DOCSIS Cable Modem Connection Process

1
DOCSIS Cable Modem Connection Process
2
Objectives

• Examine a DOCSIS system
• Define the DOCSIS modes
• RF Return
• Telco Return
• Learn the DOCSIS Downstream and Upstream
  Parameters
• Define the DOCSIS modem registration process

3
DOCSIS Block Diagram

• Principal Function of the DOCSIS Cable Modem
  System Is to Transmit Internet Protocol (IP)
  Packets Transparently Between the Head end and
  the Subscriber Location.
• The DOCSIS System Consists of
• Cable Modem Termination System (CMTS) located at
  the headed
• Cable Network
• Cable Modem (CM) located at the Customer Premise

4
DOCSIS Support Devices
HFC

Cable Modem
COAX
Splitter
PC or MAC
Television
Home Subscriber
TOD Time of Day TFTP Trivial File Transfer
Protocol DHCP Dynamic Host Configuration
Protocol
5
DOCSIS DHCP Server

• DHCP Server
• Assigns IP addresses to client computers
• addresses are leased to clients (Cable Modems
  or CPEs) for a period of time
• IP addresses can be reserved for specific clients
  or assigned from pools
• clients may be authenticated based on their MAC
  address
• address may be assigned from different pools
  based on extended options

6
DHCP Process

• The following parameters will be requested by the
  Cable Modem (CM) from the DHCP server
• IP address of the CM
• IP address of the TFTP Server (for DOCSIS
  Configuration file)
• IP address of the DHCP Relay Agent (if the DCHP
  server resides on a different network than the
  CM)
• TFTP/DOCSIS Configuration file name
• Subnet Mask to be used by the CM
• Time offset of the CM from Universal Coordinated
  Time (UTC)
• Default IP Gateway
• Time of Day Server IP address
• SYSLOG Server IP address

7
DOCSIS ToD Server

• ToD Server
• Internet Time Protocol (ITP)
• RFC 868
• UDP and TCP requests honored on port 37
• 32-bit value defining the number of seconds
  since 0000 (midnight January 1 1900 GMT)

8
DOCSIS TFTP Server

• TFTP Server
• Trivial File Transfer Protocol
• (RFC 1350)
• UDP port 69
• Small and easy to implement
• Read and write to and from remote servers

9
TFTP Process

• The following settings MUST be included in the
  configuration file
• Network Access Configuration Setting
• Class of Service Configuration Setting
• The following settings are optional
• Downstream Frequency
• Upstream Channel ID
• Vendor ID
• Baseline Privacy
• Software Upgrade filename
• SNMP Write-Access Control
• SNMP MIB Object
• Software Server IP Address
• CPE Ethernet MAC Address
• Maximum Number of CPEs (32 Max)
• SNMP IP Address (if applicable)
• Telephone Settings (if applicable)
• Vendor-Specific Configuration (if applicable)

10
Cable Modem ArchitecturesRF Return

• RF-Return
• Suited for CATV networks that have been fully
  upgraded for two-way communications
• Delivers high-speed data downstream and upstream
  over broadband network
• DOCSIS establishes standard specification for
  data communications over HFC network

11
Cable Modem ArchitecturesTelco Return

• Telco-Return Suited for CATV networks without
  two-way capability
• Delivers high-speed data downstream over
  broadband network
• Relies on dial-up networking technology for
  return data
• Does not require HFC plant upgrade to two-way RF
• DOCSIS also specifies data communications using a
  telephone-return architecture
• Support for MMDS Wireless systems DOCSIS does
  not support MMDS 2-Way

12
DOCSIS Protocol Signaling

• Frames and Timing
• MPEG Frames
• 188 Bytes 4 Byte header
• Synchronous Transmission
• Clock Synch messages from head end (613 per
  second)
• One source per downstream
• Multiple sources per upstream requiring time
  sharing
• Cable Modems identified by 16 bit Service ID
  (SID)

13
DOCSIS Protocol and Signaling contd.

• Frames and Timing
• Upstream Time Sharing (TDMA)
• Time allocation MAP from head end (every 4 ms)
• Upstream time allocated for Cable Modems in mini
  slots
• (Mini-slot 8 ticks Tick 6.25 usec)
• Shared time slots for Maintenance Requests
  (e.g. for new modems with no SID to come online)

14
DOCSIS Downstream Architecture

• RF Channel Spacing
• 88 - 860 MHz
• 6 MHz
• 64 QAM-Occupied bandwidth 5.057 MHz plus guard
  band
• 256 QAM- Occupied bandwidth 5.4 MHz plus guard
  band

15
DOCSIS Downstream Architecture

• RF performance requirements
• CNR -- 23.5dB as measured for analog video
  performance. (assumes DOCSIS carrier at
  analog level and 64 QAM downstream.)
• Amplitude ripple (response) -- 0.5 dB
• Group delay -- 75ns
• Power levels -15 dBmV to 15 dBmV

16
DOCSIS Downstream Architecture

• The DOCSIS Specification Uses a Modulation and
  Coding Scheme Defined by ITU J.83 Annex-b for
  the Downstream
• Modulation Type 64-QAM or 256-QAM
• Maximum Data Rate 27 Mbps at 64-QAM 38 Mbps
  at 256-QAM
• Bandwidth 6 MHz channel
• Frequency Range 88 - 860 MHz
• Transport Protocol MPEG-2
• Forward Error Correction (FEC) encoding outer
  Reed-Solomon and inner Trellis code
• 1E-8 BER with a carrier to noise ratio (Es/No)
  of
• 23.5 dB for 64-QAM
• 30 dB for 256-QAM

17
DOCSIS Upstream Architecture

• Variable RF bandwidth and modulation.
• 200 kHz400 kHz 800 kHz 1600 kHz and 3200 kHz
• QPSK ( Quadrature Phase Shift Key) or 16 QAM
  (Quadrature Amplitude Modulation)
• Frequency Range
• 5 to 42 MHz (Edge to Edge)
• RF Performance requirements
• CNR -- Not less than 25 dB

18
DOCSIS Upstream Architecture

• Motorola (GI) Developed and Designed the Flexible
  F/TDMA Upstream Approach to the Physical Layer in
  the DOCSIS Specification
• Modulation Type 16-QAM or QPSK
• Data Rates 320Kbps - 10 Mbps
• Symbol Rates 160 320 640 1280 and 2560 ksym/s
• Bandwidth 200 400 800 1600 and 3200 kHz
• Frequency Range 5 - 42 MHz (edge to edge)
• Range of available data rates and bandwidth used

19
CMTS and Cable Modem Startup

• Provision modem in the Cable Router (operator
  configured or automatically provisioned)
• Install modem at subscriber premise (cable and
  power)

CMTS
20
Downstream Channel Search

• CM searches for a downstream data channel
• Synchronize with QAM
• Synchronize with FEC and MPEG

HFC
MODEM
CMTS
21
Monitor for SYNC Message

• Periodically transmitted by CMTS
• SYNC message contains a time stamp that exactly
  identifies when the CMTS transmitted the message
• CM to synchronize its time-based reference clock
  so that its transmission on the upstream will
  fall into the correct mini-slots

CMTS
22
Obtain Upstream Parameters

• Monitor for UCD message
• periodically transmitted by CMTS
• UCDs define characteristics of the upstream
  channel such as
• mini-slot size
• upstream channel ID
• downstream channel ID
• burst descriptors

CMTS
UCD Upstream Channel Descriptor
23
Initial Ranging

• CMTS periodically transmits MAP messages
• Upstream Bandwidth Allocation Map (MAP) includes
• Initial Maintenance Interval (broadcast interval)
  with start and end of connection opportunity
• CM responds with Ranging Request (RNG-REQ)

MAP Message
CMTS
RNG-REQ
MAP Media Access Protocol
24
Auto Adjustments

• CMTS receives initial Ranging Request from CM
• CMTS responds with Ranging Response (unicast)
• assigns a SID and allocates bandwidth to this SID
• adjust power level timing offset and frequency
  adjustment
• Sets downstream and upstream channels
• CMTS starts Admission Control

RNG-RSP
CMTS
25
Admission Control

• CMTS allocates a Temporary SID for the CM and
  puts the CM in the Forwarding Tables
• CMTS sends MAP with Station Maintenance
  opportunity for that SID
• CM ranges with new settings
• CMTS sends RNG-RSP to indicate success or failure
  of Admission

MAP Message
CMTS
RNG-REQ
26
Bandwidth Requests

• Uses special MAC frame (REQ - 6 bytes only)
• Can also piggyback request on data frame
• Uses a 4-byte Extended Header TLV
• Request contains SID and number of minislots
  needed
• Includes all FEC other PHY overhead
• Requests may be sent in Request Request/Data or
  Data transmit intervals
• The MAP has a special code to signal a request
  has been received although no grant is in the
  current MAP

27
MAPS

• The upstream time is allocated to modems in the
  MAP message
• MAP is variable length typically 5-15 ms
• CMTS sends separate MAP messages for each
  upstream channel
• Set of all MAPs for a channel covers all
  minislots
• For each BW grant containsSID Burst type and
  Grant length
• MAP contains US Channel ID and configuration
  count
• Allows dynamic UCD changes

28
MAP Example
29
IP Connectivity

• CM sends a broadcast DHCP request via the CMTS to
  the DHCP Server
• DHCP server returns
• IP address and Subnet Mask
• CM configuration file name and IP address of TFTP
  server
• UTC time offset to establish local time
• TOD Server IP address

Server
CMTS
30
Time of Day

• CM sends a request to the ToD Server
• ToD Server responds GMT

Server
CMTS
31
Transfer Operational Parameters

• After DHCP operation CM must download the
  configuration file from the TFTP server
• Server address is specified in the siaddr field
  of the DHCP response

Server
CMTS
32
Registration

• CM generates a Registration Request (REG-REQ)
• Includes configuration parameters received from
  TFTP configuration file
• Downstream frequency Upstream channel ID
• Network access configuration settings
• Class of Service
• Modem Capabilities
• Modem IP address

REG-REQ
CMTS
33
Registration

• CMTS
• checks CMs MAC address and authentication
  signature on the parameters
• assigns a SID
• provides bandwidth for CM requested Class of
  Service
• modifies forwarding table to allow full user data
  if the modem requested Network Access
• sends REG-RSP to CM (CM can pass unencrypted
  data)

REG-RSP
CMTS
34
Baseline Privacy

• Follows modem registration
• Provides user data privacy by encrypting traffic
  flows upstream and downstream
• Provides cable operators basic protection from
  theft of service
• Mechanisms for
• authentication CM to CMTS and CMTS to CM
• key distribution traffic keys and lifetimes
• data encryption applied to Sids
• 56 bit DES Encryption

35
Security Association

• If CM is configured for Baseline Privacy in the
  modem TFTP configuration file
• CM sends Authorization Request
• Public key MAC address and SIDs
• CMTS responds with an Authorization Response
• Authorization Key (encrypted KEK)
• Key Sequence number and Lifetimes
• List of SIDs (for each requested Class of
  Service)

CMTS
36
Security Association

• CM requests Key Request for each SID
• CMTS responds with DES encrypted TEK for each SID
• CM can now pass encrypted data

CMTS
37
DOCSIS Today

• DOCSIS 1.0
• Product Interoperability across available CMTSs
• 64 and 256 QAM modulation (downstream) formats
• 6-MHz occupied spectrum coexists with all other
  signals on the cable plant
• Variable-depth interleaver supports both
  latency-sensitive and -insensitive data.
• The features in the upstream direction are as
  follows
• Flexible and programmable CM under control of the
  CMTS
• Frequency agility
• Time division multiple access
• QPSK and 16 QAM modulation formats
• Support of both fixed-frame and variable-length
  PDU formats
• Multiple symbol rates
• Programmable Reed-Solomon block coding
• Programmable preambles

38
DOCSIS 1.1 Enhancements

• Telephony support a major driver for 1.1
• QoS
• Multiple (dynamic) Service Flows and classifiers
• More upstream scheduling types (polling periodic
  grants)
• Fragmentation
• Concatenation PHS
• Efficient use of upstream channels

39
DOCSIS 1.1 Enhancements

• BPI
• Authentication of CMs with digital certificates
• Longer keys and some new algorithms
• Secure code download
• Uses PKCS certificates and code image signing
• OSS enhancements
• SNMPv3
• Full set of standard events and messages are
  specified

40
DOCSIS 1.1 Enhancements

• DOCSIS 1.1
• Packet Classification based on fields in the
  Ethernet IP and UDP/TCP headers into a Service
  Flow
• Service Flow association with a DOCSIS Service
  Identifier
• QoS MIBs
• Fragmentation
• Concatenation
• Payload Header Suppression (for increased
  bandwidth efficiency particularly in the case of
  relatively small Voice-over-IP VoIP packets)
• Priority Queuing (e.g. Weighted Fair Queuing) at
  the CMTS
• BPI (Base Line Privacy - Plus)
• IGMP (Internet Group Management Protocol)
  Management

41
DOCSIS 1.0 and 1.1 Interoperability

• Can DOCSIS 1.0 and 1.1 Modems Can Be Used in the
  Same System
• DOCSIS 1.1 is backward compatible with DOCSIS 1.0
• DOCSIS 1.1 CMTSs are required to to support both
  DOCSIS 1.0 and 1.1 cable modems
• DOCSIS 1.1 modems must be able to register as a
  DOCSIS 1.0 modem with a CMTS that only supports
  DOCSIS 1.0
• Can DOCSIS 1.0 and 1.1 Modems Used on the Same
  Upstream Channel
• Yes.
• Managing 1.0 and 1.1 modems on the same upstream
  channel is a more complex task for the CMTS
• If QoS commitments cause conflicts the CMTS can
  easily move a CM from one upstream channel to
  another

42
DOCSIS 1.1 Overview

• Quality of Service (QoS)
• Baseline Privacy Plus (BPI)
• Multicast
• Secure code download
• Dynamic channel change
• SNMPv3
• Standardized event logging

43
Quality of Service
E-mail
HFC
HFC
Voice
CM
CM
file
In DOCSIS 1.0 all services compete for upstream
bandwidth on a best effort basis.
In DOCSIS 1.1 each service can get performance
assurances based on QoS parameters (e.g.
bandwidth jitter)
44
Packet Processing
Upstream Scheduler
Service Queues
Classifier
Data Packet
45
Service Flow Types

• Static
• Provisioned when the CM registers
• Defined in a CMs config file
• Dynamic
• Created as needed based on demand
• Dynamic service flow messages
• Dynamic Service Add (DSA)
• Dynamic Service Change (DSC)
• Dynamic Service Delete (DSD)
• Either CM or CMTS can create

46
Service Flow States

• Provisioned
• The CMTS has not yet reserved the resources in
  its MAC scheduler
• Admitted
• The resources are reserved but the flow is not
  active
• Active
• The resources are in use data is actively being
  transmitted on the flow

47
Dynamic Service Flow Example Two Phase
Activation

• When a voice call is originated
• Service flow created via DSA
• Resources are admitted (phase 1)
• When the far end answers
• DSC used to activate the resources (phase 2)
• Call in progress
• When call ends service flow is terminated via DSD

48
Fragmentation
49
Concatenation

• Transmission from single CM limited by the
  REQ/Grant handshake
• Nominal latency for REQ/Grant sequence in idle
  network is 2.5 msec or 400 Grants/sec for a
  single CM
• Operationally 150 grants/sec is typical
• Thus transmission limited to 150 bursts/sec
• Concatenation allows multiple packets per burst
• Improved upstream performance and efficiency

50
Payload Header Suppression

• Allows repetitive portion of packet to be
  suppressed over the HFC link
• A set of PHS rules defines the portion of the
  packet to suppress
• Set up during DSA or DSC signaling
• Improves bandwidth efficiency

51
PHS Example
52
BPI Enhances BPI Capability

• Stronger crypto mechanisms
• Support of future upgrade of crypto capabilities
• Strong authentication
• Dynamic security associations

53
Strong Authentication

• DOCSIS 1.0 does not have a secure mechanism to
  authenticate the CM
• DOCSIS 1.1 adds strong authentication of the CM
  through the use of X.509 digital certificates
• Each CM issued a unique digital certificate that
  is verified through the DOCSIS root certificate
  authority

54
DOCSIS Trust Hierarchy
55
CM Authorization
Auth Request (CM-ID CM-Certificate
Security-Capability primary SAID)
CM
CMTS
Auth Reply (Auth-key Key-Lifetime
Key-Sequence_Number one or more SA-Descriptors)
CM-ID serial number manufacturer ID MAC addr
RSA public key CM Certificate X.509
certificate Security-Capability crypto
capability BPI version Primary SAID CMs
primary SID Auth-Key Authorization key
encrypted with CMs public key Key-Lifetime
remaining time that key is valid in
secs Key-Sequence-Number Sequence number of
Auth key SA-Descriptors Properties of the
security association including SAID SA-type
cyrpto-suite
56
Basic Authentication (1)

• CM sends CM cert manufacturer cert
• CMTS verifies CM cert
• MAC addr serial CM public key are correct
• Expiration okay
• CM cert issuer name matches manuf cert subject
  name
• CM cert signature is valid using manuf cert
  public key
• CMTS verifies manufacturer cert
• Expiration okay
• Manuf cert issuer name is DOCSIS
• Manuf cert signature is valid using DOCSIS root
  public key
• Success proves CM cert is valid but still need
  to determine that CM is rightful owner

57
Basic Authentication (2)

• CMTS RSA-encrypts authorization key using CMs
  public key in CM certificate
• CM uses HMAC key (derived from authorization key)
  to generate HMAC on Key Request message
• CMTS verifies the HMAC
• Success proves CM knows the private key that
  matches public key in CM cert hence CM is
  rightful owner

58
Dynamic Security Associations

• Useful for encrypting traffic flows that are
  dynamic or temporal (e.g. multicast)
• SA-MAP mechanism allows CM to learn of encrypted
  traffic flows and its security association.
• Currently applied to multicast downstream flow
• Inter-operate with DOCSIS 1.1. IGMP management
  mechanism which triggers the establishment of
  dynamic SAs.

59
IGMP/SA-MAP Example
CM
CMTS
CPE
IGMP MR (Join)
IGMP MR (Join)
Set Multicast MAC Filter
SA-MAP Request
Determine SAID
SA-MAP Reply
Key Req/Reply
Start TEK FSM
Encrypted Multicast Data
Decrypt Multicast
Encrypt Multicast
Multicast Data
Multicast Data
60
Secure Code Download

• DOCSIS provides a method to remotely download
  firmware updates to the CM
• DOCSIS 1.1 adds a digital signature to the code
  file to verify the source and integrity of the
  downloaded code
• Allows for both the manufacturer and the MSO to
  digitally sign the code file.

61
Code Download Process

• DOCSIS Root CA
• Issues Manufacturer CVC
• Manufacturer
• Signs code file
• Send code file w/ CVC to MSO
• MSO
• Verifies code file
• Optionally adds MSO co-signature and MSO CVC to
  code file
• Send code file to CM on request
• Cable Modem
• Download code file
• Verify manufacturers signature
• Verify MSO signature if present
• If verified install code image

62
Dynamic Channel Change

• Enables CMTS to dynamically direct the CM to
  change its downstream and/or upstream channel
• Near seamless change with minimum interruption of
  service
• Useful for traffic balancing noise avoidance

63
SNMPv3

• Enhances the SNMP v1/v2 framework to support
• Privacy authentication
• Authorization
• SNMPv3 defines a modular architecture within
  which network management capabilities can evolve
• SNMPv3 defines no new protocols
• Documented in RFC 2571-2576

64
SNMPv3 Architecture
65
Standardized Event Logging

• DOCSIS 1.1 defines a set of standardized event
  message formats and priorities.
• 250 standard event messages
• 16 DOCSIS-specific trap types
• Eases network management operations
• Common event message across CM products
• Facilitates automated event processing

66
References

• Specifications are publically available at
  www.cablemodem.com/specifications.html
• IEEE Communications March 2001 p. 202
• Good overview article available as PDF file
• CableLabs training on 1.0 MAC (VGs)
• CableLabs training on 1.1 (VGs and video)
• Video is of a presentation of the VG
• Clive Holborow and Greg Nakanishi
• BCS/IPNS San Diego

67
Return to Introduction