS

DHCP-RSP
29

Time of Day
!CM sends a request to the ToD Server !ToD Server responds: GMT

Server ToD-REQ

LAN/WAN

HFC

MODEM

CMTS

ToD-RSP
30

Transfer Operational Parameters

!After DHCP operation, CM must download the configuration file
from the TFTP server !Server address is specified in the siaddr field of the DHCP response

Server TFTP-REQ

LAN/WAN

HFC

MODEM

CMTS

TFTP-RSP
31

Registration
!CM generates a Registration Request (REG-REQ) !Includes configuration parameters received from TFTP
configuration file:
! Downstream frequency, Upstream channel ID ! Network access configuration settings ! Class of Service ! Modem Capabilities ! Modem IP address
REG-REQ

HFC

MODEM

CMTS

32

Registration
!CMTS
! checks CMs MAC address and authentication signature on the parameters ! assigns a SID ! provides bandwidth for CM requested Class of Service ! modifies forwarding table to allow full user data if the modem requested Network Access ! sends REG-RSP to CM (CM can pass unencrypted data)

REG-RSP

HFC

MODEM

CMTS
33

Baseline Privacy
!Follows modem registration !Provides user data privacy by encrypting traffic flows,
upstream and downstream !Provides cable operators basic protection from theft of service !Mechanisms for:
! authentication: CM to CMTS and CMTS to CM ! key distribution: traffic keys and lifetimes ! data encryption applied to Sid's

!56 bit DES Encryption

34

Security Association
!If CM is configured for Baseline Privacy in the modem TFTP
configuration file:
! CM sends Authorization Request Public key, MAC address, and SIDs ! CMTS responds with an Authorization Response Authorization Key (encrypted KEK) Key Sequence number and Lifetimes List of SIDs (for each requested Class of Service)

AUTH-REQ

HFC

MODEM

CMTS

AUTH-RSP
35

Security Association
!CM requests Key Request for each SID !CMTS responds with DES encrypted TEK for each SID !CM can now pass encrypted data

KEY-REQ

HFC

MODEM

CMTS

TEK
36

DOCSIS Today
! DOCSIS 1.0 ! Product Interoperability across available CMTSs ! 64 and 256 QAM modulation (downstream) formats ! 6-MHz occupied spectrum coexists with all other signals on the cable plant ! Variable-depth interleaver supports both latency-sensitive and insensitive data. ! The features in the upstream direction are as follows:
Flexible and programmable CM under control of the CMTS Frequency agility Time division multiple access QPSK and 16 QAM modulation formats Support of both fixed-frame and variable-length PDU formats Multiple symbol rates Programmable Reed-Solomon block coding Programmable preambles
37

DOCSIS 1.1 Enhancements

!Telephony support a major driver for 1.1 !QoS
! Multiple (dynamic) Service Flows and classifiers ! More upstream scheduling types (polling, periodic grants) ! Fragmentation

!Concatenation, PHS
! Efficient use of upstream channels

38

DOCSIS 1.1 Enhancements

!BPI+
! Authentication of CMs with digital certificates ! Longer keys and some new algorithms

!Secure code download

! Uses PKCS certificates and code image signing

!OSS enhancements
! SNMPv3 ! Full set of standard events and messages are specified

39

DOCSIS 1.1 Enhancements

! DOCSIS 1.1
! Packet Classification, based on fields in the Ethernet, IP, and UDP/TCP headers, into a Service Flow ! Service Flow association with a DOCSIS Service Identifier ! QoS MIBs ! Fragmentation ! Concatenation ! Payload Header Suppression (for increased bandwidth efficiency, particularly in the case of relatively small Voice-over-IP [VoIP] packets) ! Priority Queuing (e.g. Weighted Fair Queuing) at the CMTS ! BPI+ (Base Line Privacy - Plus) ! IGMP (Internet Group Management Protocol) Management

40

DOCSIS 1.0 and 1.1 Interoperability

! Can DOCSIS 1.0 and 1.1 Modems Can Be Used in the Same System?
! DOCSIS 1.1 is backward compatible with DOCSIS 1.0 ! DOCSIS 1.1 CMTSs are required to to support both DOCSIS 1.0 and 1.1 cable modems ! DOCSIS 1.1 modems must be able to register as a DOCSIS 1.0 modem with a CMTS that only supports DOCSIS 1.0

! Can DOCSIS 1.0 and 1.1 Modems Used on the Same Upstream Channel?
! Yes. ! Managing 1.0 and 1.1 modems on the same upstream channel is a more complex task for the CMTS ! If QoS commitments cause conflicts, the CMTS can easily move a CM from one upstream channel to another
41

DOCSIS 1.1 Overview

! Quality of Service (QoS) ! Baseline Privacy Plus (BPI+) ! Multicast ! Secure code download ! Dynamic channel change ! SNMPv3 ! Standardized event logging

42

Quality of Service

E-mail Voice

HFC

HFC

file

CM

CM

In In DOCSIS DOCSIS 1.0, 1.0, all all services services compete compete for for upstream upstream bandwidth bandwidth on on a a best best effort effort basis. basis.

In In DOCSIS DOCSIS 1.1, 1.1, each each service service can can get get performance performance assurances assurances based based on on QoS QoS parameters parameters (e.g. (e.g. bandwidth, bandwidth, jitter) jitter)

43

Packet Processing
Classifier Data Packet Service Queues Upstream Scheduler

Classification
IP Protocol Source/Dest IP Address Source/Dest Port ToS Source/Dest MAC Address

Service Flow
Max burst size Req/Transmission policy Max traffic rate Min reserved traffic rate Upstream scheduling type Grant/poll jitter Grant/poll interval

Upstream Scheduling
Unsolicited Grant Service (UGS) UGS w/ Activity Detection Real-Time Polling Non-Real-Time Polling Best Effort

44

Service Flow Types

! Static
! Provisioned when the CM registers ! Defined in a CMs config file

! Dynamic
! Created as needed, based on demand ! Dynamic service flow messages Dynamic Service Add (DSA) Dynamic Service Change (DSC) Dynamic Service Delete (DSD) ! Either CM or CMTS can create

45

Service Flow States

!Provisioned
! The CMTS has not yet reserved the resources in its MAC scheduler

!Admitted
! The resources are reserved, but the flow is not active

!Active
! The resources are in use, data is actively being transmitted on the flow

46

Dynamic Service Flow Example Two Phase Activation

!When a voice call is originated:
! Service flow created via DSA ! Resources are admitted (phase 1)

!When the far end answers:

! DSC used to activate the resources (phase 2) ! Call in progress

!When call ends, service flow is terminated via DSD

47

Fragmentation

48

Concatenation
! Transmission from single CM limited by the REQ/Grant
handshake
! Nominal latency for REQ/Grant sequence in idle network is ~2.5 msec, or ~400 Grants/sec for a single CM ! Operationally, ~150 grants/sec is typical ! Thus, transmission limited to ~150 bursts/sec

! Concatenation allows multiple packets per burst

! Improved upstream performance and efficiency

49

Payload Header Suppression

! Allows repetitive portion of packet to be suppressed over the HFC link ! A set of PHS rules defines the portion of the packet to suppress ! Set up during DSA or DSC signaling ! Improves bandwidth efficiency

50

PHS Example

51

BPI+ Enhances BPI Capability

! Stronger crypto mechanisms ! Support of future upgrade of crypto capabilities ! Strong authentication ! Dynamic security associations

52

Strong Authentication
! DOCSIS 1.0 does not have a secure mechanism to authenticate the CM ! DOCSIS 1.1 adds strong authentication of the CM through the use of
X.509 digital certificates ! Each CM issued a unique digital certificate that is verified through the DOCSIS root certificate authority

53

DOCSIS Trust Hierarchy

54

CM Authorization
Auth Request (CM-ID, CM-Certificate, Security-Capability, primary SAID)

CM

Auth Reply (Auth-key, Key-Lifetime, Key-Sequence_Number, one or more SA-Descriptors)

CMTS

CM-ID : serial number, manufacturer ID, MAC addr, & RSA public key CM Certificate : X.509 certificate Security-Capability : crypto capability, BPI version Primary SAID : CMs primary SID Auth-Key : Authorization key encrypted with CMs public key Key-Lifetime : remaining time that key is valid in secs Key-Sequence-Number : Sequence number of Auth key SA-Descriptors : Properties of the security association, including SAID, SA-type, & cyrpto-suite

55

Basic Authentication (1)

! CM sends: CM cert, manufacturer cert ! CMTS verifies CM cert
MAC addr, serial #, CM public key are correct ! Expiration okay ! CM cert issuer name matches manuf cert subject name ! CM cert signature is valid, using manuf cert public key

! CMTS verifies manufacturer cert

! Expiration okay ! Manuf cert issuer name is DOCSIS ! Manuf cert signature is valid, using DOCSIS root public key

! Success proves CM cert is valid, but still need to determine that

CM is rightful owner

56

Basic Authentication (2)

! CMTS RSA-encrypts authorization key using CMs public
key in CM certificate ! CM uses HMAC key (derived from authorization key) to generate HMAC on Key Request message ! CMTS verifies the HMAC ! Success proves CM knows the private key that matches public key in CM cert, hence CM is rightful owner

57

Dynamic Security Associations

! Useful for encrypting traffic flows that are dynamic or
temporal (e.g. multicast) ! SA-MAP mechanism allows CM to learn of encrypted traffic flows and its security association. ! Currently applied to multicast downstream flow ! Inter-operate with DOCSIS 1.1. IGMP management mechanism which triggers the establishment of dynamic SAs.

58

IGMP/SA-MAP Example

CPE
IGMP MR (Join)

CM
IGMP MR (Join)

CMTS

Set Set Multicast Multicast MAC MAC Filter Filter

SA-MAP Request SA-MAP Reply

Determine Determine SAID SAID

Start Start TEK TEK FSM FSM

Multicast Data

Key Req/Reply

Decrypt Decrypt Multicast Multicast

Encrypted Multicast Data

Encrypt Encrypt Multicast Multicast

Multicast Data

59

Secure Code Download

! DOCSIS provides a method to remotely download firmware updates to
the CM ! DOCSIS 1.1 adds a digital signature to the code file to verify the source and integrity of the downloaded code ! Allows for both the manufacturer and the MSO to digitally sign the code file.

60

Code Download Process

!DOCSIS Root CA
! Issues Manufacturer CVC

!Manufacturer !MSO

! Signs code file ! Send code file w/ CVC to MSO ! Verifies code file ! Optionally, adds MSO co-signature and MSO CVC to code file ! Send code file to CM on request ! ! ! ! Download code file Verify manufacturers signature Verify MSO signature, if present If verified, install code image

!Cable Modem

61

Dynamic Channel Change

! Enables CMTS to dynamically direct the CM to change its downstream
and/or upstream channel ! Near seamless change with minimum interruption of service ! Useful for traffic balancing, noise avoidance,

62

SNMPv3
! Enhances the SNMP v1/v2 framework to support:
! Privacy & authentication ! Authorization

! SNMPv3 defines a modular architecture within which

network management capabilities can evolve ! SNMPv3 defines no new protocols ! Documented in RFC 2571-2576

63

SNMPv3 Architecture

64

Standardized Event Logging

!DOCSIS 1.1 defines a set of standardized event message
formats and priorities.
! ~250 standard event messages ! 16 DOCSIS-specific trap types

!Eases network management operations

! Common event message across CM products ! Facilitates automated event processing

65

References
! Specifications are publically available at
www.cablemodem.com/specifications.html ! IEEE Communications, March 2001, p. 202
! Good overview article, available as PDF file

! CableLabs training on 1.0 MAC (VGs) ! CableLabs training on 1.1 (VGs and video)
! Video is of a presentation of the VG

! Clive Holborow and Greg Nakanishi

! BCS/IPNS, San Diego

66

Return to Introduction

67