E6000™ Converged Edge Router User Documentation Issue 1.0 Software Release 1.0 4 Feb 2013 Preliminary Version E6000 CER Release 1.0 PRELIMINARY ARRIS Standard Software License Terms and Warranty Table Unless your company has executed a separate agreement which contains terms and conditions for software licensing of ARRIS products, you must agree to the below terms and conditions to receive download and support. ARRIS products, both Hardware and Software, contain proprietary information and trade secrets that are confidential information of ARRIS. ARRIS reserves the right to audit the use of Customer’s Hardware and Software. Definitions and Interpretation Within this document definitions are defined as follows: "ARRIS" means ARRIS Solutions, Inc., a wholly owned subsidiary of ARRIS Group, Inc. and/or its designated affiliates. "Customer" means the person or entity however constituted to whom the Products or Services are provided. "Hardware" means equipment designed and manufactured by ARRIS, or other manufacturer's equipment offered for sale by ARRIS to Customer. "Software" means ARRIS-licensed software, including updates, and any other enhancements, modifications, and bug fixes thereto, in object code form only, and any full or partial copies thereof. Software is licensed by ARRIS separately or as part of a Product sale. Provided that the Customer has paid all applicable license fees to ARRIS, and assuming that the Customer has not negotiated a separate specific agreement or been granted a third-party license with the Software, then ARRIS grants to Customer a limited, royalty-free, nonexclusive and nontransferable, non-sublicensable license limited solely to the use of the Software’s application with the Hardware, if applicable, sold in conjunction with the Software for its intended purposes, which purposes preclude Customer’s provision of any product or service to a third party that would alleviate any third party from the obligation or need to obtain a separate license to the Software. All rights, title to and ownership of all applicable intellectual property rights in the Software, including but not limited to patents, copyrights and trade secrets remain with ARRIS and its licensors. Customer shall not attempt to acquire any other rights or transfer any ownership rights in the Software in contravention to ARRIS’ rights. ARRIS’ rights extend to any accompanying printed materials and online or electronic documentation, and any authorized copies of the above materials. The Software as used herein includes unpublished software, trade secret and confidential or proprietary information of ARRIS or its licensors and is developed at private expense. Customer may use third-party software products or modules supplied by ARRIS solely with the Products, unless the licensing terms of the third-party software specify otherwise. Customer shall not modify, create derivative works, reverse engineer, decompile, disassemble or in any manner attempt to derive the source code from the Software, in whole or in part, except and only to the extent that such activity is expressly permitted by applicable law. Customer is entitled to make a single copy of the Software solely for backup or archival purposes and all title, trademark, copyright, restricted rights or any other proprietary notices shall be reproduced in such copy. Unless otherwise agreed to in writing, Customer shall not otherwise use, copy, modify, lend, share, lease, rent, assign, sub-license, provide service bureau, hosting or subscriptions services, or distribute or transfer the Software or any copies thereof, in whole or in part, except as expressly provided in these terms and conditions. Customer further agrees not to publish or disclose any benchmark tests run on the Software. Customer shall not remove, obscure or alter any notice of copyright, patent, trade secret, trademark or other proprietary right or disclaimer appearing in or on any Software Products or accompanying materials. All rights not expressly granted hereunder are reserved by ARRIS. 4 Feb 2013 ARRIS Group, Inc. Copyright © 2013 ii PRELIMINARY E6000 CER Release 1.0 The Software may contain embedded third-party software (“Embedded Third-party Software). The licensors of such Embedded Third-party Software shall be third party beneficiaries entitled to enforce all rights and obtain all benefits which relate to such licensors under these terms and conditions. The licensors of such Embedded Third-party Software shall not be liable or responsible for any of ARRIS’ covenants or obligations under these terms and conditions, and Customer’s rights or remedies with respect to any Embedded Third-party Software under these terms and conditions shall be against ARRIS. Customer shall not directly access or use any embedded third-party software independently of the Software unless Customer obtains appropriate licenses. Under certain circumstances, ARRIS will advise that Customer needs to obtain a license for other third-party software (“Third-party Software”) for use in conjunction with the Software. Customer agrees that the terms and conditions agreed to between Customer and such Third-party Software vendor, including but not limited to warranties, indemnification and support, shall be solely between Customer and the Third-party Software vendor, and ARRIS shall not have any responsibility or liability for such Third-party Software. ARRIS Products may contain Open Source software. If Open Source is used, upon written request from an ARRIS customer, ARRIS will make available the appropriate Open Source software as per the applicable GPL. Table -1: ARRIS C4® CMTS and E6000™ Converged Edge Router Warranty Warranty Period from Shipment Date ARRIS Product Categories Domestic U.S. All ARRIS CMTS products including WiDOX CMTS, C3, C4, C4c, D5 UEQ and E6000 CER; and EGT Encoder Hardware one (1) Year Solutions: Encore and Quartet Encoders, VIPr Video Transcoder and System Solutions, and HEMi Software ninety (90) days Headend Micro Solutions 4 Feb 2013 ARRIS Group, Inc. Copyright © 2013 Outside U.S. Hardware one (1) Year Software ninety (90) days iii PRELIMINARY E6000 CER Release 1.0 Copyright and Trademark Information E6000™ Converged Edge Router ARRIS C4® Cable Modem Termination System (CMTS) ARRIS C4® Cable Modem Termination System ARRIS C4c™ Cable Modem Termination System ARRIS DOCSIS® 3.0 C4® CMTS The capabilities, system requirements and/or compatibility with third-party products described herein are subject to change without notice. ARRIS, the ARRIS logo, Auspice®, BigBand Networks®, BigBand Networks and Design®, BME®, BME 50®, BMR®, BMR100®, BMR1200®, C3™, C4®, C4c™, C-COR®, CHP Max5000®, ConvergeMedia™, Cornerstone®, CORWave™, CXM™, D5®, Digicon®, E6000™, ENCORE®, EventAssure™, Flex Max®, FTTMax™, HEMi®, MONARCH®, MOXI®, n5®, nABLE®, nVision®, OpsLogic®, OpsLogic® Service Visibility Portal™, Opti Max™, PLEXiS®, PowerSense™, QUARTET®, Rateshaping®, Regal®, ServAssure™, Service Visibility Portal™, TeleWire Supply®, TLX®, Touchstone®, Trans Max™, VIPr™, VSM™, and WorkAssure™ are all trademarks of ARRIS Group, Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and the names of their products. ARRIS disclaims proprietary interest in the marks and names of others. Copyright © 2013 ARRIS Group, Inc. All rights reserved. Reproduction in any manner whatsoever without the express written permission of ARRIS Group, Inc. is strictly forbidden. For more information, contact ARRIS. Patent Information The ARRIS C4® Cable Modem Termination System (CMTS) and E6000™ Converged Edge Router are protected by U.S. and international patents including: 6,449,249 6,457,978 6,636,482 6,637,033 6,662,368 6,769,132 6,898,182 7,002,914 7,047,553 7,272,144 7,480,237 7,480,241 7,570,127 7,593,495 7,606,870 7,660,250 7,698,461 7,701,956 7,953,144 7,958,260 7,974,303 8,136,141 8,218,438 8,332,911 DATA CONNECTION (c) is a registered trademark of DATA CONNECTION LIMITED in the US and other countries. Copyright (R) 2005- 2009 Data Connection Limited . Portions of the IPDR software were authored by IPDR.org. The Regular Expression Source Code and its use is covered by the GNU LESSER GENERAL PUBLIC LICENSE version 3. June 29, 2007 Additional ARRIS Group, Inc. patents pending. Copyright (c) 2002-2013 ARRIS Group, Inc. All Rights Reserved 4 Feb 2013 ARRIS Group, Inc. Copyright © 2013 iv PRELIMINARY E6000 CER Release 1.0 Table of Contents Table of Contents List of Figures List of Procedures 1 2 About This Manual Purpose 1-1 Intended Audience 1-2 Prerequisite Skill and Knowledge 1-2 DOCSIS Overview 1-2 Conventions Used in this Document 1-3 Textual Conventions 1-4 How to Contact Us 1-5 E6000 CER Features E6000 CER Feature Descriptions by Software Release 3 E6000 Converged Edge Router Specifications Network Diagram Issue 1.0, 4 Feb 2013 2-2 © 2013 ARRIS Group, Inc. — All Rights Reserved 3-3 PRELIMINARY -v PRELIMINARY E6000 CER Release 1.0 E6000 CER Specifications RF Electrical Specifications 3-6 Scalability 3-8 Application-related Specifications 4 3-4 3-10 Hardware Overview Overview 5 4-2 Chassis 4-3 Main Hardware Components 4-7 Fan Tray 4-8 Air Filter 4-10 Power Entry Module (PEM) 4-12 Chassis Control Module (CCM) 4-14 Upstream Cable Access Module (UCAM) 4-16 Downstream Cable Access Module (DCAM) 4-17 Router System Module (RSM) 4-18 Router System Module (RSM) RSM Overview 5-2 Major Functions 5-3 LED Status 5-4 SFP Interfaces 5-5 RSM Peripheral Interface Card (RPIC) Overview Major Functions Issue 1.0, 4 Feb 2013 5-10 5-10 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -vi PRELIMINARY E6000 CER Release 1.0 RSM and RPIC Installation Connecting the Operator Console 5-12 RSM Initial Bringup 5-15 RSM and RPIC Replacement 6 5-11 5-17 Flash Disk 5-22 File System Administration 5-22 Show Commands 5-23 File Transfers 5-24 Licensing Overview 6-1 CAM Channel Licensing 6-2 Channel Default Numbers 6-2 Additional Channels 6-2 CAM License Key 6-3 Maintenance Considerations 7 Issue 1.0, 4 Feb 2013 6-4 CAM Restoral 6-4 CAM Sparing 6-4 Associated CLI Commands 6-5 CAM Channel License Upgrade 6-6 Display License Details 6-6 Display Linecard Status Information 6-6 Display Spare Group Information 6-7 Field Upgrade for Additional Channel Growth 6-7 Downstream Cable Access Module (DCAM) Overview 7-2 Licensing 7-2 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -vii PRELIMINARY E6000 CER Release 1.0 Modules and Components 7-3 Primary Software Function 7-4 Maximum Number of DCAMs 7-4 Description 7-4 DPIC Description 7-7 Non-Contiguous Channels and Frequency Agility 7-9 Interleaver Depth 8 7-11 QAM Modulation Order and Port Requirements 7-12 MAC Domains 7-12 Parameters 7-13 Provisioning and Configuration 7-14 Frequency Adjustment Commands 7-19 Scripts for Reconfiguration or Changing RF Parameters 7-21 High-Level DCAM Implementation Procedure 7-21 Upstream Cable Access Module (UCAM) Overview 8-2 Licensing 8-2 Modules and Components 8-3 Primary Software Functions 8-4 Description 8-4 UPIC Description 8-9 Receivers and Channels 8-11 Logical Upstream Channel 0 8-13 MAC Domains 8-13 Provisioning Issue 1.0, 4 Feb 2013 8-14 Rules and Restrictions for UCAM 8-15 Basic Command Set for Configuring a UCAM 8-16 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -viii PRELIMINARY E6000 CER Release 1.0 Measuring SNR in the UCAM Channel and Modem SNR 8-21 SNR Calculation 8-21 Modulation Profiles 8-25 Explanation of Upstream Parameters 9 Issue 1.0, 4 Feb 2013 8-21 8-25 Ingress Noise Cancellation 8-32 Notes on DOCSIS 3.0 Upstream Frequency Range 8-33 Adjusting Channel Settings in Response to Increased CM Scaling 8-34 Default Modulation Profile 8-34 Modulation Profiles: Default and User-defined 8-42 Optimizing a Modulation Profile 8-44 Intelligent Channel Optimizer 8-44 Noise and SNR versus Modulation Symbol Rate 8-44 Installation Overview 9-2 Safety Precautions 9-3 Electrical Equipment Guidelines 9-4 Electrostatic Discharge (ESD) 9-4 Installation Guidelines 9-6 Unpacking the E6000 CER 9-8 Installation Requirements 9-10 Rack Mounting the E6000 CER 9-13 Grounding the Chassis 9-14 Fan Trays 9-15 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -ix PRELIMINARY E6000 CER Release 1.0 Air Filter 9-17 Power Entry Module (PEM) 9-19 Installation Procedure 10 Basic Bring-up Procedure Before You Begin 10-1 Bring-up Procedures 10-4 Verification Steps 11 12 Issue 1.0, 4 Feb 2013 10-16 Control Complex Redundancy Overview 11-1 CCR Components 11-2 Configure Duplex RSM 11-3 CAM Sparing FlexCAM™ Hitless CAM Sparing 12-1 Guidelines for CAM Spare Groups 12-2 Configuration Example 13 9-19 12-4 Cable-side Configuration Overview 13-1 MAC Domains 13-2 DOCSIS Functions 13-2 DOCSIS 3 Terminology 13-3 Specifications 13-5 MAC Domain Configuration 13-6 Additional Related MAC Domain Commands 13-8 Channel to MAC Domain Association 13-8 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -x PRELIMINARY E6000 CER Release 1.0 Upstream to Downstream Channel Association (Supervision) Upstream Channel Descriptor Messages 13-13 Supervision 13-13 Cable Plant Topology and Fiber Nodes Fiber Node Configuration 13-19 13-21 Cable Modem Timing, Supervision, and Messaging 13-22 13-24 MAC Domain 13-24 Channel Sets 13-24 Receive Channel Configurations and Bonding Groups 13-35 Dynamic Routing Protocols Overview 14-1 Border Gateway Protocol 14-2 BGP Version 4 14-2 Default VRF 14-2 Interior and Exterior BGP 14-2 Interconnected Peering Routers 14-3 BGP Sessions 14-3 iBGP Networks 14-3 BPG Peering Sessions Reduction 14-3 BGP-4 Implementation 14-6 BGP-Related CLI Commands 14-7 Sample Configuration Command Scripts for BGP Intermediate System-Intermediate System Issue 1.0, 4 Feb 2013 13-19 Channel to Fiber Node Configuration Service Group Determination and Display 14 13-13 14-14 14-17 Overview 14-17 CLNP Addressing/NSAP Address Format 14-17 IS-IS Network Topology, Unique Level 1 Areas 14-18 Dynamic Hostname Support 14-20 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xi PRELIMINARY E6000 CER Release 1.0 IS-IS Network Topology — Multi-homing 14-21 Packet Flow Between IS-IS Systems 14-21 Designated Intermediate System (DIS) and Reliable Flooding of LSPs 14-22 Multiple Topology IS-IS Overview 14-24 Overcoming Single SPF Limitation 14-24 Adjacencies 14-25 Broadcast Interface Adjacencies 14-25 Advertising MT Reachable Intermediate Systems in LSPs 14-26 MT IP Forwarding 14-26 Configuring MT IS-IS on the E6000 CER 14-27 Sample Configuration 14-29 Example Show Commands 14-31 CLI Commands 14-34 Open Shortest Path First version 2 14-39 Link State Routing Protocol Description 14-39 Routing Metrics 14-39 Equal Cost MultiPath Routes 14-40 Configuring OSPF 14-40 CLI Commands for OSPF 14-44 Open Shortest Path First version 3 Issue 1.0, 4 Feb 2013 14-24 14-46 Comparison of OSPFv3 and OSPFv2 14-46 Discovering Neighboring Routers 14-46 Hello Packets 14-47 Equal Cost Multipath 14-48 Neighbors 14-49 Adjacency 14-50 Router Types 14-50 Areas 14-51 Link-State Advertisement 14-52 Stub Area 14-54 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xii PRELIMINARY E6000 CER Release 1.0 Not-So-Stubby Area 14-54 Route Summarization 14-54 Configuring OSPFv3 for IPv6 14-55 Summary of CLI Commands for OSPFv3 14-57 Routing Information Protocol RIP version 2 14-62 Hop Count 14-62 Routing Update Management 14-62 RIP Enable and Disable 14-63 RIP Passive Mode Operation 14-65 Default Route Processing 14-66 Plain Text Authentication 14-67 MD5 Digest Authentication 14-68 Route Redistribution for IPv4 Addresses 14-73 Route Redistribution CLI Commands 14-75 IP Route Filtering 14-77 14-86 Configuring PBR 14-86 CLI Commands 14-92 Interface IP Configuration Overview 15-1 Subinterfaces (Multiple VRIs per VRF) 15-3 Interface Configuration 15-5 Common Interface Configuring Commands 15-5 Monitoring Interfaces 15-7 802.1Q VLAN Tagging (Q-tags) CLI Commands Issue 1.0, 4 Feb 2013 14-73 BGP Route Maps Policy-Based Routing (PBR) 15 14-62 15-10 15-12 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xiii PRELIMINARY E6000 CER Release 1.0 Loopback Interfaces for Routing Protocols ECMP 16 15-16 Configuring IP Static Routes 15-17 Multiple VRFs 15-18 Overview 15-18 Overview of the Sample Procedure 15-19 IP Packet Filters, Subscriber Management IP Packet Filtering 16-2 IP Packet Filter 16-2 IP Filter Group 16-3 Filter Group Numbering Scheme 16-4 Filtering Related CLI Commands 16-4 Drop Packet By Flow Label or IP Version 16-11 IPv4 and IPv6 Drop/Accept Packet Command Examples 16-11 Port Filters 16-12 Port Filter Drop Command Examples 16-13 IP Protocol Filters 16-13 IP Protocol Filter Command Examples 16-14 Type of Service and Match Action Filtering 16-15 TOS Filtering Command Example 16-16 Match Action Command Examples 16-17 Effect of IP Packet Filtering / Subscriber Management on IP Address Limits Issue 1.0, 4 Feb 2013 15-14 16-18 Subscriber Management Off 16-18 Subscriber Management On 16-18 Per-Interface Configuration 16-19 Default Subscriber Management Settings 16-20 IP Packet Filtering Configuration Example 16-21 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xiv PRELIMINARY E6000 CER Release 1.0 17 Baseline Privacy Interface (BPI) Baseline Privacy Overview Baseline Privacy Operational Overview Baseline Privacy Setup 17-5 17-5 Baseline Privacy Cable Modem Configuration File Settings 17-8 BPI Initialized State Configuration Settings 17-9 Digital Certificates (BPI+ Only) 17-11 Provisioning BPI X.509 Certificates Using Import/Export Commands 17-11 Provisioning X.509 Certificates 17-13 Baseline Privacy Debugging 17-16 Baseline Privacy Trap Codes 17-19 Baseline Privacy: CLI Commands 17-23 BPI+ Enforce 17-26 17-26 DOCSIS Set-top Gateway Configuration Overview 18-2 DSG Support for DOCSIS 3.0 18-5 DSG Configuration Overview 18-9 Configuring Interfaces to Carry Tunnel Traffic Enabling Upstream Filters DSG Configuration Issue 1.0, 4 Feb 2013 17-3 Initial CMTS Base Table Setup CLI Commands 18 17-2 18-9 18-11 18-13 Configuring Access List, Filters and Rate Limits 18-13 Configuring IP Forwarding for Basic Mode DSG 18-14 Configuring for Advanced DSG Mode 18-15 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xv PRELIMINARY E6000 CER Release 1.0 DS Cable Interface 18-18 DSG Tunnels 18-20 DSG Classifier 18-24 Sample DSG Configuration Scenarios 19 Initial Setup for DSG 18-25 DSG Configuration Only 18-27 Multicast Destination IP to RFC1112 DSG Tunnel MAC 18-28 Multicast Destination IP to non-RFC1112 DSG Tunnel MAC 18-30 CPE Device Classes Types of Device Classes 19-2 Functionality 19-2 Considerations 19-3 Dynamic Host Configuration Protocol 19-4 DHCP Client 19-4 DHCP Server 19-4 DHCP Relay Agent 19-4 DHCP Options 19-5 Rapid Commit 19-7 DHCP Helper Address Provisioning 19-7 Assigning Secondary Interfaces Based on Device Class 19-8 Filter Groups Based on Device Class Filter Group Assignment Issue 1.0, 4 Feb 2013 18-25 19-10 19-10 DOCSIS Subscriber Management MIB 19-10 CPE Device Filtering Related Commands 19-11 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xvi PRELIMINARY E6000 CER Release 1.0 20 Channel Bonding Channel Assignment 20-2 CM Channel Selection 20-2 Service Flow Channel Selection 20-4 Downstream Channel Bonding (DSCB) 20-6 Configuration Example for Channel Bonding Using Sample MAC Domain 1 20-11 Configuration Examples for Static RCC 20-15 Configuring Channel Bonding Groups 20-16 Per-packet Channel Selection for Bonding Groups 20-17 Upstream Channel Bonding (USCB) 20-18 Selective Enabling of USCB within a MAC Domain 20-18 Non-Primary Channel Acquisition for Upstream Channel Bonding 20-21 Partial Service Handling on the E6000 CER 21 20-7 RCP/RCC 20-22 Upstream Impairment Detection and Recovery 20-22 Downstream Impairment Detection and Recovery 20-22 IPv6 Overview 21-1 IPv6 Packet Structure 21-2 IPv6 Addressing Architecture 21-3 E6000 CER Security Features for IPv6 Proxy Duplicate Address Detection Issue 1.0, 4 Feb 2013 21-7 21-16 DHCPv6 PDRI and Bulk Lease Query 21-17 IPv6 Prefix Stability 21-23 Using Prefix-Stability in E6000 CERs 21-23 Operational Concerns 21-31 IPv6 Distribute Lists 21-33 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xvii PRELIMINARY E6000 CER Release 1.0 22 IP Video Overview 22-1 IP Video Functionality ASM Architecture 22-5 SSM Architecture 22-6 IP Video Provisioning 22-8 Configure Multicast Routing 22-13 Additional Configuration References 22-13 IP Video Visibility 22-14 IP Video Monitoring and Management CLI Commands 23 22-3 22-23 22-26 Multicast Overview 23-1 IP Multicast 23-2 Multicast Traffic 23-2 IGMP Implementation 23-3 Protocol-Independent Mode—Source-Specific Multicast 23-4 Multicast Routing 24 Issue 1.0, 4 Feb 2013 23-5 ASM/SSM Configurations 23-6 IGMP Visibility 23-7 Static IGMP Joins 23-11 CLI Commands 23-12 Connection Admission Control Overview 24-1 General CAC Description 24-2 PacketCable CAC Description 24-2 Multicast CAC Description 24-3 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xviii PRELIMINARY E6000 CER Release 1.0 25 Configuring CAC 24-5 Show/Display Commands 24-6 Data Consistency Checks 24-8 PacketCable™ Services and Voice Applications PacketCable Overview 25-2 PacketCable Multimedia Overview 25-5 PCMM Classification for Remotely Connected Subnets 26 27 Configuration Procedures 25-12 PacketCable Settings 25-13 DSx DQoS VoIP 25-21 Converged Services (Voice and Data) Overview 26-1 QoS Levels 26-2 Security AAA Overview 27-1 Local Authentication 27-5 TACACS+ 27-6 SSH2 Issue 1.0, 4 Feb 2013 25-9 27-15 Description 27-15 Server Management 27-16 Configure Commands 27-17 Show Commands 27-20 Routing to a Null Interface 27-21 Source Verification of Cable-side IP Addresses 27-22 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xix PRELIMINARY E6000 CER Release 1.0 Advanced CM Configuration File Verification Cable Modem MAC Deny List 28 28-1 CALEA 28-2 Electronic Surveillance Configuration 28-3 Electronic Surveillance Logging Messages 28-4 Legal Intercept 28-5 Chassis Configuration 28-7 CLI Commands 28-7 Data Management and Maintenance PC 2.0 Lawfully Authorized Electronic Surveillance 28-10 28-11 Load Balancing Overview 29-1 Load Balancing Group Definitions Dynamic Load Balance Intervals CLI Commands for Load Balancing 29-3 29-11 29-12 Minimal Configuration 29-12 Additional Load-Balance Commands 29-15 Interaction with Older Cable Modems 29-21 Load Balancing of Bonded Cable Modems Issue 1.0, 4 Feb 2013 27-28 Unified Electronic Surveillance Overview 29 27-24 29-23 Distributing Bonded CMs across Downstreams at Registration Time 29-23 Load Balancing Bonded CMs at Regular Intervals 29-24 Downstream and Upstream Start Thresholds 29-26 Load Balance Rule-based Modem Steering 29-28 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xx PRELIMINARY E6000 CER Release 1.0 Service-type Modem Steering Load Balancing of Voice Bearer Flows 30 30-2 Maintaining Performance During Excessive Traffic 30-2 RSM Protocol CLI Commands 30-2 Upstream Cable Protocol Throttling 30-5 IPv6 Neighborhood Discovery 30-5 ARP/ND Monitoring 30-6 Cable Protocol Throttling Configuration 30-6 Throttling Configuration Clear and Show Commands 30-7 Cable Throttling Command Examples 30-8 ARP/ICMP Throttling 30-12 Configure ARP Throttling Commands 30-12 Default Configuration for ARP Throttling 30-13 Quality of Service Mechanisms Statistical Multiplexing Issue 1.0, 4 Feb 2013 29-35 Packet Throttling RSM Protocol Policing 31 29-32 30-14 30-14 Weighted Random Early Detection and Traffic Policing 30-14 Traffic Shaping 30-14 Traffic Shaping CLI Commands 30-16 Power Boost Cap 30-17 Access Control Lists Overview 31-1 Data Plane Filter IP ACLs 31-3 In-band Management 31-6 IGMP ACLs 31-7 IPv6 ALs 31-9 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxi PRELIMINARY E6000 CER Release 1.0 32 Internet Protocol Detail Record Exporter Services 32-2 IPDR Session Methods 32-2 IPDR Records 32-2 Method and Record Usage 32-3 IPDR Document 32-4 Sequence of Records 32-4 Exporter Address 32-5 Collector Connectivity 32-6 IPDR Inter-Operations 32-7 Surveillance 32-7 IPDR Configuration 32-9 Parameters 32-9 CLI Commands 33 34 32-10 Host Names, User IDs, and Password Recovery How to Administer the Host Name and User IDs 33-1 How to Add and Delete Users 33-2 Global User Profile 33-4 Password Recovery 33-5 Clock Synchronization Protocol Local (Internal) Clock Issue 1.0, 4 Feb 2013 34-2 Clock Commands 34-2 Manually Setting the Internal Clock 34-5 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxii PRELIMINARY E6000 CER Release 1.0 35 Network Time Protocol 34-6 NTP Server Commands 34-6 Configure NTP Client 34-7 Service Class Names Service Class Name Details Service Flows 35-2 Major Functions 35-2 Quality of Service Parameters MIB 35-3 Service Class Name Configuration 35-5 Service Classes 35-6 Gold Service Class Example 35-6 Silver Service Class Example 35-6 Bronze Service Class Example 35-6 Tiered Service Examples 35-7 Additional Service Flows 35-7 Commands for Adding Service Class Names 36 Issue 1.0, 4 Feb 2013 35-2 35-9 Per-Subscriber Throughput Throughput 36-2 Two Display Formats 36-3 Display Basic CM QoS Output 36-3 Display Verbose CM QoS Output 36-4 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxiii PRELIMINARY E6000 CER Release 1.0 37 38 Additional Classifier Support Description 37-2 Operation 37-3 Multiple Grants Per Interval 37-3 Maximum Active Call Capacity 37-4 Dynamic Tmin and Tmax 37-4 Diagnostics Problem Isolation Diagnostic Failure and Recover 39 40 Issue 1.0, 4 Feb 2013 38-1 38-11 Logging Event Messages 39-2 Event Message Routing 39-4 Logging History Buffer 39-5 System Console 39-15 Monitor (Telnet or Secure Shell) 39-17 Local Log (Volatile) 39-19 Syslog Server 39-21 Simple Network Management Protocol Management Station 39-25 SNMP Configuration with CLI 39-29 Throttle Control of Event Messages 39-35 Fully-Qualified Domain Name (FQDN) Overview 40-1 Operational Concerns 40-2 CLI Commands 40-3 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxiv PRELIMINARY E6000 CER Release 1.0 41 42 43 BSoD L2VPN Background Information 41-1 Overview 41-2 Additional Information 41-4 Enabling BSoD 41-4 CLI Commands 41-7 Standard and Enterprise MIBs E6000 CER SNMP MIB Variable Descriptions 42-2 Enterprise MIBs 42-5 CLI Overview Access Levels and Modes CLI Command Modes 43-2 Designating MAC addresses and IP addresses 43-7 Keyboard Shortcuts CLI Command Features 43-11 43-11 Configuring Passwords and Privileges 43-14 43-19 How to Use CLI Filtering Show Cable Modem Column Feature Issue 1.0, 4 Feb 2013 43-9 CLI Help Feature CLI Filtering 44 43-2 43-19 43-26 Command Line Descriptions © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxv PRELIMINARY E6000 CER Release 1.0 Alphabetical List of CLI Commands AB Issue 1.0, 4 Feb 2013 Abbreviations © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxvi PRELIMINARY E6000 CER Release 1.0 List of Figures 3 4 5 Issue 1.0, 4 Feb 2013 E6000 Converged Edge Router Specifications E6000 CER (front view) 3-2 Typical Cable Network Architecture 3-3 Hardware Overview Basic Front View of the E6000 4-3 Air Flow through Chassis 4-5 Fan Tray 4-8 Front Air Filter 4-10 Rear Air Filter 4-11 Chassis Control Modules 4-14 Router System Module (RSM) Router System Module and Physical Interface Card 5-2 Examples of the Optical SFPs and Copper SFP 5-5 Installing the SFPs 5-8 View of Pin-out of Serial Cable 5-13 Connecting the Console Port to a PC 5-14 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxvii PRELIMINARY E6000 CER Release 1.0 7 8 Downstream Cable Access Module (DCAM) DCAM and DPIC Faceplate Views 7-3 DPIC Physical Connector Numbering 7-8 Upstream Cable Access Module (UCAM) UCAM and UPIC Faceplate Views 9 Issue 1.0, 4 Feb 2013 8-3 UCAM Physical Connector and Connector Group Numbering 8-10 Interconnections for Upstream RF Feeds 8-12 Relation of FEC Codewords to Data Packet 8-46 Maximum ATDMA Data Rate vs. SNR 8-47 Installation Air Flow through Chassis 9-11 Chassis Ground Terminal 9-14 One of three Fan Trays 9-15 Replaceable Air Filter 9-17 PEM Cover 9-20 PEM Circuit Breaker in the Off Position 9-21 Power Cable Connections to the E6000 CER 9-22 Terminal Tightening Requirements 9-23 Location of Polarity LEDs on PEM 9-24 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxviii PRELIMINARY E6000 CER Release 1.0 PEM Circuit Breaker in the On Position 10 12 14 15 Issue 1.0, 4 Feb 2013 9-24 Basic Bring-up Procedure Network Connectivity Diagram 10-3 E6000 CER Slot Diagram 10-6 CAM Sparing Example of Upstream and Downstream Spare-groups (front view) 12-4 Same Example of CAM Sparing PICs As Seen from the Rear of the E6000 CER 12-5 Dynamic Routing Protocols iBGP with Confederations to Reduce Full Mesh Peering 14-4 BGP Network Topology with Route Reflections and an OSPF overlay 14-5 IS-IS Level 1 and Level 2 Routing 14-19 Example of IS-IS and MT IS-IS Topologies 14-24 Flowchart Representing Decision Path for PBR or Normal Routing 14-89 Interface IP Configuration Difference between Standard IP and Q-tag Encapsulation 15-10 IEEE 802.1Q/p Tag Format 15-11 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxix PRELIMINARY E6000 CER Release 1.0 18 DOCSIS Set-top Gateway Configuration Logical Devices in a DSG System 18-2 Show Cable Modem Output Showing MDF Settings for DOCSIS 2.0 and 3.0 Modems 18-8 Block Diagram of an Advanced DSG Configuration 20 Channel Bonding Sample MAC Domain Snapshot from Config File with Attribute Mask Set for USCB 21 22 Issue 1.0, 4 Feb 2013 18-17 20-7 20-20 IPv6 Block Diagram of PDRI Feature 21-17 Scenario for Prefix Stability 21-23 IP Video IP Video Architecture 22-2 IP Video Subsystems 22-3 ASM Architecture 22-5 SSM Architecture 22-7 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxx PRELIMINARY E6000 CER Release 1.0 25 PacketCable™ Services and Voice Applications PacketCable Voice-only Network Reference Architecture 25-3 Foundations of PCMM Architecture 25-6 Network Diagram of PCMM Implementation 25-8 PCMM Support for Using Remote Subnet IPs as Subscriber IDs on the E6000 CER 26 Converged Services (Voice and Data) Example of Classification for Combined Voice, Video, and Data 27 PC 2.0 LAES Functional Layout 28-11 29-34 Additional Classifier Support Example of a Network Diagram for Additional Classifier Telephony Issue 1.0, 4 Feb 2013 28-5 Load Balancing Adding Service-Type ID to the CM Config File 37 27-2 Unified Electronic Surveillance RFC 3924 Framework 29 26-4 Security AAA Security Model 28 25-10 © 2013 ARRIS Group, Inc. — All Rights Reserved 37-3 PRELIMINARY -xxxi PRELIMINARY E6000 CER Release 1.0 39 Logging Event Management Subsystems on the E6000 CER Relationship of SNMP Tables to User-defined Elements 41 39-3 39-31 BSoD L2VPN Screenshot of a Modem Configuration File Sample BSOD Configuration Using BSOD Capable and Legacy (PPoE) Modems Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved 41-6 41-10 PRELIMINARY -xxxii PRELIMINARY E6000 CER Release 1.0 List of Procedures 5 6 Router System Module (RSM) Installing Fiber Optic SFPs Into the RSM Ports 5-7 Installing a Copper SFP 5-9 How to Install the RSM in an empty RSM slot 5-11 How to Install the RPIC in an empty RPIC slot 5-11 How to Replace an RSM in a Duplex Chassis 5-17 How to Replace an RPIC in a Duplex Chassis 5-18 How to Replace an RSM in a Simplex Chassis 5-20 How to Replace an RPIC in a Simplex Chassis 5-21 Licensing Upgrading Additional Licensed CAM Channels 7 6-8 Downstream Cable Access Module (DCAM) Assigning a DS Channel Frequency outside the Window for Its Connector 8 7-20 Upstream Cable Access Module (UCAM) Before Changing the Receive Power Level Settings of the UCAM Issue 1.0, 4 Feb 2013 8-8 How to Create/Modify, and Apply a Modulation Profile to an US Port 8-35 How to Configure an Upstream (US) Channel 8-36 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxxiii PRELIMINARY E6000 CER Release 1.0 9 11 Putting Cards and Ports into Service 8-40 How to Take a UCAM Out of Service and Delete Its Slot 8-41 Installation To Replace a Fan Tray 9-16 Air Filter Replacement 9-18 Installing the PEM 9-20 Cabling the PEM 9-20 Control Complex Redundancy Add a Control Complex (Change RSM from Simplex to Duplex) 12 14 Issue 1.0, 4 Feb 2013 11-3 CAM Sparing Create CAM Spare-groups to Match Figure 12-1. 12-5 How to Fail Back Manually 12-7 How to Delete a CAM Spare-group 12-9 Dynamic Routing Protocols Enable MT IS-IS 14-28 Disable MT IS-IS 14-28 Modify the Default Metric 14-29 How to Enable OSPF 14-40 How to Disable OSPF for an Interface 14-42 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxxiv PRELIMINARY E6000 CER Release 1.0 15 18 How to Disable OSPF on the E6000 CER 14-43 Configuring OSPFv3 with Cable-side Interfaces as Passive Interfaces 14-56 How to Enable Single Key Authentication 14-69 How to Enable Multiple Key Authentication (i.e., Key Chains) 14-70 Interface IP Configuration How to Monitor Interfaces 15-7 Example of Configuration 15-13 How to Add/Delete/View a Static IP Route to the CER 15-17 Example of Setting Up Five VRFs 15-19 DOCSIS Set-top Gateway Configuration Enabling Multicast DSID-based Forwarding (MDF) and DSG Support for DOCSIS 3.0 21 22 18-5 IPv6 Configuring Prefix Stability Using ISIS 21-24 Configuring Prefix Stability Using OSPF 21-27 Sample Distribute List for OSPFv3 PD Routes 21-33 IP Video Configure Video Encoding Attribute Mask To Create Different QoS Groups for Different Devices Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved 22-9 22-11 PRELIMINARY -xxxv PRELIMINARY E6000 CER Release 1.0 23 27 Multicast Configure Network to Cable ASM Data Forwarding 23-6 Configure Network to Cable SSM Data Forwarding 23-6 Use a standard ACL to Allow Restricted IGMP Range 23-10 Use an ACL to Deny a Specific Multicast Group 23-10 Security To Configure Local Authentication 28 29 Configure TACACS Server to Enable Password 27-10 Configure the E6000 CER to Enable Password 27-10 Sample Procedure for Configuring TACACS Accounting 27-13 Unified Electronic Surveillance Sample Configuration for Secure Access and Tap 28-7 To create or delete an LI tap on an IPv6 modem 28-9 To Configure SNMPv3 User View for PC 2.0 LAES 28-14 Load Balancing Example of Service-type Modem Steering Configuration Issue 1.0, 4 Feb 2013 27-5 © 2013 ARRIS Group, Inc. — All Rights Reserved 29-32 PRELIMINARY -xxxvi PRELIMINARY E6000 CER Release 1.0 33 34 38 39 Host Names, User IDs, and Password Recovery How to Configure Privilege Levels and Local Authentication 33-3 Creating a Global User Profile 33-4 Enabling Password Recovery Using the Bootloader Dialog 33-5 Clock Synchronization Protocol Manually Setting the Internal Clock 34-5 Configure NTP Client 34-7 Diagnostics Take Module OOS 38-3 Diagnosing Modules 38-4 Logging Basic Configuration for an SNMP v1/2 Community Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved 39-29 PRELIMINARY -xxxvii E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY -xxxviii PRELIMINARY E6000 CER Release 1.0 1 About This Manual About This Manual Purpose 1 Intended Audience 2 Prerequisite Skill and Knowledge 2 DOCSIS Overview 2 Conventions Used in this Document 3 How to Contact Us 5 Purpose To provide a comprehensive overview of the E6000 CER including reference and procedural information required to manage and control the E6000 CER. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 1-1 PRELIMINARY E6000 CER Release 1.0 About This Manual Intended Audience This document is intended for MSO technical support personnel who are responsible for integrating, operating, and maintaining the E6000 CER. Prerequisite Skill and Knowledge This document serves as an introduction to the E6000 CER for all administrators and users of cable modem termination systems. Ideally, users of this documentation and equipment should have a basic knowledge of the following: • RF measuring equipment • Provisioning servers • Command Line Interface (CLI) commands • RF cable plant and operating methods DOCSIS Overview DOCSIS services have been successfully delivered by MSOs for over a decade. During that time period, DOCSIS delivery systems have had to evolve on a fairly regular basis to accommodate the many challenges brought on by new subscriber applications and new forms of competitive technologies. These new challenges led to many evolutions of the DOCSIS specification (from DOCSIS 1.0 to 1.1 to 2.0 and now 3.0). As we move forward, it appears that the DOCSIS delivery systems will need to evolve even more rapidly as they attempt to keep pace with even more demanding requirements from DOCSIS subscribers. These changes are being driven by new bandwidth-hungry applications such as IPTV and new technology-laden competitors (such as FTTH systems being offered by telcos) which will cause unprecedented increases in both downstream and upstream bandwidth requirements for High-Speed Data services. Although alternative technologies for supporting this bandwidth have been considered by MSOs, most MSOs seem to prefer finding ways to augment their existing DOCSIS systems to support the bandwidth needs of the future. This evolutionary approach will permit MSOs to provide backwards compatibility with the already-deployed DOCSIS equipment, while gradually transitioning from their current DOCSIS systems to the DOCSIS systems of the future. In addition, the next generation of DOCSIS equipment will need to be flexible enough to support many other features, including the separation of MACs and PHYs in preparation for a potential future transition to Fiber Node-based PHYs or other types of PHYs (including PON or WiMax). Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 1-2 PRELIMINARY E6000 CER Release 1.0 About This Manual The requirements for future DOCSIS systems will dictate many changes to present DOCSIS CMTS equipment. The E6000 Converged Edge Router System (E6000 CER) is currently architected as a converged services foundation platform to support: • Supported in Release 1.0 - DOCSIS CMTS configuration I-CMTS configuration Conventions Used in this Document ARRIS emphasizes the importance of carefully following all procedures described in this guide to prevent personal injury or damage to the equipment and to insure maximum efficiency and machine life. The user should pay careful attention to Notes, Cautions and Warnings, whose usage is described as follows: NOTE: Notes are intended to highlight additional references or general information related to a procedure, product, or system. The international symbols, Caution and Warning, appear in this book to indicate actions involving risk. CAUTION Cautions indicate risk of dropping traffic, losing data, or disrupting the equipment. Read the accompanying instructions and proceed with caution. WARNING The warning symbol represents a risk of bodily injury or serious damage to the equipment. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and fiber optics and follow standard procedures for preventing accidents and serious damage. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 1-3 PRELIMINARY E6000 CER Release 1.0 About This Manual Textual Conventions The conventions used in this guide are shown in the following table: Table 1-1: Examples of Textual Conventions Type of text Issue 1.0, 4 Feb 2013 Description Example CLI commands and other user input Monospaced bold show shelfname Names of chapters and manuals Italicized text chapter 1, About This Manual Menu selections Plain-faced text From the File>Set-up menu choose… System responses and screen display Monospaced font Shelf name is ARRIS E6000 CER © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 1-4 PRELIMINARY E6000 CER Release 1.0 About This Manual How to Contact Us Product Information and Support If you have questions about the ARRIS E6000, please direct your technical support requests to ask.arrisi.com. The Technical Support Contact information is summarized in the following table. Table 1-2: E6000 CER Technical Support Contacts Phone E-mail NORTH AMERICA +1 888 221 9797 (N. America only) +1 678 473 5656 (Worldwide) techsupport.na@arrisi.com LATIN AMERICA Latin America: Brazil: Chile: Colombia: Mexico: +56 2 2678 4500 +55 11 2737 7629 +56 2 2678 4500 +57 1 381 9103 +1 800 522 7747 or +52 55 2282 8531 techsupport.cala@arrisi.com EUROPE +31 20 311 2525 techsupport.europe@arrisi.com +86 755 8634 9110 techsupport.asia@arrisi.com +81 3 5461-7320 techsupport.japan@arrisi.com +82 31 783 4893 techsupport.korea@arrisi.com +86 755 8634 9110 or 4008810685 techsupport.asia@arrisi.com ASIA JAPAN KOREA CHINA Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 1-5 E6000 CER Release 1.0 Training Information PRELIMINARY About This Manual ARRIS Training is the authorized organization for training on voice, data, and provisioning products. Web-based, instructor-led, and customized courses are available at our U.S. training center in Atlanta. On-site training is available. To obtain pricing for on-site training and other training information, visit our web site: http://www.arrisi.com/support/training/index.asp Comments on this Document Issue 1.0, 4 Feb 2013 Our goal has been to create a document that best fits your needs. We are interested in your suggestions for improving this document. Please use the Comments & Feedback Form to address any comments or questions you may have regarding this documentation. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 1-6 E6000 CER Release 1.0 2 PRELIMINARY E6000 CER Features E6000 CER Features E6000 CER Feature Descriptions by Software Release 2 This chapter introduces the features and functionality of the E6000 CER. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 2-1 PRELIMINARY E6000 CER Release 1.0 E6000 CER Features E6000 CER Feature Descriptions by Software Release The ARRIS E6000 CER Release 1.0 aggregated Feature Set is composed of the following Baseline Feature Set. Baseline Features The following summarizes the E6000 baseline feature set available in the E6000 CER Release 1.0. • Cable modem steering - • Based on Service Type TLV Rule-based (DOCSIS 2.0 and DOCSIS 3.0 modems) Steering DOCSIS 2.0 and DOCSIS 3.0 modems from TDMA and mixed TDMA/ATDMA channels to ATDMA channels DOCSIS 2.0 and DOCSIS 3.0 modems can be steered to ATDMA channels or load balanced across available TDMA, ‘mixed’ or ATDMA channels DOCSIS 1.0 / 1.1 / 2.0 / 3.0 upstream support • - Channel widths of 1.6 MHz, 3.2 MHz, 6.4 MHz - Increased CAM Rx power threshold (+ / - 8 dB) - Ingress noise cancellation - QPSK, QAM16, QAM32, QAM64 - Pre-Equalization – DOCSIS 2.0 channels - TDMA and ATDMA modulations DOCSIS 1.0 / 1.1 / 2.0 / 3.0 downstream support (256QAM only) • DOCSIS 3.0 topology and infrastructure • DOCSIS 3.0 channel bonding • - Downstream channel bonding up to 24 channels - Upstream channel bonding up to 4 channels - Partial service support IP Detail Record / Streaming Protocol (IPDR / SP) • - Compliant with DOCSIS 2.0 and 3.0 - DOCSIS 3.0 IPDR enhancements (SAMIS I and CPE records) IP routing and networking - Issue 1.0, 4 Feb 2013 BGP BSoD L2 VPN Interoperability Enhancements Cable bundles Dynamic Hostname Support for IS-IS Equal Cost Multipath (ECMP) support © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 2-2 PRELIMINARY E6000 CER Release 1.0 • ICMP IGP Snooping for IPv6 Prefix Stability IS-IS (IPv4 and IPv6) IS-IS Multi-topology (MT) Support Layer 3 802.1Q VLAN tagging 802.1Q VLAN Tags for IS-IS Packets 802.1Q VLAN Tags for IPv6 Packets Loopback interfaces NULL routes OSPF PIM-SSM Policy-based routing Primary and secondary IP addresses Proxy ARP RIP Static IGMPv3 for DSG Sub-interfaces Virtual Routing and Forwarding (VRF) o One default and up to 10 non-default VRF instances o OSPFv2 support in all VRFs o Other Routing protocol support outside of the default VRF IPv4 • - Support on all interfaces - Cable Source Verify with Lease Query - Upstream Subscriber Management Filters - Downstream Subscriber Management filters - Support for TFTP Enforce / Dynamic Shared Secret - Distribute List - PCMM Support (Fair Share Applications) IPv6 E6000 CER Features - - Issue 1.0, 4 Feb 2013 Route Injection (PDRI) for DHCPv6 Prefix Delegation Bulk Lease Query Duplicate Address Detection (DAD) Proxy Protocol Throttling OSPFv3 Upstream Subscriber Management Filters © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 2-3 PRELIMINARY E6000 CER Release 1.0 • - Downstream Subscriber Management filters - DHCPv6 relay agent - Forwarding IPv6 traffic for CM and CPE traffic - Robust GMAC Explicit support - Dual-stack CPE support - IS-IS routing protocol for IPv6 - IPv6 Support for TFTP Enforce / Dynamic Shared Secret - IPv6 Distribute List - IPv6 PCMM Support (Fair Share Applications) Data-plane standard ACLs (source IP only, ingress or egress, NSI and RF interfaces) • Load balancing E6000 CER Features - • Upstream and downstream dynamic load balancing across channels within the modem’s dynamic load-balancing group. Configurable downstream and upstream thresholds that dictate the percentage utilization at which dynamic load balancing is initiated - Aging of load balance failed list Multicast IP Video Support • - Dedicated RF Channel Assignment - Dynamic Bonding Change (DBC) Signaling - Ability to force downstream replication of multicast traffic - IGMP control for IPv4 Multicast Video - Multicast CAC for IP Video - Multicast DSID Forwarding (MDF) - Video Monitoring Fully Qualified Domain Name (FQDN) Support for IGMP Static Joins • Voice services support • - Connection Admission Control (CAC) - DSX Dynamic QoS (non-PacketCable) - Emergency call preemption - PacketCable 1.x support Additional features - Issue 1.0, 4 Feb 2013 ACLs - Community String ACLs, IGMP ACLs, Named ACLs, NSI Extended ACLs ARP abuse counts ARP throttling Banner and MOTD BPI, BPI+, BPI+ Enforce © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 2-4 PRELIMINARY E6000 CER Release 1.0 - Issue 1.0, 4 Feb 2013 E6000 CER Features Business Services over DOCSIS (BSoD) L2 VPN Cable authstring Cable helper Cable Source Verify CM deny list Console access Device classes DHCP lease query DHCP option 125 suboption 2 support DHCP Option 82.9 Support DNS client (IPv4) DOCSIS ping DOCSIS 1.0 CoS mapping DSCP / ToS set on traceroute DSG without QoS DSG 3.0 Dynamic Shared Secret / TFTP Enforce Encryption for upstream channel bonding operation Flap list Flexible upstream to downstream mapping FTP server IP filters packet capture Local command authentication PacketCable™ Multimedia (PCMM) o PacketCable 1.5 Subscriber ID ECN DQOS1.5-N-06.0339-4 o Partial PacketCable Multimedia (PCMM) I04 Support o Support for PCMM-initiated Bonded Unicast Flows Protocol throttling (RSM) Remote query with source IP RSM in-band access Service Class Names (SCN) SNMPv2 and SNMPv3 Source ping SSHv2 Syslog TACACS+ for multiple groups Telnet server © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 2-5 PRELIMINARY E6000 CER Release 1.0 - Issue 1.0, 4 Feb 2013 E6000 CER Features Token Bucket 3.0 Traps Upstream peak transmit rate support © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 2-6 PRELIMINARY E6000 CER Release 1.0 3 E6000 Converged Edge Router Specifications E6000 Converged Edge Router Specifications Network Diagram 3 E6000 CER Specifications 4 RF Electrical Specifications 6 Scalability 8 This chapter introduces the E6000 Converged Edge Router (CER) specifications. This chapter contains the following topics: Issue 1.0, 4 Feb 2013 • Descriptive and reference information • Physical design information • Power and electrical requirements © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-1 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications Figure 3-1 illustrates the front view of the E6000 CER. There are a total of fourteen slots for modules. There are three main types of front modules (sometimes referred to as “front cards”) used to equip the slots: the RSM, DCAM, and UCAM. The associated rear modules, called Physical Interface Cards (or RPIC, DPIC, and UPIC), are inserted in each slot from the rear of the chassis. The PICs provide physical connectors for terminating RF cables and out-of-band management interfaces. The system is 16RU tall, therefore two systems can be mounted in a 19-inch wide, seven-foot standard rack. E6000 0 1 2 3 4 5 6 7 8 9 10 11 12 TM 13 ESD Figure 3-1: E6000 CER (front view) Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-2 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications Network Diagram Figure 3-2 shows a simplified view of a typical cable data and video network. The E6000 operates as an integrated CMTS, providing both Downstream and Upstream RF interfaces and all the DOCSIS functions necessary for their operation. It connects to the Operator's internal network via 1G/10G Ethernet interfaces. Home Video Resource Manager Network Edge D5 UEQ Video Operations MPEG Video E6000 0 1 2 3 4 5 6 7 8 9 10 11 12 TM 13 ES D 10 Gbit Metro Ring OSSI Server DOCSIS DS DOCSIS US CPE Devices VoD/Cache Servers E6000 CER Figure 3-2: Typical Cable Network Architecture Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-3 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications E6000 CER Specifications This section is a summary of the E6000 CER physical characteristics, operating specifications, and information on compliance with regulatory standards. Physical Power • Mounting: 19- or 23-inch rack • Dimensions: Height Width Depth • Chassis Weight (fully equipped): 220 pounds (100.0 Kg) (unequipped): 116 pounds (52.7 Kg) • Operating voltage: nominal -48 VDC, range -40 to -72 VDC NOTE: • NOTE: Safety Issue 1.0, 4 Feb 2013 28" 17.6" 32.7" (16RU, 710mm) (448 mm) (831 mm) including front and rear handles Once powered up the E6000 CER will continue to operate if within this voltage range. Start-up voltage range: -42 to -72 VDC The E6000 CER will not restart unless the voltage is in this range. This offset from the operating range provides a cushion against multiple possible power cycles. • Chassis Power Consumption: 6400W Max • The -40 V guaranteed operating limit translates to a maximum current draw of 160A at 6400W. The E6000 CER is designed to meet the following safety standards: • UL60950 (1999) Third Edition • CAN/CSA-C22.2, No. 950-95 • IEC60950-1 (2001), First Edition © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-4 PRELIMINARY E6000 CER Release 1.0 Electromagnetic Compatibility Environmental E6000 Converged Edge Router Specifications The E6000 CER meets the following: • GR-1089-CORE, Issue 3 (FCC - Part 15, Class A) • EN 300 386 v1.3.1 (CISPR 22, Class A) The E6000 CER meets the following environmental standards: Mechanical — • NEBS GR-63-CORE • ETS 300 019 - In-use (Class3.1E) Storage (Class 1.2) Transportation (Class 2.3) Thermal — • NEBS GR-63-CORE, ETS 300 019 - Operating temperature Short term1: -5 to +55ºC Long term: 0 to +40ºC Non-operating temperature: -40 to +70ºC Operating humidity Short term: 5 to 90%, non-condensing Long term: 5 to 85% Non-operating humidity: 5 to 95%, non-condensing Other — • NEBS Level 3 Criteria (SR-3580) • Acoustic Noise Criteria: • - NEBS (GR-63-CORE) - ETSI (ETS 300 753) Altitude Criteria (NEBS GR-63-CORE) • Illumination Criteria (NEBS GR-63-CORE) 1. Short term refers to a period of not more than 96 consecutive hours and a total of not more than 15 days in one year. (This equals a total of 260 hours in a given year, but no more than 15 occurrences in that one-year period. (Telcordia, GR-63-CORE, Section 4.1.2, Issue 2, April 2002.) Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-5 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications WARNING This product may contain chemical(s) known to the State of California to cause cancer, birth defects, or other reproductive harm. WEEE (Waste Electrical and Electronic Equipment) When a product is marked with the symbol shown to the right, then disposal of this product in participating European Community member states is governed by Directive 2002/96/EC of the European Parliament and of the Council on waste electrical and electronic equipment (WEEE). Because the E6000 CER or its components could potentially prove harmful to the environment, the WEEE Directive requires that this product must not be disposed of as unsorted municipal waste, but rather collected separately and handled in accordance with local WEEE ordinances. WEEE Symbol RF Electrical Specifications The following table lists the downstream RF electrical specifications. Table 3-1: Downstream RF Electrical Specifications DCAM Specification Center frequency range supported: 54 - 1002 MHza Frequency step size: 125 kHzb Modulation error ratio (MER) Issue 1.0, 4 Feb 2013 Unequalized MER: 42dB min Equalized MER: 50dB min Modulation types 256QAM Downstream channel width: North America (Annex B) Europe (Annex A) Europe (using Annex B) 6 MHz 8 MHz 6 MHz with 6 or 8 MHz channel spacing Annex B symbol rates in Msym/sec 256QAM: © 2013 ARRIS Group, Inc. — All Rights Reserved 5.360537 PRELIMINARY 3-6 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications DCAM Specification Annex A symbol rate in Msym/sec 256QAM: Raw Bit Rate Annex B: 256QAM 42.884 Mbps Annex A: 55.616 Mbps 256QAM 6.952 Overall: 35-60 dBmV RF output level is DOCSIS compliant and dependent on RF output level channel count. c Return loss > 14 dB in-band Output impedance 75Ω a. NOTE: The DCAM hardware supports DS center frequencies up to 1002MHz. b. For the DCAM, see Frequency Grid and Agility on page 9-6. c. The DCAM supports 1-16 channels per connector. The following table lists the upstream RF electrical specifications. Table 3-2: Upstream RF Electrical Specifications Specification UCAMs Frequency Range 5 - 65 MHz RF channel frequency resolution <1 kHz Modulation types Type 4 TLV: QPSK, 16QAM Type 5 TLV: QPSK, 16QAM, 32QAM, and 64QAM Raw bit rate (Max.) 30.72 Mbps RF Input Level (dBmV) -16 to 29 Forward error correction Reed-Solomon (T = 1-16) The following is a list of receiver input levels for upstream channels: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-7 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications Table 3-3: Receiver Input Levels for Upstream Channels NOTE: Network Interfaces Input Power Range (dBmV) Channel Width (kHz) Symbol Rate (ksym/sec) 1600 1280 -13 to +23 3200 2560 -10 to +26 6400 5120 -7 to +29 UCAM The CLI commands allow the range numbers up to a maximum of 29 but is not recommended that upstream ranges go beyond +23 dBmV. The E6000 CER supports the following network interfaces: • Eight (8) SFP/SFP+ pluggable modules compatible 1G/10G interfaces per RSM • 10/100/1000 Ethernet RJ45 interface • RJ45 serial console management interface on RPIC NOTE: To order ARRIS supported SFP/SFP+ interface modules, contact your ARRIS Sales Team Representative. Scalability ARRIS offers a number of combinations of downstream to upstream channel ratios to improve scalability. With the ability to accommodate many configurations, the E6000 CER can grow to meet evolving subscriber traffic considerations along with reducing intershelf cabling. This leads to lower cost for installation, operations, and maintenance. A fully equipped E6000 CER chassis offering basic service will provide reasonable performance up to the following suggested subscriber limits: • 87,000 ARP cache entries • 30,000 subscribers per chassis - Issue 1.0, 4 Feb 2013 10,000 subscribers per UCAM 1,000 subscribers per UCAM Upstream Service Group (US-SG) 8,000 subscribers per DCAM 1,000 subscribers per DCAM Downstream Service Group (DS-SG) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-8 PRELIMINARY E6000 CER Release 1.0 - E6000 Converged Edge Router Specifications 25,440 service flows per UCAM 20,352 service flows per DCAM 84,800 Upstream service flows per chassis 81,408 Downstream service flows per chassis (six DCAM configuration) 94,976 Downstream service flows per chassis (seven DCAM configuration) 38,160 Upstream classifiers per UCAM 30,528 Downstream classifiers per DCAM 1024 simultaneous PacketCable CALEA taps 1024 simultaneous Legal Intercept (LI) taps 1024 simultaneous Legally Authorized Electronic Surveillance (LAES) taps (4096 IP tap stream entries total for LAES) The number of IPv4 and IPv6 supported routes by the E6000 CER are: Table 3-4: IPv4 and IPv6 Supported Routes Total IPv4 32,000 IPV6[1] 20,000[2] PDRI Dynamic Static 8,000 10,000[3] 2,000 1. The IPv6 routes are in addition to the IPv4 total. 2. The total of IPv6 routes allowed is the sum total of the PDRI, Dynamic, and Static routes. 3. The total number of IPv6 dynamic routes is a combination of OSPFv3 and IS-IS IPv6 routes. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-9 PRELIMINARY E6000 CER Release 1.0 E6000 Converged Edge Router Specifications Application-related Specifications Table 3-5: DOCSIS-related Specifications Compliance Standard Notes DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I12-100115 Data-Over-Cable Service Interface Specification (DOCSIS) DOCSIS 3.0 Physical Layer Specification CM-SP-PHYv3.0-I08-090121 DOCSIS 3.0 MAC and Upper Layer Protocols Specification CM-SP-MULPIv3.0-I12-100115 DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I12-100611 Downstream RF Interface Specification CM-SP-DRFI-I11-110210 PacketCable™ Dynamic Quality-of-Service Specification, PKT-SP-DQOS-I07-030815, also I08, I09, I10, and I11 PacketCable™ Event Messages Specification, PKT-SP-EM-I08-040113, also I08, I09, I10, and I11; as well as EM-N-04.0198-2 PacketCable PacketCable™ Security Specification, PKT-SP-SEC-I09-030728, also I10, and I11 PacketCable™ Electronic Surveillance Specification, PKT-SP-ESP-I01-991229, also I03 and I04 PacketCable™ Electronic Surveillance Intra-Network Specification, PKT-SP-ES-INF-I04-080425 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-10 PRELIMINARY E6000 CER Release 1.0 Standard ETSI E6000 Converged Edge Router Specifications Notes ETSI TS 102 836-1 V1.1.1 (2009-11), “Access, Terminals, Transmission and Multiplexing (ATTM), Lawful Interception (LI): Part 1: Interception of IP Telephony Service on Cable Operator's Broadband IP Network: Internal Network Interfaces”, ETSI, Nov. 2009 ETSI TS 102 836-2 V1.1.1 (2009-11), “Access, Terminals, Transmission and Multiplexing (ATTM), Lawful Interception (LI): Part 2: Interception of IP Data Service on Cable Operator's Broadband IP Network: Internal Network Interfaces”, ETSI, Nov. 2009 The E6000 CER complies with the following subset of PacketCable Multimedia Specification, PKT-SP-MM-I03-051221: PacketCable Multimedia • • • • • The E6000 CER complies with the following subset of PacketCable Multimedia Specification, PKT-SP-MM-I04-080522: • • • • • • DOCSIS Set-top Gateway (DSG) Issue 1.0, 4 Feb 2013 PCMM Gate Control State Synchronization Versioning All traffic profile formats DOCSIS Parameters Addition of Max Concatenated Burst to the BE, nrtPS and rtPS traffic profiles Handling of DOCSIS 3.0 Peak Rate TLV DOCSIS 3.0 additions - Sequence Number, Segment Number, Attribute Mask PacketCable Multimedia Support for IPv6 Update of Major/Minor version for I04 Usage of SubscriberID DOCSIS Set-top Gateway (DSG) Interface Specification, version I19, CM-SP-DSG-I19-111117 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 3-11 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved E6000 Converged Edge Router Specifications PRELIMINARY 3-12 PRELIMINARY E6000 CER Release 1.0 4 Issue 1.0, 4 Feb 2013 Hardware Overview Hardware Overview Chassis 3 Main Hardware Components 7 Fan Tray 8 Air Filter 10 Power Entry Module (PEM) 12 Chassis Control Module (CCM) 14 Upstream Cable Access Module (UCAM) 16 Downstream Cable Access Module (DCAM) 17 Router System Module (RSM) 18 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-1 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Overview This chapter provides a brief description of the main hardware components in the E6000 CER. NOTE: Issue 1.0, 4 Feb 2013 Do not make any mechanical or electrical modifications to the E6000 CER equipment. If modified, the E6000 CER may no longer comply with regulator standards. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-2 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Chassis The E6000 chassis is a new ARRIS product. Its design is based on the architecture of the C4 CMTS. It is a 16 RU tall unit and will fit in a standard 19" rack. It consumes a depth of 32.7" with the optional cable protection system. Its design meaning has the majority of I/O located on the rear of the chassis via Physical Interface Cards (PIC) and the bulk of the processing is located on the front modules. This allows for replacement of the front modules without the need to disturb RF cabling. Also the PIC designs are robust circuits intended to have very low Failures In Time (FIT) rates such that the probability of failure is extremely low. Router System Module Router System Module RSM 6 RSM 7 Client Cards 0-5 Client Cards 8-13 Chassis Control Module CCM 0 0 1 2 3 4 5 6 7 8 9 Chassis Control Module CCM 1 Air Filter Fan Tray 0 Fan Tray 1 Fan Tray 2 Figure 4-1: Basic Front View of the E6000 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-3 E6000 CER Release 1.0 Slot Numbering PRELIMINARY Hardware Overview The chassis has 14 primary slots for front module/PIC combinations that are labeled from 0 to 13. Two of these slots are dedicated to Router System modules. These are known as “Control Complex” slots and are located in slots 6 and 7 in the chassis. The remaining primary slots are referred to as “client slots”. The E6000 slot labels use a numbering scheme that labels its front physical card slots starting at 0 (for the left-most card as seen from the front) and ending at 13 (for the right-most cards as seen from the front). The chassis slot numbers affixed onto the chassis are used to identify the card slot to which a CLI command or MIB value is associated. In the E6000 14-slot chassis, physical slots 6 and 7 are always RSM slots and the other physical slots (0-5 and 8-13) are used for client cards. There is a star topology from each control complex slot to each client slot. This provides fully redundant Control-to-Client connectivity for control, data, and timing.. LEDs All faceplates have multi color-capable, purposed LEDs. The legal LED colors are yellow, red, green and will follow the color coding scheme: Flashing red — is used only to denote emergency conditions which require operator action to be taken to avert equipment damage. (The only condition in the E6000 CER that would cause damage would be excessive temperatures.) Red — is used to alert an operator that the system or any portion of the system is inoperable. Yellow — is used to advise the operator that a condition exists which is marginal or to indicate unexpected delay. Green — is used to indicate that the monitored equipment is in tolerance or a condition is satisfactory and that it is all right to proceed. Cooling Requirements The E6000 CER should be installed in a location with adequate ventilation. It is designed for long-term operation at ambient air temperatures ranging from 5-40°C and an area that is between 5 to 90 percent relative humidity, non-condensing. To determine cooling requirements, assume 6400W for worst-case power dissipation. These values assume the worst-case cooling requirements when the system is fully populated. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-4 PRELIMINARY E6000 CER Release 1.0 Hardware Overview The E6000 CER draws cooling air in through the front at the bottom of the unit and expels it out the back at the top of the unit as shown in Figure 4-2. Exhaust Intake Figure 4-2: Air Flow through Chassis Clear airflow must be maintained in these areas to ensure adequate ventilation. ARRIS recommends that the unit only be installed in free air racks, not enclosures. If the E6000 CER is installed in a closed or multi-unit rack assembly, the inlet air temperature could exceed the room ambient air temperature and/or the air flow may be reduced. In these cases, the E6000 CER requires a colder room temperature be maintained to compensate for this type of installation. CAUTION As with all electrical equipment, operation at excessive temperature accelerates the deterioration of components and adversely effects performance. Preventing excessive heat buildup in the rack is recommended. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-5 PRELIMINARY E6000 CER Release 1.0 Temperature Monitoring Hardware Overview The E6000 CER monitors module temperatures and adjusts the fan speed accordingly. If the temperature of a front module rises above its operating range, a TempOutOfRangeNotification SNMP trap is generated for that module. If the temperature continues to rise to the module’s thermal limit, the card is powered down and a card TempOverHeatNotification SNMP trap is generated. The E6000 uses a “heat index” valued from 1 to 10. Value of 1 is very cool, 7 is warning level and 10 is the shut off level. The system should normally operate between levels 1 and 5. The “heat index” is accessible via both the CLI and SNMP. The show environment CLI command will display the current temperature of modules in equipped slots. The card Temperature object in the cardTable table in the cadEquipmentMib MIB module contains the current temperature of the associated slot. As shown in Figure 4-2, the Fan Trays circulate the air that cools the chassis. Air is drawn in through the intake vent at the bottom of the chassis and then moves across the internal components, cooling them as it passes. The warm air is exhausted through the vent at the top rear of the chassis. NOTES: 1. To ensure the proper air flow, blank filler panels must be installed in unoccupied front and rear chassis slots. It is also important to change the Air Filter at least every three months, and more often if the air at the site is dusty. 2. Fan filters cannot be cleaned and re-used. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-6 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Main Hardware Components The E6000 CER base system contains the following components: Chassis Configuration Issue 1.0, 4 Feb 2013 • E6000 CER chassis • Three Fan Trays (each Fan Tray contains three fans) • Front and rear Air Filters • Two Power Entry Modules (PEMs) • Two Chassis Control Modules (CCMs) • Upstream Cable Access Modules (UCAMs) and associated Physical Interface Cards (UPICs) • Downstream Cable Access Modules (DCAMs) and associated Physical Interface Cards (DPICs) • Router System Module (RSM) There are various ways to equip a chassis. CAM configurations are dependent on the configuration of the cable plant of the subscriber network. The module faceplate in each slot includes a label stating the module type and multiple LEDs to indicate the module’s status. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-7 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Fan Tray The chassis contains three interchangeable Fan trays (also called modules). Each Fan Tray contains three fans with a numbering scheme (from the front view, left to right) of 0, 1 and 2. The fans pull air from the bottom front of the chassis, force it upward across the system modules, and expel the air out of vents in the top rear portion of the chassis. The Fan Trays are plugged in at the lower front of the chassis and all three must be installed during normal operation. Like all E6000 CER modules, the Fan Trays are hot swappable. When a Fan Tray is removed, a spring-loaded door drops and closes the open space left by the removed device, reducing both electrical and air leakage from the chassis. The system receives enough cooling from the remaining two Fan Tray in the chassis to run the chassis indefinitely at an ambient temperature of 25°C. Figure 4-3: Fan Tray Each Fan Tray has one red [1] and one green [2] LED; these LEDs are only visible from the front of the chassis. A faulted Fan Tray is easily identified by these LEDs on the Fan Tray. NOTE: Issue 1.0, 4 Feb 2013 Fan Trays are not field serviceable items and must be returned to the factory for repair in order to ensure cooling system integrity. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-8 PRELIMINARY E6000 CER Release 1.0 Hardware Overview The Fan Tray LEDs are always in a steady state; blinking is not a valid state for Fan Tray LEDs. Table 4-1: Fan Tray LEDs Green LED (OK) Proper Airflow Red LED (Alarm) State Indication OFF OFF No CCM No system power or CCMs are not present. Fan Tray control and LED power comes from the CCMs. If neither CCM is present, these LEDs will be off. OFF ON Alarm An anomalous condition is detected in this Fan Tray. ON OFF Normal No anomalous conditions are detected in this Fan Tray. ON ON No Comm The default value when CCMs are present but status has not yet been determined. Install the system in an open rack whenever possible. If installation in an enclosed rack is unavoidable, ensure that the rack has adequate ventilation. Maintain ambient airflow to ensure normal operation. If the airflow is blocked or restricted, or if the intake air is too warm, an over temperature condition can occur. Ensure that cables and other items do not obstruct the airflow at the intake or exhaust vents of the chassis. NOTE: Issue 1.0, 4 Feb 2013 Use filler panels to fill all empty chassis slots. The filler panel prevents fan air from escaping out of the front of an open slot. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-9 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Air Filter The chassis provides both a front and a rear replaceable air filter. These air filters will filter both the air for the front modules and the air for the PICs. The air filter meets the requirements of the Telcordia Technolgies Generic Requirements (GR-78-CORE specification). 1 2 3 4 Figure 4-4: Front Air Filter Replaceable Front Air Filter Where: Issue 1.0, 4 Feb 2013 1 = Filter element 2 = Handles 3 = Filter tray 4 = Spring mounted ball lock © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-10 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Figure 4-5: Rear Air Filter Replaceable Rear Air Filter Where: Issue 1.0, 4 Feb 2013 1 = Filter element 2 = Handles 3 = Filter tray 4 = Spring mounted ball lock © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-11 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Power Entry Module (PEM) WARNING Hazardous Voltage! Before working, ensure that the power is removed from the power connection cables. When the system is powered on, DO NOT touch the power terminals. CAUTION This shelf has two redundant Power Entry Modules (PEMs). Even if only one PEM is not connected to power or the redundant PEM is out of service (OOS), ALL voltages inside the shelf may still be present! CAUTION The E6000 CER power terminals are 8 millimeters in diameter. For connection to the E6000 CER, cables must be terminated in suitable single-hole, 10mm or 3/8 inch, straight lugs. A suitable lug includes the Thomas & Betts 54148 for 2 AWG, conductors. The power cable must be adequately sized for the current load. ARRIS supplied cables are guaranteed to support the maximum system power consumption at the minimum operating voltage. Two pluggable redundant Power Entry Modules (PEMs) are located at the rear bottom side of the chassis. Each PEM can support 100% of the power needs of the chassis and provides power terminals for two 80 A power feeds. Each power feed to the PEM consists of a -48 VDC conductor and its corresponding return conductor. Overcurrent protection is provided by 85 A circuit breakers in the -48 VDC input lines. Only one PEM is required to operate the chassis. Each PEM has four power lugs, two for the RTN conductors, and two for -48V conductors. All four must be connected in order to ensure proper system operation. Each feed is rated at 80 Amps. Chassis power is segmented into nine redundant branch circuits labeled “A” through “I”. Each branch circuit has feeds from each of the PEMs, powers a small portion of the chassis and is fused. The fuses are not replaceable in the field. The PEM must be returned to ARRIS for servicing if a fuse is blown. Like all E6000 CER modules, the PEMs are hot swappable. NOTE: Issue 1.0, 4 Feb 2013 The shelf can be powered using a regular telecommunication power supply of -48/-60 VDC. The specific voltage range is from -40.5 VDC to -72°VDC. The shelf supports redundant power supplies and the two supplies should be independently powered. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-12 E6000 CER Release 1.0 PRELIMINARY Hardware Overview Power distribution within the PEM is divided into 9 power branches. This topology is used for safety reasons to minimize the current per branch. The power filtering consists of filtered power terminals and discrete line-filter for each branch. To detect a missing or low supply voltage as well as a blown fuse, the input voltages at the power terminals and after the fuses are monitored. A red (ALARM) and a green (OK) LED provide status indication. Each PEM contains a pair of On/Off circuit breakers on its rear panel, one for each input -48V feed. Each PEM rear panel also contains status LEDs for each feed and whether or not the -48V supply cables are wired with correct polarity. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-13 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Chassis Control Module (CCM) The E6000 CER has two redundant Chassis Control Modules (CCM). These two dedicated CCM slots are located in the front of the chassis to the right of slot 13. When fully populated, the CCMs run “active/standby” and support 1+1 sparing. Only one functioning CCM is required for the chassis to operate. The CCM, like all E6000 components, are hot swappable. The “active” CCM is controlled by the “active RSM” and can be thought of as an extension of the RSM itself. However, the RSMs and the CCMs are not in the same fault group. This means that a CCM can remain “active” even though there has been a change in the “active” RSM. The CCM is a non-intelligent module (no CPU) and is an extension of the RSMs to control the chassis LEDs and other chassis related functions such as controlling fans, monitoring the Power Entry Modules (PEMs). 13 E6000 TM ESD 0 1 2 3 4 5 6 7 8 9 10 11 12 13 ESD F A N T RA Y 0 F A N T RA Y 1 F A N T RA Y 2 CCM0 CCM1 Figure 4-6: Chassis Control Modules Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-14 PRELIMINARY E6000 CER Release 1.0 CCM LEDs Hardware Overview CCM LEDs are always steady state; blinking is not a valid operational state for CCM LEDs. Each CCM has three LEDs: Power, Status, and Active. Table 4-2: Valid CCM LED States Issue 1.0, 4 Feb 2013 Power LED (HW) Status LED (SW) Active LED (SW) State Indication Off Off Off No Power No power to CCM, abnormal condition, should never happen Green Red Off OOS CCM has power but is OOS due to reset (e.g., has not be initialized by SW) Green Green off Normal Standby This CCM is powered and initialized as the STANDBY CCM Green Green Green Normal Active This CCM is powered and initialized as the ACTIVE CCM © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-15 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Upstream Cable Access Module (UCAM) The UCAM supports 96 upstream DOCSIS channels across 24 RF ports. The 96 channels come in eight groups of 12 channels. Each group of 12 channels share three connectors located on the UPIC. The UCAM hardware supports 5 to 65 MHz operation and all DOCSIS 2.0 modulation schemes including TDMA and ATDMA operation. UCAM PIC (UPIC) Each UPIC has 24 RF ports. These are implemented as “ATX” style 75 Ohm MCX connectors. The ports are grouped into eights groups of three connectors which align to the eight groups of 12 channels from the UCAM. Any channel of the 12 can be assigned to one of the three connectors. Spare UPIC To enable RF sparing, a spare UPIC is placed in the client slot which will be designated as the spare slot for a UCAM spare group. The spare UPIC has no RF ports or RF test ports. The spare UCAM is the same physical hardware as a non-spare UCAM. NOTE: Issue 1.0, 4 Feb 2013 Refer to Chapter 9 for complete information. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-16 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Downstream Cable Access Module (DCAM) The DCAM is the heart of the system. A DCAM can be located in any of the 12 client slots and supports eight OmniQAM RF line-ups. The DCAM has on board MAC processing for 128 downstream channels (currently) which can be either DOCSIS or MPEG QAM channels. The first release of the E6000 CER will support 16 DOCSIS channels per RF line up. DCAM PIC (DPIC) Each DPIC has eight F-connector RF ports and eight RF test ports. Each pair of RF port and RF test ports is labeled “D0” through “D7”. A violet field joins the related RF port and RF test port. Spare DPIC To enable RF sparing, a spare DPIC is placed in the client slot which will be designated as the spare slot for a DCAM spare group. The Spare DPIC has no RF ports or RF test ports. The Spare DCAM is the same physical hardware as a non-spare DCAM. NOTE: Issue 1.0, 4 Feb 2013 Refer to Chapter 8 for complete information. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-17 PRELIMINARY E6000 CER Release 1.0 Hardware Overview Router System Module (RSM) The RSM contains the control system, the switch fabric, the routing engine, and the Network Side Interfaces (NSI) for the system. The RSM can be placed in either of the control slots in the chassis (6 or 7). It supports a high speed data link of 10 Gbps per client slot and supports 89 Gbps of NSI connectivity (8 x 10 GigEthernet SFP+). One RSM has enough connectivity to supply a fully loaded chassis with bandwidth and network connectivity. The chassis can and typically will be configured with two RSMs running “Active/Active” for forwarding and “Active/Standby” for control. What this means is that the NSI on both RSMs are active and both RSMs can provide connectivity to the client slots when both RSMs are in the “InService” state. “In-Service” is the fully operational state for a system component in the E6000 chassis. However for control functions – such as DHCP relay, Telnet Server, SNMP server, FTP server, routing protocols, etc. – one RSM is designated as “Active,” and the other RSM is designated as “Standby.” The processing of control functions is performed by the “Active” RSM. The Standby RSM maintains state information such as ARP entries, route entries, CM database entries, etc., such that if the “Active RSM fails, it can immediately take over and become the “Active RSM. The E6000 CER architecture has no preference for which RSM is “Active.” It will maintain the current “Active” RAM as “Active” until a failure occurs. Note the operator can induce an RSM reset to cause the RSM of its choice to become “Active.” RSM PIC (RPIC) The RPIC is located in the rear of the chassis in the control slots. Each RSM must have an RPIC populated in order to go into the “InService” state. The RSM PIC contains the out-of-band management Ethernet and Console Interfaces, as well as the RJ-45 DTI timing interfaces. The RPIC also contains circuitry to communicate to the Chassis Control Modules, the control link to each of the slots, and distributes the timing to the chassis. Timing for the chassis is originated by the RPIC located behind the “Active” RSM. The RSM and the RPI act as a fault group. This means that the RPIC is always in the same sate of “Active” or “Standby” as the RSM behind which it is located. NOTE: Issue 1.0, 4 Feb 2013 Refer to Chapter 7 for complete information. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 4-18 PRELIMINARY E6000 CER Release 1.0 5 Router System Module (RSM) Router System Module (RSM) RSM Overview Issue 1.0, 4 Feb 2013 2 RSM Peripheral Interface Card (RPIC) Overview 10 RSM and RPIC Installation 11 RSM and RPIC Replacement 17 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-1 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) RSM Overview The RSM is the maintenance center of the E6000 CER. It controls all the other cards and chassis modules. It contains the control complex, the switch fabric, the routing engine, and the Network Side Interfaces (NSI) for the system. The RSM can only be installed in slots 6 or 7 of the chassis. One RSM has enough connectivity to supply a fully loaded E6000 CER chassis with bandwidth and network connectivity, although two will provide for protection redundancy. ADMIN 0 ADMIN 1 DTI 0 DTI 1 RS-232 Figure 5-1: Router System Module and Physical Interface Card Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-2 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Major Functions The RSM major functions are: • System Controller • - The RSM is the maintenance center of the system - Stores the software image and configuration - Images are stored in on-board non-volatile memory - Dual RSMs operate in active/standby mode for System Controller functions. Network Interfaces for data traffic • - 10 GbE SFP+ optical modules - 1GbE copper SFPs - 1GbE optical SFPs Router • - Processes packets for IPv4 and IPv6 routing in active/active mode - Operates in active/standby mode for routing protocol control functions (e.g. OSPF and RIP) Data Fabric - Interconnects to the card slots, the network interface ports, and one RSM to the other. 10Gb/s capacity to each line card slot from each RSM. The chassis typically will be configured with two RSMs running Active/Active for forwarding (data plane) and Active/Standby for control (control plane). In this configuration, the NSI on both RSMs are active and both RSMs provide connectivity to the client slots when both RSMs are in the In-Service state. For control functions – such as DHCP relay, Telnet Server, SNMP server, FTP server, Routing Protocols, etc, one RSM is designated as Active and the other RSM is designated as Standby. The processing of control functions is performed by the Active RSM. The standby RSM will maintain state information such as ARP entries, route entries, CM data base entries, etc, such that if the Active RSM fails, it can immediately take over and become the Active RSM. The E6000 has no preference for which RSM is Active. It will maintain the current Active RSM as Active until a failure or manually directed failover occurs. NOTE: Issue 1.0, 4 Feb 2013 The Active side can be selected by the operator. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-3 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) LED Status LED Test Button The RSM and RPIC provide an LED Test button in order to verify the functionality of all LEDs visible on the front (except the CCM LEDs) and the rear of the chassis. Testing the LED functionality on a chassis should be performed upon initialization, and then on a regularly scheduled basis in order to ensure that all LEDs are functional. The LED test function will not affect the CCM LEDs. NOTES: The RSM LED Test Button is recessed. You will need something small and thin, such as a straightened paper clip, to press it. When running the test on the RSM LEDs, all LEDs (Active, Status, and Power) will be amber. If hardware does not fully power up, the LEDs will show the following status: Active Status Power Off Red Off In this case, contact your ARRIS Technical Support team. The LED encoding definitions for the RSM are listed in Table 5-1 below: Table 5-1: LED Status Descriptions—Router System Module & RPIC LEDs Issue 1.0, 4 Feb 2013 Active Status Power Module Status Off Off Off Off Green Green Powered, in-service, but standby Off Red Green Powered but out of service and not active Off Red Off Blinking Red Green Board is over temperature. Note: this is a condition that could damage the module. Off Slow Blinking Green Green Powered, pumping any load diagnostics, running tests (not passing traffic), or system-level fault detected. On Fast Blinking Green Green Powered, initializing, or running tests (not passing traffic) or system-level fault detected. On Green Green Powered, functional, and in service (normal operational state) Slot not powered Blinking Green Powered down, out of service and not active. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-4 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) LEDs Active Status Power Module Status RSM NSI Port (Ethernet) Link On (green) Layer 2 connectivity established Activity On (amber) Active traffic being passed RPIC Admin0 Port ( also called Mgmt Port) Link On (green) Layer 2 connectivity established Activity On (amber) Active traffic being passed NOTE: When a 1G SFP, either Copper or Optical, is used with an RSM NSI port, the Activity LED remains off and does NOT blink. SFP Interfaces The RSM supported module types are SFP+ (10GbE) and SFP (GbE). The transceivers are hot-swappable and either type can go in any of the eight SFP sockets on the front of the RSM module. Receive optical bore Latch Transmit optical bore Locked Open Latch Optical bore dust plug Optical SFP+ and SFP RJ-45 connector Copper SFP Figure 5-2: Examples of the Optical SFPs and Copper SFP Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-5 PRELIMINARY E6000 CER Release 1.0 NOTES: Router System Module (RSM) The E6000 CER does not come with SFP modules; they must be ordered separately. Contact your ARRIS Sales or Technical Representative for more information on approved modules. Table 5-2 shows the IEEE specified maximum length limits for the various modules and fiber types. Table 5-2: Overview of IEEE SFP Types and Specifications Connection Type Wavelength Fiber Type Max. Distance 850nm 62.5/125 multi-mode, 160MHz 62.5/125 multi-mode, 200MHz 50/125 multi-mode, 400MHz 50/125 multi-mode, 500MHz 220m 275m 500m 550m 1000Base-LX10 1310nm 62.5/125 multi-mode, 500MHz 50/125 multi-mode, 400MHz 50/125 multi-mode, 500MHz 9/125 single mode 550m 550m 550m 5km 1000Base-LX 1310nm 9/125 single mode 10km 1000Base-ZX (not IEEE spec) 1550nm 9/125 single mode 70km 10GBase-SR 850nm 62.5/125 multi-mode, 160MHz 62.5/125 multi-mode, 200MHz 50/125 multi-mode, 400MHz 50/125 multi-mode, 500MHz 50/125 multi-mode, 2000MHz 26m 33m 66m 82m 300m 10GBase-LR 1310nm 9/125 single mode 10km 10GBase-ER 1550nm 9/125 single mode 40km 10GBase-ZR (not IEEE spec) 1550nm 9/125 single mode 80km Cat5 Ethernet (or better) 100m 1GbE Optical Fiber Modules 1000Base-SX 10GbE Optical Fiber Modules 1000BT Copper Electrical Modules 1000Base-T Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-6 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Install the SFPs after the RSM is installed. Installation procedures for all SFPs are the same. The standard fiber connector for the SFP is the LC connector style. NOTE: To control EMI emissions, empty SFP sockets must have the EMI shielding SFP plug installed if not in use. These plugs are included with every RSM shipment. Procedure 5-1: Installing Fiber Optic SFPs Into the RSM Ports 1 Ground yourself properly with an electrostatic discharge (ESD) strap. CAUTION Do not remove the plugs from the fiber-optic module port or the rubber caps from the fiber-optic cable until you are ready to connect the cable. WARNING Do not look directly into fiber optic cables or ports. The laser radiation used in these facilities is not visible and may cause permanent damage to the eye. Issue 1.0, 4 Feb 2013 2 Open the latch on the module. 3 Grip the sides of the SFP with your thumb and forefinger and insert it into the selected RSM port and push firmly until it seats. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-7 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Figure 5-3: Installing the SFPs CAUTION Do not install or remove fiber-optic modules with the cables attached. It will damage the housing. Disconnect all cables before removing or installing an XFP or SFP module. 4 Lock the SFP into place by moving the latch to the right into the locked position. The latch is properly closed when access to the connector is not obstructed. 5 Remove the protective caps from the connectors on the fiber-optic cable and save them for future use. 6 Plug the appropriate fiber-optic cable into the connector on the SFP until it clicks in place. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-8 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Procedure 5-2: Installing a Copper SFP To install the Copper SFP option perform the following steps: 1 Ground yourself properly with an electrostatic discharge (ESD) strap. 2 Open the latch on the module. 3 Grip the sides of the SFP with your thumb and forefinger and insert the copper SFP into the selected RSM port and push firmly into the port until it seats. 4 Lock the SFP into place by closing the latch in the up or locked position. The latch is properly closed when access to the connector is not obstructed. 5 Insert the copper Ethernet connector until it clicks in place. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-9 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) RSM Peripheral Interface Card (RPIC) Overview The RPIC is located in the rear of the chassis behind the RSMs. Each RSM must have an RPIC populated in order to go into the InService state. The RPIC contains the out-of-band management Ethernet and Console Interfaces, as well as the DTI timing interfaces. Timing for the chassis is originated by the RPIC located behind the Active RSM. This means that the RPIC is always in the same state of Active or Standby as the RSM behind which it is located. Major Functions The RPIC major functions are: • Connectivity for RSM console ethernet and serial ports • - Admin 0 port: 10/100/1000 RJ-45 Ethernet cable interface. - Admin 1 port: reserved for future use. - RS-232 port: serial console port (to be used for initial administration). Clock generation, distribution and sparing • - Dual DTI ports (RJ-45 connectors) for operating in a synchronous environment - Redundant timing circuit operation for glitchless timing master failover - Clock master always follows the active RSM - Point-to-point distribution of clock reference signal to all 12 client slots. CAM sparing relay control - Issue 1.0, 4 Feb 2013 RF Sparing control signals to each client card slot © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-10 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) RSM and RPIC Installation Procedure 5-3: How to Install the RSM in an empty RSM slot 1 Wearing an antistatic wrist strap, connect the strap to one of the ESD points on the chassis. 2 Remove the filler panel if present. 3 With one hand on the faceplate and the other supporting the board underneath the bottom edge, align the module between the guides in slot 6 or 7. It is best to align and slightly start the bottom of the board into its guide first and then align and start the top of the board. 4 With the ejector levers fully open, slide the module all the way into the slot. Press firmly with equal pressure top and bottom to seat the module into the midplane. 5 Flip the ejector levers toward each other to close and lock the module in the slot. The ejector levers will engage the seating rails and levers will click when locked into the closed position. When locked into the closed position, finger tighten the thumbscrews. 6 For a duplex configuration, insert a second RSM in the empty slot 6 or 7. — End of Procedure — Procedure 5-4: How to Install the RPIC in an empty RPIC slot 1 Remove the filler panel if present 2 Grasp the front of the module with both hands and align the PIC between the guides in the corresponding slot in the rear of the chassis. It is best to align and slightly start the top of the board into its guide first and then align and start the bottom of the board. 3 With the ejector levers fully open, slide the module all the way into the slot. Press firmly with equal pressure top and bottom to seat the module into the midplane. 4 Flip the ejector levers toward each other to close and lock the module in the slot. The ejector levers will engage the seating rails and levers will click when locked into the closed position. When locked into the closed position, finger tighten the thumbscrews. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-11 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Connecting the Operator Console This section gives a detailed description of the cabling for the operator console. The operator console is necessary to initially configure the E6000 CER. You may use an asynchronous terminal or a PC with asynchronous terminal emulation software, such as HyperTerm or Teraterm. The E6000 CER is shipped with a black roll-over cable that has a 9-pin connector on one end and an RJ-45 connector on the other. Use the port labelled RS-232 on the RPIC to connect directly to a host device with the supplied cable and adapter. Do not attach the console to any other network interface. The default connection settings for the computer COM port are: • 9600 Baud rate • 8 data bits • No parity • 1-stop bit • Flow control Xon/Xoff Once a successful connection is made, you should get a login prompt. (Refer to the Chapter 10, Basic Bring-up Procedure to continue configuration.) The pinouts for the operator console port, the RJ-45–to–RJ-45 Serial Cable, and the RJ-45–to–DB-9 female DTE adapter is shown in Table 5-3 as follows: Table 5-3: Cabling and Console Port Signaling Using a DB-9 Adapter Console Port (DTE) Issue 1.0, 4 Feb 2013 RJ-45–to–RJ-45 Serial Cablea RJ-45–to–DB-9 Terminal Adapter Console Device Signal RJ-45 Pin RJ-45 Pin DB-9 Pin Signal RTS (Request to Send) Pin 1b Pin 8 Pin 8 CTS (Clear to Send) DTR (Data Terminal Ready) Pin 2 Pin 7 Pin 6 DSR (Data Set Ready) TxD (Transmit Data) Pin 3 Pin 6 Pin 2 RxD (Receive Data) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-12 PRELIMINARY E6000 CER Release 1.0 Console Port (DTE) RJ-45–to–RJ-45 Serial Cablea Router System Module (RSM) RJ-45–to–DB-9 Terminal Adapter Console Device Signal Signal RJ-45 Pin RJ-45 Pin DB-9 Pin GND (System Ground) Pin 4 Pin 5 Pin 5 GND (System Ground) Pin 5 Pin 4 Pin 5 GND (System Ground) RxD (Receive Data) Pin 6 Pin 3 Pin 3 TxD (Transmit Data) DSR (Data Set Ready) Pin 7 Pin 2 Pin 4 DTR (Data Terminal Ready) CTS (Clear to Send) Pin 8b Pin 1 Pin 7 RTS (Request to Send) GND (System Ground) a. The Serial Cable is supplied with the chassis. b. Pin 1 is connected internally to pin 8. Pin 1 is on the left when the RJ-45 connector tab is facing down as shown in the following graphic: Figure 5-4: View of Pin-out of Serial Cable Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-13 E6000 CER Release 1.0 PRELIMINARY Router System Module (RSM) The following figure illustrates a console port connection from the rear of the chassis: RJ-45 to RJ-45 serial cable RJ-45 to DB-9 adapter PC Figure 5-5: Connecting the Console Port to a PC Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-14 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) RSM Initial Bringup Configure RSM Ethernet Connections Enter the following CLI commands to configure the RSM management port: configure interface ethernet 6/0 no shutdown configure interface ethernet 6/0.0 ip address x.x.x.x y.y.y.y configure interface ethernet 6/0 no shutdown NOTE: The IPv4 address of the RSM management port is stored on the RSM, not on the RPIC. If the RSM is replaced, the new RSM must be configured with the correct IP address. Assign an IP address to the loopback interface and bring it into service: configure interface loopback 0 ip address x.x.x.x y.y.y.y Where: x.x.x.x represents the IP address y.y.y.y represents the network mask. configure interface loopback 0 no shutdown This example uses static routing. To apply a default route, enter: configure ip route 0.0.0.0 0.0.0.0 X.X.X.X Save the configuration to non-volatile memory: write memory Out-of-Band Management (Optional) Use the following commands to enable out-of-band management for management interface 6/0. This interface corresponds to the uppermost ethernet port on the RPIC. It is labeled Admin Port 0. configure interface mgmt 6/0 ip address x.x.x.x y.y.y.y configure interface mgmt 6/0 active ip x.x.x.x y.y.y.y configure ip route vrf management 0.0.0.0 0.0.0.0 y.y.y.y configure interface mgmt 6/0 no shutdown Save the configuration to non-volatile memory: write memory Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-15 PRELIMINARY E6000 CER Release 1.0 E6000 CER Base Software The E6000 CER ships with a software image installed but contains no configuration data. The RSM(s) will power up automatically with the serial port active, the user must perform all further configuration. NOTE: Local and Remote Access to the RSM Router System Module (RSM) Client slots do not power up automatically — The CAMs in the client card slots, 0-5 and 8-13 will not automatically power up when the system is powered on. An RSM must boot and have the slot type configured and then you will need to run the configure slot <num> no shutdown before the CAM slot(s) become active. The RSM Serial port is necessary for the initial configuration of the system. After the Admin0 ethernet port is configured, a system administrator can access the RSM from any locally connected host for faster configuration access. When in-band management is configured and enabled, system administrators can manage the E6000 CER remotely, accessing the system through a front panel NSI interface. If users choose to enable in-band management, they should also enable Access Control Lists (ACLs) for security. The use of the ACL feature allows traffic from only the designated source to reach the system controller. Virtual System Controller The Virtual System Controller feature offers the operator the ability to direct the console port on either RSM to the active or standby RSM. This takes place once the RSMs are in service. Use the following command if you want the console port to be always redirected to the active RSM (this is the default setting): configure line console 0 1 connect active Use the following command to redirect the console port to the RSM that you plugged into: configure line console 0 1 connect local When using the local method your authentication will be local only on the standby RSM. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-16 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) RSM and RPIC Replacement The following procedure should be used when replacing the RSMs in a duplex control complex. Procedure 5-5: How to Replace an RSM in a Duplex Chassis Follow the steps below to replace an RSM. 1 Be sure you are wearing an ESD strap when handling the RSM module. 2 If you have made any changes to the E6000 CER configuration since the last write memory command was entered, execute the write memory command again. 3 Back up the existing configuration of the RSM by performing the following steps: 4 • Enter copy running-config BKUPMMDDYY.cfg • Use Secure FTP (SFTP) or FTP to transfer the backed-up configuration from the E6000 CER to another system (your PC, for example). User should ensure that the RSM to be replaced is in the “Standby” Duplex or OOS State. An Active RSM will have all three LEDs green, a Standby only has the Power and Status LEDs lit. Status can also be determined by using the show linecard status command. Example — Refer to the following example output for the status of the RSM: E6# show linecard status Chassis Type: E6000 Slot Description 0 1 2 3 4 5 6 7 8 9 10 11 12 13 Issue 1.0, 4 Feb 2013 UCAM Spare UCAM UCAM Admin State Up Up Up Oper State IS IS IS Duplex State Standby Active Active Serial Number 12253CUP0006 12253CUP0042 12223CUP0006 HW Version RSM A RSM B Up Up IS IS Active Standby 12213RSM0004 RSM-08241W/C02 12213RSM0011 RSM-08241W/C02 DCAM-B DCAM-B DCAM-B DCAM-B Spare Up Up Up Up IS IS IS IS Active Active Active Standby 12253CDN0006 12303CDN0016 12303CDN0020 12303CDN0025 UCAM-24096W/C03 UCAM-24096W/C03 UCAM-24096W/C03 DCAM-08256W/C04 DCAM-08256W/C04 DCAM-08256W/C04 DCAM-08256W/C04 © 2013 ARRIS Group, Inc. — All Rights Reserved Prov/Det Type UCAM/UCAM UCAM/UCAM UCAM/UCAM -/UCAM -/UCAM -/DCAM RSM/RSM RSM/RSM -/DCAM -/DCAM DCAM/DCAM DCAM/DCAM DCAM/DCAM DCAM/DCAM Admin UP/ Allowed ports -/96 96/96 96/96 64/256 64/256 64/256 -/256 PRELIMINARY 5-17 PRELIMINARY E6000 CER Release 1.0 5 Router System Module (RSM) After completing changes on previous page, the next step is to switch sides if the desired RSM is not Standby. Once soft-switch is made, the standby or out-of-service RSM can be replaced (you don't have to wait for it to go standby). If the desired RSM is already standby, it can be replaced immediately. Perform a soft-switch to switch the active pair over to standby by entering the following command: configure interface system-controller xx soft-switch Where xx = active RSM slot NOTE: 6 If using the out-of-band connection on the RPIC for access to the E6000 CER, the telnet session will be disconnected during the soft-switch and will require the user to telnet back in. If using an in-band connection, connectivity should not be lost. Remove any cables and unplug the standby RSM card and plug in the replacement RSM. Allow the E6000 CER to return to duplex. Confirm by executing the show linecard status command. The standby RSM will display IS Standby. 7 Depending on the firmware version of the new RSM, the system may require a reload commit. Execute the show version detail from the active RSM. 8 Check system for normal operation. — End of Procedure — Procedure 5-6: How to Replace an RPIC in a Duplex Chassis Follow the steps below to replace an RPIC in a duplex system. 1 Be sure you are wearing an ESD strap when handling the RPIC. 2 If you have made any changes to the E6000 CER configuration since the last write memory command was entered, execute the write memory command again. 3 Backup the existing configuration of the RSM by performing the following steps: 4 Issue 1.0, 4 Feb 2013 a Enter copy running-config BKUPMMDDYY.cfg b Use Secure FTP (SFTP) or FTP to transfer the backed-up configuration from the E6000 CER to another system (your PC, for example). User should ensure that the RSM is in the same slot as the RPIC to be replaced is in the “Standby” Duplex State. An Active RSM will have all three LEDs green, a Standby only has the Power and Status LEDs lit. Status can also be determined by using the show © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-18 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) linecard status command. Example — Refer to the following example output for the status of the RSM: E6# show linecard status Chassis Type: E6000 Slot Description Admin Oper Duplex Serial HW Version Prov/Det Admin UP/ State State State Number Type Allowed ports 0 UCAM Spare Up IS Standby 12253CUP0006 UCAM-24096W/C03 UCAM/UCAM -/96 1 UCAM Up IS Active 12253CUP0042 UCAM-24096W/C03 UCAM/UCAM 96/96 2 UCAM Up IS Active 12223CUP0006 UCAM-24096W/C03 UCAM/UCAM 96/96 3 -/UCAM 4 -/UCAM 5 -/DCAM 6 RSM A Up IS Active 12213RSM0004 RSM-08241W/C02 RSM/RSM 7 RSM B Up IS Standby 12213RSM0011 RSM-08241W/C02 RSM/RSM 8 -/DCAM 9 -/DCAM 10 DCAM-B Up IS Active 12253CDN0006 DCAM-08256W/C04 DCAM/DCAM 64/256 11 DCAM-B Up IS Active 12303CDN0016 DCAM-08256W/C04 DCAM/DCAM 64/256 12 DCAM-B Up IS Active 12303CDN0020 DCAM-08256W/C04 DCAM/DCAM 64/256 13 DCAM-B Spare Up IS Standby 12303CDN0025 DCAM-08256W/C04 DCAM/DCAM -/256 5 After completing changes on previous page, the next step is to switch sides if the desired RSM is not Standby. Once soft-switch is made, the RPIC behind the standby or out-of-service RSM can be replaced (you don’t have to wait for the RSM to go standby). If the desired RSM is already standby its RPIC can be replaced immediately. Perform a soft-switch to switch the active pair over to standby by entering the following command: configure interface system-controller xx softswitch Where: 6 If using telnet for access to the E6000 CER, the telnet session will be disconnected during the soft-switch and will require the user to telnet back in. 7 Remove the serial and admin Ethernet cables attached to the standby RPIC, if any. 8 Unplug the standby RPIC card and plug in the replacement RPIC. NOTE: 9 Issue 1.0, 4 Feb 2013 xx = active RSM slot The standby RSM will be reset during this procedure and will not return to service until the replacement RPIC is inserted and detected. Allow the E6000 CER to return to duplex. Confirm by executing the show linecard status command. The standby RSM will display IS Standby. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-19 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) 10 Check system for normal operation. — End of Procedure — Procedure 5-7: How to Replace an RSM in a Simplex Chassis Follow the steps below to replace a Router System Module (RSM) in a simplex system. 1 2 This procedure requires out-of-band management. Verify that you have a working console connection from your PC to the serial port at the bottom of the faceplate of the RSM. See Procedure 5-5, Connecting the Console Port to a PC, on page 5-14, for more information. If you have made any changes to the E6000 CER configuration since the last write memory command was entered, execute the write memory command again. 3 Back up the existing configuration of the RSM by performing the following steps: 4 Enter copy running-config BKUPMMDDYY.cfg where BKUPMMDDYY is the name of your backup configuration file. 5 Use Secure FTP (SFTP) or FTP to transfer the backed-up configuration from the E6000 CER to your PC. 6 Open the BKUPMMDDYY.cfg file to make sure that this step succeeded. 7 Remove any cables from the RSM. 8 Wearing an ESD strap, pull the RSM and replace it. Since the serial and admin ethernet cables stay attached to the RPIC, you do not need to power down the chassis. Front SFP modules should be installed in the new RSM and connected. 9 Open the backup config file you FTP’d to your PC. 10 Open a console window (terminal emulator) on your PC. 11 Start a capture file in case you encounter problems and need help from Tech Support. 12 Configure either the out-of-band port or in-band management port; FTP the config file over; and, execute the config file. 13 Do a show version in order to verify that the version of the software loaded on the flash disk of the new RSM is the one you want to use. If not, you’ll have to do a software upgrade. 14 Once you have finished restoring the configuration, do a write memory command to save your changes. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-20 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Procedure 5-8: How to Replace an RPIC in a Simplex Chassis Follow the steps below to replace an RPIC in a simplex system. 1 If you have made any changes to the E6000 CER configuration since the last write memory command was entered, execute the write memory command again. 2 Back up the existing configuration of the RSM by performing the following steps: a Enter copy running-config BKUPMMDDYY.cfg b Use Secure FTP (SFTP) or FTP to transfer the backed-up configuration from the E6000 CER to another system (your PC, for example). 3 Remove the serial and admin Ethernet cables attached to the RPIC, if any. 4 Wearing an ESD strap, pull the RPIC and replace it. NOTE: The RSM will be reset during this procedure and will not return to service until the replacement RPIC is inserted and detected. 5 Reconnect the serial and admin Ethernet cables removed in step 3. 6 Allow the E6000 CER to return to service. Confirm by executing the show linecard status command. The RSM will display IS Simplex. 7 Check system for normal operation. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-21 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Flash Disk The flash disk is not removable and cannot be repartitioned in the field. File System Administration The commands in this section are often associated with system upgrades and disk maintenance procedures. File transfers to the flash disk usually require connectivity via either TFTP or FTP to a file server, where the files exist. In the case of an upgrade this would be the server where the new software image exists. File System Administration CLI Commands There are several CLI commands that are useful when performing a system backup. These commands and their functionality are described in Table 5-4. Table 5-4: File System Administration CLI Commands Use This Command Issue 1.0, 4 Feb 2013 To… cd change working directory copy copy files specified delete delete specified files dir list files and directories df display disk usage mkdir make a new directory pwd display present working directory rmdir remove a specified directory © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-22 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) Show Commands Use the following command to display the flash disk capacity on either Slot 6 or 7: show version detail 7 Sample output: Chassis Type: E6000 Time since the CMTS was last booted: 0 days, 0:12:44 (hr:min:sec) Slot: 7 Type: RSM Model Name: RSM-08241W Model Version: B07 Serial Number: 11283RSM0009 CPU Speed: 1500 MHz Bus Speed: 500.0 MHz RAM Size: 4096 MB Nor Flash Size: 32 MB Nand Flash Size: 32 MB Flash Disk Size: 437 MB format / 1189 MB physical PIC Model Name: RPIC-10002W PIC Model Version: B03 PIC Serial Number: 11223RHB0024 Fw Components: bud/0;02.00.42.00 budLite/0;02.00.26.00 budBLM/0;00.02.00.10 stox/0;00.02.01.31 aeon/0;00.06.01.01 Boot0 Version: CER_BOOT0_V00.00.07;09/19/12 03:47:00 PM Reason Last Booted: Coldstart Software Version: CER_V01.00.05.0042 Uptime: 0 days 0:12:44 Kernel Version: CER_V01.00.05.0042;012413173423 [COMMITTED] DKM Version: RTP Version: Committed Kernels: Kernel-1;CER_V01.00.05.0042;01/24/13 05:34:37 PM Kernel-2;CER_V01.00.05.0042;01/24/13 05:34:37 PM Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-23 PRELIMINARY E6000 CER Release 1.0 Router System Module (RSM) To display the amount of space remaining on the flash disk, use the following command: df detail Sample output: Device Name File System Used Blocks Free Blocks Total User Avail disk / 297057 611151 908208 Write Memory Command and Backups Utilization (%) 32 % A write memory operation first forces the MIB data out to disk, and then initiates a backup operation on the active RSM of the E6000 CER. The write memory command causes all files in the following directories of the active RSM to be copied onto the standby: • /alias • /certs • /cfgfiles (these are not CM configuration files) Once the backup is completed, the backup archive file is copied to the standby side. Once on the standby, it is un-bundled and the critical files of the active and standby RSM flash disks are synchronized. As part of a write memory action, critical files in the system are backed up. File Transfers Transfer Protocols The procedures in this chapter commonly identify a protocol to use while transferring files. Use Secure FTP (SFTP), File Transfer Protocol (FTP), or Trivial File Transfer Protocol (TFTP) to transfer files to and from the E6000 CER. System files may be uploaded from any partition to a network server using either protocol. Image files may also be downloaded from a network server to the update partition. Copy Command Syntax The copy command is commonly used for file transfers. Use the following command syntax format to initiate an image upload or download: copy <source> <destination> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-24 PRELIMINARY E6000 CER Release 1.0 Copy Command Examples Router System Module (RSM) Use the following command examples to initiate an image upload or download. The commands that use FTP assume that the FTP login and password are properly configured. See the configure ftp-server command for more information. To create a backup of your configuration files from the E6000 CER: copy running-config verbose /system/cfgfiles/backup.cfg To copy a backup file from the E6000 CER to an external FTP server: copy /system/cfgfiles/backup.cfg ftp://login:password@ftpserverip/backup.cfg To copy a E6000 CER image from an external FTP server to the E6000 CER: copy ftp://login:password@ftpserverip/CER_V01.00.05.0039.img /loads/CER_V01.00.05.0039.img To copy a backup file from the E6000 CER to an external TFTP server: copy /system/cfgfiles/backup.cfg tftp://tftpserverip/backup.cfg To copy a E6000 CER backup from an external TFTP server to the E6000 CER: copy tftp://tftpserverip/backup.cfg /system/cfgfiles/backup.cfg To install a new configuration file, run: exe file /system/cfgfiles/<filename> Then run reload commit Reload Commands The reload command comes in five versions—reload, reload <filename>, reload commit, show image, and show reload status. Each is explained in Table 5-5. Table 5-5: Reload Command Formats Use This Command To… reload Boot the system from the system image that has been committed. reload <filename> Reboot the system from the file specified.a reload commit 1) Saves a copy of the currently running image. 2) Creates a backup of the system configuration. show image [detail] [manifest] [patch <name>] Displays the software image information details. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-25 PRELIMINARY E6000 CER Release 1.0 Use This Command show reload-status Router System Module (RSM) To… Displays the status during a reload operation if one is in progress. a. Any image booted using the reload <filename> command is temporary, unless it is committed. If the system reboots before a reload commit is completed, it automatically reverts to the previously committed image. NOTE: Issue 1.0, 4 Feb 2013 Committing to a new image can take several minutes to complete. The commit process runs in the background and does not impact service. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 5-26 PRELIMINARY E6000 CER Release 1.0 6 Licensing Licensing CAM Channel Licensing 2 Maintenance Considerations 4 Associated CLI Commands 5 CAM Channel License Upgrade 6 Overview This chapter contains the licensing requirements for the following Cable Access Modules (CAMs): • Upstream Cable Access Module (UCAM) • Annex A Downstream Cable Access Module (DCAM) • Annex B DCAM Licensing provides the benefits of being able to reduce the entry price of the system, and the ability to offer the MSO a “Pay as you grow” system without the need for hardware and software upgrades. This helps the MSO customer by keeping operational costs to a minimum. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-1 PRELIMINARY E6000 CER Release 1.0 Licensing CAM Channel Licensing Licensing for the E6000 CER is associated with the Serial Number (SN) of the CAMs. The licensable items of the CAM include both the upstream channels and downstream channels. Channel Default Numbers Each CAM has a default number of allowed channels. The default number of channels associated with each module is listed as follows: • Annex A DCAM: 48 • Annex B DCAM: 64 • UCAM: 48 NOTE: Annex A/B refers to ITU J.83 Annex A,B, whose raw MPEG bitrates are 51.25 Mbps and 38.8107 Mbps, respectively, at 256 QAM. Per-channel packet rates and RF symbol rates also differ between these two annexes. Annex A is used mainly in Europe, and Annex B is used mainly in North America. This defaulted allotment of channels is always available to make the module active, whether or not a separately purchased license key is also associated with additional channels on that module. Additional Channels Customers desiring CAMs using more than the default number of channels must purchase license keys for that licensed number of channels. Additional channels may be purchased separately, as follows: • UCAM: Up to 48 more in increments of one (license levels 49 through 96). • Annex A DCAM: Up to 80 more in increments of one (license levels 49 through 128). • Annex B DCAM: Up to 64 more in increments of one (license levels 65 through 128). These additional channels will only be usuable when the customer installs a valid, purchased-license key. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-2 PRELIMINARY E6000 CER Release 1.0 Licensing CAM License Key Each CAM has an individual license key that is purchased to activate the channels on that module based in part on the module’s serial number. This license key is stored in nonvolatile memory on the module, so if the module is moved to another location, the license key stays with the module. NOTE: Issue 1.0, 4 Feb 2013 Replacing a CAM with a CAM having a license for fewer ports will introduce a licensing mismatch. If the original CAM had all allowed ports In-Service, the new CAM will only use ports up to its limit of allowed (licensed) ports. Should this situation occur, log messages will be generated, and SNMP notifications will be sent. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-3 PRELIMINARY E6000 CER Release 1.0 Licensing Maintenance Considerations Maintenance considerations, as regards to CAM channel licensing, involve: • CAM restoral • CAM sparing CAM Restoral To eliminate the necessity of having to install a license key on an Out-of-Service (OOS) module when restoring that module, the license key is not checked when the module itself is restored, but rather when each channel on the module is restored. With this approach, the module is not prevented from going into service due to a missing, or invalid key. CAM Sparing Spare CAMs are, by design, provided with the same number of default channels as their installed system counterparts. When spares are purchased, the customer has the option of upgrading the spare CAM with a higher number of available channels by purchasing a separate license. When a spare CAM takes over for a CAM in the spare group, it is desirable to have a license for as many, or more channels as the CAM that is being replaced, or else some of the channels may not get service after the failover to the spare CAM. In the event that the spare CAM is deficient in this regard, log messages are used to report the issue. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-4 PRELIMINARY E6000 CER Release 1.0 Licensing Associated CLI Commands The CLI commands and tasks provided in Table 6-1 are used to manage the CAM licensing function of the E6000 CER. Refer to Chapter 44, Command Line Descriptions for the complete description of how each command is used. Table 6-1: Tasks and Commands Associated with Licensing Task Command Action Add New Licensed Channel(s) configure slot <slot> port-count <number of ports> key <digit key> [annex <a|b>] To add newly licensed channels to a DCAM or UCAM after having previously obtained the license. Display CAM License Details show linecard license To display the licensed or unlicensed status of DCAMs and UCAMs. To display the total number of DCAM or UCAM channels that are: Display CAM License/Allowed Status show linecard status • Administratively UP. • Licensed. • Allowed. To display the total number of spare DCAM or UCAM channels that are: Display Spare CAM Protecshow spare group tion Status • Administratively UP. • Allowed. NOTE: Issue 1.0, 4 Feb 2013 A warning is displayed when a CAM or CAMs in the sparing group have more allowed channels than the CAM spare. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-5 PRELIMINARY E6000 CER Release 1.0 Licensing CAM Channel License Upgrade Each CAM comes equipped with a default number of user-available channels. Based on initial requirements, when a chassis with CAMs is purchased, the MSO customer has the option of increasing the number of user-available channels (by means of licensing) on a per CAM basis. Display License Details The show linecard license command displays details concerning the licensed or unlicensed status of a CAM. The following example output provides a view of the fields that can comprise its output, and gives various examples of information that can populate these fields. Slot Description Slot Annex Serial Number License Annex 2 3 UCAM UCAM - 11333CUP0001 11333CUP0008 - 10 DCAM Annex B 12303CDN0001 Annex B 11 12 13 DCAM DCAM DCAM Annex B Annex B Annex B 12303CDN0019 12303CDN0020 12303CDN0006 c Annex A Annex B Annex B License Ports Allowed Ports License Date 72 96 72a 96 09/19/201 09/21/2012 64 64b 09/21/2012 52 128 128 64 128 128 09/19/2012 09/19/2012 09/19/2012 a. If the CAM license is valid, then the licensed number of ports (channels) equals the number of allowed ports. b. If there is no license on the CAM or the license is invalid (except for a license/slot annex mismatch), then the allowed ports field shows the default number of allowed channels for that slot subtype. c. If the license annex does not match the slot annex, but the license is otherwise valid, then the licensed ports field information that is displayed matches the values in the license TLV. The allowed ports field shows the default number of channels for that slot subtype. Display Linecard Status Information The show linecard status command displays details regarding CAM states and the CAM sparing arrangement. The following example output provides a view of the fields that comprise its output, and gives various examples of information that can populate these fields. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-6 PRELIMINARY E6000 CER Release 1.0 Chassis Type: E6000 Slot Description 2 3 6 7 12 13 UCAM Spare UCAM RSM A RSM B DCAM-B DCAM-B Spare Admin State Up Up Up Up Up Up Oper State IS IS IS IS IS IS Duplex State Standby Active Active Standby Active Standby Serial Number 11333CUP0001 11333CUP0008 12173RSM0007 12213RSM0006 12303CDN0001 12303CDN0006 Licensing HW Version UCAM-24096W/B07 UCAM-24096W/B07 RSM-08241W/C04 RSM-08241W/C04 DCAM-08256W/C04 DCAM-08256W/C04 Prov/Det Type UCAM/UCAM UCAM/UCAM RSM/RSM RSM/RSM DCAM/DCAM DCAM/DCAM Admin UP/ Allowed ports -/96 96/96 128/128 -/128 Display Spare Group Information The show spare-group command displays details regarding the CAM sparing group arrangement. The following example output provides a view of the fields that comprise its output, and gives various examples of information that can populate these fields. Slot ---2 3 12 13 Leader Slot -----2 2 13 13 Mode ------manual manual Admin UP/ Allowed Ports ------------96/96 96/96 128/128 0/128 Field Upgrade for Additional Channel Growth After initial installation, as the customer’s subscriber requirements increase, the need to expand the number of licensed channels, on a per CAM basis, will require a field upgrade at the MSO. When it is determined that an increase in subscriber usage is significant enough to warrant an increase in the number of downstream and/or upstream channels, the MSO customer conducts a usage study to determine how many additional licensed channels are required. As a result of the usage study, the MSO customer then prepares a plan to map out: • Which CAMs in which card slots are to be upgraded with the additional licensed channels. • The SNs that are associated with each CAM that is to be upgraded with the additional licensed channels. NOTE: Issue 1.0, 4 Feb 2013 The CAM serial numbers can be found using the show linecard status CLI command. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-7 PRELIMINARY E6000 CER Release 1.0 NOTE: Licensing At this point the MSO customer also needs to determine if the CAM sparing arrangement will be capable of providing protection for the newly licensed channels. If a license upgrade occurs and a CAM sparing group leader is not provided with enough working channels to protect one or more of the newly licensed channels on a CAM, then a log warning message will be output once per day indicating that service could be impacted upon a failover. When additional licensing capability has been approved the MSO customer can proceed with the licensing upgrade. Before Proceeding — Be aware of the following: • You do not have to wait for a maintenance window to perform a license upgrade because the UCAM or DCAM does not have to be taken OOS to perform a license upgrade. NOTE: • Even though the UCAM or DCAM must be IS, you should not proceed if there are any current alarms flagged for the CAM. An alarm condition could cause the license upgrade to fail. Do not proceed until the CAM is alarm free. You need to obtain: - The previously generated MSO information identifying the chassis slots and SNs of the CAMs that are receiving the license upgrade. The keyfile attachments sent by ARRIS. Procedure 6-1: Upgrading Additional Licensed CAM Channels This procedure allows the MSO user to license additional CAM channels with license keys obtained from ARRIS through a PO. 1 Login to the E6000 CER. 2 Determine which CAM is to be upgraded and that it is IS. Use the key file attachment information sent by ARRIS to verify the SN, of the appropriate CAM. 3 Use the following command example to perform a license upgrade for a DCAM: configure slot 12 port-count 88 key 08090a0b0c0d0e0f annex b NOTES: The 88 in this example assumes the combined number of total ports, that is, the 64 ports that were originally provided, plus 24 newly licensed channels. The annex defaults to the slot annex if it is not specified. If channels are administratively IS, but operationally OOS due to lack of licensing, then adding a license will cause the system to attempt to make them operational. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-8 PRELIMINARY E6000 CER Release 1.0 4 Licensing Enter the following command to verify the total number of channels that are administratively UP and the allowed number of channels on the CAM that was just upgraded: show linecard status An output similar to the following example will occur: Chassis Type: E6000 Slot Description 2 3 7 12 13 UCAM Spare UCAM RSM B DCAM-B DCAM-B Spare Admin State Up Up Up Up Up Oper State IS IS IS IS IS Duplex State Standby Active Active Active Standby Serial Number 11333CUP0001 11333CUP0008 11283RSM0002 12303CDN0001 12303CDN0006 HW Version UCAM-24096W/B07 UCAM-24096W/B07 RSM-08241W/B07 DCAM-08256W/C04 DCAM-08256W/C04 Prov/Det Type UCAM/UCAM UCAM/UCAM RSM/RSM DCAM/DCAM DCAM/DCAM Admin UP/ Allowed ports -/96 96/96 128/128 -/128 Any irregularities that are noted will need to be resolved before proceeding. 5 6 Issue 1.0, 4 Feb 2013 The following tasks for newly licensed DCAM downstream channels must then be performed, as described in Basic Bring-up Procedure: a Assigned to a MAC domain. b Assigned a cable frequency. c Brought IS. The following tasks for newly licensed UCAM upstream channels must then be performed, as described in Basic Bring-up Procedure: a Assigned to a MAC domain. b Assigned a cable frequency. c Paired for cable supervision with downstream channels. d Brought IS. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 6-9 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Licensing PRELIMINARY 6-10 PRELIMINARY E6000 CER Release 1.0 7 Issue 1.0, 4 Feb 2013 Downstream Cable Access Module (DCAM) Downstream Cable Access Module (DCAM) Licensing 2 Modules and Components 3 Primary Software Function 4 Non-Contiguous Channels and Frequency Agility 9 Interleaver Depth 11 Provisioning and Configuration 14 High-Level DCAM Implementation Procedure 21 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-1 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Overview This section provides information and procedures specific to the Downstream Cable Access Module (DCAM) used with the E6000 CER and provides basic examples of slot equipage and DCAM configuration. Licensing Each DCAM is provided with a default number of Downstream (DS) channels that are immediately available for subscriber use: • 48 channels for Annex A (channel widths of 8 MHz) • 64 channels for Annex B (channel widths of 6 MHz) NOTES: 1.The terms Annex A and Annex B refer to ITU J.83 Annex A,B, whose raw MPEG bit rates are 51.25 Mbps and 38.8107 Mbps respectively at 256 QAM. Per-channel packet rates and RF symbol rates also differ between these two annexes. 2. Annex A is used mainly in Europe, Annex B in North America. Up to 80 additional DS channels per DCAM can be activated for subscriber use (Annex A), and up to 64 additional DS channels can be activated for subscriber use (Annex B) through the purchasing of additional license keys. Refer to Chapter 6, Licensing for more detailed information pertaining to licensing. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-2 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Modules and Components To facilitate the maintenance needs of the MSO customer, the DCAM is teamed with a DCAM Physical Interface Card (DPIC) that among other benefits, aids in the ease of DCAM replacement when necessary. Figure 7-1 provides a faceplate view of the DCAM and various views of the two types of DPICs used with the E6000 CER. (-30 dB) (-30 dB) (-30 dB) (-30 dB) (-30 dB) (-30 dB) (-30 dB) (-30 dB) Figure 7-1: DCAM and DPIC Faceplate Views Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-3 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Primary Software Function The primary software functions of the DCAM include: • Packetization, queueing, and scheduling of all downstream packets • Downstream channel bonding of flows • Creation of DOCSIS downstream SYNC messages • Combining of the digital representation of multiple single channels into a single wideband channel suitable for up conversion • Conversion of the wideband digital signal into an analog signal and placement of this at a selected point in the CATV RF spectrum • Support of a configurable modulation depth (256QAM) per RF block upconverter • Support of simultaneous interleaver settings in Annex B mode. Any channel on an interface is capable of being assigned to one of the active interleaver settings for the module, independently of any other channel. This only applies to Annex B; for Annex A, only 1 interleaver depth is valid. See also Interleaver Depth on page 7-11. • Support of independent adjustment of RF power on a per block upconverter basis • Support of the individual muting of channels within a RF block upconverter group to -50dBc Maximum Number of DCAMs The E6000 CER chassis is capable of supporting a 7+1 DCAM sparing group with seven active DCAMs. For additional information pertaining to how this maximum was achieved, refer to Scalability on page 3-8. Description The DCAM operates as the DS module of a DOCSIS 3.0 E6000 CER incorporating DS MAC processing and DS Physical Layer processing. The DCAM can reside in slots 0 through 5, or slots 8 though 13 of the E6000 CER chassis. Be aware, however, that the DCAM spare is intended to support sparing of DCAMs in contiguous slots; thus, the spare DCAM can only reside in the highest numbered slot in the sparing group. Refer to Chapter 12, CAM Sparing for additional information on sparing. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-4 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) The DCAM currently supports 128 physical DS channels total (Annex A or Annex B) by means of eight RF connectors on its associated DPIC. This results in 16 DS channels per one RF connector. The DCAM supports 1.2 MPPS processing capability. Channel Type — The currently supported DCAM channel type is: DOCSIS. Channel Width — The channel width settings for the DCAM are based upon whatever is configured (Annex A or Annex B) for the assigned chassis slot. LEDs The DCAM is provided with two LEDs on its faceplate, designated as follows: • Status • Power Depending on the displayed color of the LEDs and the illumination state (steady on, or rate of flashing) of the LEDs, a user is able to determine the current condition of the DCAM. The various LED state possibilities are shown in Table 7-1. Table 7-1: Front DCAM LED States Status Base Channel Output Power Level Issue 1.0, 4 Feb 2013 Power Description Color State Color State None Off None Off Yellow Steady On Yellow Steady On Red Steady On None Off Red Steady On Green Blinking Module powered down Red Steady On Green Steady On Module out-of-service Green Slow Blink Green Steady On Pumping Green Fast Blink Green Steady On Initializing Green Steady On Green Steady On The DCAM is in-service. Low -48V power By means of the front panel LED test pushbutton on either RSM (while pushbutton is depressed and held) Hardware error preventing power up The E6000 CER supports configuring the base channel output power level for an RF connector. Table 7-2 shows the calculated Downstream Radio-Frequency Interface (DRFI) ranges, assuming a maximum of 128 total channels on an RF connector. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-5 PRELIMINARY E6000 CER Release 1.0 NOTE: Downstream Cable Access Module (DCAM) The minimum power level range is 8 dBmV less than the maximum. Table 7-2: DRFI Ranges Channels DRFI Required Power Range (dBmV) Default Power (dBmV) Allowed CLI Power Range (dBmV) 1 52-60 600 370-600 2 48-56 560 370-560 3 46-54 540 370-540 4 44-52 520 370-520 5 43-51 510 370-510 6 42-50 500 370-500 7-8 41-49 490 370-490 9-10 40-48 480 370-480 11-12 39-47 470 370-470 13-14 38-46 460 370-460 15-16 37-45 450 370-450 The CLI will enforce the DRFI maximum power level for the number of included channels on an RF-connector. Per-Channel Power Level — The maximum per-channel power level is determined by the number of channels assigned to a cable MAC on the same RF connector. The following factors do not determine the per-channel power levels: • the administrative or operational state of the channels • the frequency of the channels (even 0 MHz) • muting the channel. For example, if the power level is set to 60dBmV, and if you try to add a second channel to the same RF connector, then it will fail because 60 dBmV is not a valid power level for two channels on the same connector. Additional Power Level Considerations — If the power level is changed for one channel, the power level for all other channels associated with the same RF connector is also changed. The configure interface cable-downstream <s/c> cable power-level <power level in dBmV> command fails if the chosen power level is outside of the range shown in Table 7-2. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-6 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) DPIC Description A DPIC is associated with a DCAM (front card) in the same slot number. There are two types of DPICS: • A standard DPIC containing eight downstream RF connectors. • A spare DPIC (or DPIC spare) teamed with a DCAM spare that is specifically designed to switch-protect a group of DCAMs. Various views of these DPICs were previously provided in Figure 7-1. The standard DPIC is provided with eight female F-connector jacks that are designed to accept coaxial RF-connector, F-connectors. An F-connector is a screw-on RF-connector designed for a 75-Ohm impedance with a frequency match of up to 1 GHz. The physical arrangement of the F-connector jacks as well as their order of numbering is shown in Figure 7-2. Additionally, an example CLI command is used to show the relationship between the physical hardware and the software configuration. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-7 E6000 CER Release 1.0 PRELIMINARY Downstream Cable Access Module (DCAM) Connector Channel (Port) (-30 dB) 0-15 (-30 dB) 0-15 (-30 dB) 0-15 (-30 dB) 0-15 (-30 dB) 0-15 (-30 dB) 0-15 (-30 dB) 0-15 (-30 dB) 0-15 Example configuration command: configure interface cable-downstream 12/0/1 Where: 12 = Chassis slot (valid range is 0-5 and 8-13) 0 = Connector (valid range is 0-7) 1 = Channel (port) (valid range is 0-15) Figure 7-2: DPIC Physical Connector Numbering Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-8 PRELIMINARY E6000 CER Release 1.0 Port LEDs Downstream Cable Access Module (DCAM) Each standard DPIC is provided with one LED per RF port (connector). These eight LEDs provides port status as explained in Table 7-3. Table 7-3: Port Status LED Color State none off green steady on Description No channels in-service. At least one channel operationally in service on that RF port. Both the standard DPIC and the DPIC spare are equipped with a Sparing LED. Sparing DPIC LED Status Under normal conditions all sparing LEDs will be off. When a DCAM in a sparing group fails, traffic is transferred to its sparing group leader. In this case, the sparing LEDs of the DPIC associated with the failed DCAM, and the DPIC associated with the DCAM sparing group leader are on. NOTE: RF Test Output Ports The DCAMs in the sparing group must be of the same Annex type and contiguous. Additionally, while some front DCAMs may be absent in a sparing group without affecting how sparing works for the other DCAMs, all DPICs in the sparing group must be present for complete sparing functionality. Refer to Chapter 12, CAM Sparing for additional information. The DPIC is provided with eight RF test output ports that are used to verify the presence of downstream signals. The eight RF test outputs carry attenuated (-30dB) copies of each of the main RF outputs. This attenuated test signal level is accurate to within +- 3 dB over the full frequency range, and the full operating temperature range. NOTE: The test output ports are not meant to be used for signal calibration, detecting signal spurs, or for precise RF quality measurements. These outputs run on 75-Ohm RF connectors that can be readily distinguished from the main RF connectors, by their smaller size (MCX). Non-Contiguous Channels and Frequency Agility The functionality of this feature differs slightly depending on the annex type chosen for a DCAM. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-9 PRELIMINARY E6000 CER Release 1.0 Annex B Downstream Cable Access Module (DCAM) The DCAM, when configured as Annex B supports a distribution of the 16 channels on an RF port across the RF downstream spectrum (54 MHz to 1002 MHz) such that any of the channels may be placed in either of two windows 96 MHz wide, with the channels restricted to a 6 MHz grid. The first frequency on the grid (which is common to both windows) is selectable with a resolution of 125 kHz. These frequency limits are all edge frequencies; the lower edge of the lowest carrier must be no less than 54 MHz, and the upper edge of the highest carrier must not exceed 1002 MHz. Similarly, the 96 MHz window is edge-to-edge, not center-to-center. The two 96 MHz windows can be placed in different parts of the spectrum or, in the simplest case, be adjacent, to form a 192 MHz window. Up to eight channels may be placed in each window, on a grid of 16, 6 MHz slots. So, up to eight out of the 16 slots may be filled in any manner the customer wishes. Extra flexibility is provided by allowing the 16 channels to be distributed arbitrarily between the two windows, as opposed to restricting them to 8 in each window. Annex A The DCAM, when configured as Annex A, supports a distribution of the 16 channels on an RF port across the RF downstream spectrum (54 MHz to 1006 MHz) such that up to eight channels may be placed in each of two windows 128 MHz wide, with the channels restricted to an 8 MHz grid. The first frequency on the grid (which is common to both windows) is selectable with a resolution of 125 kHz. These frequency limits are all edge frequencies; the lower edge of the lowest carrier must be no less than 54 MHz, and the upper edge of the highest carrier must not exceed 1006 MHz. Similarly, the 128 MHz window is edge-to-edge, not center-to-center. NOTE: 1006 MHz is the upper frequency edge of an 8 MHz channel with its center at 1002 MHz. The two 128 MHz windows can be placed in different parts of the spectrum or, in the simplest case, be adjacent, to form a 256 MHz window. Up to eight channels may be placed in each window, on a grid of 16, 8 MHz slots. So, up to eight out of the 16 slots may be filled in any manner the customer wishes. Extra flexibility is provided by allowing the 16 channels to be distributed arbitrarily between the two windows, as opposed to restricting them to eight in each window. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-10 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Interleaver Depth The downstream interleaver helps protect against noise bursts. By interleaving the data, only small pieces of several data frames are lost as opposed to a larger portion of a single data frame. Reducing the amount of contiguous errors results in a higher probability that the FEC can correct the losses due to bursts of noise. The more interleaved that the data actually is, the smaller the amount of data that is lost in any particular data frame; however, increasing the interleaving also increases the amount of the delay in the transmission of the data. Table 7-4 and Table 7-5 show the different interleaver depth settings that are available, the length of a noise burst that they can protect against, and the delay in the data transmission. NOTE: Only two values are allowed per DCAM. Table 7-4: Annex B Downstream Interleavers Burst Protection Issue 1.0, 4 Feb 2013 Latency Taps Increment 256 QAM 8 16 4.1 usec 0.15 msec 16 8 8.2 usec 0.33 msec 32 4 16 usec 0.68 msec 64 2 33 usec 1.4 msec 128 1 66 usec 2.8 msec 128 2 132 usec 5.6 msec 128 3 198 usec 8.4 msec 128 4 264 usec 11 msec 128 5 330 usec 14 msec 128 6 396 usec 17 msec 128 7 462 usec 20 msec 128 8 528 usec 22 msec © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-11 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Table 7-5: Annex A Downstream Interleaver Burst Protection NOTE: Taps Increment 12 17 Latency 256 QAM 14 usec 0.32 msec Taps can be thought of as different sources of information. Default = 32 taps. The increment determines how much information is taken from each tap; it varies inversely with the number of taps. The interleaver works with a total of 128 symbols in one group. If there are 128 taps, then each tap takes one symbol. If there are 16 taps then each one takes 8 symbols. Burst protection values refer to the maximum size in microseconds of a burst that can be corrected. QAM Modulation Order and Port Requirements The DCAM supports: • NOTE: 256QAM operation only. 64QAM is not supported. • A unique setting of 256QAM per F-connector of the DPIC. • Each F-connector of the DPIC can be set to 256QAM mode independent of the other F-connectors. Any change to the modulation will change the modulation of all channels on that F-connector. MAC Domains The E6000 CER DCAM allows up to eight MAC Domains on a single card. This provides for an average of one MAC domain per RF connector, or one MAC domain for every 16 channels. Note also, that the channel/MAC domain assignment flexibility on a DCAM is not constrained, that is, any channel on a DCAM can be assigned to any MAC Domain on that DCAM. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-12 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) The size of a MAC Domain for a DCAM is limited to no more than 64 downstream channels, and the number of primary-capable downstream channels in a MAC Domain is limited to 48. For additional information pertaining to primary-capable downstream channels, refer to Primary-Capable Downstream Channel on page 13-23. Parameters Specific configuration information regarding downstream parameters are provided in the following paragraphs. Annex Setting — The annex setting of the chassis slot defines the annex setting for any DCAM in the chassis. Therefore, all of the cable-macs on a DCAM are by default, configured with the same annex. In other words, one DCAM can be configured for Annex A and another can be configured for Annex B, but annexes cannot be mixed on the same DCAM. Channel Width — The E6000 CER uses an 8-MHz width for Annex A slots and a 6-MHz width for Annex B slots. See also NonContiguous Channels and Frequency Agility on page 7-9 for additional information. Downstream Interleaver Settings — The DCAM supports all DOCSIS interleaver settings. See also Interleaver Depth on page 7-11. Max Round Trip Delay — The maximum round trip delay defines the maximum amount of time in microseconds allowed for round trip delay that it would take a cable modem to send a message, such as a broadcast ranging attempt, to the E6000 CER and to receive a response. This parameter is used to determine the amount of time that must be given to a cable modem to transmit a broadcast ranging message. The parameter is also used to determine the needed Map Ahead Timer for DOCSIS® Map messages. The default time is 1600 microseconds, which is roughly enough time for a cable modem up to 100 miles from the E6000 CER to send a message and receive the response. The E6000 CER allows values in the range of 200 to 1600. Automatic Gain Control (AGC) — AGC is used to adjust the downstream RF power to more closely match the configured level. The power-level is at the connector level and the power-adjustment is on a per-channel basis. NOTE: Issue 1.0, 4 Feb 2013 AGC is always enabled, and does not prevent individual power adjustments. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-13 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Power can only be adjusted downward per channel, so the connector power level should be set to the highest desired power for any channel on the connector. Modulation — The following are the operational notes and constraints regarding QAM modulation settings: • Changing the modulation of any downstream channel also changes the modulation of all the other channels associated with the same connector. • The modulation of a channel can be changed whether the channel is in the up or down administrative state. • Default: 256 QAM CAUTION Changing the modulation of any channel can be service affecting to all channels associated with the same DCAM connector. Power — All downstream channels associated with a given RF connector must have the same base power setting. If a single channel is configured to an RF connector, it can be configured for output power in the range of 41-60 dBmV. Each channel has a separate power adjustment value unique to that channel. This per-channel adjustment must be negative. If other channels are configured to that connector, the allowed maximum power level decreases with each additional channel regardless of the administrative states of the added channels. See Table 16-6, Maximum Power Level for Included Channels, on page 1-173. Downstream Frequency Range — The DCAM supports the DOCSIS/EuroDOCSIS 3.0 extended frequency range as previously discussed in Non-Contiguous Channels and Frequency Agility. Provisioning and Configuration The various CLI commands (with examples) used in provisioning and configuration of the DCAM are discussed in the following paragraphs. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Basic Command Set for Configuring a DCAM Issue 1.0, 4 Feb 2013 The set of commands shown in Table 7-6 are necessary for the basic bring up of a DCAM in a given slot. The values chosen for these commands are meant to be examples. Actual values will vary as a DCAM is fully configured. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-14 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Also be aware, that when configuring downstream channels, cable supervision and primary capability need to be considered. Refer to the following for additional information: • Upstream to Downstream Channel Association (Supervision) on page 13-13. • Primary-Capable Downstream Channel on page 13-23. Table 7-6: Example of Commands Required for Configuring a DCAM in Slot 12 Command Purpose Configure slot and cable-mac configure slot 12 type dcam-b name “CAM” Provision a client slot as a DCAM slot for Annex B. configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure Assign and configure a cable-mac. interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac 1 1 description "md1" 1 cable insertion-interval 20 1 cable tftp-enforce 1 cable dynamic-secret reject 1 cable cm-ip-prov-mode ipv4only 1 cable mcast-fwd-by-dsid 1 cable mdd-interval 1800 1 cable reg-rsp-timer-t6 40 1 cable dynamic-rcc 1 cable downstream-bonding-group dynamic enable 1 cable upstream-bonding-group dynamic enable 1 cable mult-tx-chl-mode 1.0 ip address 10.142.0.1 255.255.224.0 1.0 ipv6 enable 1.0 ip address 10.242.224.1 255.255.224.0 secondary dhcp-giaddr mta 1.0 ip address 10.253.42.1 255.255.255.128 secondary 1.0 ipv6 address fc00:cada:c442:c001::1/64 1.0 cable helper-address 10.44.249.46 mta 1.0 cable helper-address 10.50.42.3 cable-modem 1.0 cable helper-address 10.50.42.3 cpe 1.0 ipv6 dhcp relay destination fc00:cada:c442:ed00::3 1.0 ipv6 nd managed-config-flag 1.0 ipv6 nd other-config-flag 1.0 ipv6 no nd ra suppress Configure and restore downstream channel configure configure configure configure interface interface interface interface cable-downstream cable-downstream cable-downstream cable-downstream Configure and then restore a downstream channel for: 12/0/0 12/0/0 type docsis cable-mac 1 12/0/0 cable frequency 327000000 12/0/0 no shutdown • Cable-mac • Frequency Show channel settings show interface cable-downstream 12 show interface cable-downstream 12/0/0 detail Issue 1.0, 4 Feb 2013 Confirm channel settings for a slot or individual channel. See also Confirm Channel Settings. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-15 PRELIMINARY E6000 CER Release 1.0 Confirm Channel Settings Downstream Cable Access Module (DCAM) To view the channel settings resulting from configuring the DCAM, enter a slot number similar to the one in the following example: show interface cable-downstream 12 An output similar to the following will occur: NOTE: This example shows that a downstream was previously fully-configured. DS S/C/P 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 12/0/8 12/0/9 12/0/10 12/0/11 12/0/12 12/0/13 12/0/14 12/0/15 12/1/0 Cable Mac 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 • Oper State Annex Freq(Hz) IS B(US) 327000000 IS B(US) 333000000 IS B(US) 339000000 IS B(US) 345000000 IS B(US) 351000000 IS B(US) 357000000 IS B(US) 363000000 IS B(US) 369000000 IS B(US) 375000000 IS B(US) 381000000 IS B(US) 387000000 IS B(US) 393000000 IS B(US) 399000000 IS B(US) 405000000 IS B(US) 411000000 IS B(US) 417000000 IS B(US) 327000000 Mod Power Type (.1dBmV) q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 q256 410 LBal Group - q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 q256 - • 12/6/14 12/6/15 12/7/0 12/7/1 12/7/2 12/7/3 12/7/4 12/7/5 12/7/6 12/7/7 12/7/8 12/7/9 12/7/10 12/7/11 12/7/12 12/7/13 12/7/14 12/7/15 Issue 1.0, 4 Feb 2013 7 7 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 IS IS IS IS IS IS IS IS IS IS IS IS IS IS IS IS IS IS B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) B(US) 411000000 417000000 327000000 333000000 339000000 345000000 351000000 357000000 363000000 369000000 375000000 381000000 387000000 393000000 399000000 405000000 411000000 417000000 410 410 410 410 410 410 410 410 410 410 410 410 410 410 410 410 410 410 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-16 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) To view detailed channel settings resulting from configuring the DCAM, for a single channel enter the following: show interface cable-downstream 12/0/0 detail An output similar to the following will occur: Downstream Port 12/0/0 --------------Port state: Connector: Channel-ID: Cable-Mac: Primary-Capable: Upstream Ports: Cable Standard: Frequency (Hz): Interleave depth (no of taps): Modulation: Provisioned Power (tenth of dBmV): Measured Power (tenth of dBmV): Power Fine Adjustment (steps): Max Round Trip Delay(microseconds): Load Balance Group Id: Max Allowable Normal Voice BW (%): Reserved Normal Voice BW (%): Max Allowable Emergency Voice BW (%): Reserved Emergency Voice BW (%): Max Allowed Total (Emergency + Normal) (%): Emergency Preemption: Token Bucket Mode: Attribute Mask: IS 0 1 1 True 3/0/0-3 Annex B from ITU-J83 327000000 32 q256 410 0 0 200 16779264, 16781312, 16783360 50 0 70 0 70 enabled shape 0x00000000 Counts data for port: 12/0/0 Cable-mac: 1 ---------------------------------------------------------------------------------Seconds since Last Snap : 548 Frames Sent (Total) Bytes Sent (Total) Frames Sent (Mac) Bytes Sent (Mac) Max Channel Bit Rate DS Load Packet Rate DS Load Bit Rate DS Load Packet Rate (Mac) DS Load Bit Rate (Mac) DS Instant Packet Rate DS Instant Bit Rate Instant Packet Rate (Mac) Instant Bit Rate (Mac) Issue 1.0, 4 Feb 2013 : : : : : : : : : : : : : 969300 57439826 43 7927 0 1770 839925 0 976 1772 848518 0 968 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-17 PRELIMINARY E6000 CER Release 1.0 Dropped Dropped Dropped Dropped Dropped Dropped : : : : : : 0 0 0 0 0 0 Broadcast Frames Sent (Total) Broadcast Frames Sent (Mac) Default BroadCast Flow Frames : 80 : 1 : 80 Multicast Multicast Multicast Multicast Multicast Multicast Multicast Multicast Multicast Multicast Multicast : : : : : : : : : : : 968773 0 967167 0 0 0 0 16 0 0 0 : : : : : : : 447 42 0 0 0 0 0 Unicast Unicast Unicast Unicast Unicast Unicast Unicast Issue 1.0, 4 Feb 2013 Token NoDefer Load Pkts Load Latency Load 2Sec Priority Cutoff Reason Tx Frames Sent (Total) Frames Sent (Mac) Docsis Map & Sync Frames IpVideo Frames Sent IpVideo Frames Dropped Latency Frames Late IpV4 Default Flow Frames IpV6 Default Flow Frames IgmpV2 Query Flow Frames IgmpV3 Query Flow Frames Video Flows created Frames Sent (Total) Frames Sent (Mac) IpVideo Frames Latency Frames Late IpVideo Drops Video Flows created Unknown Default Flow Frames Downstream Cable Access Module (DCAM) Docsis LowPriority MMM Flow Frames : 2082 Global Counts (all channels): Demand Bytes Dropped unknown Flow Type Dropped unknown CmIndex Dropped unknown TFID Dropped Inactive Drops due to no Destination Dropped Replicated Drops due to filtering Drops due to QOS Busy Drops due to Red-PreClassification Drops due to Red-PostClassification Drops due to BadPacketsIn Drops due to HW Drops due to DsQos : : : : : : : : : : : : : : 19547584 0 0 0 0 0 8 0 0 0 0 0 0 0 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-18 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) Frequency Adjustment Commands The center frequency for DS channels are configurable (minimum and maximum) and verifiable by means of CLI commands. Setting Minimum and Maximum The following command sets the minimum downstream center frequency for all channels within the chassis: configure cable freq-ds-min {57 | 85 | 91 | 112} [no] Where: 57 = extended for Annex B 85 = extended for Annex A 91 = standard for Annex B 112 = standard for Annex A NOTE: The default for Annex A or Annex B is 91. The following command sets the maximum downstream center frequency for all channels within the chassis: configure cable freq-ds-max {858 | 867 | 999} [no] Where: 858 = standard for Annex A 867 = standard for Annex B 999 = extended for Annex A and B NOTES: Display Frequency Range 1. The default for Annex A or Annex B is 867. 2. If the no parameter is included in these commands, it sets the downstream center frequency range to the default values. 3. The configure cable freq-ds-min and …freq-ds-max commands do not permit an overlap with the current upstream frequency range. To display the downstream center frequency range, use the following command: show cable global-settings Sample system output: Downstream Frequency Range: Upstream Frequency Range: Issue 1.0, 4 Feb 2013 57-999 5-42 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-19 PRELIMINARY E6000 CER Release 1.0 Allow piggybacking data req on polling US SFs: Load Balance: CM registration request Timeout: Maximum QoS Active Timeout: Maximum QoS Admitted Timeout: Concatenation for DOCSIS 1.0 CM: Fragmentation for DOCSIS 1.0 CM: Max traffic burst for 1.1 CM: Peak traffic rate for 1.1 CM: Percent increase for DS SF rate: CMs required to detect US lockup: LO1 leak detect: Interval to collect utilization data: Modifying primary DS chan in RCC of Reg-Rsp-Mp: Send 46.1RefID only in first TCC frag: Allow CM service group ambiguity override: Unicast non-primary US channel acquisition: TFTP Enforce and Dynamic Shared Secret: Downstream Cable Access Module (DCAM) Disabled Enabled 30 0 200 Off On 128000 0 1 10 Disabled 0 Enabled False Disabled Disabled Enabled Procedure 7-1: Assigning a DS Channel Frequency outside the Window for Its Connector 1 Choose one of the associated frequencies to be the first one to change to the new frequency outside the window which is: • 128 MHz for Annex A • 96 MHz for Annex B 2 Set the admin state of the other associated downstream channels on that RF connector to down. 3 Reassign those admin down DS channels to a frequency of 0 MHz. A DCAM channel must be administratively down in order to set the frequency to zero. The 0 Hz frequency acts as an enabler: it does not violate the 80 MHz constraint. 4 Reassign the only DS channel that is in the admin up state to the desired frequency. 5 Assign new frequencies to the DS channels that you set to the admin down state. The new frequencies must all be within the 80 MHz edge-to-edge range and must not overlap. 6 Bring up the other channels that are admin down. The channel frequencies assigned to the channels of the four RF connectors are not required to be in any order. The channel frequencies associated with RF connector DS2, for example, can be lower than those of DS0 and higher than those of DS3. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-20 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) The downstream frequency step size is 125 KHz. The default downstream frequency: 0 Hz. — End of Procedure — Scripts for Reconfiguration or Changing RF Parameters When using provisioning scripts or making extensive changes to downstream or upstream RF parameters or channel configurations, users should observe the following guidelines: 1 Shut down cable-macs (MAC domains) before shutting down upstream or downstream channels. 2 After the cable-mac(s) and channel(s) have been shut down, use the following command to give the RSM time to process all the shutdown information: wait 60 3 Change the RF parameters or configurations. 4 Restore the upstream or downstream channel(s) (no shutdown) first and then restore the cable-mac(s). High-Level DCAM Implementation Procedure The following high-level procedure highlights the commands (using examples) that are necessary for the implementation of a DCAM and spare: 1 Configure the DCAM slots: configure slot 12 type DCAM name "CAM” configure slot 13 type DCAM name "CAM” 2 Assign the spare DCAM and its slot for manual failback, and assign all the DCAMs that are to be protected by that spare DCAM: configure slot 13 spare-group 13 manual configure slot 12 spare-group 13 3 Issue 1.0, 4 Feb 2013 Configure DCAM ports by: • Assigning previously configured cable-macs (MAC domains) • Configuring channel identifiers © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-21 PRELIMINARY E6000 CER Release 1.0 • Configuring channel frequencies • Configuring interleaver depth • Configuring maximum round-trip delay • Performing shutdown Downstream Cable Access Module (DCAM) configure configure configure configure configure configure interface interface interface interface interface interface cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/0/0 12/0/0 12/0/0 12/0/0 12/0/0 12/0/0 type docsis cable-mac 1 cable frequency 327000000 cable interleave-depth 32 cable max-round-trip-delay 1600 no shutdown configure configure configure configure configure configure interface interface interface interface interface interface cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/0/1 12/0/1 12/0/1 12/0/1 12/0/1 12/0/1 type docsis cable-mac 1 cable frequency 327000000 cable interleave-depth 32 cable max-round-trip-delay 1600 no shutdown configure configure configure configure configure configure interface interface interface interface interface interface cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/7/14 12/7/14 12/7/14 12/7/14 12/7/14 12/7/14 type docsis cable-mac 8 cable frequency 411000000 cable interleave-depth 32 cable max-round-trip-delay 1600 no shutdown configure configure configure configure configure configure interface interface interface interface interface interface cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/7/15 12/7/15 12/7/15 12/7/15 12/7/15 12/7/15 type docsis cable-mac 8 cable frequency 417000000 cable interleave-depth 32 cable max-round-trip-delay 1600 no shutdown • • 4 Configure channel supervision: configure configure configure configure configure configure Issue 1.0, 4 Feb 2013 interface interface interface interface interface interface cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/0/0 3/0/0 3/0/0 3/0/0 3/0/1 3/0/1 cable cable cable cable cable cable supervision supervision supervision supervision supervision supervision © 2013 ARRIS Group, Inc. — All Rights Reserved 12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 PRELIMINARY 7-22 PRELIMINARY E6000 CER Release 1.0 Downstream Cable Access Module (DCAM) • • configure configure configure configure configure 5 cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 cable cable cable cable cable supervision supervision supervision supervision supervision 12/7/11 12/7/12 12/7/13 12/7/14 12/7/15 Assign downstream channels to a fiber node: configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure 6 interface interface interface interface interface cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node FN1 FN1 FN1 FN1 FN2 FN2 FN2 FN2 FN3 FN3 FN3 FN3 FN4 FN4 FN4 FN4 cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 12/0/8 12/0/9 12/0/10 12/0/11 12/0/12 12/0/13 12/0/14 12/0/15 Restore DCAM in slot: configure slot 12 no shutdown configure slot 13 no shutdown — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 7-23 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Downstream Cable Access Module (DCAM) PRELIMINARY 7-24 PRELIMINARY E6000 CER Release 1.0 8 Issue 1.0, 4 Feb 2013 Upstream Cable Access Module (UCAM) Upstream Cable Access Module (UCAM) Licensing 2 Modules and Components 3 Receivers and Channels 11 Provisioning 14 Measuring SNR in the UCAM 21 Modulation Profiles 25 Modulation Profiles: Default and User-defined 42 Optimizing a Modulation Profile 44 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-1 E6000 CER Release 1.0 PRELIMINARY Upstream Cable Access Module (UCAM) Overview This section provides information and procedures specific to the Upstream Cable Access Module (UCAM) used with the E6000 CER. It also provides basic examples of slot equipage and UCAM configuration. Licensing Each UCAM is provided with a default number (48) of Upstream (US) channels that are immediately available for subscriber use. Up to 48 additional US channels per UCAM can be activated for subscriber use, through the purchase of additional license keys. Refer to Chapter 6, Licensing for more detailed information pertaining to licensing. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-2 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Modules and Components To facilitate the maintenance needs of the MSO, the UCAM is teamed with a UCAM Physical Interface Card (UPIC) that among other benefits, aids in the ease of UCAM replacement when necessary, by isolating the cable connections from the UCAM. Figure 8-1 provides a faceplate view of the UCAM and various views of the two types of UPICs used with the E6000 CER. UCAM Front UPIC w/bracket UPIC w/o bracket UPIC Spare Figure 8-1: UCAM and UPIC Faceplate Views Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-3 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Primary Software Functions The primary software functions on the UCAM include: DOCSIS Support • CM Ranging and Registration. • MAC Address Learning. • DOCSIS functions such as: Packet Classification, Service Flows, Dynamic Services (DSx), BPI+, CM Upstream Bandwidth Scheduling (MAPs), Payload Header Suppression (PHS), Packet defragmentation, PacketCable DSx processing, packet deconcatenation, and counts collection. • Upstream Policing. • Operations, Administration, Maintenance & Provisioning (OAM&P) including initialization and fault recovery code. The UCAM supports full DOCSIS 3.0 functionality as well as: • DOCSIS 1.0 Class of Service (CoS). • DOCSIS 1.1 Quality of Service (QoS). • All DOCSIS 2.0 modulation schemes including TDMA and ATDMA operation. Description The UCAM receives US Radio Frequency (RF) signals from the Hybrid Fiber-Coaxial (HFC) network, and extracts Internet Protocol (IP) packets from those signals. The UCAM performs both Media Access Control (MAC) layer and Physical Layer (PHY) processing, and also contains the “mapper” functionality that is basically a scheduler for the US channel that decides the times of US transmissions as well as which Cable Modems (CMs) are to transmit at a specific instant in time. The UCAM currently supports 96 physical Upstream (US) channels by means of 24 RF links on its associated UPIC. This results in an average of four US channels per one RF link and supports a processing capability of 1.44 MPPS. The UCAM can reside in slots 0 through 5, or slots 8 though 13 of the E6000 CER chassis. Be aware, however, that the spare UCAM must reside in the lowest numbered slot in a UCAM spare group. Refer to Chapter 12, CAM Sparing for additional information on sparing. Channel Types — The supported UCAM channel types are: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-4 PRELIMINARY E6000 CER Release 1.0 • TDMA • ATDMA • TDMA&ATDMA NOTE: Upstream Cable Access Module (UCAM) SCDMA is not currently supported. Channel Widths — The UCAM supports channel widths of: • 1.6 MHz • 3.2 MHz • 6.4 MHz Configurable Upstream Frequencies — The range of upstream frequencies configurable for North America, Japan, or Europe is: • 5-42 MHz (DOCSIS) • 5-55 MHz (Japan) • 5-65 MHz (EuroDOCSIS) NOTE: LEDs The maximum upstream frequency can be set independent of the Annex or region of operation. Refer to Notes on DOCSIS 3.0 Upstream Frequency Range on page 8-33 for more information on changing the maximum allowable center frequencies. The UCAM is provided with two LEDs on its faceplate, designated as follows: • Status • Power Depending on the displayed color of the LEDs and the illumination state (steady on, or rate of flashing) of the LEDs, a user is able to determine the current condition of the UCAM. The various LED state possibilities are shown in Table 8-1. Table 8-1: UCAM LED States Status Issue 1.0, 4 Feb 2013 Power Color State Color State None Off None Off Yellow Steady On Yellow Steady On Red Steady On None Off Description Low -48V power Front panel LED test (while button is pressed and held) Hardware error preventing power up © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-5 PRELIMINARY E6000 CER Release 1.0 Status Upstream Receive Power Levels Upstream Cable Access Module (UCAM) Power Description (Continued) Color State Color State Red Steady On Green Blinking Red Steady On Green Steady On Power up default. or RSM out-of-service Green Slow Blink Green Steady On Pumping Green Fast Blink Green Steady On Initializing Green Steady On Green Steady On The UCAM is in-service. Module powered down All upstream Rx (receive) values are measured in dBmV (decibels relative to one millivolt). Power after attenuation may vary slightly from one UCAM to another. The power-levels are grouped into five groups, as shown in Table 8-2 through Table 8-6. Table 8-2: US Receiver Power Level Group 1 1.6 MHz 3.2 MHz 6.4 MHz -13 -10 -7 -12 -9 -6 -11 -8 -5 -10 -7 -4 -9 -6 -3 -8 -5 -2 Table 8-3: US Receiver Power Level Group2 Issue 1.0, 4 Feb 2013 1.6 MHz 3.2 MHz 6.4 MHz -7 -4 -1 -6 -3 0 -5 -2 1 -4 -1 2 -3 0 3 -2 1 4 -1 2 5 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-6 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) 1.6 MHz 3.2 MHz 6.4 MHz (Continued) 0 3 6 Table 8-4: US Receiver Power Level Group 3 1.6 MHz 3.2 MHz 6.4 MHz 1 4 7 2 5 8 3 6 9 4 7 10 5 8 11 6 9 12 7 10 13 8 11 14 Table 8-5: US Receiver Power Level Group 4 1.6 MHz 3.2 MHz 6.4 MHz 9 12 15 10 13 16 11 14 17 12 15 18 13 16 19 14 17 20 15 18 21 16 19 22 17 20 23 Table 8-6: US Receiver Power Level Group 5 Issue 1.0, 4 Feb 2013 1.6 MHz 3.2 MHz 6.4 MHz 18 21 24 19 22 25 20 23 26 21 24 27 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-7 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) 1.6 MHz 3.2 MHz 6.4 MHz (Continued) 22 25 28 23 26 29 All channels assigned to the same RF connector, according to their widths, must have power-level values in the same group. Procedure 8-1: Before Changing the Receive Power Level Settings of the UCAM If there are multiple upstream channels on a single UCAM connector and the user is trying to change the receive power level setting on one or more US channels and the new setting causes a change in the power level group (see Table 8-2 through Table 8-6), then the user must complete the following steps: 1 Unassign the corresponding connector (for all upstream channels that are on that connector). 2 Set the receive power level for all upstream channels on that connector. 3 Add the connector back for all upstream channels on that connector. — End of Procedure — NOTE: Setting Power Level The previous procedure will not apply when the user changes receive power level setting on one or more upstream channels on the same connector and the new setting does not cause a change in the amplifier attenuation settings. That is, the new and old receive power level settings occur within the same amplifier attenuation setting (per Table 8-2 through Table 8-6). The following is an example of setting the upstream channels receive power level (attenuation) that will cause a change in the amplifier attenuation settings. Upstream channels 3/0/0 and 3/1/0 have the following initial power and channel width settings: • 3.2 and 6.4 MHz channel widths • Power level 0 NOTE: These settings are from group 2. The new level is from group 3. configure interface cable-upstream 3/0/0 shutdown configure interface cable-upstream 3/1/0 shutdown Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-8 PRELIMINARY E6000 CER Release 1.0 configure configure configure configure configure configure configure configure interface interface interface interface interface interface interface interface cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/0/0 3/1/0 3/0/0 3/1/0 3/0/0 3/1/0 3/0/0 3/1/0 Upstream Cable Access Module (UCAM) cable connector no cable connector no cable power-level 10 cable power-level 10 cable connector 0 cable connector 0 shutdown no shutdown no UPIC Description A UPIC is associated with a UCAM (front card) in the same slot number. There are two kinds of UPICS: • A standard UPIC containing 24 upstream RF connectors. • A spare UPIC (or UPIC spare) teamed with a UCAM spare that is specifically designed to switch-protect a group of UCAMs. Various views of these UPICs were previously provided in Figure 8-1. Jacks and Connectors The standard UPIC is provided with 24 recessed Micro Coaxial (MCX) jacks that are designed to accept MCX RF connectors. The MCX RF connectors use a snap-on interface whose contact surfaces are gold-plated, and are specifically designed for a 75 ohm impedance with a frequency match of up to 6 GHz. The outer diameter of the plug is approximately 3.6 mm or 0.140 inch. The physical arrangement of the MCX jacks as they apply to the order of numbering into connector groups (see also Connector Groups on page 8-14) is shown in Figure 8-2. Additionally, an example CLI command is used to show the relationship between the physical hardware and the software configuration. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-9 E6000 CER Release 1.0 PRELIMINARY Upstream Cable Access Module (UCAM) Connector Group 0 (Physical) Channel Connector (Port) 0 1 0-11 2 1 3 4 0-11 5 2 6 7 0-11 8 3 9 10 0-11 11 12 4 13 0-11 5 14 15 16 0-11 17 6 7 18 19 0-11 20 21 22 0-11 23 Example configuration command: configure interface cable-upstream 4/3/0 cable connector 9 Where: 4 = Chassis slot (valid range is 0-5 and 8-13) 3 = Connector group (valid range is 0-7) 0 = Channel (port) (valid range is 0-11/channel group) 9 = Connector (physical connector) (valid range is 0-23) Figure 8-2: UCAM Physical Connector and Connector Group Numbering Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-10 PRELIMINARY E6000 CER Release 1.0 UPIC LEDs Upstream Cable Access Module (UCAM) Each standard UPIC is provided with one LED per RF port (connector). This LED provides port status as explained in Table 8-7. Table 8-7: Port Status LED Color State Description none off No UCAM power green steady on At least one channel is operationally IS. Both the standard UPIC and the UPIC spare are equipped with a Sparing LED. When the UPIC spare is substituting for one of the standard UCAMs, the Sparing LED is lit on both. If the spare is not substituting for some other UCAM in the sparing group, no Sparing LEDs for the group are lit. Receivers and Channels Each UCAM is equipped with eight receiver chips that provide 96 (12 x 8) receivers for servicing a maximum of 96 US channels of upstream traffic. The UCAM supports the sharing of all 12 receivers of a receiver chip among a group of three associated RF connectors (Figure 8-3). There are four input ports (32 in total) for each receiver chip, of which only three input ports (the bottom three) are currently used. NOTE: Eight of the RF connectors (2, 5, 8, 11, 14, 17, 20 and 23) are actually wired to two receiver input ports using splitters, to allow more flexibility (if required) in subsequent releases for assigning receivers to channels. Internal to each receiver chip is a cross-connect arrangement, that allows arbitrary mappings of receiver chip input ports to receivers. For example, the cross-connect arrangement can be configured to map one input port to all 12 receivers, each input port to three (different) receivers, or any other desired configuration. Each receiver is then configured to decode one channel, that is, a particular frequency and channel width, from the RF port to which it is mapped. A set of 12 US channels is grouped into what has been designated as a connector group. Each connector group is actually comprised of three RF connections that distribute the 12 US channels to a single receiver (PHY) chip. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-11 PRELIMINARY E6000 CER Release 1.0 Receiver Chip PHY 0 MAC Chip 0 Upstream Cable Access Module (UCAM) RF Connectors 0 1 2 Receiver Chip PHY 1 3 4 5 Receiver Chip PHY 2 MAC Chip 1 8 Fulcrum Switch MAC Chip 2 6 7 Receiver Chip PHY 3 9 10 11 Receiver Chip PHY 4 12 13 14 Receiver Chip PHY 5 15 16 17 MAC Chip 3 Receiver Chip PHY 6 18 19 20 Receiver Chip PHY 7 21 22 23 Figure 8-3: Interconnections for Upstream RF Feeds Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-12 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Logical Upstream Channel 0 Logical channels provide the ability to optimize the throughput of DOCSIS upstream carrier frequencies by segmenting cable modems on the same physical network to deliver higher-performance upstream throughput, since a logical channel can have its own modulation profile. In the current implementation, there is only one logical upstream channel, logical channel 0. Within a single physical upstream channel, logical channel 0 must use the same carrier frequency, and must support the same symbol rate. There are several other parameters that can be made to be unique to logical channel 0 in each modulation profile. MAC Domains The E6000 CER UCAM is designed to support 24 MAC Domains on a single card. This provides for an average of one MAC domain per RF connector, or one MAC domain for every four channels. However, a MAC domain can be comprised of as few as one upstream channel, or it can be comprised of as many as 64 upstream channels. NOTE: Issue 1.0, 4 Feb 2013 MAC domains that span UCAMs are not currently supported. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-13 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Provisioning The UCAM will support up to 96 US channels using 24 RF connectors in eight connector groups through the UPIC. Connector Groups Each connector group is composed of three RF connectors wired to the same receiver (PHY) chip on the UCAM. Currently, the E6000 CER maps all of the US channels from: Bonding Groups • PHY chips 0 and 1 (connector groups 0 and 1) to MAC chip 0 • PHY chips 2 and 3 (connector groups 2 and 3) to MAC chip 1 • PHY chips 4 and 5 (connector groups 4 and 5) to MAC chip 2 • PHY chips 6 and 7 (connector groups 6 and 7) to MAC chip 3 Given this fixed mapping strategy, the CLI then ensures that the channels in a bonding group must use a single MAC chip and can therefore only be in the same pair of connector groups, by denying the command if an attempt is made to add a channel to a bonding group such that its pair differs from channel(s) already in the group. Therefore, an active DOCSIS upstream bonding group can only contain US channels from the same pair of connector groups: MAC Domain-USSignaling Groups • 0 and 1 • 2 and 3 • 4 and 5 • 6 and 7. The UCAM supports four US channels per MD-US-SG, on average. This is a direct result of having 96 US channels and 24 RF connectors where each RF connector is considered as an US signaling group. Currently, MD-US-SGs can only be comprised of channels that share the same MAC chip (two connector groups). If the fiber nodes for two channels from different connector groups are configured before they are assigned to a MAC Domain, then these channels must be placed in different MAC Domains to ensure that they do not end up in the same MD-US-SG. If two channels from different pairs of connector groups are assigned to the same MAC Domain, then the CLI will deny their assignment to the same fiber node. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-14 PRELIMINARY E6000 CER Release 1.0 Channel/ Connector Assignment Upstream Cable Access Module (UCAM) If there is a manual request to assign some connector-group/channel to a specific connector, the software first calculates which connectors belong to that connector group. If the specified connector is not part of that connector group, the request to configure the channel is denied. Otherwise, the software checks whether the port for that connector is already mapped to the receiver for the channel. If not, the cross-connect is reconfigured to map the proper port to the designated receiver. The final step is to manually assign the designated receiver with the frequency and channel width for the new channel. Rules and Restrictions for UCAM Before provisioning of a UCAM begins a number of rules and restrictions need to be reviewed. • The UCAM must be grown in a client slot provisioned for a UCAM. • Guidelines for mapping upstream channels to physical connectors: - There must be no frequency overlap among the upstream channels using the same connector. The E6000 CER displays the following error message when the user attempts to change an upstream power level or channel width to a value that is not valid for that power level group: Upstream channel power level conflict with another channel using the same connector. NOTE: • NOTE: Issue 1.0, 4 Feb 2013 If the error message is generated, the power level and channel width will remain unchanged. The default administrative states for the receiver on the UCAM is UP. If an upstream channel is configured for ATDMA then only DOCSIS 2.0 and 3.0 modems will register on those channels. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-15 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Basic Command Set for Configuring a UCAM The set of commands provided in Table 8-8 provide an example for the bring up of a UCAM in a given slot. The values chosen for these commands are meant to be examples. Actual values will vary. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 8-8: Example of Basic Commands Required for Configuring a UCAM in Slot 3 Command Purpose Configure slot and cable-mac configure slot 3 type ucam name "UCAM" Provision a client slot as a UCAM slot. configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure Assign and configure a cable-mac. interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface Issue 1.0, 4 Feb 2013 cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac cable-mac 1 1 description "md1" 1 cable insertion-interval 20 1 cable tftp-enforce 1 cable dynamic-secret reject 1 cable cm-ip-prov-mode ipv4only 1 cable mcast-fwd-by-dsid 1 cable mdd-interval 1800 1 cable reg-rsp-timer-t6 40 1 cable dynamic-rcc 1 cable downstream-bonding-group dynamic enable 1 cable upstream-bonding-group dynamic enable 1 cable mult-tx-chl-mode 1.0 1.0 ip address 10.142.0.1 255.255.224.0 1.0 ipv6 enable 1.0 ip address 10.242.224.1 255.255.224.0 secondary dhcp-giaddr mta 1.0 ip address 10.253.42.1 255.255.255.128 secondary 1.0 ipv6 address fc00:cada:c442:c001::1/64 1.0 cable helper-address 10.44.249.46 mta 1.0 cable helper-address 10.50.42.3 cable-modem 1.0 cable helper-address 10.50.42.3 cpe 1.0 ipv6 dhcp relay destination fc00:cada:c442:ed00::3 1.0 ipv6 nd managed-config-flag 1.0 ipv6 nd other-config-flag 1.0 ipv6 no nd ra suppress © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-16 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Command Purpose Configure upstream channel Configure the upstream channel for: configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/0/0 3/0/0 3/0/0 3/0/0 3/0/0 3/0/0 3/0/0 3/0/0 3/0/0 3/0/0 cable cable cable cable cable cable cable cable cable 3/0/0.0 3/0/0.0 3/0/0.0 3/0/0.0 3/0/0.0 cable-mac 1 channel-width 6400000 frequency 19600000 map-size 1 supervision 12/0/0 supervision 12/0/1 supervision 12/0/2 supervision 12/0/3 connector 0 • Cable-mac • Channel width • Frequency • Map size • Supervision • Cable connector Configure and restore upstream logical channel 0 Configure and then restore the upstream logical channel 0 for: cable channel-id 1 cable modulation-profile 27 cable docsis-mode atdma no shutdown • Channel ID • Modulation profile • DOCSIS mode Restore upstream channel Restore the upstream channel. configure interface cable-upstream 3/0/0 no shutdown Show channel settings Confirm channel settings for a slot or individual channel. See also Confirm Channel Settings. show interface cable-upstream 3 show interface cable-upstream 3/0/0 detail Confirm Channel Settings To view the channel settings resulting from configuring the UCAM, enter a slot number similar to the one in the following example: show interface cable-upstream 3 An output similar to the following will occur: NOTE: US S/CG/P 3/0/0 3/0/1 3/0/2 3/0/3 3/0/4 Issue 1.0, 4 Feb 2013 This example shows that an upstream was previously configured. Cable Oper Mac Conn State 1 0 IS 1 0 IS 1 0 IS 1 0 IS 1 1 IS Chan Type atdma atdma atdma atdma atdma Freq(Hz) 19600000 26000000 32400000 38800000 19600000 Channel Width 6400000 6400000 6400000 6400000 6400000 Mini Slot 2 2 2 2 2 Mod Power Prof (dBmV) 27 0 27 0 27 0 27 0 27 0 © 2013 ARRIS Group, Inc. — All Rights Reserved LBal Group 16779264 16779264 16779264 16779264 16781312 PRELIMINARY 8-17 PRELIMINARY E6000 CER Release 1.0 3/0/5 3/0/6 3/0/7 3/0/8 3/0/9 3/0/10 3/0/11 3/1/0 3/1/1 3/1/2 3/1/3 • Upstream Cable Access Module (UCAM) 1 1 1 1 1 1 1 2 2 2 2 1 1 1 2 2 2 2 3 3 3 3 IS IS IS IS IS IS IS IS IS IS IS atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma 26000000 32400000 38800000 19600000 26000000 32400000 38800000 19600000 26000000 32400000 38800000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 2 2 2 2 2 2 2 2 2 2 2 27 27 27 27 27 27 27 27 27 27 27 0 0 0 0 0 0 0 0 0 0 0 16781312 16781312 16781312 16783360 16783360 16783360 16783360 25167872 25167872 25167872 25167872 7 7 8 8 8 8 8 8 8 8 8 8 8 8 20 20 21 21 21 21 22 22 22 22 23 23 23 23 IS IS IS IS IS IS IS IS IS IS IS IS IS IS atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma atdma 32400000 38800000 19600000 26000000 32400000 38800000 19600000 26000000 32400000 38800000 19600000 26000000 32400000 38800000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 6400000 2 2 2 2 2 2 2 2 2 2 2 2 2 2 27 27 27 27 27 27 27 27 27 27 27 27 27 27 0 0 0 0 0 0 0 0 0 0 0 0 0 0 67115008 67115008 75499520 75499520 75499520 75499520 75501568 75501568 75501568 75501568 75503616 75503616 75503616 75503616 • 3/6/10 3/6/11 3/7/0 3/7/1 3/7/2 3/7/3 3/7/4 3/7/5 3/7/6 3/7/7 3/7/8 3/7/9 3/7/10 3/7/11 To view detailed channel settings resulting from configuring the UCAM for a single channel, enter the following: show interface cable-upstream 3/0/0 detail An output similar to the following will occur: Upstream Port 3/0/0 ------------Port state: Connector: Cable-Mac: Downstream Supervision Ports: Frequency (Hz): Channel width (Hz): Equalizer Coefficient State: Power (dBmV): Max Power Adj Per Range Resp (1/4 dBmV): Ranging Power Thresh For Success (1/4 dBmV): Load Balance Group Id: Max Allowable Normal Voice BW (%): Reserved Normal Voice BW (%): Issue 1.0, 4 Feb 2013 IS 0 1 12/0/0-3 19600000 6400000 off 0 24 24 16779264 50 0 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-18 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Max Allowable Emergency Voice BW (%): 70 Reserved Emergency Voice BW (%): 0 Max Allowed Total (Emergency + Normal) (%): 70 Ingress Cancellation Interval: 0 Ingress Cancellation Size: 0 Map Size (800 microsecond ticks): 1 Logical Channel 0 -----------------------------------------------------Channel State IS Channel-ID: 1 Channel Type: atdma Modulation profile id: 27 Ranging backoff range: 2 - 7 Data backoff range: 2 - 8 Slot Size (6.25 microsecond ticks): 2 SCDMA active codes: SCDMA codes per slot: SCDMA frame size: SCDMA hopping seed: Spectrum Group ID: Spectrum Group State: Attribute Mask: 0x00000000 Number of Equalizer Taps: 24 Counts for 3/0/0 (Channel ID 1) ---------------------------------------------------------------------------------UpStream channel data rate in bits/sec : 0 --IUC1 IUC1 IUC1 IUC2 IUC2 IUC2 IUC3 IUC3 IUC3 Data DOCSIS MAC MIB Statistics BroadCast Opportunities BroadCast Collision BroadCast NoEnergy BroadCast Opportunities BroadCast Collision BroadCast NoEnergy BroadCast Opportunities BroadCast Collision BroadCast NoEnergy Grants Unused --- --DOCSIS MAC Management Data Statistics MAC Management bytes passed up MAC Management packets passed up MAC Management bytes dropped MAC Management packets dropped --IF IN Data Statistics Ingress bytes Ingress IF Unicast frames Ingress IF Multicast frames Issue 1.0, 4 Feb 2013 : : : : : : : : : : 2286482316 0 2286482292 0 0 0 143066 0 143063 0 : : : : 299569 10699 0 0 : : : 1273 4 4 --- --- © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-19 PRELIMINARY E6000 CER Release 1.0 Ingress Ingress Ingress Ingress Ingress IF IF IF IF IF Broadcast frames frames discarded frames errored frames filtered frames with unknown PROTO --IP IN Data Ingress IP frames Ingress IP frames Ingress IP frames Ingress IP frames Default Value Restoral Upstream Cable Access Module (UCAM) Statistics : : : : : 1 0 0 0 0 : : : : 8 0 0 0 --- with Header errors with Address errors with unknown PROTO Table 8-9 shows the commands to restore default values for a number of upstream parameters. These are the settings which most users will choose for basic configuration. In each command the default values can be replaced as needed. For more information on these CLI commands see CLI Command Descriptions. Links to the CLI commands can be found in List of CLI Commands. Table 8-9: Accepting Default Parameters for Cable Upstream Channels of a UCAM Command Purpose configure interface cable-upstream <slot>/<connector group>/<uport>.lchan cable modulation-profile 1 Accept default modulation profile. Default = 1. configure interface cable-upstream <slot>/<connector group>/<uport> cable channel-width 3200000 Accept default channel width. Default = 3.2 MHz. configure interface cable-upstream <slot>/<connector group>/<uport> cable power-level 0 Accept default upstream power level. Default = 0. Power range varies with channel width selection. See Table 8-2 through Table 8-6 for upstream receive power levels. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-20 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Measuring SNR in the UCAM For the upstream channel Signal-to-Noise Ratio (SNR) in the E6000 CER, there are two types of SNR: • Channel SNR • Modem SNR Channel and Modem SNR Channel SNR is calculated on a upstream channel basis and the per Modem SNR is calculated from the primary upstream service flow (primary SID) of the modem. TDMA Long Term Slicer Error Power is also used for calculation of the channel SNR. If the current channel SNR is 0 (no traffic on the upstream), the SNR algorithm uses Long Term SNR calculation based from PHY Slicer error which is based upon all IUCs including contention IUCs (that is, 1 and 3). SNR Calculation Two pieces of information are used in calculating SNR: • Symbol errors • Burst counts The SNR calculation is performed once the burst count is greater than a certain threshold. The threshold varies depending on whether it is the initial setup period or during normal traffic. The SNR reading is 0.0dB when: Channel SNR Calculations Issue 1.0, 4 Feb 2013 • The upstream channel is not in service (IS state) or • No modem is registered on the upstream channel In normal operations, SNR readings reflect upstream channel conditions. The SNR readings will decrease as noise level goes up. In an ideal condition, when noise is not present or very low, the SNR value in decibels is in the high 30’s. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-21 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Two SNR calculations are performed in the UCAM for Channel SNR. SNR based from MAC (IUC4 plus all data IUCs) does not include contention Interval Usage Codes (IUCs) such as 1 and 3. The second SNR calculation is based on all IUCs including IUC1 and IUC3. The two SNR values can be obtained with show cable noise cable-upstream [detail] <slot>/<connector group>/<uport> CLI command. The show cable noise CLI command outputs only the SNR without the contention IUCs. The SNR is based on the MAC (IUC4 + all data IUCs) excluding contention IUC1 and IUC3, a burst count threshold of 100 packets is used in the calculation and the MIB attribute for this SNR is docsIfSigQSignalNoise. When the show cable noise CLI command outputs this SNR whereas the show cable noise cable-upstream [detail] <slot>/<connector group>/<uport> CLI command outputs additional SNR calculations based from the PHY chips where the SNR calculation includes all IUCs including contention IUCs. Besides the SNR measurement, the E6000 CER uses FEC counters to provide additional information to describe the condition of an upstream channel. The CLI command show cable noise outputs the SNR from IUC4 + all data IUCs and FEC counts as shown in the following example: Upstream Cable Port Mac SNR(dB) MicroReflection FEC_Unerrored FEC_Corrected FEC_Uncorrected Codewords In Error() -------------------------------------------------------------------------------------------------------------3/0/0 1 37.7 0 258 0 0 0.00e+00 3/0/1 1 39.3 0 14181 0 0 0.00e+00 3/0/2 1 38.2 0 9898 0 0 0.00e+00 3/0/3 1 38.2 0 10477 0 0 0.00e+00 3/0/4 1 38.0 0 442 0 0 0.00e+00 3/0/5 1 38.1 0 423 0 0 0.00e+00 3/0/6 1 38.4 0 423 0 0 0.00e+00 3/0/7 1 37.9 0 423 0 0 0.00e+00 3/0/8 1 37.3 0 433 0 0 0.00e+00 3/0/9 1 37.2 0 424 0 0 0.00e+00 3/0/10 1 37.5 0 424 0 0 0.00e+00 3/0/11 1 36.4 0 433 0 0 0.00e+00 3/1/0 2 37.7 0 1116 0 0 0.00e+00 3/1/1 2 38.0 0 1074 0 0 0.00e+00 • • 3/7/9 3/7/10 3/7/11 NOTE: Issue 1.0, 4 Feb 2013 8 8 8 37.2 37.3 36.6 0 0 0 1074 1074 1074 0 0 0 0 0 0 0.00e+00 0.00e+00 0.00e+00 The MicroReflection column is shown in the table, but is not supported in any release. As SNR values decrease, the probability of FEC Corrected and FEC Uncorrected increases. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-22 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) The CLI command show cable noise cable-upstream <slot>/<connector group>/<uport> detail shows the calculated SNR values. Using the following example command: show cable noise cable-upstream 3/0/0 detail An output similar to the following example will occur: UPSTREAM: 3/0/0 Cable-Mac: 1 SNR from BCM3216, IUC4 + all data IUCs SNR from BCM3142, TDMA all IUCs SNR accumulated slicer errors SNR accumulated burst counts SNR exceeded threshold FEC unerrored codewords FEC corrected codewords FEC uncorrected codewords FEC block sequence errors FEC codewords error rate (%) Modem SNR Calculation : : : : : : : : : : 40.2 37.3 133739665 12966 0 31822 0 0 0 0.00e+00 Table 8-10 shows the modem SNR calculations. Table 8-10: SNR Calculations for Modem SNR Card Type UCAM Initial Ranging Period During Traffic/Idle • Calculation is based on all IUCs except IUC1 and IUC3. • Calculation is based on all IUCs except IUC1 and IUC3. • Burst counts threshold is 5 packets • Burst counts threshold is 50 packets • CLI show cable modem noise • CLI show cable modem noise • MIBs attribute: docsIf3CmtsCmUsStatus SignalNoise MIB attribute is based on the primary flow SNR. • MIBs attribute: docsIf3CmtsCmUsStatusSignalNoise MIB attribute is based on the primary flow SNR. To obtain the cable modem noise outputs, the following CLI command is used: show cable modem noise An output similar to the following example occurs: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-23 PRELIMINARY E6000 CER Release 1.0 CM MAC address --------------0015.a298.065a 0015.d0be.a091 +0015.d0be.a091 +0015.d0be.a091 +0015.d0be.a091 0015.d0be.a196 +0015.d0be.a196 +0015.d0be.a196 +0015.d0be.a196 0015.d0be.a1f3 +0015.d0be.a1f3 +0015.d0be.a1f3 +0015.d0be.a1f3 001d.cd4e.d35c +001d.cd4e.d35c +001d.cd4e.d35c +001d.cd4e.d35c 001d.cd85.d669 +001d.cd85.d669 +001d.cd85.d669 +001d.cd85.d669 001d.cf1e.478a +001d.cf1e.478a +001d.cf1e.478a +001d.cf1e.478a • Interface UChan (DS-US) USSNR S/C/P-S/CG/P (db) ----------------- -----12/0/0-3/0/1 38.3 12/0/1-3/0/0 38.0 12/0/1-3/0/1 37.7 12/0/1-3/0/2 38.0 12/0/1-3/0/3 37.8 12/0/2-3/0/3 38.0 12/0/2-3/0/0 37.8 12/0/2-3/0/1 38.1 12/0/2-3/0/2 38.0 12/0/0-3/0/0 37.9 12/0/0-3/0/1 38.1 12/0/0-3/0/2 37.6 12/0/0-3/0/3 37.8 12/0/3-3/0/2 37.8 12/0/3-3/0/0 37.8 12/0/3-3/0/1 37.9 12/0/3-3/0/3 37.7 12/0/2-3/0/2 37.9 12/0/2-3/0/0 37.8 12/0/2-3/0/1 37.8 12/0/2-3/0/3 37.8 12/0/4-3/0/4 37.9 12/0/4-3/0/5 38.1 12/0/4-3/0/6 38.3 12/0/4-3/0/7 37.9 Upstream Cable Access Module (UCAM) UChan FEC Unerrored Codewords --------174 168 142 141 145 168 154 176 160 170 162 161 164 172 180 156 154 295 281 283 287 290 279 280 279 UChan FEC Corrected Codewords --------0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 UChan FEC Uncorrect Codewords --------0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 UChan FEC % Uncorrected Codewords ---------------0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 512 512 530 512 512 512 530 512 512 512 530 512 512 512 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 0.00e+00 • +001d.cf1e.496c +001d.cf1e.496c 001d.cf1e.4988 +001d.cf1e.4988 +001d.cf1e.4988 +001d.cf1e.4988 001d.cf1e.4994 +001d.cf1e.4994 +001d.cf1e.4994 +001d.cf1e.4994 001d.cf1e.499e +001d.cf1e.499e +001d.cf1e.499e +001d.cf1e.499e 12/7/1-3/7/1 12/7/1-3/7/3 12/7/14-3/7/8 12/7/14-3/7/9 12/7/14-3/7/10 12/7/14-3/7/11 12/7/1-3/7/3 12/7/1-3/7/0 12/7/1-3/7/1 12/7/1-3/7/2 12/7/7-3/7/6 12/7/7-3/7/4 12/7/7-3/7/5 12/7/7-3/7/7 37.4 37.8 37.2 37.3 37.2 36.7 38.0 37.7 37.8 38.0 38.1 38.4 38.4 38.1 Total Oper Disable Init Offline --------------------------------------------------------Total 96 96 0 0 0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-24 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Modulation Profiles The pre-defined modulation profiles discussed in this section are used as a means to define the values of the several parameters needed to configure an US channel. These modulation profiles are each given an ID number. They can be modified or used as a starting point to create other modulation profiles for upstream channel definitions that better suit the customers’ applications and environments. Explanation of Upstream Parameters Modulation profiles are pre-defined sets of upstream channel parameters which make it easier to configure or reconfigure upstream channels. This document describes the parameters used in modulation profiles. Where possible, it lists the default values of these parameters. For greater technical detail on these parameters and their functions, see the DOCSIS Radio Frequency Interface Specification. In order to understand all of the parameters used in modulation profiles, some terms must be defined. Information Elements — Information Elements (IEs) are portions of the allocation MAP that are used to define transmission opportunities for cable modems. Each IE is a 32-bit quantity, of which the most significant 14 bits represent the Service ID (SID), the middle 4 bits represent the Interval Usage Code (IUC), and the low-order 14 bits represent the minislot offset. Service ID — SIDs are assigned to upstream Service Flows. The E6000 CER allocates upstream bandwidth to SIDs, therefore to the cable modems served by the SIDs. SIDs are also used in Quality of Service functions. Certain values of SIDs are defined in the RFI specification and convey specific meanings for the service flows they represent: Issue 1.0, 4 Feb 2013 • 0x3FFF implies all CMs (broadcast) • 0x3FFx where x is a value of 0x1 to 0xE used to indicate that a data message must fit in x number of minislots. This can only be used in the Request/Data IE (broadcast). • 0x3Exx can only be used in the Request IE to allow different priorities to use the request region (broadcast). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-25 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) If bit 0x01 is set, priority 0 can request If bit 0x02 is set, priority 1 can request If bit 0x04 is set, priority 2 can request If bit 0x08 is set, priority 3 can request If bit 0x10 is set, priority 4 can request If bit 0x20 is set, priority 5 can request If bit 0x40 is set, priority 6 can request If bit 0x80 is set, priority 7 can request The following SID values have special meaning for UCAMs: 0x1FFF used for FFT (fast Fourier Transform) measurements 0x1FFE used for ingress cancellation Redefining the values of an upstream modulation profile affects all the upstream channels that are using that modulation profile. To display what upstream modulation profile is used on an upstream channel, use the following CLI command: show controllers cable-upstream <slot>/<connector group>/<uport> The system response contains an output similar to the following: US S/C/P 3/0/0 Cable Oper Chan Channel Mini Mod Power Mac Conn State Type Freq(Hz) Width Slot Prof (dBmV) 1 0 IS atdma 19600000 6400000 2 27 0 LBal Group 16779264 To redefine the values of an upstream modulation profile, use the following CLI command: configure cable modulation-profile <id> iuc <interval usage code> [mod <qpsk |qam8 |qam16|qam32|qam64|qam128>] [pre-len <preamble len>] [diff <true|false>] [fec-tbytes <no of bytes>] [fec-len <FEC code word length>] [seed <scrambler seed>] [burst-len <max burst len>] [last-cw <true|false>] [scrambler <true|false>] [guard-time-size <0|8–96|no>] [int-depth <depth>] [int-blocksize <blocksize>] [pre-type <preamble type>] [tcm <on|off>] [int-stepsize <stepsize>] [spreader <on |off>] [subframe-code <subframe size>] [docsis-mode <tdma | atdma | tdma-atdma>] Modulation Profile Values Default values for the various modulation profile parameters may change according to the IUC selected. To display the values associated with a modulation profile number 2, for example, use the following command: show cable modulation-profile 2 Sample output: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-26 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Modulation profile 2 Interval Chan Mod Pre Dif FEC FEC Scr Max Guar L Scr ---Atdma--- Prea -----Scdma----Usage Type Type Len Enc CW amb Bur Time C amb Int Int mble TCM Int Sp Sub Code En Len Seed Siz Size S En Depth Block Type En Size En Cod -----------------------------------------------------------------------------------------------1 request tdma qpsk 56 F 0 16 338 0 8 F T - 3 initial tdma qpsk 640 F 5 34 338 0 48 F T - 4 station tdma qpsk 384 F 5 34 338 0 48 F T - 5 short tdma qpsk 84 F 6 78 338 45 8 T T - 6 long tdma qpsk 96 F 8 220 338 0 8 T T - - The output parameter categories are defined in Table 8-11. Table 8-11: Modulation Profile Output Parameter Categories Parameter ID Description Identifier. The number of the modulation profile. The E6000 CER supports a range of up to two billion modulation profile IDs. Interval Usage Code. The IUC typically has an assigned numeric value. It defines what kind of Information Element (IE) is being sent from the E6000 CER to the cable modems: • • • • • • IUCs 1-3 1 =Request 2 =Request/Data 3 =Initial Ranging 4 =Periodic Ranging 5 =Short Data Grants 6 =Long Data Grants • 9 =Advanced PHY Short Data Grant • 10 =Advanced PHY Long Data Grant • 11 =Advanced PHY Unsolicited Grant 1 Request This portion of the upstream map interval is used by cable modems to request bandwidth for data transmission. If the class of the SID associated with the request IE is broadcast, then cable modems must contend with each other for upstream bandwidth. If the class of the SID associated with the request IE is unicast, then this is an opportunity for a single cable modem to request additional bandwidth. 2 Request/Data Either data requests or short data messages can be sent in this portion of the upstream map interval. A multicast SID must be used to indicate the size of the data message that can be sent. This IE is not used by the E6000 CER map algorithm and as such changes made to this IE will have no affect on upstream data transmissions. 3 Initial Ranging (Also called Initial Maintenance). This IE allows cable modems a method to adjust their timing, frequency, and transmit power so that they can reliably communicate with the E6000 CER. The timing adjustments allow for the round trip delay of the fiber optic/coax plant plus the time to transmit the range request message. A DOCSIS 1.X cable modem can send a range request message only during this IE. A DOCSIS 2.0 cable modem can send a range request message or an initial range request message depending upon the type of the upstream channel. Normally, range request messages are sent in this IE when it contains a broadcast SID, meaning cable modems must contend with each other when transmitting. An initial range request message can be sent either with a broadcast SID or with a unicast SID depending upon the situation. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-27 PRELIMINARY E6000 CER Release 1.0 Parameter Upstream Cable Access Module (UCAM) Description (Continued) 4 Periodic Ranging (Also called Station Maintenance. This IE is used so that cable modems can perform station maintenance. This IE is unicast. Only the range request message — no other data — can be sent in this IE. 5 Short Data Grants This unicast IE gives permission to a specific cable modem to transmit one or more Protocol Data Units (PDUs). The cable modem uses this region in the upstream map interval if the number of minislots required to send the message is less than or equal to the maximum burst interval specified for a short data grant in the Upstream Channel Descriptor (UCD) message. The reason that grants can be split into short and long data grants is for the sake of FEC encoding. Short data grants are used only when a cable modem is transmitting via an upstream channel that is compatible with DOCSIS 1.X. IUCs 4-11 6 Long Data Grants This unicast IE gives permission to a specific cable modem to transmit one or more PDUs. The cable modem uses this region in the upstream map interval if the number of minislots required to send the message is greater than the maximum burst interval for a short data grant in the Upstream Channel Descriptor (UCD) message. The reason that grants can be split into short and long data grants is for the sake of FEC encoding. Long data grants are used only when a cable modem is transmitting via an upstream channel that is compatible with DOCSIS 1.X. NOTE: The following Advanced PHY types are provided for channels carrying combined DOCSIS 1.x and DOCSIS 2.0 bursts and also for channels carrying DOCSIS 2.0 bursts only. 9 Advanced PHY Short This IE is the same as a short data grant except that it is used when the cable modem is communicating via an upstream channel that is only DOCSIS 2.0 compatible. 10 Advanced PHY Long This IE is the same as a long data grant except that it is used when the cable modem is communicating via an upstream channel that is only DOCSIS 2.0 compatible. 11 Advanced PHY UGS This IE is new with DOCSIS 2.0. It allows parameters to be optimized for UGS flows, which normally carry VoIP. Modulation type Values 3–6 must not be used when the upstream channel is only DOCSIS 1.X compatible. A DOCSIS 1.X only compatible channel is signified in the UCD message with a descriptor encoded with a type 4 TLV. A type 5 TLV signifies that the channel is DOCSIS 2.0 compatible. mod 1 = QPSK 4 = 32QAM 2 = 16QAM 5 = 64QAM 3 = 8QAM 6 = 128QAM NOTE: diff Issue 1.0, 4 Feb 2013 128 QAM is not currently supported. Differential Encoding True = enabled; False = disabled. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-28 PRELIMINARY E6000 CER Release 1.0 Parameter Upstream Cable Access Module (UCAM) Description (Continued) fec-tbytes Forward Error Correction (T) The number of bytes with errors that can be corrected with FEC in the size specified in the codeword information byte length. A value of zero indicates that FEC is disabled. For each byte that can be corrected there are two additional FEC parity bytes that are added to the FEC codeword. The FEC codeword contains both the FEC information bytes and the FEC parity bytes. The number of codeword parity bytes is 2xT, where T = 0-10 for a DOCSIS 1.x upstream channel and 0-16 for a DOCSIS 2.0 upstream channel. fec-len Forward Error Correction, Length of Codeword (K) The number of bytes in the information bytes of the FEC codeword. Assuming that FEC is enabled, the FEC codeword can contain from 16 to 253 information bytes. The FEC codeword contains both the FEC information bytes and the FEC parity bytes and can be between 18 and 255 bytes. A shorter codeword will increase the amount of overhead but allow for more errors to be corrected in the total data frame. Preamble Length The preamble serves to put the FEC and randomizer (also called the scrambler) into known states before the data is transmitted. The preamble also helps the receiver to receive an upstream burst accurately. DOCSIS 1.X (type 4 TLV in the UCD) requires the preamble length to be between 0 and 1024 bits. DOCSIS 2.0 (type 5 TLV in the UCD) requires the preamble length to be between 0 and 1536 bits. pre-len • For a TDMA or tdma-atdma upstream channel, IUCs of 3 and 4 with 16 QAM must have a preamble length in the range of 208 to 768. • All other cases for IUCs of 3 and 4 must have a preamble length in the range of 104 to 768. • For a TDMA or tdma-atdma upstream channel, IUCs of 1, 5 and 6 with 16 QAM must have a preamble length in the range of 72 to 256. • All other cases for IUCs of 1, 5 and 6 must have a preamble length in the range of 36 to 256. • For IUCs 9, 10 and 11, the preamble length must be in the range of 36 to 512. Note: Even with the above guidelines, it is possible to choose parameters such that the Preamble Superstring which contains the preamble strings for all the different IUCs does not fit within either the 1024 or the 1536 bit limits. Contact technical support for further assistance if experiencing these problems. Issue 1.0, 4 Feb 2013 seed The 15-bit seed value for the scrambler polynomial. The pseudo-random generator (randomizer) is used so that the data stream will not produce a long string of either 1's or 0's. Changing the seed for the pseudo-random generator will cause the generator to produce a different pattern of ones and zeroes if the same input data is sent to the pseudo-random generator. Some seeds will work better than others for producing a good distribution of 1's and 0's without a contiguous string of either 1's or 0's. The range of possible values is from 0-32767. burst-len Burst length The maximum number of minislots that can be used by the IE. For both short data and advanced PHY short data grant IEs, this field must be present and must contain a non-zero value. In general, a zero value implies that the IE is not limited. Range = 0–255. guard-time-size Guard Time This is the amount of time measured in symbols that must exist between successive frames. By definition SCDMA channels have no additional time between frames; consequently, this parameter cannot be used for SCDMA. This field is required for non-SCDMA channels and according to the RFI specification must contain a value of at least 5 symbols. This value may be derivable from other network and architectural parameters. Range = 8–96 symbols. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-29 PRELIMINARY E6000 CER Release 1.0 Parameter Upstream Cable Access Module (UCAM) Description (Continued) last-cw Last Codeword This indicates whether the last FEC codeword is of a fixed length or shortened. True = shortened; False = fixed length. scrambler This field indicates whether the scrambler or randomizer is enabled or not. True = enabled; False = disabled. int-depth ATDMA Byte Interleaver Depth This parameter must be present for all IUCs with an ATDMA upstream channel or IUCs 9, 10 and 11 with a tdma-atdma upstream channel. For all other cases, this parameter must not be present. There are three different states for the ATDMA Byte Interleaver signified by the values: 0 = dynamic mode, 1 = off, 2-floor(2048/(K + 2T)) = fixed mode. In fixed mode, there is one FEC codeword per row and the depth is the number of rows in the interleaving matrix. In dynamic mode, the system chooses the row and column sizes of the interleaving matrix to obtain optimum burst noise robustness. int-blocksize ATDMA Byte Interleaver Block Size This parameter must be present for all IUCs with an ATDMA upstream channel or IUCs 9, 10 and 11 with a tdma-atdma upstream channel. For all other cases, this parameter must not be present. This parameter represents the number of bytes that can be used by the ATDMA interleaver when in the dynamic mode of operation. Range = 2*(K+2T) – 2048. To obtain optimum benefit of the ATDMA interleaver, use a value of 2048. pre-type Preamble Type For DOCSIS 2.0 upstream channels, there are two possible constellation patterns that can be used for the QPSK preamble: qpsk0 and qpsk1. With qpsk1 the preamble’s constellation is at a higher power level when compared to qpsk0. DOCSIS 1.x channels must use the qpsk0 constellation pattern. Upstream DOCSIS-Mode This parameter contains the type of the upstream channel which must correspond to one of the following values: docsis-mode • tdma (default) • atdma • tdma-atdma According to the DOCSIS RFI Specification, another value that is typically associated with upstream modulation profiles is the preamble offset start value. It indicates where in the possible string of the preamble bits the actual preamble actually starts. This value is determined by the E6000 CER. The string of possible preamble bits is included in the UCD message. Once you have equipped the E6000 CER with CAMs and put them in service, the upstream channels have to be configured. Use the following command to choose the desired modulation profile and other parameters that determine the upstream channel’s characteristics: configure interface cable-upstream <slot>/<connector group>/<uport> cable <parameter> Where: Issue 1.0, 4 Feb 2013 parameter is replaced by one of the parameters listed in Table 8-12. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-30 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Table 8-12: Parameters Used in Configure Interface Cable Upstream (Channel) Command Parameter CLI Keyword Definition attribute-mask <value> Configures the attributes for the specified channel for channel assignment. cable-mac <mac> Assign an upstream to a specific cable-mac. channel-id <1-255> Provision the channel identifier for the specified upstream. connector <number> Provision the connector for the upstream. load-balance <group> Torn on/off dynamic load balancing for the upstream channel. num-equalizer-taps <taps> Set the number of taps in the receivers equalizer. scdma Not currently supported. Center frequencies in Hz. Range = (42) (55) (65) 5100000 – 41900000 5100000 – 54900000 5100000 – 64900000 frequency <frequency> channel-width <width-hz> Upstream channel width in Hz. Values = 1600000, 3200000, or 6400000. Default = 3200000. pre-eq-enable <true|false> If true, send equalizer coefficients back. power-level <dbmv> Power level (dBmV). Range depends on channel width: Default = 0 dBmV. (DOCSIS 3.0) Channel Width Range Recommended 1600000 Hz -13 to +23 -13 to +17 3200000 Hz -10 to +26 -10 to +20 6400000 Hz -7 to +29 -7 to +23 max-power-adj <power adjustment> Maximum CM power adjustment per range response message. Range = 1 to 48. Default = 24. threshold-power-offset <threshold value> Maximum power offset in increments of 25 dB from RX target for ranging success. Range = 4 to 32. Default = 24 (Note: DOCSIS recommends only 4-24). voice-limits Set the PacketCable CAC parameter (voice data limits) for all upstream channels. ingress-cancellation Upstream ingress cancellation properties show Display the upstream configuration. NOTE: The following parameters pertain to logical channel 0. DOCSIS-mode is determined by the modulation profile. This parameter is used for display purposes in the show commands. Valid types: tdma, atdma, tdma-atdma docsis-mode modulation-profile Issue 1.0, 4 Feb 2013 <id> Modulation profile identification number. Default = 1 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-31 PRELIMINARY E6000 CER Release 1.0 Parameter CLI Keyword Upstream Cable Access Module (UCAM) Definition (Continued) rangebackoff <start-end> Random backoff window used when retrying ranging requests. Range = 1–16. Default = 2–7. databackoff <start-end> Random backoff window used when retrying transmissions. Range = 0–16; start value must be less than end value. Default = 2–8. map-size <size> Average map size in 800 microsecond ticks. Range = 1-13. Default = 4. spectrum-group <sm_id> Enables upstream agility on the specified upstream channel using the state machine identifier. This is an integer value between 1 and 40. relay-agent-option circuit-id if-index text hex Enables the relay agent circuit ID sub-option on a specified upstream channel by using either the upstream ifIndex, an ASCII string (32 characters max), or by hex string (64 characters max). The range of minislot size depends on the channel width. Each tick is 6.25 microseconds long. mini-slot-size <number of ticks> Number of Ticks 2/4/8/16/32/64/128 1 a /2/4/8/16/32/64/128 1 b /2/4/8/16/32/64/128 Channel Width 1600 3200 6400 b a. The mini-slot-size of 1 applies only to DOCSIS 2.0 or 3.0 ATDMA channels. b. The channel-width of 6400 kHz is valid only for DOCSIS 2.0 or higher channels. Ingress Noise Cancellation The following CLI command is used to enable or disable ingress cancellation: configure interface cable-upstream <slot>/<connector group>/<uport> cable ingress-cancellation [interval <int>] [size <int>] The recommended values for the interval and size parameters are as follows: Interval 100 Size 0 NOTE: Issue 1.0, 4 Feb 2013 To disable ingress noise cancellation a 0 is entered for interval parameter. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-32 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Notes on DOCSIS 3.0 Upstream Frequency Range DOCSIS 3.0 (North America) provides for an extended upstream frequency range of 42 – 85 MHz. The UCAM supports an upstream range of 5 – 65 MHz: it is limited by software constraints to a maximum of 65 MHz. The UCAM hardware has been designed to support a range of 5-85 MHz, but currently the software will only support a range of 5-65 MHz. Use the following command to set the maximum upstream frequency for all channels (global) within the chassis: configure cable global freq-us-max {42 | 55 | 65} [no] The default maximum upstream frequency is 42. The maximum upstream frequency of 55 MHz and 65 MHz must be explicitly set. The no parameter sets the upstream frequency range to the default value specified by the current Annex. Use the following command to set the maximum upstream frequency for a specific cable-mac within the chassis: configure interface cable-mac <x> cable freq-us-max {42 | 55 | 65} To display the global upstream frequency range, use the following command: show cable global-settings An output similar to the following example will occur: Downstream Frequency Range: Upstream Frequency Range: Allow piggybacking data req on polling US SFs: Load Balance: CM registration request Timeout: Maximum QoS Active Timeout: Maximum QoS Admitted Timeout: Concatenation for DOCSIS 1.0 CM: Fragmentation for DOCSIS 1.0 CM: Max traffic burst for 1.1 CM: Percent increase for DS SF rate: LO1 leak detect: Interval to collect utilization data: Modifying primary DS chan in RCC of Reg-Rsp-Mp: Send 46.1RefID only in first TCC frag: Allow CM service group ambiguity override: Unicast non-primary US channel acquisition: TFTP Enforce and Dynamic Shared Secret: 57-999 5-42 Disabled Disabled 30 0 200 Off On 128000 1 Disabled 0 Enabled False Disabled Disabled Enabled To display the upstream frequency range on a specific cable-mac (which takes precedence over the global setting), use the following command example: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-33 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) show interface cable-mac 1 detail | include upstream An output similar to the following example will occur: Upstream Frequency Range: 5-42 Standard Adjusting Channel Settings in Response to Increased CM Scaling Table 8-13 presents recommendations for channel parameters with respect to cable modem scaling and feature loads. Table 8-13: Recommended Settings as Cable Modem Scaling Increases Cable Modems per UCAM Ranging Backoffa BPI? UCAM Sparing Service Flow Upstream Priority Insertion Rangingb BW/Data Rate Restrictions Up to 1000c 2-5 10-40 2400 OK Yes Any None 1000-2000d 3-7 20-40 1500-2400 OK Yes Any None 2000-10000 5-9 20-40 1500 OK Yes Any None Interval in Centisecs a. Ranging Backoff is specified as a range bounded by two values. These boundary values are given as exponents to the base power of two (i.e., the value of 25 specifies a range of 4 to 32). The range 4 to 32 is in units of Initial Maintenance Opportunities which occur at insertion interval rate in centiseconds. The modem must wait 4 to 32 Initial Maintenance Opportunities before attempting to send another Initial Maintenance Ranging Request. b. If CAM Sparing is not configured, the Ranging Interval can be left at the default value of 2400 centiseconds. Reducing the Ranging Interval is done for the purpose of improving CAM Sparing results on larger scale systems. c. If BPI+ is enabled on modems, use 40 centisecond insertion interval when supporting 500-1000 modems. d. If BPI+ is enabled on modems, use 40 centisecond insertion interval. Default Modulation Profile The Modulation Profile ID 1 uses QPSK and TDMA, and it is the default profile. The following sections show you how to define a new modulation profile. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-34 PRELIMINARY E6000 CER Release 1.0 NOTES: Upstream Cable Access Module (UCAM) Modulation profile ID 1 can be modified but it cannot be deleted. Before using configuration scripts or making extensive changes to RF parameters, see Scripts for Reconfiguration or Changing RF Parameters on page 7-21. Procedure 8-2: How to Create/Modify, and Apply a Modulation Profile to an US Port This procedure can be used to add or modify existing modulation profiles. Modulation profiles must first be created and then associated with specified upstream ports. Table 8-14: Existing or New Modulation Profile IF YOU SPECIFY AN… 1 THEN THE PROCEDURE WILL… existing modulation profile ID change an existing modulation profile unused modulation profile ID add a new modulation profile Create or modify a modulation profile as follows: a Depending on the channel type, use the following command forms to create a new, or modify an existing modulation profile that provides all of the needed IUCs with the recommended default values: configure cable modulation-profile <id> atdma <qam-8 |qam-16 | qam-32 | qam-64 |qpsk> configure cable modulation-profile <id> tdma <qam-16 | qpsk> configure cable modulation-profile <id> tdma-atdma <qpsk |qam-8 | qam-16 | qam-32 | qam-64> Where: b NOTES: id = The number ID of the modulation-profile created. Depending on the channel type, use the following command form to create a new, or modify an existing modulation profile that provides specific IUC values: 1. A modulation profile must include all the necessary IUCs, so before a modulation profile can be used, it must be verified/modified to ensure that it includes all of the necessary IUCs; otherwise, the system will output an error when the modulation profile is applied to an upstream channel. 2. As a general rule, the most reliable method to ensure that all the necessary IUCs are present, is to take an existing modulation profile with its default values, and modify it accordingly. configure cable modulation-profile <id> iuc <type> Where: id = The number ID of the modulation-profile created. type = See Modulation Profile Output Parameter Categories on page 8-27 for a complete listing. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-35 PRELIMINARY E6000 CER Release 1.0 NOTE: 2 Upstream Cable Access Module (UCAM) Default values for the various modulation profile parameters may change according to the IUC selected. Use the following command to apply an existing modulation profile to an upstream port. Do not enter a range of ports; the command must be repeated for each upstream port. configure interface cable-upstream <slot>/<connector group>/<uport>.0 cable modulation-profile <id> 3 Verify the parameters of the new or modified modulation profile: show cable modulation-profile <id> The system response is similar to the following output: Modulation profile 1 Interval Chan Mod Pre Dif FEC FEC Scr Max Guar L Scr ---Atdma--- Prea -----Scdma----Usage Type Type Len Enc CW amb Bur Time C amb Int Int mble TCM Int Sp Sub Code En Len Seed Siz Size S En Depth Block Type En Size En Cod -----------------------------------------------------------------------------------------------1 request tdma qpsk 56 F 0 16 338 0 8 F T - 3 initial tdma qpsk 640 F 5 34 338 0 48 F T - 4 station tdma qpsk 384 F 5 34 338 0 48 F T - 5 short tdma qpsk 84 F 6 78 338 45 8 T T - 6 long tdma qpsk 96 F 8 220 338 0 8 T T - - — End of Procedure — Procedure 8-3: How to Configure an Upstream (US) Channel Perform this procedure for US channel 0 and repeat as necessary for all channels on the UCAM. The valid range for US channels is 0–95 (licensing is required for providing channels 48 through 95). Some steps are optional. By not executing the optional steps, default settings are applied. Valid Center Frequencies In the first step, set the center frequency of the upstream channel. The range of valid center frequencies varies according to the channel width selected. The overall upstream bandwidth in North America is from 5–65 MHz. NOTE: The cable frequency maximum must be set to exceed 42 MHz. The first valid center frequency in Hertz is 5,000,000 plus ½ of the channel width. The last valid frequency is 65,000,000 minus ½ of the channel width. Thus, 5-65 MHz is the overall upstream range. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-36 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) To calculate valid upstream center frequencies, refer to Table 8-15 on page-8-37 below. NOTE: The CLI supplies meaningful error messages for some but not all invalid combinations of channel width and frequency. If the CLI has no error message to give, a generic SNMP-level message is displayed. Table 8-15: Range of Valid Center Frequencies for Upstream Channels in North America 1 If channel width is… Then first valid center frequency is… And the last valid center frequency is… 1600000 5800000 64200000 3200000 6600000 63400000 6400000 8200000 61800000 (Required) Set the center frequency of the US port in Hertz: configure interface cable-upstream <slot>/<connector group>/<uport> cable frequency <5100000-64200000> Refer to Notes on DOCSIS 3.0 Upstream Frequency Range on page 8-33 for more information on changing the maximum allowable center frequencies. 2 If desired, set US channel width in Hertz (default = 3200000): configure interface cable-upstream <slot>/<connector group>/<uport> cable channel-width {1600000 | 3200000 | 6400000} Where: Setting the Rx Power Levels 1600000, 3200000, and 6400000 represent the currently supported values for channel bandwidth in Hz. The default receive power level of the E6000 CER is 0 dBmV. 1 If desired, change the input Rx power to any level. As shown in Table 8-16 on page-8-37, the valid range varies according to the upstream bandwidth. configure interface cable-upstream <slot>/<connector group>/<uport> cable power-level <-13 to 29> If the width of a channel is changed and the receive power level is no longer valid, the E6000 CER automatically adjusts the receive power to the nearest valid value. Table 8-16: Rx Power Ranges for US Channel Widths Issue 1.0, 4 Feb 2013 US Channel Width in Hz Valid Rx Power Range (dBmV) 1600000 -13 to +23 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-37 PRELIMINARY E6000 CER Release 1.0 NOTES: Upstream Cable Access Module (UCAM) US Channel Width in Hz Valid Rx Power Range (dBmV) 3200000 -10 to +26 6400000 -7 to +29 Setting power levels above 23dBmV is not recommended. Resetting the receive power level in a single step from minimum to maximum in a given power range may prevent CM range requests from being received. For example, if the US channel bandwidth is 3200000 Hz and the power level is reset from -10 to 26 dBmV, then the CMs might not remain registered. The E6000 CER avoids this by resetting the power in one or more steps according to the max-power-adj parameter found in the E6000 CER cable upstream provisioning. Refer to the tables in Before Changing the Receive Power Level Settings of the UCAM on page 8-8, to make sure your settings fall within the proper table. 2 If desired, change the maximum power adjustment parameter using the following command (range = 1–48; default = 24 units, which equals 6 dBmV): configure interface cable-upstream <slot>/<connector group>/<uport> cable max-power-adj <power adjustment> Where: 3 power adjustment = Maximum size of the E6000 CER range response power adjustments in units of 0.25 dBmV. If desired, set the start and end values for databackoff parameter (default = 2-8): configure interface cable-upstream <slot>/<connector group>/<uport>[.0] cable databackoff <0-16>-<0-16> Where: the first 0-16 is the valid range for the start value the second 0-16 is the valid range for the end value NOTE: 4 The start value must be less than or equal to the end value. If desired, enable or disable the sending of pre-equalization coefficients to CMs. configure interface cable-upstream <slot>/<connector group>/<uport> cable pre-eq-enable <true|false> Where: true = enabled false = disabled 5 If desired, select modulation profile ID (default = 2): configure interface cable-upstream <slot>/<connector group>/<uport>[.0] cable modulation-profile <profile id> Where: Issue 1.0, 4 Feb 2013 profile ID = the modulation profile numeric identifier © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-38 PRELIMINARY E6000 CER Release 1.0 6 Upstream Cable Access Module (UCAM) If desired, set the start and end values for range backoff parameter (default = 2-7): You must enter the start and end values separated by a dash. configure interface cable-upstream <slot>/<connector group>/<uport>[.0] cable rangebackoff <0-16>-<0-16> Where: the first 0-16 is the valid range for the start value the second 0-16 is the valid range for the end value NOTE: 7 The start value must be less than or equal to the end value. If desired, put US port in service: configure interface cable-upstream <slot>/<connector group>/<uport> no shutdown 8 If desired, put US logical channel in service: configure interface cable-upstream <slot>/<connector group>/<uport>[.0] no shutdown 9 If desired, modify some or all of the following parameters for this US channel: configure interface cable-upstream <slot>/<connector group>/<uport> cable ? attribute-mask cable-mac channel-id channel-width connector databackoff docsis-mode frequency ingress-cancellation load-balance map-size max-power-adj mini-slot-size modulation-profile num-equalizer-taps power-level pre-eq-enable rangebackoff relay-agent-option scdma show spectrum-group supervision threshold-power-offset voice-limits Issue 1.0, 4 Feb 2013 - Configure attributes for this channel for channel assignment Assign an upstream to a specific cable mac Provision the channel identifier for the upstream Provision the channel-width for an upstream Provision the connector for an upstream databackoff <WORD> Provision the docsis mode for an upstream Provision the frequency for an upstream Upstream ingress cancellation properties Turn on/off dynamic load balancing for the upstream channel Provision the map size for an upstream Provision the max power adjust for an upstream Provision the mini slot size for an upstream Provision the modulation profile for an upstream Set the number of taps in the receiver's equalizer Provision the power level for an upstream Use pre-equalization technique to reduce upstream signal distortion rangebackoff <WORD> Relay agent circuit ID sub-option Upstream SCDMA properties Display the upstream configuration Enables frequency agility on this port Provision the supervisory downstream for this upstream. Provision the power offset threshold for an upstream Set voice data limits © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-39 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Refer to the CLI Command Descriptions for additional information on this command. 10 Repeat this procedure as needed for the remaining US ports on this UCAM. — End of Procedure — Procedure 8-4: Putting Cards and Ports into Service This procedure assumes that the US and DS channels have already been configured. 1 The following command brings the UCAM online: configure slot <slot> no shutdown Where: 2 slot = the number of the slot, 0 through 5 or 8 through 13. Bring up the upstream channel: configure interface cable-upstream <slot>/<connector group>/<uport> no shutdown 3 Bring up the logical channel: configure interface cable-upstream <slot>/<connector group>/<uport>.0 no shutdown 4 Repeat steps 2 and 3 as needed for additional upstream channels. 5 Restore the cable-mac: configure interface cable-mac <num> no shutdown — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-40 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Procedure 8-5: How to Take a UCAM Out of Service and Delete Its Slot This procedure is used to remove a UCAM and the slot in which it resides out of service. 1 If the UCAM to be taken out of service is part of a spare group, first remove the card from the spare group. configure slot <slot> spare-group <int> no 2 Take the UCAM out of service: configure slot <slot> shutdown Where: 3 slot = the number of the slot, 0 through 5 or 8 through 13. Verify module status: show linecard status The system response should confirm that the module is out of service. 4 Deprovision the slot: configure no slot <slot> Where: 5 slot = the number of the slot, 0 through 5 and 8 through 13. Save your changes: write memory — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-41 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Modulation Profiles: Default and User-defined In the E6000 CER there is a default modulation profile that is automatically created for the user: modulation profile 1. E6000 CER users are free to create user-defined modulation profiles. User-defined modulation profiles provide a shortcut method for a user to easily create modulation profiles just by specifying the desired channel type and modulation rate. User-defined modulation profiles can be assigned to any number from 3–n to create a new profile. (It is recommended that you do not use 2; otherwise you will overwrite the default). If you choose a number that is already in use, then the existing modulation profile will be overwritten by the new one. There is almost no limit to the number you can create. Each user-defined modulation profile is defined by a channel type, such as tdma, and a modulation type, such as 16QAM. The userdefined profile defines most of the parameters for that modulation and channel type. For example, if you want to use the userdefined profile for TDMA and 16QAM to create modulation profile 20, enter the following command: configure cable modulation-profile 20 tdma qam-16 Modulation profile 20 as defined by the above command: Interval Chan Mod Pre Dif FEC FEC Scr Max Guar L Scr ---Atdma--- Prea -----Scdma----Usage Type Type Len Enc CW amb Bur Time C amb Int Int mble TCM Int Sp Sub Code En Len Seed Siz Size S En Depth Block Type En Size En Cod --------------------------------------------------------------------------------------------1 request tdma qpsk 56 F 0 16 338 0 8 F T - 3 initial tdma qpsk 640 F 5 34 338 0 48 F T - 4 station tdma qpsk 384 F 5 34 338 0 48 F T - 5 short tdma q16 168 F 6 78 338 23 8 T T - 6 long tdma q16 192 F 8 220 338 0 8 T T - - Basically, user-defined modulation profiles allow the user to specify the channel type and the modulation rate for the data IUCs and the rest of the information for the modulation profile is filled in with recommended values. These recommended values are generic values that should work across a wide variety of plants. Users may want to optimize these values to the specific needs of their cable plant. The following channel types are currently supported: atdma tdma tdma-atdma - Use preconfigured ATDMA modulation profile - Use preconfigured UCAM TDMA modulation profile - Use preconfigured TDMA-ATDMA modulation profile These user-defined modulation profiles are controlled by the E6000 CER software. These modulation profiles may evolve and change slightly with different software versions. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-42 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) configure cable modulation-profile 100 ? atdma iuc scdma tdma tdma-atdma - Use IUC Use Use Use preconfigured type preconfigured preconfigured preconfigured ATDMA modulation profile SCDMA modulation profile UCAM TDMA modulation profile TDMA-ATDMA modulation profile configure cable modulation-profile 100 atdma ? qpsk, qam-(8, 16, 32, 64) - Modulation Type configure cable modulation-profile 100 tdma ? qpsk, qam-16 - Modulation Type configure cable modulation-profile 100 tdma-atdma ? qpsk, qam-(8, 16, 32, 64) - Modulation Type Displaying Modulation Profiles Use the following command example to view a modulation profile: show cable modulation-profile 27 An output similar to the following will occur: Modulation profile 27 Interval Chan Mod Pre Dif FEC FEC Scr Max Guar L Scr ---Atdma--- Prea -----Scdma----Usage Type Type Len Enc CW amb Bur Time C amb Int Int mble TCM Int Sp Sub Code En Len Seed Siz Size S En Depth Block Type En Size En Cod -----------------------------------------------------------------------------------------------1 request atdma qpsk 56 F 0 16 338 0 8 F T 1 2048 qpsk1 - 3 initial atdma qpsk 640 F 5 34 338 0 48 F T 0 2048 qpsk1 - 4 station atdma qpsk 384 F 5 34 338 0 48 F T 0 2048 qpsk1 - 9 a-short atdma qam-64 104 F 12 81 338 11 8 T T 0 2048 qpsk1 - 10 a-long atdma qam-64 104 F 16 223 338 0 8 T T 0 2048 qpsk1 - 11 a-ugs atdma qam-64 104 F 12 81 338 0 8 T T 0 2048 qpsk1 - - Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-43 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Optimizing a Modulation Profile This section is meant to serve as a guide to some of the issues that are involved in optimizing a modulation profile. Optimizing a modulation profile involves many factors; this document does not attempt to explain them all. What you are really trying to do is to optimize throughput in the upstream channel connected to the E6000 CER and still maintain an acceptable packet error rate. This distinction is important because noise on the upstream channel plays a big role in determining the best modulation profile to use. Additionally, noise on an upstream channel is not consistent over time. Because of this if a single modulation profile is used, then this modulation profile must be able to handle the worst case noise that is expected on the upstream channel and still achieve a reasonable level of performance. Intelligent Channel Optimizer The ARRIS Intelligent Channel Optimizer (ICO) is an analytical software package designed to provide the cable operator with the ability to monitor, measure, and diagnose the performance of the upstream HFC network. The tool utilizes a powerful spectral analysis engine built into every upstream receiver to gather detailed information about upstream channel noise. It then uses sophisticated mathematical modeling of the measured noise characteristics and current channel configuration to predict (or improve) the performance of the upstream channel. In addition, the ICO can serve as a modeling tool to analyze the use of higher order modulation levels, RF channel frequencies, and channel widths based on actual or hypothetical noise conditions. For details in obtaining the ICO software tool, contact ARRIS Technical Support. Noise and SNR versus Modulation Symbol Rate Unfortunately, different types of noise are typically seen on an upstream channel, and each type has a different effect on the upstream channel. There is the Additive White Gaussian Noise (AWGN) that is always present and is typically referred to as the noise floor. There may be impulse and ingress noise, both of which may cause the noise floor to spike. NOTE: Issue 1.0, 4 Feb 2013 Impulse noise is a spike in the time domain and ingress noise results in a spike in the frequency domain. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-44 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) There are various techniques that can be used to reduce the effects of each of these types of noise. For example, having all the cable modems transmit at a higher power level (assuming there is enough power headroom) gives a better Signal to Noise Ratio (SNR) because the modem’s bursts are at a higher power level while the AWGN remains at about the same level. Forward Error Correction (FEC), Ingress Cancellation Block (ICB), and interleaving can be used to correct ingress and impulse noise. Noise affects the SNR. The SNR is the primary indicator of what modulation rate can be used on the upstream channel. If one assumes that an upstream channel has no ingress or impulse noise, then theoretically the following modulation rates would work as long as the SNR of the upstream channel is higher than the stated threshold shown in Table 8-17. Table 8-17 is based on theory. In the real world the thresholds shown here would be too low. The amount of margin that needs to be added is dependent upon the types of noise present in the plant and how that noise varies over time. Even in a clean plant, we would recommend a margin of at least 4 dB. For a plant with a high noise level, the margin should be increased. Therefore, the amount of SNR margin may also be varied depending upon the type of noise that is present in the system. Table 8-17: Minimum SNR Thresholds under Lab Conditions Forward Error Correction If the Modulation Rate Is… Then the SNR Threshold Must Be at Least: 64 QAM 21 dB 32 QAM 18 dB 16 QAM 15 dB 8 QAM 12 dB QPSK 9 dB FEC can correct errors that occur in the upstream channel; however, this comes with a cost of additional overhead. FEC is typically expressed in terms of two parameters, T and k. T is used to represent the number of byte errors that can be corrected. The k parameter is used to specify the number of bytes over which the T number of byte errors can be corrected and is called the codeword length. The cost of correcting up to T byte errors in k data bytes is that there is an additional 2 * T bytes of overhead. Note, the values for T are shown in the FEC column in the show cable modulation-profile CLI command. The values for k are shown in the FEC CW Len column in the show cable modulation-profile CLI command. show cable modulation-profile 6 Typical output is shown as follows: Modulation profile 6 Interval Chan Mod Issue 1.0, 4 Feb 2013 Pre Dif FEC FEC Scr Max Guar L Scr ---Atdma--- Prea © 2013 ARRIS Group, Inc. — All Rights Reserved -----Scdma----- PRELIMINARY 8-45 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) Usage Type Type Len Enc CW amb Bur Time C amb Int Int mble TCM Int Sp Sub Code En Len Seed Siz Size S En Depth Block Type En Size En Cod --------------------------------------------------------------------------------------------1 request tdma qpsk 56 F 0 16 338 0 8 F T - 3 initial tdma qpsk 640 F 5 34 338 0 48 F T - 4 station tdma qpsk 384 F 5 34 338 0 48 F T - 5 short tdma q16 168 F 6 75 338 7 8 T T - 6 long tdma q16 192 F 10 220 338 0 8 T T - - Figure 8-4 illustrates the relation between code words and the packet, and between the T and k parameters. For detailed information on these parameters, see sections 6.2.5 and 6.2.20 of the DOCSIS RFI specification, CM-SP-PHYv3.0-I09-101008. Upstream Burst Data Packet Preamble FEC Codeword ... FEC Codeword k FEC Data Bytes ... FEC Codeword Guard Time 2 * T FEC Parity Bytes Figure 8-4: Relation of FEC Codewords to Data Packet A slight decrease in SNR can cause a large increase in the Packet Error Rate (PER). There comes a point where simply adding additional FEC to attempt to correct for the upstream errors is no longer efficient. Once this point is reached, it is more efficient to use a lower modulation rate with less FEC overhead than to continue to increase the FEC protection. Figure 8-5 (obtained by means of the ICO software tool for a 3.2 MHz channel) illustrates that it can be more efficient to use a lower FEC setting and a lesser modulation rate. Ideally the channel will operate as far towards the upper left of this chart as possible. The Shannon curve displays what is theoretically possible. The curves for the different modulation rates show the effect of increasing the value of T for the FEC for each of the different modulation rates for the specified modulation profile parameters. 1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-46 E6000 CER Release 1.0 PRELIMINARY Upstream Cable Access Module (UCAM) Figure 8-5: Maximum ATDMA Data Rate vs. SNR Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-47 E6000 CER Release 1.0 PRELIMINARY Upstream Cable Access Module (UCAM) Because the lab chassis used to obtain the data in Figure 8-5 was provisioned with a very short cable plant, these numbers approach the theoretical values listed above for SNR. They do not reflect real-world noise levels. In the 64 QAM modulation profile, if the SNR of the plant is about 20 dB, then a high T value is required to limit the Packet Error Rate (PER) to 0.1%. The highest bit rate one can achieve is about 8 Mbps. However, if we reduce the modulation to 32 QAM and decrease the FEC T value, the bit rate goes up to 12 Mbps under the same conditions. For practical reasons the minimum value of k must be at least 16. Because of this, if there are not 16 data bytes either to be sent or remaining to be sent, then the modem must pad out this data to be 16 bytes. This especially comes into play for IUC 1 where the request frame is 6 bytes. Therefore, to have even the minimal values for FEC of T = 1 and k = 16 for IUC 1, would mean that there must be 18 total bytes (k + 2T) required to transmit 6 bytes of data. Given this amount of overhead, it is normally better to use a low order of modulation such as QPSK and no FEC for IUC 1, assuming the noise on the plant allows this to work. The type of traffic that is sent in the upstream direction can affect the optimal FEC values also. For example, assuming there is a lot of ACKs and small packets (i.e. 64-byte packets), then the FEC codeword length should be set so that there is no need to pad out the remaining 16 bytes. Assuming a 6-byte MAC header, it would take 70 bytes to send the 64-byte packet. Also assuming BPI is enabled then there is an additional 5-byte extended header such that it would take 75 bytes to send a 64-byte packet. Note, that the preamble is not included in FEC and should not be included in these calculations. In general, the predominant packet size plus the associated overhead determines that the k value should not be a value between 1 and 15; otherwise there is additional overhead in the padding of the codeword. In the case of a DOCSIS 2.0 upstream, the modulation profile will include an IUC 11. The IUC 11 is used for UGS data flows. The service that most commonly uses UGS data flows is VoIP. There are several different codecs that are used in the industry; however, typically there is only one codec with one sampling period (5, 10 or 20 milliseconds) on a given cable plant. This tends to cause all of the upstream UGS data packets to be of the same size. Knowing the size of these UGS data packets, the value of k for the FEC should be such that no additional padding is required for FEC. Preamble Lengths The preamble length is a parameter that is displayed in the show cable modulation-profile CLI command in the Pre Len column. This value represents the number of bits that are in the preamble. In general the preamble is transmitted as a QPSK symbol no matter what the modulation type for the IUC actually is. One exception to this is that a 16 QAM TDMA upstream channel will use 16 QAM symbols or 4 bits per symbol, per the DOCSIS specification. The preamble length is used by the upstream receiver to decode the upstream burst even if the upstream burst is not perfectly aligned with the proper spot in the upstream spectrum. The preamble helps to recognize where an upstream burst actually begins, and is also used to perform equalization on the upstream burst, provided that the preamble is long enough. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-48 PRELIMINARY E6000 CER Release 1.0 Upstream Cable Access Module (UCAM) In general a longer preamble is desired for IUC 3, Initial Ranging, since this is the first time that the E6000 CER has heard from this modem. Additionally, the extra equalization also helps in IUC3. The amount of gain for equalization does not normally warrant the additional overhead in terms of length of the preamble especially in IUCs other than the ranging IUCs (IUCs 3 and 4). The point where the PHY chip switches from simply recognizing the start of the preamble and making sure that it has the correct pattern to recognizing when extra symbols are used for equalization depends upon several parameters. Some of these parameters are not currently configurable and require very detailed knowledge of how the PHY chip operates. As such, this paper will not explain all of the details behind the following numbers. The point where equalization begins for preambles using QPSK on IUCs 3 and 4 is currently after 136 bits. For IUCs 3 and 4 when 16 QAM is used, equalization begins after 272 bits. For non-ranging IUCs (any IUC except IUCs 3 and 4) for preambles using QPSK, equalization begins after 132 bits. For non-ranging IUCs (any IUC except 3 and 4) for preambles using 16 QAM, equalization begins after 264 bits. If there is a lot of impulse noise in the upstream channel, then it is probably worth using shorter preambles to lower the probability that an impulse will actually hit a preamble. Note that if an impulse actually hits a preamble that most likely the entire frame will be discarded because of a bad preamble. Part of the reason behind this is that the preamble is not protected with FEC. As such with a lot of impulse noise on the upstream channel, the preamble lengths should be shortened. Differential Encoding Differential encoding can be enabled since it is a feature in the DOCSIS RFI specifications; however, no significant gain has been observed when enabling this option. This mode is rarely used in the field; therefore we recommend that you leave Differential Encoding disabled. (For more information, see http://www.cablemodem.com/specifications.) Scrambler Seeds This is a value that tends to be tied to the PHY hardware. These values have already been optimized by the PHY chip manufacturer. Therefore, do not change the values that come with the default modulation profiles for the scrambler seed. Maximum Burst Size This value is contained is something that is displayed in the show cable modulation-profile CLI command in the Max(imum) Bur(st) Size column. This value is in terms of maximum number of minislots that may be used by the associated IUC. A value of 0 for the maximum burst size means that there is no limitation on the size at least in the modulation profile. NOTE: Issue 1.0, 4 Feb 2013 The short data grant (IUC 5) and the advanced phy short data grant (IUC 9) must have non-zero values. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-49 E6000 CER Release 1.0 PRELIMINARY Upstream Cable Access Module (UCAM) It is important to understand the type of traffic that is to be sent upstream and the relative priority of that traffic when adjusting this parameter. For example, if there is VoIP traffic on an upstream that uses a TDMA channel type, then the VoIP traffic should be given a higher priority in terms of FEC protection. Assuming that there is more FEC associated with a short data grant (IUC 5) than with a long data grant (IUC 6), then the maximum burst size should be set such that the higher priority traffic, in this case VoIP, uses the IUC with the higher level of FEC protection. When the modulation profile is for an ATDMA channel, the modulation profile will contain the UGS IUC 11. The VoIP traffic will tend to use this IUC on a DOCSIS 2.0 upstream channel. In this case make sure you do not include the UGS data packets into the process of determining the best value for the maximum burst size. Guard Time Size The guard time size is given in the Guard Time Size column in the show cable modulation-profile CLI command. The guard time size is related to processing delays with a non-SCDMA upstream channel. The times for non-SCDMA channels are already optimized based upon the hardware to be as small as possible without losing data. If the numbers are increased, then upstream bandwidth is lost without any additional gains. Changing the default is not recommended. Shortened Last Codeword A codeword is specified by the k parameter for FEC. Assuming the data packet is not an even multiple of k, then the last codeword used to transmit a data packet will have less than k bytes to send. This parameter controls the format of that last codeword. The last codeword must always contain at least 16 bytes whether shortened or not. This parameter control whether or not the last codeword must contain k bytes or if it can contain between 16 and k bytes. If the last codeword can contain between 16 and k bytes, the last codeword is allowed to be shortened and this parameter has a values of true (T). If the last codeword must be padded out to contain k bytes, then the shortened last codeword value is set to false (F). The shortened last codeword is displayed in the LCS (Last Codeword Shortened) field in the show cable modulation-profile CLI command. In general having the shortened last codeword set to true will improve upstream efficiency in that there is less overhead associated with the additional padding in the last codeword. The default modulation profiles in general for IUCs 1, 3 and 4 do not have this set to true, simply because the messages sent on IUCs 1, 3 and 4 are of a fixed length and the values for k are already optimized for this length. As such there is no benefit to turning on shortened last codeword with the default modulation profiles unless the value of k is changed for these modulation profiles to a non-optimal value. Scrambler Enable Issue 1.0, 4 Feb 2013 The scrambler enable is shown in the show cable modulation-profile CLI command in the Scramb En column. It might be better called a randomizer. Having this field set to true enables hardware that randomizes the bit stream to avoid a long pattern of either zeroes or ones. This helps in the overall transmission efficiency of the entire system. In general this should always be set to true (T). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-50 E6000 CER Release 1.0 ATDMA Interleaver Depth PRELIMINARY Upstream Cable Access Module (UCAM) With an ATDMA upstream channel, there is the capability of using an interleaver that is not available in the DOCSIS 1.X version of TDMA. This interleaver works on a byte basis. When enabled, the interleaver will change the order in which bytes are transmitted. This has a side effect of causing additional latency in the upstream direction. The benefit is the additional protection against impulse noise. In general an impulse will corrupt some number of bytes that are transmitted consecutively with time. If the bytes are all from the same FEC codeword, and if FEC is not able to correct for this problem, then the data is lost. However, by ordering the transmission of bytes such that bytes from multiple FEC codewords are intermixed, the same impulse will hit fewer bytes from the same FEC codeword giving a better chance that FEC will be able to recover the corrupted data. The ATDMA interleaver depth is shown in the show cable modulation-profile CLI command in the Atdma Int Depth column. This value controls how this interleaver works. A value of 0, puts the interleaver into a dynamic mode such that the interleaver adjusts the way that it interleaves the data based upon the size of the data to transmit. A value of 1, turns off this interleaver. Any other value directly controls how many FEC codewords are interleaved together. When directly controlling how many FEC codewords are interleaved together, the value has a range from 2 to the floor (2048 / (k + 2T)) where k and T are the FEC parameters described in the FEC section of this document. The default modulation profiles use the dynamic mode of operation in order to get as much protection from impulse noise as possible. If a system has extremely tight restrictions in terms of upstream latency, then the amount of interleaving may be changed to either be off or of a lesser amount. This comes at the cost of reduced impulse noise immunity. ATDMA Interleaver Block Size This is another control for the ATDMA byte interleaver and is shown in the show cable modulation-profile CLI command in the Atdma Int Block field. According to the DOCSIS 2.0 RFI specification, both the E6000 CER and a cable modem must contain 2048 bytes of memory to perform the ATDMA byte interleaving. This parameter controls how much of that memory is used. The parameter can vary from 2 * (k + 2T) up to 2048 where k and T are the FEC parameters described in the FEC section. When the ATDMA byte interleaver is in the dynamic mode of operation, this parameter should really be left at the 2048 value; otherwise, the byte interleaver will perform sub-optimally. Note, the dynamic mode of operation and a block size of 2048 are used in the default modulation profiles. Preamble Type Issue 1.0, 4 Feb 2013 An upstream channel using ATDMA, has the capability to change the power level at which the preamble is transmitted. This is displayed in the show cable modulation-profile CLI command in the Preamble Type column. There are two different values that are possible for the preamble power levels. The first value is QPSK0 which corresponds to the transmit levels that are used by a DOCSIS 1.x upstream channel. The second value is QPSK1, which uses a higher power level. By transmitting at a higher power level, there are times when a preamble of type QPSK1 will be heard when the QPSK0 preamble type would not be heard. Therefore QPSK1 is used for the default modulation profiles. For actual differences in the power levels, see the DOCSIS RFI specification for DOCSIS 2.0, or later. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 8-51 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Upstream Cable Access Module (UCAM) PRELIMINARY 8-52 PRELIMINARY E6000 CER Release 1.0 9 Issue 1.0, 4 Feb 2013 Installation Installation Overview 2 Safety Precautions 3 Unpacking the E6000 CER 8 Installation Requirements 10 Rack Mounting the E6000 CER 13 Grounding the Chassis 14 Fan Trays 15 Air Filter 17 Power Entry Module (PEM) 19 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-1 PRELIMINARY E6000 CER Release 1.0 Installation Overview This chapter provides the installation precautions and requirements in the E6000 CER. NOTE: Issue 1.0, 4 Feb 2013 Do not make any mechanical or electrical modifications to the E6000 CER equipment. If modified, the E6000 CER may no longer comply with regulatory standards. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-2 PRELIMINARY E6000 CER Release 1.0 Installation Safety Precautions This section provides safety precautions for installing the E6000 CER. When setting up the E6000 CER, please observe the following: Lifting Safety • Install the E6000 CER only in restricted access areas, where access can be gained only by service personnel for reasons of security and safety. • Choose a site with a dry, clean, well-ventilated, and air-conditioned area that maintains an ambient temperature of +5°C to +40°C (41°F to 104°F) • Follow all warnings and instructions marked on the equipment. • Never force objects of any kind through openings in the equipment because dangerous voltages may be present. Foreign objects may produce a short circuit resulting in fire, electric shock, or damage to the E6000 CER and other equipment. • Connect the E6000 CER chassis to protective earth ground in compliance with U.S. and International Safety standards. See Grounding the Chassis on page 9-14. • Use ESD Precautions. A fully-equipped E6000 CER weighs approximately 220 pounds. The chassis is not intended to be moved frequently. Before installing the E6000 CER, ensure that your site is properly prepared. When lifting the chassis or any heavy object, follow these guidelines: Issue 1.0, 4 Feb 2013 • Disconnect all external cables before lifting or moving the chassis. • Do not attempt to lift the chassis by yourself; have at least one other person assist you. ARRIS recommends using a mechanical lift if the chassis is fully equipped. • Ensure that your footing is solid and that you balance the weight of the object between your feet. • To lift the chassis: use two people (one on each side). With one hand grasp a front handle and with the other hand grasp a back handle and lift slowly. Do not twist your body as you lift. • Keep your back straight and lift with your legs, not your back. If you must bend down to lift the chassis, bend at the knees, not at the waist, to reduce the strain on your lower back muscles. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-3 PRELIMINARY E6000 CER Release 1.0 Installation Electrical Equipment Guidelines Follow these basic guidelines when working with any electrical equipment: • Know where the emergency power-off switch is located for the room in which you are working. • Disconnect all power and external cables before moving the chassis. • Do not work alone if potentially hazardous conditions exist. • Never assume that power has been disconnected; always check. • Do not perform any action that makes the equipment unsafe or might create a potential danger to people. • Examine your work area for possible hazards such as ungrounded power extension cables, missing safety grounds, or wet floors. CAUTION Be sure to connect the chassis to protective earth ground before applying power or inserting modules. An ungrounded chassis may damage components. CAUTION The ports of the E6000 CER chassis are suitable for connection to intra-building or unexposed wiring or cabling only. The ports of the chassis MUST NOT be metallically connected to interfaces which connect to outside plant (OSP) or its wiring. These interfaces are designed for use as intra-building interfaces only, requiring isolation from the exposed OSP cabling. They are Type 2 or Type 4 ports as described in GR-1089-CORE, Issue 4. Finally, the addition of Primary Protectors is not sufficient protection from electrical shock in order to connect these interfaces metallically to OSP wiring. Electrostatic Discharge (ESD) Preventing Electrostatic Discharge Damage Issue 1.0, 4 Feb 2013 Electrostatic Discharge (ESD) can damage equipment and impair electrical circuitry. ESD occurs when printed circuit modules are improperly handled. It may result in module failure or intermittent problems. The E6000 CER contains replaceable printed circuit modules. Modules are equipped with a metal faceplate that features Electromagnetic Interference (EMI) shielding and lever-action latches. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-4 PRELIMINARY E6000 CER Release 1.0 NOTE: Installation Modules should not be handled by these latches; hold the faceplate with one hand and the other hand supporting the board on the back or on the bottom edge. Avoid touching the printed circuit board and connector pins. Although the metal faceplate helps to protect the printed circuit modules from ESD, always wear an antistatic wrist or ankle strap whenever handling the modules. Ensure that the anti-ESD device makes good skin contact. The chassis is equipped with two sockets (one on the front and one on the rear) in which you can ground plug-in wrist straps. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-5 PRELIMINARY E6000 CER Release 1.0 Installation Installation Guidelines Installation involves mounting the unit in a rack, populating with client1 and system modules and Physical Interface Cards (PICs), attaching cables, and configuring software. Follow the instructions in this section when installing the E6000 CER for the first time. Completed (D) Task Description Become familiar with component descriptions Unpack the E6000 CER according to the instructions in Unpacking the E6000 CER, page 9-8 Obtain any necessary items not supplied to install the E6000 CER in your configuration Prepare the site for installation in accordance with placement and electrical considerations Connect yourself to the chassis ground or with ESD strap before handling modules. Install E6000 CER in the rack Attach the chassis grounding cable Install the Physical Interface Modules (PICs) Install the front cards (i.e., system and client modules) Attach to DC power (See Installing the PEM, page 9-20) Connect an RS-232 console cable Power up the E6000 CER Configure the E6000 CER according to the instructions in Basic Bring-up Procedure on page 10-1 Tools Required The following tools are required for installation: • #3 Phillips screwdriver for large bolts • #2 Phillips screwdriver • Digital volt meter • Torque wrench (See Table 9-1 below). If used only for F-connectors, torque wrench should be self-limiting to 20 in-lbs. • Two 13mm wrenches and a Torx T20 screwdriver for the PEM cable installation. 1. UCAMs and DCAMs are client modules; the RSMs are system modules. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-6 PRELIMINARY E6000 CER Release 1.0 Torque Values Installation The following table lists the recommended torque values for selected screws and fasteners of the E6000 CER: Table 9-1: Recommended Torque Values in Inch-pounds Fasteners Items Not Supplied Issue 1.0, 4 Feb 2013 Maximum Torque Screws for grounding cable 10 in-lbs Captive fasteners on front panels of front modules, PICs, PEMs, Fan Trays, and CCMs 5.0 in-lbs UPIC connector retainer 3.0 in-lbs DPIC F-connectors 20 in-lbs PEM power cable lug nuts 44 in-lbs The following items are not included with the E6000 CER. Obtain these items before installation: • Appropriate network cables • Operator console or PC with built-in asynchronous terminal emulation • Coaxial cables • 48 VDC power supply. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-7 PRELIMINARY E6000 CER Release 1.0 Installation Unpacking the E6000 CER CAUTION Due to the weight and height of the chassis, at least two people are needed to install the chassis. CAUTION DO NOT use the Fan Tray, PEM handles or cable trays as lifting points. CAUTION The chassis contains static sensitive devices. When unpacking or handling the chassis, always wear an ESD wrist strap to prevent static damage. When unpacking the E6000 CER, use the following steps and checklist: Issue 1.0, 4 Feb 2013 • Inspect the shipping crate before removing the unit. If there is evidence of damage to the crate upon receipt, request an agent of the carrier to be present before removing the E6000 CER. • Ensure the crate is right side up. Open crate and carefully remove the crate top and set aside any optional items which may be packed in small boxes on top of the protective foam. Remove the crate sides and then remove the protective foam from from unit. • Remove the remaining contents of the crate. Front and rear modules are shipped in separate cartons, unless ordered otherwise. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-8 PRELIMINARY E6000 CER Release 1.0 Installation Check the packing slip and verify its contents. If a new E6000 CER system with the minimum configuration is ordered, it typically ships with the following items. Use the checklist provided below to verify that the required items are present. Table 9-2: Hardware Shipment Checklist (D) Required Items One E6000 CER chassis One (1) chassis ground cable (green, 2 gauge, approx. 24 inches) Two (2) Chassis Control Modules (CCMs) (installed) Three (3) Fan Trays (installed) One (1) each front and rear air filters (installed) Two (2) Power Entry Modules (PEMs) (installed) Eleven (11) front filler panels Eleven (11) rear filler panels One (1) ESD Wrist Strap Documentation package (zip-lock plastic bag in shipping crate): Issue 1.0, 4 Feb 2013 • One (1) CD-ROM (standard) • One (1) paper copy of the licensing agreement • One (1) copy of the pre-printed packing list © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-9 PRELIMINARY E6000 CER Release 1.0 Installation Installation Requirements Chassis Placement Select an appropriate installation area that is dry, relatively dust free, well-ventilated, and air conditioned. Be sure the floor is capable of supporting the combined weight of the rack with the installed equipment. CAUTION The E6000 CER generates a significant amount of heat. Allow enough space around the E6000 CER for adequate ventilation and do not block the air vents. Inadequate ventilation could cause the system to overheat. Clearance Allow sufficient clearance around the rack for maintenance. NOTE: Power Requirements A mobile rack is not recommended. The E6000 CER supports the use of redundant power supply sources. Each source is fed to the unit through two feeds with each feed consisting of a -48V (nominal) supply line and its RTN. In total, there are four feeds used when configuring for redundant power. NOTE: All voltages are at the PEM cable lugs bolts; allow for voltage drop on the power cables. Table 9-3: System Voltage Requirements Nominal voltage -48V or -60V Operating Voltage range -40V to -72V The -40V guaranteed operating limit translates to a maximum current draw of 160A at 6400W. Circuit breakers on the power feeds should be sized accordingly. The E6000 CER limits the startup current to prevent false tripping of the circuit breakers. Cooling Requirements The E6000 CER should be installed in a location with adequate ventilation. It is designed for long-term operation at ambient air temperatures ranging from 5°C to 40°C and an area that is between 5 to 90 percent relative humidity, non-condensing. To determine cooling requirements, assume 6400W for worst-case power dissipation. These values assume the worst-case cooling requirements when the system is fully populated. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-10 PRELIMINARY E6000 CER Release 1.0 Installation The E6000 CER draws cooling air in through the front of the unit and expels it out the back at the top of the unit as shown in Figure 9-1 Exhaust Intake Figure 9-1: Air Flow through Chassis Clear airflow must be maintained in these areas to ensure adequate ventilation. ARRIS recommends that the unit only be installed in free air racks, not enclosures. If the E6000 CER is installed in a closed or multi-unit rack assembly, the inlet air temperature could exceed the room ambient air temperature and/or the air flow may be reduced. In these cases, the E6000 CER requires a colder room temperature be maintained to compensate for this type of installation. CAUTION As with all electrical equipment, operation at excessive temperature accelerates the deterioration of components and adversely effects performance. Prevent excessive heat buildup in the rack. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-11 PRELIMINARY E6000 CER Release 1.0 Temperature Monitoring Installation The E6000 CER monitors module temperatures and adjusts the fan speed accordingly. If the temperature of a front module rises above its operating range, a TempOutOfRangeNotification SNMP trap is generated for that module. If the temperature continues to rise to the module’s thermal limit, the card is powered down and a card TempOverHeatNotification SNMP trap is generated. The E6000 uses a “heat index” valued from 1 to 10. Value of 1 is very cool, 7 is warning level and 10 is the shut off level. The system should normally operate between levels 1 and 5. The “heat index” is accessible via both the CLI and SNMP. The show environment CLI command will display the current temperature of modules in equipped slots along with the ambient air temperature. The card Temperature object in the cardTable table in the cadEquipmentMib MIB module contains the current temperature of the associated slot. As shown in Figure 9-1, the Fan Trays circulate the air that cools the chassis. Air is drawn in through the intake vent at the bottom of the chassis; the fans then move the air across the internal components, cooling them as it passes. The warm air is exhausted through the vent at the top rear of the chassis. To ensure the proper air flow, make sure blank filler panels are installed in unoccupied front and rear chassis slots. It is also important to change the Air Filters at least every three months, and more often if the air at the site is dusty. CAUTION Air Filters cannot be cleaned and re-used. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-12 PRELIMINARY E6000 CER Release 1.0 Installation Rack Mounting the E6000 CER The E6000 CER can be installed in 19 inch equipment racks. The rack must be accessible from the front and rear for equipment installation. Allow sufficient clearance around the rack for system maintenance. Uneven mechanical loading of an equipment rack can be hazardous. Depending on the number of modules supported, some E6000 CER configurations are heavier than others. Place the heaviest units toward the bottom of the rack. The following steps outline how to rack mount the E6000 CER. CAUTION Ensure that the rack is stable and properly bolted to the floor so that weight of the chassis does not make it unstable. Mounting Instructions Issue 1.0, 4 Feb 2013 1 Ensure that the rack is constructed to support the weight and dimensions of the chassis. 2 Install any stabilizers that came with your equipment rack before mounting or servicing the chassis in the rack. 3 Load the rack from the bottom to the top, with the heaviest system at the bottom, avoid uneven mechanical loading of the rack. 4 Secure the chassis in the rack. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-13 PRELIMINARY E6000 CER Release 1.0 Installation Grounding the Chassis The E6000 CER must be properly connected to Protective Earth (PE) of the building for safety compliance. You can connect the PE ground wire to the chassis via the Chassis Ground Terminal at the rear of the chassis as shown below in Figure 9-2. The torque for the bolts M6: 5.1 Nm (10 in.-lb.). The ground wire can also be attached to the side of the chassis in either a vertical or horizontal orientation utilizing either two of the three ground terminas. The two ground screws from the rear of the chassis may be used. NOTE: Use only two-hole terminals. 13 12 11 9 8 7 B Hold () Tighten Chassis Ground Terminals G ND Figure 9-2: Chassis Ground Terminal WARNING Static electricity can harm delicate components inside the E6000 CER. You must wear an ESD wrist strap before exchanging any part or module. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-14 E6000 CER Release 1.0 PRELIMINARY Installation Fan Trays The chassis contains three interchangeable Fan Trays. Each Fan Tray contains three fans with a numbering scheme (from the front view, left to right) of 0, 1 and 2. The fans pull air from the bottom front of the chassis, force it upward across the system modules, and expel the air out of vents in the top rear portion of the chassis. The Fan Trays are plugged in at the lower front of the chassis and all three should be installed during normal operation. Like all E6000 CER modules, the Fan Trays are hot swappable. When a Fan Tray is removed, a spring-loaded door closes the open space left by the removed device, reducing both electrical and air leakage from the chassis. Figure 9-3: One of three Fan Trays Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-15 PRELIMINARY E6000 CER Release 1.0 Installation Procedure 9-1: To Replace a Fan Tray WARNING Before removing or replacing any E6000 CER modules, obtain and attach an antistatic grounding wrist or ankle strap to protect against damage to components resulting from static electricity. Removing the Fan Tray: 1 Use proper ESD precautions before handling modules. 2 Open both captive thumbscrews (see Figure 9-3) 3 Grasping the handle, slide out the Fan Tray. Installing the Fan Tray 1 Use proper ESD precautions before handling modules. 2 Insert the Fan Tray completely into the chassis. 3 Fully seat the Fan Tray and then tighten the captive thumbscrews. If using a tool, care should be exercised not to over-tighten. The recommended torque for this fastener is 5.0 inch-pounds. — End of Procedure — Proper Airflow Install the system in an open rack whenever possible. If installation in an enclosed rack is unavoidable, ensure that the rack has adequate ventilation. Maintain airflow to ensure normal operation. If the airflow is blocked or restricted, or if the intake air is too warm, an over temperature condition can occur. Ensure that cables do not obstruct the airflow through the shelf. User filler panels to cover all empty chassis slots. The filler panel prevents air from escaping out of the front of an open slot. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-16 PRELIMINARY E6000 CER Release 1.0 Installation Air Filter The chassis is equipped with two replaceable air filters. The front air filter will filter the air for the front modules while the rear air filter will filter the air for the PICs. The air filters meets the requirements of the Telcordia Technolgies Generic Requirements (GR-78-CORE specification). 1 2 3 4 Figure 9-4: Replaceable Air Filter Where: NOTE: Issue 1.0, 4 Feb 2013 1 = Filter element 2 = Handles 3 = Filter tray 4 = Spring mounted ball lock Although the Figure (above) and Procedure (following) depict the front air filter, they also correspond to the rear air filter. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-17 PRELIMINARY E6000 CER Release 1.0 Installation Procedure 9-2: Air Filter Replacement 1 Pull out the filter tray (3) by pulling the handles (2). 2 Replace the filter element (1). 3 To re-install, push the air filter tray (3) into the guide rails at each side of the chassis until the spring mounted ball lock (4) engages. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-18 PRELIMINARY E6000 CER Release 1.0 Installation Power Entry Module (PEM) WARNING Hazardous Voltage! Before working, ensure that the power is removed from the power connection cables. When the system is powered on, DO NOT touch the power terminals. CAUTION This shelf has two redundant Power Entry Modules (PEMs). Even if only one PEM is connected to power or the redundant PEM is out of service (OOS), ALL voltages inside the shelf may still be present! NOTE: The shelf can be powered using a regular telecommunication power supply of -48/-60 VDC; see Table 9-3, System Voltage Requirements, on page 9-10. The system supports redundant power supplies and the two supplies should be independently powered. CAUTION The E6000 CER power terminals are 8 millimeters in diameter. For connection to the E6000 CER, cables must be terminated in suitable single-hole, 10mm or 3/8 inch, straight lugs. A suitable lug includes the Thomas & Betts 54148 for 2 AWG, conductors. The power cable must be adequately sized for the current load. ARRIS supplied cables are guaranteed to support the maximum system power consumption at the minimum operating voltage. Installation Procedure Tools Required: Issue 1.0, 4 Feb 2013 • T20 Torx screwdriver • 13 millimeter open end wrench • 13 millimeter hex torque wrench (44 inch-lbs or 5 newton-meters) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-19 PRELIMINARY E6000 CER Release 1.0 Installation Procedure 9-3: Installing the PEM 1 Use proper ESD precautions before handling modules. 2 Insert the PEM completely into the chassis. 3 Fully seat the PEM and then tighten the captive thumbscrews. If using a tool, care should be exercised not to over-tighten. The recommended torque for this fastener is 5.0 inch-pounds. — End of Procedure — Cabling the PEM Procedure 9-4: Cabling the PEM Follow the steps given below in the order given to safely connect power cables to the E6000 CER. 1 Ensure that the E6000 CER is mounted in the rack and location where it is to be used. 2 Ensure that the safety ground cable provided with the E6000 CER is properly installed, bonding the chassis to the local ground system. 3 Ensure that the PEMs are properly installed. 4 Remove both PEM covers from the rear of the E6000 CER. Figure 9-5 is a illustration of a PEM cover. The PEM cover is retained by four T20 screws. Figure 9-5: PEM Cover Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-20 PRELIMINARY E6000 CER Release 1.0 Installation 5 Ensure that the power supply cables are not energized. 6 Check that all four PEM circuit breakers are off. When off, the “ON” side of the circuit breaker actuator protrudes from the surface of the PEM as shown in Figure 9-6. Figure 9-6: PEM Circuit Breaker in the Off Position Issue 1.0, 4 Feb 2013 7 Dress the power supply cables to their respective side of the E6000 CER chassis. Both of the cables to a given PEM should be dressed on the same side of the chassis. 8 Remove the outer nut, lock washer, and flat washer from each of the four studs on the PEM. 9 Place each terminated cable conductor on the studs. The top studs are for the positive conductors, and the bottom studs are for the negative conductors. One cable pair connects to the left pair of studs, and the other connects to the right pair of studs. Refer to Figure 9-7 for an illustration of these connections. All of the cable conductors must exit as show in the figure. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-21 PRELIMINARY 13 12 11 9 Installation 7 8 6 POS 5 2 4 1 0 A () () POS EG N EG N S PO NEG PO NEG S TO “B” POWER SUPPLY B TO “A” POWER SUPPLY E6000 CER Release 1.0 GND Figure 9-7: Power Cable Connections to the E6000 CER 10 By hand, re-install the flat washer, lock washer, and nut on top of the PEM’s studs. NOTE: Finger tighten only Use a 13 millimeter open-end wrench to prevent the nut below the stud from turning, and use a hex 13 millimeter torque wrench on the nut above the stud to tighten it. It should be tightened to 44 inch pounds (5 newton-meters) of torque. Refer to the diagram provided on each PEM, or Table 9-8, below. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-22 PRELIMINARY 13 Installation 12 11 9 8 7 6 5 POS PO S 2 1 0 A () N EG 4 () POS EG N NEG NEG S PO TO “B” POWER SUPPLY B TO “A” POWER SUPPLY E6000 CER Release 1.0 GND NO torque on the stud ! Torque = 44 in-lbs only between nuts Hold Torque wrench goes on this nut. () Tighten Open-end wrench goes on this nut Figure 9-8: Terminal Tightening Requirements 11 Ensure that none of the lugs have rotated into contact with one another, or with other PEM terminals. 12 Repeat steps 8 through 12 for the other PEM and power supply cables. 13 Orient each PEM cover so that the opening in the side allows the cable conductors to pass through, and install the PEM covers with the T20 screws. 14 Ensure that all four PEM circuit breakers are in the off position. Refer to Figure 9-6. 15 Energize both cables to one of the PEMs. 16 Verify that both green “OK” LEDs are illuminated on the rear of the PEM. Verify that both red “REV” LEDs are extinguished. Refer to Figure 9-9 for the location of these polarity LEDs. If a “REV” LED is illuminated, de-energize the cables and correct the polarity (refer to step 9 and Figure 9-7, above). Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-23 PRELIMINARY E6000 CER Release 1.0 Installation CAUTION DO NOT turn the circuit breaker on if a REV LED is lit. “OK” LEDs (GREEN) “REV” LEDs (RED) Figure 9-9: Location of Polarity LEDs on PEM 17 Repeat steps 15 to 17 for the other PEM. 18 To power the E6000 CER, turn on both circuit breakers on a PEM. Press on the “ON” side until it clicks in flush with the PEM panel. Figure 9-10 shows a PEM circuit breaker in the closed position. Figure 9-10: PEM Circuit Breaker in the On Position 19 Verify that the BRANCH POWER LEDs associated with each feed turn green when the power is switched on. Contact ARRIS personnel for assistance if any branch LED fails to light. 20 If any breaker fails to stay closed, shut off all power to the unit and contact ARRIS personnel for assistance. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-24 PRELIMINARY E6000 CER Release 1.0 Installation 21 Repeat steps 19 to 21 for the other PEM. 22 Assure that the power cables do not interfere with the rear Air Filter tray being replaced. 23 Fix the cables with cable ties. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 9-25 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Installation PRELIMINARY 9-26 PRELIMINARY E6000 CER Release 1.0 10 Basic Bring-up Procedure Basic Bring-up Procedure Before You Begin 1 Bring-up Procedures 4 Verification Steps Introduction 16 This chapter provides the basic procedure to bring up an E6000 CER. This is not a software upgrade procedure: it assumes that the chassis is not yet in service. This chapter is based on a minimal configuration for a simplex system and bring-up. The minimal configuration and examples used in this chapter will consist of one Router System Module (RSM), one Downstream Cable Access Module (DCAM), and one Upstream Cable Access Module (UCAM). Most systems will be configured in redundant mode which means that each of the boards will have a spare or be part of a sparing group. Before You Begin Certain items are required to make the installation run smoothly. These include: Issue 1.0, 4 Feb 2013 1 Correct installation and power 2 Hybrid Fiber Coax (HFC) network connectivity 3 The IP network plan for this chassis © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-1 PRELIMINARY E6000 CER Release 1.0 4 Chassis Installation and Powering Basic Bring-up Procedure A provisioning plan for the new CER. It is assumed that the new CER has been mounted in a rack in the headend and cabled for power prior to starting this installation. Do not power up the chassis until told to do so in the procedure. DC Power — For additional information on power on the system, refer to the E6000 CER User Guide chapter on “Installing/Replacing Modules and Initial System Configuration.” HFC Network Connectivity A useful tool for planning the chassis configuration is the Network Connectivity Plan, as shown in Figure 10-1 on page10-3. This plan details the physical connections needed for the E6000 CER to reach the HFC plant as well as how the chassis will be connected to the Operator Network for Internet Access and provisioning, monitoring, and control. Another useful tool for the chassis configuration is the HFC Network Connectivity Worksheets provided at the end of this chapter. These worksheets help with the channel and spectrum mapping tasks that are necessary for DOCSIS 3.0 deployments. This information is reflected in the running configuration and is gathered to make that configuration complete. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-2 E6000 CER Release 1.0 PRELIMINARY Basic Bring-up Procedure DCAM Slot5 UCAM Slot 8 Cable-MAC 1 Fiber Node 1 Modem Sparing Sparing Figure 10-1: Network Connectivity Diagram Configuration of Back Office Servers Issue 1.0, 4 Feb 2013 The following servers must be correctly provisioned to support the DOCSIS and non-DOCSIS devices and services. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-3 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure DHCP Server — A Dynamic Host Configuration Protocol (DHCP) server is needed to provide IP addresses to the modems and Customer Premise Equipment (CPE). The following options are required for registering modems: • Option 2 — time offset • Option 3 — router (IP address of the cable-mac primary address) • Option 4 — time server (IP address of the time server) • Option 66 — boot server host name (IP address of the TFTP server) • Option 67 — bootfile name (name of the modem configuration file) TFTP Server — This server is required to send the modem configuration file to the modem. Time of Day Server — This server provides the time of day to the modems. Bring-up Procedures The following is a high-level list of the steps of this procedure: 1. Install Cards, Rear PICs, and Filler Panels 2. Set Up Console Cable 3. Power Up the Chassis 4. Configure Slots 5. Configure RSM Ethernet Connections 6. Out-of-Band Management (Optional) 7. Configure Cable-MAC 8. Configure Downstream Parameters 9. Configure Modulation Profiles 10. Configure Upstream Parameters Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-4 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure 11. Configure Fiber Nodes 12. Put the Cable-MAC into Service 13. Local Authentication 14. Managing the CER 15. Configure Cable Filter Groups 16. Configure SNMP 17. Configure Clock 18. Miscellaneous Configurations 19. Save the Configuration 20. Cabling 21. Verify Back Office Systems 22. Verify CER Configuration 23. Verify Modem Registration 1. Install Cards, Rear PICs, and Filler Panels Install the modules, PICs, and filler panels in the chassis. The chassis hardware is configured as follows: • The chassis has 14 slots, numbered from 0-13 counting from left to right • Slots 6 and 7 are reserved for RSMs; slots 0-5 and 8-13 are for client cards • Any of the client slots can be equipped with a Downstream or Upstream CAM (DCAM or UCAM). In this example of a basic bring-up procedure a single cable-mac domain is created. It contains one service group that includes 8 downstream and 3 upstream channels. For this configuration example, an RSM is installed in Slot 6, a DCAM in slot 12, and a UCAM in slot 1. Refer to Figure 10-2 to view the sample configuration. Each of these modules requires a Physical Interface Card (PIC) mounted in the rear of the chassis. The PICs are different for each type of module. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-5 PRELIMINARY E6000 CER Release 1.0 B U B L C L A A A N M N K K 0 1 2 3 Basic Bring-up Procedure B B B B D B L L L L A A A N N N N C A A N M N K K K K K K K 4 5 6 7 8 9 10 11 12 13 B B B L L A A N N N K K B R L L S A A M L A Figure 10-2: E6000 CER Slot Diagram 2. Set Up Console Cable The operator console is necessary for the initial power up and configuring of the E6000 CER. You may use an asynchronous terminal or a PC with asynchronous terminal emulation software, such as HyperTerm or Teraterm. The E6000 CER is shipped with a black roll-over cable that has a 9-pin connector on one end and an RJ-45 connector on the other. The RJ-45 end plugs into the RS-232 port of the RPIC in the chassis rear. The other end plugs into a computer or terminal server. The default connection settings for the computer COM port are: • 9600 Baud • 8 data bits • No parity • 1-stop bit • Flow control Xon/Xoff Once a successful connection is made, you should get a login prompt. 3. Power Up the Chassis Issue 1.0, 4 Feb 2013 At this point, power up the chassis.The RSM is configured automatically and will come into service. As the E6000 CER is coming up, the system displays the system activity on the connected console terminal. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-6 PRELIMINARY E6000 CER Release 1.0 4. Configure Slots Basic Bring-up Procedure This example assumes the use of Annex B. Enter the following commands to provision the slots (the values shown are the defaults): configure slot 12 type dcam-b name "DCAM-B" configure slot 1 type ucam name "UCAM" 5. Configure RSM Ethernet Connections Enter the following CLI commands to configure the RSM management port: configure interface ethernet 6/0 no shutdown configure interface ethernet 6/0.0 ip address x.x.x.x y.y.y.y configure interface ethernet 6/0 no shutdown NOTE: The IPv4 address of the RSM management port is stored on the RSM, not on the RPIC. If the RSM is replaced, the new RSM must be configured with the correct IP address. Assign an IP address to the loopback interface and bring it into service: configure interface loopback 0 ip address x.x.x.x y.y.y.y Where: x.x.x.x represents the IP address y.y.y.y represents the network mask. configure interface loopback 0 no shutdown This example uses static routing. To apply a default route, enter: configure ip route 0.0.0.0 0.0.0.0 X.X.X.X Save the configuration to non-volatile memory: write memory 6. Out-of-Band Management (Optional) Issue 1.0, 4 Feb 2013 Out-of-band management requires a direct connection to the CER through Admin Port 0 (Ethernet) or the serial console port. Both of these interfaces are found on the RPIC. NOTE: Out-of-band management does not support all of the management protocols. If the CER is configured to use only outof-band management, then FTP server and client, Telnet server and client, and SNMP client gets and sets will be the only management protocols available. When out-of-band and in-band management are both configured and an accessgroup ACL is configured for in-band, then the protocols mentioned in this note will be simultaneously available on both the in-band and out-of-band management interfaces. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-7 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure Use the following commands to enable out-of-band management for management interface 6/0. This interface corresponds to the uppermost ethernet port on the RPIC. It is labeled Admin Port 0. configure interface mgmt 6/0 ip address x.x.x.x y.y.y.y configure interface mgmt 6/0 active ip x.x.x.x y.y.y.y configure ip route vrf management 0.0.0.0 0.0.0.0 y.y.y.y configure interface mgmt 6/0 no shutdown Save the configuration to non-volatile memory: write memory 7. Configure CableMAC Configure and assign the cable-mac: configure interface cable-mac 1 description "cable-mac 1" configure interface cable-mac 1 cable cm-ip-prov-mode ipv4only configure interface cable-mac 1 cable verbose-cm-rcp configure interface cable-mac 1 cable dynamic-rcc configure interface cable-mac 1 cable downstream-bonding-group dynamic enable configure interface cable-mac 1 cable upstream-bonding-group dynamic enable configure interface cable-mac 1 cable mult-tx-chl-mode configure interface cable-mac 1.0 ip address x.x.x.x y.y.y.y configure interface cable-mac 1.0 ip address x.x.x.x y.y.y.y secondary configure interface cable-mac 1.0 cable helper-address x.x.x.x 8. Configure Downstream Parameters This section configures a single DCAM in slot 12. In this example it has eight downstream channels, all assigned to connector 0. To configure the downstream interfaces, enter the following commands: configure interface cable-downstream 12/0/0 type docsis cable-mac 1 configure interface cable-downstream 12/0/1 type docsis cable-mac 1 configure interface cable-downstream 12/0/2 type docsis cable-mac 1 configure interface cable-downstream 12/0/3 type docsis cable-mac 1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-8 E6000 CER Release 1.0 PRELIMINARY Basic Bring-up Procedure configure interface cable-downstream 12/0/4 type docsis cable-mac 1 configure interface cable-downstream 12/0/5 type docsis cable-mac 1 configure interface cable-downstream 12/0/6 type docsis cable-mac 1 configure interface cable-downstream 12/0/7 type docsis cable-mac 1 To assign the downstream channels to a node, enter the following commands: configure interface cable-downstream 12/0/0 description "NodeABC" configure interface cable-downstream 12/0/1 description "NodeABC" configure interface cable-downstream 12/0/2 description "NodeABC" configure interface cable-downstream 12/0/3 description "NodeABC" configure interface cable-downstream 12/0/4 description "NodeABC" configure interface cable-downstream 12/0/5 description "NodeABC" configure interface cable-downstream 12/0/6 description "NodeABC" configure interface cable-downstream 12/0/7 description "NodeABC" This configuration assumes that Annex B is being used; therefore, each channel is 6 MHz wide. Assign frequencies to these downstream channels using the following commands: configure interface cable-downstream 12/0/0 cable frequency 651000000 configure interface cable-downstream 12/0/1 cable frequency 657000000 configure interface cable-downstream 12/0/2 cable frequency 663000000 configure interface cable-downstream 12/0/3 cable frequency 669000000 configure interface cable-downstream 12/0/4 cable frequency 675000000 configure interface cable-downstream 12/0/5 cable frequency 681000000 configure interface cable-downstream 12/0/6 cable frequency 687000000 configure interface cable-downstream 12/0/7 cable frequency 693000000 Bring the eight downstream channels into service: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-9 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure configure interface cable-downstream 12/0/0 no shutdown configure interface cable-downstream 12/0/1 no shutdown configure interface cable-downstream 12/0/2 no shutdown configure interface cable-downstream 12/0/3 no shutdown configure interface cable-downstream 12/0/4 no shutdown configure interface cable-downstream 12/0/5 no shutdown configure interface cable-downstream 12/0/6 no shutdown configure interface cable-downstream 12/0/7 no shutdown Set the power level for the DCAM: configure interface cable-downstream 12/0 cable power-level 490 9. Configure Modulation Profiles 10. Configure Upstream Parameters configure cable modulation-profile 16 tdma qam-16 configure cable modulation-profile 64 atdma qam-64 This section configures three upstream channels that are connected to a single node called “NodeABC”. Each upstream has a unique upstream channel ID and is supervised by all eight downstream channels. Configure the upstream channels and assign them to cable-mac 1: configure interface cable-upstream 1/0/0 cable cable-mac 1 configure interface cable-upstream 1/0/1 cable cable-mac 1 configure interface cable-upstream 1/0/2 cable cable-mac 1 Assign the upstream channels to a connector: configure interface cable-upstream 1/0/0 cable connector 0 configure interface cable-upstream 1/0/1 cable connector 0 configure interface cable-upstream 1/0/2 cable connector 0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-10 E6000 CER Release 1.0 PRELIMINARY Basic Bring-up Procedure Assign a node description to the upstream channels: configure interface cable-upstream 1/0/0 description "NodeABC" configure interface cable-upstream 1/0/1 description "NodeABC" configure interface cable-upstream 1/0/2 description "NodeABC" (Optional) Assign an ingress cancellation interval to the upstream channels: configure interface cable-upstream 1/0/0 cable ingress-cancellation interval 100 configure interface cable-upstream 1/0/1 cable ingress-cancellation interval 100 configure interface cable-upstream 1/0/2 cable ingress-cancellation interval 100 Assign frequencies to the upstream channels: configure interface cable-upstream 1/0/0 cable frequency 22000000 configure interface cable-upstream 1/0/1 cable frequency 29400000 configure interface cable-upstream 1/0/2 cable frequency 36200000 Assign downstream channel supervision to the upstream channels: configure interface cable-upstream 1/0/0 cable supervision 12/0/0 configure interface cable-upstream 1/0/0 cable supervision 12/0/1 configure interface cable-upstream 1/0/0 cable supervision 12/0/2 configure interface cable-upstream 1/0/0 cable supervision 12/0/3 configure interface cable-upstream 1/0/0 cable supervision 12/0/4 configure interface cable-upstream 1/0/0 cable supervision 12/0/5 configure interface cable-upstream 1/0/0 cable supervision 12/0/6 configure interface cable-upstream 1/0/0 cable supervision 12/0/7 configure interface cable-upstream 1/0/1 cable supervision 12/0/0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-11 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure configure interface cable-upstream 1/0/1 cable supervision 12/0/1 configure interface cable-upstream 1/0/1 cable supervision 12/0/2 configure interface cable-upstream 1/0/1 cable supervision 12/0/3 configure interface cable-upstream 1/0/1 cable supervision 12/0/4 configure interface cable-upstream 1/0/1 cable supervision 12/0/5 configure interface cable-upstream 1/0/1 cable supervision 12/0/6 configure interface cable-upstream 1/0/1 cable supervision 12/0/7 configure interface cable-upstream 1/0/2 cable supervision 12/0/0 configure interface cable-upstream 1/0/2 cable supervision 12/0/1 configure interface cable-upstream 1/0/2 cable supervision 12/0/2 configure interface cable-upstream 1/0/2 cable supervision 12/0/3 configure interface cable-upstream 1/0/2 cable supervision 12/0/4 configure interface cable-upstream 1/0/2 cable supervision 12/0/5 configure interface cable-upstream 1/0/2 cable supervision 12/0/6 configure interface cable-upstream 1/0/2 cable supervision 12/0/7 (Optional) Enable pre-equalization: configure interface cable-upstream 1/0/1.0 cable pre-eq-enable true configure interface cable-upstream 1/0/2.0 cable pre-eq-enable true NOTE: In the commands above pre-equalization is not enabled for the 1.0.0 upstream channel, which uses TDMA modulation. It is assumed that DOCSIS 1.x modems will be using that channel. It is also assumed that not all DOCSIS 1.x modems can support pre-equalization. Assign modulation profiles to the upstream channels: configure interface cable-upstream 1/0/0.0 cable modulation-profile 16 configure interface cable-upstream 1/0/1.0 cable modulation-profile 64 configure interface cable-upstream 1/0/2.0 cable modulation-profile 64 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-12 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure Channel 1/0/0 uses the default channel width, 3.2MHz. Configure the width of the other upstream channels: configure interface cable-upstream 1/0/1 cable channel-width 6400000 configure interface cable-upstream 1/0/2 cable channel-width 6400000 Bring the upstream channels into service: configure interface cable-upstream 1/0/0.0 no shutdown configure interface cable-upstream 1/0/1.0 no shutdown configure interface cable-upstream 1/0/2.0 no shutdown 11. Configure Fiber Nodes This section provides commands to configure the fiber node data and assign the channels that were defined in the previous procedures to those fiber nodes. Configure fiber node 1: configure cable fiber-node "NodeABC" configure cable fiber-node "NodeABC" cable-downstream 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 configure cable fiber-node "NodeABC" cable-upstream 1/0/0 1/0/1 1/0/2 12. Put the CableMAC into Service Use the following commands to put cable-mac 1 and slots 12 and 1 into service: configure interface cable-mac 1 no shutdown configure slot 12 no shutdown configure slot 1 no shutdown 13. Local Authentication To create a new user on the system, enter: configure enable password xxxx privilege 15 configure username xxxx password xxxx To enable local authentication: configure authentication ml1 local Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-13 PRELIMINARY E6000 CER Release 1.0 NOTE: Basic Bring-up Procedure Using the local parameter alone will remove the default local none parameter and make local authentication more secure. configure line vty 0 15 authentication ml1 login-authentication configure line vty 0 15 authentication ml1 enable-authentication 14. Managing the CER Managing consists of various system administration tasks such asaccounting, security, and configuration. This is accomplished through in-band or out-of-band management or both. Management functions use telnet, SSH, SNMP, and other protocols such as TOD, IPDR, DNS, TACACS, RADIUS, Syslog, NTP, and Event Messaging and COPS for PacketCable. In-band Management — This means that the telnet/ssh/snmp sessions are carried through the same interfaces that carry subscriber traffic. These are the Ethernet interfaces on the faceplate of the RSM card. The out-of-band interfaces use the Admin Ports (ethernet connectors) on the RPIC. Pro: Access Control Lists (ACLs) can be applied to increase security Con: In-band management uses the same interfaces as all the modem traffic. To provision in-band management, permit and define a standard ACL by entering: configure access-list 1 permit any configure interface ethernet 6/0 ip inband access-group 1 NOTE: 15. Configure Cable Filter Groups Out-of-band management does not support all of the management protocols. If the CER is configured to use only outof-band management, then FTP server and client, Telnet server and client, and SNMP client gets and sets will be the only management protocols available. When out-of-band and in-band management are both configured and an accessgroup ACL is configured for in-band, then the protocols mentioned in this note will be simultaneously available on both the in-band and out-of-band management interfaces. Assign subscriber management filter groups: configure cable submgmt default filter-group cm downstream 1 configure cable submgmt default filter-group cm upstream 2 configure cable submgmt default filter-group cpe downstream 3 configure cable submgmt default filter-group cpe upstream 4 configure cable submgmt default active Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-14 PRELIMINARY E6000 CER Release 1.0 16. Configure SNMP Basic Bring-up Procedure The following command sequence enables the Simple Network Management Protocol (SNMP) to work. For security purposes you should change community strings such as “public” and “private”. configure snmp-server community public security rotesting configure snmp-server community private security rwtesting configure snmp-server user rotesting rotesting v1 configure snmp-server user rwtesting rwtesting v1 configure snmp-server user rotesting rotesting v2c configure snmp-server user rwtesting rwtesting v2c configure snmp-server context "" configure snmp-server group rotesting v1 read docsisManagerView configure snmp-server group rwtesting v1 read docsisManagerView write docsisManagerView configure snmp-server group rotesting v2c read docsisManagerView notify docsisManagerView configure snmp-server group rwtesting v2c read docsisManagerView write docsisManagerView configure snmp-server view docsisManagerView 1.3.6.1 included configure snmp-server group rotesting v2c notify docsisManagerView configure snmp-server group rotesting v1 notify docsisManagerView 17. Configure Clock To set the network timing synchronization protocol, enter the following commands: configure ntp server x.x.x.x Where: x.x.x.x represents the IP address of the NTP server. configure clock timezone GMT configure clock network ntp For more information on the purpose and syntax of these commands, use the alphabetical Alphabetical List of CLI Commands to find links to the command reference page for each command. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-15 PRELIMINARY E6000 CER Release 1.0 18. Miscellaneous Configurations Basic Bring-up Procedure To enable protocol throttling for ARP and DHCP messages enter the following commands: configure cable proto-throttle arp configure cable proto-throttle dhcp To enable PacketCable Multimedia enter the following command: configure packetcable pcmm no shutdown Assign a time in seconds for removing (aging out) stale MAC addresses: configure aging stale-mac 86400 Assign an IP address to the syslog server: configure logging host x.x.x.x Enable remote querying of cable modems for the purpose of gathering performance statistics and define the time interval in seconds: configure cable modem remote-query 600 For more information on the purpose and syntax of these commands, go to the alphabetical Alphabetical List of CLI Commands to find links to the command reference page for each command. 19. Save the Configuration Write the configuration to memory to save the configurations: write memory Verification Steps This section provides the procedures to verify the results of this bring-up procedure. 20. Cabling Issue 1.0, 4 Feb 2013 In this step, the operator needs to connect the cables to the CAMs and RSM. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-16 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure 21. Verify Back Office Systems The provisioning servers and other Back Office servers and data collectors should be configured to allow for the first modem to receive IP and CM configurations. Since different offices use various provisioning servers and environments, this procedure is customer-specific and site-dependent. 22. Verify CER Configuration A number of commands can be used to verify the installation and configuration of the system at this point. Verify the slot provisioning by entering the following command to show the slot provisioning: show linecard status Show the fiber node database and the topology information: show cable fiber-node <name> Verify the MAC Domain configuration: show interface cable-mac <mac> Where: mac = The MAC identifier number. To display the supervisory downstream for the upstream, enter: show cable supervision 23. Verify Modem Registration For status on a specific cable modem, enter: show cable modem detail <mac address> To display the status of the bonding group for a given cable-mac, enter: show cable bonding-group-status cable-mac <int> Where: Issue 1.0, 4 Feb 2013 int = The static bonding group identifier. Range = 1-65535. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-17 PRELIMINARY E6000 CER Release 1.0 Basic Bring-up Procedure Use the following command to see the receive channel configuration status. For a more detailed report, use the verbose option: show cable rcc-status [verbose] For overall status of cable modems, enter: show cable modem summary For the status of the cable modems, enter: show cable modem To display the service groups, enter: show cable service-group Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 10-18 E6000 CER Release 1.0 PRELIMINARY 11 Control Complex Redundancy Control Complex Redundancy Overview 1 CCR Components 2 Configure Duplex RSM 3 Overview Control Complex Redundancy (CCR) ensures high reliability for system-wide Operations, Administration, Maintenance, and Provisioning (OAM&P), switching, and routing. The E6000™ Converged Edge Router supports both active/active and active/standby redundancy within the control complex. The active/active redundancy mode supports multiple instances of the same component that share the work load and operate concurrently. If one component fails or is removed from service, the other component takes over the entire work load. The data plane switch networks, Power Entry Modules (PEMs), and fan trays operate in the active/active mode. The active/standby redundancy mode, also known as duplex mode, provides 1+1 sparing or redundancy between multiple components with both provisioned and present.The component in the standby state is ready to take over the entire work load if the active component fails or is removed from service. The RSMs, Chassis Control Modules (CCMs), and Chassis Data Modules (CDMs) operate in the active/standby mode for the control plane. The redundant control complex components can also function in a simplex mode where only one of the components is present in the chassis. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 11-1 PRELIMINARY E6000 CER Release 1.0 Control Complex Redundancy Key characteristics of control complex redundancy include: • Reduced customer impact on any RSM, RSM Physical Interface Card (RPIC) or CCM failure (hardware or software) • Hot standby RSM with complete replication of configuration and customer data • Fault correlation between active and standby RSMs • Software infrastructure support for replication of software components between active and standby RSMs CCR Components RSM RPIC In the E6000 CER, the RSM and its associated RPIC make up a fault group. The RSM must detect its RPIC during initialization, or it will fail and reset itself. This will repeat until a good RPIC is detected. Once the RSM is in service, a failure or physical removal of the RPIC results in a RSM fault. See Chapter 5, Router System Module (RSM) for more information. • “Active” functionality includes processing control functions that include DHCP relay, Telnet and SNMP servers and Routing Protocols • “Standby” functionality includes maintaining state information such as ARP entries, route entries and CM database entries. The RPIC must be present and operational for the RSM to come into service for both simplex or duplex mode. It provides clocking information to the client cards and supports the RSM in controlling the CAM sparing relays. In simplex mode, removal of the RPIC results in: • A complete reset of the RSM and system failure • Client cards detecting the failure and eventually powering down In duplex mode, removal or failure of the active RPIC results in: • A failover or side-switch to the standby RSM and RPIC • The faulted RSM resets itself and tries to return to service Removal of the standby RPIC causes the standby RSM to reset and leaves the active RSM in simplex mode. NOTE: Issue 1.0, 4 Feb 2013 Routing protocols restart after an RSM failover. Convergence time varies based upon the specific network configuration. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 11-2 PRELIMINARY E6000 CER Release 1.0 CCM Control Complex Redundancy The Chassis Control Modules (CCMs) which reside in a vertical position on the right side of the chassis, operate as a redundant pair with active/standby status and support 1+1 sparing. These components are hot swappable. (For more information on the CCM, see Chassis Control Module (CCM) on page 4-14.) The CCMs: Power Entry Modules • Operate as a redundant pair with active/standby status for high availability • Are required (at least one) for the chassis to operate • Are under the direct control of the RSMs with the active RSM choosing the active CCM that will be active • Monitor the status of and control PEMs, fan trays, and the CDMs. The Power Entry Modules (PEMs) are redundant, pluggable components in the E6000 CER. Each chassis slot is powered by one of the power branches (see Power Entry Module (PEM) on page 4-12 for additional information), and all branches power multiple slots and/or fan trays. Both PEMs are active when present in the chassis, and each provides power to all nine power branches. Configure Duplex RSM This section provides information to add a control complex, or duplex RSM to your system. Procedure 11-1: Add a Control Complex (Change RSM from Simplex to Duplex) Use this procedure to add a redundant control complex. This procedure assumes that the original or simplex RSM is in service. NOTE: Ensure that your software is committed before starting this procedure. Use the reload commit command if necessary. CAUTION Do not insert the RSM module until instructed to do so later in this procedure. 1 Issue 1.0, 4 Feb 2013 Configure a second RSM slot: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 11-3 PRELIMINARY E6000 CER Release 1.0 Control Complex Redundancy configure slot x type rsm Where: x = either 6 or 7 for the RSM slot Note that in the E6000 CER, either RSM slot can be used for simplex or duplex operation. 2 Install the second RSM into the remaining slot. Connect the network-side interface cables for the data traffic. (See Chapter 5, Router System Module (RSM) for more details.) 3 Insert the RSM Physical Interface Card (RPIC) at the rear of the chassis. NOTE: 4 Each RSM must have an RPIC populated in order to go into the In-service state. Put RSM slot (either 6 or 7) in the administrative up state: configure slot x no shutdown Where: 5 x = either 6 or 7 for the appropriate RSM slot Save the duplex configuration to memory: write memory 6 Reset the chassis: NOTE: Both RSMs reboot which is necessary when going from simplex to duplex. configure reset system 7 Wait for both RSMs to go in-service. NOTE: If you are currently using telnet to access the RSM, you will be disconnected and have to log back in to the system. The RSM card is initialized automatically and come into service when inserted. 8 Verify that new RSM is standby: show linecard status 9 Save your configuration changes by entering: write memory — End of Procedure — NOTE: Issue 1.0, 4 Feb 2013 If you need to revert to a simplex chassis from duplex, you should first contact ARRIS Technical Support. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 11-4 PRELIMINARY E6000 CER Release 1.0 12 CAM Sparing CAM Sparing FlexCAM™ Hitless CAM Sparing 1 Guidelines for CAM Spare Groups 2 FlexCAM™ Hitless CAM Sparing CAM sparing minimizes traffic loss and customer impact in case of a hardware or software failure. When an active CAM in a sparegroup fails, the spare CAM automatically takes over. The cable modems that were connected to the upstream and downstream channels on the failed CAM are immediately connected to the spare CAM. This includes configuration of downstream and upstream channels and port administrative status. Cable modems do not have to re-register, and they incur minimal data loss. Failback from the spare CAM to a recovered CAM can be set to take place automatically or manually. Benefits of Hitless CAM Sparing CAM sparing is an important element of system reliability. The benefits of hitless CAM sparing include: • Uninterrupted service to the subscriber if a CAM goes down in the middle of a session where the end user is sending or receiving data • System administrators can take active CAMs out of service without serious impact • The spare CAM is used until the failed module is diagnosed, repaired, or replaced, or until there is a software recovery. The goal of CAM sparing is to preserve data flows such as voice calls, video, best effort, and other subscriber services. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-1 PRELIMINARY E6000 CER Release 1.0 CAM Sparing CAM Sparing PIC LEDs The spare-group leader CAMs are equipped with sparing PICs. Other CAM slots are equipped with regular PICs. All CAM PICs have a sparing indicator LED. The LED indicates if the CAM is being spared for (in the case of a regular CAM PIC) or if the spare CAM is actively sparing for a member of the spare group (in the case of a spare CAM PIC). In normal conditions all sparing LEDs are off. When a CAM in a spare-group fails, traffic is transferred to its spare-group leader. In this case, the sparing LEDs of the failed CAM PIC and of the spare-group leader CAM PIC are on. Definitions Failover — An active CAM fails and the spare CAM takes over Failback— The recovered CAM becomes active again, taking over for the spare. Size of Hitless CAM Spare-groups The E6000 CER supports CAM sparing within the following limits: Some Signal Loss during Failover • DCAM Up to 7:1 • UCAM Up to 5:1 When failover occurs the RF signal to/from the failed CAM is rerouted from the PIC of the failed CAM through the intervening PICs and backplane to the PIC of the now-active spare CAM. This longer path produces some signal loss. Although station maintenance begins immediately and compensates for the upstream loss, there is a period of at least a few seconds, depending on the number of modems supported, that the signal is weakened. Guidelines for CAM Spare Groups A spare-group consists of one spare CAM (the spare-group leader) and one or more active CAMs protected by the spare-group leader. Issue 1.0, 4 Feb 2013 • CAMs are not required to be part of a spare-group. • A CER provides hitless support for only one upstream and one downstream spare group. • Any DCAM can be used as spare-group leader, but it must be the first DCAM added to the group. The DCAM used as sparegroup leader must occupy the highest numbered slot of the group. • Any UCAM can be used as spare-group leader, but it must be the first UCAM added to the group. The UCAM used as sparegroup leader must occupy the lowest numbered slot of the group. • The spare-group must be homogenous: the group leader and all of the members of the spare-group must be the same type of CAM. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-2 PRELIMINARY E6000 CER Release 1.0 CAM Sparing • There can be an unspared CAM or an unpopulated front slot within a spare-group, but the rear slot must have the correct PIC in it. For example, slot 0 can be the upstream spare-group leader for slots 1, 2, 3, and 5, with slot 4 being either unpopulated or not added to any spare-group. In this case, rear slot 4 must be equipped with a UPIC. If it is not, a failover from CAM 5 to the spare-group leader in slot 0 would not succeed because traffic on UCAM 5 could not be re-routed through the UPICs from slot 5 to slot 0. • The spare-group leader must have a special Physical Interface Card called a sparing PIC. There are two types: Spare DPICs and Spare UPICs. • If you decide to turn a sparing leader slot into an active one, you may use the same CAM but you must replace the sparing PIC with a non-sparing PIC. • If a CAM has failed over to the sparing CAM, the CER does not accept the command to remove the failed CAM from the spare-group. You must first fail back to the original CAM, then you can remove it from the spare-group. • All the slots in a DCAM spare-group must be provisioned for the same annex. • CAM sparing groups can span slots 6 and 7, which are reserved for the RSMs. For example, there can be an upstream spare group comprising slots 4, 5, and 8; or a downstream spare group comprising slots 11, 10, 9, 8, 5, and 4. • Spare CAMs should be licensed for as many channels as are licensed on the highest licensed CAM in their spare groups. CAUTION If a spare UCAM or DCAM is licensed for fewer channels than the CAMs for which it is sparing and a failover occurs, then some of the channels that it is replacing may go Out Of Service (OOS). In addition, the channels that are licensed on the spare CAM may become overloaded as modems from the unlicensed channels attempt to re-register on them. To avoid loss of service, spare CAMs should be licensed for as many channels as the highest licensed CAM in the spare group. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-3 PRELIMINARY E6000 CER Release 1.0 CAM Sparing Configuration Example Figure 12-1 provides an example of a CER equipped with UCAMS and DCAMs arranged in sparing groups. Note that the UCAM sparegroup builds from left to right: its spare is the lowest-numbered CAM in the group. The DCAM spare-group builds from right to left: its spare is the highest-numbered CAM in the group. For the 4 + 1 UCAM and 6 + 1 DCAM sparing groups shown in Figure 12-1 you would need the following cards: • Five (5) UCAMs, one of which is used as the spare • Four (4) UPICs • One (1) Spare UPIC • Seven (7) DCAMs, one of which is used as the spare • Six (6) DPICs • One (1) Spare DPIC DCAM SPARE DCAM DCAM DCAM DCAM DCAM RSM RSM DCAM UCAM UCAM UCAM UCAM UCAM SPARE 0 1 2 3 4 5 6 7 8 9 10 11 12 13 Figure 12-1: Example of Upstream and Downstream Spare-groups (front view) Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-4 PRELIMINARY E6000 CER Release 1.0 CAM Sparing Figure 12-2: Same Example of CAM Sparing PICs As Seen from the Rear of the E6000 CER To configure the spare-groups shown in the example in Figure 12-1, you would use the commands shown in the procedure below. Procedure 12-1: Create CAM Spare-groups to Match Figure 12-1. Configure UCAM Sparing Automatic failback can reduce exposure to traffic loss because the spare CAM is restored to the standby state as soon as the faulty CAM comes back up. Manual failback allows you to defer the failback to a more convenient time, such as a maintenance window. 1 Provision the UCAM slots: CER# configure slot 0 type ucam name “Spare-UCAM” Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-5 PRELIMINARY E6000 CER Release 1.0 CAM Sparing CER# configure slot 1 type ucam name “UCAM” CER# configure slot 2 type ucam name “UCAM” CER# configure slot 3 type ucam name “UCAM” CER# configure slot 4 type ucam name “UCAM” 2 Configure an upstream spare-group with slot 0 as the spare-group leader and automatic failback: CER# configure slot 0 spare-group 0 auto CER# configure slot 1 spare-group 0 CER# configure slot 2 spare-group 0 CER# configure slot 3 spare-group 0 CER# configure slot 4 spare-group 0 Configure DCAM Sparing 3 All of the DCAMs in the spare-group must use the same annex. In this example Annex B has been chosen. Provision the DCAM slots: CER# configure slot 13 type dcam-b name “Spare DCAM” CER# configure slot 12 type dcam-b name “DCAM” CER# configure slot 11 type dcam-b name “DCAM” CER# configure slot 10 type dcam-b name “DCAM” CER# configure slot 9 type dcam-b name “DCAM” CER# configure slot 8 type dcam-b name “DCAM” CER# configure slot 5 type dcam-b name “DCAM” 4 Configure a downstream spare-group with slot 13 as the spare-group leader and automatic failback: CER# configure slot 13 spare-group 13 auto CER# configure slot 12 spare-group 13 CER# configure slot 11 spare-group 13 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-6 PRELIMINARY E6000 CER Release 1.0 CAM Sparing CER# configure slot 10 spare-group 13 CER# configure slot 9 spare-group 13 CER# configure slot 8 spare-group 13 CER# configure slot 5 spare-group 13 5 Confirm that the spare-groups have been created: E6-32# show spare-group Slot 0 1 2 3 4 5 8 9 10 11 12 13 Leader Slot 0 0 0 0 0 0 13 13 13 13 13 13 Mode auto auto Admin UP/Allowed Ports -/96 32/96 32/96 32/96 32/96 32/96 128/128 128/128 128/128 128/128 128/128 -/128 — End of Procedure — Procedure 12-2: How to Fail Back Manually If you have configured a CAM spare-group for manual failback, user traffic is handled by the spare CAM until it is manually forced back to the original CAM by doing a shutdown / no shutdown on the spare-group leader. 1 (If necessary) Display the CAM spare-groups: show spare-group Example output: Slot 0 1 2 Issue 1.0, 4 Feb 2013 Leader Slot 0 0 Mode auto Admin UP/Allowed Ports -/96 32/96 Verify the status of the spare-group leader and original CAM: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-7 PRELIMINARY E6000 CER Release 1.0 CAM Sparing show linecard status The original CAM must be IS (in-service) and Protected. The spare-group leader after a failover is IS and Active. Sample output: Chassis Type: E6000 Slot Description Admin State 0 UCAM Spare Up 1 UCAM Up 2 UCAM Up 3 UCAM Up 4 UCAM Up 5 UCAM Up 6 RSM A Up 7 RSM B Up 8 DCAM-B Up 9 DCAM-B Up 10 DCAM-B Up 11 DCAM-B Up 12 DCAM-B Up 13 DCAM-B Spare Up 3 Oper State IS IS IS IS IS IS IS IS IS IS IS IS IS IS Duplex State Standby Active Active Active Active Active Active Standby Active Active Active Active Active Standby Serial Number 12363CUP0011 12363CUP0023 12363CUP0004 12363CUP0021 12253CUP0028 12363CUP0013 12343RSM0006 12343RSM0022 12083CDN0003 12383CDN0018 12383CDN0021 12383CDN0008 12383CDN0010 12383CDN0022 HW Version Type UCAM-24096W/C03 UCAM-24096W/C03 UCAM-24096W/C03 UCAM-24096W/C03 UCAM-24096W/C03 UCAM-24096W/C03 RSM-08241W/C04 RSM-08241W/C04 DCAM-08256W/B04 DCAM-08256W/C04 DCAM-08256W/C04 DCAM-08256W/C04 DCAM-08256W/C04 DCAM-08256W/C04 Prov/Det UCAM/UCAM UCAM/UCAM UCAM/UCAM UCAM/UCAM UCAM/UCAM UCAM/UCAM RSM/RSM RSM/RSM DCAM/DCAM DCAM/DCAM DCAM/DCAM DCAM/DCAM DCAM/DCAM DCAM/DCAM Admin UP/ Allowed ports -/96 32/96 32/96 32/96 32/96 32/96 128/128 128/128 128/128 128/128 128/128 -/128 Force user traffic back to the original CAM by shutting down the spare-group leader: configure slot <slot> shutdown Where: 4 slot = the slot number of the spare-group leader Restore the CAM sparing leader to service: configure slot <slot> no shutdown Where: 5 slot = the slot number of the spare-group leader Verify the status of the spare-group leader and original CAM: show linecard status When synchronization is complete, the status of the spare-group leader should again be IS and Standby. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-8 PRELIMINARY E6000 CER Release 1.0 CAM Sparing Procedure 12-3: How to Delete a CAM Spare-group NOTES: 1 The CAM spare-group cannot be deleted if one of its CAMs has failed over to the sparing leader. If a CAM has failed over to the sparing CAM, the CER does not accept the command to remove the failed CAM from the spare-group. You must first fail back to the original CAM, then you can remove it from the spare-group. Delete a member of the spare-group: configure slot <member slot> spare-group <leader slot> no Repeat this command for each of the remaining CAMs in the spare-group. 2 Take the spare-group leader out of service: configure slot <leader slot> shutdown 3 Delete the spare-group leader: configure slot <leader slot> spare-group <leader slot> no 4 Display the spare-groups to confirm the deletion of the desired group: show spare-group — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 12-9 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved CAM Sparing PRELIMINARY 12-10 PRELIMINARY E6000 CER Release 1.0 13 Cable-side Configuration Cable-side Configuration MAC Domains 2 Upstream to Downstream Channel Association (Supervision) 13 Cable Plant Topology and Fiber Nodes 19 Service Group Determination and Display 24 Overview This chapter discusses the configuration of the logical components that allow the E6000 CER to provide service to the subscriber side of the CER. Once the Cable Access Modules (CAMs) and their channels have been configured, the E6000 CER must then be configured to use these channels. NOTE: Issue 1.0, 4 Feb 2013 For cable-side configuration to begin, it is assumed that the slots for all the operational CAMs have previously been configured. If not, refer to Chapter 11, Basic Bring-up Procedure for specifics. Additional information on provisioning the CAM cards can be found in Chapter 9, Downstream Cable Access Modules (DCAMs) and Chapter 10, Upstream Cable Access Modules (UCAMs). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-1 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration MAC Domains The MAC domain is a logical subcomponent of the E6000 CER that provides data forwarding services to a set of downstream and upstream channels. In DOCSIS, the MAC domain is the set of CMs that use a common set of upstream and downstream channels (at least 1 of each) linked together through a MAC forwarding entity of the E6000 CER. An E6000 CER can support multiple MAC domains; however, each downstream and each upstream channel of the E6000 CER can belong to only one MAC domain. DOCSIS Functions The concept of a MAC domain has been formalized in DOCSIS 3.0 to be an, “E6000 CER subcomponent object responsible for all DOCSIS functions on a set of Downstream Channels and Upstream Channels.” These DOCSIS functions include: • DOCSIS downstream packet data transmission services provided to an E6000 CER forwarder including: • - Service flow classification. - Subscriber management filtering. - Packet scheduling among one or more downstream channels to a CM. DOCSIS upstream packet data reception services provided to cable modems including: - • Generation and distribution of bandwidth allocation messages (MAPs) and upstream channel descriptors (UCDs) for each upstream channel of the MAC domain associated with the downstream channels of the MAC domain. This is known as upstream supervision in the E6000 CER. - Cable modem ranging. DOCSIS MAC Management message exchanges with CMs. Before a chassis can achieve DOCSIS operation, the MAC domain itself must be provisioned, as well as: Issue 1.0, 4 Feb 2013 • Several parameters of the MAC domain. • The association of each downstream and each logical upstream to the MAC domain. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-2 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration DOCSIS 3 Terminology Terminology that is common to DOCSIS 3.0 is defined in Table 13-1. Table 13-1: DOCSIS 3.0 Terms Term Definition Cable Modem Service Group (CM-SG) A service group may contain channels from multiple E6000 CERs, and therefore the SG may contain portions of multiple CM-SGs. The CM-SG is the portion of a service group’s channels that is managed from a single E6000 CER. The CM-SG is also an important DOCSIS 3.0 concept, but it is not directly used or represented in the E6000 CER provisioning. A Fiber Node can terminate one or more downstream carrier paths from the head-end and originates one or more upstream reverse carrier paths to the head-end. The FN connects the upstream and downstream signals from the fiber onto numerous coaxial Fiber Node (FN) cable segments. a All upstream and downstream channels of an E6000 CER must be assigned to the E6000 CER logical subcomponent called the MAC domain. A MAC domain manages both a group of channels, and the types of service that are carried on the channels. A service group may contain channels from multiple MAC domains to allow separate channels for different services. For example, residential data versus business data. MAC Domain A cable modem uses channels from and communicates with only one MAC domain at a time. A cable modem can only operate on channels that are part of the same MAC Domain. The subset of a CM-SG’s channels which are confined to a single MAC domain is called a MAC domain cable modem service group (MD-CM-SG). MAC Domain Cable Modem Service Group (MD-CM-SG) An MD-CM-SG differs from a CM-SG only if multiple MAC domains are represented in the same CM-SG. The E6000 CER will attempt to identify the MD-CM-SG identifier for each cable modem as it initializes. MD-CM-SGs are calculated automatically by the E6000 CER based on the channel-tofiber-node and channel-to-MAC-domain provisioning. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-3 PRELIMINARY E6000 CER Release 1.0 Term Cable-side Configuration Definition (Continued) The subset of downstream channels from an MD-CM-SG is a MAC domain downstream service group (MD-DS-SG). The downstream channels of a MD-DS-SG may be replicated (via RF splitter devices) across multiple MD-CM-SGs. In this case the MD-DS-SG is said to be a part of multiple MD-CM-SGs. MAC Domain Downstream Service Group (MD-DS-SG) The determination of the MD-DS-SG by the cable modem during a CM initialization is an important part of identifying the MD-CM-SG of a CM. MD-DS-SGs are calculated automatically by the E6000 CER based on the channel-tofiber-node and channel-to-MAC-domain provisioning. The subset of upstream channels from an MD-CM-SG is known as a MAC domain upstream service group (MD-US-SG). The upstream channels of a MD-US-SG may be shared (via RF combiner devices) across multiple MD-CM-SGs. In this case the MD-US-SG is said to be a part of multiple MDCM-SGs. MAC Domain Upstream Service Group (MD-US-SG) The determination of the MD-US-SG by the E6000 CER during a CM initialization is an important part of identifying the MD-CM-SG of a CM. MD-US-SGs are calculated (as read-only data) by the E6000 CER from the channel-to-fiber-node and channel-toMAC-domain provisioning. Once the sets of downstream channels and logical upstream channels that reach each MD-CM-SG have been determined, the E6000 CER will use this information to assign the proper channels to each cable modem. The set of upstream and downstream RF channels that connect to the fiber node is known as the SG. Service Group (SG) An SG is the set of upstream and downstream RF channels that can provide service to a single subscriber device. This could include channels from different DOCSIS MAC domains and even different E6000 CERs as well as video EQAMs. The SG is an important DOCSIS 3.0 concept, but it is not directly used or represented in the E6000 CER provisioning. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-4 PRELIMINARY E6000 CER Release 1.0 Term Cable-side Configuration Definition (Continued) The DOCSIS protocol has always employed the use of a downstream channel to carry the channel access control information for each upstream channel. This control information is carried in two messages: • The first is the Upstream Channel Descriptor, which contains information about the physical properties of an upstream channel. • The second is the MAP, a message which allocates upstream minislot transmission opportunities to individual cable modem requests. For any upstream channel, these two types of control messages are always transmitted on the same downstream channel. The E6000 CER CLI refers to the set of UCD and MAP messages sent to an upstream channel as upstream channel supervision. Upstream Channel Supervision In order to receive the upstream channel supervision for one upstream channel, a DOCSIS 3.0 CM locates the supervision on one of the downstream channels to which it is tuned and monitors that one downstream channel for the complete set of MAP and UCD messages. The DOCSIS 3.0 CM repeats this process for each of the upstream channels that have been assigned. The CM may find the supervision for different US channels on different DS channels. The CM may also find duplicate supervision for the same US on multiple DS channels. In such a case the CM chooses only one DS channel as the source of the supervision for that particular US channel. The E6000 CER allows the operator to provision any downstream channel to provide supervision for an upstream channel. a. Information source is CableLabs® CM-SP-MULPIv3.0-I15-110210 Specifications. Specifications The following MAC domain specifications apply for the E6000 CER: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-5 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration • MAC domains operate independently of one another. A direct result is that the scope of channel bonding is limited to the MAC domain • Each CM will utilize channels from only one MAC domain at a time. • Each downstream or upstream channel of an E6000 CER can be associated with exactly one MAC Domain. • The DCAM can support up to 8 MAC domains. • The UCAM can support up to 24 MAC domains. • A MAC domain must reside on a single UCAM and a single DCAM. MAC Domain Configuration The E6000 CER allows the creation of a MAC domain with more flexibility in terms of the allowed upstream and downstream channel mix. NOTE: There are several new DOCSIS 3.0 configuration items for these MAC domains. Many of these will impact the way that DOCSIS 3.0 CMs will initialize. MAC domains require upstream channels from a UCAM and downstream channels from a DCAM. These MAC domains may be created and removed by means of CLI commands. See Table 13-2 for a summary view of the applicable commands. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 13-2: MAC Domain Configuration Commands Description Command configure interface cable-mac <MAC-ID> cable description <text> [no] This command configures a MAC domain interface to be used Example commands: with channels from a UCAM or DCAM. configure interface cable-mac 1 description "MAC-DOMAIN 1" Use the [no] option to remove the cable-mac interface for the configure interface cable-mac 2 description "MAC-DOMAIN 2" configure interface cable-mac 3 description "MAC-DOMAIN 3" specified MAC ID, configure interface cable-mac 4 description "MAC-DOMAIN 4" Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-6 PRELIMINARY E6000 CER Release 1.0 Description Cable-side Configuration Command (Continued) This command configures the IP protocol mode to be used by configure interface cable-mac <MAC-ID> cable cm-ip-prov-mode [<apm> | <ipv6only> | <ipv4only>][no] the cable modems served by this MAC domain. Use the [no] option to remove the specified cable modem IP provisioning Example command: configure interface cable-mac 3 cable cm-ip-prov-mode apm This command enables cable modem status event reporting by configure interface cable-mac <MAC-ID> cable cm-status enabled [no] the cable modems served by the MAC domain. Example command: Use the [no] option to disable the signaling of the CM-Status configure interface cable-mac 3 cable cm-status enabled Event reporting mechanism, This command enables the E6000 CER to use IP Multicast DSID-based Forwarding (MDF) to cable modems in the MAC domain. configure interface cable-mac <MAC-ID> cable mcast-fwd-by-dsid [no] Use the [no] option to disable IP MDF on the specified cablemac, configure interface cable-mac 3 cable mcast-fwd-by-dsid This command configures the interval (in milliseconds) between successive transmissions of the MAC domain descriptor message (MDD) within the MAC domain. Example command: configure interface cable-mac <MAC-ID> cable mdd-interval <int> [no] Example command: configure interface cable-mac 3 cable mdd-interval 150 Use the [no] option to remove the insertion interval. This command enables the CMs to operate on multiple downstreams within the MAC domain. This is called multiple receive channel mode. configure interface cable-mac <MAC-ID> cable mult-rx-chl-mode [no] NOTE: Multiple receive channel mode must be enabled before multiple transmit channel mode may be enabled. Example command: configure interface cable-mac 3 cable mult-rx-chl-mode Use the [no] option to disable CMs from operating on multiple downstreams within the MAC domain. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-7 PRELIMINARY E6000 CER Release 1.0 Description Cable-side Configuration Command (Continued) This command configures CMs to operate on multiple upstreams within the MAC domain. configure interface cable-mac <MAC-ID> cable mult-tx-chl-mode [no] Example command: Use the [no] option to disable CMs from operating on multiple configure interface cable-mac 3 cable mult-tx-chl-mode upstreams within the MAC domain. This command configures an override value (in seconds) for the T6 timer in the CM that runs while awaiting a response to configure interface cable-mac <MAC-ID> cable reg-rsp-timer-t6 <time> [no] a registration request). The E6000 CER also uses this timer when multiple downstream channel mode is enabled, but not Example command: multiple transmit channel mode. configure interface cable-mac 3 cable mult-tx-chl-mode Use the [no] option to return to the default setting, Additional Related MAC Domain Commands Additional configure interface cable-mac configuration commands that are pertinent to the MAC Domain are listed and described in Chapter 44, Command Line Descriptions. Channel to MAC Domain Association Channels in the E6000 CER must be assigned to a MAC domain in order to provide service. The MAC domain uses the channels to transport signaling and data to the CMs. NOTE: CAM Channel Mapping Issue 1.0, 4 Feb 2013 The E6000 CER will automatically assign a default channel ID for each channel, but the user may also provision a channel ID (DCID for DCAM or UCID for UCAM) to the channel for use in channel signaling. Table 13-3 (that follows) provides a view of the UCAM and DCAM as regards to MAC Domains and: • Default and purchased licensed channels. • UCAM connector groups. • DCAM physical connectors. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-8 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Table 13-3: MAC Domain CAM Channel Mapping MAC Domains UCAM Channels 1 4 2 4 3 4 16 4 4 16 16b 5 4 16 16 4 6 4 16 16 5 7 4 8 4 9 10 11 UCAM Connector Group 0 1 DCAM Annex A DCAM Annex B DCAM Connector 16 16 0 16 16 1 16 2 a 3 16 16 6 16 16 7 4 16 16 0 4 16 16 1 16 2 4 12 4c 13 4 14 4 15 16 17 4 18 4 19 4 20 4 21 2 3 16 a 16 16b 16 16 4 16 16 5 4 16 16 6 4 16 16 7 16 16 0 16 16 1 16 2 4 5 16 a 3 16 16b 4 16 16 4 22 4 16 16 5 23 4 16 16 6 24 4 16 16 7 6 7 3 a. An Annex A DCAM by default is provided with 48 operational channels (connectors 0-2). An additional 80 channels (up to a total of 128) may be activated through the purchase of license keys. b. An Annex B DCAM by default is provided with 64 operational channels (connectors 0-3). An additional 64 channels (up to a total of 128) may be activated through the purchase of license keys. c. A UCAM by default is provided with 48 operational channels (connector groups 0-3). An additional 48 channels (up to a total of 96) may be activated through the purchase of license keys. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-9 PRELIMINARY E6000 CER Release 1.0 MAC Domain CLI Commands Cable-side Configuration The commands in Table 13-4 bind a logical upstream or downstream channel with a MAC Domain. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 13-4: MAC Domain Channel Association Description Command configure interface cable-downstream <slot>/<connector>/<dport> [type <port_type>] [cable-mac <MAC-ID>] Example commands: configure configure configure configure This command serves as follows: • • cable-downstream cable-downstream cable-downstream cable-downstream 12/0/0 12/0/1 12/0/2 12/0/3 type type type type docsis docsis docsis docsis cable-mac cable-mac cable-mac cable-mac 1 1 1 1 Sets the downstream channel type. • Associates a downstream channel from a DCAM with • a logical MAC domain. configure interface cable-downstream 12/0/8 type docsis cable-mac 1 configure configure configure configure configure configure configure Use the [no] option to remove a downstream channel from a specific cable-mac (MAC Domain). NOTE: interface interface interface interface interface interface interface interface interface interface interface cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/0/9 type docsis cable-mac 1 12/0/10 type docsis cable-mac 1 12/0/11 type docsis cable-mac 1 12/0/12 type docsis cable-mac 1 12/0/13 type docsis cable-mac 1 12/0/14 type docsis cable-mac 1 12/0/15 type docsis cable-mac 1 configure interface cable-downstream <slot>/<connector>/<dport> no Example command: It will also be necessary to shutdown the downstream channel first before it can be removed configure interface cable-downstream 12/0/0 no from the MAC domain. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-10 PRELIMINARY E6000 CER Release 1.0 Description Cable-side Configuration Command (Continued) configure interface cable-upstream <slot>/<connector-group>/<uport> cable cable-mac <MAC-ID> Example commands: configure interface cable-upstream 3/0/0 cable cable-mac 1 This command associates an upstream channel from a UCAM configure interface cable-upstream 3/0/1 cable cable-mac 1 configure interface cable-upstream 3/0/2 cable cable-mac 1 with a logical MAC domain. configure interface cable-upstream 3/0/3 cable cable-mac 1 • • configure interface cable-upstream 3/0/10 cable cable-mac 1 configure interface cable-upstream 3/0/11 cable cable-mac 1 Use the [no] option to remove an upstream channel from a specific cable-mac (MAC Domain). configure interface cable-upstream <slot>/<connector>/<uport> cable cable-mac no NOTE: Example command: It will also be necessary to shutdown the upstream channel first before it can be removed from the MAC domain. This command can be used to assign a user-provisioned channel ID to an upstream channel. If this command is not used, the system assigns a default channel ID to each upstream channel. See also Channel Assignment Considerations on page 13-12. NOTE: The channel ID can only be in the range 1-255 configure interface cable-upstream 3/0/0 cable cable-mac no configure interface cable-upstream <slot>/<connector-group>/<uport> cable channel-id <int> Example commands: configure interface cable-upstream 3/0/0 cable channel-id 1 configure interface cable-upstream 3/0/1 cable channel-id 2 • • An assigned upstream channel ID must not be assigned to any configure interface cable-upstream 3/0/10 cable channel-id 11 other logical channel on the UCAM. The E6000 CER will autoconfigure interface cable-upstream 3/0/11 cable channel-id 12 matically do this. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-11 PRELIMINARY E6000 CER Release 1.0 Description Command (Continued) This command can be used to assign a user-provisioned channel ID to an downstream channel. If this command is not used, the system assigns a default channel ID to each downstream channel. See also Channel Assignment Considerations on page 13-12. NOTE: Cable-side Configuration The channel ID can only be in the range 1-255 configure interface cable-downstream <slot>/<connector>/<dport> cable channel-id <int> Example commands: configure interface cable-downstream 12/0/0 cable channel-id 97 configure interface cable-downstream 12/0/1 cable channel-id 98 • • An assigned downstream channel ID must not be assigned to configure interface cable-downstream 12/0/14 cable channel-id 111 any other logical channel on the DCAM. The E6000 CER will configure interface cable-downstream 12/0/15 cable channel-id 112 automatically do this. Channel Assignment Considerations Prior to assigning a channel ID the following needs to be considered: 1 Before assigning a channel ID, the upstream or downstream channel, as well as the MAC domain must be shutdown. 2 The shutdowns would be accomplished by the commands shown in the following example: NOTE: To change the channel ID of an upstream, the upstream's logical channel 0 (<slot>/<connector>/<uport>.0) must be shutdown, as shown in the example. configure interface cable-upstream 3/0/0.0 shutdown configure interface cable-mac 1 shutdown configure interface cable-downstream 12/0/0 shutdown configure interface cable-mac 1 shutdown 3 Issue 1.0, 4 Feb 2013 The channel ID can now be changed. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-12 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Upstream to Downstream Channel Association (Supervision) For each logical upstream channel, DOCSIS requires that certain signaling information be carried downstream to the CM population. Upstream Channel Descriptor Messages This signaling consists of Upstream Channel Descriptor (UCD) messages that contain: • Parameters that help the CMs to find and utilize the channel. • Bandwidth allocation (MAP) messages that tell a CM when it can transmit upstream. Together, for the purposes of provisioning, these two types of signaling are referred to as supervision. Supervision Supervision for each upstream channel in the MAC domain must be carried on one or more downstream channels in the MAC Domain. Provisioning Supervision can be either provisioned by the operator or it will be automatically inserted on primary-capable downstreams by the E6000 CER. If you want to be certain that all legacy cable modems can register on all downstream-upstream combinations, then you must manually provision cable supervision. NOTE: Guidelines Issue 1.0, 4 Feb 2013 ARRIS recommends that you manually provision all cable supervision. The following supervision guidelines apply: • Removing the last supervision assignment for a logical upstream channel will result in the upstream going to the administrative “down” state. • For an upstream channel to be in-service, there must be at least one downstream channel in-service that is providing it with supervision. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-13 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration CAUTION The supervision for at least one upstream channel that is associated with a fiber node must be carried on at least one primarycapable downstream channel that is also associated with that fiber node. Otherwise, CMs cannot initialize at the fiber node. Fiber nodes with this problem will show up on the "show cable fiber-node not-valid" output. Supervision CLI Commands The commands in Table 13-5 configure supervision, and display slot and channel supervision information. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 13-5: Supervision Related Commands Description Command This command controls the assignment of supervision from a logical upstream channel to a downstream channel. At least one, and as many as 16 downstream channels can be configure interface cable-upstream <slot>/<connector-group>/<uport> cable assigned to carry the supervision for 12 individual upstream supervision <slot>/connector/<dport> [no] channels. For minimum redundancy at least two downstream See also Supervision Configuration. channels should be assigned. Use the [no] option to disable supervision on the specified downstream port, show cable supervision Show all supervision assignments in the system. See also Display System Supervision. Show only the supervision associated with one MAC domain. Show only supervision associated with one slot. Issue 1.0, 4 Feb 2013 show cable supervision cable-mac <mac-id> See also Display Supervision for One MAC Domain. show cable supervision slot <slot-num> See also Display Supervision for One Slot. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-14 PRELIMINARY E6000 CER Release 1.0 Supervision Configuration The following command examples depict the configured channel supervision relationship between a UCAM in slot 3 and a fully licensed DCAM in slot 12: configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure Issue 1.0, 4 Feb 2013 Cable-side Configuration interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/0/0 3/0/0 3/0/0 3/0/0 3/0/1 3/0/1 3/0/1 3/0/1 3/0/2 3/0/2 3/0/2 3/0/2 3/0/3 3/0/3 3/0/3 3/0/3 3/0/4 3/0/4 3/0/4 3/0/4 3/0/5 3/0/5 3/0/5 3/0/5 3/0/6 3/0/6 3/0/6 3/0/6 3/0/7 3/0/7 3/0/7 3/0/7 3/0/8 3/0/8 3/0/8 3/0/8 3/0/8 3/0/8 3/0/8 3/0/8 3/0/9 3/0/9 cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision supervision © 2013 ARRIS Group, Inc. — All Rights Reserved 12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 12/0/4 12/0/5 12/0/6 12/0/7 12/0/4 12/0/5 12/0/6 12/0/7 12/0/4 12/0/5 12/0/6 12/0/7 12/0/8 12/0/9 12/0/10 12/0/11 12/0/12 12/0/13 12/0/14 12/0/15 12/0/8 12/0/9 PRELIMINARY 13-15 PRELIMINARY E6000 CER Release 1.0 configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure Cable-side Configuration interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/0/9 cable supervision 12/0/10 3/0/9 cable supervision 12/0/11 3/0/9 cable supervision 12/0/12 3/0/9 cable supervision 12/0/13 3/0/9 cable supervision 12/0/14 3/0/9 cable supervision 12/0/15 3/0/10 cable supervision 12/0/8 3/0/10 cable supervision 12/0/9 3/0/10 cable supervision 12/0/10 3/0/10 cable supervision 12/0/11 3/0/10 cable supervision 12/0/12 3/0/10 cable supervision 12/0/13 3/0/10 cable supervision 12/0/14 3/0/10 cable supervision 12/0/15 3/0/11 cable supervision 12/0/8 3/0/11 cable supervision 12/0/9 3/0/11 cable supervision 12/0/10 3/0/11 cable supervision 12/0/11 3/0/11 cable supervision 12/0/12 3/0/11 cable supervision 12/0/13 3/0/11 cable supervision 12/0/14 3/0/11 cable supervision 12/0/15 3/1/0 cable supervision 12/1/0 3/1/0 cable supervision 12/1/1 interface interface interface interface interface interface interface interface cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 • • configure configure configure configure configure configure configure configure Display System Supervision cable cable cable cable cable cable cable cable supervision supervision supervision supervision supervision supervision supervision supervision 12/7/8 12/7/9 12/7/10 12/7/11 12/7/12 12/7/13 12/7/14 12/7/15 The following command example displays a view of cable supervision as regards to the entire system: show cable supervision An output similar to the following example would result: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-16 PRELIMINARY E6000 CER Release 1.0 MAC ----1 1 1 1 1 1 1 1 1 1 • US ---------3/0/0 3/0/0 3/0/0 3/0/0 3/0/1 3/0/1 3/0/1 3/0/1 3/0/2 3/0/2 DS -------12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 Cable-side Configuration Method ----------Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned • 12 12 12 12 12 12 12 12 Display Supervision for One MAC Domain 4/3/11 4/3/11 4/3/11 4/3/11 4/3/11 4/3/11 4/3/11 4/3/11 13/3/8 13/3/9 13/3/10 13/3/11 13/3/12 13/3/13 13/3/14 13/3/15 Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned The following command example displays a view of cable supervision for one MAC domain: show cable supervision cable-mac 3 An output similar to the following example would result: MAC ----3 3 3 3 3 3 • US ---------3/2/0 3/2/0 3/2/0 3/2/0 3/2/1 3/2/1 DS -------12/2/0 12/2/1 12/2/2 12/2/3 12/2/0 12/2/1 Method ----------Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned 3/2/11 3/2/11 3/2/11 3/2/11 3/2/11 12/2/11 12/2/12 12/2/13 12/2/14 12/2/15 Provisioned Provisioned Provisioned Provisioned Provisioned • 3 3 3 3 3 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-17 PRELIMINARY E6000 CER Release 1.0 Display Supervision for One Slot Cable-side Configuration The following command example displays a view of cable supervision for one chassis slot: show cable supervision slot 12 An output similar to the following example would result: MAC ----1 1 1 1 1 1 1 1 1 1 • US ---------3/0/0 3/0/0 3/0/0 3/0/0 3/0/1 3/0/1 3/0/1 3/0/1 3/0/2 3/0/2 DS -------12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 12/0/2 12/0/3 12/0/0 12/0/1 Method ----------Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 3/7/11 12/7/8 12/7/9 12/7/10 12/7/11 12/7/12 12/7/13 12/7/14 12/7/15 Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned Provisioned • 8 8 8 8 8 8 8 8 NOTE: Issue 1.0, 4 Feb 2013 The output provided for command execution on slot 3 would be the same. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-18 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Cable Plant Topology and Fiber Nodes The E6000 CER is responsible for assigning an upstream Transmit Channel Configuration (TCC) and a downstream Receive Channel Configuration (RCC) to each cable modem that is capable of supporting them. DOCSIS 3.0 provides for the flexible assignment of multiple upstream or downstream channels to carry a single packet flow. As a result, the E6000 CER is required to provide enhanced tracking of the cable plant topology than was previously necessary for earlier DOCSIS phases. Specifically, the E6000 CER must be aware of which upstream and downstream channels reach each cable modem. The following steps are necessary to achieve this tracking functionality: • Provisioning of fiber nodes in the cable plant • Provisioning of channels to MAC domains (see Channel to MAC Domain Association) • Provisioned assignment of upstream and downstream channels to fiber nodes • Assignment of primary capability to downstream channels Fiber Node Configuration A fiber node in an HFC plant is a point of interface between a fiber trunk and the coaxial distribution. In terms of network topology, it is the common point of aggregation of all of the coaxial branches. In other words, it is the equipment at which all CMs associated with the fiber node will receive the same set of downstream frequencies and will be able to transmit on the same set of upstream frequencies. It is convenient when setting up an HFC network to plan the channel allocation from an E6000 CER to a fiber node in a fiber node combining (and splitting) plan. NOTE: Fiber Node CLI Commands Issue 1.0, 4 Feb 2013 Some operators may combine two nodes so that both are delivered to the same upstream connector at the E6000 CER. In this case, you only need to enter in one fiber-node command on the E6000 CER, since the two nodes share the same interfaces. The commands in Table 13-6 manage fiber node names and descriptions. For more information on these CLI commands see Chapter 44, Command Line Descriptions. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-19 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Table 13-6: Fiber Node Configuration Commands Description Command This command assigns a name to a fiber node. configure cable fiber-node <fn-name> [no] Use the [no] option to remove a fiber node with no associated channels. If there are associated channels, this command will See also Create/Remove Fiber Node Name. fail. This command provides a textual description of a fiber node. configure cable fiber-node <fn_name> description <fn_description> [no] Use the [no] option to remove a description. See also Add/Remove Fiber Node Name Description. This command disassociates all channels from a fiber node, and then forces the removal of the fiber node itself. configure cable fiber-node <fn_name> force no Create/Remove Fiber Node Name See also Force Removal of Fiber Node. The following command example creates a fiber node named FN1: configure cable fiber-node FN1 The following command example is used to remove a fiber node named FN1: configure cable fiber-node FN1 no Add/Remove Fiber Node Name Description The following command example adds a description to a fiber node named FN1: configure cable fiber-node FN1 description “Fiber-Node 1” The following command example removes the description from a fiber node named FN1: configure cable fiber-node FN1 description no Force Removal of Fiber Node Issue 1.0, 4 Feb 2013 The following command example disassociates all channels from a fiber node, and then forces the removal of the fiber node itself: configure cable fiber-node FN1 force no © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-20 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Channel to Fiber Node Configuration Once a fiber node has been created, the physical channels assigned to the fiber node must be configured so that the E6000 CER has an accurate understanding of the channels that may be used by each CM. Channel to Fiber Node Commands The commands in Table 13-7 provide channel to fiber node configuration. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 13-7: Channel to Fiber Node Configuration Commands Description Command This command assigns downstream channels to the fiber node. configure cable fiber-node <fn_name> cable-downstream <slot>/<connector-group>/<dport> [no] Use the [no] option to remove a downstream channel from the fiber node. See also Assign Downstream Channels to Fiber Node. configure cable fiber-node <fn_name> cable-upstream <slot>/<connector-group>/<uport> [no] This command assigns upstream channels to the fiber node. Use the [no] option to remove a downstream channel from the fiber node. See also Assign Upstream Channels to Fiber Node. Assign Upstream Channels to Fiber Node The following command examples assign upstream channels to a fiber node: configure configure configure configure configure configure configure configure configure configure configure configure cable cable cable cable cable cable cable cable cable cable cable cable fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node FN1 FN1 FN1 FN2 FN2 FN2 FN3 FN3 FN3 FN4 FN4 FN4 cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream cable-upstream 3/0/0 3/0/1 3/0/2 3/0/3 3/0/4 3/0/5 3/0/6 3/0/7 3/0/8 3/0/9 3/0/10 3/0/11 It is not necessary to use a separate command for each channel that you assign to a fiber node. You can add several channels on one command line, shown as follows: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-21 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration configure cable fiber-node FN3 cable-upstream 3/0/6-8 configure cable fiber-node FN4 cable-upstream 3/0/9-11 Assign Downstream Channels to Fiber Node The following command examples assign downstream channels to a fiber node: configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node fiber-node FN1 FN1 FN1 FN1 FN2 FN2 FN2 FN2 FN3 FN3 FN3 FN3 FN4 FN4 FN4 FN4 cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream cable-downstream 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 12/0/8 12/0/9 12/0/10 12/0/11 12/0/12 12/0/13 12/0/14 12/0/15 It is not necessary to use a separate command for each channel that you assign to a fiber node. You can add several channels on one command line, shown as follows: configure cable fiber-node FN4 cable-downstream 12/0/12-15 Cable Modem Timing, Supervision, and Messaging Before it can initialize, each cable modem (of any DOCSIS version) requires a downstream channel that carries the following: • SYNC messages (for system timing) • Supervision information for at least one upstream channel In addition, a DOCSIS 3.0 CM requires the following, in order to register with multiple receive channel mode: Issue 1.0, 4 Feb 2013 • Detailed (lengthy) MDD messages • MAP messages and UCD messages for all upstream channels which will be used in ambiguity resolution © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-22 PRELIMINARY E6000 CER Release 1.0 Primary-Capable Downstream Channel Cable-side Configuration A downstream channel that provides all of the aforementioned timing, supervision, and messaging information is known as a primary-capable downstream channel. Such a downstream channel is capable of becoming a cable modem’s single primary downstream channel which it will use to derive all timing for system access in the upstream direction. Because primary-capable downstream channels are the only downstream channels that carry timing information, they are also the only downstream channels that pre-3.0 DOCSIS cable modems can use for service. Therefore, primary-capable downstream channels can be expected to carry slightly more overhead traffic than non-primary-capable downstream channels. NOTE: The MSO should ensure that it has configured enough primary-capable channels to support legacy CMs. Each MD-DS-SG must contain at least one primary-capable downstream channel so that CMs can register and operate. The MSO may also wish to configure more than one DS to be primary-capable if there is a large number of pre-3.0 CMs. However, all DOCSIS 3.0 CMs are capable of using non-primary-capable downstreams for any type of data service that they can provide. Configure Primary Capability The command in Table 13-8 is used to configure primary-capability for downstream channels. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 13-8: Primary Capability Configuration Command Description Command This command configures a downstream channel as primary capable. configure interface cable-downstream <slot>/<connector-group>/<dport> cable primary-capable [no] Example command: Use the [no] option to remove primary capability from a downconfigure interface cable-downstream 12/0/0 cable primary-capable stream channel. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-23 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Service Group Determination and Display Once channels have been assigned to both the MAC Domain and the fiber nodes, the E6000 CER can automatically assign group IDs to channels based upon common HFC plant connection topology. MAC Domain Each MAC domain independently defines its own: • MD-CM-SGs • MD-DS-SGs • MD-US-SGs As a result, different MAC Domains that reach the same set of fiber nodes may have channels that are split/combined in a manner such that the channel grouping boundaries do not match up. These groupings can then be used by the E6000 CER to determine the channels that are available for each fiber node (and ultimately each CM) to use. NOTE: A channel is included in service group calculations only when the channel is operationally up. Channel Sets DOCSIS 3.0 provides a construct called a channel set to denote groupings of channels in the same direction from the same MAC domain. These channel sets consist of a MAC-domain-unique channel set identifier and a list of either Upstream Channel IDs (UCIDs) or Downstream Channel IDs (DCIDs), depending on the direction of the channels. A channel set may be referenced by many different application contexts that require the grouping all at once. If a channel set contains only one channel ID, then the channel ID is used as the channel set ID. The E6000 CER automatically creates and destroys channel sets as needed. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-24 PRELIMINARY E6000 CER Release 1.0 Cable-side Configuration Channel Set Assignment for Service Group Channels As the E6000 CER determines the service groups (MD-DS-SG, MD-US-SG, and MD-CM-SG), it creates and assigns a channel set for the channels that comprise the service group. Show CLI Commands The commands in Table 13-9 provide various display views for fiber node and service group related information. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 13-9: Fiber Node and Service Group Show Information Description Command show cable channel-sets This command displays all channel sets in the system. See also Display All System Channel Sets. show cable channel-sets ds This command displays entries of downstream channel sets only. See also Display Downstream Channel Sets This command displays entries of upstream channel sets only. show cable channel-sets us See also Display Upstream Channel Sets. show cable channel-sets [cable-mac <int>] This command displays entries of a specified MAC domain. See also Display Specific MAC Domain Channel Sets This command displays filtered results that show only entries with channels from a specified MD-CM-SG. show cable channel-sets [channel-set-id <word>] This command displays all configuration values, including single channel sets. show cable channel-sets full See also Display Specific Channel Set ID. See also Display All Channel Set Configuration Values This command displays all system fiber nodes and their associ- show cable fiber-node ated service groups and ports. See also Display All System Fiber Nodes. This command displays results for a specific fiber node. Issue 1.0, 4 Feb 2013 show cable fiber-node [<fn_name>] See also Display Specific Fiber Node. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-25 PRELIMINARY E6000 CER Release 1.0 Description Cable-side Configuration Command (Continued) This command displays fiber nodes for all ports including ones show cable fiber-node [detail] with problems. See also Display All System Fiber Nodes (Detail). This command displays only fiber nodes that have problems. show cable fiber-node [not-valid] This command displays only fiber nodes with channels from a show cable fiber-node [cable-mac <mac-id>] specified MAC domain. See also Display Specific MAC Domain Fiber Nodes. This command displays only fiber nodes with channels from a show cable fiber-node [mCMsg <INT>] specified MD-CM-SG. See also Display Specific MD-CM-SG Fiber Nodes. This command displays only fiber nodes with channels from a show cable fiber-node [mDSsg <INT>] specified MD-DS-SG. See also Display Specific MD-DS-SG Fiber Nodes. This command displays only fiber nodes with channels from a show cable fiber-node [mUSsg <INT>] specified MD-US-SG. See also Display Specific MD-US-SG Fiber Nodes. This command displays the identities of all the service groups show cable service-group associated with the cable-mac. See also Display All Cable-mac Service Groups. This command displays the identities of all the service groups show cable service-group [cable-mac <int>] associated with a specific cable-mac. See also Display Specific Cable-mac and Service Groups. This command displays the identities of the cable-mac and service groups associated with a specific MD-CM-SG. show cable service-group [mCMsg <int>] This command displays the identities of the cable-mac and service groups associated with a specific MD-DS-SG. show cable service-group [mDSsg <int>] This command displays the identities of the cable-mac and service groups associated with a specific MD-US-SG. show cable service-group [mUSsg <int>] Display All System Channel Sets See also Display Specific MD-CM-SG Service Group. See also Display Specific MD-DS-SG Service Group. See also Display Specific MD-US-SG Service Group. The following command example displays all system channel sets: show cable channel-sets An output similar to the following example will occur: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-26 PRELIMINARY E6000 CER Release 1.0 Cable -mac ----1 1 1 1 Display Downstream Channel Sets chSetId DS/US Channel Set ---------- ----- ----------------------------------------------0x00000100 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x01000001 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x00000100 US 3/0/0 3/0/1 3/0/2 3/0/3 0x01000001 US 3/0/0 3/0/1 3/0/2 3/0/3 The following command example displays all downstream channel sets: show cable channel-sets ds An output similar to the following example will occur: Cable -mac ----1 1 Display Upstream Channel Sets Cable-side Configuration chSetId DS/US Channel Set ---------- ----- ----------------------------------------------0x00000100 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x01000001 DS 12/0/0 12/0/1 12/0/2 12/0/3 The following command example displays all upstream channel sets: show cable channel-sets us An output similar to the following example will occur: Cable -mac ----1 1 Display Specific MAC Domain Channel Sets The following command example displays a specific MAC domain channel set: show cable channel-sets cable-mac 1 An output similar to the following example will occur: Cable -mac ----1 1 1 1 Issue 1.0, 4 Feb 2013 chSetId DS/US Channel Set ---------- ----- ----------------------------------------------0x00000100 US 3/0/0 3/0/1 3/0/2 3/0/3 0x01000001 US 3/0/0 3/0/1 3/0/2 3/0/3 chSetId DS/US Channel Set ---------- ----- ----------------------------------------------0x00000100 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x01000001 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x00000100 US 3/0/0 3/0/1 3/0/2 3/0/3 0x01000001 US 3/0/0 3/0/1 3/0/2 3/0/3 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-27 PRELIMINARY E6000 CER Release 1.0 Display Specific Channel Set ID Cable-side Configuration The following command example displays a specific channel set ID: show cable channel-sets channel-set-id 0x01000001 An output similar to the following example will occur: Cable -mac ----1 1 Display All Channel Set Configuration Values chSetId DS/US Channel Set ---------- ----- ----------------------------------------------0x01000001 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x01000001 US 3/0/0 3/0/1 3/0/2 3/0/3 The following command example displays all configuration values, including single channel sets show cable channel-sets full An output similar to the following example will occur: Cable -mac ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 • chSetId DS/US Channel Set ---------- ----- ----------------------------------------------0x00000001 DS 12/0/0 0x00000002 DS 12/0/1 0x00000003 DS 12/0/2 0x00000004 DS 12/0/3 0x00000005 DS 12/0/4 0x00000006 DS 12/0/5 0x00000007 DS 12/0/6 0x00000008 DS 12/0/7 0x00000009 DS 12/0/8 0x0000000a DS 12/0/9 0x0000000b DS 12/0/10 0x0000000c DS 12/0/11 0x0000000d DS 12/0/12 0x0000000e DS 12/0/13 0x0000000f DS 12/0/14 0x00000010 DS 12/0/15 0x00000100 DS 12/0/0 12/0/1 12/0/2 12/0/3 0x00000101 DS 12/0/4 12/0/5 12/0/6 12/0/7 0x00000102 DS 12/0/8 12/0/9 12/0/10 12/0/11 12/0/12 12/0/13 • 8 8 8 8 8 Issue 1.0, 4 Feb 2013 0x00000101 0x00000102 0x01000001 0x01000002 0x01000003 US US US US US 3/7/4 3/7/8 3/7/8 3/7/0 3/7/4 3/7/5 3/7/9 3/7/9 3/7/1 3/7/5 3/7/6 3/7/10 3/7/10 3/7/2 3/7/6 3/7/7 3/7/11 3/7/11 3/7/3 3/7/7 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-28 PRELIMINARY E6000 CER Release 1.0 Display All System Fiber Nodes Cable-side Configuration The following command example displays all system fiber nodes and their associated service groups and ports: show cable fiber-node An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Display Specific Fiber Node The following command example displays a specific fiber node and its associated service groups and ports: show cable fiber-node FN1 An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Display All System Fiber Nodes (Detail) The following command example displays detailed information regarding all system fiber nodes and their associated service groups and ports: show cable fiber-node detail An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-29 PRELIMINARY E6000 CER Release 1.0 Display Specific MAC Domain Fiber Nodes Cable-side Configuration The following command example displays detailed information regarding specific MAC domain fiber nodes and their associated service groups and ports: show cable fiber-node cable-mac 1 An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Display Specific MD-CM-SG Fiber Nodes The following command example displays detailed information regarding specific MAC domain CM signaling group fiber nodes and their associated service groups and ports: show cable fiber-node mCMsg 1 An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Display Specific MD-DS-SG Fiber Nodes The following command example displays detailed information regarding specific MAC domain downstream signaling group fiber nodes and their associated service groups and ports: show cable fiber-node mDSsg 1 An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-30 PRELIMINARY E6000 CER Release 1.0 Display Specific MD-US-SG Fiber Nodes Cable-side Configuration The following command example displays detailed information regarding specific MAC domain upstream signaling group fiber nodes and their associated service groups and ports: show cable fiber-node mUSsg 1 An output similar to the following example will occur: Cable Fiber Node MAC mCMsg ---------------- ----- ----FN1 1 1 FN1 1 1 mDSsg/ mUSsg -----U1 D1 S/C/P -------------------3/0/0 3/0/1 12/0/0 12/0/1 3/0/2 12/0/2 3/0/3 12/0/3 * Indicates that downstream channel is not primary-capable. Display All Cablemac Service Groups The following command example displays all system cable-macs and associated service groups: show cable service-group An output similar to the following will occur: Cable MAC --1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Issue 1.0, 4 Feb 2013 mCMsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mDSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mUSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-31 PRELIMINARY E6000 CER Release 1.0 22 23 24 25 26 27 Display Specific Cable-mac and Service Groups 1 1 1 1 1 1 show cable service-group cable-mac 9 An output similar to the following will occur mCMsg ----1 mDSsg ----1 mUSsg ----1 The following command example displays a specific MD-CM-SG: show cable service-group mcmsg 1 An output similar to the following will occur: Cable MAC --1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 Issue 1.0, 4 Feb 2013 1 1 1 1 1 1 The following command example displays a specific cable-mac and its associated service groups: Cable MAC --9 Display Specific MD-CM-SG Service Group 1 1 1 1 1 1 Cable-side Configuration mCMsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mDSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mUSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-32 PRELIMINARY E6000 CER Release 1.0 18 19 20 21 22 23 24 25 26 27 Display Specific MD-DS-SG Service Group 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 The following command example displays a specific MD-DS-SG: show cable service-group mdssg 1 An output similar to the following will occur: Cable MAC --1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Issue 1.0, 4 Feb 2013 1 1 1 1 1 1 1 1 1 1 Cable-side Configuration mCMsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mDSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mUSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-33 PRELIMINARY E6000 CER Release 1.0 26 27 Display Specific MD-US-SG Service Group 1 1 1 1 The following command example displays a specific MD-US-SG: show cable service-group mussg 1 An output similar to the following will occur: Cable MAC --1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Issue 1.0, 4 Feb 2013 1 1 Cable-side Configuration mCMsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mDSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 mUSsg ----1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-34 E6000 CER Release 1.0 PRELIMINARY Cable-side Configuration Receive Channel Configurations and Bonding Groups See chapter 24, Channel Bonding, for configuration of RCCs and Bonding Groups. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 13-35 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Cable-side Configuration PRELIMINARY 13-36 PRELIMINARY E6000 CER Release 1.0 14 Dynamic Routing Protocols Dynamic Routing Protocols Border Gateway Protocol 2 Intermediate System-Intermediate System 17 Multiple Topology IS-IS 24 Open Shortest Path First version 2 39 Open Shortest Path First version 3 46 Routing Information Protocol 62 Route Redistribution for IPv4 Addresses 72 Policy-Based Routing (PBR) 85 Overview This chapter describes the various routing protocols currently supported in the E6000 CER NOTE: Issue 1.0, 4 Feb 2013 For more information regarding routing protocol event messages, see chapter 44, Logging and the E6000 CER. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-1 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Border Gateway Protocol Border Gateway Protocol (BGP) is the routing protocol used to exchange routing information across the Internet. BGP was developed to allow interconnection between Internet Service Providers (ISPs), and to allow end-users to connect to more than one ISP. BGP is a solution that can accommodate the vast expanse of the Internet, and also handle multiple connections to unrelated routing domains. BGP Version 4 BGP Version 4 (BGP-4) is the most current iteration of BGP. BGP-4 provides the mechanisms for supporting Classless Inter-Domain Routing (CIDR). These mechanisms include: • Support for advertising a set of destinations as an IP prefix. • Eliminating the concept of network "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation of routes, including aggregation of Autonomous System (AS) paths. Default VRF BGP runs only on the default Virtual Routing and Forwarding (VRF), but is also supported on sub-interfaces that are not on the default VRF. Interior and Exterior BGP The E6000 CER supports a full complement of features associated with Interior BGP (iBGP) and Exterior BGP (eBGP), with a few noted exceptions. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-2 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Interconnected Peering Routers Some MSOs use BGP as the protocol of choice for advertising E6000 CER CAM-side IP prefixes. In such an application iBGP is used throughout their regional networks with a full mesh of interconnected peering routers. The E6000 CER in this environment is required to run iBGP peering sessions with various routers in a particular Regional Area Network (RAN). iBGP peers typically communicate using loopback interfaces. BGP Sessions Loopback interfaces are not assigned to any particular interface; therefore, a particular BGP session is not interrupted by an interface failure. Interface IP addresses may also be changed without impacting BGP sessions. iBGP Networks Typically, iBGP networks require the following: • BGP Autonomous System: A routing domain in which all routers are associated with the same AS. iBGP peering sessions occur within an AS. • BGP Route Reflector: A route reflector supports the readvertisement of routes between iBGP peers. • BGP Route Reflector Client: Depends on a route reflector to advertise its routes to the entire BGP AS BGP Peering Sessions Reduction Since iBGP full mesh topologies scale at a rate of N(N-1)/2, two methods have been developed to reduce the number of BGP peering sessions: Issue 1.0, 4 Feb 2013 • AS confederations • Route reflectors © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-3 PRELIMINARY E6000 CER Release 1.0 AS Confederations Dynamic Routing Protocols AS confederations break the AS down into smaller entities. Figure 14-1 depicts a BGP autonomous system that is broken down into sub-ASs. AS1, with confederations Sub-AS: 10 Sub-AS: 12 iBGP Peering iBGP Peering eB GP Pe eri ng AS2, no confederations eBGP Peering Sub-AS: 11 eBGP in Peer g iBGP Peering Figure 14-1: iBGP with Confederations to Reduce Full Mesh Peering Within each sub-AS, a full mesh exists between all peers; however, a single eBGP peering session is sufficient for interconnection between sub-ASs. NOTE: Issue 1.0, 4 Feb 2013 From the perspective of ASs outside of the confederation, the original AS does not appear any different. That is, the sub+AS configuration is contained within the original AS. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-4 PRELIMINARY E6000 CER Release 1.0 Route Reflectors Dynamic Routing Protocols Route reflectors are commonly used to reduce the number of peering groups. In Figure 14-2, the E6000 CER acts as a route reflector client, and shows a complete RAN running iBGP with route reflection. Core Network OSPF Backbone I-BGP Full-Mesh Possible I-BGP R R to RANs OSPF Area 2 Regional Area Network (e.g. D P T Ring) Regional Area Network (e.g. D P T Ring) I-BGP Full-mesh I-BGP Full-mesh Router Reflector Router Reflector Aggregation Router BGP Route Reflector Aggregation Router BGP Route Reflector Aggregation Router Aggregation Router Ethernet links Ethernet links I-BGP Session I-BGP Session CER 1 Loopback: 192.168.0.1/32 CER 2 Loopback: 192.168.0.2/32 I-BGP Session I-BGP Session CER 3 Loopback: 192.169.0.1/32 CER 4 Loopback: 192.169.0.2/32 Figure 14-2: BGP Network Topology with Route Reflections and an OSPF overlay In the example of Figure 14-2, each region is defined as a RAN with a single OSPF area. OSPF summarization occurs at each area border router, and therefore OSPF SPF calculations occur for each RAN. Scalability Benefit — This network topology provides a substantial scalability benefit to the E6000 CER in that it does not need to establish a peering session with each BGP enabled router in the RAN. Loopback Interfaces — To allow BGP sessions to be established between peering routers via loopback interfaces, the routers must communicate the reachability of the various loopback interfaces. Typically, these interfaces have a network mask of /32. Advertisement of loopback interfaces is accomplished using an overlay OSPF network. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-5 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols BGP-4 Implementation The following points summarize BGP-4 implementation on the E6000 CER: Issue 1.0, 4 Feb 2013 • BGP-4 complies with RFC 1771 and the MIB RFC 1657. • If the E6000 CER is used in either an eBGP or iBGP configuration, it must be for an MSO’s internal network only. Given the size of the E6000 CER hardware routing table, approximately 32K routes, the E6000 CER must not be defined as an AS-border router running either eBGP or iBGP to the internet. • The E6000 CER supports a single instance of BGP, and it must be on the default VRF. • iBGP routes have a default administrative distance of 200. • eBGP routes have a default administrative distance of 20. • BGP-4 supports Autonomous System Confederations. This feature is useful in reducing full mesh configurations in iBGP. A BGP AS is split into multiple sub-ASs. Within a sub-AS, there is a full mesh of iBGP. • BGP-4 supports Equal Cost Multi-Path (ECMP). In addition to being supported for eBGP, ECMP must be supported when multiple next-hops exist for a prefix within an AS. This implies that ECMP is available for iBGP configurations. The allowable range for ECMP is 1-4 routes. A value of 1 implies that ECMP is disabled. • BGP-4 supports Route Reflection. This is an alternative to full mesh iBGP. A route reflector is responsible for re-advertising routes to an entire AS, but a route reflector client requires no additional functionality beyond the original BGP specification. • BGP-4 supports the Communities Attribute. This allows similar routes to be grouped for the same policy treatment. • BGP-4 sends BGP Updates on card/port maintenance state changes. For example, if port maintenance indicates a state change in a CAM subnet, this change triggers a BGP update to all peers indicating the reachability of the CAM-side subnets. • BGP-4 supports Route-Refresh. This feature allows the E6000 CER to dynamically request a re-advertisement of the Adj-RIBOut from a BGP peer. • BGP-4 supports Capabilities Advertisement. This feature is required to advertise BGP capabilities to peers, such as route refresh. When VPN extensions are available and two BGP speakers wish to exchange labeled VPN-IPv4 NLRI, they must use BGP Capabilities Advertisement to ensure both peers are capable of processing such NLRI. • The E6000 CER, acting as a BGP Server, allows for a socket bind to any provisioned E6000 CER IP interface, including loopback interfaces. For iBGP connections, loopback interfaces are the preferred IP address when establishing connections since they represent the router itself and not any particular interface that is subject to state changes. • Additionally, the E6000 CER supports binding to a “wildcard” address. A “wildcard” address is assumed if the “update source” parameter is not defined during the creation of a BGP instance. • BGP supports Route Reflector Client (RRC) and Confederation, but does not support peer groups or route filtering. In the anticipated use of the E6000 CER as an RRC, there will be only a handful of routers north of the E6000 CER. Therefore, the neighbor commands contain the IP addresses of the neighbors, but not of peer groups. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-6 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols • The E6000 CER supports BGP route filtering via route maps, which is required for E6000 CER peers with multiple ISPs and is recommended in confederations. Without this filtering, the E6000 CER could advertise routes received from one peer to another peer, becoming an unintentional transit router. • The E6000 CER permits system administrators to redistribute static, connected, RIP, or OSPF routes into BGP. • The E6000 CER supports BGP Route Aggregation. BGP-Related CLI Commands The table that follows, lists and describes the purpose of the CLI commands that are used for configuring and managing BGP routing. For more information on these CLI commands see Chapter 44, Command Line Descriptions. NOTE: BGP requires a unique router-id to function correctly. The default router-id is computed from the IP addresses of the interfaces. If there are no interfaces configured, then the E6000 CER displays an error message that reads: No Interfaces have been assigned to this VRF, default router-Id cannot be calculated Table 14-1: List of Commands Related to BGP Purpose Command Global BGP commands: Configures a fixed BGP router ID for a BGP-speaking router. The valid configure router bgp <int> bgp router-id range is 1-65535 and this is the number of the Autonomous System. Configures the administrative distance for subsets of BGP routes in the same VRF. configure router bgp [<int>] distance bgp Configures the administrative distance for BGP routes in the same VRF. configure router bgp [<int>] distance Configures BGP. This command should be entered before interface configure router bgp [<int>] no shutdown configuration. Controls BGP administrative state (up or down). Disables the administrative state of BGP. configure router bgp [<int>] shutdown Removes all BGP configuration. configure router bgp [<int>] no Configures the cluster ID if the BGP cluster has more than one route configure router bgp [<int>] bgp cluster-id <id> reflector. Configures the confederation parameters. configure router bgp [<int>] bgp confederation identifier <int> Changes the default local preference. configure router bgp [<int>] bgp default local-preference <int> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-7 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Enables BGP deterministic comparison of the MED variable between configure router bgp [<int>] bgp deterministic-med all paths from the same autonomous system. Enables the BGP graceful restart capability. configure router bgp [<int>] bgp graceful-restart Configures the maximum time to wait for a graceful-restart-capable configure router bgp [<int>] bgp graceful-restart-time neighbor to recover after a restart. Configures the maximum time to hold on to the stale paths of a gracefully restarted neighbor to come back up after a restart. All stale paths are deleted after the expiration of this timer. configure router bgp [<int>] bgp graceful-restart stalepaths-time Limits the amount of work that is carried out in each cycle of the Nconfigure router bgp [<int>] bgp pause-threshold <int> BASE scheduler. Configures the maximum number of Equal Cost BGP paths to control configure router bgp maximum-paths <1-4> ibgp <1-4> the number of parallel routes an IP routing protocol can support. Configures the routes that match the aggregate IP address and mask configure router bgp <int> aggregate-address <a.b.c.d> <mask> to be aggregated. The aggregate routes and the specific routes would be advertised out. Configures the routes so that only the aggregate route would be advertised out and the aggregate route would have the AS_PATHS of all the specific routes. configure router bgp <int> aggregate-address <a.b.c.d> <mask> as-set summary-only Specifies which routes are not be get aggregated. Attributes of the un-aggregated specific routes would not be inherited by the aggre- configure router bgp <int> aggregate-address <a.b.c.d> <mask> as-set gate route. The un-aggregated specific routes would be advertised summary-only advertise-map <advertise map> out in addition to the aggregate route. Sets the Community attribute on the aggregate route giving the user configure router bgp <int> aggregate-address <a.b.c.d> <mask> as-set a chance to change, for the aggregate route, the otherwise inherited summary-only attribute-map <attribute map> Community attributes from the specific routes. Specifies which specific routes are not to get aggregated. However, the attributes of the suppressed specific routes are inherited by the aggregate route. The attribute-map can be used to override the configure router bgp <int> aggregate-address <a.b.c.d> <mask> [as-set] inherited attributes. The non-suppressed specific routes would be suppress-map <suppress map> advertised out in addition of the aggregate route. Removing the optional “as-set” would cause the aggregate route not to inherit the AS_PATH attributes from the specific routes. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-8 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Purpose Command (Continued) Clears a BGP connection using BGP soft reconfiguration. This will not clear ip bgp <addr>|<autonomous system> soft [out] reset the session. Clears all peers in specified VRF or AS. To clear a specific BGP neighbor address, use the IP address. clear ip bgp <addr>|<autonomous system> Route-map configuration commands: Defines the route map. configure route-map <word> Configures conditions that deny routes used to match BGP autonoconfigure route-map <word> deny [<int>] match as-path regexp <word> mous system path information. Configures conditions that deny routes that match a BGP community. configure route-map <word> deny [<int>] match community regexp <word> Configures conditions that deny routes that matches an IP address and denies routes based on destination network. Standard accessconfigure route-map <word> deny [<int>] match ip address [prefix-list lists are not presently supported. Users desiring to filter on a stan<word>] dard access-list must manually convert the access-list to a prefix-list and apply the prefix-list. Configures conditions that deny routes that match the next-hop address of route. configure route-map <word>] Configures conditions that deny routes that match based on address configure route-map list <word>] of advertising router. <word> deny [<int>] match ip next-hop [prefix-list <word> deny [<int>] match ip route-source [prefix- Configures conditions that deny routes. configure route-map <word> deny Use this command to match an autonomous system path information. configure route-map <word> match as-path Matches a BGP autonomous system path access list. configure route-map <word> match as-path regexp <word> Matches a BGP community. configure route-map <word> match community Configures conditions that permit routes that match the next-hop address of route. configure route-map <word> match ip address [prefix-list <word>] Redistributes any routes that have a next hop router address passed configure route-map <word> match ip next-hop [prefix-list <word>] by one of the access lists specified. Redistributes routes that have been advertised by routers and access configure route-map <word> match ip route-source [prefix-list <word>] servers at the address specified by the access lists. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-9 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Purpose Command (Continued) Configure conditions that deny routes used to match BGP autonomous system path information configure route-map <word> match as-path regexp <word> Use this command to match BGP autonomous system path informaconfigure route-map tion. <word> permit [<int>] match as-path regexp <word> Matches a BGP community. configure route-map <word> permit [<int>] match community regexp <word> Matches a route based on the IP address. configure route-map <word> permit [<int>] match ip address [prefix-list <word>] Matches the next-hop address of the route. configure route-map <word> permit [<int>] match ip next-hop [prefix-list <word>] Configures conditions that permit routes based on matching the IP configure route-map <word> permit [<int>] match ip route-source [prefixlist <word>] address of the advertising router. Appends a string to the autonomous system path. configure route-map <word> permit [<int>] set as-path prepend <word> Removes communities from the community attribute of an update. configure route-map <word> permit [<int>] set comm-list delete no Removes communities, using a regular expression, from the commu- configure route-map <word> permit [<int>] set comm-list delete regexp <word> nity attribute of an update. Sets BGP community attributes. (The command to the right is a link—click on it to see the attributes.) configure route-map * permit * set community Removes the communities of the update. configure route-map <word> permit [<int>] set community none Configures where the next-hop sends packets that match the speciconfigure route-map <word> permit [<int>] set ip next-hop <a.b.c.d> fied route-map. Sets the local preference of routes within a specified local autonomous system. configure route-map <word> permit [<int>] set local-preference <int> Sets the metric value for destination routing protocols. configure route-map <word> permit [<int>] set metric <int> Sets the BGP origin code. configure route-map <word> permit [<int>] set origin <egp | igp | unknown> Specifies the BGP weight for the routing table. Weight can be altered configure route-map <word> permit [<int>] set weight <int> by this command on routes learned from other BGP routers, but cannot be set on routes redistributed into BGP from other protocols. Modifies autonomous system path for BGP routes. configure route-map <word> set as-path prepend <word> Removes communities from the community attribute of an update using a regular expression. configure route-map <word> set comm-list delete regexp <word> Sets the community attribute. configure route-map <word> set community Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-10 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Removes the community from the route. configure route-map <word> set community none Defines where to output packets matching the specified route-map. configure route-map <word> set ip next-hop <a.b.c.d> Sets the preference of routes within the local autonomous system. configure route-map <word> set local-preference <int> Configures the metric value for the destination routing protocol. configure route-map <word> set metric <int> Sets the BGP origin code. configure route-map <word> set origin <egp | igp | unknown> Specifies the BGP weight for the specified routing table. Weight can be altered by this command on routes learned from other BGP configure route-map <word> set weight <int> routers, but cannot be set on routes redistributed from other protocols. Instructs the route-map to go to next specified route-map sequence number. Note: If adding multiple communities, match must be set to configure route-map <word> permit continue <int> exclude other route matches. Configuring BGP neighbors: This command creates a new neighbor. This command should only be used on directly connected neighbors or when there is only one interface that handles BGP traffic. If the neighbor is not directly connected, the first neighbor command should be: configure router bgp [<int>] neighbor <addr> update-source loopback <word> remote-as <int> configure router bgp [<int>] neighbor <addr> remote-as <1-65535> The IP address of the specified neighbor by the update-source option is used by the other routes to reference the E6000 CER in their neighbor commands. If the initial neighbor command does not contain the update-source, then the other routers will reference us by the directly connected physical interface on the E6000 CER. Configures the minimum route advertisement interval. configure router bgp [<int>] neighbor <addr> advertisement-interval <0600> [withdraw-interval <sec>] Configures the minimum interval between originating routes from the AS. configure router bgp [<int>] neighbor <addr> as-origin-interval <sec> Configures the neighbor as a confederation member. configure router bgp [<int>] neighbor <addr> confed Configures the connection retry interval. configure router bgp [<int>] neighbor <addr> connect-retry Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-11 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Configures the E6000 CER to require the neighbors to send their AS configure router bgp [<int>] neighbor <addr> enforce-first-as as the first AS number in their AS_SEQUENCE. Configures the maximum number of prefixes that can be accepted from this neighbor. This command is disabled by default. configure router bgp [<int>] neighbor <addr> maximum-prefix <value> Configures the router to generate a log message when the maximum configure router bgp [<int>] neighbor <addr> maximum-prefix <value> prefix limit is exceeded, instead of terminating the peering session. warning-only Configures the maximum number of prefixes that can be accepted from this neighbor. This command is disabled by default. configure router bgp [<int>] neighbor <addr> next-hop-self Configures the maximum number of prefixes that can be accepted from this neighbor. This command is disabled by default. configure router bgp [<int>] neighbor <addr> passive Enables Message Digest 5 (MD5) authentication on TCP connections configure router bgp [<int>] neighbor <addr> password <string> between BGP neighbors. Configures the name of the prefix list to filter inbound updates from configure router bgp [<int>] neighbor <addr> prefix-list <word> in the neighbor. Configures the name of the prefix list to filter outbound updates to configure router bgp [<int>] neighbor <addr> prefix-list <word> out the neighbor. Removes private Autonomous Systems (AS) from the autonomous system path. configure router bgp [<int>] neighbor <addr> remove-private-as Configures the name of the route-map used to apply policy for routes inbound from the neighbor. By default, no such policy refer- configure router bgp [<int>] neighbor <addr> route-map <name> in ence exists. Configures the name of the route-map used to apply policy for routes outbound to the neighbor. By default, no such policy reference exists. configure router bgp [<int>] neighbor <addr> route-map <name> out Configures the router as a BGP route reflector and the specified neighbor as its a route reflector client. configure router bgp [<int>] neighbor <addr> route-reflector-client Configures the router as a BGP route reflector and the specified neighbor as a meshed route reflector client. configure router bgp [<int>] neighbor <addr> route-reflector-client meshed Triggers a route refresh for the specified neighbor. configure router bgp [<int>] neighbor <addr> route-refresh Forces an administrative shutdown [restore] of the specified neighbor. configure router bgp [<int>] neighbor <addr> [no] shutdown Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-12 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Configures routes with a BGP next-hop equal to the neighbor’s address to not send to that neighbor. configure router bgp [<int>] neighbor <addr> split-horizon Configures the keepalive and holdtime of the specified neighbor. configure router bgp [<int>] neighbor <addr> timers <keepalive> <holdtime> Configures the source address for the session. configure router bgp [<int>] neighbor <addr> update-source ethernet <word> remote-as <int> Configures the source address for the source IP address. configure router bgp [<int>] neighbor <addr> update-source ip-address <a.b.c.d> remote-as <int> Show commands: Displays entries in the Border Gateway Protocol (BGP) routing table. show ip bgp Displays information about the TCP and Border Gateway Protocol (BGP) connections to neighbors. show ip bgp neighbor [<addr>] Displays routes that are being advertised by BGP. show ip bgp neighbor [<addr>] advertised-routes Displays the advertised paths for routes identified. show ip bgp neighbor [<addr>] advertised-routes paths Displays routes matching the autonomous system path “regular expression.” show ip bgp quote-regexp <word> Displays routes matching the autonomous system path “regular expression.” show ip bgp regexp <word> Displays the status of all BGP connections. show ip bgp summary Example shown in CLI Displays the IP interfaces for the client modules. show ip interface Displays contents of prefix list table. show ip protocols Displays details of the active and inactive routes on all virtual routers show ip route in the E6000 CER. Displays route-map information. Issue 1.0, 4 Feb 2013 show route-map © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-13 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Sample Configuration Command Scripts for BGP The following three scripts are meant as examples only. They provide the command sequences for configuring BGP on the E6000 CER for operation with two neighbors, route reflection, or AS confederation, respectively. MSOs should customize BGP configuration to suit their own network environments and applications. Basic Configuration for Two Neighbors This script is for iBGP. The following commands show the basic configuration for two neighbors: configure router bgp 2 bgp router-id 128.96.52.147 configure router bgp 2 neighbor 128.96.50.2 remote-as 2 configure router bgp 2 neighbor 128.96.50.2 shutdown configure router bgp 2 neighbor 128.96.50.2 as-origin-interval 5 configure router bgp 2 neighbor 128.96.50.2 advertisement-interval 15 configure router bgp 2 neighbor 128.96.50.2 connect-retry 60 configure router bgp 2 neighbor 128.96.50.2 no shutdown configure router bgp 2 neighbor 128.96.51.3 remote-as 2 configure router bgp 2 neighbor 128.96.51.3 shutdown configure router bgp 2 neighbor 128.96.51.3 as-origin-interval 5 configure router bgp 2 neighbor 128.96.51.3 advertisement-interval 15 configure router bgp 2 neighbor 128.96.51.3 connect-retry 60 configure router bgp 2 neighbor 128.96.51.3 no shutdown configure router bgp 2 shutdown no Sample Configuration of BGP with Route Reflection This script is for iBGP. The commands that follow are an example of configuring BGP with route reflection: configure router bgp 2 bgp router-id 128.96.52.147 configure router bgp 2 bgp cluster-id 1.2.3.4 configure router bgp 2 aggregate-address 10.20.0.0 255.255.0.0 summary-only configure router bgp 2 neighbor 128.96.50.2 remote-as 2 configure router bgp 2 neighbor 128.96.50.2 as-origin-interval 5 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-14 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure router bgp 2 neighbor 128.96.50.2 advertisement-interval 15 configure router bgp 2 neighbor 128.96.50.2 connect-retry 60 configure router bgp 2 neighbor 128.96.50.2 no shutdown configure router bgp 2 neighbor 128.96.51.3 remote-as 2 configure router bgp 2 neighbor 128.96.51.3 as-origin-interval 5 configure router bgp 2 neighbor 128.96.51.3 advertisement-interval 15 configure router bgp 2 neighbor 128.96.51.3 route-reflector-client configure router bgp 2 neighbor 128.96.51.3 connect-retry 60 configure router bgp 2 neighbor 128.96.51.3 no shutdown configure router bgp 2 neighbor 128.96.52.4 remote-as 2 configure router bgp 2 neighbor 128.96.52.4 as-origin-interval 5 configure router bgp 2 neighbor 128.96.52.4 advertisement-interval 15 configure router bgp 2 neighbor 128.96.52.4 connect-retry 60 configure router bgp 2 neighbor 128.96.52.4 no shutdown configure router bgp 2 shutdown no Sample Configuration with AS Confederation This script is for eBGP. The commands that follow are an example of an Asynchronous System confederation configuration: configure router bgp 2 bgp router-id 128.96.52.147 configure router bgp 2 bgp confederation identifier 600 configure router bgp 2 neighbor 128.96.50.2 remote-as 3 configure router bgp 2 neighbor 128.96.50.2 confed configure router bgp 2 neighbor 128.96.50.2 as-origin-interval 5 configure router bgp 2 neighbor 128.96.50.2 advertisement-interval 15 configure router bgp 2 neighbor 128.96.50.2 connect-retry 60 configure router bgp 2 neighbor 128.96.50.2 no shutdown configure router bgp 2 neighbor 128.96.51.3 remote-as 4 configure router bgp 2 neighbor 128.96.51.3 confed configure router bgp 2 neighbor 128.96.51.3 as-origin-interval 5 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-15 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure router bgp 2 neighbor 128.96.51.3 advertisement-interval 15 configure router bgp 2 neighbor 128.96.51.3 connect-retry 60 configure router bgp 2 neighbor 128.96.51.3 no shutdown configure router bgp 2 shutdown no configure ip prefix-list FILTER permit 10.0.0.0/24 le 2 Sample Route Map The commands that follow are an example of a route map. configure route-map CER-IN permit 10 match ip address prefix-list FILTER Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-16 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Intermediate System-Intermediate System Overview Intermediate System-Intermediate System (IS-IS) is a routing protocol developed by the International Standards Organization (ISO). In this link-state protocol, IS routers exchange routing information based on a single metric to determine network topology. It is similar to Open Shortest Path First (OSPF) in the TCP/IP network. The E6000 CER supports: • Both IPv4 and IPv6 protocols. • Q-tags with IS-IS traffic for both IPv4 and IPv6. • The maximum number of IP routes shown in Table 14-2. Table 14-2: Number of IPv4 and IPv6 Routes Supported by the E6000 CER Protocol Type Total IPv4 32768 IPv6 28440 NOTE: Prefix Delegation and Route Injection (PDRI) Dynamic Static 8192 16000 10240 2000 IS-IS runs only on the default VRF. CLNP Addressing/NSAP Address Format The CLNP node-based addressing scheme is one of the concepts retained for use in advertising IP networks. CLNP network addressing is mandatory on IP routers and therefore both CLNP and IP addresses need to be provisioned on the E6000 CER. CLNP Address Issue 1.0, 4 Feb 2013 The CLNP address is analogous to an IP loopback interface in so far as it is node-based versus interface-based. As such, a single CLNP address suffices per IS-IS node, within a specific IS-IS area. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-17 PRELIMINARY E6000 CER Release 1.0 NSAP Address Dynamic Routing Protocols Each CLNP (NSAP) address is composed of three parts: • An area identifier (area ID) prefix. • A system identifier (SysID). • An N-selector. A group of routers within a specific area shares the same area ID. IS-IS Routers IS-IS routers may be multi-homed, implying they reside in multiple Level 1 areas (or Level 2 backbone) and therefore require multiple NSAP addresses. Since IS-IS is an IGP, the NSAP addressing scheme need not be globally unique and private IP addresses may be defined within an AS. IS-IS Network Topology, Unique Level 1 Areas IS-IS defines a multi-layered hierarchy called Level 1 and Level 2 routing. Level 1 Routers Level 1 routers belong to a common area and are engaged in level one routing. These routers are aware of their local topology only and require Level 2 routers to communicate inter-area routing information. Level 2 Routers In practice, most Level 2 routers are also Level 1 routers; that is, they serve a local area and connect to the IS-IS backbone. Two-Level Network Topology Figure 14-3 on page14-19 depicts an IS-IS two-level network topology with both NSAP and IP addressing. NSAP addresses are based on the defined IP loopback addresses and must be manually provisioned as such. NOTE: In the example of Figure 14-3, IP hosts are not assigned NSAP addresses and do not in any way participate in IS-IS routing. Each router in a Level 1 area builds an area unique LSP database with its peers. Disjointed Level 1 areas must be joined together via a Level 2 (backbone) area. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-18 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols IS-IS Backbone Level 2 Routing R1 Level 2 adjacency only R3 IP Address(loopback): 192,168.1.23 NSAP: 49.0001.1921.6800.1023.00 IP Address(loopback): 192,168.3.23 NSAP: 49.0003.1921.6800.3023.00 R2 Level 1, Level 2 Adjacencies IP Address(loopback): 192,168.2.23 NSAP: 49.0002.1921.6800.2023.00 IS-IS Area 1 Level 1 (intra-area) Routing R4 Level 1 adjacency only IP Host IS-ISArea Area22 IS-IS Level1 1(intra-area) (inta-area) Level Routing Routing IP Address(loopback): 192,168.1.24 NSAP: 49.0001.1921.6800.1024.00 R5 Level 1 adjacency only IP Address(loopback): 192,168.2.24 NSAP: 49.0002.1921.6800.2024.00 IP Host IP Host IP Host Figure 14-3: IS-IS Level 1 and Level 2 Routing By default, Level 1 areas are considered “stub” areas because they rely on a default route to forward traffic out of the area. However, route leaking from Level 2 and Level 1 areas allows for more intelligent inter-area routing. Adjacencies Adjacencies formed are based on interface circuit-type (either Level 1, Level 2, or both) and the provisioned area ID in the NSAP address. NOTE: Issue 1.0, 4 Feb 2013 The circuit-type is encoded in the IIH packet. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-19 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Figure 14-3 defines the following adjacencies: • Router R1: Circuits are Level 2 only since the router resides completely in a Level 2 area. R1 will form Level 2 adjacencies with R2 and R3. • Routers R2 and R3: These routers are considered Border routers since north-bound circuits are defined as Level 2, and southbound circuits are defined as Level 1. R2 defines adjacencies with R1 and R5 while R3 defines adjacencies with R1 and R4. • Routers R4 and R5: Circuits may be defined as Level 1 only since these are edge routers connected to the IS-IS backbone. Dynamic Hostname Support The E6000 CER will support use of the dynamic hostname in IS-IS link state packets (LSPs). The E6000 CER will support the use of TLV 137 to communicate its hostname and receive hostname updates from peer routers. System ID In the IS-IS routing domain, a system ID is used to represent each router. The system ID is part of the network entity title that is configured for each IS-IS router. Dynamic Hostname Mechanism The dynamic hostname mechanism uses link-state protocol (LSP) flooding to distribute the router-name-to-system-ID mapping information across the entire network. Every router on the network will try to install the system ID-to-router name mapping information in its routing table. Dynamic Host Mapping Table If a router that has been advertising the dynamic name Type-Length-Value (TLV) on the network suddenly stops the advertisement, the mapping information last received will remain in the dynamic host mapping table for up to one hour. This allows the network administrator to display the entries in the mapping entry during a time when the network experiences problems. Display Mapping Table Entering the following command, displays the entries in the system-ID-to-router-name mapping table: Issue 1.0, 4 Feb 2013 show isis hostname © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-20 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols IS-IS Network Topology — Multi-homing Multi-homing provides the capability to define multiple NSAP addresses, one per area. Primary Purpose The primary purpose of IS-IS multi-homing is to merge otherwise disparate, Level 1 areas into one large unified area. The LSP database thus becomes unified across the individual Level 1 areas. NOTE: Additional Benefit IS-IS multi-homing is not analogous to the IP concept of sub-interfaces with multiple secondary IP addresses. IP multihoming implies that multiple logical subnets can be defined on the same physical link. Multi-homing provides the benefit of not having to take down an IS-IS network during: • NSAP address renumbering. • IS-IS area merging. • IS-IS splitting. Packet Flow Between IS-IS Systems IS-IS defines three packet type categories, similar to that defined in OSPF: • Hello packets. • Link State Packets (LSPs). • Sequence number packets. Hello Packets As is the case with OSPF, Hello packets are used to establish and maintain adjacencies between directly connected IS-IS neighbors. Link State Packets Link state packets are used to distribute the actual IP routing information. Sequence Number Packets Sequence number packets control the distribution of LSPs s to allow for correct synchronization of the Link State database. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-21 E6000 CER Release 1.0 PRELIMINARY Dynamic Routing Protocols Designated Intermediate System (DIS) and Reliable Flooding of LSPs The DIS is sometime referred to as the Pseudonode, which is an abstraction for representing broadcast links as network nodes. This reduces the amount of router-to-router communications on a broadcast network and as a consequence, reduces the amount of information (IS-IS PDUs) that is exchanged when multiple nodes interconnect on a LAN. DIS Election The election of the DIS is based on interface priority and, as a tie breaker, the MAC address used to encapsulate the Hello packet. As is the case with OSPF, the DIS plays the critical role of LSP flooding; however it should be noted that unlike OSPF, there does not exist the concept of a backup DIS (known in OSPF nomenclature as a BDR). If the DIS becomes unavailable, then DIS election must be restarted. Mitigating DIS Outage To help mitigate a DIS outage, the hello interval for DIS routers is set at three times the rate of non-DIS routers. This scheme allows for quick detection of DIS failures and replacement. Pseudonode LSP In addition to flooding responsibilities, the DIS will advertise a pseudonode LSP, which represents the broadcast link itself. This LSP has a zero cost and allows for communication on the broadcast link between individual non-DIS routers. DIS Router The DIS router is not guaranteed to remain the DIS if a new router with a higher priority shows up on the LAN; likewise, there is no mechanism for making a router ineligible for DIS operation. IS-IS peers are said to be adjacent after Hello packets are exchanged, but before the LSP database synchronization is complete. This differs from OSPF, and may cause transient routing problems when adjacent routers do not have a complete forwarding table representing routes within the IS-IS domain. Use of the LSP overload bit can help solve this issue by informing adjacent routers that traffic should not be sent to a router whose LSP overload bit is set. Periodic Flooding Issue 1.0, 4 Feb 2013 On broadcast links, periodic flooding by all IS-IS nodes is used to ensure that adjacent peers maintain a consistent view of the LSP database for a particular IS-IS Domain. That is, all IS-IS nodes broadcast their LSPs to all attached devices. These flooded LSPs are not acknowledged and require support from the DIS to maintain a consistent view of the LSP database. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-22 E6000 CER Release 1.0 PRELIMINARY Dynamic Routing Protocols Support of Reliable Flooding To help support reliable flooding of LSPs, the DIS periodically sends out a CSNP that contains a summary of every known LSP within the IS-IS domain. Purging LSP from IS-IS Domain To purge a LSP from the IS-IS domain, the remaining lifetime field is set to 0, and the LSP is flooded throughout the network. Only the originator of the LSP may purge it from the domain. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-23 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Multiple Topology IS-IS Overview The E6000 CER software supports two topologies for IS-IS: • IPv4 • IPv6. IS-IS could be configured as IPv4 only, IPv6 only or IPv4-IPv6 only but only a single Shortest Path First (SPF) would run per level for IPv4 or IPv6. Overcoming Single SPF Limitation To overcome the single SPF limitation, Multiple Topology IS-IS (MT IS-IS) is implemented in the E6000 CER. When MT IS-IS is enabled, the E6000 CER will maintain multiple instances of the IS-IS routing tree and will run two separate SPFs: • One for standard topology IPv4 • The other for IPv6 topology. In the example of Figure 14-4, Router B in Area 1 is IPv4 only, and all other routers are IPv4-IPv6. Area 2 Area 1 IPv4 only IPv4-IPv6 Figure 14-4: Example of IS-IS and MT IS-IS Topologies Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-24 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols MT IS-IS Not Enabled If MT IS-IS is not enabled, the best path from A to D is: A -> B -> C -> D MT IS-IS Enabled When MT IS-IS is enabled, two separate SPFs will run and maintain the two separate topologies, IPv4 and IPv6. However, any IPv6 traffic from A -> D would be lost in Router B. As a result: • The best IPv4 path from A to D is: A -> B -> C -> D • The best IPv6 path from A to D is: A -> E -> F -> C -> D Adjacencies Users need to know what they are running, IPv4 or IPv6, in order for the adjacency to be included in the correct topology. If the interface only supports the IPv4 topology, the E6000 CER will not use the new MT TLV in the IS-IS Hello packet, and it will not be advertised in the new TLV. Thus, the exclusion of MT TLV in the IIH implies that this interface is only part of the IPv4 topology. Broadcast Interface Adjacencies All the routers on a LAN that implement the MT extension may advertise their MT capability TLV in their IIHs. If there is at least one adjacency on the LAN interface that belongs to this MT capable router, the corresponding MT IS Reachable TLV will be included in its LSP. Establishing Adjacency Adjacency will always be established between two routers on a LAN whether they have a common MT or not. This guarantees that all the routers on the LAN can correctly elect the same DIS. Unsupported MT If the E6000 CER receives an LSP from another router with an unsupported MT, the LSP will be installed into the database but no routes will be calculated using that LSP. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-25 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Advertising MT Reachable Intermediate Systems in LSPs The E6000 CER will include within its LSPs (in the Reachable Intermediate TLV-only) adjacent nodes that are participating in the corresponding topology and advertise such TLVs only if it participates itself in the corresponding topology. There is no change to the pseudo-node LSP construction. NOTE: Acknowledging MT IS TLV The Standard Reachable Intermediate Systems TLV is acting here as MT IPv4 (ID #0), the equivalent of the newly introduced MT Reachable Intermediate Systems TLV. A router must announce the MT IS TLV when there is at least one adjacency on the interface that belongs to this MT, otherwise it may announce the MT IS TLV of an adjacency for a given MT if this interface participates in the LAN. MT IP Forwarding The E6000 CER supports MT IPv4 (ID #0) and MT IPv6 (ID #2) on the same interface. Routing Information Base Each MT belongs to a Distinct Address Family and routes learned within that topology are installed in a separate Routing Information Base (RIB). The RIB associated with MT IPv4 (ID#0) is the default IPv4 VRF. Displaying Active IPv4 Routes To display all active IPv4 routes in this RIB, use the following command: show ip route isis NOTE: Be aware this can be an extremely large output. The E6000 CER displays an output similar to the following: Codes: (L1) internal level-1, (S) summary, (I) internal, VRF Name =============== default default Issue 1.0, 4 Feb 2013 (L2) internal level-2, (IA) internal area, (E) external IP Route Dest. ================== 1.1.1.1/32 1.1.1.1/32 Act === Yes Yes PSt === IS IS (eL1) external level-1, (E1) external type-1, Next Hop =============== 10.83.3.1 10.83.131.1 Metric ====== 10 10 © 2013 ARRIS Group, Inc. — All Rights Reserved Protocol ======== isis(L1) isis(L1) (eL2) external level-2 (E2) external type-2 Dist Route Age ==== ============ 115 0 00:02:24 115 0 00:02:24 Interface ========= ether 6/3.0 ether 7/3.0 PRELIMINARY 14-26 PRELIMINARY E6000 CER Release 1.0 default default default default Displaying Active IPv6 Routes 2.2.2.2/32 2.2.2.2/32 10.44.225.0/24 10.44.225.0/24 Yes Yes Yes Yes IS IS IS IS 10.83.3.1 10.83.131.1 10.83.3.1 10.83.131.1 Dynamic Routing Protocols 10 10 10 10 isis(L1) isis(L1) isis(L1) isis(L1) 115 115 115 115 0 0 0 0 00:01:40 00:01:40 00:03:21 00:03:21 ether ether ether ether 6/3.0 7/3.0 6/3.0 7/3.0 To display all active IPv6 routes in the RIB associated with the IPv6 (MT#2), use the following command: show ipv6 route isis NOTE: Be aware this can be an extremely large output. The E6000 CER displays an output similar to the following: Codes: (L1) internal level-1, (eL2) external level-2 (E1) external type-1, (E) external ACT Active-IS, IPv6 Route Dest / mask ====================== 2222:2222:2222::1/128 2222:2222:2222::1/128 2223:2223:2223::1/128 2223:2223:2223::1/128 Act === ACT ACT ACT ACT (L2) internal level-2, (S) summary, (E2) external type-2, (eL1) external level-1, (IA) inter-area, (I) internal, IS Inactive-IS, OOS Inactive-OOS Dist/ Next Hop Metric ======================================= ========= fe80::2e54:2dff:fed7:2c41 115/10 fe80::2e54:2dff:fed7:2c42 115/10 fe80::2e54:2dff:fed7:2c41 115/10 fe80::2e54:2dff:fed7:2c42 115/10 Protocol ========= isis(L1) isis(L1) isis(L1) isis(L1) RouteAge ======== 00:03:37 00:03:37 00:03:01 00:03:01 Interface ============== ether 7/3.0 ether 6/3.0 ether 7/3.0 ether 6/3.0 Configuring MT IS-IS on the E6000 CER Configuration tasks associated with MT IS-IS are accomplished by means of: Issue 1.0, 4 Feb 2013 • An enable procedure • A disable procedure • A default metric modification procedure © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-27 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Procedure 14-1: Enable MT IS-IS Use this procedure to enable MT IS-IS on the E6000 CER. NOTE: 1 IS-IS must be disabled at the system level before enabling MT. Disable IS-IS at the system level with the following command: configure router isis shutdown 2 Enable MT IS-IS on the E6000 CER: configure router isis address-family ipv6 multi-topology 3 Once MT IS-IS has been enabled, IS-IS can once again be enabled with the following command: configure router isis shutdown no — End of Procedure — Procedure 14-2: Disable MT IS-IS Use this procedure to disable MT IS-IS on the E6000 CER. NOTE: 1 IS-IS must be disabled at the system level before disabling MT. Disable IS-IS at the system level with the following command: configure router isis shutdown 2 Disable MT IS-IS using the following command: configure router isis address-family ipv6 multi-topology no 3 Once MT IS-IS has been disabled, IS-IS can once again be enabled with the following command: configure router isis shutdown no — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-28 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Procedure 14-3: Modify the Default Metric Use this procedure to modify the MT IS-IS default metric on the E6000 CER. 1 Use the following command only if the default metric needs to be changed. configure interface ethernet <slot/port> isis ipv6 metric <1-16777215> [level-1 | level-2] [no] 2 To return to the default metric of 10, use the [no] parameter. — End of Procedure — Sample Configuration The following sample configuration shows a E6000 CER directly connected to another router. The following information is from the E6000 CER: show running-config verbose interface ethernet 7/0 # ChassisType=<E6000> shelfName=<Arris CER CMTS> shelfSwVersion=<CER_V01.00.05.0045> timeGenerated=<Wed Jan 30 17:15:58 2013> # show running-config interface ethernet 6/0 verbose configure interface ethernet 6/0 flowcontrol send on configure interface ethernet 6/0 flowcontrol receive on configure interface ethernet 6/0 no shutdown configure interface ethernet 6/0.0 ip address 10.81.0.2 255.255.255.0 configure interface ethernet 6/0.0 ipv6 enable configure interface ethernet 6/0.0 ipv6 address fc00:cada:c431:600::2/64 configure interface ethernet 6/0.0 no proxy-arp configure interface ethernet 6/0.0 ipv6 nd ra interval 1800 1350 configure interface ethernet 6/0.0 ipv6 no nd ra suppress The following information is also from the E6000 CER: show running-config verbose | begin router isis configure configure configure configure configure configure Issue 1.0, 4 Feb 2013 router router router router router router isis isis isis isis isis isis net 47.0001.0100.8500.9002.00 metric-style wide level-1-2 address-family ipv4 enable address-family ipv6 multi-topology address-family ipv6 redistribute connected level-2 address-family ipv6 enable © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-29 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure router isis no shutdown The following information is from the next-hop router: show running-config interface ethernet 7/0 # ChassisType=<E6000> shelfName=<Arris CER CMTS> shelfSwVersion=<CER_V01.00.04.0005> timeGenerated=<Fri Oct 12 09:52:56 2012> # show running-config interface ethernet 7/0 configure interface ethernet 7/0 no shutdown exit interface ethernet 7/0.0 ip address 10.92.128.2 255.255.255.0 ipv6 enable ipv6 address fc00:cada:c442:700::2/64 no proxy-arp ipv6 nd ra interval 1800 1350 ipv6 no nd ra suppress exit interface ethernet 7/0 exit end The following information is also useful: show running-config verbose | include isis configure configure configure configure configure configure configure configure configure configure configure configure Issue 1.0, 4 Feb 2013 interface ethernet 6/3.0 ip router isis interface ethernet 6/3.0 ipv6 router isis interface ethernet 6/3.0 isis protocol no shutdown interface ethernet 7/3.0 ip router isis interface ethernet 7/3.0 ipv6 router isis interface ethernet 7/3.0 isis protocol no shutdown router isis is-type level-1 router isis net 47.0001.1111.2222.3333.00 router isis metric-style wide level-1-2 router isis address-family ipv4 enable router isis address-family ipv6 enable router isis no shutdown © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-30 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Example Show Commands Displaying Current IS-IS Configuration To display the current IS-IS configuration, use the following command: show isis database detail An output similar to the following will occur: IS-IS Level-1 Link State Database LSPID LSP Seq Num -----------------------------voip-nam.00-00 0x0000AA60 voip-nam.01-00 0x000009E5 voip-nam.04-00 0x000009DE voip-nam.05-00 0x000009CF voip-nam.06-00 0x000009D9 E6-10.00-00 0x000002A2 E6-10.00-01 0x0000029A E6-10.00-02 0x00000092 STABILITY-NAM.00-00 0x00002029 STABILITY-NAM.01-00 0x00000C03 STABILITY-NAM.02-00 0x00000BEC STABILITY-NAM.03-00 0x00000BEF STABILITY-NAM.05-00 0x00000517 STABILITY-NAM.06-00 0x000008F9 STABILITY-NAM.09-00 0x000002E9 STABILITY-NAM.0A-00 0x000002E6 STABILITY-NAM.0B-00 0x00000BE9 E6-8.00-00 * 0x00006988 E6-8.00-01 * 0x000069C1 E6-8.00-02 * 0x000069C6 • LSP Checksum -----------0x1A36 0x22DD 0x1BE8 0x9C46 0x8156 0xDB82 0x7376 0x6C7E 0xD45C 0x4D16 0x7504 0x47B8 0xF42C 0xC112 0x0276 0x0179 0xB526 0xDCB0 0x493D 0xE53A LSP Holdtime -----------913 371 961 612 711 1118 480 1116 866 997 674 1071 621 710 1073 745 962 585 850 711 ATT/P/OL -------0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0x655F 0x6456 0x5B4D 0x3467 0x177A 0x2665 0xC68D 0x8FBB 0xA4A3 0xBF88 0x7907 0x7A13 0x29C4 973 973 973 973 973 973 973 973 973 973 973 770 888 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 1/0/0 • JERB.00-23 JERB.00-24 JERB.00-25 JERB.00-26 JERB.00-27 JERB.00-28 JERB.00-29 JERB.00-2A JERB.00-2B JERB.00-2C JERB.00-2D JERB.02-00 1921.6825.3002.00-00 Issue 1.0, 4 Feb 2013 0x000056B3 0x000056AD 0x000056AF 0x000056AC 0x000056A6 0x0000569C 0x000056C3 0x000056BC 0x000056AF 0x0000569F 0x000056B5 0x000091FD 0x00007FCE © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-31 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols The following section contains a group of commands most commonly used to display MT IS-IS information. To display the IS-IS neighbor output including the remote router’s MT setting, use the following command: show isis neighbor The system output would look similar to the following: System ID -------------0100.8500.9001 0100.8500.9001 NOTE: Interface ---------------------ethernet 6/0.0 ethernet 6/0.0 SNPA -------------000b.45b6.0100 000b.45b6.0100 Sys State Hold Type ----- ----- ---Up 9 L1/2 Up 9 L1/2 Adj Type ---L1 L2 Circuit Id Protocol ------------------- -------TR11.01 M-ISIS TR11.01 M-ISIS If the connected router does not support MT IS-IS, the protocol will display IS-IS in the above output. If the neighbor row says ‘IS-IS’, it only indicates that the remote IS is using regular IS-IS TLVs on that interface. The E6000 CER can still send MT TLVs based on its own system/interface configuration. The E6000 CERs MT support can be verified using the show isis protocol command. If you are not seeing IPv6 routes and you think you should, then an inconsistent configuration between the E6000 CER and the northern router may be the cause. To display the multi-topology system status, use the following command: show isis protocol The system display will look similar to the following: IS-IS Router: default IS-IS routing Enabled IS-IS multi-topology Enabled System ID: 0100.6000.0002 IS-Type: level-1 Max LSP Lifetime: 1200 seconds Max time to delay after LSP event: 5000 milliseconds Override the routing calculation delay when the number of updates reach: infinite Routing calculation is to be paused: 10000 times Manual area address(es): 47.0001 Interfaces supported by IS-IS: ethernet 6/0 - IP - IPv6 level-L1 ethernet 7/0 - IP - IPv6 level-L1 Administrative distances: Internal level-1: 115 Internal level-2: 116 External level-1: 117 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-32 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols External level-2: 118 Metrics: Level-1 generates: wide Level-1 accepts: wide Level-2 generates: wide Level-2 accepts: wide To display the IS-IS neighbor detail output which includes both the remote router’s protocol (M-ISIS or IS-IS) and the remote router’s topologies (IPv4 and IPv6), use the following command: show isis neighbor detail The system output would look similar to the following: System ID Interface SNPA State Hold Type Type Circuit Id -------------- --------------------- ------------- ----- ---- ---- ---- ---------------0100.8500.9001 ethernet 6/0 000b.45b6.0100 Up 9 L1/2 L1 TR11.01 Area Address(es): 47.0001 IP Address(es): 10.60.0.1 IPv6 Address(es): fe80::215:15ff:fe15:1177 Uptime: 0 days 00:49:52 Priority: 64 Support restart signalling: Yes Restart state: Not Restarting Adjacency suppressed: No Topology: IPv4, IPv6 NOTE: Protocol --------M-ISIS If the only “IS-IS” is displayed in the Protocol column above, this command will not display the Topology. Using the command show isis database detail <word> (where <word> in this example is the LSP PDU identifier “TR11.0006”) to display the IS-IS database detail, including the MT extensions, use the following command: show isis database detail TR11.00-06 The system output would look similar to the following: IS-IS Level-2 Link State Database LSPID LSP Seq Num -----------------------------TR11.00-06 0x000001BF Metric: 0 IPv6 (MT-IPv6) Metric: 0 IPv6 (MT-IPv6) Metric: 0 IPv6 (MT-IPv6) Metric: 10 IPv6 (MT-IPv6) Issue 1.0, 4 Feb 2013 LSP Checksum LSP Holdtime ------------ -----------0xF0E8 602 2001:1111:2222:3333:/64 2001:1234:0:3:/64 2001:1234:0:4:/64 2002:2001:3001:3002:/64 © 2013 ARRIS Group, Inc. — All Rights Reserved ATT/P/OL -------0/0/0 PRELIMINARY 14-33 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols To display the IPv4 IS-IS route information, use the following command: show ip route isis The system output would look similar to the following: Codes: (L1) internal level-1, (S) summary, (I) internal, VRF Name =============== default default default default default default (L2) internal level-2, (IA) internal area, (E) external IP Route Dest. ================== 1.1.1.1/32 1.1.1.1/32 2.2.2.2/32 2.2.2.2/32 10.44.225.0/24 10.44.225.0/24 Act === Yes Yes Yes Yes Yes Yes PSt === IS IS IS IS IS IS (eL1) external level-1, (E1) external type-1, Next Hop =============== 10.83.3.1 10.83.131.1 10.83.3.1 10.83.131.1 10.83.3.1 10.83.131.1 Metric Protocol ====== ======== 10 isis(L1) 10 isis(L1) 10 isis(L1) 10 isis(L1) 10 isis(L1) 10 isis(L1) (eL2) external level-2 (E2) external type-2 Dist Route Age Interface ==== ============ ========= 115 0 00:02:24 ether 6/3.0 115 0 00:02:24 ether 7/3.0 115 0 00:01:40 ether 6/3.0 115 0 00:01:40 ether 7/3.0 115 0 00:03:21 ether 6/3.0 115 0 00:03:21 ether 7/3.0 By adding the “ipv6” parameter to the command, the IPv6 IS-IS route information will be displayed: show ipv6 route isis The system output would look similar to the following: Codes: (L1) internal level-1, (eL2) external level-2 (E1) external type-1, (E) external ACT Active-IS, IPv6 Route Dest / mask ====================== 2001:1111:2222:3333/64 2001:1234:0:3::/64 2001:1234:0:4::/64 2002:2001:3001:3002/64 Act === ACT ACT ACT ACT (L2) internal level-2, (S) summary, (E2) external type-2, (eL1) external level-1, (IA) inter-area, (I) internal, IS Inactive-IS, OOS Inactive-OOS Dist/ Next Hop Metric Protocol ============================== ======= ========= fe80::20b:45ff:feb6:100 115/20 isis(L1) fe80::20b:45ff:feb6:100 116/10 isis(L2) fe80::20b:45ff:feb6:100 116/10 isis(L2) fe80::20b:45ff:feb6:100 115/20 isis(L1) RouteAge ======== 00:10:52 00:08:07 00:08:07 00:10:52 Interface ========== ether 6/9.0 ether 6/9.0 ether 6/9.0 ether 6/9.0 CLI Commands The following table lists many of the CLI commands that are used in configuring and managing both MT IPv4 (ID #0) and MT IPv6 (ID #2) routing. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-34 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 14-3: List of Commands Related to IS-IS and MT IS-IS Purpose Command Clears the IS-IS counters. clear isis counters configure interface cable-mac <mac> ip router isis [no] configure interface cable-mac <mac> ipv6 router isis [no] Enables [disables] IS-IS routing for IPv4 / IPv6 on the specified interface. configure interface loopbacka <INT> ip router isis [no] configure interface loopbacka <INT> ipv6 router isis [no] configure interface ethernet <6-7>/<0-7> ip router isis [no] configure interface ethernet <6-7>/<0-7> ipv6 router isis [no] configure interface cable-mac <mac> isis authentication key-chain [no] Configures the IS-IS authentication for LSPs. configure interface ethernet <6-7>/<0-7> isis authentication key-chain [no] configure interface cable-mac <mac> isis authentication mode [no] Configures the IS-IS authentication mode for LSPs. configure interface ethernet <6-7>/<0-7> isis authentication mode [no] Configures the level of adjacency for the specified interface. The Level configure interface cable-mac <mac> isis circuit-type [no] 1 adjacency may be established if there is at least one area address in configure interface ethernet <6-7>/<0-7> isis circuit-type [no] common between this system and its neighbors. Configures the complete sequence number PDUs (CSNPs) interval for configure interface cable-mac <mac> isis csnp-interval [no] the specified interface. This command only applies to the designated configure interface ethernet <6-7>/<0-7> csnp hello-interval [no] router on the specified interface. configure interface ethernet <6-7>/<0-7> isis csnp-interval [no] Configures the length of time in milliseconds between hello packets for configure interface cable-mac <mac> isis ds-hello-interval [no] the specified interface when it is DIS. configure interface ethernet <6-7>/<0-7> isis ds-hello-interval [no] Computes the hello interval based on the hello multiplier so that the resulting hold time is 1 second. configure interface cable-mac <mac> isis hello-interval [no] Computes the hello interval based on the hello multiplier so that the resulting hold time is 1 second. configure interface cable-mac <mac> isis hello-interval minimal Issue 1.0, 4 Feb 2013 configure interface ethernet <6-7>/<0-7> isis hello-interval [no] configure interface ethernet <6-7>/<0-7> isis hello-interval minimal © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-35 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Configures the number of IS-IS hello packets a neighbor must miss before the router declares the neighbor to be down on the specified interface. This time determines how quickly a failed neighbor is detected so that routes can be recalculated. Configures the time delay between successive LSPs for the specified interface. Configures the maximum packet size of LSPs for the specified interface. configure interface cable-mac <mac> isis hello-multiplier [no] configure interface ethernet <6-7>/<0-7> isis hello-multiplier [no] configure interface cable-mac <mac> isis lsp-interval [no] configure interface ethernet <6-7>/<0-7> isis lsp-interval [no] configure interface cable-mac <mac> isis lsp-mtu [no] configure interface ethernet <6-7>/<0-7> isis lsp-mtu [no] configure interface cable-mac <mac> isis metric [no] Configures the default metric for the specified interface. configure interface loopbacka <INT> isis metric [no] configure interface ethernet <6-7>/<0-7> isis metric [no] Configures the metric for the MT #2 IPv6 topology. configure interface ethernet <6-7>/<0-7> isis ipv6 metric <metric> [no] Configures the priority of the designated routers for the specified interface. The priority is used to determine which router on a LAN will be the configure interface cable-mac <mac> isis priority [no] designated router. The priorities are advertised in the hello packets. The router with the highest priority will become the Designated Inter- configure interface ethernet <6-7>/<0-7> isis priority [no] mediate System (DIS). In the case of equal priorities, the highest MAC address breaks the tie. Disables [enables] the administrative state of IS-IS on the specified interface. configure interface cable-mac <mac> isis protocol shutdown [no] configure interface loopbacka <INT> isis protocol shutdown [no] configure interface ethernet <6-7>/<0-7> isis protocol shutdown [no] Configures the maximum rate between LSP retransmissions for the specified interface. This command is useful in very large networks with configure interface cable-mac <mac> isis retransmit-interval [no] many LSPs and many interfaces to control LSP retransmission traffic. configure interface ethernet <6-7>/<0-7> isis retransmit-interval [no] This command controls the rate at which LSPs can be resent on the interface. Allows unpadded small hello packets for the specified interface. Issue 1.0, 4 Feb 2013 configure interface cable-mac <mac> isis small-hello [no] configure interface ethernet <6-7>/<0-7> isis small-hello [no] © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-36 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) configure interface cable-mac <mac> isis wide-metric <INT> [no] Allows wide metrics for the specified interface. configure interface loopbacka <INT> isis wide-metric [no] configure interface ethernet <6-7>/<0-7> isis wide-metric [no] Places the system into an intermediate mode. NOTE: Use the NO command to remove all the IS-IS configuration. configure router isis [no] Allows user to enter CLI address family IPv4 mode. configure router isis address-family ipv4 Enables IS-IS routing for IP on the router level configure router isis address-family ipv4 enable [no] Allows user to enter CLI address family IPv6 mode. configure router isis address-family ipv6 Enables IS-IS routing for IPv6 on the router level configure router isis address-family ipv6 enable [no] Configures the router IS-IS authentication key-chain. configure router isis authentication key-chain [no] Configures the router IS-IS authentication mode. configure router isis authentication mode [no] Configures administrative distance for IS-IS routes. configure router isis distance [no] Configures administrative distance for subsets of the IS-IS routes in the configure router isis distance isis [no] same VRF. Configures the number of equal costs routes. configure router isis ecmp <1-4> [no] Modifies the graceful-restart parameters for IS-IS to help the peer to restart. configure router isis graceful-restart help-peer [no] Modifies the graceful-restart parameters for IS-IS to wait the specified configure router isis graceful-restart interface wait <INT> time to establish adjacencies before completing the start/restart. Use configure router isis graceful-restart interface [no] the second command to negate the wait time. Modifies the graceful-restart parameters for IS-IS for the maximum time before completing the restart procedures. configure router isis graceful-restart t3 <INT> [no] Configures the routing level. configure router isis is-type [no] Configures the generation rate of the LSPs. configure router isis lsp-gen-interval [no] Configures the link-state-packet (LSP) refresh interval. configure router isis lsp-refresh-interval [no] Configures the maximum time that link-state-packets (LSPs) can remain in a router’s database without being refreshed. configure router isis max-lsp-lifetime [no] Configures the type of metric the E6000 CER will generate or accept. configure router isis metric-style <narrow | transition | wide> Configures an IS-IS network entity title (NET). NETs define the area addresses for the IS-IS area and the system ID of the router. configure router isis net [no] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-37 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) configure router isis passive-interface cable-mac <mac> [no] configure router isis passive-interface loopbacka <INT> [no] Suppresses routing updates on the specified interface. configure router isis passive-interface ethernet <6-7>/<0-7>[.<0-254>]> [no] Turns on [off] Multi-topology IS-IS configure router isis multi-topology [no] To configure the router to signal other routers not to use it as an intermediate hop in their shortest path first (SPF) calculations, use the setoverload-bit command in router configuration mode. It will cause to configure router isis set-overload-bit originate LSPs with the Overload bit set. This bit will be set if the level1 or level-2 database is running short of a resource such as memory. Disables the administrative state of IS-IS. configure router isis shutdown Configures the IS-IS throttling of shortest path first (SPF) calculations. configure router isis spf-interval [no] Change aggregate addresses for the VRF. configure router isis summary-address [no] The second command is 7.x syntax. configure router isis address-family ipv4 summary-address [no] Change aggregate IPv6 addresses for the VRF. configure router isis address-family ipv6 summary-prefix [no] Displays the IS-IS redistribution information. show ip isis show ip route isis Displays the IPv4 / IPv6 IS-IS route information. show ipv6 route isis Displays IS-IS link state database for the specified VRF. show isis database Displays IS-IS interface status and configuration for the specified VRF. show isis interface Displays IS-IS events specific to a circuit and level for the specified VRF. show isis interface events Displays CLNS neighbor adjacencies for the specified VRF. show isis neighbor [detail] Displays CLNS protocol information for the specified VRF. show isis protocol Displays IS-IS protocol statistics for the specified VRF. show isis traffic Enables tracing of IS-IS router events to the logging history. trace logging router isis [no] a. The loopback interface is always passive. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-38 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Open Shortest Path First version 2 Open Shortest Path First (OSPF) is a dynamic link state routing protocol developed by the Internet Engineering Task Force (IETF) that: • Supports Classless Inter-Domain Routing (CIDR) • Provides for routing update authentication, both simple and MD5 • Uses IP multicast when sending/receiving the updates • Responds quickly to topology changes with a smaller amount of routing protocol traffic. The OSPF specification is published as Request For Comments (RFC) 2328. Link State Routing Protocol Description The OSPF routing protocol maintains a link state database of all subnets available on the network. This includes details about which routers are attached to the links. If a link goes down, the router that is directly attached to it immediately sends a Link State Advertisement (LSA) to its neighbor routers. Information about the link state propagates throughout the network. Each router reviews its database and re-calculates the routing table independently. Routing Metrics A router learns multiple paths to a particular destination network, and chooses the path with the best metric in its routing table. Types of Metrics Issue 1.0, 4 Feb 2013 Different routing protocols use different types of metrics: • Link States. Rather than counting the number of hops as a metric, OSPF bases its path descriptions on link states that take into account additional network information. • Cost Metrics. OSPF also lets the user assign cost metrics to each interface so that some paths are given preference. • User-Defined Cost. OSPF uses a user-defined cost for each interface. This cost is added together for each hop when calculating the cost of a route. This metric could be the same as number of hops if each interface along the route uses a cost of 1. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-39 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Equal Cost MultiPath Routes OSPF also has the concept of Equal Cost MultiPath (ECMP) routes. These are routes to the same dest IP (destination IP address) and prefix which use different next hop IPs but the same cost. The E6000 CER can distribute packets across at most four ECMP routes. ECMP routes can also be used with static routes. The E6000 CER bases its choice of best route on the following order of criteria: 1 Longest prefix 2 Route type (local, netmgmt, OSPF, RIP) 3 Route cost Configuring OSPF This section outlines the tasks required to configure a network and E6000 CER for OSPF. The procedures and commands in this section assume that IP addresses have already been configured for the network and OSPF interfaces. The sequence includes: 1 Reviewing a network diagram for interface information and architecture. 2 Enabling OSPF globally. 3 Configuring the network according to standard configuration parameters: set router id, hello timer, dead timer, network type (broadcast, point-to-point, virtual link), and authentication. 4 Verifying OSPF is running as configured. It is beyond the scope of this document to supply recommendations for reviewing network architecture for all OSPF configuration possibilities; however, the following sections identify the CLI commands required for basic OSPF configuration on the E6000 CER. Procedure 14-4: How to Enable OSPF Use this procedure to enable OSPF on the E6000 CER: 1 Enter the following command to give the default router an identification number: configure router ospf vrf default router-id 1.1.1.1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-40 PRELIMINARY E6000 CER Release 1.0 Where: 2 Dynamic Routing Protocols 1.1.1.1 is the router ID By default, OSPF is disabled for all interfaces. Enabling OSPF for an interface does not affect the global enable/disable state on the E6000 CER. Enter the following command to enable OSPF for an interface: configure router ospf [vrf default] network <ip-address> <inverse mask> area <area-id> Where: network address and area-id can be specified as either a decimal value or as an IP address. The inverse mask is also called the wildcard mask. 3 Enter the following command to advertise routes for the locally connected interfaces (i.e. CAMs) and to redistribute the default ospf route based on metric-types, tags, and subnets: configure router ospf vrf default redistribute connected [metric <int>] [metric-type <type>] [tag <int>] Where: metric (optional) is the metric used for redistributed route. Values 1-4294967295. Default is 1. metric-type (optional) is the external link type associated with the default route advertised into the OSPF routing domain. Values are 1 (internal route) or 2 (external route). Default is 2. tag (optional) is the 32 bit decimal value that OSPF attaches to the external route. Default is 0. 4 By default, OSPF is disabled on the E6000 CER. Enter the following command to enable OSPF: configure router ospf vrf default no shutdown There is no system response if the command is successful. This is a “silent success” command. 5 Validate OSPF status: show ip ospf The output should indicate as follows: Router VRF default with ID 1.1.1.1 Only cost is used when choosing among multiple AS-external-LSAs Exit overflow interval 0 seconds Number of external LSA 0. Checksum 0x0 Number of new originated LSAs 2 Number of received LSAs 5 6 Confirm that OSPF is enabled for the interface: show ip ospf interface Sample output: ethernet 7/0 Router Virtual Interface of Virtual Router: default Internet Address is 192.168.176.2 / 255.255.255.0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-41 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Internet Secondary Address(es): No Secondary Addresses Area ID: 0.0.0.0 Network type: Point-to-point Cost: 1 Transmit delay: 1 Admin state: Enabled Interface state: Point-to-point Priority: 1 Designated router: 0.0.0.0 Backup designated router: 0.0.0.0 Not a graceful-restart helper Timer intervals (in seconds): Hello: 1 Retransmit: 5 Dead: 4 Poll: 120 Counts: Events: 1 LSAs: 0 Authentication Type: None ethernet 7/1 Router Virtual Interface of Virtual Router: default Internet Address is 192.168.177.2 / 255.255.255.0 Internet Secondary Address(es): No Secondary Addresses Area ID: 0.0.0.0 Network type: Point-to-point Cost: 1 Transmit delay: 1 Admin state: Enabled Interface state: Point-to-point Priority: 1 Designated router: 0.0.0.0 Backup designated router: 0.0.0.0 Not a graceful-restart helper Timer intervals (in seconds): Hello: 1 Retransmit: 5 Dead: 4 Poll: 120 Counts: Events: 1 LSAs: 0 Authentication Type: None — End of Procedure — Procedure 14-5: How to Disable OSPF for an Interface CAUTION Care should be exercised when using the following command, because the OSPF network command can be used to enable OSPF on one, some, or all network interfaces. Most instances of OSPF in the field will have a network command for each interface, but some Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-42 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols sites will use network commands for multiple interfaces to save time and reduce commands. Be sure that your “ospf no network” command matches the mask and area of the network interface(s) on which you wish to disable OSPF. 1 Use the following command to disable OSPF for an interface or interfaces: configure router ospf no network <ip-address> <wildcard-mask> area <area-id> Where: ip-address is the IP prefix of the desired network interface. wildcard-mask is the IP address type mask that includes “don’t care bits”. area-id is the area that is to be associated with the OSPF address range. 2 Confirm that OSPF is disabled for the network: show ip ospf interface — End of Procedure — Procedure 14-6: How to Disable OSPF on the E6000 CER 1 Use the following commands to disable OSPF: configure router ospf shutdown 2 Validate OSPF status: show ip ospf The output should include the following line: Router VRF default with ID 1.1.1.1 (disabled) 3 Validate vrf status: show ip vrf Sample output: Virtual Router Details: Name Index =============== ========== default 1 vrf_a 2 OSPF ==== no no RIP === no no ISIS ==== no -- BGP === no -- ICMP-TIME-EXCEEDED ================== no no — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-43 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols CLI Commands for OSPF The following list is meant as summary of the OSPF-related commands. They do not have to be performed in the order listed and not all commands will pertain to your plant and application. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 14-4: List of Commands Related to OSPF Purpose Command Defines an OSPF area as a stub area. External routes can not be imported into these areas. configure router ospf [vrf default] area <area-id> stub [no] Configures an area as a not so stubby area (NSSA). This area allows for generation of type-7 LSAs. configure router ospf [vrf default] area <area-id> nssa [no] Sets up a virtual link between two routers. configure router ospf [vrf default] area <area-id) virtual-link <router-id> [no] configure router ospf [vrf default] passive-interface cable-mac <mac> [no] Suppresses routing updates on the specified interface. configure router ospf [vrf default] passive-interface ethernet <slot> / <port> [no] Configures the time between an OSPF event and the SPF calculation. configure router ospf [vrf default] timer delay-spf <seconds> [no] Valid range is 0-255 seconds. Default = 5. Assigns a password to be used by neighboring routers that are using configure interface ethernet <slot> / <port> ip ospf authentication-key <password> [no] the OSPF simile password authentication. Specifies the set of keys that can be used on the specified interface. configure interface ethernet <slot> / <port> ip ospf authentication key-chain <name> [no] Configures the OSPF md5 key chain. configure interface ethernet <WORD> ip ospf message-digest-key <INT> md5 [<WORD>] [no] Specifies the interval between hello packets that the software sends configure interface ethernet <slot>/<port> ip ospf hello-interval on the interface.The valid range in seconds = 1-65535 and the default <interval> [no] is set at 10 seconds. Sets the interval at which hello packets must not be seen before neighbors declare the router down. The deal interval must be greater than the hello interval. It is recommended that the dead interval be set to a value greater than two times the hello interval. Issue 1.0, 4 Feb 2013 configure interface ethernet <slot>/<port> ip ospf dead-interval <interval> [no] © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-44 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Automatically deletes the neighbors when adjacency is lost. configure interface ethernet <slot>/<port> ip ospf auto-delete-neighbor [no] Specifies the cost of sending a packet on the interface. configure interface ethernet <slot>/<port> ip ospf cost <metric> [no] Configures the OSPF network type to either a broadcast or point-topoint network. NOTE: configure interface ethernet <slot>/<port> ip ospf network <type> [no] You must shutdown OSPF before changing network types. configure interface ethernet <slot>/<port> ip ospf priority <priority> [no] Sets the router priority. Specifies the time between link-state advertisement (LSA) retransmis- configure interface ethernet <slot>/<port> ip ospf retransmit interval <interval> [no] sions for adjacencies belonging to the interface. Sets the estimated time it takes to transmit a link state update. configure interface ethernet <slot>/<port> ip ospf transmit-delay <delay time> [no] All cable-mac interfaces must be declared passive. Protocol packets are not sent or received on passive interfaces. configure router ospf vrf <vrf name> passive-interface cable-mac <mac> Displays the OSPF interface information. show ip ospf interface Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-45 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Open Shortest Path First version 3 Open Shortest Path First version 3 (OSPFv3) is an IETF link-state protocol specifically for IPv6 routers. NOTE: OSPFv3 is described in RFC 5340. Comparison of OSPFv3 and OSPFv2 Much of the OSPFv3 protocol is the same as in OSPFv2. The key differences between the OSPFv3 and OSPFv2 protocols are as follows: • OSPFv3 only provides support for IPv6 routing prefixes and will handle the larger size IPv6 addresses. OSPFv2 only supports IPv4 routing. • LSAs in OSPFv3 are expressed as prefix and prefix length. OSPFv2 uses address and mask. • The router ID and area ID are 32-bit numbers, which is the same as in OSPFv2, with no relationship to IPv6 addresses. • OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features. • OSPFv3 uses IPSec for authentication and OSPFv2 uses MD5. • OSPFv3 redefines LSA types. The E6000 CER supports running both OSPFv2 and OSPFv3 at the same time, including running the protocols on the same interface. It will also support passive interfaces on the: • Cable side. • Network side. • Loopback interfaces. OSPFv3 on the E6000 CER supports point-to-point links, but does not support point to multipoint links. Discovering Neighboring Routers An OSPFv3 router sends a special message, called a Hello packet, out each OSPF-enabled interface to discover other OSPFv3 neighbor routers. Once a neighbor is discovered, the two routers compare information in the Hello packet to determine if the routers have compatible configurations. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-46 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Establishing Adjacency The neighboring routers attempt to establish adjacency, which means that the routers synchronize their Link-State Databases (LSDBs) to ensure that they have identical OSPFv3 routing information. Link-State Advertisements Adjacent routers share Link-State Advertisements (LSAs) that include information about: • The operational state of each link. • The cost of the link. • Any other neighbor information. The routers then flood these received LSAs out every OSPF-enabled interface so that all OSPFv3 routers eventually have identical LSDBs. When all OSPFv3 routers have identical LSDBs, the network is converged. Each router then uses “Dijkstra's” Shortest Path First (SPF) algorithm to build its route table. NOTE: OSPFv3 networks can be divided into separate areas which helps reduce the CPU and memory requirements for an OSPFenabled router because routers send most LSAs only within one area. Hello Packets OSPFv3 routers periodically send Hello packets on every OSPF-enabled interface. The Hello interval determines how frequently the router sends these Hello packets, and is configured per interface. Determining Compatibility An OSPFv3 interface that receives Hello packets determines if the settings are compatible with the receiving interface settings. Compatible interfaces are considered neighbors, and are added to the neighbor table. Tasks OSPFv3 uses Hello packets for the following tasks: Issue 1.0, 4 Feb 2013 • Neighbor discovery • “Keepalive” messages • Bidirectional communications • Designated router election © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-47 PRELIMINARY E6000 CER Release 1.0 Packet Contents Dynamic Routing Protocols The Hello packet contains information about the: • Originating OSPFv3 interface and router. • Instance ID and interface ID. • Hello interval. • Optional capabilities of the originating router. Hello packets also include a list of router IDs for the routers that the originating interface has communicated with. If the receiving interface sees its own router ID in this list, then bidirectional communication has been established between the two interfaces. Keepalive Message OSPFv3 uses Hello packets as a “keepalive” message to determine if a neighbor is still communicating. If a router does not receive a Hello packet by the configured dead interval (usually a multiple of the Hello interval), then the neighbor is removed from the local neighbor table. Fast Hello Packets The OSPFv3 support for Fast Hello Packets provides a way to configure the sending of Hello packets in intervals of less than one second. Such a configuration will result in faster convergence in an OSPF network. Interval Settings Setting the dead interval to one second will turn on the Fast Hello feature with the default value of 5 for the Hello multiplier (200 ms Hello interval). The Hello multiplier is not configurable for OSPFv3. Equal Cost Multipath Routing protocols can use ECMP to share traffic across multiple paths. When a router learns multiple routes to a specific network, it installs the route with the lowest administrative distance in the routing table. If the router receives and installs multiple paths with the same administrative distance and cost to a destination, ECMP can occur. Path Number Limit The number of paths used is limited by the number of entries that the routing protocol puts in the routing table. The E6000 CER supports up to a maximum of four equal cost routes. Best Choice Route The E6000 CER bases its choice of best route based on the following order of criteria: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-48 PRELIMINARY E6000 CER Release 1.0 1 Longest prefix. 2 Administrative Distance based on route type. For example, connected, static, ISIS, BGP. 3 Route cost. Dynamic Routing Protocols Neighbors An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. Compatibility Match The two OSPFv3 interfaces must match the following criteria: • Hello interval • Dead interval • Area ID • Authentication • Instance ID • Optional capabilities If there is a match, the following information is entered into the neighbor table: State Sequence Neighbor ID. The router ID of the neighbor router. • Priority. Priority of the neighbor router. The priority is used for designated router. • State. Indication of whether the neighbor has just been heard from, is in the process of setting up bidirectional communications, is sharing the link-state information, or has achieved full adjacency. • Dead Time. Indication of how long since the last Hello packet was received from this neighbor. • Link-local IPv6 Address. The link-local IPv6 address of the neighbor. • Designated Router. Indication of whether the neighbor has been declared the designated router or backup designated router. • Local Interface. The local interface that received the Hello packet for this neighbor. For a better understanding of this section, see RFC 2178, Section 10.1, Neighbor States. OSPF neighbor state machine in order to understand state changes. See When the first Hello packet is received from a new neighbor: 1 Issue 1.0, 4 Feb 2013 • The neighbor is entered into the neighbor table in the init state. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-49 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols 2 When bidirectional communication is established, the neighbor state becomes two-way as the two interfaces exchange their linkstate databases. 3 Finally, the neighbor moves into the full state, signifying full adjacency. If the E6000 CER fails to receive any Hello packets from a neighbor for the length of the dead-interval, that adjacency is broken and considered down" . Adjacency Not all neighbors establish adjacency. Depending on the network type and designated router establishment, some neighbors become fully adjacent and share LSAs with all their neighbors, while other neighbors do not. Adjacency is established using: • Database Description Packets. The Database Description packet includes just the LSA headers from the link-state database of the neighbor. The local router compares these headers with its own link-state database and determines which LSAs are new or updated. • Link State Request Packets. The local router sends a Link State Request packet for each LSA for which it needs new or updated information. • Link State Update Packets. The neighbor responds with a Link State Update packet. This exchange continues until both routers have the same link-state information. Router Types Networks with multiple routers present a unique situation for OSPFv3. If every router floods the network with LSAs, the same linkstate information will be sent from multiple sources. Designated Router Depending on the type of network, OSPFv3 might use a single router, the Designated Router (DR), to control the LSA floods and represent the network to the rest of the OSPFv3 area. DRs are based on a router interface. A router might be the DR for one network and not for another network on a different interface. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-50 PRELIMINARY E6000 CER Release 1.0 Backup Designated Router If the DR fails, OSPFv3 will promote the Backup Designated Router (BDR) to DR. Network Types Network types are as follows: Router Selection Dynamic Routing Protocols • Point-to-point. A network that exists only between two routers. All neighbors on a point-to-point network establish adjacency and there is no DR. • Broadcast. A network with multiple routers that can communicate over a shared medium that allows broadcast traffic such as Ethernet. OSPFv3 routers establish a DR and BDR that controls LSA flooding on the network. OSPFv3 uses the well-known IPv6 multicast addresses, FF02::5, and a MAC address of 33:33:00:00:00:05 to communicate with neighbors. The DR and BDR are selected based on the information in the Hello packet. When an interface sends a Hello packet, it sets the priority field and the DR and BDR field if, it can identify the DR and BDR. To accomplish this, the routers follow an election procedure based on which the routers declare themselves in the following: • The DR and BDR fields • The priority field of the Hello packet. As a final alternative, OSPFv3 chooses the highest router IDs as the DR and BDR. All other routers establish adjacency with the DR and the BDR and use the IPv6 multicast address FF02::6 and MAC address 33:33:00:00:00:06 to send LSA updates to the DR and BDR. Designated Router Configuration It is recommended that the following command is issued on each interface with an OSPFv3 broadcast network type. By setting the priority to 0, as shown in the example, the E6000 CER will not participate in DR elections: configure interface ethernet <slot>/<port> ipv6 ospf priority 0 NOTE: ARRIS recommends that the E6000 CER not be configured as a designated router by means of this command. Areas An area is a logical division of routers and links within an OSPFv3 domain that creates separate subdomains. By dividing an OSPFv3 network into areas and limiting the numbers of LSAs per area, the CPU and memory requirements can be reduced. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-51 E6000 CER Release 1.0 PRELIMINARY LSA Flooding LSA flooding is contained within an area, and the link-state database is limited to links within the area. Area ID You can assign an area ID to the interfaces within the defined area. The area ID is a 32-bit value that can be expressed as a number or in a dotted decimal notation, such as 10.2.3.1. Backbone Area If you define more than one area in an OSPFv3 network, you must also define the backbone area, which has the reserved area ID of 0. The backbone area sends summarized information about one area to another area. Area Border Routers If you have more than one area, then one or more routers become Area Border Routers (ABRs). An ABR connects to both the backbone area and at least one other defined area. Dynamic Routing Protocols The ABR has a separate link-state database for each area to which it connects. The ABR sends Inter-Area Prefix (type 3) LSAs from one connected area to the backbone area. Autonomous System Boundary Router OSPFv3 defines one other router type: the Autonomous System Boundary Router (ASBR). This router connects an OSPFv3 area to another Autonomous System (AS). An AS is a network controlled by a single technical administration entity. OSPFv3 can redistribute its routing information into another AS or receive redistributed routes from another AS. Link-State Advertisement OSPFv3 uses link-state advertisements (LSAs) to build its routing table. LSA Types The following tables contains the various LSA Types. Table 14-5: LSA Types Name Router LSA Issue 1.0, 4 Feb 2013 Description LSA sent by every router. This LSA includes state and cost of all links. Does not include prefix information. Router LSAa trigger an SPF recalculation. Router LSAs are flooded to the local OSPFv3 area. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-52 PRELIMINARY E6000 CER Release 1.0 Name Dynamic Routing Protocols Description Network LSA LSA sent by the DR. Lists all routers in the multi-access network. This LSA does not include prefix information. Network LSAs trigger an SPF recalculation. Inter-Area Prefix LSA LSA sent by the area border router to an external area for each destination in local area. This LSA includes the link cost from area the border router to the local destination. Inter-Area Router LSA LSA sent by the area border router to an external area. This LSA advertises the link cost to the ASBR only. Link Cost AS External LSA LSA generated by the ASBR. This LSA includes the link cost to an external autonomous system destination. AS External LSAs are flooded throughout the autonomous system. Type-7 LSA LSA generated by the ASBR within an NSSA. This LSA includes the link cost to an external autonomous system destination. Type-7 LSAs are flooded only within the local NSSA. Link LSA LSA sent by every router, using a link-local flooding. This LSA includes the link-local address and IPv6 prefixes for this link. Intra-Area Prefix LSA LSA sent by every router. This LSA includes any prefix or link state changes within an area. Intra-Area Prefix LSAs are flooded to the local OSPFv3 area. This LSA does not trigger an SPF recalculation. Each OSPFv3 interface is assigned a link cost. The link cost is: • An arbitrary number. By default, the E6000 CER assigns a cost of one to each interface. • Configurable by the user. • Carried in the LSA updates for each link. Displaying Cost of Route The cost of the route is the sum of the interface costs which can be displayed by the following command: Flooding OSPFv3 floods LSA updates to different sections of the network depending on the LSA type. OSPFv3 uses the following flooding scopes: show ipv6 route • Link-local. LSA is flooded only on the local link, and no further. Used for Link LSAs and Grace LSAs. • Area-local. LSA is flooded throughout a single OSPF area only. Used for Router LSAs, Network LSAs, Inter-Area-Prefix LSAs, Inter-Area-Router LSAs, and Intra-Area-Prefix LSAs. • AS scope. LSA is flooded throughout the routing domain. Used for AS External LSAs. LSA flooding guarantees that all routers in the network have identical routing information. LSA flooding depends on the OSPFv3 area configuration. The LSAs are flooded based on the link-state refresh time (every 30 minutes by default). Each LSA has its own linkstate refresh time. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-53 PRELIMINARY E6000 CER Release 1.0 Link-State Database Dynamic Routing Protocols Each router maintains a link-state database for the OSPFv3 network. This database contains all the collected LSAs, and includes information on all the routes through the network. OSPFv3 uses this information to calculate the best path to each destination and populates the routing table with these best paths. LSAs are removed from the link-state database if no LSA update has been received within a set interval, called the MaxAge. Routers flood a repeat of the LSA every 30 minutes to prevent accurate link-state information from being aged out. VRF Requirements OSPFv3 only runs in the default VRF on the E6000 CER. Stub Area The amount of external routing information that floods an area can be limited by making it a stub area. A stub area is an area that does not allow AS External (type 5) LSAs. These LSAs are usually flooded throughout the local AS to propagate external route information. Not-So-Stubby Area A Not-So-Stubby Area (NSSA) is similar to the stub area, except that an NSSA allows you to import autonomous system external routes within an NSSA using redistribution. NOTE: The backbone Area 0 cannot be an NSSA. Route Summarization Because OSPFv3 shares all learned routes with every OSPFv3-enabled router, route summarization can be used to reduce the number of unique routes that are flooded to every OSPFv3-enabled router. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-54 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Simplified Routing Tables Route summarization simplifies routing tables by replacing more-specific addresses with an address that represents all the specific addresses. For example, you can replace 2010:11:22:0:1000::1 and 2010:11:22:0:2000:679:1 with one summary address, 2010:11:22::/32. Guidelines Typically, you would summarize at the boundaries of Area Border Routers (ABRs). Although, it is acceptable to configure summarization between any two areas, it is better to summarize in the direction of the backbone so that the backbone receives all the aggregate addresses and injects them, already summarized, into other areas. Inter-Area Route Summarization Inter-area route summarization summarizes routes on ABRs between areas in the autonomous system. To take advantage of summarization, network numbers should be assigned in areas in a contiguous way to be able to lump these addresses into one range. External Route Summarization External route summarization is specific to external routes that are injected into OSPFv3 using route redistribution. Ensure that external ranges that are being summarized are contiguous. NOTE: Safeguard Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. When a summary address is configured, the E6000 CER automatically configures a discard route for the summary address to prevent routing black holes and route loops. Configuring OSPFv3 for IPv6 OSPFv3 for IPv6 is enabled by specifying an OSPFv3 router ID and an area at the interface configuration level. The configuration process includes: • Configure the OSPFv3 router-id. • Enabling OSPFv3 globally. • Configuring the network according to standard configuration parameters: set router id, hello timer, dead timer, and network type (broadcast, point-to-point, virtual link). • Verifying OSPFv3 is running as configured. NOTE: Issue 1.0, 4 Feb 2013 It is beyond the scope of this User Guide to supply recommendations for reviewing network architecture for all OSPFv3 configuration possibilities. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-55 PRELIMINARY E6000 CER Release 1.0 Passive Interface Configuration Dynamic Routing Protocols Cable-side interfaces are advertised in OSPFv3 by configuring these interfaces as passive interfaces in order to suppress the unnecessary hellos that would be sent on the downstream. This could also reduce the number of LSAs needed to advertise all the cableside interface addressees. Procedure 14-7: Configuring OSPFv3 with Cable-side Interfaces as Passive Interfaces OSPFv3 requires the user to define the router ID and will not allow OSPFv3 to come into service until then. Use the following steps to enable OSPFv3 as a passive interface on the E6000 CER: 1 Enter the following command to configure the router ID: configure ipv6 router ospf router-id 1.1.1.1 Where: NOTE: 2 1.1.1.1 is the unique router id If the router-id is not provisioned, OSPFv3 will not be allowed to come into service. Enter the following command to enable OSPFv3 for an specified interface: configure interface {cable-mac <mac> | loopback <0-15> | ethernet <slot>/<port>} ipv6 ospf area <word> Where: cable-mac <mac> is the MAC identifier. loopback <0-15> is the loopback interface number. ethernet <slot>/<port> is the RSM slot number/port number of the specified interface. word is the area ID. It can be specified as either an IP address or decimal value. 3 Whenever a user enables a cable-side interface, the user should also configure the interface as a passive interface: configure ipv6 router ospf passive-interface {cable-mac <mac> | loopback <0-15> | ethernet <slot>/<port>} NOTE: 4 The cable-mac and loopback interfaces are generally configured as passive interfaces to suppress hello packets that would otherwise be sent on the downstream. By default, OSPFv3 is disabled on the E6000 CER. Enabling OSPFv3 for an interface does not affect the global enable/disable state on the E6000 CER. Enter the following command to enable OSPFv3: configure ipv6 router ospf no shutdown There is no system response if the command is successful. This is a “silent success” command. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-56 PRELIMINARY E6000 CER Release 1.0 NOTE: Dynamic Routing Protocols To again disable OSPFv3 the same command form is entered as follows: configure ipv6 router ospf shutdown 5 Confirm that OSPFv3 is enabled for the interface: show ipv6 ospf interface Sample output: ethernet 7/0.0 Link-local address Global unicast address(es) Area ID: 0.0.0.0 Network type: Cost: Transit delay: Admin state: Interface state: Priority: Designated router: Backup designated router: 6 Broadcast 1 1 Enabled UP 1 0.0.0.0 : FE80::201:5CFF:FE22:9420/10 : 2001::201:5CFF:FE22:9420 Timer intervals (in seconds): Hello: 10 Retransmit: 5 Dead: 40 Poll: 120 Counts: Events: 0 LSAs: 0 0.0.0.0 Enter the following command to disable OSPFv3 for an specific interface or interfaces: configure interface {cable-mac <mac> | loopback <0-15> | ethernet <slot>/<port>} ipv6 ospf no Where: cable-mac <mac> is the MAC identifier. loopback <0-15> is the loopback interface number. ethernet <slot>/<port> is the RSM slot number/port number of the specified interface. 7 Confirm that OSPFv3 is disabled for the interface: show ipv6 ospf interface — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-57 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Summary of CLI Commands for OSPFv3 Below is a table listing many of the CLI commands that you will use in configuring and using OSPFv3. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 14-6: List of Commands Related to OSPFv3 Purpose Command Global commands: To enable [disable] OSPFv3. configure ipv6 router ospf shutdown [no] Configures router ID. configure ipv6 router ospf router-id <a.b.c.d> [no] Defines this router as an autonomous border router. configure ipv6 router ospf as-border-router [no] Configures the administrative distance for OSPFv3 routes. configure ipv6 router ospf distance <int> [no] Configures the administrative distance for external OSPFv3 routes. configure ipv6 router ospf distance <int> ospf external <int> Suppresses sending OSPFv3 packets on the specified interface. configure ipv6 router ospf passive-interface {cable <word> | cable-mac <word> | ethernet <word>} [no] Area Commands: To configure an OSPFv3 area configure ipv6 router ospf area <word> [no] To configure the default cost for an area. configure ipv6 router ospf area default-cost [no] To configure an area as a not-so-stubby area (NSSA) configure ipv6 router ospf area <word> nssa [no-summary] [no] Consolidates and summarizes routes at an area boundary. configure ipv6 router ospf area <word> range <word> [no] Sets the address range status to advertise and generates a Type 3 summary LSA. configure ipv6 router ospf area <word> range <word> advertise [no] Sets the address range status to DoNotAdvertise. Type 3 summary LSAs are suppressed. configure ipv6 router ospf area <word> range <word> not-advertise [no] Defines an area as a stub area. configure ipv6 router ospf area <word> stub [no-summary] [no] Interface Commands: Configures an OSPFv3 area on the specified interface. configure interface {cable <word> | cable-mac <word> | loopback <int> | ethernet <word>} ipv6 ospf area <word> [instance <int>] [no] Configures the cost of sending a packet on the specified interface for configure interface {cable <word> | cable-mac <word> | loopback <int> | ethernet <word>} ipv6 ospf cost [<int>] [no] the OSPFv3 router process. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-58 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Configures the interval after which a neighbor is declared dead when configure interface {cable <word> | cable-mac <word> | ethernet <word>} ipv6 ospf dead-interval [<int>] [no] no hello packets are seen on the specified interface. Configures the interval between hello packets sent on the specified interface. configure interface {cable <word> | cable-mac <word> | ethernet <word>} ipv6 ospf hello-interval [<int>] [no] Configures whether the OSPFv3 router process checks if neighbors configure interface {cable <word> | cable-mac <word> | ethernet <word>} are using the same maximum transmission unit (MTU) on the speciipv6 ospf mtu-ignore [no] fied interface when exchanging data base descriptor (DBD) packets. Configures the OSPF network type to a type other than the default configure interface {cable <word> | cable-mac <word> | ethernet <word>} for a given media. Current supported type is broadcast or point-toipv6 ospf network <list> [no] point. Configures the router priority on the specified OSPFv3 interface. configure interface {cable <word> | cable-mac <word> | ethernet <word>} ipv6 ospf priority <int> [no] Configures the time between link-state advertisement (LSA) retrans- configure interface {cable <word> | cable-mac <word> | ethernet <word>} missions for adjacencies belonging to the specified OSPFv3 interface. ipv6 ospf retransmit-interval <int> [no] Configures the estimated time required to send a link-state update packet on the specified OSPFv3 interface. Issue 1.0, 4 Feb 2013 configure interface {cable <word> | cable-mac <word> | ethernet <word>} ipv6 ospf transmit-interval <int> [no] © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-59 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Show Commands: Displays the route redistributions. show ipv6 ospf <word> Displays the OSPF area information. show ipv6 ospf area Displays the OSPF database information. show ipv6 ospf database Displays the OSPF database information filtered by the Advertising Router [as an IP address]. show ipv6 ospf database adv-router <a.b.c.d> Displays the OSPF database external link states by link state ID or IPv6 show ipv6 ospf database external {<0-4292967295> | <X:X:X:X::X/<0-128>} prefix. Displays the OSPF database external link states filtered by the Adver- show ipv6 ospf database external {<0-4292967295> | <X:X:X:X::X/<0-128>} adv-router <a.b.c.d> tising Router (as an IP address). Displays the OSPF database inter-area prefix link states by link state show ipv6 ospf database inter-area prefix {<0-4292967295> | <X:X:X:X::X/<0-128>} ID or IPv6 prefix. Displays the OSPF database inter-area prefix link states filtered by the show ipv6 ospf database inter-area prefix {<0-4292967295> | <X:X:X:X::X/<0-128>} adv-router <a.b.c.d> Advertising Router (as an IP address). Displays the OSPF database inter-area router link states by link state show ipv6 ospf database inter-area router {<0-4292967295> | <X:X:X:X::X/<0-128>} ID. Displays the OSPF database inter-area router link states filtered by the Advertising Router (as an IP address). show ipv6 ospf database inter-area router {<0-4292967295> | <X:X:X:X::X/<0-128>} adv-router <a.b.c.d> Displays the OSPF database link by link state ID. show ipv6 ospf database link [<0-4292967295>] Displays the OSPF database link filtered by the Advertising Router (as show ipv6 ospf database link [<0-4292967295>] adv-router <a.b.c.d> an IP address). Displays the OSPF network link by link state ID. show ipv6 ospf database network [<0-4292967295>] Displays the OSPF network link filtered by the Advertising Router (as show ipv6 ospf database network [<0-4292967295>] adv-router <a.b.c.d> an IP address). Displays the OSPF database nssa-external link states by link state ID show ipv6 ospf database nssa-external {<0-4292967295> | <X:X:X:X::X/<0-128>} or IPv6 prefix. Displays the OSPF database nssa-external link states filtered by the Advertising Router (as an IP address). show ipv6 ospf database nssa-external {<0-4292967295> | <X:X:X:X::X/<0-128>} adv-router <a.b.c.d> Displays the OSPF database prefix link by link state ID. show ipv6 ospf database prefix [<0-4292967295>] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-60 PRELIMINARY E6000 CER Release 1.0 Purpose Dynamic Routing Protocols Command (Continued) Displays the OSPF database prefix link filtered by the Advertising Router (as an IP address). show ipv6 ospf database prefix [<0-4292967295>] adv-router <a.b.c.d> Displays the OSPF database router link by link state ID. show ipv6 ospf database router [<0-4292967295>] Displays the OSPF database router link filtered by the Advertising Router (as an IP address). show ipv6 ospf database router [<0-4292967295>] adv-router <a.b.c.d> Displays a summary of OSPF database. show ipv6 ospf database summary Displays the OSPF interface information. show ipv6 ospf interface [brief] Displays only the specified cable OSPF interface information. show ipv6 ospf interface [brief] cable [<word>] Displays only the specified cable-mac OSPF interface information. show ipv6 ospf interface [brief] cable-mac [<word>] Displays only the specified ethernet OSPF interface information. show ipv6 ospf interface [brief] ethernet [<word>] Displays only the specified loopback OSPF interface information. show ipv6 ospf interface [brief] loopback [<int>] Displays only the specified ethernet OSPF interface information. show ipv6 ospf interface [brief] ethernet [<word>] Displays the OSPF neighbor information by either the neighbor ID or show ipv6 ospf neighbor [<a.b.c.d>] [detail] detail of all neighbors. Displays the OSPF neighbor information via the specified ethernet interface. show ipv6 ospf neighbor [detail] ethernet <word> Displays the OSPF route table entries. show ipv6 route ospf [vrf <vrf-name>] [include-inactive] [detail] ospf Logging Enables/disables detailed logging. trace logging router ospf [no] CAUTION This command creates extensive protocol message logging. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-61 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Routing Information Protocol Routing Information Protocol (RIP) is a distance vector routing protocol. Because it learns routes dynamically without provisioning, RIP requires little overhead and is easy to implement. It remains a popular routing protocol, especially for small networks. NOTES: The E6000 CER does not support RIP version 1 (RIPv1). If the E6000 CER is connected to a router that supports only RIPv1, problems result because the E6000 CER is unable to decipher the information that is communicated by a RIPv1 router. RIP supports only IPv4. RIP version 2 RIP version 2 (RIPv2) is compatible with the E6000 CER. Unlike RIPv1 it supports subnet masks and Message Digest 5 (MD5) authentication. For more information on this standard, see RFCs 2453 and 1058. Hop Count RIP uses a single criterion (hop count) for determining the best available route. Each route in a RIP routing table is assigned a hop count of 1-16. A value of 15 hops is the longest route permitted; once the hop count value reaches 16 the route is considered unreachable. Routing Update Management The following applies as regards to the management of routing updates: Issue 1.0, 4 Feb 2013 • Entries in the RIP routing tables are dynamically updated as needed. • As the topology of a network changes, some routes will become invalid. • RIP uses “aging” algorithms to eliminate invalid routes from its tables. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-62 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols RIP Enable and Disable The following RIP-related enable and disable tasks, along with their associated commands are grouped for convenience. This is not intended to be a step-by-step procedure. Enabling RIP on the E6000 CER By default, RIP is disabled on the E6000 CER. Enter the following command to enable RIP: configure router rip shutdown no The system will respond: RIP has been enabled Validate RIP status: show ip vrf Virtual Router Details: Name Index =============== ========== default 1 Disabling RIP on the E6000 CER OSPF ==== no RIP === yes ISIS ==== no BGP === no ICMP-TIME-EXCEEDED ================== no Use the following command to disable RIP: configure router rip shutdown The system will respond: RIP has been disabled Enabling RIP for a Network By default, RIP is disabled for all networks. Enabling RIP for a network does not affect the global enable/disable state on the E6000 CER. To enable RIP for a network, enter the following command: configure router rip network <network address> Where: Issue 1.0, 4 Feb 2013 network address is the IP prefix of the desired network. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-63 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Confirm that RIP is enabled for the network: show ip rip The output should look something like the following: RIP Interfaces Interface VRF 10.71.0.2 default 10.71.64.2 default Df Met 1 1 Auth Mode disabled disabled State active disabled In this instance, an interface with an IP address 10.71.0.2 is actively running RIP. This interface is part of a network which was enabled (10.71.0.0, for example). NOTE: Disabling RIP for a Network Secondary interfaces on RIP-enabled primary interfaces are automatically set to passive. Use the following command to disable RIP for the default VRF network: configure router rip network <network address> no Confirm that RIP is disabled for the network. Following the command is a sample system response: show ip rip The output should look something like the following: VRF Status default enabled RIP Interfaces Interface VRF Df Met Auth Mode State 10.41.1.2 default 0 disabled active RIP Timers VRF default: Update interval is set to 30 seconds. VRF default: Route invalidation interval is set to 180 seconds. VRF default: Route flush interval is set to 120 seconds. In this instance, an interface with an IP address 10.71.0.2 is not running RIP. This interface is part of a network which was disabled (10.71.0.0 for example). Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-64 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols RIP Passive Mode Operation In order for an interface to receive and process RIP messages, but not advertise its routes, system administrators can enable passive RIP mode operation. By the same token, this passive RIP mode of operation can be disabled. The following RIP passive mode related enable and disable tasks, along with their associated commands are grouped for convenience. This is not intended to be a step-by-step procedure. Enabling RIP Passive Mode To enable RIP passive mode on an interface, enter the following command: configure router rip [vrf <name>] passive-interface {cable-mac <mac> | default | ethernet <slot/port>} Where: cable-mac <mac> is the MAC identifier. default sets all RIP enabled interfaces to be passive. ethernet <slot>/<port> is the RSM slot number/port number of the specified interface. Confirm that RIP is running in passive mode on an interface: show ip rip The output should look similar to the following: RIP Interfaces Interface VRF 10.71.0.2 default 10.71.64.2 default Df Met 1 1 Auth Mode disabled disabled State passive disabled In this instance, an interface with an IP address 10.71.0.2 is running RIP in passive mode. Disabling RIP Passive Mode Use the following command to disable the RIP passive mode previously set on an interface: configure router rip passive-interface {cable-mac <mac> | default | ethernet <slot/port>} no The system will respond: RIP interface disabled Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-65 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Default Route Processing By default, each interface running RIP advertises an available default route, static or learned via RIP, with a metric of 1. Because default route propagation must be controlled carefully, system administrators can set the metric to be used for default route advertisements on a per interface basis. If the default route metric is set to 0, the default route is not advertised. The following default route metric tasks, along with their associated commands are grouped for convenience. This is not intended to be a step-by-step procedure. Setting Default Route Metric Use the following command to set the default route metric: configure interface {cable-mac <mac> | default | ethernet <slot/port>} ip rip default-metric <0-15> Where: cable-mac <mac> is the MAC identifier. default sets all RIP enabled interfaces to be passive. ethernet <slot>/<port> is the RSM slot number/port number of the specified interface. 0-15 are default metrics available. The original default metric is 0. Verify that the default metric is changed to match the value entered: show ip rip The output should look similar to the following: VRF Status default enabled RIP Interfaces Interface VRF 10.62.1.2 default RIP VRF VRF VRF Df Met 0 Auth Mode text State active Timers default: Update interval is set to 30 seconds. default: Route invalidation interval is set to 180 seconds. default: Route flush interval is set to 120 seconds. Plain Text Authentication Plain text authentication may be enabled for each active or passive interface running RIP in order to add security to RIP communication. By default it is disabled on each interface. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-66 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols The following plain text authentication tasks, along with their associated commands are grouped for convenience. This is not intended to be a step-by-step procedure. Enabling Plain Text Authentication Enter the following command to enable plain text authentication for a given interface: configure interface {cable-mac <mac> | ethernet <slot/port>} ip rip authentication mode text Where: cable-mac <mac> is the MAC identifier. ethernet <slot>/<port> is the RSM slot number/port number of the specified interface. The system will respond: Authentication mode is plain text Creating Plain Text Key Enter the following command to set authentication: configure interface {cable-mac <mac> | ethernet <slot/port>} ip rip authentication key <testkey1> Where: NOTE: testkey1 is a 1-16 character text string used for authentication. The key can be up to 16 characters long. Every RIP message sent on this interface contains this key and every incoming message’s validation is dependent on its having this key. Confirm that the interface is set up to do plain text authentication: show ip rip The output should look similar to the following: VRF Status default enabled RIP Interfaces Interface VRF 10.62.1.2 default RIP VRF VRF VRF Df Met 0 Auth Mode text State active Timers default: Update interval is set to 30 seconds. default: Route invalidation interval is set to 180 seconds. default: Route flush interval is set to 120 seconds. End of example Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-67 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols MD5 Digest Authentication Message Digest 5 (MD5) authentication may be enabled for each active or passive interface running RIP in order to add security to RIP communication. By default it is disabled on each interface. Encrypted Packets Message Digest 5 (MD5) authentication allows a System Administrator to encrypt RIPv2 packets based on an interface-specific key. This key is used to generate an MD5 hash which is appended to all outgoing RIP packets originating from the E6000 CER. Routers that receive these encrypted RIPv2 packets must have the same key associated with the incoming interface. The key is used to verify the MD5 of each encrypted packet. Similarly, all RIPv2 packets that are received by the E6000 CER interfaces for which MD5 is enabled must have the key associated with that interface applied to all RIPv2 packets. These encrypted packets allow the E6000 CER to communicate securely with other routers in the network. Invalid Encryption If a router or host attempts to provide the E6000 CER with RIP information and it does not have the correct MD5 hash, the packet is dropped and an error message is logged. Time-of-Day The RIP protocol requires a sequence number to increase monotonically based on the time-of-day. This key is used to generate an MD5 hash over the entire RIP message plus the concatenated plain-text key which is appended to all outgoing RIP packets originating from the E6000 CER. Any out-of-sequence number violates the monotonic sequence rule and the packet will be discarded. The E6000 CER uses its system time as the MD5 message sequence number. As a result, exercise caution when changing the system time to an earlier time. If the E6000 CER is running RIPv2 with MD5 authentication and the system time is changed to an earlier time, communication with peer routes cease until either the system time reaches it previous point, or all the RIP routes age out of the routing tables on the E6000 CER. Time-Out Limit Issue 1.0, 4 Feb 2013 RIP routes sent by the E6000 CER to adjacent peer routers age out (time-out) five minutes after the last authenticated RIP message was received. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-68 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Single or Multiple Keys For RIP with MD5 to interoperate with other routers, the external router must be set up to send and receive either using one key or multiple keys. Single Key Authentication For single key MD5 authentication, the system administrator can define a single key for a specified physical interface. This interface uses an infinite send and receive lifetime key and, therefore, never ages out. In this configuration, the key ID associated with the key must be set to 0 on all peer routers. If a router receives a RIP message with a non-matching key, it identifies the authentication mismatch and drops the message. Procedure 14-8: How to Enable Single Key Authentication Use this procedure to configure single key MD5 authentication. 1 Set the single key authentication node on the physical interface: configure interface {cable-mac <mac> | ethernet <slot/port>} ip rip authentication mode md5 Where: cable-mac <mac> is the MAC identifier. ethernet <slot>/<port> is the RSM slot number/port number of the specified interface. The system will respond: Authentication mode is keyed MD5 digest 2 Create the MD5 key: configure interface {cable-mac <mac> | ethernet <slot>} ip rip authentication key <key> Where: NOTE: 3 key is a text string 1-16 characters long used for the key id. The key can be up to 16 characters long. Every RIP message sent on this interface contains a digest and every incoming message received is validated based on its digest. Confirm that the interface is set up to do MD5 digest authentication: show ip rip The output should look similar to the following: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-69 PRELIMINARY E6000 CER Release 1.0 VRF Status default enabled RIP Interfaces Interface VRF 10.62.1.2 default RIP VRF VRF VRF Df Met 0 Auth Mode text Dynamic Routing Protocols State active Timers default: Update interval is set to 30 seconds. default: Route invalidation interval is set to 180 seconds. default: Route flush interval is set to 120 seconds. — End of Procedure — Multiple Key Authentication For multiple key authentication you need only assign a key chain that has been configured with more than one key. Otherwise the MD5 functionality works as described in the single key mode. For MD5 to interoperate, the keys and key IDs in the E6000 CER key chain must match the keys in the external router. Procedure 14-9: How to Enable Multiple Key Authentication (i.e., Key Chains) Use this procedure to enable multiple key authentication. 1 Create a key chain and key: configure key chain <key chain name> key <key id> key-string <key> Where: key chain name is a text string up to 16 characters long. key id is a number between 0 and 255. key is a text string up to 16 characters long. Both the key ID and the key defined on the E6000 CER must be the same as the key ID and key defined on the other router. The key chain name used on the E6000 CER does not have to match that of the other router. To remove a key chain and all its keys: configure key chain <key chain name> no 2 Enable MD5 digest authentication with multiple keys for a given interface: configure interface {cable-mac <mac> | ethernet <slot/port> ip rip authentication mode md5 3 Issue 1.0, 4 Feb 2013 Enable the key chain (created in step 1) on the same interface: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-70 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure interface {cable-mac <mac> | thernet <slot/port>} ip rip authentication key-chain <keychain1> Where: NOTE: 4 keychain1 is the name of the key chain to use. The key chain can be up to 16 characters long and determines which key is used for sending and receiving. Confirm that the interface is set-up for MD5 digest authentication: show ip rip The output should look similar to the following: VRF Status default enabled RIP Interfaces Interface VRF 10.62.1.2 default Df Met 0 Auth Mode text State active RIP VRF VRF VRF Timers default: Update interval is set to 30 seconds. default: Route invalidation interval is set to 180 seconds. default: Route flush interval is set to 120 seconds. 5 If desired, remove the keychain/interface assignment: configure interface {cable-mac <mac> | ethernet <slot/port>} ip rip authentication key-chain <keychain1> no 6 If desired, disable MD5 authentication: configure interface {cable-mac <mac> | ethernet <slot/port>} ip rip authentication mode md5 no NOTE: If you configure both single key and key chain authentication, only the key chain is used. Because of this, only the key chain CLI command will appear in the running-config output. — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-71 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Route Redistribution for IPv4 Addresses Route redistribution is defined as the ability to import and export IP routing information from one routing protocol domain to another. In addition, Local (E6000 CER interface networks) and Static (Net Management) routes may be imported into a protocol domain. The dynamic routing protocols RIPv2 and OSPF may be run at the same time. The Route Table Manager (RTM) is responsible for choosing the best group of routes provided by each routing protocol. Its choice is based on the administrative distance assigned to each protocol group. It should be noted this approach requires that the administrative distance of each protocol entity, including static and connected routes, must be unique. This feature supports route redistribution at the following levels: • From static to RIPv2 and OSPF • From connected (local) to RIPv2 and OSPF • From RIP to OSPF • From OSPF to RIPv2 This feature supports different types of distribution lists (filtering): • RIP input (per interface or global) • RIP output (per interface or global) • Route redistribution RIPv2 to OSPF BGP Route Maps For BGP, route-maps can be used to control the redistribution of IP routes from BGP into another protocol (match functionality) or to redistribute routes from another protocol into BGP (set functionality). Distribute-Lists Issue 1.0, 4 Feb 2013 Distribute-lists rely on standard ACLs to filter on a destination IP prefix. Because support for the BGP routing protocol requires more complicated filtering of routes, this type of filtering is beyond the syntactic definition of distribute-lists. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-72 PRELIMINARY E6000 CER Release 1.0 Route Redistribution Filtering Update Message Attributes Issue 1.0, 4 Feb 2013 Dynamic Routing Protocols MIB support built into the routing protocol software allows for the following BGP filtering to be used for route redistribution (in addition to destination IP address filtering): • Next-Hop: Allows route redistribution to be controlled based on the advertising router (next-hop). May also be used with other routing protocols • BGP Community Number (match or set): 4 byte value identifying a BGP community • BGP Extended Community Number (match or set): 8 byte value identifying a BGP community • BGP Origin (set): Allows the origin attribute to be set for routes redistributed into BGP • Multi-Exist-Discriminator (set): Allows a MED attribute value to be set for routes redistributed into BGP. • Local Pref: Allows a Local Preference attribute to be set for routes redistributed into BGP. The attributes that are applied to the complete group of routes in the BGP Update message are listed as follows: • Origin: Indicates how the IP prefixes became known to BGP. • - IGP: Prefix was learned from an interior gateway protocol (e.g. OSPF). - EGP: Prefix was learned via EGP. - Incomplete: Protocol was learned from a source other than IGP/EGP. For example, static or local routes. AS-Path: A list of ASs the group of routes has passed through. • Next-Hop: Identifies the next hop for the group of routes. This could be a third-party next-hop. • Multi-Exit-Discriminator: Allows for choosing the optimal link for a group of routes when more than one connection exists between two ASs. • Local-Pref: Allows for choosing the optimal link for a group of routes when multiple connections exists to different intermediate ASs. • Aggregator: Identifies the AS that performed route aggregation. • Communities: Ability to associate a unique identifier with a route. The following well-known communities are supported: • - No-Export: The route must stay local to the AS. - No-Advertise: The route must stay local to the router. - No-Export-Subconfed: The route must stay local to a sub-AS. Extended Communities: Needed for route targets on VPN-IPv4 routes. • MP-(Un)Reach-NLRI: Multi-protocol attribute needed for carrying VPN-IPv4 routes. • Capabilities: Used to advertise capabilities of the router. Needed for route refresh and VPN extensions. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-73 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Route Redistribution CLI Commands The E6000 CER supports route redistribution between all protocols with filtering (see IP Route Filtering on page 14-76) based on distribute-lists. For more information on these CLI commands see Chapter 44, Command Line Descriptions. RIP Redistribution Commands The CLI supports the following RIP redistribute commands: configure router rip [vrf <name>] redistribute bgp [metric <int>] [no] configure router rip [vrf <name>] redistribute connected [metric <int>] [no] configure router rip [vrf <name>] redistribute isis [<level1 | level-2 | level-1-2>] [metric <int>] [no] configure router rip [vrf <name>] redistribute ospf [match <internal | external1 | external2>] [metric <int>] [no] configure router rip [vrf <name>] redistribute static [metric <int>] [no] OSPF Redistribution Commands The E6000 CER CLI supports the redistribution of static, connected, RIP, BGP, and IS-IS routes using the following OSPF redistribute commands: configure router ospf [vrf <name>] redistribute bgp [metric <metric value>] [metric-type <1 | 2>] [tag <tag value>][no] configure router ospf [vrf <name>] redistribute connected [metric <metric value>] [metric-type <1 | 2>] [tag <tag value>] [no] configure router ospf [vrf <name>] redistribute isis [<level1 | level-1-2 | level-2>] [metric <int>] [route-map <int>] [no] configure router ospf [vrf <name>] redistribute rip [metric <int>] [metric-type <internal | external>] [<level-1 | level-2>] [no] configure router ospf [vrf <name>] redistribute static [metric <metric value>] [metric-type <1 | 2>] [tag <tag Value>] [no] BGP Redistribution Commands The E6000 CER supports the redistribution of static, connected, RIP, OSPF, and IS-IS routes using the following BGP redistribute commands: configure router bgp [<int>] redistribute connected [metric <int>] [route-map <int>] [no] configure router bgp [<int>] redistribute isis [<level1 | level-1-2 | level-2>] [metric <int>] [route-map <int>] [no] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-74 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols cconfigure router bgp [<int>] redistribute ospf [match <internal | external1 | external2>] [metric <int>] [route-map <int>] [no] configure router bgp [<int>] redistribute rip [metric <int>] [route-map <int>] [no] configure router bgp [<int>] redistribute static [metric <int>] [route-map <int>] [no] Route maps applied by the previous commands are limited to the following four commands: configure route-map <word> set community [<WORD>] [none] [local-AS] [no-advertise] [no-export] [internet] configure route-map <word> set local-preference <INT> configure route-map <word> set metric <INT> configure route-map <word> set origin {igp | egp | incomplete} Where: word is the name of the route map Route maps may contain other commands, but these commands will not be applied to route redistribution. IS-IS Redistribution Commands The E6000 CER supports the redistribution of static, connected, RIP, OSPF, and BGP routes using the following IS-IS redistribute commands: configure router isis redistribute static {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] configure router isis redistribute connected {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] configure router isis redistribute rip {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] configure router isis redistribute ospf {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [match {internal | external1 | external2}] [no] configure router isis redistribute bgp {level-1 | level-2 | level-1-2} [metric <int>] [metric-type {internal | external}] [no] IS-IS Redistribution Commands (IPv4) Issue 1.0, 4 Feb 2013 The E6000 CER supports the redistribution of IPv4 address family connected, OSPF, PD and static routes using the following IS-IS redistribute commands configure router isis address-family ipv4 redistribute bgp {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-75 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure router isis address-family ipv4 redistribute connected {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] configure router isis address-family ipv4 redistribute ospf {level-1 | level-2} [match <internal | external1 | external2>] [metric <int>] [metric-type {internal | external}] [no] configure router isis address-family ipv4 redistribute static {level-1 | level-2} [metric <int>] [metric-type {internal | external}] no configure router isis address-family ipv4 redistribute static {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] IS-IS Redistribution Commands (IPv6) The E6000 CER supports the redistribution of IPv6 address family connected, OSPF, PD and static routes using the following IS-IS redistribute commands: configure router isis address-family ipv6 redistribute connected {level-1 | level-2} [metric <int>] metric-type {internal | external}] [no] configure router isis address-family ipv6 redistribute ospf {level-1 | level-2} [match <internal | external1 | external2>] [metric <int>] metric-type {internal | external}] [no] configure router isis address-family ipv6 redistribute pd {level-1 | level-2} [metric <int>] metric-type {internal | external}] no configure router isis address-family ipv6 redistribute static {level-1 | level-2} [metric <int>] [metric-type {internal | external}] [no] OSPFv3 Redistribution Commands The E6000 CER supports redistribution of static, connected and PD routes using the following OPFv3 commands: configure ipv6 router ospf redistribute connected [metric <WORD>] [metric-type <INT>] [tag <INT>] configure ipv6 router ospf redistribute pd [metric <WORD>] [metric-type <INT>] [tag <INT>] configure ipv6 router ospf redistribute static [metric <WORD>] [metric-type <INT>] [tag <INT>] IP Route Filtering Although not specifically associated with route redistribution, the E6000 CER supports the filtering of IP routes based on an egress interface. The CadPolicyAclTable MIB must be used when creating an ACL. The ACL defined must be a standard ACL (range 0-99). Execution of this command will create an entry in the cadDistListOutTable. If the corresponding route redistribution command has already been executed, then each entry in the ACL table will create an entry in the rtmRedistTable. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-76 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols There must also be a wildcard match entry in the rtmRedistTable for either the permit_all or deny_all ACL case, with the rtmRedistFlag set to AMB_TRUE or AMB_FALSE. The priority (rtmRedistPriority) must be set to a value greater than (implies lower priority) the more specific matches. Distribute-lists also control RIP route advertisement per physical interface. For example: configure access-list 10 deny 130.10.0.0 0.0.255.255 configure access-list 10 permit 0.0.0.0 255.255.255.255 configure router rip distribute-list 10 out ospf Distribute List Out Configure Commands To filter redistributed RIP routes, use the following commands: configure router rip [no] distribute-list ACL-NUM out {cable-mac | ethernet} SLOT/PORT configure router rip [no] distribute-list ACL-NUM out static configure router rip [no] distribute-list ACL-NUM out connected configure router rip [no] distribute-list ACL-NUM out ospf configure router rip [no] distribute-list ACL-NUM out bgp configure router rip [no] distribute-list ACL-NUM out isis Filtering RIP Routes To filter RIP routes on an ingress interface, use the following command: configure router rip [no] distribute-list <access_list_number> in {cable | ethernet} SLOT/PORT The E6000 CER applies filtering to the destination IP prefixes of RIPv2 updates based on the ingress interface. The ACL defined is a standard ACL (range 0-99). The E6000 CER CLI supports filtering inbound rip updates with the following syntax: configure router rip [no] distribute-list <access_list_number> in The E6000 CER processes inbound RIP updates with the following rules: 1 Issue 1.0, 4 Feb 2013 Extract the next network from the inbound update. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-77 PRELIMINARY E6000 CER Release 1.0 2 Check the interface that it entered. 3 Is there a distribute list applied to that interface? 4 Filtering Redistributed OSPF Routes • Yes: Is the network denied by that list? • - Yes: the network does not make it to the routing table; return to step 1. - No: the network is allowed; continue to step 4. No: Go to step 4. Dynamic Routing Protocols Is there a global distribute list? • Yes: Is the network denied by that list? • - Yes: the network does not make it to the routing table; return to step 1. - No: the network makes it to the routing table; return to step 1. No: The network makes it to the routing table; return to step 1. To filter redistributed OSPF routes, use the following commands: configure router ospf [no] distribute-list ACL-NUM out static configure router ospf [no] distribute-list ACL-NUM out connected configure router ospf [no] distribute-list ACL-NUM out rip configure router ospf [no] distribute-list ACL-NUM out bgp configure router ospf [no] distribute-list ACL-NUM out isis The E6000 CER continues to support distribute-lists for filtering RIP IP prefixes that are redistributed into OSPF. The CadPolicyAclTable MIB must be used when creating an ACL. The ACL defined must be a standard ACL (range 0-99). Execution of this command will create an entry in the cadDistListOutTable. If the corresponding route redistribution command has already been executed, then each entry in the ACL table will create an entry in the rtmRedistTable. There must also be a “wildcard” match entry in the rtmRedistTable for either the “permit_all” or “deny_all” ACL case, with the rtmRedistFlag set to AMB_TRUE or AMB_FALSE. NOTE: The priority (rtmRedistPriority) must be set to a value greater than (implies lower priority) the more specific matches. For example: configure access-list 10 deny 130.10.0.0 0.0.255.255 configure access-list 10 permit 0.0.0.0 255.255.255.255 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-78 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure router ospf distribute-list 10 out rip Filtering Redistributed BGP Routes To filter redistributed BGP routes, use the following commands: configure router bgp [no] distribute-list ACL-NUM out static configure router bgp [no] distribute-list ACL-NUM out connected configure router bgp [no] distribute-list ACL-NUM out rip configure router bgp [no] distribute-list ACL-NUM out ospf configure router bgp [no] distribute-list ACL-NUM out isis Although not specifically associated with route redistribution, the E6000 CER continues to support filtering IP routes based on an egress interface. The existing CadPolicyAclTable MIB must be used when creating an ACL. The ACL defined must be a standard ACL (range 0-99). Execution of this command will create an entry in the cadDistListOutTable. If the corresponding route redistribution command has already been executed, then each entry in the ACL table will create an entry in the rtmRedistTable. There must also be a “wildcard” match entry in the rtmRedistTable for either the “permit_all” or “deny_all” ACL case, with the rtmRedistFlag set to AMB_TRUE or AMB_FALSE. NOTE: The priority (rtmRedistPriority) must be set to a value greater than (implies lower priority) the more specific matches. For example: configure access-list 10 deny any configure access-list 10 permit 0.0.0.0 255.255.255.255 configure router bgp configure router bgp 1 distribute-list 10 out ospf Filtering Redistributed IS-IS Routes To filter redistributed IS-IS routes, use the following commands: configure router isis [no] distribute-list ACL-NUM out static configure router isis [no] distribute-list ACL-NUM out connected configure router isis [no] distribute-list ACL-NUM out rip configure router isis [no] distribute-list ACL-NUM out ospf Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-79 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols configure router isis [no] distribute-list ACL-NUM out bgp The existing CadPolicyAclTable MIB must be used when creating an ACL. The ACL defined must be a standard ACL (range 0-99). Execution of this command will create an entry in the cadDistListOutTable. If the corresponding route redistribution command has already been executed, then each entry in the ACL table will create an entry in the rtmRedistTable. There must also be a “wildcard” match entry in the rtmRedistTable for either the “permit_all” or “deny_all” ACL case, with the rtmRedistFlag set to AMB_TRUE or AMB_FALSE. NOTE: The priority (rtmRedistPriority) must be set to a value greater than (implies lower priority) the more specific matches. For example: configure access-list 10 deny 130.10.0.0 0.0.255.255 configure access-list 10 permit 0.0.0.0 255.255.255.255 configure router isis configure router isis 1 distribute-list 10 out ospf Filtering Outbound RIP Updates To filter outbound rip updates originating at the CER, use the following commands: configure router rip [no] distribute-list <access_list_number> out The E6000 CER processes outbound RIP updates with the following rules: 1 Select the next network to receive an outbound update. 2 Check which interface it is being sent out on. 3 Is there a distribute list applied to that interface? • Yes: Is the network denied by that list? • - Yes: the network does not go out; return to step 1. - No: the network goes out; continue to step 4. No: Go to step 4. 4 Check the routing process from which we derive the route. 5 Is there a distribute list applied to that process? • Yes: Is the network denied by that list? - Issue 1.0, 4 Feb 2013 Yes: the network does not go out; return to step 1. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-80 PRELIMINARY E6000 CER Release 1.0 • 6 Distance Configure Commands Dynamic Routing Protocols - No: the network goes out; continue to step 6. No: Go to step 6. Is there a global distribute list? • Yes: Is the network denied by that list? • - Yes: the network does not go out; return to step 1. - No: the network goes out; return to step 1. No: The network makes it; go to step 1. To change the static route administrative distance, use the following commands: configure router static distance <int> configure router static no distance Where: int = an integer 1-255 = administrative distance range The distance must be validated to ensure that it is unique among all the protocols. If the user attempts to start a protocol whose administrative distance conflicts with a protocol that is already running, the attempt will fail until the user corrects the problem. To change the RIP route administrative distance, use the following command: configure router rip distance <int> configure router rip no distance Where: int = an integer 1-255 = administrative distance range The distance must be validated to ensure that it is unique among all the protocols. If the user attempts to start a protocol whose administrative distance conflicts with a protocol that is already running, the attempt will fail until the user corrects the problem. To change the OSPF route administrative distance, use the following command: configure router ospf distance <int> ospf external EXTERNAL-VALUE configure router ospf no distance Where: int = an integer 1-255 = administrative distance range To set the administrative distance for both internal and external (type 5, 7 LSA) OSPF routes, use the following command: configure router ospf [vrf <name>] distance <int> ospf external <int2> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-81 PRELIMINARY E6000 CER Release 1.0 Where: Dynamic Routing Protocols int = an integer 1-255 = internal distance range int2 = an integer 1-255 = external distance range To change the BGP administrative distance for both internal (iBGP) and external (eBGP) routes, use the following command: configure router bgp distance bgp <int> Where: int = an integer 1-255 = administrative distance range To change the IS-IS route administrative distance, use the following commands: configure router isis distance <int> configure router isis distance <1-255> isis [external-level1 <int>] [external-level2 <int>] [internal-level1 <int>] [internal-level2 <int>] configure router isis no distance Where: int = an integer 1-255 = administrative distance range The E6000 CER sets the administrative distance for internal ISIS routes and external level-1 and level-2 routes. Specific distances (if supplied) override the value supplied by IS-IS-VALUE. For example: configure router isis configure router isis distance 100 Displaying Route Information To display redistribution settings, use the following command: show ip {rip | isis | bgp | ospf} show ipv6 {isis | ospf} To display redistributed route information for all protocols, use the following command: show ip protocols An output similar to the following occurs: Routing Protocol is "ospf default" Redistribution: ON static, admin distance: 1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-82 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols connected, admin distance: 0 Routing for Networks: 22.22.22.22/32 192.168.202.2/32 192.168.203.2/32 Routing Information Sources: Gateway Last Update 192.168.202.1 0 days 0:19:16 192.168.202.2 0 days 0:27:58 Default Distance: Internal: 30 External: 110 To display the distribute-lists for each protocol: show distribute-list [rip | ospf | bgp | isis] The output is similar to the distribute-list portion of the show running config command. To display the administrative distance for each route: show ip route In the sample output that follows, the Metric column is the metric value or cost of a specific route, and the Dist column is the administrative distance for a particular routing protocol such as OSPF: Codes: (L1) internal level-1, (S) summary, (I) internal, VRF Name =============== default default default default default default default default default default default default default default default default Issue 1.0, 4 Feb 2013 (L2) internal level-2, (IA) internal area, (E) external IP Route Dest. ================== 0.0.0.0/0 0.0.0.0/0 22.22.22.22/32 192.168.129.0/24 192.168.129.0/24 192.168.136.0/24 192.168.136.0/24 192.168.145.0/24 192.168.145.0/24 192.168.176.0/24 192.168.176.0/24 192.168.177.0/24 192.168.177.0/24 192.168.190.0/24 192.168.190.0/24 192.168.196.0/24 Act === Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes PSt === IS IS IS IS IS IS IS IS IS IS IS IS IS IS IS IS (eL1) external level-1, (E1) external type-1, Next Hop =============== 192.168.202.1 192.168.203.1 22.22.22.22 192.168.202.1 192.168.203.1 192.168.202.1 192.168.203.1 192.168.202.1 192.168.203.1 192.168.202.1 192.168.203.1 192.168.202.1 192.168.203.1 192.168.202.1 192.168.203.1 192.168.202.1 Metric ====== 1 1 0 20 20 20 20 20 20 20 20 20 20 20 20 20 © 2013 ARRIS Group, Inc. — All Rights Reserved Protocol ======== ospf(E2) ospf(E2) local ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) ospf(E2) (eL2) external level-2 (E2) external type-2 Dist Route Age ==== ============ 110 0 02:00:23 110 0 02:00:23 0 0 02:12:13 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 110 0 02:00:24 Interface ========= ether 6/0.0 ether 7/0.0 loop 0 ether 6/0.0 ether 7/0.0 ether 6/0.0 ether 7/0.0 ether 6/0.0 ether 7/0.0 ether 6/0.0 ether 7/0.0 ether 6/0.0 ether 7/0.0 ether 6/0.0 ether 7/0.0 ether 6/0.0 PRELIMINARY 14-83 PRELIMINARY E6000 CER Release 1.0 default default default default default default 192.168.196.0/24 192.168.197.0/24 192.168.197.0/24 192.168.202.0/24 192.168.203.0/24 192.168.205.0/24 Yes IS 192.168.203.1 Yes IS 192.168.202.1 Yes IS 192.168.203.1 Yes IS 192.168.202.2 Yes IS 192.168.203.2 Yes IS 192.168.205.1 Dynamic Routing Protocols 20 20 20 0 0 0 ospf(E2) ospf(E2) ospf(E2) local local local 110 110 110 0 0 0 0 0 0 0 0 0 02:00:24 02:00:24 02:00:24 02:12:08 02:01:09 02:10:25 ether ether ether ether ether cMac 7/0.0 6/0.0 7/0.0 6/0.0 7/0.0 1.0 To display the total number of all routes: show ip route summary An output similar to the following is returned: IP routing table name is default(1) Route Source Routes ============ ====== Local 4 OSPF Type 2 External 17 OSPF Total VR Total 17 21 IP routing table name is tag70(2) Route Source Routes ============ ====== Local 4 VR Total 4 Total Issue 1.0, 4 Feb 2013 25 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-84 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols Policy-Based Routing (PBR) IP packets are normally directed by routing protocols and route tables, which make forwarding decisions based on the destination IP addresses of packets. Policy-based Routing (PBR) enables network engineers to create policies for packets with matching criteria, causing them to take paths that differ from the next-hop path specified by the route table. To enable PBR, the user must configure a route map and apply it to an interface. PBR is then applied to all incoming packets arriving at that interface. The principal benefits of PBR include the following: • Forwarding is based not on destination IP address but on packet attributes such as source IP or packet type. • Route maps can improve service by enforcing Quality of Service (QOS) sorting at the edge router. • Cost-savings can be achieved by segregating slow bulky traffic from time-sensitive traffic. • Traffic can be separated according to desired characteristics and load balanced across multiple and unequal paths. NOTE: The route maps used by the BGP routing protocol are part of a separate feature and are not affected by commands to create or configure policy-based route maps. For more information on BGP-related route maps, see BGP and Route Maps. Configuring PBR Configuring PBR involves creating a route map with match and set commands and then applying the route map to an interface. Route map statements can result in a permit or deny action on matching packets. Deny means that normal destination-based routing will be used to forward the packet; permit means that some set command will be used to route the packet. Route maps are given unique names (map-tags in CLI) and can have up to ten statements. Each statement is assigned a sequence number. Because the E6000 CER supports a maximum of 2,048 route map statements, if each route map contains a maximum of ten statements, the E6000 CER could support a maximum of 204 route maps. Types of PBR commands: Issue 1.0, 4 Feb 2013 • match ip address • set ip tos • set ip precedence • set ip next-hop • set ip backup-next-hop • set ip interface null 0. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-85 PRELIMINARY E6000 CER Release 1.0 PBR Match Commands Set IP ToS Dynamic Routing Protocols The following guidelines should be observed when creating match statements: • This implementation of PBR can use standard access control lists to match source IP addresses or extended ACLs to specify match criteria for source and destination IP, application, protocol type, or ToS. • In any one sequence number (map entry) only one ACL can be specified for the match IP address command. However, multiple match IP address ACLs can be concatenated into the one ACL specified by the sequence number. • If the route map is applied to a packet and no match is found, the packet is not dropped; instead, it is forwarded using destination-based routing. • If a route map is created with no match criteria, then it will be applied to all packets that come in to the specified interface. All set operations will be performed on all packets (unless the set fails). • Only one match statement is allowed for each sequence number. When a packet matches the match statement with the lowest sequence number, only the corresponding set statements in that route-map will be processed. If the set statements fail, then the packet will fall back to normal destination-based routing. The packet will not be checked for additional matches. The set ip tos command is used to set the 5 ToS bits; values 0 through 8 are used (one of the bits is reserved). Table 14-7: Setting ToS Values ToS Value | name Description 0 | normal Sets the normal ToS 1 | min-monetary-cost Sets the min-monetary-cost ToS 2 | max-reliability Sets the max reliable ToS 4 | max-throughput Sets the max throughput ToS 8 | min-delay Sets the min delay ToS The ToS value for DOCSIS classification is not supported. Set IP Precedence Values The set ip precedence [number | name] route map configuration command enables you to set the three IP precedence bits in the IP packet header. With three bits, you have eight possible values for the IP precedence; values 0 through 7 are defined. Table 14-8: Setting IP Precedence Values Precedence Value| name Issue 1.0, 4 Feb 2013 Description 0 | routine Sets the routine precedence 1 | priority Sets the priority precedence © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-86 PRELIMINARY E6000 CER Release 1.0 Precedence Value| name Dynamic Routing Protocols Description (Continued) 2 | immediate Sets the immediate precedence 3 | flash Sets the flash precedence 4 | flash-override Sets the Flash override precedence 5 | critical Sets the critical precedence 6 | internet Sets the internetwork control precedence 7 | network Sets the network precedence The E6000 CER does not use the new precedence value for DOCSIS classification, but if it is included it can be used in routers or devices north of the CER. Set IP Next-hop The set IP next-hop command specifies the IP address of the adjacent next-hop router in the path toward the packet's destination. The IP address must be the address of an adjacent router. The address must be in the same subnet as the E6000 CER interface address, but not be the same as the E6000 CER interface address or the subnet broadcast address. With the set ip next-hop command, the routing table is checked only to determine whether the next hop can be reached, not whether the ultimate destination is reachable. Use the NO version of the command to delete it from a route map. For an illustration see the flowchart in Figure 14-5. Set IP Backup Next-hop The set IP backup next-hop command provisions a backup next-hop IP address. If the next-hop IP address is unreachable, then the E6000 CER uses the backup next-hop address. If it is not provisioned or if the backup-next-hop is unreachable, then the E6000 CER resorts to normal destination-based routing. Use the NO version of the command to delete it from a route map. For an illustration see the flowchart in Figure 14-5. Set IP Interface Null 0 The set IP interface null0 command is a way to drop packets. By routing undesired packets to the null interface, the E6000 CER drops them and prevents them from going to a default route and possibly causing a routing loop. Some Operational Guidelines The user should be aware of the following: Issue 1.0, 4 Feb 2013 • PBR is also applied to packets destined to IP addresses of the E6000 CER. A misconfigured policy could cause the E6000 CER not to receive packets that it should receive. • The E6000 CER does not support PBR for IPv6 packets. • PBR cannot be used on packets coming in from the RSM management 6/0 and 7/0 interfaces. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-87 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols No PBR enabled on L3 subinterface? Normal Routing Yes No Policy Based Routing Match clause in the route-map entry? Yes Yes Increment PBR match counter No Able to get next route-map entry? No ACL match? Yes Yes (Increment ACL match counter) ACL Permit? Successful connected route lookup (VRF, IP)? No Yes Successful ARP lookup? No No No Route-map Permit? Yes Yes Set Precedence only? Yes Set backup next-hop? (Set IP=backup next-hop)? No Yes Increment PBR failed counter No Set next-hop? (Set IP = next-hop) Increment PBR match counter Yes No Set Interface null0? Yes No (incomplete route-map) Discard Figure 14-5: Flowchart Representing Decision Path for PBR or Normal Routing Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-88 PRELIMINARY E6000 CER Release 1.0 Local PBR Dynamic Routing Protocols • If a route map matches a packet to an ACL that contains a deny keyword, then the effect of that deny is to cause the packet to be forwarded using destination-based (not policy-based) routing. • A route map cannot be changed from permit to deny, or from deny to permit. To make such a change you must first remove the route map, make the change, and add it. • If the same sequence number is used in two route map commands in the same route map, then the first one is overwritten by the second. • A route map can be created that references an ACL before the ACL is defined. If the route map is used before the ACL is defined, then the packet will be routed normally. • The only set interface statement supported is set interface null 0, which is used to drop packets. • PBR can work in conjunction with multiple VRFs. PBR is configured on a sub-interface which may be assigned to a VRF also. If a next-hop is used in the route-map command, the next-hop IP needs to be in the same VRF (or the default VRF) as the ingress interface. If no next-hop is specified for the route-map (e.g., a set IP ToS is used without a set next-hop), the packet is routed using the normal VRF routing mechanism. The E6000 CER supports local PBR to apply policies to packets sourced from the In-band Management port of the RSM. In-band Management is enabled by the configure interface ethernet 6/0 ip inband access-group 20 command. Policies are applied to all layer 3 protocols including: Issue 1.0, 4 Feb 2013 • DHCP • telnet • FTP • TFTP (enforce) • RADIUS • SYSLOG • SNMP • SNMP traps • TACACS+ • NTP • DNS • PacketCable event messaging • PacketCable CALEA CD • SSH • COPS without IPSec © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-89 PRELIMINARY E6000 CER Release 1.0 • COPS with IPSec • Ping • Traceroute • OSPFv2 • OSPFv3 • BGP Dynamic Routing Protocols CAUTION Care should be exercised when using the set ip next-hop and set ip backup-next-hop commands in policies that are applied to the local or in-band interfaces. DHCP and other messaging critical to modem registration may have the wrong next hop applied, leading to unintended results. When setting ip next-hop and ip backup-next-hop in a local policy, it is recommended that extended ACLs be used to match only the specified protocol. Example: configure configure configure configure configure configure configure Counts Issue 1.0, 4 Feb 2013 access-list 199 permit tcp any eq 3918 any access-list 199 permit tcp any eq 2126 any route-map-policy pbrlocal permit match ip address 199 route-map-policy pbrlocal set ip precedence critical route-map-policy pbrlocal set ip next-hop 10.63.0.1 route-map-policy pbrlocal set ip backup-next-hop 10.63.128.1 ip local policy route-map-policy pbrlocal The E6000 CER keeps packet and byte counts for the following events: • The ACL counter will be incremented when the packet matches the ACL specification. This ACL check is done before the PBR set action is evaluated. • A PBR match occurs and the PBR match count is incremented when a packet arrives at a PBR-enabled interface and all of the set commands of the route map work. • Packets that match at least one match statement, but then had one or more set statements fail are counted by the PBR failed counter. In practice this means that either the set next-hop or set backup-next-hop failed. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-90 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols CLI Commands The following table is a listing of the common PBR commands. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 14-9: Some Examples of PBR CLI Commands CLI Command configure route-map-policy ReRoute permit 100 match ip address 10 configure route-map-policy ReRoute permit 100 match ip address 20 configure route-map-policy ReRoute permit 100 set ip next-hop 1.2.3.4 configure route-map-policy ReRoute permit 100 set ip next-hop 5.6.7.8 The first command configures a route map named ReRoute which matches on access list number 10. The second command overwrites the first and sets the ReRoute map to match on ACL 20. The first command configures route map named ReRoute to match to set the next-hop ip address to 1.2.3.4. The second command overwrites sequence number 100 and sets the next-hop ip address to 5.6.7.8. configure route-map-policy ReRoute deny 200 match ip address 30 This command configures a route map name ReRoute which matches on access list number 30. The packets which match the ACL are forwarded using destination-based (not policy-based) routing because the route map type is deny. configure no route-map-policy ReRoute Deletes the route map named ReRoute. configure no route-map-policy ReRoute 30 Deletes only sequence number 30 from the route map named ReRoute. configure ip local policy route-map-policy my_route_map Configures a local policy route map named my_route_map. configure route-map-policy my_route_map permit 10 set ip next-hop 10.69.1.1 Specifies the IP address of the adjacent next-hop router in the path toward the packet's destination. configure route-map-policy my_route_map permit 10 set ip backup-nexthop 10.69.2.1 Provisions a backup next-hop IP address. configure route-map-policy my_route_map permit 10 set ip interface null 0 Provisions an IP null interface for packets that you wish to drop. configure interface cable-mac 1.1 ip policy route-map-policy my_route_map Apply the route map to a cable mac. clear route-map-policy counters my_route_map clear route-map-policy counters Issue 1.0, 4 Feb 2013 Purpose Clears the counters that pertain to the specified route map. If no route map is specified, the second command clears counters for all route maps. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-91 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols CLI Command Sample PBR Script 1 Purpose show route-map-policy Displays the match and set clauses for each sequence entry of each route map. It also displays matching packet and byte counts and failed packets and byte counts for each map entry. show ip policy Displays interfaces for which PBR is enabled and the route maps that are assigned to each of those interfaces. show ip interface cable-mac 1.1 Displays address, VRF, protocol, and policy configuration for the specified interface. This sample script applies a route map named testroutemap to interface cable-mac 1. If the packets entering the E6000 CER from interface cable-mac 1 match ACL 155, they are sent to the interface connected to a router with the IP address 67.59.234.169. 1 Create an extended ACL 155 to match packets with destination IP address in the 11.0.0.0/8 or 14.0.0.0/8 subnets and the precedence value set as routine: configure access-list 155 permit ip any 11.0.0.0 0.255.255.255 precedence routine configure access-list 155 permit ip any 14.0.0.0 0.255.255.255 precedence routine 2 Configure route map named testroutemap and sequence number 10 to match ACL 155: configure route-map-policy testroutemap permit 10 match ip address 155 3 Set the next hop address to 67.59.234.169: configure route-map-policy testroutemap permit 10 set ip next-hop 67.59.234.169 4 Apply the route map named testroutemap to interface cable-mac 1: configure interface cable-mac 1 ip policy route-map-policy testroutemap 5 Run the following show commands to confirm your configuration: show access-list show ip interface cable-mac 1 show route-map-policy show ip policy NOTE: Issue 1.0, 4 Feb 2013 See Show Commands on page 14-94, for sample system responses to these show commands. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-92 PRELIMINARY E6000 CER Release 1.0 Sample PBR Script 2 Dynamic Routing Protocols The following script is offered as an example of an implementation of PBR. PBR can be applied to one or more E6000 CER interfaces. The two chosen in the following procedure are meant as examples. 1 Create standard access lists 20, 30 & 40: configure access-list 20 permit 10.10.20.0 0.0.0.255 configure access-list 30 permit 10.10.30.0 0.0.0.255 configure access-list 40 permit 10.10.40.0 0.0.0.255 2 Configure route map named routemap1 and sequence number 10 to match ACL 20; set the next-hop to 10.69.1.1; and set the backup next-hop to 10.69.2.1: configure route-map-policy routemap1 permit 10 match ip address 20 configure route-map-policy routemap1 permit 10 set ip next-hop 10.69.1.1 configure route-map-policy routemap1 permit 10 set ip backup-next-hop 10.69.2.1 3 Configure routemap1, sequence number 20, to match ACL 30; set the next-hop to 10.69.3.1; and set the backup next-hop to 10.69.4.1; and set the ToS to normal: configure route-map-policy routemap1 permit 20 match ip address 30 configure route-map-policy routemap1 permit 20 set ip next-hop 10.69.3.1 configure route-map-policy routemap1 permit 20 set ip backup-next-hop 10.69.4.1 configure route-map-policy routemap1 permit 20 set ip tos normal 4 Configure routemap1, sequence number 30, to drop all packets: configure route-map-policy routemap1 permit 30 set ip interface null 0 5 Configure route map named routemap2, sequence number 20, to match ACL 40 and set the next-hop to 10.69.5.1: configure route-map-policy routemap2 permit 20 match ip address 40 configure route-map-policy routemap2 permit 20 set ip next-hop 10.69.5.1 6 Apply routemap1 to interface cable-mac 1.1: configure interface cable-mac 1.0 ip policy route-map-policy routemap1 7 Apply routemap2 to the Ethernet interface 7/0.0: configure interface ethernet 7/0.0 ip policy route-map-policy routemap2 8 Apply routemap2 to local policy (packets from the RSM): configure ip local policy route-map-policy routemap2 9 Issue 1.0, 4 Feb 2013 Run the following show commands to confirm your configuration: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-93 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols show route-map-policy show ip policy show ip interface cable-mac 1 show ip interface ethernet interface 7/0.0 NOTE: Show Commands See Show Commands on page 14-94, for sample system responses to these show commands. Below are examples of show commands to be used with PBR. They are followed by sample system responses: show route-map-policy Sample output: Route-map routemap1, permit, sequence 10 Match clauses: ip address (access-lists): 20 Set clauses: ip next-hop 10.69.1.1 ip backup-next-hop 10.69.2.1 Policy routing matches: 0 packets, 0 bytes Policy routing failed : 0 packets, 0 bytes permit, sequence 20 Match clauses: ip address (access-lists): 30 Set clauses: ip next-hop 10.69.3.1 ip backup-next-hop 10.69.4.1 ip tos normal Policy routing matches: 0 packets, 0 bytes Policy routing failed : 0 packets, 0 bytes permit, sequence 30 Match clauses: Set clauses: ip interface null Policy routing matches: 0 packets, 0 bytes Policy routing failed : 0 packets, 0 bytes Route-map routemap2, permit, sequence 20 Match clauses: ip address (access-lists): 40 Set clauses: ip next-hop 10.69.5.1 Policy routing matches: 0 packets, 0 bytes Policy routing failed : 0 packets, 0 bytes Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 14-94 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols show access-list Sample output: Extended IP access list 155 10 permit ip any 11.0.0.0 0.255.255.255 20 permit ip any 14.0.0.0 0.255.255.255 precedence routine precedence routine (0 matches) (0 matches) show ip policy Sample output: Interface --------------------------------------Local ethernet 7/0. cable-mac 1.0 Route map --------routemap2 routemap2 routemap1 show ip interface cable-mac 1 Sample output: cable-mac 1.0, VRF: default, IP Address: 10.142.0.1/19 Secondary IP Address(es): *10.242.224.1/19 10.253.42.1/25 Physical Address: 0001.5c61.1e46 MTU is 1500 DHCP Policy mode is enabled DHCP Server Helper Address(es): 10.44.249.46 for Traffic Type "mta" 10.50.42.3 for Traffic Type "cm" Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 3939375 OutOctets = InUcastPkts = 12346 OutUcastPkts= InDiscards = 0 OutDiscards = InErrors = 0 OutErrors = InMcastPkts = 94 OutMcastPkts= Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved 1904501 8322 0 0 4 PRELIMINARY 14-95 PRELIMINARY E6000 CER Release 1.0 Dynamic Routing Protocols show ip interface ethernet 7/0.0 Sample output: ethernet 7/0.0, VRF: default, IP Address: 10.92.128.2/24 Secondary IP Address(es): No Secondary Addresses RSM access ACL(s): 20 Physical Address: 0001.5c61.1e23 MTU is 1500 DHCP Policy mode is disabled (primary mode) DHCP Server Helper Address(es): No Helper Addresses Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Policy routing is disabled InOctets = 1214300 OutOctets = InUcastPkts = 4031 OutUcastPkts= InDiscards = 0 OutDiscards = InErrors = 0 OutErrors = InMcastPkts = 0 OutMcastPkts= Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved 1936336 7450 0 0 2 PRELIMINARY 14-96 PRELIMINARY E6000 CER Release 1.0 15 Interface IP Configuration Interface IP Configuration Subinterfaces (Multiple VRIs per VRF) 3 Interface Configuration 5 802.1Q VLAN Tagging (Q-tags) 10 Loopback Interfaces for Routing Protocols 14 Configuring IP Static Routes 17 Multiple VRFs 18 Overview This section outlines the basic configuration tasks required to implement routing (layer 3) functionality in the CER. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-1 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration The E6000 CER supports: RSM Ethernet Port Configuration • 150 IPv4 interfaces • 1000 total IPv4 interfaces • 128 total IPv6 interfaces. A sample procedure to configure the ethernet ports of the RSM is found in step 5. Configure RSM Ethernet Connections of the Basic Bring-up Procedure. NOTE: Network ACLs Issue 1.0, 4 Feb 2013 The IPv4 address of the RSM management port is stored on the RSM, not on the RSM PIC. If the RSM is replaced, the new RSM must be configured with the correct IP address. For information on configuring network ACLs, see the Data Plane Filter IP ACLs chapter. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-2 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Subinterfaces (Multiple VRIs per VRF) A subinterface is a Virtual Router Interface (VRI), a logical layer 3 interface. Multiple subinterfaces may be defined on a single interface and associated with the same VRF. Multiple subinterfaces may be defined per physical port and associated with the same VRF, such that there is a many-to-one relationship between subinterfaces and VRFs, per cable-side physical interface. The CER system administrator must also be allowed to change the association between a subinterface and a VRF. The default VRF is the global VRF that is always present in the CER. It can neither be created nor destroyed. Note that upon creation of a subinterface, it is implicitly associated with the default VRF. The relationship of a subinterface to a VRF is many-to-one when viewed from the perspective of a single CAM physical interface or cable bundle. Each ingress cable-side IP packet must classify to one and only one subinterface. This classification to a subinterface will be based solely on the source IP address and source physical port of the packet. For broadcast DHCP packets that have a source IP address of 0.0.0.0, the following rules apply: Rules of Operation and Guidelines for Subinterfaces • If the DHCP packet is sourced from a CM, then the packet will classify to the lowest numbered subinterface that has a DHCPServer defined. • If the DHCP packet is sourced from a CPE, then the packet must be classified to the subinterface of the CPE’s associated CM. • The E6000 CER supports up to 150 IPv4 interfaces (both interfaces and subinterfaces count towards the total of 150). • A subinterface is associated with the default VRF upon creation. • The sum of all subinterface IP addresses may not exceed the total E6000 CER system limitation of 1000 IPv4 interfaces. This limit represents all primary and secondary IP addresses associated with each subinterface. • The E6000 CER supports up to 11 VRFs • The following items may be provisioned per subinterface: - Issue 1.0, 4 Feb 2013 IP addresses, both primary and secondary DHCP Relay Agent including: primary/policy mode selection, secondary dhcp-giaddr identification, DHCP Lease Query (cable source verify) functionality and DHCP Server IP address definitions IP filter groups Directed broadcast support RIP and OSPF IGMP IRDP © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-3 PRELIMINARY E6000 CER Release 1.0 • Interface IP Configuration - RSM access - Per interface cable source-verify - VRF forwarding - Device classification The DHCP Relay Agent supports the definition of 10 DHCP Server IP addresses per subinterface. • The DHCP Relay Agent classifies ingress CM DHCP packets to the lowest numbered subinterface associated for each unique DHCP Server IP address. • When the DHCP Relay Agent is forwarding a packet originating from a CPE, it will forward the packet using as its giaddr the primary or a secondary address, depending on the dhcp-giaddr mode of the subinterface, that is, of the subinterface associated with the CM that the CPE is behind. The packet will be forwarded to each unique DHCP server IP address for CPEs provisioned on that subinterface. • If there are no DHCP servers for CPEs defined for the subinterface associated with the CM that a CPE is behind, then the DHCP Relay Agent will forward a packet originating from a CPE to each unique DHCP server IP address for CPEs using as its giaddr the primary address or a secondary address, depending on the dhcp-giaddr mode of the subinterface, in other words, the lowest numbered subinterface provisioned with that server address. This allows MSOs to provide a service where different CPEs behind a single cable modem could be serviced by different ISPs on different subinterfaces. It would require the CER to be provisioned such that the CMs and CPE would be on different subinterfaces. In addition, it provides a mechanism where different giaddrs could be sent to different DHCP servers by defining those DHCP servers on different subinterfaces. The subinterfaces for CMs would be provisioned with DHCP servers marked for use with CMs only, and the subinterfaces for CPEs would be provisioned with DHCP servers marked for use with CPEs only (although DHCP server addresses could be the same values). Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-4 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Interface Configuration Common Interface Configuring Commands This section describes common interface commands which support IP address and helper syntaxes in the CER. Configure an IP Address on the CAM Interface The following command is accepted only for provisioned CAM slot/port combinations in the system. This command assigns an IP address to the CAM interface and determines its DHCP policy. configure interface cable-mac <mac> ip address <ipAddr> <mask> [secondary] [dhcp-giaddr] Secondary IP addresses become candidates for the dhcp-giaddr field if and only if the keywords secondary and dhcp-giaddr are both used. The command in the example below assigns an IP address of 10.10.1.1 to the specified CAM interface. It enables DHCP policy for this interface — secondary IP addresses are candidates for the dhcp-giaddr field. configure interface cable-mac 1 ip address 10.10.1.1 255.255.255.0 secondary dhcp-giaddr Configure the Helper (DHCP) Addresses The following command defines the cable-helper information for a CAM slot/port. This command assumes the default route table. Configure DHCP Relay Agent Mode for a Cable-mac The DHCP Relay Agent needs to be enabled for each cable-mac as follows: Issue 1.0, 4 Feb 2013 configure interface cable-mac <mac> cable helper-address <DHCP Server Ip Addr> [cable-modem|host|any] If no host type is specified, this command defaults to a value of any. config interface cable-mac <mac> cable dhcp-giaddr {primary | policy} Primary Operation — When the DHCP Relay Agent is defined for Primary operation on a specific CAM subinterface, the Primary IP address of the interface is used to populate the gi_addr field of all DHCP messages originating from either CMs or Hosts (CPEs). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-5 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Policy Operation — When the DHCP Relay Agent is defined for Policy operation on a specific CAM subinterface, the Primary IP address of the interface is used to populate the gi_addr field with all DHCP messages originating from CMs. For Hosts (CPEs), a designated secondary IP address of the interface is used. If multiple secondary IP addresses are defined for dhcp-giaddr support, then the DHCP Relay Agent uses round-robin selection based on device class, choosing the next entry in the list with each new DHCP transaction. Device Classes for DHCP-GIADDR Device classes may be configured for the DHCP GIADDR: For example: configure interface cable-mac 1 ip address 10.10.10.1 255.255.255.0 secondary dhcp-giaddr ? cpe mta ps stb Regular CPE device secondary DHCP giaddr MTA device secondary DHCP giaddr CableHome PS device secondary DHCP giaddr DSG STB device secondary DHCP giaddr Where: Device Classes for the Helper Address CPE = Customer Premise Equipment MTA = Multimedia Terminal Adapter (PacketCable) PS = Portal Server (CableHome) STB = Set-top Box (sometimes called DOCSIS Set-top Gateway, or DSG). Device classes may be configured for the DHCP helper address: For example: configure interface cable-mac 1 ip helper-address 10.10.10.1 ? cable-modem host cpe mta ps stb any Issue 1.0, 4 Feb 2013 Cable modem traffic All CPE host types traffic Regular CPE device secondary DHCP giaddr MTA device secondary DHCP giaddr CableHome PS device secondary DHCP giaddr DSG STB device secondary DHCP giaddr All types © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-6 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Monitoring Interfaces After configuring the E6000 CER interfaces, the system is ready to route traffic. Once traffic is generated, you may view the counters for these interfaces by using the procedures in this section. Procedure 15-1: How to Monitor Interfaces Execute the following steps from the RSM prompt to verify traffic is being routed through the CER. 1 Display information about the virtual interfaces in the system, including data counts: show ip interface The output will look similar to the following (only a portion of output is shown): cable-mac 1.0, VRF: default, IP Address: 10.131.0.1/19 Secondary IP Address(es): *10.181.253.1/24 Physical Address: 0001.5c61.3a46 MTU is 1500 DHCP Policy mode is enabled DHCP Server Helper Address(es): 10.44.249.46 for Traffic Type "mta" 10.50.31.3 for Traffic Type "cm" 10.50.31.3 for Traffic Type "cpe" Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 1899028 OutOctets = InUcastPkts = 7423 OutUcastPkts= InDiscards = 0 OutDiscards = InErrors = 0 OutErrors = InMcastPkts = 0 OutMcastPkts= 937137 4661 0 0 2 loopback 0, VRF: default, IP Address: 10.44.31.200/32 Secondary IP Address(es): 2 Display all interface information about the physical ports in the system, including byte and packet counts: show interface Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-7 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration The counts displayed will be the same as those described below except that each count represents the data for one physical interface (only a portion of output is shown): cable-mac 1 AdminState:Up Description: md1 Physical Address: 0001.5c61.3a46 MTU is 1500 Inbound access list is not set Outbound access list is not set InOctets = 230912507 InUcastPkts = 156657 InDiscards = 0 InErrors = 0 InFiltered = 0 InMcastPkts = 23 3 OperState:IS Type: OutOctets = OutUcastPkts= OutDiscards = OutErrors = 231032941 156388 0 0 OutMcastPkts= 23 Display information about active and inactive routes: show ip route detail Sample output (partial): VRF Name: default IPv4 Route Dest: Next Hop: Active: Dist/Metric: Protocol: Route Age: Interface: VRF Name: default IPv4 Route Dest: Next Hop: Active: Dist/Metric: Protocol: Route Age: Interface: VRF Name: default IPv4 Route Dest: Next Hop: Active: Dist/Metric: Protocol: Route Age: Interface: VRF Name: default IPv4 Route Dest: Issue 1.0, 4 Feb 2013 0.0.0.0/0 10.81.0.1 Active-IS 1/0 netmgmt 0 days 01:04:30 ethernet 6/0.0 0.0.0.0/0 10.81.128.1 Active-IS 1/0 netmgmt 0 days 01:04:30 ethernet 7/0.0 10.44.31.200/32 10.44.31.200 Active-IS 0/0 local 0 days 01:04:58 loopback 0 10.81.0.0/24 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-8 PRELIMINARY E6000 CER Release 1.0 Next Hop: Active: Dist/Metric: Protocol: Route Age: Interface: VRF Name: default IPv4 Route Dest: Next Hop: Active: Dist/Metric: Protocol: Route Age: Interface: VRF Name: default IPv4 Route Dest: Next Hop: Active: Dist/Metric: Protocol: Route Age: Interface: Issue 1.0, 4 Feb 2013 Interface IP Configuration 10.81.0.2 Active-IS 0/0 local 0 days 01:04:48 ethernet 6/0.0 10.81.1.0/24 10.81.1.2 Active-IS 0/0 local 0 days 01:04:48 ethernet 6/1.0 10.81.2.0/24 10.81.2.2 Active-IS 0/0 local 0 days 01:04:48 ethernet 6/2.0 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-9 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration 802.1Q VLAN Tagging (Q-tags) MSOs often deploy Layer 3 Virtual Private Networks (VPNs) for commercial customers or other Internet Service Providers (ISPs). They also use VPNs to segregate their VoIP traffic from their data traffic for traffic engineering purposes. The E6000 CER serves as the Provider Edge (PE) access router. It is required to segregate VPN traffic within the E6000 CER domain using subinterfaces and Virtual Route Forwarders (VRFs). It must signal the VPN association to the adjacent northbound Provider (P) router. The E6000 CER does this using a layer 2 virtual circuit (VC) mechanism with 802.1Q Virtual LAN (VLAN) tags embedded in the traffic. This allows a single physical network interface to host multiple logical subinterfaces identified by Q-tags, thereby multiplexing traffic from multiple VPNs over a single physical link. The Q-tag feature extends the existing network subinterface function to include layer 2 VCs based on the presence of a Q-tag containing a VLANid in the ethernet header, as in Figure 15-1. Standard IP 802.1Q RSM CAM DMAC DMAC SMAC SMAC Etype 0800 Payload IP hdr Etype 8100 Etype 0800 VLAN Impose/Dispose Payload IP hdr SIP DIP SIP DIP Figure 15-1: Difference between Standard IP and Q-tag Encapsulation In this case subinterface traffic that arrives or leaves the RSM port is encapsulated in an ethernet frame that has a Q-tag ethertype (0x8100, as in Figure 15-2) positioned in front of a native ARP or IP ethertype (0x0806 or 0x0800 respectively). Each physical network interface may have from 0 to 255 subinterfaces defined. Each encapsulated subinterface then behaves like a separate physical interface with the Q-tag as the VC identifier. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-10 PRELIMINARY E6000 CER Release 1.0 Tag Protocol ID (TPID) Bits Interface IP Configuration Tag Control Information (TCI) 0x8100 Pri 0 VLANid 16 3 1 12 Bits Figure 15-2: IEEE 802.1Q/p Tag Format NOTE: This feature does not provide true VLAN support as defined by IEEE 802.1Q for switching tagged ethernet frames between ports. It merely uses the Q-tag as a means to multiplex multiple ethernet VCs onto a single physical ethernet link. Q-tags also carry the IEEE 802.1p priority (p-bits). The network subinterface can assign either a fixed priority value to the p-bits for all egress Q-tags or a dynamic bi-directional mapping between the IP TOS precedence bits and the Q-tag p-bits for ingress and egress IP frames. Otherwise, the egress p-bits are set to zero by default and ingress p-bits are ignored. IP TOS precedence bits, IP Differentiated Services Code Point (DSCP) bits, Class Selector (CS) bits, and 802.1p priority bits are all defined identically and therefore may be interchanged without any conversion. This capability makes it possible for intervening layer 2 switches to give the appropriate Quality of Service (QoS) treatment to ethernet frames being switched between adjacent routers. Also, the DOCSIS 2.0 service flow TOS overwrite capability may be used to impose a TOS byte on IP frames forwarded by cable modems to the E6000 CER based on flow classification rules. Thus, dynamic IP TOS precedence bit mapping to Q-tag p-bits at the network subinterfaces allows DOCSIS priorities to be propagated through the adjacent network side layer 2 switches. For more information, see IEEE standard 802.1Q, Virtual Bridged Local Area Networks, at http://standards.ieee.org/getieee802/802.1.html. One Q-tag per Network Interface This feature supports only the static configuration of one Q-tag per network subinterface. To avoid fragmentation, only one Q-tag (adding only 32 bits) will be imposed on the egress frame by the RSM port creating a maximum ether frame size of 1522 octets when a Q-tag is present. NOTE: Issue 1.0, 4 Feb 2013 The ARRIS Q-tag feature provides Virtual Circuit (VC) identity to the RSM ports. It does not support VLAN switching between RSM ports or CAM ports. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-11 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration CLI Commands Use the following command to show ARP configuration on an RSM interface: show arp (The system response can be hundreds of lines long. A partial output is shown here.) ARP cache aging has been disabled Row IP Address MAC Address 1 10.81.0.1 0018.742c.5c00 2 10.81.3.1 fc99.470e.a451 3 10.81.7.1 588d.09fd.f654 4 10.81.128.1 0018.742c.5c00 5 10.81.131.1 fc99.470e.a452 6 10.44.31.200 0000.0000.0000 7 10.81.0.0 ffff.ffff.ffff 8 10.81.0.2 0001.5c61.3a01 Type Dynamic Dynamic Dynamic Dynamic Dynamic Static Static Static State Active Active Active Active Active Active Not Present Active Interface ethernet 6/0 ethernet 6/3 ethernet 6/7 ethernet 7/0 ethernet 7/3 loopback 0 ethernet 6/0.0 ethernet 6/0.0 ffff.ffff.ffff ffff.ffff.ffff 0001.5c61.3a04 ffff.ffff.ffff Static Static Static Static Not Present Not Present Active Not Present ethernet ethernet ethernet ethernet 0000.e140.2e00 0000.e140.3000 Dynamic Active Dynamic Active cable-mac 1 (12/0/5-1/0/1) cable-mac 1 (12/0/5-1/0/1) 001d.d4d1.9532 Dynamic Active cable-mac 3 (12/2/11-1/4/0) • • 15 16 17 18 10.81.2.255 10.81.3.0 10.81.3.2 10.81.3.255 6/2.0 6/3.0 6/3.0 6/3.0 • • 61 62 10.131.0.100 10.131.0.101 • • 613 10.131.31.28 • • Use the following command to show the configuration on an RSM interface: show ip interface (Partial output) cable-mac 1.0, VRF: default, IP Address: 10.109.0.1/19 Secondary IP Address(es): 10.159.0.1/19 Physical Address: 0001.5c22.0f41 MTU is 1500 DHCP Policy mode is enabled DHCP Server Helper Address(es): Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-12 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration 10.50.9.3 for Traffic Type "any" Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 693824 OutOctets = 3208492 InUcastPkts= 1174 OutUcastPkts= 18935 InDiscards = 0 OutDiscards = 0 InErrors = 0 OutErrors = 0 InMulticastPkts= 0 OutMulticastPkts= 0 Procedure 15-2: Example of Configuration Below is a sample command sequence to implement Q-tagging on the CER. Packets originating from this VRF will have this tag and any packet arriving with that tag will get directed to this subinterface. 1 Create a new VRF: configure ip vrf tag70 2 Assign an IP to a new subinterface: configure interface ethernet 6/1.1 3 ip address 10.41.1.130 255.255.255.128 Assign a description to the new subinterface: configure interface ethernet 6/1.1 description “tag 70”. Assign a tag to the new subinterface: configure interface ethernet 6/1.1 encapsulation dot1q 70 4 Move the new subinterface into the VRFs: configure interface ethernet 6/1.1 ip vrf forwarding tag70 5 Create a cable subinterface: configure interface cable-mac 1.1 ip address 10.108.64.1 6 255.255.254.0 Move the cable subinterface into the new VRFs: configure interface cable-mac 1.1 ip vrf forwarding tag70 — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-13 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Loopback Interfaces for Routing Protocols This section deals with the RSM loopback interface that may be used by OSPF. This interface has all the characteristics of a physical interface IP address, including packet counts, admin provisioning, socket-layer accessibility, and so on. This new interface type has a presence on the RSM when in-band management is enabled. Automatic import of the loopback interface into the RSM protocol stack is consistent with existing in-band management functionality. Currently, all RSM-based interface IP addresses are imported into the RSM to allow RSM-based applications to process traffic destined for one of the E6000 CER interface IP addresses. Definitions Loopback interface — A logical IP interface that is not associated with any one physical interface. It must be reachable via any active physical interface. Active IP address — The IP address that is associated with the management (MGMT) port of the active RSM. The active IP address is the one given to the MGMT port of the active RSM. It must be used for out-of-band RSM management only. When in-band management is enabled, the RSM will not route IP datagrams destined for the active IP address to the RSM. For definitions of acronyms and abbreviations, see Abbreviations. Characteristics of the Loopback Interface Issue 1.0, 4 Feb 2013 Observe the following guidelines when configuring and administering loopback interfaces: • The E6000 CER supports 16 unique loopback interfaces, ranging from 0-15. • The subnet mask must be /32; this implies a host address. • Upon creation of a loopback interface, it will be associated with the default VRF. • If the loopback is taken down, no physical interface is taken OOS. • If OSPF is enabled on the loopback interface, the network associated with the loopback address must be advertised in a router LSA. The existing ospf command must be used: network <IP address> <mask> area <areaID>. • Like physical interfaces, a loopback may reside in only one area. • Routing protocols (RIPv2 , ISIS, OSPFv2, or BGP) will not advertise the active IP address. • When in-band management is enabled, loopback interfaces associated with the default VRF are imported into the RSM’s protocol stack. • If multiple loopback interfaces exist, the lowest value loopback interface is used as the source IP address for RSM-originated IP datagrams. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-14 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Table 15-1: CLI Commands for Active and Loopback Interface Command Purpose configure interface mgmt 6/0 active ip <address> [<netmask>] Defines the active IP address on the RSM. Valid slot numbers are 6 and 7; either one may be used to define the active IP address. If the IP mask is not provided, then it defaults to the mask of the RSM interface ip address. configure interface mgmt 6/0 no active ip [<address> [<netmask>]] Removes the active IP address associated with the RSM management port. The IP address and mask are not required. configure interface loopback <0…13> [ ip address <address> <netmask> ] [shutdown] [no] Defines the syntax to assign an IP address to a loopback interface and admin state (shutdown or restored to service). configure interface loopback <loopback number> ip vrf forwarding <vrf_name> Moves a loopback interface to the VRF specified. configure interface loopback <0…15> ip ospf cost <metric> Defines the OSPF cost to reach the loopback interface. No other OSPF parameters are configurable. To configure ports for in-band management see 5. Configure RSM Ethernet Connections on page 10-7. To configure ports for out-of-band management see 6. Out-of-Band Management (Optional) on page 10-7. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-15 E6000 CER Release 1.0 PRELIMINARY Interface IP Configuration ECMP Equal Cost Multi-Path (ECMP) routing as it is implemented in the CER, is a natural extension to Dynamic Route Redundancy (DRR). This feature allows the E6000 CER to load balance traffic on an IP prefix basis across four unique routes. Load balancing is achieved by examining the source IP address of the IP datagram when determining which of several routes to use. Note that the unique routes must be of the same cost. The cost of a route is determined by the protocol type and metric. If multiple routes to a specific prefix exist with different metrics or protocol types, then only the least cost routes are considered. In this case the E6000 CER defaults to the previously described DRR functionality, where sub-optimal routes are only used if a least cost route becomes inactive. This first piece of information that must be considered when determining the cost of a route is the protocol type. It takes precedence over the metric value. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-16 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Configuring IP Static Routes Procedure 15-3: How to Add/Delete/View a Static IP Route to the CER 1 To add an IP Route: configure ip route <dest route prefix> <dest route mask> <next-hop ip addr> [metric <0-255>] Where the value assigned to the metric parameter defines the weight or cost of the route. 2 To delete an IP Route: configure no ip route <dest route prefix> <dest route mask> <next-hop ip addr> 3 To display the IP Routes: show ip route — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-17 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration Multiple VRFs Overview The Multiple Virtual Routing and Forwarding (Multiple VRFs) feature was developed primarily to support multiple service providers. Virtual routing is a form of policy routing that allows the administrator to assign subscribers to an ISP via simple IP interface configuration on the E6000 CER. The administrator is responsible for programming the DHCP server to assign the proper IP addresses to the subscriber CMs and CPEs. However, the E6000 CER must allow for multiple network configurations, including DHCP servers that vary in location and number. Separate routing tables are maintained for each VRF. Each data packet routed through the E6000 CER is associated with a VRF and is routed using the corresponding route table. Multi VRF Functionality • Both cable and network side interfaces can be configured and assigned to a VRF instance. Network side interfaces can use QTAGs to create logical subinterfaces which may be assigned to a VRF. Cable side interfaces use the SIP of the ingress packets to associate a logical subinterface with a VRF instance. • Multiple instances of VRFs can be created each with its own route table. Dynamic routing protocols can be configured in each VRF (i.e. OSPF, RIP). Static routes can be configured into each VRF. • A default VRF instance is always automatically created. This VRF is a superset of all of the interfaces in other VRFs. This VRF is used for management traffic which is sourced or synchronized to the E6000 CER (e.g. Telnet, SNMP, Ping, DHCP, etc.). The default VRF has a special property where it may route traffic to any other VRF. • Data traffic is isolated by VRF. Data traffic between two devices within the same VRF scope will be routed within the E6000 CER. Data traffic between two devices in separate VRF scopes will not be routed within the E6000 CER unless explicitly configured. Operational Guidelines Issue 1.0, 4 Feb 2013 • The VRF feature supports only IPv4. • There are limits to the number of VRFs and the number of configured routing protocol instances. See Operational Guidelines on page 15-18. Contact ARRIS Tech Support when using this feature. The E6000 CER can support up to a total of eleven (11) VRFs: the “default” VRF plus ten additional VRFs with the following restrictions: • Static routing is supported in all 11 VRFs © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-18 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration • OSPFv2 can be supported in up to 5 VRFs • RIPv2 can be supported in up to 5 VRFs • BGP, IS-IS, and OSPFv3 are supported in the default VRF. • Multiple protocols can operate in the same VRF (e.g., a common example is to have RIPv2 and OSPFv2 operate in the same VRF with RIP being redistributed into OSPFv2). • Even though the CLI may allow for configurations beyond the restrictions described here (e.g., more than 11 VRFs), those configurations are not supported. Overview of the Sample Procedure The configuration example that follows is for demonstration purposes. Such a configuration is not likely to be encountered in the field, but it serves to show what commands are available. • In the example below we use the default VRF and create four additional ones. You may configure five non-default VRFs: just substitute a new vrf (vrf5) for the default. • This sample procedure has RIP being redistributed into OSPF and OSPF being redistributed into RIP in every VRF. This is not a recommended configuration. MSOs might configure one VRF with RIP into OSPF and another VRF with OSPF into RIP, but in most cases you will see only RIP redistributed into OSPF. • This procedure also has one RSM interface and one cable-mac in each VRF. You can have multiple interfaces (RSM or cablemacs) in a VRF. One VRF does not have to match the other VRFs in terms of the number of interfaces. The default VRF, for example, could have three RSM ports and four cable-macs. VRF1 could have only one RSM port and three cable-macs, and so on. Procedure 15-4: Example of Setting Up Five VRFs In this procedure you will add four non-default VRFs to the existing default VRF. This procedure assumes that the following interfaces are using these IP addresses: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-19 PRELIMINARY E6000 CER Release 1.0 Type Ethernet Ethernet Ethernet Ethernet Ethernet Cable-mac Cable-mac Cable-mac Cable-mac Cable-mac 1 Interface 6/1.0 6/1.1 6/1.2 7/1.1 7/1.2 1 2 3 4 5 Interface IP Configuration Address/subnet 10.0.0.1 /24 20.0.0.1 /24 30.0.0.1 /24 40.0.0.1 /24 50.0.0.1 /24 110.0.0.1 /24 120.0.0.1 /24 130.0.0.1 /24 140.0.0.1 /24 150.0.0.1 /24 These are the commands you would use to define the interfaces listed above: configure interface Ethernet 6/1.0 ip address 10.0.0.1 255.255.255.0 configure interface Ethernet 6/1.1 ip address 20.0.0.1 255.255.255.0 configure interface Ethernet 6/1.2 ip address 30.0.0.1 255.255.255.0 configure interface Ethernet 7/1.1 ip address 40.0.0.1 255.255.255.0 configure interface Ethernet 7/1.2 ip address 50.0.0.1 255.255.255.0 configure interface cable-mac 1 ip address 110.0.0.1 255.255.255.0 configure interface cable-mac 2 ip address 120.0.0.1 255.255.255.0 configure interface cable-mac 3 ip address 130.0.0.1 255.255.255.0 configure interface cable-mac 4 ip address 140.0.0.1 255.255.255.0 configure interface cable-mac 5 ip address 150.0.0.1 255.255.255.0 2 Create the VRFs: configure ip vrf vrf1 configure ip vrf vrf2 configure ip vrf vrf3 configure ip vrf vrf4 3 The purpose of this step is to associate the interfaces with VRFs. configure interface Ethernet 6/1.0 ip vrf forwarding default Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-20 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration configure interface Ethernet 6/1.1 ip vrf forwarding vrf1 configure interface Ethernet 6/1.2 ip vrf forwarding vrf2 configure interface Ethernet 7/1.1 ip vrf forwarding vrf3 configure interface Ethernet 7/1.2 ip vrf forwarding vrf4 configure interface cable-mac 1 ip vrf forwarding default configure interface cable-mac 2 ip vrf forwarding vrf1 configure interface cable-mac 3 ip vrf forwarding vrf2 configure interface cable-mac 4 ip vrf forwarding vrf3 configure interface cable-mac 5 ip vrf forwarding vrf4 4 The use of sub-interfaces requires q-tags. Assign Q-tags to the sub-interfaces: configure interface Ethernet 6/1.1 encapsulation dot1q 100 configure interface Ethernet 6/1.2 encapsulation dot1q 101 configure interface Ethernet 7/1.1 encapsulation dot1q 102 configure interface Ethernet 7/1.2 encapsulation dot1q 103 5 (Optional) Enable RIP on one or more of the VRFs: configure router rip vrf default enable configure router rip vrf vrf1 enable configure router rip vrf vrf2 enable configure router rip vrf vrf3 enable configure router rip vrf vrf4 enable 6 (Optional) Configure the interfaces to which RIP runs: configure router rip vrf default network 10.0.0.0 configure router rip vrf vrf1 network 20.0.0.0 configure router rip vrf vrf2 network 30.0.0.0 configure router rip vrf vrf3 network 40.0.0.0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-21 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration configure router rip vrf vrf4 network 50.0.0.0 configure router rip vrf default network 110.0.0.0 configure router rip vrf vrf1 network 120.0.0.0 configure router rip vrf vrf2 network 130.0.0.0 configure router rip vrf vrf3 network 140.0.0.0 configure router rip vrf vrf4 network 150.0.0.0 7 (Optional) Configure the router ID for the OSPF instances: configure router ospf vrf default router-id 10.0.0.1 configure router ospf vrf vrf1 router-id 20.0.0.1 configure router ospf vrf vrf2 router-id 30.0.0.1 configure router ospf vrf vrf3 router-id 40.0.0.1 configure router ospf vrf vrf4 router-id 50.0.0.1 8 Create the OSPF areas: configure router ospf vrf default network 10.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf1 network 20.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf2 network 30.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf3 network 40.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf4 network 50.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf default network 110.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf1 network 120.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf2 network 130.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf3 network 140.0.0.0 0.0.0.255 area 0.0.0.0 configure router ospf vrf vrf4 network 150.0.0.0 0.0.0.255 area 0.0.0.0 9 Issue 1.0, 4 Feb 2013 (Optional) Enable OSPF on all five VRFs: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-22 PRELIMINARY E6000 CER Release 1.0 Interface IP Configuration configure router ospf vrf default enable configure router ospf vrf vrf1 enable configure router ospf vrf vrf2 enable configure router ospf vrf vrf3 enable configure router ospf vrf vrf4 enable 10 (Optional) Redistribute RIP into OSPF: configure router ospf vrf default redistribute rip configure router ospf vrf vrf1 redistribute rip configure router ospf vrf vrf2 redistribute rip configure router ospf vrf vrf3 redistribute rip configure router ospf vrf vrf4 redistribute rip — End of Procedure — Additional Information Issue 1.0, 4 Feb 2013 The procedure above is for demonstration purposes. Adapt it to the requirements of your site and application. • You may configure five non-default VRFs: just substitute a new vrf (vrf5) for the default. • This sample procedure has RIP being redistributed into OSPF. MSOs might configure one VRF with RIP into OSPF and another VRF with OSPF into RIP, but in most cases you will only see RIP redistributed into OSPF. • This procedure also has one RSM interface and one cable-mac in each VRF. You can have multiple interfaces (RSM or cablemac) in a VRF. One VRF does not have to match the other VRFs in terms of the number of interfaces. The default VRF, for example, could have three RSM ports and four cable-macs. VRF1 could have only one RSM port and three cable-macs, and so on. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 15-23 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Interface IP Configuration PRELIMINARY 15-24 PRELIMINARY E6000 CER Release 1.0 16 IP Packet Filters, Subscriber Management IP Packet Filters, Subscriber Management IP Packet Filtering 2 Effect of IP Packet Filtering / Subscriber Management on IP Address Limits Overview Issue 1.0, 4 Feb 2013 18 Filtering out packets destined for infrastructure components allows an MSO to reduce the risk of outside break-ins, such as denialof-service attacks. Separate configuration files referencing different filter groups could be used as part of a multiple Internet Service Provider (ISP) application. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-1 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management IP Packet Filtering IP packet filtering, provides a way for the network administrator to precisely define how incoming IP traffic is managed. IP packet filtering is an important element in maintaining the integrity of E6000 CER traffic. NOTE: Filters cannot be applied to broadcast or multicast traffic. The IP Packet Filtering feature is based on DOCSIS Subscriber Management Filtering. IP Packet Filter An IP packet filter is a provisionable mechanism that examines the header of each IP packet and looks to match the contents of any or all of the following data fields: • Source IPv4 address • Source IPv4 mask • Destination IPv4 address • Destination IPv4 mask • Source IPv6 address • Source IPv6 prefix • Destination IPv6 address • Destination IPv6 prefix • Type of service • IP Version • IPv6 Flow Label • Source port • Destination port • IP Protol • Based on a match condition one of the following filter actions can be taken: - Issue 1.0, 4 Feb 2013 Drop Accept © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-2 PRELIMINARY E6000 CER Release 1.0 NOTE: IP Packet Filters, Subscriber Management Optional IP packet filters can be provisioned to match these fields. IP Filter Group IP filters are configured in groups. The filters in each group are kept in an ordered list. Matching Requirements All IP filters in a group are applied in sequence, and the first one to satisfy the matching requirements is used as the one and only match. When an IP filter encounters a packet that matches, the match count for this IP filter is incremented and the packet is accepted or dropped depending on the action programmed for this IP filter. If no rules match then the packet is accepted. A packet matches a filter if all of the values of the filter fields match the values in the corresponding packet fields. If there is a match, the E6000 CER increments the count for this filter and (depending on how the filter is configured): • Accepts the packet. • Accepts and logs the accepted packet. • Drops the packet. • Drops and logs the dropped packet. NOTE: The logging of all allowed packets and dropped packets will cause a considerable load on the E6000 CER. Indexing Every rule in a filter group is identified by a number from 1-63. This number is called its index in the CLI and is necessary to add, delete, or modify an individual filter of a filter group. The index numbers also specify the order in which the filters of a filter group are applied, starting with index number one and ending with number thirty-one. Cable Modem Registration When a cable modem registers, filter groups for upstream and downstream packets are assigned to it. Also, each modem is assigned additional filter groups that will be used for CPEs behind that cable modem. These filter groups are based on the device classes of the CPEs. See Filter Groups Based on Device Class on page 19-10. Additionally, three sets of data are used to determine if IP packet filtering is to be applied to the modem: Issue 1.0, 4 Feb 2013 • First, the modem configuration file can include TLVs that instruct the E6000 CER to set up IP packet filtering for that modem and the CPEs behind it. • Then, if these TLVs are not present, the E6000 CER checks if defaults are provisioned for the subinterface the CM or CPE is on. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-3 PRELIMINARY E6000 CER Release 1.0 • IP Packet Filters, Subscriber Management Finally, if neither of these are present, then the system-wide parameters specifying default filter groups are applied. For the filter parameters to take effect: • The Subscriber Management feature must be enabled (default = active) • The desired filters must be configured • Cable modems must register or re-register in order to use their filters • Individual filters can be modified with new rules applied dynamically. If a filter group has been applied to a registered modem and a new filter index is added to that group, the modem does not have to re-register for that filter index to be enabled. Filter Group Numbering Scheme Cable modem configuration files or E6000 CER subscriber management default settings refer to a filter group number from 1-1023. NOTE: The value 0 indicates that no filter group applies. Currently, 63 rules (1-63) per filter group are supported. Therefore, it is possible to have 1023 filter groups, each with 63 rules. If you specify a port values or ranges in a filter rule, you should also specify the IP protocol: • UDP (6) • TCP (17) • or both (257) Filtering Related CLI Commands The CLI commands associated with filtering are provided in Table 16-1. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-4 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management Table 16-1: Filter Group Related CLI Commands Description Command clear cable filter group <group> [index <index>] counters This command clears the filter match counters. Example Command: clear cable filter group 1 index 5 counters This command configures the IP packet filtering parameters for configure cable filter group <group number> index <index number> [parameter name <value>] [no] the specified packet filter. See also IPv4 and IPv6 Drop/Accept Packet Command Examples, Port Filter Drop Command ExamUse the [no] option to delete the packet filter. ples, IP Protocol Filter Command Examples, and Match Action Command Examples. This command configures the IP Type of Service (TOS) settings, configure cable filter group <group number> index <index number> ip-tos <mask> <tos value> [parameter name <value>] and (optionally) the IP packet filtering parameters for the specified packet filter. See also TOS Filtering Command Example. This command configures the IP Protocol operation mode to enable both UDP and TCP filtering in the same filter. Use the [no] option to disable the IP Protocol operation mode. configure operation mode <operation mode> [no] NOTE: The specific operation mode that is applicable is, enbudptcpfltr. See also UDP and TCP Filtering in Same Filter. configure interface cable-mac <mac> cable submgmt default filter-group <{cm | This command provisions the subscriber management for the host | cpe | mta | ps | stb }> <{upstream | downstream}> <group ID> [no] specified filter group. See also Default Filter Subinterface Assignment Examples. Use the [no] option to delete a specific filter group, For more information, also see Filter Groups Based on Device Class on page 17-7. This command configures the data packet logging operation configure cable filter group <group> index <index> log [parameter name <value>] that the E6000 CER performs when a match occurs on a packet. [no] Use the [no] option to disable logging of the packet filter(s). This command displays the cable IP filter information. This command displays the captured packet’s history. Issue 1.0, 4 Feb 2013 See also Drop Packets Log Data. show cable filter [group <group number> [verbose] [clearmatches] See also Show Cable Filter Command. show logging history See also Show Logging History Command. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-5 PRELIMINARY E6000 CER Release 1.0 Description Command (Continued) This command displays the IP Protocol operation mode status. This command displays general information on functionality and display options for all cable modems registered or attempting to register. Drop Packets Log Data Issue 1.0, 4 Feb 2013 IP Packet Filters, Subscriber Management show operation mode See also Show Operation Mode Command. show cable modem See also Show Logging History Command. The following command examples drop packets for filter group 4, indices 1 through 5: configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter group group group group group group group group group group group group group group group group group group group group group group group group group group group group group group group group 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 index index index index index index index index index index index index index index index index index index index index index index index index index index index index index index index index 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 4 4 ip-version ipv4 src-ip 0.0.0.0 src-mask 0.0.0.0 src-port 65536 dest-ip 0.0.0.0 dest-mask 0.0.0.0 dest-port 135 ip-proto 257 match-action drop ip-tos 0x0 0x0 ip-version ipv4 src-ip 0.0.0.0 src-mask 0.0.0.0 src-port 65536 dest-ip 0.0.0.0 dest-mask 0.0.0.0 dest-port 137 ip-proto 257 match-action drop ip-tos 0x0 0x0 ip-version ipv4 src-ip 0.0.0.0 src-mask 0.0.0.0 src-port 65536 dest-ip 0.0.0.0 dest-mask 0.0.0.0 dest-port 138 ip-proto 257 match-action drop ip-tos 0x0 0x0 ip-version ipv4 src-ip 0.0.0.0 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-6 PRELIMINARY E6000 CER Release 1.0 configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure configure Show Cable Filter Command cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable cable filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter filter group group group group group group group group group group group group group group group group group group 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 index index index index index index index index index index index index index index index index index index 4 4 4 4 4 4 4 4 5 5 5 5 5 5 5 5 5 5 IP Packet Filters, Subscriber Management src-mask 0.0.0.0 src-port 65536 dest-ip 0.0.0.0 dest-mask 0.0.0.0 dest-port 139 ip-proto 257 match-action drop ip-tos 0x0 0x0 ip-version ipv4 src-ip 0.0.0.0 src-mask 0.0.0.0 src-port 65536 dest-ip 0.0.0.0 dest-mask 0.0.0.0 dest-port 445 ip-proto 257 match-action drop ip-tos 0x0 0x0 To display the configured information for all filter groups in the E6000 CER, use the following command: show cable filter An output similar to the following example will occur: Ip TOS V6-Flow Grp Idx Prot Mask/Val Label ---- --- ---- -------- ------4 1 257 4 2 257 4 3 257 4 4 257 4 5 257 - Enable Logging Source Dest Port Port ------ -----135 137 138 139 445 Action -----drop drop drop drop drop IP Src/ Capture Matched Type Dest -------- ---------- ---- ---Enabled 0 ipv4 Enabled 54 ipv4 Enabled 16 ipv4 Enabled 3 ipv4 Enabled 3 ipv4 - Address -------------- Once packet logging is enabled it does not get sent to the log by default, the following two commands are used to enable logging: configure logging debug ip packet brief configure logging debug ip packet detail Disable Logging To disable logging, enter the following command: clear logging debug Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-7 PRELIMINARY E6000 CER Release 1.0 Show Operation Mode Command IP Packet Filters, Subscriber Management The following command can be used to identify the current state of the IP Protocol operation mode, as regards to UDP and TCP filtering: show operation mode An output similar to the following example will occur: Enabled Enabled Enabled Disabled Disabled Enabled Enabled Disabled Enabled Disabled Disabled Disabled Disabled Disabled Enabled Disabled Show Logging History Command : (dqossf10cms) Allow 1.0 CMs in DocsQosServiceFlowEntry : (adjrxpwrctl) Allow adjustment of rx power control by mod type : (enbudptcpfltr) Allow combining of Udp and Tcp messages in same filter <------: (upce) Enable Upstream Packet Classification Enforcement : (DSPeakTrafficRateTLV2516) Use old MULPI spec (TLV 25.16) for DS Peak Traf Rate instead of new spec (TLV 25.27) : (cpeNacksForceCmReset) Force CM reset upon receiving 3 consecutive CPE NACKs : (LBalDynUnbondUcast) Enable load balancing of new dynamic unbonded unicast US and DS flows for a multi-channel CM : (FactoryDCAMTest) Allow configuration of 192 downstreams on annex-A and 256 downstreams on annex-B DCAMs : (cmstatusoperational) Allow modem status at the CMTS to reach operational(8) : (docsis20test) DOCSIS 2.0 Testing : (showCmFormatCV) Force alternative output of "show cable modem" : (docsis10plus) Docsis 1.0+ support : (downstreamOverride) Downstream Frequency Override : (suppress-dcd) Supression of DCD messages : (virtualCm) Allow Virtual cable modems : (bpiHybrid) Allow upgraded DOCSIS 1.0 modems to operate using BPI+ To display log output with logging enabled: show logging history An output containing information similar to the following occurs 20:51:53 06 notc: CLI command:a:10.43.130.79:show running-config full verbose | include subm 20:52:41 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:42 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:42 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:42 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:42 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:43 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:43 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:43 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:43 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 PRELIMINARY 16-8 E6000 CER Release 1.0 PRELIMINARY IP Packet Filters, Subscriber Management Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:43 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:44 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:44 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:44 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:44 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:45 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:52 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:53 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:53 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:53 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:53 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:54 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:54 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:54 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:54 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:54 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:55 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:55 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:55 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:55 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:56 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:57 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:57 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:58 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, 20:52:58 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 destport=137 PRELIMINARY 16-9 E6000 CER Release 1.0 PRELIMINARY IP Packet Filters, Subscriber Management Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:52:59 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:52:59 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:00 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:00 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:00 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:00 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:01 01 debg: Debug:ip.packet.brief:(4/3 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:01 01 debg: Debug:ip.packet.brief:(4/3 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:03 01 debg: Debug:ip.packet.brief:(4/3 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:04 01 debg: Debug:ip.packet.brief:(4/3 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:06 01 debg: Debug:ip.packet.brief:(4/3 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:17 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:18 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:19 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:19 06 notc: CLI command:a:10.43.130.79:show cable filter 20:53:22 01 debg: Debug:ip.packet.brief:(4/3 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:23 01 debg: Debug:ip.packet.brief:(4/3 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:24 06 notc: CHMON: setting fan speed to level 11 (3137 RPM), previous level 10 (3078 RPM) - auto 20:53:24 01 debg: Debug:ip.packet.brief:(4/3 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:25 01 debg: Debug:ip.packet.brief:(4/3 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=138, destport=138 20:53:26 01 debg: Debug:ip.packet.brief:(4/2 US-3) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:27 01 debg: Debug:ip.packet.brief:(4/2 US-1) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:28 01 debg: Debug:ip.packet.brief:(4/2 US-2) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 20:53:28 01 debg: Debug:ip.packet.brief:(4/2 US-0) Smac: 0011.2513.e249, Dmac: ffff.ffff.ffff Pkt Type: IPV4, sip=10.44.121.67, dip=10.44.121.95, ulp=UDP, tos=0, flowid=0, srcport=137, destport=137 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-10 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management Drop Packet By Flow Label or IP Version Packets can be dropped by means of filtering on the: • IPv6 flow label (v6-flow-label) in the range 0-1048575. • IP version (ip-version) which can be ipv6, ipv4, or unknown. IPv4 and IPv6 Drop/Accept Packet Command Examples The following paragraphs provide drop and accept examples pertaining to IPv4 and IPv6 filter group commands. Drop Packets (IPv4 Source) The following example command drops packets with an IPv4 source address (src-ip) of 10.119.30.255, and with an IPv4 source address mask (src-mask) of 255.255.255.0: configure cable filter group 10 index 1 src-ip 10.119.30.255 src-mask 255.255.255.0 match-action drop Accept Packets (IPv4 Destination) The following example command accepts packets with an IPv4 destination address of 10.119.31.255, and with an IPv4 destination address mask of 255.255.255.0: configure cable filter group 10 index 2 dest-ip 10.119.31.255 dest-mask 255.255.255.0 match-action accept Drop Packets (IPv6 Source) The following example command drops packets with an IPv6 source address (v6-src-address) of fc00:cada:c426:c001:0:0:0:1011, and with an IPv6 source address prefix length (v6-src-pfxlen) of 128: configure cable filter group 20 index 1 v6-src-address fc00:cada:c426:c001:0:0:0:1011 v6-src-pfxlen 128 match-action drop Accept Packets (IPv6 Destination) The following example command accepts packets with an IPv6 destination address (v6-dest-address) of fc00:cada:c426:c001:0:0:0:1012 and with an IPv6 destination address prefix length (v6-dest-pfxlen) of 128: configure cable filter group 20 index 2 v6-dest-address fc00:cada:c426:c001:0:0:0:1012 v6-dest-pfxlen 128 match-action accept Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-11 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management Drop Packet by IPv6 Flow Label The following command example drops all IPv6 packets with a flow label of 10: Drop Packet by IP Version The following command example drops all IPv6 packets: configure cable filter group 20 index 1 v6-flow-label 10 match-action drop configure cable filter group 20 index 1 ip-version ipv6 match-action drop Port Filters Port filters perform IP packet header filtering on the source or destination port. Source and Destination Port Values The following port source and destination values apply: • UDP source port. Value in the range 0-65536. • UDP destination port. Value in the range 0-65536. The source and destination port fields of a filter can be given the value of 65536, which acts as a match-all or wildcard. If the source port field of the filter is set to 65536, then any value in a source port field of the packets is considered a match. Common Port Values Some common port values are shown in Table 16-2. Table 16-2: Common Port Values Issue 1.0, 4 Feb 2013 Port Description 23 telnet 25 SMTP 67 bootps 68 bootpc 69 tftp 137 Microsoft SMB (NetBIOS Name Service) 138 Microsoft SMB (NetBIOS Datagram Service) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-12 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management Port Description (Continued) 139 Microsoft SMB (NetBIOS Session Service) 206 Apple Ethertalk 2301 Compaq Insight Manager 65536 Any port All ports Listed in /etc/services on any UNIX system Port Filter Drop Command Examples The following paragraphs provide drop examples pertaining to source and destination port filter group commands. Drop Packets for Destination Port The following command example filter drops UDP packets for a destination port of 50,000: Drop Packets from Source Port to Destination Port The following command example filter drops all TCP packets from a given source port to a given destination port: Drop All Telnet Packets The filters created by the following two command examples will cause the E6000 CER to drop all telnet packets: configure cable filter group 11 index 1 ip-proto 17 dest-port 50000 action drop configure cable filter group 20 index 2 ip-proto 6 src-port 2101 dest-port 10122 action drop configure cable filter group 10 index 1 src-port 23 match-action drop configure cable filter group 10 index 2 dest-port 23 match-action drop IP Protocol Filters IP packet header filtering can be configured for IP protocols. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-13 PRELIMINARY E6000 CER Release 1.0 IP Protocol Values IP Packet Filters, Subscriber Management The match-all value for the IP protocol (ip-proto) field is 256. If the ip-proto field in the command is set to 256, then all IP packet protocol values are considered a match. The value range for IP protocols is 0-257. Common Protocol Values Some common protocol values are provided in Table 16-3. Table 16-3: Common Protocol Values NOTE: IP Protocol Description 1 ICMP 6 TCP 17 UDP 256 Any protocol 257 UDP and TCP (See note) All protocols Listed in /etc/protocols on any UNIX system If the operation mode is set to enbudptcpfltr (see UDP and TCP Filtering in Same Filter), and the ip-proto value is set to 257, then combined UDP and TCP filtering is enabled. If the operation mode enbudptcpfltr is reset, then the ip-proto value cannot be set to 257 and combined UDP and TCP filtering is disabled. IP Protocol Filter Command Examples The following paragraphs provide drop examples pertaining to IP protocol Filter commands. Drop All ICMP Packets The following command example filter drops all ICMP packets: Drop All TCP Packets at Specific Source The following command example filter drops all TCP packets originating at a specific source port and meant for a specific destination port: Issue 1.0, 4 Feb 2013 configure cable filter group 20 index 1 ip-proto 1 match-action drop © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-14 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management configure cable filter group 20 index 2 ip-proto 6 src-port mmm dest-port nnn action drop Where: mmm and nnn are the numbers of the ports. Drop All UDP Packets for Given Destination The following command example filter drops all UDP packets meant for a given destination port: UDP and TCP Filtering in Same Filter To enable both UDP and TCP filtering requires the use of the configure operation mode command. See the following command examples: configure cable filter group 20 index 3 ip-proto 17 dest-port nnn action drop Where: NOTE: nnn is the number of a port. UDP and TCP filtering is enabled by default. To enable UDP and TCP filtering: configure operation mode enbudptcpfltr To disable both UDP and TCP filtering in the same filter: configure operation mode enbudptcpfltr no Type of Service and Match Action Filtering IP packet filtering can also be configured based on the: TOS Filtering • Type of Service (TOS) • Match action The mask is entered against the value of the TOS byte in hexadecimal. The TOS byte is depicted as follows: 0 1 Precedence Issue 1.0, 4 Feb 2013 2 3 4 5 D T R © 2013 ARRIS Group, Inc. — All Rights Reserved 6 7 Unused PRELIMINARY 16-15 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management The 0 equates to the Most Significant Bit and the 7 equates to the Least Significant Bit. Precedence Bits — The three precedence bits have a value from 0 to 7 and are used to indicate the importance of a datagram. The default is 0. The higher the binary number, the better the TOS as shown in Table 16-4. Table 16-4: Precedence Bits Bits TOS 111 Network Control 110 Internetwork Control 101 CRITIC/ECP 100 Flash Override 011 Flash 010 Immediate 001 Priority 000 Routine Remaining Bits — Bits 3, 4, and 5 represent the following: • D (requests low delay) • T (requests high throughput) • R (requests high reliability) Bits 6 and 7 are unused. Match Action Filtering A drop or accept action can be configured for a packet when a match occurs. TOS Filtering Command Example The following TOS Filtering command example drops all priority packets: configure cable filter group 20 index 1 ip-tos <mask> <value> match-action drop Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-16 PRELIMINARY E6000 CER Release 1.0 Where: IP Packet Filters, Subscriber Management mask= Mask against TOS value. The byte must be in hex (0x0-0xFF) value = the TOS value, byte in hex (0x0 - 0xFF) Match Action Command Examples The following command example accepts all packets that match the filter for IPv4: configure cable filter group 20 index 2 ip-version ipv4 match-action accept The following command example drops all packets that match the filter for IPv6: configure cable filter group 20 index 3 ip-version ipv6 match-action drop Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-17 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management Effect of IP Packet Filtering / Subscriber Management on IP Address Limits The IP Packet Filtering / Subscriber Management feature affects the maximum number of IP addresses behind a CM that the E6000 CER can learn. The following are the guidelines to be followed when enabling or disabling this feature. Subscriber Management Off If IP Packet Filtering / Subscriber Management is turned off, then a single CM can have the following maximums: • 64 total CPE IPv6 addresses • 32 total CPE IPv4 addresses The user cannot reconfigure these limits if Subscriber Management is disabled. The show cable modem detail command output will show “IPv4 Addr=32, IPv6 Addr=64”. See a sample system output Show Logging History Command. Subscriber Management On If IP Packet Filtering / Subscriber Management is turned on, then a single CM can have the following default maximums: • 16 total CPE IPv6 addresses • 16 total CPE IPv4 addresses The user can reconfigure these limits in the CLI or in the CM configuration file. To change the default maximums, use the following commands: Issue 1.0, 4 Feb 2013 For IPv6: configure cable submgmt default v6-max-cpe <0-64> For IPv4: configure cable submgmt default max-cpe <0-32> © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-18 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management Per-Interface Configuration Per-interface IP packet filtering configuration applies only to IPv4 packets. It can be used to set packet filters for modems and CPEs based on the IP address or VRF that references the IPv4 address space for the modem or device. Default Filter Groups Multiple Subinterface Environment When a cable modem or CPE is assigned an IPv4 address, the E6000 CER determines default IP filter groups in the following order: a First, the modem configuration file can have TLVs for that modem and its CPE device types that instruct the E6000 CER to set up IP packet filtering. b If these TLVs are not present, then the E6000 CER checks to see if per-interface IP packet filters have been configured. c Finally, if there are no TLV or per-interface IP packet filters configured, the system-wide parameters specifying default filter groups are applied. In a multiple subinterface environment, modems on each subinterface could be assigned modem configuration files that specify filter groups that are specific for that subinterface. This capability exists today in any system compliant with DOCSIS® 1.1. The provisioning system determines on which subinterface each modem resides, a necessary step for assigning the IP address. It then uses the modem to which the CPE is attached to determine the CPE’s subinterface. The ability to assign default IP filter groups based on the subinterface and derived from the IP address of the CM or CPE is an enhancement of the per-subinterface IP packet filtering feature. If per-subinterface filter groups have been assigned, they are used in place of the system-wide default filter groups. However, the per-subinterface filter groups are not used if filter groups are assigned in the modem configuration file. For CPEs, the assignment of these new subinterface level filter group parameters would take place when an IP address is assigned by DHCP, in addition to when the CPE is learned, since CPE assignment to a subinterface would take place when it gets its IP address. If a CPE doesn't have an IP address when it is first learned (i.e., it is doing DHCP), it initially uses the CPE filters associated with the modem's subinterface. Once it obtains an IP address, the CPE's filter group will change if the CPE is in a different subinterface than the modem and that subinterface has default values that are different from the modem’s. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-19 PRELIMINARY E6000 CER Release 1.0 Default Filter Subinterface Assignment Examples IP Packet Filters, Subscriber Management The following CLI commands assign default filters for a subinterface: configure interface cable-mac 1.0 cable submgmt default filter-group cm downstream <group> configure interface cable-mac 1.0 cable submgmt default filter-group cm upstream <group> configure interface cable-mac 1.0 cable submgmt default filter-group host downstream <group> configure interface cable-mac 1.0 cable submgmt default filter-group host upstream <group> Default Subscriber Management Settings Default filter groups and other subscriber management defaults are used when no groups or other specific subscriber management parameters are specified in the cable modem config file. Defaults apply to the parameters unless otherwise specified in the cable modem config file. Default Parameter Configuration Subscriber management control must be enabled for default parameters to have an effect. Once enabled, filters are applied to modems when they register or re-register. Modems registered prior to default parameter configuration will not be affected. Enable/Disable Command Example Use the following command to enable or disable subscriber management control: Set Default Command Examples Use the following command form to set default values for registering modems: configure [no] cable submgmt default active configure cable submgmt default <parameter> Example: configure cable submgmt default ? active filter-group learnable max-cpe v6-max-cpe Issue 1.0, 4 Feb 2013 - CPE Control for Subscriber Management Filtering Configure filter groups Filter group provisioning is learned from CM/eSAFE device Provision the maximum number of IP addresses behind a CM. Provision the maximum number of IPv6 addresses behind a CM. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-20 PRELIMINARY E6000 CER Release 1.0 NOTE: IP Packet Filters, Subscriber Management Parameters referring to IPv6 in the CLI syntax specifically refer to version 6. For example, “v6-max-cpe”. IP related parameters that do not specifically refer to IPv6 are IPv4. For example, “max-cpe” refers to IPv4 addresses. Syntax: configure cable submgmt default active configure cable submgmt default filter-group host upstream 10 configure cable submgmt default filter-group host downstream 10 configure cable submgmt default learnable configure cable submgmt default max-cpe 16 Where: the range of max-cpe is 0-32, and 0 means “Do not allow any.” configure cable submgmt default v6-max-cpe 16 Where: the range of v6-max-cpe is 0-64, and 0 means “Do not allow any.” IP Packet Filtering Configuration Example This scenario assumes that the CAM is in-service and that its RF parameters have been set. Use the following sequence of commands (or script) as an example of filter group configuration: The series of commands below creates a filter designed to drop netbios traffic and allow all other traffic from a CPE. Issue 1.0, 4 Feb 2013 configure configure configure configure configure cable cable cable cable cable submgmt submgmt submgmt submgmt submgmt configure configure configure configure configure configure cable cable cable cable cable cable filter filter filter filter filter filter default default default default default group group group group group group 4 4 4 4 4 4 filter-group filter-group filter-group filter-group active index index index index index index 1 1 1 1 1 1 cm downstream 1 cm upstream 2 cpe downstream 3 cpe upstream 4 ip-version ipv4 src-port 65536 dest-port 135 ip-proto 257 match-action drop ip-tos 0x0 0x0 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-21 PRELIMINARY E6000 CER Release 1.0 configure configure configure configure configure configure cable cable cable cable cable cable filter filter filter filter filter filter group group group group group group 4 4 4 4 4 4 index index index index index index 2 2 2 2 2 2 ip-version ipv4 src-port 65536 dest-port 137 ip-proto 257 match-action drop ip-tos 0x0 0x0 configure configure configure configure configure configure cable cable cable cable cable cable filter filter filter filter filter filter group group group group group group 4 4 4 4 4 4 index index index index index index 3 3 3 3 3 3 ip-version ipv4 src-port 65536 dest-port 138 ip-proto 257 match-action drop ip-tos 0x0 0x0 configure configure configure configure configure configure cable cable cable cable cable cable filter filter filter filter filter filter group group group group group group 4 4 4 4 4 4 index index index index index index 4 4 4 4 4 4 ip-version ipv4 src-port 65536 dest-port 139 ip-proto 257 match-action drop ip-tos 0x0 0x0 configure configure configure configure configure configure cable cable cable cable cable cable filter filter filter filter filter filter group group group group group group 4 4 4 4 4 4 index index index index index index 5 5 5 5 5 5 ip-version ipv4 src-port 65536 dest-port 445 ip-proto 257 match-action drop ip-tos 0x0 0x0 IP Packet Filters, Subscriber Management Confirm your results with the following command: show cable filter group 4 Sample system response: Ip TOS V6-Flow Grp Idx Prot Mask/Val Label ---- --- ---- -------- ------4 1 257 00/00 4 2 257 00/00 4 3 257 00/00 4 4 257 00/00 4 5 257 00/00 - Issue 1.0, 4 Feb 2013 Source Dest Port Port ------ -----135 137 138 139 445 Action -----drop drop drop drop drop Capture Matched -------- ---------Disabled 0 Disabled 0 Disabled 0 Disabled 0 Disabled 0 © 2013 ARRIS Group, Inc. — All Rights Reserved IP Type ---ipv4 ipv4 ipv4 ipv4 ipv4 Src/ Dest ---- Address -------------- PRELIMINARY 16-22 PRELIMINARY E6000 CER Release 1.0 IP Packet Filters, Subscriber Management The following command displays the settings for filter index 1 of group 2 in verbose mode: show cable filter group 2 index 1 verbose An example of the system response: IP Filter Group For Group 2 Index 1 IP Type: ipv4 Source address: -Source mask: -Destination address: -Destination mask: -IP Protocol: 257 TOS: 00 TOS Mask: 00 Action: drop Source Port: -Destination Port: 135 Capture: Disabled Number of times rule was matched: 0 Last Cleared on: Mon Dec 3 12:27:19 2012 Use the following command to display which filters are being applied to the CM with a given MAC address and to the CPEs behind it: show cable modem detail CM 001d.cf1e.492c A sample of the system response is shown below: Dec 3 12:30:24 12/5/15-3/5/8 CM 001d.cf1e.492c (Arris) D3.0 State=Operational D1.1/atdma PrimSID=8197 Cable-Mac= 1, mCMsg = 2 mDSsg = 1 mUSsg = 1 RCP_ID= 0x0010000005 RCC_Stat= 4, RCS=0x01000002 TCS=0x01000002 Timing Offset=1262 Rec Power= 0.00 dBmV Proto-Throttle=Normal dsPartialServMask=0x0000 usPartialServ-Mask=0x000000 Uptime= 0 days 0:02:52 IPv4=10.127.31.252 cfg=basic_30.bin LB Policy=0 LB Group=16781312 Filter-Group CM-Down:2 CM-Up:2 Privacy=Disabled MDF Capability= GMAC Promiscuous(2) MDF Mode= MDF Disabled(0) u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports uB 11 6 Activ BE 0 0 0 0 0 0 3/5/8-11 dB 12 *6 Activ 0 0 0 0 12/5/8-15 L2VPN per CM: (Disabled) Current CPE=1, IPv4 Addr=1, IPv6 Addr=1 Max CPE=16, IPv4 Addr=8, IPv6 Addr=16 CPE 0000.0000.0002 Filter-Group:Up=2 Down=2 Proto-Throttle=Normal IPv6=fc00:cada:c427:c001::64 +CPE 0000.0000.0002 IPv4=10.127.0.100 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 16-23 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved IP Packet Filters, Subscriber Management PRELIMINARY 16-24 PRELIMINARY E6000 CER Release 1.0 17 Baseline Privacy Interface (BPI) Baseline Privacy Interface (BPI) Baseline Privacy Setup Issue 1.0, 4 Feb 2013 5 Baseline Privacy Debugging 16 Baseline Privacy Trap Codes 19 Baseline Privacy: CLI Commands 23 BPI+ Enforce 26 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-1 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Baseline Privacy Overview This section is a brief and high-level overview, further detailed information can be obtained from CableLabs® in the latest versions of the DOCSIS® Baseline Privacy and Baseline Privacy Plus Interface specifications. Baseline Privacy (BP) provides cable modem users with data privacy across the cable network equal to or better than that provided by dedicated line network services. It does this by encrypting traffic flows on the RF link between the CM and the E6000 CER. Baseline Privacy also provides cable operators with protection from theft of data services. Baseline Privacy Plus Interface (BPI+) is an extension of the Baseline Privacy Interface (BPI); it further strengthens the BP specification by adding cable modem authentication through the use of X.509 digital certificates. BPI+ is entirely backwards compatible with the earlier BPI specification. The Baseline Privacy portion of the DOCSIS® specification is compatible with cable modems operating in BPI or BPI+ mode. BPI Operations Baseline Privacy is comprised of two separate but interrelated protocols. The first is Baseline Privacy Key Management (BPKM), the second is the packet data encryption on the RF link. BPKM The CM and E6000 CER use the BPKM protocol to determine authorization status and transfer of traffic keying material. Through this key management protocol, the CM and E6000 CER synchronize keying information. BPKM follows a client/server model where the CM, the client, requests encryption material and the E6000 CER, the server, responds to those requests. BPKM uses DOCSIS® MAC Management messaging in the request/reply operations of the BPKM protocol. Baseline Privacy uses public-key cryptography to establish symmetric traffic keys between the CM and E6000 CER. Packet Data Encryption Packet data encryption is an extended service within the DOCSIS® MAC sublayer. When encrypting packet data, only the frame’s packet data is encrypted; the frame’s header is not encrypted. To indicate the proper encryption/decryption key to use, a special Baseline Privacy Extended Header is included in the MAC frame header. This special extended header indicates encryption information related to the current MAC frame. Currently the E6000 CER supports 56-bit DES operating in cipher block chaining (CBC) mode. NOTE: Issue 1.0, 4 Feb 2013 To reduce confusion in MIB tables and the Baseline Privacy Specification, a Security Association ID (SAId) can be thought of as the key ID for a traffic flow. It is just a number and should not be confused with the SID which is the service ID of an upstream service flow. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-2 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Baseline Privacy Operational Overview The operation between the CM and E6000 CER is conducted in three main steps: 1 Registration 2 Initialization 3 Reauthorization and rekeying Each is explained in the sections that follow. Registration At registration, the modem receives operational parameters from the CM’s configuration file. The E6000 CER verifies that these parameters, if present in the CM’s registration request message, are in range. There is one specific message TLV, type 17, which contains the Baseline Privacy operational parameters. The progression of registration is the same for BPI and BPI+, but BPI+ has different requirements. CAUTION BPI operation requires ALL type 17 BPI parameters to exist and be within range for registration to complete and accept the BPI portion of registration. NOTE: Initialization BPI+ is much less restrictive: some, all, or no type 17 parameters need to exist for the BPI portion of registration to complete. For BPI+ registration, any values that are not specifically defined in the configuration file are defaulted to the values defined in the BPI+ Specification, Appendix A, in the Recommended Operational Ranges for BPI Configuration Parameters table. After registration is complete, and Baseline Privacy is enabled, the second operational step of Baseline Privacy initialization begins. It begins by authorizing the CM to use specific flows and is then followed by the transferring of traffic key information for each specific flow. BPI+ performs the same BPKM sequence as BPI with the addition of an initial digital certificate information message which is used in modem authentication. A successful initialization sequence proceeds as follows: 1 Issue 1.0, 4 Feb 2013 The CM authorizes with the E6000 CER through the use of BPKM authorization messages. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-3 PRELIMINARY E6000 CER Release 1.0 2 Reauthorization and Rekeying Issue 1.0, 4 Feb 2013 Baseline Privacy Interface (BPI) • The first message that a CM sends is an authentication information message to the E6000 CER. (BPI+ only) • The second message is the Authorization Request. • The third message is the Authorization Reply from the E6000 CER. The CM is granted traffic keys through the use of Traffic Encryption Key (TEK) BPKM messages. • The first message is the Key Request message. • The second message is the Key Reply message. The third operational step of reauthorization and rekeying is accomplished at predetermined lifetimes using the messages in the respective sequence above. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-4 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Baseline Privacy Setup A MIB browser or CLI command may be used to directly configure BPI parameters. Since there are many different MIB browsers, only the CLI command will be described. This section describes Baseline Privacy basic setup procedures. BPI basic configuration is divided into four main topics: 1 Initial CMTS Base Table Setup 2 Configuration files 3 Multicast 4 Digital certificates NOTE: The CLI commands shown in this chapter that use the NO version are commands that set the respective parameters to their default values when the NO version is entered. Initial CMTS Base Table Setup (UCAM) Use the following command form for a MAC ID: show interface cable-mac <mac-id> cable privacy base Example: show interface cable-mac 1 cable privacy base The following sample output from this command shows the defaults: Cable Privacy Base for cable-mac 1 ---------------------------------------------DefaultAuthLifetime : 604800 DefaultTEKLifetime : 43200 DefaultSelfSignedManufCertTrust : Untrusted CertValidityPeriods : FALSE BPI Mandatory : none docsBpi2CmtsAuthentInfos : 6 AuthRequests : 18 AuthReplies : 18 AuthRejects : 0 AuthInvalids : 0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-5 PRELIMINARY E6000 CER Release 1.0 SAMapRequests SAMapReplies SAMapRejects Default Auth Lifetime Baseline Privacy Interface (BPI) : 0 : 0 : 0 The value of this object is the default lifetime, in seconds, that the E6000 CER assigns to an initial cable modem’s authorization key. Recommended range: Default (per DOCSIS®): 86,400 – 6,048,000 604,800 The default value is acceptable for normal operation. Using less than the minimum recommended value can degrade system performance. (UCAM) Use the following command to configure DefaultAuthLifetime. configure interface cable-mac <cm-id> cable privacy kek life-time <seconds> [no] Example: configure interface cable-mac 1 cable privacy kek life-time 604800 Default TEK Lifetime The value of this object is the default lifetime, in seconds, that the E6000 CER assigns to an initial cable modem’s traffic key (TEK). Recommended range: Default (per DOCSIS®): 1,800 – 604,800 43,200 The default value is acceptable for normal operation. Using less than the minimum recommended value can degrade system performance. CAUTION The TEK lifetime must be more than twice as large as the largest TEK CM grace time to prevent denied CM registration. (UCAM) Use the following command to configure the default TEK lifetime: configure interface cable-mac <cm-id> cable privacy tek life-time <seconds> [no] Example: configure interface cable-mac 1 cable privacy tek life-time 43000 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-6 PRELIMINARY E6000 CER Release 1.0 Default SelfSigned ManufCertTrust (BPI+Certificates) Baseline Privacy Interface (BPI) This object determines the default trust of self-signed manufacturer certificate entries, contained in docsBpi2CmtsCACertTable, created after setting the object. Valid values: Default: trusted | untrusted untrusted CAUTION Self-signed certificates are a security risk. As a general rule, do not trust them. NOTE: Valid self-signed certificates are marked trusted or untrusted depending on this MIB variable. If the default trust value is set to untrusted and CA Certificates are learned, then these CA Certificates are considered untrusted and stored. This is a one-time determination which is never re-evaluated unless the certificate is deleted and relearned. Setting the trust value for default self-signed back to trusted does not automatically change the trust of previously learned selfsigned CA Certificates. To change the trust of previously learned self-signed CA Certificates, you must manually edit the current certificate’s trust state or delete the certificate entry so that the certificate will be relearned. (UCAM) Use the following command to configure the DefaultSelfSignedManufCertTrust: configure interface cable-mac <mac-id> cable privacy default-cert-trust <value> [no] Example: configure interface cable-mac 1 cable privacy default-cert-trust untrusted CheckCertValidityP eriods (BPI+ Certificates) Setting this object to TRUE causes all chained and root certificates in the chain to have their validity periods checked against the current time of day, when the E6000 CER receives an Authorization Request or authentication information from the CM. A FALSE setting causes all certificates in the chain not to have their validity periods checked against the current time of day. Valid values: Default: NOTE: true | false false The respective period checking of certificates and their related chaining is not retroactive. The current checking state is applied only to new incoming certificates and certificate chains. (UCAM) To enable [disable] checking of certificate validity period: configure interface cable-mac <mac-id> cable privacy chk-validity-period [no] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-7 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Example: configure interface cable-mac 1 cable privacy chk-validity-period Baseline Privacy Cable Modem Configuration File Settings Enable/Disable BPI For BPI operation the "COS Privacy Enable" setting (TLV type 4.7) must be set to "1". This activates data traffic encryption on a perflow basis. The setting is a sub tlv of the DOCSIS 1.0 Class of Service Configuration Setting. The default value of "COS Privacy Enable" is "0". 1 = Enable; 0 = Disable. BPI default = 0. A change to this setting takes effect when the modem re-registers. Enable/Disable BPI+ For BPI+ operation the "Privacy Enable" setting (TLV type 29) must be set to "1". This activates data traffic encryption on a per-CM basis. The default value of "Privacy Enable" is 1 or Enabled. The user must explicitly set the value to "0" to disable the feature. 1 = Enable; 0 = Disable. BPI+ default = 1. A change to this setting takes effect when the modem re-registers. Operational Parameters All of the CM's Baseline Privacy configuration values are specified in the configuration file downloaded by the CM during registration or are set to the known default values in BPI+ mode. These values are BP-specific, type 17, configuration parameters. See Table 171 on page 17-9. CAUTION BPI requires ALL type 17 parameters to be present and within range in the CM's configuration file. The modem will be rejected if the defined values are out of range. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-8 PRELIMINARY E6000 CER Release 1.0 NOTE: Baseline Privacy Interface (BPI) BPI+ does not require ANY parameters to be present in the CM's configuration file. BPI+ will choose DOCSIS® defined default values for any parameter not specified in the CM's config file. If a value is specified in the config file, that value will be used if within range. The modem will be rejected if the defined values are out of range. Table 17-1: BPI Type 17 Parameters Required in CM Configuration Files BPI Mode Valid Range in Seconds BPI Suggested Settings BPI+ Default Settings Authorize Wait Timeout BPI and BPI+ 2-30 10 Reauthorize Wait Timeout BPI and BPI+ 2-30 10 BPI only 300-1800 600 BPI+ only 300-3024000 600 Operational Wait Timeout BPI and BPI+ 1-10 10 Rekey Wait Timeout BPI and BPI+ 1-10 10 BPI only 300-1800 600 BPI+ only 300-302399 3600 BPI and BPI+ 10-600 60 SA Map Wait Timeout BPI+ only 1-10 1 SA Map Max Retries BPI+ only 0-10 4 Parameter Name Authorization Grace Time TEK Grace Time Authorization Reject Wait Timeout BPI Initialized State Configuration Settings In normal operation the procedures given above are used before modems register. There are a limited number of BPI configuration values that may be changed after the modem has passed BPI initialization. You may use a MIB browser to modify these values; you can also use CLI commands to modify them from the console. The Authorization and TEK valid lifetimes, as well as the resetting of Authorization and TEK keys, are values that can be changed. Modifying certificates is covered in Provisioning X.509 Certificates on page 17-13. docsBpi2CmtsAuth CmLifetime Issue 1.0, 4 Feb 2013 The value of this object is the lifetime in seconds that the E6000 CER assigns to an authorization key for this CM. The no value of this command sets the value to default: 604800. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-9 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) (UCAM) Use the following command to set the authorization key lifetime: configure interface cable-mac <mac-id> cable privacy kek-cm <cm-mac> life-time <seconds> [no] Example: configure interface cable-mac 1 cable privacy kek-cm 1122.3344.5566 life-time 604800 Where: docsBpi2CmtsAuth CmReset 122.3344.5566 = the CM MAC address 604,800 = the time in seconds (seven days) of the authorization key lifetime. (UCAM) The setting of this object causes the E6000 CER to invalidate the authorization key for this CM: configure interface cable-mac <mac-id> cable privacy kek-cm-reset <cm-mac> send-auth-invalid <value> Example: configure interface cable-mac 1 cable privacy kek-cm-reset 1122.3344.5566 send-auth-invalid docsBpi2CmtsTEKL ifetime (UCAM) The value of this object is the lifetime, in seconds, the E6000 CER assigns to keys for the respective TEK. The no value of this command defaults to 43200. configure interface cable-mac <mac-id> cable privacy tek-said-reset life-time <seconds> [no] Example: configure interface cable-mac 1 cable privacy tek-said 1234 life-time 43000 docsBpi2CmtsTEK Reset (UCAM) The setting of this object causes the E6000 CER to invalidate the TEK for this SAId: configure interface cable-mac <mac-id> cable privacy tek-said-reset <SAId> Example: configure interface cable-mac 1 cable privacy tek-said-reset 1234 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-10 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Digital Certificates (BPI+ Only) In normal operation, configuration of certificates is not required. In cases requiring removal of certificates, change of trust status, addition of new certificates, etc., the respective Baseline Privacy certificate MIB table entries must be added, deleted, or modified. For BPI+ to authenticate cable modems, the DOCSIS® (or EuroDOCSIS) Root Certificate must already be provisioned in the in the docsBpi2CmtsCACertTable. The E6000 CER loads these certificates at power-up. If a CA certificate is not present or there is a new DOCSIS Root Certificate to add, then it must be manually added. This certificate may be added through a MIB browser, BPI-related CLI commands, or through BPI import and export commands. The BPI CLI commands allow certificates to be added individually from the E6000 CER command line. The import and export commands allows one to many certificates to be added. Both the CM and CA certificate database can be provisioned through the BPI CLI and through import and export commands. Provisioning BPI X.509 Certificates Using Import/Export Commands Importing Certificate Authority (CA) Certificates Use this procedure to import provisioned CA certificates entries for the docsBpi2CmtsCACertEntry MIB table. The imported file may be an ASCII file (containing previously exported provisioned CA certificate(s), or a DER-encoded binary (usually *.der) certificate file. 1 To the /system/certs directory on the E6000 CER flash disk upload the ASCII file(s) containing exported docsBpi2CmtsCACertEntrys in ASCII mode, or DER encoded certificate file(s) in binary mode. 2 Copy the certificates to the E6000 CER internal database by issuing the following CLI command: copy <path/filename> cacert-config Where: <path/filename> is the path and file name of the ASCII certificate file, or the DER-encoded binary certificate file. The CA certificate is read out of <path/filename> and provisioned to the MIB table docsBpi2CmtsCACertEntry. (Example) To read the certificate(s) in the file /system/certs/cacerts.txt on the E6000 CER flash disk and save it in the docsBpi2CmtsCACertEntry MIB table, use the following command: copy /system/certs/cacerts.txt cacert-config Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-11 PRELIMINARY E6000 CER Release 1.0 Exporting Certificate Authority (CA) Certificates Baseline Privacy Interface (BPI) Use this procedure to export provisioned CA certificates entries from the docsBpi2CmtsCACertEntry MIB table. The exported file contains all the certificates in this table in ASCII format. 1 Copy the CA certificates to the certs directory on the E6000 CER flash disk by issuing the following CLI command: copy cacert-config <path/filename> <path/filename>: is the path and file name of the backup certificate(s) file to be stored. CA certificate entries are stored in ASCII just as they appear in the MIB. (Example) To copy the CA Certificate(s) in the docsBpi2CmtsCACertEntry MIB table to an ASCII file named cacerts.txt in the certs directory on the E6000 CER flash disk, use the following command: copy /system/certs/cacerts.txt Importing Provisioned Cable Modem (CM) Certificates Use this procedure to import provisioned CM certificates entries for the docsBpi2CmtsProvisionedCmCertEntry MIB table. The imported file may be an ASCII file containing previously exported provisioned CM certificate(s), or a DER-encoded binary certificate file (usually *.der). 1 Enter the certs directory on the E6000 CER flash disk. 2 To the /system/certs directory on the E6000 CER flash disk upload the ASCII file(s) containing the exported certificates from the docsBpi2CmtsProvisionedCmCert entries in ASCII mode, or DER encoded certificate file(s) in binary mode. 3 Copy the certificates to the E6000 CER internal database by issuing the following CLI command: copy <path/filename> provcmcert-config Where: <path/filename>: is the path and file name of the ASCII certificate file, or the DER-encoded binary certificate file. The CM certificate is read out of <path/filename> and provisioned into the MIB table docsBpi2CmtsProvisionedCmCertEntry. (Example) To read the certificate(s) in the file /system/certs/cmcerts.txt on the E6000 CER flash disk and save it in the docsBpi2CmtsProvisionedCmCertEntry MIB table, use the following command: copy /system/certs/cmcerts.txt provcmcert-config Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-12 PRELIMINARY E6000 CER Release 1.0 Exporting Provisioned Cable Modem (CM) Certificates Baseline Privacy Interface (BPI) Use this procedure to export provisioned CM certificates entries from the docsBpi2CmtsProvisionedCmCertEntry MIB table. The exported file contains all the certificates in this table in ASCII format. 1 Copy the CM certificates to the certs directory on the E6000 CER flash disk by issuing the following CLI command: copy provcmcert-config <path/filename> Where: <path/filename> = the path and file name of the ASCII certificate file to be stored. CM certificate entries are stored in ASCII just as they appear in the MIB. (Example) To copy the CM Certificate(s) in the docsBpi2CmtsProvisionedCmCertEntry MIB table to an ASCII file named cmcerts.txt in the certs directory on the E6000 CER flash disk, use the following command: copy provcmcert-config /system/certs/cmcerts.txt NOTE: All CM certificates are provisioned with a default trust value of trusted. An operator may choose to change this value via a MIB browser or CLI command. If an authorization request is received and a CM Certificate identical to the CM certificate received from the CM has been provisioned for that MAC address, the E6000 CER disregards the CM certificate provided in the auth request and use the trust value associated with the provisioned CM certificate for validation. Provisioning X.509 Certificates CA Certificates To install certificates in the CA certificate MIB table: configure cable privacy add-certificate manufacturer <LINE Hex-data> (Example) To add a manufacturer certificate to the CA certificate MIB table: configure cable privacy add-certificate manufacturer 308203da 308202c2 a0030201 02021045 529c2654 797e1623 c6e72318 0a9e9c30 0d06092a 864886f7 0d010105 05003081 97310b30 09060355 04061302 55533139 • • • 03f49678 943c7153 82f6f168 123dd439 fd7221d1 c76414d7 7218c479 34be7cc1 51821b88 fcc717d7 9ea522c9 93c239e5 e3130528 8e5d0946 dc378ffc 1234 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-13 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) To remove certificates in the CA certificate MIB table: configure cable privacy no add-certificate manufacturer <LINE Hex-data> (Example) To remove a manufacturer certificate from the CA certificate MIB table, use one of the following commands: configure cable privacy add-certificate manufacturer no index <index number> Or: configure cable privacy no add-certificate manufacturer 308203da 308202c2 a0030201 02021045 529c2654 797e1623 c6e72318 0a9e9c30 0d06092a 864886f7 0d010105 05003081 97310b30 09060355 04061302 55533139 • • • 03f49678 943c7153 82f6f168 123dd439 fd7221d1 c76414d7 7218c479 34be7cc1 51821b88 fcc717d7 9ea522c9 93c239e5 e3130528 8e5d0946 dc378ffc 1234 To Review or Confirm CA Certificates To display certificates in the CA certificate MIB table: show cable privacy {manufacturer-cert-list | root-cert-list | ca-certificates} (Example) To display the list of root CA certificates: show cable privacy root-cert-list (Example) To display the list of manufacturer CA certificates: show cable privacy manufacturer-cert-list (Example) To display all CA certificates: show cable privacy ca-certificates Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-14 PRELIMINARY E6000 CER Release 1.0 CM Certificates: Baseline Privacy Interface (BPI) Provisioning CM certificates is similar to CA certificate provisioning except, the CM certificates are stored in a different MIB table, docsBpi2CmtsProvisionedCmCertTable, and there is an additional parameter, the MAC address. The examples above for CA certificates can be used with the addition of the MAC address parameter. To provision CM certificates: configure cable privacy add-certificate cm <mac> <LINE Hex-data> (Example) To add a CM certificate: configure cable privacy add-certificate cm 1111.2222.3333.4444 <RETURN> 308203da 308202c2 a0030201 02021045 529c2654 797e1623 c6e72318 0a9e9c30 0d06092a 864886f7 0d010105 05003081 97310b30 09060355 04061302 55533139 • • • 03f49678 943c7153 82f6f168 123dd439 fd7221d1 c76414d7 7218c479 34be7cc1 51821b88 fcc717d7 9ea522c9 93c239e5 e3130528 8e5d0946 dc378ffc 1234 To remove CM certificates: configure cable privacy no add-certificate cm <mac> <LINE Hex-data> (Example) To remove a cm certificate: configure cable privacy no add-certificate cm 1111.2222.3333.4444 <RETURN> 308203da 308202c2 a0030201 02021045 529c2654 797e1623 c6e72318 0a9e9c30 0d06092a 864886f7 0d010105 05003081 97310b30 09060355 04061302 55533139 • • • 03f49678 943c7153 82f6f168 123dd439 fd7221d1 c76414d7 7218c479 34be7cc1 51821b88 fcc717d7 9ea522c9 93c239e5 e3130528 8e5d0946 dc378ffc 1234 (Example) To display the list of provisioned CM certificates: show cable privacy cm-certificates Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-15 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Baseline Privacy Debugging This section describes the debugging sequence for Baseline Privacy on the CER. Registration Debugging 1 Registration debugging 2 Initialization state debugging 3 Baseline Privacy MIB debugging 4 Privileged Mode CLI debugging (requires ARRIS Tech Support). The first step in Initial Baseline Privacy debugging is to determine if the modem has completed registration. Modems will not perform BP operations unless they are registered. This is determined through the command show cable modem. The output from this command shows the registration state of the CM. If the modem is not registered, check the BP config files, making sure the BP section conforms to the setup procedures in the BP setup section. Also, check the log output on the E6000 CER for BP warning messages for the specific CM indicating BP configuration problems. Any registration issues must be corrected before further BP debugging. CER# show cable modem cable-mac 1 Jun 4 14:33:40 Interface DOC (DS-US) Mac Bonded State SIS Qos CPE MAC address IP Address S/C/P-S/CG/P ------------- ----- ------ ----------- --- ------------- --- --------------- ----------------------12/0/0-5/0/0 1 4x4 Operational 3.0 0/0 0 0015.cfb4.6128 10.126.30.254 12/1/0-5/1/0 1 4x4 Operational 3.0 0/0 0 0010.1880.0be9 10.126.31.252 12/1/1-5/1/1 1 4x4 Operational 3.0 0/0 0 0015.cf1f.d3f8 10.126.31.253 12/2/0-5/2/0 1 Operational 2.0 0/0 0 0000.ca45.1d3b 10.126.29.255 12/2/1-5/2/1 1 Operational 2.0 0/0 0 0000.ca45.1e79 10.126.30.253 12/3/0-5/3/0 1 4x4 Operational 3.0 0/0 0 0015.cf1f.fa68 10.126.30.255 12/3/1-5/3/1 1 3x1 Operational 2.0 0/0 0 001b.2f8c.351a 10.126.31.254 Total Oper Disable Init Offline --------------------------------------------------------Found 7 7 0 0 0 Explanation of the QoS Parameter Issue 1.0, 4 Feb 2013 The QoS column in the show cable modem output contains the following information: • If the modem registers with a DOCSIS 1.0 modem configuration file, this column indicates which QoS profile the modem is using. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-16 PRELIMINARY E6000 CER Release 1.0 • If the modem registers with a DOCSIS 1.1 or later configuration file, the QoS column indicates the upstream/downstream sums of the tmax values (maximum sustained traffic rate) of the flows. The units are in kilobits per second (Kbps). • For DOCSIS 1.1 or later modems, the tmax values consist of all active, admitted, and provisioned service flows. The show cable modem detail displays the SF state name for each SFID. • The tmax value includes UGSAD, RTP, NRTP, and Best Effort. Best Effort is the default value for the scheduling type. - Initialization State Debugging Baseline Privacy Interface (BPI) UGS flows are not currently included in the tmax sum. At this point, modem registration should have been successful. The next check is for determining the state of BPI initialization. For example, if after successful registration, there is still a BPI issue with modem IP 10.139.30.239 further BPI details can be obtained by issuing the show cable modem detail command. Sample output: CER# show cable modem detail 0015.cfb4.6128 Jan 3 09:42:28 5/0/0-8/0/1 CM 0015.d002.e5a3 (Arris) D3.0 State=Operational D1.1/atdma PrimSID=8202 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1 RCP_ID= 0x0010000005 RCC_Stat= 7, RCS=0x01000005 TCS=0x01000001 Timing Offset=1204 Rec Power= 0.00 dBmV Proto-Throttle=Normal dsPartialServMask=0x00000000 usPartialServMask=0x00000000 Uptime= 0 days 0:00:47 IPv4=44.68.1.3 cfg=bigfile3.bin LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Ready Ver=BPI Plus Authorized DES56 Primary SAId=8202 Seq=1 MDF Capability= GMAC Promiscuous(2) MDF Mode= MDF Enabled(1) u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports uB 45 8202 Activ BE 0 1000000 0 0 0 0 8/0/0-3 dB 46 23 Activ 0 10000000 6 2047 0 0 5/0/0,5-7 uB 47 8203 Activ BE 0 1000000 0 0 0 0 8/0/0-3 dB 48 24 Activ 0 10000000 0 0 0 0 5/0/0,5-7 L2VPN per CM: (Disabled) Current CPE=0, IPv4 Addr=0, IPv6 Addr=0 Max CPE=1, IPv4 Addr=32, IPv6 Addr=64 The privacy line that is highlighted above indicates that BPI initialization is complete. Each section of the privacy line indicates a state the CM has completed, failed, or not completed. There are three states Baseline Privacy may be in: • Disabled — The config file has instructed the E6000 CER to disable privacy for this modem. • Initialized — The modem is registering BPI configuration data. Privacy mode is not known. • Ready — The modem’s BPI feature is running. The modem must be in the “Ready” state for the remaining data in the privacy information line to be valid or meaningful. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-17 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) There are three values assigned to BPI Version: • BPI — The CM E6000 CER negotiated version of Baseline Privacy is BPI mode • BPI Plus — The CM E6000 CER negotiated version of Baseline Privacy is BPI Plus mode. • XXXX — Baseline Privacy mode could not be determined but privacy is enabled. Modem authorization has two states: • Authorized — The CM has been authorized to use resources on this cable access module. • Unauthorized — The CM has been denied access to resources on this cable access module. Primary traffic key — If the SAId and Sequence have values, then the traffic key for the primary SAId has been granted traffic keys. If all fields in the privacy line have been filled in with valid values, the modem should be BPI-enabled and capable of passing data. If the modem is unauthorized, or the Primary SAId has an invalid value (Primary SAId: XXXX Seq: XX), then proceed to the BPI MIB debugging section. Baseline Privacy MIB Debugging At this point the modem should be registered and have completed some portion of Baseline Privacy initialization. Steady state CM information may be collected using a MIB browser or respective BPI CLI commands to check the appropriate MIB entries for any failures that may have occurred. For issues related to denied authorization, check the docsBpi2CmtsAuthEntry and look at the reject error string for the respective modem. For issues related to traffic keys (TEKs), check the docsBpi2CmtsTekEntry and look at the reject error string for the respective modem’s SAId (Key Id). (UCAM) Use the following command to display privacy authorization for a given cable-mac group registered on a UCAM: show interface cable-mac <mac-id> cable privacy authorization <mac> (UCAM) Use the following command to display privacy traffic key (TEK) for a given cable-mac group registered on a UCAM: show interface cable-mac <mac-id> cable privacy tek <SAId> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-18 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Baseline Privacy Trap Codes Table 17-2 on page-17-19 lists the Baseline Privacy traps furnished by the E6000 CER and the recommended user action for each one. See Chapter 17, Baseline Privacy Interface (BPI), for more information. For information on enabling or disabling traps, see Simple Network Management Protocol Management Station on page 39-25. Table 17-2: Baseline Privacy Trap Codes Trap Code ANM_DOCSIS_B101_0 Name Process CM Registration Missing Baseline Privacy Configuration Setting TLV Problem: May occur only when registering modems in BPI mode, not BPI+ mode. The BPI specification requires ALL BPI parameters to be defined in the BPI configuration file sent to the CM during registration. One or more values have not been defined in the CM’s config file. Action: ANM_DOCSIS_B102_0 Correct CM’s config file by defining ALL BPI parameters. Re-register the modem. Invalid Baseline Privacy Configuration Setting value. CM Registration Problem: During registration, one or more BPI configuration values has been determined to be out of range. The trap will only display the FIRST value detected out of range. Correct CM’s config file by verifying ALL BPI parameters are within operating ranges. Re-register the modem. Action: Two of the configuration value valid ranges depend on global BPI card settings. TEK grace time MUST be LESS THAN one half the BPI base table TEK lifetime. Authorization grace time MUST be LESS THAN one half the BPI base table Authorization lifetime. Note: ANM_DOCSIS_B301_2 Auth Reject – No information Problem: CM Authorization The respective modem’s authorization request has been rejected. The internal E6000 CER reason for the reject will be displayed in the modem’s respective auth reject error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-19 PRELIMINARY E6000 CER Release 1.0 Trap Code ANM_DOCSIS_B301_3 Baseline Privacy Interface (BPI) Name Auth Reject – Unauthorized CM Process CM Authorization The respective modem’s authorization request has been rejected. The modem cannot be validated and is therefore unauthorized. Problem: The internal E6000 CER reason for the reject will be displayed in the modem’s respective auth reject error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: ANM_DOCSIS_B301_4 Auth Reject – Unauthorized SAId CM Authorization The respective modem’s authorization request has been rejected. The modem is indicating its authorization for a flow it has not been authorized for. Problem: Action: ANM_DOCSIS_B301_8 There is no corrective action that can be taken. Auth Reject — Permanent authorization failure CM Authorization The respective modem’s authorization request has been permanently rejected. The modem is not to continue or retry authorization. Problem: The internal E6000 CER reason for the reject will be displayed in the modem’s respective auth reject error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: ANM_DOCSIS_B301_9 Auth Reject — Time of day not acquired CM Authorization The time of day is needed to check the validity period of the digital certificates. If there is no TOD server or the E6000 CER has cannot collect the time of day, the certificate validity period cannot be tested and this failure will result. Problem: Make sure the a TOD server is connected, and the E6000 CER is configured to see the server on the network. Reboot the modem. Action: ANM_DOCSIS_B302_2 Auth Invalid — No information Problem: CM Authorization The respective modem’s authorization is not currently valid. The internal E6000 CER reason for the reject will be displayed in the modem’s respective auth invalid error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-20 PRELIMINARY E6000 CER Release 1.0 Trap Code ANM_DOCSIS_B302_3 Baseline Privacy Interface (BPI) Name Process CM Authorization Auth Invalid — Unauthorized CM Problem: The respective modem’s authorization is not currently valid. The internal E6000 CER reason for the reject will be displayed in the modem’s respective auth invalid error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: ANM_DOCSIS_B302_5 CM Authorization Auth Invalid — Unsolicited The respective modem’s invalid authorization has been detected but not through the modem’s request/reply mechanism. For example, forced invalid though an authorization MIB setting. Problem: To clear the setting, reboot the modem or force a modem reauthorization through the authorization MIB. Action: ANM_DOCSIS_B302_6 CM Authorization Auth Invalid — Invalid key sequence number The authorization key sequence number included in the TEK request did not match the list of valid current authorization keys for the respective modem. Problem: Action: ANM_DOCSIS_B302_7 There is no corrective action that can be taken. The system itself will recover the error. Problem: Action: ANM_DOCSIS_B303_0 CM Authorization Auth Invalid — Message authentication Failure The message authentication field (HMAC) in the TEK request was not valid. There is no corrective action that can be taken. The system will recover the error itself. Unsupported crypto suite Problem: CM Authorization There are encryption algorithms that the CM can support that the E6000 CER does not. There is no corrective action that can be taken. As long as the CM and E6000 CER support at least one common algorithm, the system will operate properly. If the Devices in the system are certified, this will not be an issue. Action: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-21 PRELIMINARY E6000 CER Release 1.0 Trap Code ANM_DOCSIS_B501_2 Baseline Privacy Interface (BPI) Name Process Traffic encryption key (TEK) exchange Key Reject — No information Problem: The respective modem’s key request has been rejected for an unspecified reason. The internal E6000 CER reason for the reject will be displayed in the modem’s respective TEK reject error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: ANM_DOCSIS_B501_3 Key Reject — Unauthorized SAId TEK exchange This trap indicates that the respective modem’s authorization request has been rejected. The modem has requested keying information for a flow it has not been authorized for. Problem: The internal E6000 CER reason for the reject will be displayed in the modem’s respective TEK reject error string MIB table entry. If the reason can be corrected, fix and reboot the modem. Action: ANM_DOCSIS_B502_3 TEK Invalid — No information. Problem: Action: ANM_DOCSIS_B502_6 TEK exchange The modem’s traffic key is now invalid. There is no corrective action that can be taken. The system will recover the error. TEK Invalid — Invalid key sequence number TEK exchange This trap indicates that a packet was received from the respective modem which has an key sequence value out of the range of valid traffic keys. Problem: Action: Issue 1.0, 4 Feb 2013 There is no corrective action that can be taken. The system will recover the error. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-22 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) Baseline Privacy: CLI Commands Configure Cable Command configure cable privacy ? add-certificate ca-cert-trust cm-cert-trust - Adds a manufacturer or root CA certificate or Cable Modem certificate - Configure CA certificate's trust state - Configure cable modem certificate trust state configure cable privacy add-certificate ? cm manufacturer root - Configure Cable Modem certificate - Configure manufacturer CA certificate hit <cr> to begin certificate entry, <cr><cr> to terminate certificate entry - Configure root CA certificate hit <cr> to begin certificate entry, <cr><cr> to terminate certificate entry configure cable privacy add-certificate cm ? WORD - MAC address of the cable modem hit <cr> to begin certificate entry, <cr><cr> to terminate certificate entry configure cable privacy add-certificate manufacturer ? LINE - Hex-data for the CA certificate Use multiple lines as needed, <cr><cr> terminates certificate entry. configure cable privacy add-certificate root ? LINE - Hex-data for the CA certificate hit <cr> to begin certificate entry, <cr><cr> to terminate certificate entry configure cable privacy ca-cert-trust ? <1-150> - CA certificate index configure cable privacy ca-cert-trust 1 ? chained root Issue 1.0, 4 Feb 2013 - CA certificates trust state is chained - CA certificates trust state is root © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-23 PRELIMINARY E6000 CER Release 1.0 trusted untrusted Baseline Privacy Interface (BPI) - CA certificates trust state is trusted - CA certificates trust state is untrusted configure cable privacy cm-cert-trust ? WORD - MAC address configure cable privacy cm-cert-trust 12.12.12.12 ? trusted untrusted Show Cable Command - Cable modem certificate trust state is trusted - Cable modem certificate trust state is untrusted show cable privacy ? ca-certificates cm-certificates manufacturer-cert-list root-cert-list | - Displays manufacturer/root CA certificate list Displays Cable Modem certificate list Displays manufacturer CA certificate list Displays root CA certificate list Output modifiers show interface cable-mac 1 cable privacy ? authorization base tek Issue 1.0, 4 Feb 2013 - Authorization information for a cable modem - Default channel parameters - Traffic Encription Key information for SAId © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-24 PRELIMINARY E6000 CER Release 1.0 Configure Interface Cablemac Baseline Privacy Interface (BPI) The following command is useful when configuring BPI: CER# configure interface cable-mac 1 cable privacy ? chk-validity-period default-cert-trust kek kek-cm kek-cm-reset mandatory tek tek-said tek-said-reset - Perform validity period checking for new certificates Configure Self-signed CA certificate default trust state Key Encryption Key default setting for new cable modems Key Encryption Key setting for specific cable modem Invalidates the authorization for a specific cable modem Set minimum level of BPI operation in order to allow a cable modem to register to bpi Traffic Encryption Key default setting for SAId Traffic Encryption Key setting for a specific SAId Resets the TEK(s) associated with the specified SAId Use the following command to confirm your work: CER# show interface cable-mac 1 cable privacy ? authorization base tek Issue 1.0, 4 Feb 2013 - Authorization information for a cable modem - Default channel parameters - Traffic Encryption Key information for SAId © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-25 PRELIMINARY E6000 CER Release 1.0 Baseline Privacy Interface (BPI) BPI+ Enforce This feature enables operators using the E6000 CER to enforce a minimum required level of Baseline Privacy Interface (BPI) encryption when cable modems are registering. It does not enhance the BPI+ standard, it defines what level of BPI functionality a modem must have before the E6000 CER will permit it to register. The operator can choose one of three minimum levels of required Baseline Privacy: • BPI+ • BPI • none If the minimum required Baseline Privacy level is set to BPI+ then only modems that complete BPI+ authorization are allowed to register. If the minimum required level is set to BPI, then modems that complete BPI or BPI+ authorization are allowed to register. If the level is set to none, then there is no minimum requirement: modems of any level of Baseline Privacy (BPI+, BPI, or no encryption at all) are allowed to register. Modems that fail to achieve BPI authorization when it is mandatory are placed in the Denied state. If minimum BPI level of chassis …Then CMs that complete the following is set to … authorization are allowed to register: none any BPI BPI or BPI+ BPI+ BPI+ One benefit of this feature, if BPI+ is chosen as the minimum required level, is the prevention of at least one kind of theft of service. By setting the minimum required Baseline Privacy level to BPI+, modems are prevented from registering with cloned MAC addresses. This is done by authenticating the modem before it is allowed to become operational. NOTE: Issue 1.0, 4 Feb 2013 If BPI+ CM configuration is required, then no DOCSIS 1.0 modems will be allowed to register because they are incapable of BPI+. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-26 E6000 CER Release 1.0 PRELIMINARY Baseline Privacy Interface (BPI) CLI Commands BPI+ Required To set the minimum required BPI+ enforcement to BPI+ use the following commands: configure interface cable-mac <mac> cable privacy mandatory bpi-plus BPI or BPI+ Required To set the minimum required Baseline Privacy level to BPI use the following commands on UCAMs: No BPI Encryption Required To disable BPI+ Enforce (neither BPI+ nor BPI required) use the following command: Show Commands To display the current Baseline Privacy configuration use the following command: configure interface cable-mac <mac> cable privacy mandatory <bpi-plus> configure interface cable-mac <mac> no cable privacy mandatory show interface cable-mac <mac>cable privacy base The following sample outputs are taken from UCAMs: show interface cable-mac 2 cable privacy base Cable Privacy Base for cable-mac 2 ---------------------------------------------DefaultAuthLifetime DefaultTEKLifetime DefaultSelfSignedManufCertTrust CertValidityPeriods BPI Mandatory docsBpi2CmtsAuthentInfos AuthRequests AuthReplies AuthRejects AuthInvalids SAMapRequests SAMapReplies SAMapRejects Issue 1.0, 4 Feb 2013 : : : : : : : : : : : : : 604800 43200 Untrusted FALSE bpi 0 0 0 0 0 0 0 0 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 17-27 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Baseline Privacy Interface (BPI) PRELIMINARY 17-28 PRELIMINARY E6000 CER Release 1.0 18 Issue 1.0, 4 Feb 2013 DOCSIS Set-top Gateway Configuration DOCSIS Set-top Gateway Configuration Overview 2 DSG Support for DOCSIS 3.0 5 DSG Configuration Overview 9 DSG Configuration 13 Sample DSG Configuration Scenarios 25 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-1 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Overview Many Multiple System Operators (MSOs) are using DOCSIS to transport Digital Video Out-of-Band (OOB) data, including Conditional Access, Service Information, Electronic Program Guide, Emergency Alert System, and more. In the DSG Architecture OOB data is transported from the DSG servers within the MSO’s Set-top Controllers through the DSG Agents residing on the CERs, to the DSG Clients within Set-top Devices. Set-top Controller DSG Server CER IP Backbone DSG Channel DSG Agent Figure 18-1: Logical Devices in a DSG System This OOB data traverses the DSG Agent on the E6000 CER by means of a DSG Tunnel — a non-encapsulated, rate-limited data flow that is MAC multi-casted on one or more DOCSIS downstream channels. Because it is non-encapsulated, it is not a tunnel in the traditional form. The DSG Agent is responsible for forwarding IP datagrams that make up a DSG tunnel, rate limiting or shaping the DSG Tunnel, and sending DSG Tunnel advertisements (as DCD messages) at a rate of least one per second. Due to the multicast nature of the DSG tunnel traffic, multicast routing protocols such as PIM-SSM and IGMPv3 are used by the DSG agent to subscribe to the multicast groups containing the OOB data. DSIDs are included with each IP datagram to allow the DOCSIS 3.0 eCMs to do Multicast DSID Forwarding (MDF). When MDF is enabled, the DSG agent provides the mapping of the multicast destination MAC address to the DSID in a DA-to-DSID TLV included in the MAC Domain Descriptor. DSG and Advanced DSG Two modes of DSG have been defined — Basic and Advanced. The primary difference between the two modes is the use of the DSG Downstream Channel Descriptor (DCD) message. Basic mode requires that the DSG Agent create and forward data over DSG Tunnels with “well-known” DSG Tunnel MAC addresses. The DSG Set-top Gateways are configured to listen for packets with the well-known destination MAC address. In Advanced mode, the DSG Agent broadcasts a table with entries for each tunnel on the downstream. The DSG Set-top Gateway uses a multi-format Client ID to search the table for information about the tunnels to which it needs to listen. One of the possible formats of this Client ID is a well-known MAC address for compatibility with BASIC DSG Set-top Gateways. The DSG protocol does not require a two-way cable plant; therefore, it does not require the DSG Set-top embedded cable modem (eCM) to perform DOCSIS registration if the client application does not need two-way service. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-2 E6000 CER Release 1.0 Definitions PRELIMINARY DOCSIS Set-top Gateway Configuration Conditional Access Entity — The decision-making entity within a DOCSIS Set-top Gateway that parses the DCD message and determines what tunnels must be connected to the DSG Client. Conditional Access (CA) — A technology used to control access to digital television (DTV) services for authorized users by encrypting the transmitted programming. CA has been used for years for pay-TV services. There are many ATSC and DVB-compliant CA systems from which a broadcaster can choose. The CA system provider provides the equipment and software to the broadcaster, who then integrates the CA system into his equipment. CA is not designed solely for DTV. It can be used for digital radio broadcasts, digital data broadcasts, and non-broadcast information and interactive services. DCD — Downstream Channel Descriptor. DSG Address Table — The collection of DSG Rules and DSG Classifiers contained within the DCD message. The DSG Client uses its DSG Client ID as an index into the DSG Address Table to determine what DSG tunnel Address to receive. DSG Advanced Mode — DSG operation that uses the DCD message. Address assignment is dynamic. The DSG tunnel Address is determined by the DSG Agent and learned by the DSG Client through the DSG Address Table in the DCD message. DSG Agent — The implementation of the DSG protocol within the CER. The DSG Agent creates the DSG tunnel, places content from the DSG Server into the DSG tunnel, and sends the content over the DSG tunnel to the DSG Client. DSG Basic Mode — DSG operation without use of the DCD message. Set-top Gateways listen for packets with well-known MAC addresses. DSG Client — The destinations for the tunnel data within a DOCSIS Set-top Gateway. DSG Client ID — An identifier that uniquely identifies a DSG Client. The DSG Client ID is unique per DSG Client, but is not unique per Set-top Device as the same DSG Client which provides the same function may exist in multiple Set-top Devices. In DSG Basic Mode, the DSG Client ID is a six-byte MAC address. In DSG Advanced Mode, the DSG Client ID may additionally be a two-byte Application ID, a two-byte CA_system_ID, or a broadcast ID. The broadcast ID can be zero bytes for an unspecified broadcast stream or two bytes to indicate the type of broadcast stream. DSG eCM — The embedded cable modem (with modified initialization sequence, etc.) contained within a DOCSIS Set-top Gateway. DSG Server — Any server such as an Application Server or other network attached device that provides content that is transported through the DSG tunnel to the DSG Client. DSG Tunnel — A stream of packets sent from the DSG Agent in a E6000 CER to the DSG Client in a Set-top Device. A DSG tunnel is identified solely by its DSG tunnel Address (destination MAC address). All of the packets of a given DSG tunnel use the same DSG tunnel address. Different DSG tunnels use different addresses. DSG Tunnel Address — The destination MAC address of the DSG tunnel. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-3 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Organization Unique Identifier — The first three octets of a MAC address. They are assigned to vendors by the IEEE. Out-of-Band Messaging — The control and information messages sent from the Set-top Controller (or Application Server or similar device for legacy OOB messaging) to one or more Set-top Devices. Specifically, OOB infers the use of a dedicated channel for signaling which is separate from the video channels. This includes the following types of messages: • Conditional Access (CA) messages including entitlements • Service Information (SI) messages • Electronic Program Guide (EPG) messages • Emergency Alert System (EAS) messages • Other generic messages STB — Set-Top Box. Well-Known MAC Address — The MAC address of the DSG Client within the Set-top Device. This MAC address has been assigned by the manufacturer of the CableCARD or Conditional Access system within the Set-top Device, and has been made known to the MSO for use in configuring the DSG Agent. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-4 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration DSG Support for DOCSIS 3.0 DSG 3.0 Operational Considerations MSOs using DSG with DOCSIS 3.0 should be aware of the following: • There is no change to the configuration of DSG tunnels, classifiers, and tunnel groups • There is no change to the configuration of DSG forwarding • DSG 3.0 is enabled by enabling MDF on each desired cable-mac and by setting DSG mode to support DOCSIS 3.0 • DSG 3.0 is disabled by disabling MDF on the cable-macs or by setting the DSG mode to DOCSIS 2.0 • DSG 2.0 STBs on a given cable-mac continue to operate in 2.0 mode even when DSG 3.0 is enabled on the cable-mac. NOTES: The use of DSG classifiers configured for unicast Destination IPs is not supported. There is no official protocol or specification called DSG 3.0: the term is used here to mean DSG functionality with support for DOCSIS 3.0. Procedure 18-1: Enabling Multicast DSID-based Forwarding (MDF) and DSG Support for DOCSIS 3.0 DSG 3.0 requires MDF to be enabled. MDF should be enabled for each MAC domain (cable-mac) that will use DSG 3.0. MDF is disabled by default. 1 Shut down the desired cable-mac: configure interface cable-mac <mac> shutdown 2 Enable MDF: configure interface cable-mac <mac> cable mcast-fwd-by-dsid 3 Enable support on the desired cable-mac for DOCSIS 3.0: configure interface cable-mac <mac> cable dsg mode 30DOCSIS_SUPPORT Repeat the command above as needed for other cable-macs that should support DOCSIS 3.0. Note: to disable DSG support for DOCSIS 3.0 (return to DOCSIS 2.0) enter the following command: configure interface cable-mac <mac> cable dsg mode 20DOCSIS_SUPPORT 4 Restore the cable-mac to service: configure interface cable-mac <mac> shutdown no — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-5 PRELIMINARY E6000 CER Release 1.0 Determining DSID to Tunnel Associations DOCSIS Set-top Gateway Configuration The two commands below are useful for determining the association of DSIDs to DSG tunnels: show interface cable-downstream <slot>/<connector>/<port> mdd [raw] show interface cable-downstream <slot>/<connector>/<port> cable dsg dcd The following example is a partial command output that shows tunnel destination MAC to DSID associations: CER# show interface cable-downstream 12//0 mdd MDD DSG DSID: MDD DSG DSID: MDD DSG DSID: MDD DSG DSID: MDD DSG DSID: MDD DSG DSID: DA MAC: 0100.0000.0020 0x000001 DA MAC: 0100.0000.0040 0x000002 DA MAC: 0100.5e34.0081 0x000003 DA MAC: 0100.5e34.0085 0x000004 DA MAC: 0100.5e35.0017 0x000005 DA MAC: 0100.5e35.007b 0x000006 The following command can be used to display the tunnel’s destination MAC address in the DSG Downstream Channel Descriptor (DCD) message: CER# show interface cable-downstream 12//0 cable dsg dcd DCD for DChannel 12//0 DCD Fragment Rate: 900ms DCD Fragment 1 of 1; Cfg change count: 30 DSG Configuration Timers (sec) Initialization (Tdsg1): 2 Operation (Tdsg2): 150 Two-Way Retry (Tdsg3): 10 One-Way Retry (Tdsg4): 150 Rule Id: 1 Priority: 1 Client Ids Broadcast: 2 (SCTE-18) Tunnel Address: 0100.0000.0020 Rule Id: 2 Priority: 1 Client Ids Broadcast: 5 Tunnel Address: 0100.0000.0040 Rule Id: 3 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-6 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Priority: 1 Client Ids CA System Id: 1792 Tunnel Address: 0100.5e34.0081 Rule Id: 4 Priority: 1 Client Ids CA System Id: 1793 Tunnel Address: 0100.5e34.0085 Rule Id: 5 Priority: 1 Client Ids Application Id: 5000 Tunnel Address: 0100.5e35.0017 Rule Id: 6 Priority: 1 Client Ids Application Id: 5001 Tunnel Address: 0100.5e35.007b Below is an example of the output of the show cable modem detail command for two modems. The highlighted text shows that the first modem is DOCSIS 2.0: MDF mode and capability are set to N/A (Not Applicable). The second modem is DOCSIS 3.0: MDF is enabled for it. NOTE: Issue 1.0, 4 Feb 2013 MDF must be enabled if the device is going to use DSG with support for DOCSIS 3.0. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-7 E6000 CER Release 1.0 PRELIMINARY DOCSIS Set-top Gateway Configuration 1Dec 4 13:22:26 12/0/1-1/0/2 CM 0015.96dd.e98a (Arris) D2.0 State=Operational D1.1/atdma PrimSID=2 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1, RCS=0x00000002 TCS=0x00000003 Timing Offset=1217 Rec Power= 0.25 dBmV Proto-Throttle=Normal Uptime= 0 days 17:12:07 IPv4=10.132.20.139 cfg=basic_11.bin LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Disabled MDF Capability= N/A MDF Mode= N/A u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports u 29 2 Activ BE 0 0 500 36117 0 0 1/0/2 d 30 15 Activ 0 0 493 33509 0 0 12/0/1 L2VPN per CM: (Disabled) Current CPE=0, IPv4 Addr=0, IPv6 Addr=0 Max CPE=16, IPv4 Addr=32, IPv6 Addr=64 12/0/11-1/0/2 CM 0015.d0be.a08e (Arris) D3.0 State=Operational D1.1/atdma PrimSID=8205 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1 RCP_ID= 0x0010000005 RCC_Stat= 4, RCS=0x01000004 TCS=0x01000004 Timing Offset=1224 Rec Power= 0.00 dBmV Proto-Throttle=Normal dsPartialServMask=0x00000000 usPartialServMask=0x00000000 Uptime= 0 days 16:48:44 IPv4=10.132.31.127 cfg=cw_basic_30.bin LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Disabled MDF Capability= GMAC Promiscuous(2) MDF Mode= MDF Enabled(1) u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports uB 33 8205 Activ BE 0 0 510 36533 0 0 1/0/0-3 dB 34 17 Activ 0 0 505 34976 0 0 12/0/2-4,11 L2VPN per CM: (Disabled) Current CPE=0, IPv4 Addr=0, IPv6 Addr=0 Max CPE=16, IPv4 Addr=32, IPv6 Addr=64 Figure 18-2: Show Cable Modem Output Showing MDF Settings for DOCSIS 2.0 and 3.0 Modems Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-8 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration DSG Configuration Overview To configure the E6000 CER for DSG, the following steps must be taken: 1 Configure the E6000 CER and verify that the DOCSIS cable modems register. 2 Initial Configuration 3 a Configuring Interfaces to Carry Tunnel Traffic on page 18-9 b Enabling Upstream Filters on page 18-11. DSG Configuration on page 18-13 a Configuring Access List, Filters and Rate Limits on page 18-13 b Configuring IP Forwarding for Basic Mode DSG on page 18-14 c Configuring for Advanced DSG Mode on page 18-15 - NOTE: Configure IP Forwarding on page 18-15 Configuring DCD and QoS on page 18-15 Advanced DSG Configuration on page 18-15. Static joins can be configured on various types of interfaces. There are cable-side interfaces (cable-mac and cabledownstream). There are network-side interfaces (Ethernet). Also, there are layer 2 and layer 3 forms of the static join commands. For more information, see Static IGMP Joins on page 23-11. Configuring Interfaces to Carry Tunnel Traffic Multicast must be enabled on each cable-mac interface and Network Side Interface (NSI) when the destination IP of the tunnel traffic is a multicast IP address. Internet Group Management Protocol (IGMPv2) is the default on the CER. NOTE: 1 Some multicast groups are disabled by default. See Valid Multicast Address Ranges on page 23-3. Enable IGMP on the cable-mac interface: configure interface cable-mac <mac> [<.subif#>] ip igmp Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-9 PRELIMINARY E6000 CER Release 1.0 2 DOCSIS Set-top Gateway Configuration IGMP can optionally be configured in a multicast-static-only mode. In this mode, IGMP will not issue group membership queries or accept group dynamic join/leave messages on the interface. Use this mode to improve security only if no dynamic IGMP group joins/leaves are expected on the cable interface. configure interface cable-mac <mac> [<.subif#>] ip igmp multicast-static-only 3 Choose A or B below to enable (a) IGMPv2 Proxy, or (b) PIM-SSM multicast, for each NSI that is required to receive DSG tunnel traffic. a Enabling IGMPv2 Proxy from the Cable Side to Network Side Use the following commands to enable IGMPv2 Proxy: - For each DS cable interface that needs to carry multicast DSG tunnel traffic, a proxy interface must be assigned for receiving the multicast traffic. configure interface cable-mac <mac>[<.subif#>] ip igmp proxy-interface {ethernet <slot>/<connector>/<port>[<.subif#>] | ethernet <slot>/<connector>/<port>[<.subif#>]} - A backup proxy interface may also be configured: configure interface cable-mac <mac>[<.subif#>] ip igmp backup-proxy-interface {ethernet <slot>/<connector>/<port>[<.subif#>] | ethernet <slot>/<connector>/<port>[<.subif#>]} - The command to display the IGMP configuration for an interface is: show ip igmp interfaces b NOTE: Enabling PIM-SSM PIM-SSM source specific multicast group joins are automatically configured for DSG tunnel classifiers that have a sourcenetwork prefix of 32 (host address), but are not automatically configured for DSG tunnel classifiers that use a source network prefix less than 32 (subnet). For DSG tunnel classifiers configured with a source-network prefix of less than 32 (subnet), a source-specific group static join must be configured for each source in the subnet where multicast group static join can be configured using the following command: configure interface cable-downstream <slot>/<connector>/<port> ip igmp static-group <group> [source <source>] NOTES: Static joins can be configured on various types of interfaces. There are cable-side interfaces (cable-mac and cabledownstream). There are network-side interfaces (Ethernet). Also, there are layer 2 and layer 3 forms of the static join commands. For more information, see Static IGMP Joins on page 23-11. PIM-SSM and IGMP Proxy cannot be configured on the same network-side interface. Also, some combinations of DSG using SSM or ASM are not supported with IGMPv2 or v3 in the same cable-side MAC domain. For additional information see Multicast Routing on page 23-5. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-10 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration PIM-SSM forwarding is not enabled until PIM neighbors are established. Use show ip pim neighbor to show PIM neighbors on an interface. 1 Enable multicast routing: configure ip multicast-routing 2 Enable PIM-SSM on the cable interface but disable PIM-SSM protocol messages from being sent: configure interface cable-mac <mac>[<.subif#>] ip pim sparse-mode-ssm passive 3 Enable PIM-SSM on a network-side interface: configure interface ethernet <slot>/<connector>/<port>[<.subif#>] ip pim sparse-mode-ssm configure interface ethernet <slot>/<connector>/<port>[<.subif#>] ip pim sparse-mode-ssm 4 The command to display the IGMP configuration for an interface is: show ip igmp interface 5 The command to display the PIM-SSM configuration for an interface is: show ip pim interface 6 The command to display inbound/outbound interfaces and counters is: show ip mroute For more information see Chapter 23, Multicast. For an explanation of PIM-SSM see Protocol-Independent Mode—Source-Specific Multicast on page 23-4. Enabling Upstream Filters To prevent DSG tunnel traffic from entering an upstream, an upstream IP filter must be configured to block the upstream traffic destined for the DSG tunnel. The following commands provide the ability to dynamically configure these filters. This is described in Configuring Access List, Filters and Rate Limits on page 18-13. The existing cable modems must be reset after the following commands are executed, but not at the time the filters are created. This is a one-time occurrence. configure ip filter group <> index <> src-addr 0.0.0.0 src-mask 0.0.0.0 dest-addr 224.0.0.0 dest-mask 240.0.0.0 dest-port <> action drop configure cable submgmt default filter-group host upstream <1-1023> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-11 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration configure cable submgmt default filter-group cm upstream <1-1023> configure cable submgmt default active NOTE: The IP filter group should be unique for DSG provisioning. To reset the cable modems: configure reset cable-modem all Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-12 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration DSG Configuration The following sections describe the necessary steps for configuring DSG tunnels. The recommended order of configuration is: 1 Configure access lists, filters, and rate limits for DSG tunnels 2 Configure IP forwarding for basic mode DSG 3 Configure IP forwarding for advanced mode DSG 4 Configure DCD and QoS for advanced mode DSG Configuring Access List, Filters and Rate Limits ACLs, filters, and rate limits are used to protect the DSG tunnel traffic sourced by unauthorized servers as well as excessive traffic rates. ACLs are used on the NSIs and IP filters are used on the Cable Side Interfaces (CSIs). The source of the DSG tunnel traffic on an NSI is restricted by configuring a permit ACL entry for each valid DSG tunnel source IP address and destination IP address pair. A deny entry is added for each destination IP as the last entry in the list to drop DSG tunnel traffic from all other sources. configure access-list <aclNum> permit ip host <srcIp> host <destIp> Repeat the previous command for each DSG tunnel source. In the command above srcIp is the IP address of the source of the DSG tunnel traffic. Note that “host <srcIp>” may be replaced with “<srcIp> <wildcards>” to allow multiple sources within a subnet. configure access-list <aclNum> deny ip any host <destIp> Where: destIp is the destination IP address of DSG tunnel The permit ACL entries must be entered before the deny ACL entries are entered. Rate limiting for the DSG tunnel can be configured using an SCN. For more information see Chapter 35, Service Class Names. The origination of DSG tunnel traffic from all upstream cable interfaces needs to be blocked by adding an IP filter for each DSG tunnel destination IP address. This was explained in a previous section, Enabling Upstream Filters on page 18-11. Use the following command: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-13 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration configure cable filter group <fGrp> index <index> src-addr 0.0.0.0 src-mask 0.0.0.0 dest-addr <dsgTunnelDestIP> dest-mask 255.255.255.255 action drop For more information on configuring ip filters, see Chapter 16, IP Packet Filters, Subscriber Management. NOTE: If using Baseline Privacy Interface (BPI) and DSG Multicast — DSG tunnel traffic must not be encrypted when cable modems using BPI are on a downstream carrying DSG tunnel traffic. BPI encryption must be disabled for a DSG multicast destination IP before the configuration of the DSG tunnel. Configuring IP Forwarding for Basic Mode DSG CAUTION This section does not apply to Advanced DSG configuration. If IP forwarding is configured in such a way that it conflicts with any advanced DSG tunnels, the IP forwarding configuration takes precedence over the advanced DSG tunnel configuration. This could disable the advanced DSG tunnel. IP forwarding for basic DSG tunnels is statically configured. There are two different kinds of forwarding when configuring basic DSG tunnels: • Destination IP address is Multicast and Destination MAC address conforms to RFC1112 • Destination IP address is Multicast and Destination MAC address does not conform to RFC1112 DSG forwarding is configured using IGMPv2 or IGMPv3 when the destination IP of the DSG tunnel is a multicast address. The following commands configure static membership for the DSG tunnel: configure interface cable-downstream <slot>/<connector>/<port>[<.subif#>] ip igmp static-group <dsgTunnelDestIP> [source <dsgTunnelSrcIp>] NOTE: IGMPv3 must be used when a source IP address is specified with the static group configuration. If the destination IP address of the basic DSG tunnel is multicast and the MAC address does not conform to RFC1112, the following command is used in addition to the static group which replaces the RFC1112 destination MAC address with the specified destination MAC address. configure ip multicast mac-ip <dsgTunnelDestIP> <dsgTunnelDestMAC> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-14 PRELIMINARY E6000 CER Release 1.0 Show Commands DOCSIS Set-top Gateway Configuration The following commands are used to display the IGMP group membership including those statically joined: show ip igmp groups [detail] show ip route show ip mroute Configuring for Advanced DSG Mode Configure IP Forwarding It is recommended that you do not configure static IP forwarding for advanced DSG tunnels. The advanced DSG tunnel traffic is forwarded at the time when the advanced DSG tunnel is configured. Configuring DCD and QoS When using advanced DSG, the E6000 CER must send a DCD on all downstreams where DSG tunnels are provisioned. A DCD may also be sent on downstreams where no DSG tunnels are provisioned so that STBs can find the channels carrying the DSG tunnels more quickly. QoS provides the ability to rate limit the DSG tunnel traffic as well as give the traffic a priority. The configuration of DCD and QoS is described in the next section. Advanced DSG Configuration The primary components of advanced DSG configuration are: • DS Cable Interface • DSG Tunnel • DSG Classifier These components are what is used to build the DCD that is sent on the DS cable interface and to establish forwarding of the DSG tunnel traffic. The command to view the contents of the DCD for an interface is: show interface cable-downstream <slot>/<connector>/<port>[<.subif#>] cable dsg dcd Sample output: DCD Fragment Rate: 900ms DCD Fragment 1 of 1; Cfg change count: 2 Rule Id: 1 Priority: 0 Client Ids Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-15 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Broadcast: 1 (SCTE-65) Tunnel Address: 0100.5e01.0101 Classifier Id: 1 DSG Classifier Id: 1 Priority: 0 Destination IP: 230.1.1.1 To view the current state of DSG configuration, use the commands: show cable dsg [verbose] show interface cable-downstream [<slot>/<connector>/<port>] cable dsg [verbose] To view the current forwarding state of DSG configuration, use the following commands: show ip igmp groups [detail] show ip mroute Figure 18-3 shows the layout of advanced DSG configuration: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-16 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration 1 DS CHANNEL LIST N DSG Configuration DS CABLE INTERFACE N N 1 DSG TIMERS N N 1 DSG TUNNEL GROUP DSG Rules VENDOR-SPECIFIC PARAMETERS N 1 N N DSG TUNNEL 1 CLIENT ID LIST 1 N DSG Classifiers DSG CLASSIFIER QoS Figure 18-3: Block Diagram of an Advanced DSG Configuration DSG tunnel groups are used for assigning a group of DSG tunnels to one or more DS cable interfaces. This also allows the user to assign one or more DSG tunnel groups to a DS cable interface. A DSG tunnel must belong to a group in order to be associated with a DS cable interface. The DSG tunnel groups should be determined before starting advanced DSG configuration. However, DSG configuration is significantly simplified when there is a maximum of one DSG tunnel per DSG tunnel group. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-17 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration DS Cable Interface The major components of the DS Cable Interface are: • DS Channel List • DSG Timers • Vendor-specific Parameters • DSG tunnel Group(s) The first three components make up the DSG Configuration portion of the DCD. This portion of the DCD may be sent without any DSG tunnels provisioned on the interface for the purpose of redirecting STBs to downstreams on which DSG tunnels are provisioned. If no DSG tunnels are provisioned on the DS cable interface, the following command must be entered to enable the sending of DCDs with only DSG Configuration on that interface: configure interface cable-downstream 5/0/0 cable dsg dcd-enable The NO version of the command disables the sending of the DCDs as long as there are no DSG tunnels configured on the downstream interface. If there is at least one DSG tunnel on the specified interface, the behavior is as if the dcd-enable command was entered. The NO version of the command has no affect on the sending of the DCD. To determine if a DCD is being sent on an interface, use the command: show interface cable-downstream [<slot>/<connector>/<port>] cable dsg The Enable DCD column displays a value of true when a DCD is being sent on the interface. Downstream Channel List The DSG channel list is not included in the DCD unless the DS cable interface contains a reference to a downstream channel list that contains at least one entry. The command to associate the DS cable interface with a downstream channel list is: configure interface cable-downstream <slot>/<connector>/<port> cable dsg ds-frequency-list <dsListId> A downstream channel list can be referenced by one or more DS cable interfaces. To add entries in the DS channel list use the following command: configure cable dsg ds-frequency-list <dsListId> frequency <freq> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-18 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration The command to view which list is associated with an interface is: show interface cable-downstream [<slot>/<port>] cable dsg [verbose] To view the contents of the list use the following command: show cable dsg ds-frequency-list [<dsListId>] DSG Timer Entry To specify non-default DSG timing values in the DCD, a DSG Timer Entry must be associated with the DS cable interface and the DSG Timer Entry updated with the new timing values. The command to associate a DSG Timer Entry with the DS cable interface is: configure interface cable-downstream <slot>/<port> cable dsg timer-list <timerListId> A DS timer entry can be referenced by one or more DS cable interfaces. The command to update the DSG timer values in the entry is: configure cable dsg timer-list <timerListId> [initialization-tdsg1 <initTimer>] [operational-tdsg2 <operTimer>] [two-way-tdsg3 <twoWayTimer>] [one-way-tdsg4 <oneWayTimer>] The command that shows which entry is associated with an interface is: show interface cable-downstream [<slot>/<connector>/<port>] cable dsg [verbose] The command to view the contents of the entry is: show cable dsg timer-list [<timerListId>] The default timer values for the timer list are the following: Initialization (Tdsg1): Operation (Tdsg2): Two-Way Retry (Tdsg3): One-Way Retry (Tdsg4): NOTE: Vendor-specific Parameters 2 600 300 1800 The DCD will always include a timer list on every channel, even if there is no timer list configured for a channel. If no timer list is configured, the timer list in the DCD contains the default timer values. By default, there are no vendor-specific parameters (VSP) in the DSG Configuration part of the DCD. To add vendor-specific parameters, a VSP list must be associated with the DSG cable interface with one or more entries in the VSP list. The command to associate a VSP list with the DS cable interface is: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-19 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration configure interface cable-downstream <slot>/<port> cable dsg vsp-list <vspListId> Note that a VSP list can be referenced by one or more DS cable interfaces as well as DSG tunnel groups and client id list entries. The command to add entries in the VSP list is: configure cable dsg vsp-list <vspListId> [index <value>] oui <vspOUI> value <vspValue> The command to view which list is associated with an interface is: show interface cable-downstream [<slot>/<connector>/<port>] cable dsg [verbose] The command to view the contents of the list is: show cable dsg vsp-list [<vspListId>] DSG Tunnels The major components of a DSG tunnel are: • DSG tunnel ID • DSG tunnel group ID • Client ID List • Vendor-specific Parameters • QoS All of the components, except for QoS, make up the DSG Rules portion of the DCD. By default, the DSG rule is included in the DCD once the rule contains all the required elements. If it is desired to prevent the rule from being included in the DCD, the following command must be entered: configure cable dsg tunnel <tunnelid> disable When you wish to include the tunnel’s DSG rule in the DCD, use the following command: configure cable dsg tunnel <tunnelid> enable NOTE: By default the DSG tunnel rule is set to enabled. The configure cable DSG tunnel disable command can be used at anytime to remove the tunnel’s DSG rule from the DCD. The minimum configuration for a DSG tunnel (in order for the DSG tunnel’s rule to be included in a DCD) is: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-20 PRELIMINARY E6000 CER Release 1.0 • DSG tunnel Group Assignment • Client ID List Assignment • - At least one entry in the client id list Destination MAC Address • Classifier Associated with the DSG tunnel - DOCSIS Set-top Gateway Configuration Destination IP Address The show cable dsg command can be used to view the current state of DSG configuration. DSG Tunnel Groups DSG tunnels are associated with a DS cable interface via DSG tunnel Groups. The command to associate a group with an interface and to configure the tunnel group’s parameters is: configure interface cable-downstream <slot>/<port> cable dsg tunnel-group <tunnelGrpId> [index <value>] [priority <priority>] [vsp-list <vendorSetId>] The command to display the DSG tunnel groups assigned to a DS cable interface is: show interface cable-downstream <slot>/<connector>/<port> cable dsg tunnel-group DSG Tunnel Group Parameters The assignment of the DSG tunnels to DSG tunnel groups was covered in the DSG tunnel Group section above. The DSG tunnel Group parameters that are part of the DSG rule is: • Rule Priority (defaults to 0, which is the lowest priority in this case) • Vendor-specific Parameters (optional) The rule priority is mandatory for the DSG rule so if it is not specified when configuring the DSG tunnel Group, the rule priority takes on a value of zero. If the VSP list is not specified with the command, it is omitted from the DSG rule in the DCD. Note that this logic applies for all parameters with defaults and those that are optional. The command to configure the DSG tunnel Group parameters is: configure interface cable-downstream <slot>/<port> cable dsg tunnel-group <tunnelGrpId> [priority <priority>] [vsp-list <vendorSetId>] The commands to display the DSG tunnel group parameters are: show cable dsg tunnel-group show interface cable-downstream [<word>] cable dsg tunnel-group Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-21 PRELIMINARY E6000 CER Release 1.0 DSG Tunnel Parameters DOCSIS Set-top Gateway Configuration The DSG tunnel parameters are: • DSG Tunnel Group (mandatory) • Client ID List (mandatory) • DSG Tunnel’s Destination MAC Address (mandatory) • Service Class Name (SCN) (optional; not included in DCD) When creating a DSG tunnel, the group to which the tunnel belongs, client ID list, and destination MAC address are all required in order for the DSG rule for this DSG tunnel to be included in the DCD. The SCN is not included in the DCD even when it is specified. The command to configure the DSG tunnel parameters is: configure cable dsg tunnel <dsgTunnelId> tunnel-group <tunnelGrpId> client-id-list <clIdList> mac-address <dsgTunnelDestMAC> service-class-name <scn> NOTE: The SCN parameters for the tunnel take effect when the tunnel is activated. If changes are made to SCN parameters for an SCN that was used by an active tunnel, those changes do not take place until the tunnel is disabled and re-enabled. To allow enough time for the disable to take effect, you should allow five seconds between commands, as in the following example: configure cable dsg tunnel <dsgTunnelId> disable wait 5 configure cable dsg tunnel <dsgTunnelId> enable NOTE: If no SCN is configured, a default SCN will be used. See If No SCN Is Associated on page 18-23. If there are multiple active tunnels referring to the just modified service class name, the command sequence above must be repeated for each of those tunnels. Otherwise, the SCN modifications do not take effect on the remaining tunnels. The command to display the DSG tunnel parameters is: show cable dsg tunnel [<dsgTunnelId>] Client ID List Issue 1.0, 4 Feb 2013 The client id list contains one or more entries each containing: • ID Type (mandatory) • ID Value (mandatory if ID Type is not broadcast) • Vendor-specific Parameters (optional) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-22 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration There must be at least one entry in the client id list in order for the DSG rule to be included in the DCD. All entries in the list are included in the DCD. The command to add an entry in the client ID list is: configure cable dsg client-id-list <clIdList> [index <value>] type <clIdType> value <clIdValue> [vsp-list <vendorSetid>] The command to display the entries in the client id list is: show cable dsg client-id-list [<clIdList>] Vendor-specific Parameters Vendor-specific parameters can be specified with the DSG tunnel Group as well as with the client IDs. When there are multiple VSP lists specified for a single rule, the VSP entries from all the lists are included with the rule in the DCD. If a VSP list is referenced multiple times for the same rule, only one copy of the VSP list is included with the rule in the DCD. The commands for adding entries in the VSP list is covered in the previous Vendor-specific Parameters section. QoS Rate Limiting/Policing — Rate limiting (also termed policing), as it pertains to DSG, can be enforced on the E6000 CER by using the Service Class Name association as described by the DSG specification. A Service Class Name is a the more direct means of enforcing rate limiting for DSG. Service Class Names are a DOCSIS construct for defining Quality of Service (QoS) parameter sets. For details on Service Class Names, see Chapter 35, Service Class Names, in the E6000 CER User Documentation manual. Simply put, a Service Class Name can be associated with a DSG tunnel rule. See configure cable dsg tunnel in the CLI Command Descriptions for more detail. The QoS parameters, including minimum and maximum traffic rates, are then automatically applied to the tunnel, and the E6000 CER uses those QoS parameters to rate limit the traffic which flows over the DSG tunnel. If No SCN Is Associated — If no Service Class Name is explicitly associated with a DSG tunnel, then the maximum data rate on any given DSG tunnel defaults to 2.048 Mbps. NOTE: Issue 1.0, 4 Feb 2013 Even though a default maximum traffic rate is applied if no SCN association is explicitly made, ARRIS strongly recommends association of an appropriately provisioned service class name to each DSG tunnel. This ensures enforcement not only of an appropriate maximum traffic rate, but also of an appropriate traffic priority. Consideration should be given to the accumulated sum of traffic that will pass through any single device host, which may actually have multiple tunnels sourcing data to that single device. The maximum traffic rates on all tunnels that funnel into any single device should be provisioned accordingly to ensure that the accumulated total of all traffic does not exceed the recommended 2.048 Mbps limit. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-23 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Traffic Prioritization and DSG — As stated above, traffic priority can and should explicitly be associated with each DSG tunnel via association of an appropriately provisioned Service Class Name to each DSG tunnel. If no Service Class Name association is made, a default traffic priority of 0 is used (this is the lowest possible traffic priority). One presumed likely scenario in a converged services environment is that voice traffic will be given highest priority, best effort data (HSD) will be given lowest priority, and DSG data will be given a priority somewhere in between. When determining the priority to be applied to DSG data, priority for HSD data, voice signaling data, and voice data itself should be taken into account. DSG Classifier The DSG Classifier parameters are: • Classifier ID (mandatory) • DSG Tunnel ID (mandatory) • Classifier Priority (defaults to zero, which is the lowest priority) • DSG Tunnel Destination IP Address (mandatory) • DSG Tunnel Source IP Address (optional) • Mask (optional) • Destination Port Range (optional) These parameters make up the DSG Classifier in the DCD. Note that the classifier ID must be unique per CER. For all parameters that are not mandatory or do not have a default value are not included in the DCD when they are not explicitly configured. The command to configure a DSG classifier is: configure cable dsg tunnel <dsgTunnelId> classifier <dsgClassId> [priority <classPri>] dest-ip <destIP> [source-network <sourceIp>[/<maskLen>]] [dest-port-range <portStart>-<portend>] [include-in-dcd] By default, the DSG Classifier is not included in the DCD, unless the keyword include-in-dcd is specified on the command line. The following command includes the classifier in the DCD: configure cable dsg tunnel <dsgTunnelId> classifier <dsgClassId> include-in-dcd NOTE: Issue 1.0, 4 Feb 2013 A classifier must be configured to route packets to a tunnel, even if that classifier is not included in the DCD. To remove the classifier from the DCD, use the no version of the command above. The classifier ID will be suppressed from the DSG rule in the DCD if the classifier is not configured to be included in the DCD. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-24 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Sample DSG Configuration Scenarios Color coding — Three colors have been used in this section to make the following distinctions: GREEN Required for both basic and advanced DSG BLUE Required for basic DSG only RED Required for advanced DSG only Initial Setup for DSG This sample script prepares the E6000 CER for subsequent DSG configuration. # start DSG setup script #---------------------------------------------------# enable IGMPv2 on the cable side #---------------------------------------------------configure interface cable-mac 10 ip igmp # proxy IGMPv2 memberships from the cable side to the network side #---------------------------------------------------- configure interface cable-mac 10 ip igmp proxy-interface ethernet 6/0 #---------------------------------------------------# only allow static multicast on the cable side interface filtering any router/host IGMP messages #---------------------------------------------------- configure interface cable-mac 10 ip igmp multicast-static-only #---------------------------------------------------- # Enable ability to apply dynamic upstream cable side filters Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-25 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration #---------------------------------------------------#Use the following command to have the E6000 CER apply filter group 1 in the upstream direction to all CPE devices. configure cable submgmt default filter-group host upstream 1 #Use the following command to have the E6000 CER apply filter group 1 in the upstream direction to all CMs. configure cable submgmt default filter-group cm upstream 1 # The following command enables filtering for devices in the system. If default were not active, it would not matter what filter-groups you provisioned, because the E6000 CER would not apply them to the devices in the system. configure cable submgmt default active #----------------------------------------------------# save the changes to persistent store #---------------------------------------------------write memory #---------------------------------------------------# RESET the registered cable modems #---------------------------------------------------configure reset cable-modem all # end DSG setup script Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-26 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration DSG Configuration Only This script configures a DSG Downstream Channel Descriptor (DCD) on a downstream that contains only the DSG configuration part of the DCD. DCD messages are used only in the advanced mode of DSG. # start DSG configuration only script # direct the STB to the downstream on frequency 691000000 configure interface cable-downstream 5/0 cable dsg ds-frequency-list 1 configure cable dsg ds-frequency-list 1 frequency 691000000 # provide non-default timing parameters for the STB configure interface cable-downstream 5/0 cable dsg timer-list 1 configure cable dsg timer-list 1 initialization-tdsg1 5 operational-tdsg2 300 two-way-tdsg3 150 one-way-tdsg4 900 # enable the DCD on the downstream configure interface cable-downstream 5/0/0 cable dsg dcd-enable # end DSG configuration only script Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-27 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Multicast Destination IP to RFC1112 DSG Tunnel MAC The following script configures a DSG tunnel that has a destination IP address that directly corresponds to an RFC1112-compliant destination MAC address. This example shows how to configure a DSG tunnel with the following rule and classifier: Table 18-1: Summary of DSG Tunnel Configuration with Multicast IP Address Type Name Value 23 Downstream Packet Classification Encoding - 23.2 Classifier Identifier 1 23.5 Classifier Priority 1 23.9 IP Packet Classification Encodings - 23.9.3 Source IP Address 10.100.10.1 23.9.4 Source IP Mask 255.255.255.255 23.9.5 Destination IP Address 230.1.1.1 50 DSG Rule - 50.2 DSG Rule Priority 1 50.4.2 DSG Well-Known MAC Address 00:00:CA:01:01:01 50.5 DSG Tunnel Address 01:00:5E:01:01:01 50.6 DSG Classifier Identifier 1 #---------------------------------------------------# start Multicast IP to Associated DMAC script # # DSG tunnel provisioning # #---------------------------------------------------# inbound network side filtering # permit traffic from source 10.100.10.1 that has a destination IP of 230.1.1.1 #---------------------------------------------------configure access-list 120 permit ip host 10.100.10.1 host 230.1.1.1 configure access-list 120 deny ip any host 230.1.1.1 configure access-list 120 permit ip any any Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-28 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration #---------------------------------------------------# apply filter on all network interfaces that receive the desired multicast traffic # assign acl to network interface #---------------------------------------------------configure interface ethernet 6/0 ip access-group 120 in #---------------------------------------------------# block traffic from all other network interfaces #---------------------------------------------------configure access-list 130 deny ip any host 230.1.1.1 configure access-list 130 permit ip any any configure interface ethernet 6/1 ip access-group 130 in #---------------------------------------------------# upstream cable side filtering # filter upstream traffic destined for 230.1.1.1 #---------------------------------------------------configure cable filter group 1 index 1 src-ip 0.0.0.0 src-mask 0.0.0.0 dest-ip 230.1.1.1 dest-mask 255.255.255.255 match-action drop #---------------------------------------------------# static multicast provisioning for basic mode only # forward the traffic with destination ip 230.1.1.1 on cable interface(s) #---------------------------------------------------configure interface cable-mac 10 ip igmp static-group 230.1.1.1 # configure advanced DSG #---------------------------------------------------# configure the DSG Rule configure interface cable-downstream 5/0 cable dsg tunnel-group 1 priority 1 configure cable dsg tunnel 1 tunnel-group 1 client-id-list 1 mac-address 0000.ca01.0101 configure cable dsg client-id-list 1 type mac-address value 0000.ca01.0101 # configure the DSG classifier configure cable dsg tunnel 1 classifier 1 dest-ip 230.1.1.1 source-network 10.100.10.1 priority 1 include-in-dcd #---------------------------------------------------# end Multicast IP to Associated DMAC script #---------------------------------------------------- Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-29 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration Multicast Destination IP to non-RFC1112 DSG Tunnel MAC The following script configures a DSG tunnel that has a destination IP address that corresponds to a RFC1112 non-compliant destination MAC address. Table 18-2: Summary of DSG Tunnel Configuration with Multicast DIP to Non-compliant DMAC Type Issue 1.0, 4 Feb 2013 Name Value 23 Downstream Packet Classification Encoding - 23.2 Classifier Identifier 1 23.5 Classifier Priority 1 23.9 IP Packet Classification Encodings - 23.9.3 Source IP Address 10.100.10.1 23.9.4 Source IP Mask 255.255.255.255 23.9.5 Destination IP Address 230.1.1.1 50 DSG Rule - 50.2 DSG Rule Priority 1 50.4.2 DSG Well-Known MAC Address 00:00:CA:01:01:01 50.5 DSG Tunnel Address 00:11:22:33:44:55 50.6 DSG Classifier Identifier 1 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-30 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration #---------------------------------------------------# start Multicast IP to non-compliant DMAC script #---------------------------------------------------- #DSG tunnel provisioning #---------------------------------------------------# inbound network side filtering # permit traffic from source 10.100.10.1 that has a destination IP of 230.1.1.1 #---------------------------------------------------configure access-list 120 permit ip host 10.100.10.1 host 230.1.1.1 configure access-list 120 deny ip any host 230.1.1.1 configure access-list 120 permit ip any any #---------------------------------------------------# apply filter on all network interface that receive the desired multicast traffic # assign acl to network interface #---------------------------------------------------configure interface ethernet 6/0 ip access-group 120 in #---------------------------------------------------- # block traffic from all other network interfaces #---------------------------------------------------configure access-list 130 deny ip any host 230.1.1.1 configure access-list 130 permit ip any any configure interface ethernet 6/1 ip access-group 130 in #---------------------------------------------------- # upstream cable side filtering # filter upstream traffic destined for 230.1.1.1 #---------------------------------------------------configure ip filter group 1 index 1 src-addr 0.0.0.0 src-mask 0.0.0.0 dest-addr 230.1.1.1 dest-mask 255.255.255.255 action drop #---------------------------------------------------- Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-31 PRELIMINARY E6000 CER Release 1.0 DOCSIS Set-top Gateway Configuration # static multicast provisioning for basic mode only # forward the traffic with destination ip 230.1.1.1 on cable interface(s) #---------------------------------------------------configure interface cable-mac 10 ip igmp static-group 230.1.1.1 #---------------------------------------------------- # Basic mode only # assign tunnel MAC address for IP address if non-standard # assign a tunnel mac address of 00:11:22:33:44:55 to destination ip 230.1.1.1 #---------------------------------------------------configure ip multicast mac-ip 230.1.1.1 00:11:22:33:44:55 ----------------------------------------------------- #---------------------------------------------------# configure advanced DSG # configure the DSG Rule #---------------------------------------------------- configure interface cable-downstream 5/0 cable dsg tunnel-group 1 priority 1 configure cable dsg tunnel 1 tunnel-group 1 client-id-list 1 mac-address 0011.2233.4455 configure cable dsg client-id-list 1 type mac-address value 0000.ca01.0101 # configure the DSG classifier configure cable dsg tunnel 1 classifier 1 dest-ip 230.1.1.1 source-network 10.100.10.1 priority 1 include-in-dcd #---------------------------------------------------- # end Multicast IP to non-compliant DMAC script #---------------------------------------------------- Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 18-32 PRELIMINARY E6000 CER Release 1.0 19 CPE Device Classes CPE Device Classes Types of Device Classes 2 Dynamic Host Configuration Protocol 4 Filter Groups Based on Device Class Overview Issue 1.0, 4 Feb 2013 10 The high-level goal of this feature is to allow the E6000 CER to classify Customer Premise Equipment (CPE) into a number of distinct device classes. Device classes are the names that are given to CPE devices based on the specialized function that the CPE device performs. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-1 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes Types of Device Classes This feature is currently associated with the device classes shown in Table 19-1. Table 19-1: Device Classes Acronym NOTES: Description DVA Digital Voice Adapter ERTR Embedded Router (see Note 1)) MTA Multimedia Terminal Adapter (PacketCable) PS Portal Server (CableHome) SG Security Gateway STB Set-top Box (see Note 2) TEA T1 Emulation Adapter 1. Also known as eRouter providing home networking functionality. 2. Sometimes called DOCSIS Set-top Gateway, or DSG. The most common device classes used by customers are MTA and STB. If a CPE device does not perform one of the specific specialized functions acknowledged by the device class feature, then it is considered a generic CPE device. NOTE: This feature does not support IPv6 CPE device classes. Such CPE devices are treated as generic CPE devices. For CPE devices using a dual mode IPv4/IPv6 stack, the E6000 CER will recognize only the device class that can be determined from the IPv4 Dynamic Host Configuration Protocol (DHCP) Relay Agent. Functionality Through the classification of CPE devices, the user is allowed to: Issue 1.0, 4 Feb 2013 • Associate different provisioning servers for CPE devices based on the class of the device. • Apply a given secondary cable interface to be available to provide policy support for CPE devices based on the class of the device. • Apply different filtering of traffic from CPE devices based on the class of the device. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-2 PRELIMINARY E6000 CER Release 1.0 • CPE Device Classes Identify individual CPE device class type behind a given CM using the show cable modem detail command. Considerations Users of this feature should be aware of the following: Issue 1.0, 4 Feb 2013 • The term host is used as an all-inclusive term which encompasses all the CPE device classes. • If a CPE device is detected but is not included in one of the new classes of device it is considered a generic CPE device. • When an E6000 CER is upgraded, the Dynamic Host Configuration Protocol (DHCP) helper addresses that are assigned to CPEs (hosts) are assigned to each of the new device class types. • When an E6000 CER is upgraded, the secondary IP addresses that are tagged for use as a DHCP gateway (giaddr) packets for CPEs (hosts) are tagged as a giaddr secondary addresses for each of the new device class types. • When an E6000 CER is upgraded, the default filter groups assigned to CPEs (hosts), both at the chassis and interface level, are assigned to each of the new device class types. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-3 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes Dynamic Host Configuration Protocol DHCP is a network protocol used to configure network devices, such as CPE devices, so that they can communicate on an IP network. DHCP Client A DHCP client uses the DHCP protocol to acquire configuration information, such as: • An IP address. • A default route. • One or more Domain Name Server (DNS) addresses from a DHCP server. The DHCP client then uses this information to configure its host. Once the configuration process is completed, the host is able to communicate on the internet. DHCP Server The DHCP server maintains a database of available IP addresses and configuration information. When the DHCP server receives a request from a client: • The DHCP server determines the network to which the DHCP client is connected. • Allocates an IP address or prefix that is appropriate for the client. • Sends configuration information appropriate for that client. DHCP Relay Agent To allow DHCP clients on subnets not directly served by DHCP servers to communicate with DHCP servers, DHCP relay agents are used. The DHCP client broadcasts on the local link and the relay agent receives the broadcast and transmits it to one or more DHCP servers. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-4 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes The relay agent stores its own IP address in the giaddr field of the DHCP packet. The DHCP server uses the giaddr to determine the subnet on which the relay agent received the broadcast and allocates an IP address on that subnet. When the DHCP server replies to the client, it sends the reply to the giaddr address. The relay agent then retransmits the response on the local network. DHCP Options DHCP consists of various options determined and defined by CableLab™ for different functionality in a system. Three of the options that impact the E6000 CER are as follows: Option 43 • Option 43 • Option 60 • Option 82.9.4491.5 The DHCP Relay Agent identifies the device class of an eSAFE based on the Vendor Specific Information option 43, sub-option 2 and sub-option 3, in the DHCP DISCOVER packet. Option 43.2 — The eSAFEs that are supported are based on the value in the option 43.2, as shown in Table 19-2: Table 19-2: Supported eSAFEs eSAFE String to Match MTA EMTA MTA EDVA DSG ESTB PS EPS Option 43.3 — The DHCP Relay Agent identifies the types of eSAFE device supported by a cable modem based on the VendorSpecific Information (option 43) suboption 3 in the DHCP DISCOVER packet. Option 43.3 is a list of eSAFE strings separated by colons (:). The parsing of the option 43.3 looks for an exact match of the option 43.2 to the string in the table above between the colons (or between a colon and the end of the string). The initial “ECM” string (the modem itself) and any unknown strings are silently ignored. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-5 PRELIMINARY E6000 CER Release 1.0 Option 60 CPE Device Classes The DHCP Relay Agent attempts to identify the device class of a Service/Application Functional Entity (SAFE) based on the Vendor Class Identifier option (option 60) in the DHCP DISCOVER packet. NOTE: A SAFE might not be an embedded device. SAFE Types — A SAFE is a CableLabs-specified application, such as: • A PacketCable Multimedia Terminal Adapter (MTA), that provides a service using the DOCSIS IP platform. • A function or set of functions, such as the Cable Home Portal Services (PS) logical element, that supports the delivery of one or more services over an IP platform. Supported SAFEs — The SAFEs that are supported, based on the value in option 60, are shown in Table 19-3. Table 19-3: Supported SAFEs SAFE Initial Portion of Option 60 to Match MTA pktc DSG OpenCable DSG openCable DSG opencable PS CableHome The SAFEs listed in Table 19-3 are all CPEs attached to or integrated with a CM. In this context, the term CPE has more than one meaning and can mean either of the following: • A default device class. • A device with an IP address behind a CM. DHCP Relay Agent — If the DHCP Relay Agent is unable to identify the device class of a SAFE based on the Vendor Class Identifier option (option 60) in the DHCP packet, it assigns it a device class of CPE. Option 82.9.4491.5 This option allows a DHCP Relay Agent to convey specific Service Class Name (SCN) information of the cable modem that the CPE is behind to the DHCP server. Through the use of this option, SCNs are used to identify a type of service that is assigned to a cable modem. These SCNs are then inserted into a DHCP Option 82.9 TLV for CPE DHCP requests from the DHCP relay agent to the DHCP server. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-6 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes For example, this option may be used to help manage the limited availability of IPv4 addresses in the case of new subscribers. These subscribers, based on the service classes assigned, would be assigned to a private subnet that gets “translated” into a public address. Rapid Commit Rapid-Commit is the process or option by which a DHCP Client obtains configurable parameters from a DHCP Server by using a rapid DHCPv6 two-message exchange. The messages that are exchanged between the two routers (RR and DR) are called the DHCPv6 SOLICIT and REPLY messages. DHCP Helper Address Provisioning The Device Classes feature allows the customer to configure different DHCP servers for use by different device classes by defining the DHCP server address for a given device type on the cable interface. Configure Helper Address Command The following command configures the DHCP helper address based on device class type: configure interface cable-mac <mac> cable helper-address <DHCP Server IP address> [cable-modem | host | cpe | mta | ps | stb | any] no Some notes on the syntax of this command: Issue 1.0, 4 Feb 2013 • The user may only enter up to one device class per command line • If the user does not provide the optional class of device then it defaults to any. • The term any means all devices, CMs, and CPE types. • The term host means all CPE types. It does not include the cable modem. • If the user were to provision cpe, mta, ps, and stb against the same helper-address, the running-config would show the output as host. • If the user were to provision host and then performed the no version of the command against stb, then running config would show a line for each instance of cpe, mta, and ps. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-7 PRELIMINARY E6000 CER Release 1.0 Helper Address Command Examples CPE Device Classes Assuming that the DHCP helper addresses were to be configured as shown in the following examples: configure interface cable-mac 20 cable helper-address 1.1.1.1 configure interface cable-mac 20 cable helper-address 2.2.2.2 host configure interface cable-mac 20 cable helper-address 3.3.3.3 cable-modem configure interface cable-mac 20 cable helper-address 3.3.3.3 cpe configure interface cable-mac 20 cable helper-address 4.4.4.4 cpe configure interface cable-mac 20 cable helper-address 4.4.4.4 mta configure interface cable-mac 20 cable helper-address 4.4.4.4 stb configure interface cable-mac 20 cable helper-address 5.5.5.5 mta configure interface cable-mac 20 cable helper-address 6.6.6.6 ps configure interface cable-mac 20 cable helper-address 7.7.7.7 stb Then the following would be some of the effects of the configuration on the subscriber equipment: • A CM performing registration on cable-mac 20 would have its DHCP DISCOVER message forwarded to the following addresses: 1.1.1.1 and 3.3.3.3 • A generic CPE performing DHCP discovery would have its DISCOVER message forwarded to 1.1.1.1, 2.2.2.2, 3.3.3.3, and 4.4.4.4 Assigning Secondary Interfaces Based on Device Class In addition to being able to target specific DHCP servers based on device class type, it is also possible to indicate which secondary interfaces the DHCP server is to respond to based on device class type. Provisioning Secondary Address The following command allows the user to provision the secondary addresses based on device class type: configure interface cable <WORD> ip address <A.B.C.D> <A.B.C.D> secondary dhcp-giaddr [cpe] [mta] [ps] [stb] [no] Be aware that: Issue 1.0, 4 Feb 2013 • Unlike provisioning the helper-address, each device class you wish to be represented with this secondary address must be on the same command line • Subsequent executions of this command overwrites previous provisioning © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-8 PRELIMINARY E6000 CER Release 1.0 Secondary DHCP GIADDR Usage Issue 1.0, 4 Feb 2013 CPE Device Classes • If none of the CPE types are specified, then the E6000 CER treats the secondary DHCP giaddr like a host, that is, all CPEs. • The "no" version of this command removes all DHCP giaddr provisioning from the secondary interface regardless of the CPE device types provided on the command line of that “no” command. All other secondary interface provisioning remains. The following rules apply to how the secondary DHCP giaddr is used: • If the interface does not have policy enabled, then the primary address for that interface is used for all CPE devices. The command to apply policy is: configure interface cable <WORD> cable dhcp-giaddr policy • If a DHCP giaddr is not provisioned for the specific kind of device and policy is enabled, then the first secondary address for that interface is used as the DHCP giaddr. • If a single secondary DHCP giaddr is provisioned for a given class of CPE device and policy is enabled, then that address will be used as the DHCP giaddr. • If multiple secondary DHCP giaddrs are provisioned for a given class of CPE device and policy is enabled, then the DHCP giaddrs are selected in a round-robin fashion • The round-robin selection for a specific class of CPE device does not take into account the secondary DHCP giaddr provisioning for other classes of CPE device. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-9 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes Filter Groups Based on Device Class Upstream and downstream filter groups may be assigned to a CPE based on its device class. Filter Group Assignment Once the E6000 CER has classified a CPE it can assign specific filter groups to that device class on a per-subinterface basis or on a system-wide basis. However, if an IPv4 modem has TLV 37 populated in its configuration file, then this information takes precedence and determines the filter group information. CPE Device Classes address the areas potentially impacted by multiple services behind a cable modem. One such need is to use subscriber management cable packet filters for service-specific filtering of packets. DOCSIS Subscriber Management MIB The DOCSIS Subscriber Management MIB defines a mechanism for an E6000 CER to apply filters to a specific modem or CPE device as a result of successful DOCSIS registration. In this way, different filters can be applied to different modems or CPEs on the same Cable interface and even within the same IP subnet. One example of this is an eMTA with an Ethernet interface for data services. In this situation, an operator would want to apply one set of filters to protect the eMTA and another set of filters for the data service. NOTE: Ways CPE Devices are Assigned Issue 1.0, 4 Feb 2013 Filters are applied to a CPE device after it acquires its IPv4 address. There are three ways in which a filter group can be assigned to a CPE device. • The TLV-37 in the CM config file may be used to indicate which filter groups to use for each specific device class type. When used TLV-37 overrides all other provisioning. • Each cable subinterface may have the filter group assigned based on CPE device class type. • A system-wide default cable filter group may also be provisioned for each device type. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-10 PRELIMINARY E6000 CER Release 1.0 Rules for Applying Filter Groups CPE Device Classes Some rules for applying filter groups based on device class are as follows: • You may only provision one device type per command. • There is no “any” but there is a “host”. If all cpe types are provisioned they will collapse to “host” in the E6000 CER configuration. • Filter groups do not apply dynamically, you must first reset devices for them to take effect. • If there is TLV-37 filter configured, it takes precedence. If there is no TLV-37 filter, then the per-interface filters are applied. If there are no TLV-37 or per-interface filters configured, then the global filters (i.e., the ones defined by the cable submgmt command) are applied. See Chapter 16, IP Packet Filters, Subscriber Management, for more information on filtering. CPE Device Filtering Related Commands The commands in Table 19-4 provide the means for upstream and downstream filter groups to be assigned to a CPEs based on device class. For more information on these CLI commands see Chapter 44, Command Line Descriptions. Table 19-4: CPE Related Filtering Commands Description Command This command assigns a filter group based on CPE device class configure interface cable-mac <mac> cable submgmt default filter-group <{cm | host | cpe | mta | ps | stb }> <{upstream | downstream}> <group ID> [no] to a particular cable-mac. See Enabling and Disabling Filtering for examples of how this command can be used. Use the [no] option to delete a specific filter group, To allow the E6000 CER to set default values for the DOCSIS Subscriber Management MIB. Use the [no] option to disable CPE management by the E6000 CER. Issue 1.0, 4 Feb 2013 configure [no] cable submgmt default active © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-11 PRELIMINARY E6000 CER Release 1.0 Description CPE Device Classes Command (Continued) This command enables learning of CPE IP addresses by the E6000 CER. Use the [no] option to disable learning of CPE addresses by the E6000 CER. configure [no] cable submgmt default learnable This command configures the default number of the maximum number of CPEs allowed for a modem. The range is from 0-32, where 0 specifies that all CPE traffic is dropped. The default is configure cable submgmt default max-cpe <num> set to 16. Use the [no] option to set the default value to 0: it causes CPE traffic to be dropped. Used to display general information on functionality and display options for all cable modems registered or attempting to register. The CMs can be: show cable modem • Displayed in different sort orders. • Filtered based on different criteria. • Displayed in different formats. See Show Cable Modem Command for some examples of how this command can be used. Used to display the IP address information for the client modules of the cable-mac interface specified. Enabling and Disabling Filtering show ip interface cable-mac See Show IP Interface Cable-Mac Command for some examples of how this command can be used. The following examples provide the method for enabling and disabling filtering: 1 To configure filter groups for all downstream device classes, commands similar to the following examples can be executed: configure configure configure configure configure 2 cable cable cable cable cable submgmt submgmt submgmt submgmt submgmt default default default default default filter-group filter-group filter-group filter-group filter-group cpe downstream 1 mta downstream 2 cm downstream 3 stb downstream 9 ps downstream 5 To configure filter groups for all upstream device classes, commands similar to the following examples can be executed: configure cable submgmt default filter-group cpe uptream 6 configure cable submgmt default filter-group mta upstream 7 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-12 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes configure cable submgmt default filter-group cm upstream 4 configure cable submgmt default filter-group stb upstream 8 configure cable submgmt default filter-group ps upstream 10 3 It is also possible to configure one filter group for all device classes, as shown in the following downstream configuration example: configure cable submgmt default filter-group host downstream 25 4 To subsequently turn off filtering for a device class, the no option is used, as shown in the following examples: configure cable submgmt default filter-group stb downstream 9 no configure cable submgmt default filter-group mta upstream 7 no Show Cable Modem Command Without specifying any specific criteria, the show cable modem command would produce an output similar to what is shown in the following example: show cable modem An output similar to the following example is returned: Dec 4 10:43:43 Interface (DS-US) S/C/P-S/CG/P ----------------12/0/2-3/0/3 12/0/0-3/0/1 12/0/3-3/0/2 12/0/0-3/0/1 12/0/1-3/0/0 12/0/0-3/0/1 • DOC Mac Bonded State SIS Qos CPE MAC address IP Address ----- ------ ----------- --- ------------- --- --------------- --------------------------------------1 Operational 2.0 0/0 0 0015.a298.065a 10.142.31.213 1 4x4 Operational 3.0 0/0 0 0015.d0be.a091 10.142.31.164 1 4x4 Operational 3.0 0/0 0 0015.d0be.a196 10.142.31.237 1 4x4 Operational 3.0 0/0 0 0015.d0be.a1f3 10.142.31.240 1 4x4 Operational 3.0 0/0 0 001d.cd4e.d35c 10.142.31.159 1 4x4 Operational 3.0 0/0 0 001d.cd85.d669 10.142.31.208 • 12/7/2-3/7/0 12/7/9-3/7/9 12/7/0-3/7/0 12/7/4-3/7/4 8 8 8 8 4x4 8x4 4x4 4x4 Operational Operational Operational Operational 3.0 3.0 3.0 3.0 0/0 0/0 0/0 0/0 3 3 3 3 001d.cf1e.496c 001d.cf1e.4988 001d.cf1e.4994 001d.cf1e.499e 10.142.31.242 10.142.31.243 10.142.31.202 10.142.31.209 Total Oper Disable Init Offline --------------------------------------------------------Total 96 96 0 0 0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-13 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes By specifying detail the show cable modem command would produce an output similar to what is shown in the following example: show cable modem detail An output similar to the following would be returned: Dec 4 10:47:53 12/7/0-3/7/0 CM 001d.cf1e.4994 (Arris) D3.0 State=Operational D1.1/atdma PrimSID=8196 Cable-Mac= 8, mCMsg = 1 mDSsg = 1 mUSsg = 1, RCS=0x00000001 TCS=0x00000023 Timing Offset=1446 Rec Power= 0.50 dBmV Proto-Throttle=Normal Uptime= 0 days 0:01:19 IPv4=192.19.82.32 cfg=dvcls_SMPRT_43_BPIoff.cm LB Policy=1 LB Group=150996992 Filter-Group CM-Down:3 CM-Up:4 Privacy=Disabled MDF Capability= N/A MDF Mode= N/A u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports u 157 40 Activ BE 0 2000000 69 18396 0 0 2/2/10 d 158 79 Activ 0 500000 29 6923 0 0 12/0/0 L2VPN per CM: (Disabled) Current CPE=5, IPv4 Addr=5, IPv6 Addr=0 Max CPE=32, IPv4 Addr=16, IPv6 Addr=16 CPE(MTA) 2200.ca38.b91b Filter-Group:Up=7 Down=2 Proto-Throttle=Normal IPv4=192.19.83.39 CPE(STB) 2201.ca38.b91b Filter-Group:Up=8 Down=9 Proto-Throttle=Normal IPv4=192.19.83.115 CPE(PS) 2202.ca38.b91b Filter-Group:Up=10 Down=5 Proto-Throttle=Normal IPv4=192.19.83.6 CPE 2203.ca38.b91b Filter-Group:Up=6 Down=1 Proto-Throttle=Normal IPv4=192.19.83.41 CPE 2204.ca38.b91b Filter-Group:Up=6 Down=1 Proto-Throttle=Normal IPv4=192.19.83.20 By specifying cpe-type?, the show cable modem command will display the various CPE types as shown in the following example: show cable modem cpe-type ? cpe mta stb ps - Filter Filter Filter Filter by by by by CPE cpe type MTA cpe type STB cpe type PS cpe type When a CPE type such as cpe is specified, the show cable modem command will display only the CMs that match the given criteria, in other words, those modems with the given CPE type registered behind that modem. By entering the following command: show cable modem cpe-type cpe Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-14 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes An output similar to the following example is returned: Dec 4 11:15:12 Interface (DS-US) DOC S/C/P-S/CG/P Mac Bonded State SIS Qos CPE MAC address IP Address ----------------- ----- ------ ----------- --- ------------- --- --------------- --------------------------------------12/0/7-3/0/4 1 4x4 Operational 3.0 3000/3430 3 001d.cf1e.478a 10.142.31.165 12/0/13-3/0/8 1 8x4 Operational 3.0 3000/3430 3 001d.cf1e.479c 10.142.31.162 12/0/10-3/0/8 1 8x4 Operational 3.0 3000/3430 3 001d.cf1e.482c 10.142.31.182 12/0/4-3/0/6 1 4x4 Operational 3.0 3000/3430 3 001d.cf1e.491c 10.142.31.160 12/0/1-3/0/1 1 4x4 Operational 3.0 3000/3430 3 001d.cf1e.498a 10.142.31.170 12/0/2-3/0/3 1 4x4 Operational 3.0 3000/3430 3 001d.cf1e.49a8 10.142.31.223 12/1/14-3/1/11 2 8x4 Operational 3.0 1164/6664 2 0015.d191.5f04 10.142.31.187 12/7/9-3/7/9 8 8x4 Operational 3.0 3000/3430 3 001d.cf1e.4988 10.142.31.243 12/7/0-3/7/0 8 4x4 Operational 3.0 3000/3430 3 001d.cf1e.4994 10.142.31.202 12/7/4-3/7/4 8 4x4 Operational 3.0 3000/3430 3 001d.cf1e.499e 10.142.31.209 • • Total Oper Disable Init Offline --------------------------------------------------------Found 50 50 0 0 0 When a CPE type such as mta is specified, the show cable modem command will display only the CMs that match the given criteria, in other words, those modems with the given CPE type registered behind that modem. By entering the following command: show cable modem cpe-type mta Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-15 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes An output similar to the following is returned: Dec 4 11:18:38 Interface (DS-US) DOC S/C/P-S/CG/P Mac Bonded State SIS Qos CPE MAC address IP Address ----------------- ----- ------ ----------- --- ------------- --- --------------- --------------------------------------12/1/15-3/1/10 2 Operational 2.0 320/3064 1 0015.96e6.91bc 10.142.31.194 12/1/12-3/1/8 2 Operational 2.0 320/3064 1 0015.96e6.91d4 10.142.31.211 12/1/15-3/1/11 2 Operational 2.0 320/3064 1 0015.96e6.92d8 10.142.31.236 12/1/15-3/1/11 2 Operational 2.0 320/3064 1 0015.96e6.9368 10.142.31.235 12/1/8-3/1/9 2 Operational 2.0 320/3064 1 0015.96e6.9538 10.142.31.21 • • 12/1/9-3/1/8 2 4x4 Operational 3.0 1164/6664 1 001d.cd4e.e1f0 10.142.31.206 12/1/9-3/1/8 2 4x4 Operational 3.0 1164/6664 1 001d.cd4e.e254 10.142.31.195 12/1/9-3/1/8 2 4x4 Operational 3.0 1164/6664 1 001d.cd4e.e29c 10.142.31.191 12/1/9-3/1/8 2 4x4 Operational 3.0 1164/6664 1 001d.cd4e.e2e4 10.142.31.219 Total Oper Disable Init Offline --------------------------------------------------------Found 36 36 0 0 0 The show cable modem command will only display those modems that actually have CPE devices of that kind registered behind them. For example, if you specify stb in the show command and there are no modems that have STB CPE devices registered behind them, then the system response does not return any modems. For multiple CPEs per CM, there are multiple rows in the show cable modem column command for one CM. The rows other than that first CM are indicated with a plus sign (+) in the leftmost column. By entering the following command: show cable modem column cm-mac cm-cpe-ip cpe-count cpe-mac An output similar to the following example is returned: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-16 PRELIMINARY E6000 CER Release 1.0 Dec CPE Device Classes 4 13:51:20 CM MAC address --------------0015.a298.065a 0015.d0be.a091 0015.d0be.a196 0015.d0be.a1f3 001d.cd4e.d35c 001d.cd85.d669 001d.cf1e.478a 001d.cf1e.479c 001d.cf1e.47ee +001d.cf1e.47ee 001d.cf1e.482c 001d.cf1e.491c 001d.cf1e.498a 001d.cf1e.49a8 0015.96e6.91bc +0015.96e6.91bc 0015.96e6.91d4 +0015.96e6.91d4 0015.96e6.92d8 +0015.96e6.92d8 • CM/CPE IP Address CPE CPE MAC --------------------------------------- --- -------------10.142.31.213 0 10.142.31.164 0 10.142.31.237 0 10.142.31.240 0 10.142.31.159 0 10.142.31.208 0 10.142.31.165 0 10.142.31.162 0 10.142.31.161 1 10.253.42.3 1 0004.23b7.3430 10.142.31.182 0 10.142.31.160 0 10.142.31.170 0 10.142.31.223 0 10.142.31.194 1 10.142.0.14 1 0015.96e6.91bd 10.142.31.211 1 10.142.0.24 1 0015.96e6.91d5 10.142.31.236 1 10.142.0.15 1 0015.96e6.92d9 • 001d.cf1e.49b0 001d.cf1e.494e 001d.cf1e.495c 001d.cf1e.496c 001d.cf1e.4988 001d.cf1e.4994 001d.cf1e.499e 10.142.31.203 10.142.31.230 10.142.31.225 10.142.31.242 10.142.31.243 10.142.31.202 10.142.31.209 0 0 0 0 0 0 0 - Total Oper Disable Init Offline --------------------------------------------------------Total 96 96 0 0 0 The show cable modem summary commands display counts that are based on what devices the modems indicate they can support. These totals do not necessarily indicate how many CPE devices are actually in use for each type. NOTE: This behavior is in accordance with Option 43.3. By entering the following command: show cable modem summary Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-17 PRELIMINARY E6000 CER Release 1.0 CPE Device Classes An output similar to the following example is returned: Slot Total Oper Disable Init Offline Oper ----------------------------------------------------- ----U3 9 9 0 0 0 100% D12 9 9 0 0 0 100% ----------------------------------------------------- ----Total 9 9 0 0 0 100% Show IP Interface Cable-Mac Command Issue 1.0, 4 Feb 2013 Inputting the show ip interface cable-mac command without specifying any parameters as shown: show ip interface cable-mac Would return an output as shown in the following example: cable-mac 1.0, VRF: default, IP Address: 10.142.0.1/19 Secondary IP Address(es): *10.242.224.1/19 10.253.42.1/25 Physical Address: 0001.5c61.1e46 MTU is 1500 DHCP Policy mode is disabled (primary mode) DHCP Server Helper Address(es): 10.44.249.46 for Traffic Type "mta" 10.50.42.3 for Traffic Type "cm" 10.50.42.3 for Traffic Type "cpe" Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 15268 OutOctets = InUcastPkts = 35 OutUcastPkts= InDiscards = 0 OutDiscards = InErrors = 0 OutErrors = InMcastPkts = 1 OutMcastPkts= 5570 35 0 0 2 cable-mac 1.1, VRF: vrf_a, IP Address: 10.142.32.1/19 Secondary IP Address(es): No Secondary Addresses Physical Address: 0001.5c61.1e46 MTU is 1500 DHCP Policy mode is disabled (primary mode) DHCP Server Helper Address(es): No Helper Addresses Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 0 OutOctets = 256 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-18 PRELIMINARY E6000 CER Release 1.0 InUcastPkts InDiscards InErrors InMcastPkts = = = = 0 0 0 0 CPE Device Classes OutUcastPkts= OutDiscards = OutErrors = OutMcastPkts= 0 0 0 2 Specifying brief in the command, as shown: show ip interface brief cable-mac Would return an output as shown in the following example: Interface Primary IP cable-mac 1.0 cable-mac 1.1 10.142.0.1/19 10.142.32.1/19 Admin State Up Up Oper State IS IS By specifying a specific MAC address value in the command, as shown: show ip interface cable-mac 1 An output similar to the following example would be returned: cable-mac 1.0, VRF: default, IP Address: 10.142.0.1/19 Secondary IP Address(es): *10.242.224.1/19 10.253.42.1/25 Physical Address: 0001.5c61.1e46 MTU is 1500 DHCP Policy mode is disabled (primary mode) DHCP Server Helper Address(es): 10.44.249.46 for Traffic Type "mta" 10.50.42.3 for Traffic Type "cm" 10.50.42.3 for Traffic Type "cpe" Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 15268 OutOctets = InUcastPkts = 35 OutUcastPkts= InDiscards = 0 OutDiscards = InErrors = 0 OutErrors = InMcastPkts = 1 OutMcastPkts= 5570 35 0 0 2 cable-mac 1.1, VRF: vrf_a, IP Address: 10.142.32.1/19 Secondary IP Address(es): No Secondary Addresses Physical Address: 0001.5c61.1e46 MTU is 1500 DHCP Policy mode is disabled (primary mode) DHCP Server Helper Address(es): No Helper Addresses Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-19 PRELIMINARY E6000 CER Release 1.0 Directed Broadcast is disabled ICMP unreachables are always sent Multicast reserved groups joined: None Source-verify is disabled InOctets = 0 OutOctets = InUcastPkts = 0 OutUcastPkts= InDiscards = 0 OutDiscards = InErrors = 0 OutErrors = InMcastPkts = 0 OutMcastPkts= CPE Device Classes 256 0 0 0 2 Using piping with the “brief” keyword will provide additional command options, as shown by the help (?) function: show ip interface cable-mac | brief ? The following output is returned: count page begin exclude include until Issue 1.0, 4 Feb 2013 Only count lines that match, no display Only lines that match with pagination Begin with the line that matches Exclude lines that match Include lines that match Display until line that matches © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 19-20 PRELIMINARY E6000 CER Release 1.0 20 Issue 1.0, 4 Feb 2013 Channel Bonding Channel Bonding Channel Assignment 2 Downstream Channel Bonding (DSCB) 6 Upstream Channel Bonding (USCB) 18 Partial Service Handling on the E6000 CER 22 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-1 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Channel Assignment DOCSIS 3.0 includes the concept of multi-channel operation for both a single cable modem (CM) and for a single service flow of that cable modem. This concept opens a set of possibilities for the assignment of channels from the CM’s MAC Domain Cable Modem Service Group (MD-CM-SG) to the CM in the form of a Receive Channel Configuration (RCC) assignment. It also enables the assignment of flows to either single channels or bonding groups (BGs) within the CM’s Receive Channel Set (RCS) as the RCC is successfully applied to the CM. CM Channel Selection Pre-3.0 DOCSIS cable modems and CMs that have been configured to operate in a pre-3.0 DOCSIS mode use only one upstream channel and one downstream channel. Bonded DOCSIS 3.0 CMs A DOCSIS 3.0 CM assists in the channel allocation effort by determining its own MAC domain downstream service group (MD-DSSG). It does this by comparing the MD-DS-SG information that is passed in MAC Domain Descriptor (MDD) messages against the list of downstream channels that it can find. The MD-DS-SG identifier is transmitted from the CM to the chassis during the initial upstream ranging process. As part of the ranging process, the CER also attempts to locate the MD-CM-SG of the CM. It does this by using the MD-DS-SG that was reported in the initial ranging message and the upstream channel that the CM ranged upon. If these two pieces of information do not uniquely identify the CM’s MD-CM-SG, then the chassis uses signaling in the ranging response message to move the CM to another upstream channel which might help resolve its location. In extremely complicated topologies, multiple upstream channel moves may be necessary. Once the topology resolution process is complete, the CM downloads its configuration file and begins the registration process. The CM includes an indicator of the downstream receiver parameters in what is known as a Receiver Channel Profile identifier (RCP-ID) in the registration request. Standard RCPs, which are defined by CableLabs, are supported natively. Another supported RCP is the vendor-specific one supported by Broadcom 3381-based CMs. RCP-IDs which are not natively supported in the E6000 CER may be supported via explicit RCC provisioning (see Configuration Examples for Static RCC) or by enabling verbose RCPs (see Verbose RCP Reporting). The E6000 CER attempts to match candidate RCCs for that RCP-ID to the Channels that are found in the MD-DS-SG. These RCCs may either be individually provisioned by the operator or they may be automatically determined by the chassis, if it is provisioned to do so. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-2 PRELIMINARY E6000 CER Release 1.0 Channel Bonding During cable modem registration, the ARRIS E6000 CER channel assignment algorithm will attempt to fully utilize the transmission and reception capabilities of each cable modem. The E6000 CER will assign channels to the CM based upon the flow information that is available at registration time — specifically the flow information that is available in the cable modem's configuration file. Applications may utilize a dynamic service flow request model. Since the service flow requirements for these services are not known at the time that the CM registers, the CM channel assignment algorithm does not have the information necessary to properly plan for these services. With this in mind, ARRIS recommends that when supporting an application that uses dynamic service such as IPTV to create flows, the operator should not enable dynamic RCCs but instead should create static RCCs that include the channels that are targeted to be used for the dynamic service. Similarly, in order for a dynamic service to utilize a bonding group, it is recommended that the user configure the bonding group while also remembering to set the bonding group's attribute mask appropriately. The E6000 CER flow assignment algorithm will then use the required and forbidden attribute masks of the request to determine to which channels to assign the flow. NOTE: Provisioned RCC Candidates: The E6000 CER supports up to 24 downstream bonded channels and up to 4 upstream bonded channels. When searching for candidate RCCs, the chassis looks for provisioned RCCs which meet these criteria: • Proper MAC domain • Match RCP-ID • All channels must be contained within the MD-DS-SG Dynamic RCC Candidates: If so provisioned, the E6000 CER might also create dynamic RCC candidates for known RCPs. To do so, the E6000 CER searches for combinations of channels within the MD-CM-SG which satisfy the constraints of the RCP. At least one downstream channel of each RCC candidate must be primary capable. Ranking RCC Candidates Once all of the candidate RCCs have been identified, the chassis ranks the RCC candidates in the following priority order: Issue 1.0, 4 Feb 2013 1 Number of channels, ranked from largest to smallest 2 RCCs containing the CM’s current primary DS channel are given precedence over those without the current primary DS channel 3 Configured RCCs are chosen ahead of dynamic RCCs 4 Meeting the above criteria the downstream channels chosen for the RCC will be those with the lightest utilization. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-3 PRELIMINARY E6000 CER Release 1.0 Selecting the Final RCC Channel Bonding The chassis makes its final choice for an RCC for the CM by considering the downstream service flows that are specified in the CM’s configuration file. Any downstream service flow that is contained in the CM’s configuration file that does not have the bonding bit set in the forbidden attribute mask is considered a bonded flow candidate by the chassis. The E6000 CER selects an RCC that provides the largest bonding group channel set that satisfies the attribute masks of the bonded service flows in the CM’s configuration file. If no RCC is found to satisfy the service flow attribute masks then the highest ranked RCC is used. Channel Assignment Restrictions for DOCSIS 3.0 Modems The following channel assignment restrictions apply: • Channel assignment TLVs (type 56) are ignored • Service Type TLVs (type 43.11) are ignored • CM attribute TLVs (type 43.9) are ignored. If the E6000 CER finds no suitable RCC, then the CM is assigned a single US/DS. NOTE: Special care must be taken in the assignment of upstream supervision to downstream channels. The E6000 CER will not move a CM to a new upstream channel if supervision for the CM’s upstream channel is not carried by any of the channels of an RCC. Service Flow Channel Selection Once the E6000 CER has determined the RCC for the CM, it must assign each service flow to either an individual channel or a bonding group within the RCC. This process attempts to use the required and forbidden attribute masks of each flow to select the proper resource (either bonding group or individual channel) for the flow. Attribute Masks Issue 1.0, 4 Feb 2013 For each flow, the first question to be answered is whether the flow is to be created on a bonded channel set or on a single individual channel. The E6000 CER assumes that all downstream flows are candidates for bonding. The exceptions to this rule are voice bearing flows and any flows that have the bonding bit set in the flow’s forbidden attribute mask. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-4 PRELIMINARY E6000 CER Release 1.0 Channel Bonding For each flow which is a candidate for bonding, the E6000 CER will attempt to identify a bonding group which meets the specified required and forbidden attributes for the flow. The bonding group candidates may be either just the provisioned bonding groups or a combination of the provisioned and dynamically created bonding groups (if enabled). If no suitable bonding group could be found, then the E6000 CER will attempt to find a single channel which satisfies the requested required and forbidden attributes. If no suitable single channel is found, then the E6000 CER will assign the flow to a single channel of its choosing. If the flow is not a bonding candidate, then the E6000 CER attempts to find a single channel which satisfies the requested required and forbidden attributes. If no suitable single channel is found, then the E6000 CER will assign the flow to a single channel of its choosing. Here are two ways to set the forbidden bit in the attribute mask: Issue 1.0, 4 Feb 2013 1 Define a service class with a key Service Class Name (SCN) on the E6000 CER with the bits set in the forbidden mask, then define flows that use that SCN. This can be done using the CM config file, or by using PacketCable Multimedia (PCMM) traffic profile type 2 for a dynamic flow. 2 Use PCMM with a version I04 or higher policy server, using traffic profile types 3 (best-effort), 4 (NRTP), 5 (RTP), 6 (UGS), 7 (UGS_AD) or 8 (Downstream). This works for dynamic flows only. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-5 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Downstream Channel Bonding (DSCB) The method that DOCSIS 3.0 uses to provide very high downstream throughput rates to a single CM is known as channel bonding. Channel bonding treats multiple DOCSIS channels as one transmission medium and does not affect the physical characteristics of any of the channels. In the downstream direction, the E6000 CER distributes the packets that are destined to the same CM or group of CMs over the multiple channels of a downstream bonding group. DOCSIS 3.0 downstream service flows may be bonded or unbonded depending upon the type of service and the attributes that are attached to the request. Packets scheduled on bonded downstream flows are sequenced by the CER, transmitted, and then re-sequenced by the CM so that they may be forwarded to the destination on the other side of the CM in the order in which they were received by the CER. With downstream channel bonding, streams of packets are distributed across the multiple downstream channels of a Downstream Bonding Group (DBG). Downstream channel bonding has several advantages: • It allows a bonded DOCSIS 3.0 CM to receive data at a greater bit rate than it would if using a single downstream channel • It can reduce the delay of individual downstream packets. • It can reduce the admission failures of high bandwidth flows by allowing the flow to share bandwidth across multiple downstream channels, thus avoiding dependence on a single channel. • Downstream channel bonding increases reliability of any given data flow. • Downstream channel bonding assists in the balancing of channel utilization across the downstream channels in the bonding group by intelligently spreading the packets down channels using an algorithm that executes per-packet data/channel-utilization-based balancing. This is in addition to and separate from the load balancing features on the E6000 CER, described in Chapter 29, Load Balancing. The set of downstream channels used by the E6000 CER to distribute the packets of a single high-speed service flow is called the Downstream Bonding Group. Before DSCB can function, other things should be configured. These include correct hardware, bonding groups, MAC domains, IP addresses, fiber nodes, and channel supervision. Supervision is explained in Upstream to Downstream Channel Association (Supervision) on page 13-13. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-6 PRELIMINARY E6000 CER Release 1.0 Channel Bonding MAC Domain 1 DCAM Slot 12 4 Downstreams 12/0/0 12/0/1 12/0/2 12/0/3 FN1 UCAM Slot 1 4 Upstreams 1/0/0 1/0/1 (TDMA) (TDMA) 1/0/2 1/0/3 (TDMA) (TDMA) FN2 Figure 20-1: Sample MAC Domain The configuration example that follows is based on MAC domain 1 using one UCAM and one DCAM. This example presumes that Annex B is desired. Configuration Example for Channel Bonding Using Sample MAC Domain 1 This example assumes that this E6000 CER will use Annex B. 1 Provision slots for one UCAM and one DCAM: configure slot 1 type ucam name "UCAM" configure slot 12 type dcam-b name "DCAM-B" 2 Create and configure MAC domain 1: configure interface cable-mac 1 description "cmac-1" configure interface cable-mac 1 cable cm-ip-prov-mode ipv4only Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-7 PRELIMINARY E6000 CER Release 1.0 Channel Bonding configure interface cable-mac 1 cable dynamic-rcc configure interface cable-mac 1 cable downstream-bonding-group dynamic enable configure interface cable-mac 1.0 ip address 192.168.180.1 255.255.255.0 configure interface cable-mac 1.0 ip address 192.168.181.1 255.255.255.0 secondary configure interface cable-mac 1.0 cable helper-address 10.43.210.1 configure interface cable-mac 1 no shutdown configure interface cable-mac 1 cable bundle master 3 This sample configuration uses four downstreams. Add the four downstreams to MAC domain 1: configure interface cable-downstream 12/0/0 type docsis cable-mac 1 configure interface cable-downstream 12/0/1 type docsis cable-mac 1 configure interface cable-downstream 12/0/2 type docsis cable-mac 1 configure interface cable-downstream 12/0/3 type docsis cable-mac 1 4 This sample configuration uses four upstreams. Add them to MAC domain 1: configure interface cable-upstream 1/0/0 cable cable-mac 1 configure interface cable-upstream 1/0/1 cable cable-mac 1 configure interface cable-upstream 1/0/2 cable cable-mac 1 configure interface cable-upstream 1/0/3 cable cable-mac 1 5 Set the downstream center frequencies using a 6 MHz channel width (Annex B): configure interface cable-downstream 12/0/0 cable frequency 615000000 configure interface cable-downstream 12/0/1 cable frequency 621000000 configure interface cable-downstream 12/0/2 cable frequency 627000000 configure interface cable-downstream 12/0/3 cable frequency 633000000 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-8 PRELIMINARY E6000 CER Release 1.0 6 Channel Bonding Activate (no shut) the four downstreams: configure interface cable-downstream 12/0/0 no shutdown configure interface cable-downstream 12/0/1 no shutdown configure interface cable-downstream 12/0/2 no shutdown configure interface cable-downstream 12/0/3 no shutdown 7 Assign the four upstreams to physical connectors: configure interface cable-upstream 1/0/0 cable connector 0 configure interface cable-upstream 1/0/1 cable connector 0 configure interface cable-upstream 1/0/2 cable connector 1 configure interface cable-upstream 1/0/3 cable connector 1 8 Set the upstream center frequencies: configure interface cable-upstream 1/0/0 cable frequency 20000000 configure interface cable-upstream 1/0/1 cable frequency 25000000 configure interface cable-upstream 1/0/2 cable frequency 20000000 configure interface cable-upstream 1/0/3 cable frequency 25000000 9 Assign downstream supervision to each of the four upstream channels: configure interface cable-upstream 1/0/0 cable supervision 12/0/0 configure interface cable-upstream 1/0/0 cable supervision 12/0/1 configure interface cable-upstream 1/0/0 cable supervision 12/0/2 configure interface cable-upstream 1/0/0 cable supervision 12/0/3 configure interface cable-upstream 1/0/1 cable supervision 12/0/0 configure interface cable-upstream 1/0/1 cable supervision 12/0/1 configure interface cable-upstream 1/0/1 cable supervision 12/0/2 configure interface cable-upstream 1/0/1 cable supervision 12/0/3 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-9 PRELIMINARY E6000 CER Release 1.0 Channel Bonding configure interface cable-upstream 1/0/2 cable supervision 12/0/0 configure interface cable-upstream 1/0/2 cable supervision 12/0/1 configure interface cable-upstream 1/0/2 cable supervision 12/0/2 configure interface cable-upstream 1/0/2 cable supervision 12/0/3 configure interface cable-upstream 1/0/3 cable supervision 12/0/0 configure interface cable-upstream 1/0/3 cable supervision 12/0/1 configure interface cable-upstream 1/0/3 cable supervision 12/0/2 configure interface cable-upstream 1/0/3 cable supervision 12/0/3 NOTE: The commands in steps 10 and 11 use the default configurations. It is not necessary to enter these commands if you are content to use the default values (modulation profile number 1 and US channel width of 3.2 MHz). 10 Assign the default modulation profile (number 1) to the upstream channels: configure interface cable-upstream 1/0/0 cable modulation-profile 1 configure interface cable-upstream 1/0/1 cable modulation-profile 1 configure interface cable-upstream 1/0/2 cable modulation-profile 1 configure interface cable-upstream 1/0/3 cable modulation-profile 1 11 Define the channel width of the upstream channels (Note: 3.2 MHz is the default): configure interface cable-upstream 1/0/0 cable channel-width 3200000 configure interface cable-upstream 1/0/1 cable channel-width 3200000 configure interface cable-upstream 1/0/2 cable channel-width 3200000 configure interface cable-upstream 1/0/3 cable channel-width 3200000 12 Activate (no shut) the four upstream channels: configure interface cable-upstream 1/0/0.0 no shutdown configure interface cable-upstream 1/0/1.0 no shutdown configure interface cable-upstream 1/0/2.0 no shutdown Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-10 PRELIMINARY E6000 CER Release 1.0 Channel Bonding configure interface cable-upstream 1/0/3.0 no shutdown 13 Create and name Fiber Node 1; then assign channels to it: configure cable fiber-node 1 configure cable fiber-node 1 description "East Side" configure cable fiber-node 1 cable-downstream 12/0/0 12/0/1 12/0/2 12/0/3 configure cable fiber-node 1 cable-upstream 1/0/0 1/0/1 14 Create and name Fiber Node 2; then assign channels to it: configure cable fiber-node 2 configure cable fiber-node 2 description "West Side" configure cable fiber-node 2 cable-downstream 12/0/0 12/0/1 12/0/2 12/0/3 configure cable fiber-node 2 cable-upstream 1/0/2 1/0/3 15 Activate (no shut) CAM slots 1 and 12: configure slot 1 no shutdown configure slot 12 no shutdown — End of Procedure — RCP/RCC Receive Channel Profiles (RCPs) are used by CMs (or other multi-channel subscriber devices) to describe valid receiver configurations in terms of Receive Channels (RCs), Receive Modules (RMs), and their interconnections. Receive Channel Profile messaging is communicated from the CM to the CER. Cable modems use this messaging to report their ability to receive multiple channels bonded together. CMs may message their RCPs as either standard RCPs via the RCP-ID (also known as non-verbose RCPs) or through a verbose reporting of Receive Channel Profile(s) for both standard and vendor-specific profiles. The MAC domain descriptor (MDD) directs the CMs how to message their RCPs. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-11 PRELIMINARY E6000 CER Release 1.0 Verbose RCP Reporting Channel Bonding Use the following two commands to enable verbose RCP reporting and dynamic RCC selection: configure interface cable-mac <WORD> cable verbose-cm-rcp configure interface cable-mac <WORD> cable dynamic-rcc When configured to enable verbose RCP reporting, the E6000 CER tells the CM to provide verbose reporting of Receive Channel Profile(s) for both standard and vendor-specific profiles. The E6000 CER processes these RCPs and selects one that will be used to configure the cable modem. A Receive Channel Configuration (RCC) is communicated from the E6000 CER to the CM to inform the CM how it is to configure its Receive Channels (RCs) and Receive Modules (RMs) to communicate with the CER. This CER-resident RCP selection process is a complex, multi-stage algorithm. To aid the E6000 CER software in supporting an increasing number of arbitrarily complex RCPs, the DOCSIS specification defines the notion of standard RCPs. Each standard RCP is represented by a unique RCP-ID and is a well-known model of a multiple-channel subscriber device. The RCC selection process in the E6000 CER will process these verbose RCPs to exclude non-conforming RCPs. It then considers configured RCCs and dynamic RCCs (in that order) to build a set of candidate RCCs, ultimately settling upon a single suitable RCC. Conforming verbose RCPs satisfy the following criteria: • Nx1 receive channel configuration where all receive channels connect to a single receive module, where N = 1–16 • NxN receive (Rx) channel configuration with receive channel connectivity, where N = 1–16 - Issue 1.0, 4 Feb 2013 • Rx channel 1 -> Rx Module 1 Rx channel 2 -> Rx Module 2 Rx channel 3 -> Rx Module 3 • • • - Rx channel N -> Rx Module N They do not require common PHY parameter checks • They do not specify multiple frequency blocks per module • They do not specify any module-to-module connectivity requirements • They do not support module resequencing subset limitations • They do not specify the receive channel connected offset parameter (RCC Encodings Type 48.5.3). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-12 PRELIMINARY E6000 CER Release 1.0 Channel Bonding If the algorithm fails to find a suitable RCC or if the CM has a single channel RCS, the CM registers as non-bonded. Each RCC is checked starting with the largest number of receive channels. Channels will then be checked to determine which channels are compatible with the CM’s service flows. If the operator is using attribute masks, then the MD-DS-SG channels must be evaluated to determine if they can be used to support the CM's provisioned service flows. Many algorithms are available to sort the channels, but the required end result is that at least one channel must exist in the CM's MD-DS-SG that satisfies the requirements of each service flow. Also, any channel that cannot be used for any of the CM's service flows must be removed from consideration. If no channels are found that satisfy the attribute mask requirements, then the E6000 CER must select a channel to provide service anyway, record an event, and update the MIB. For example, an EMTA might have a voice service flow that is specified to be high availability and low latency as well as a best effort service flow without any restrictions. At least one DS channel within the CM's MD-DS-SG must satisfy the high availability and low latency requirements of the voice service flow, or an error will be logged. The remainder of the CM's MD-DS-SG channels can still be considered for inclusion in the RCC to support the best effort data flow since that flow did not impose any conditions. If the best effort flow had been specified to utilize only high availability links, then any channels whose high availability bit is not set to 1 must be removed from consideration for the RCC. If no channels are found that meet the restrictions of the attribute masks, DOCSIS allows the E6000 CER to select one or more channels to provide service arbitrarily, in which case an error is logged. This algorithm suggests choosing a single channel to provide service. An alternative algorithm would be to disregard the attribute masks entirely and allow the largest possible channel set. Once the desired channel list is determined, the system must either use an existing RCC, or create a new one. If only static RCCs are enabled, the system must choose the RCC that best fits the desired channel set. NOTE: If the user has not created an RCC corresponding to this modem's RCP and MAC domain, then this modem can still register but not as a bonded modem. If the system can create dynamic RCCs, then a best fit channel set will be selected. Bonding group sizes do not need to match the CM's RCP connection capability attributes. Currently supported RCP architectures (CM receive channel connection capabilities) include up to 8 channels with the receive module architectures being either the conforming verbose RCP architectures listed above or a design of MxN where M = channels and N = modules. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-13 PRELIMINARY E6000 CER Release 1.0 Channel Bonding The frequency range available for bonding group channel selection is dependent on the CM's receive module architecture. A typical DOCSIS RCP architecture with a single RM will limit the spectrum to the 10 channels, starting with the RCC's First Channel Center Frequency attribute. The specific spectrum range is determined by the RM’s Adjacent Channels and the RM’s Center Frequency Spacing definitions. A multiple RM design will have multiple frequency blocks and the RCC will contain First Channel Center Frequency attributes for each of the RMs that have channels assigned to them. It is perfectly valid to have RMs to which no receive channels have been assigned. In addition, the MULPI specification states that “A E6000 CER is expected, but not necessarily required, to assign Receive Channels connected to a Receive Module that defines a block of adjacent channels to center frequencies located at an integral number of channel widths from the first channel center frequency of the block.” The E6000 CER bonding group channel selection algorithm will not necessarily select contiguous channels, but will always select channels that belong to a single MAC Domain on a single downstream CAM. As seen in Table 20-1, MxN RCP architectures (receive channels x receive modules) are not supported by dynamic RCC creation: they must have RCCs that are statically configured. E6000 CER users should know that in such cases the number of static RCC configuration permutations can be unpleasantly large. The E6000 CER does not impose limitations on static RCC configurations because to do so would limit MSO flexibility. Table 20-1 on page-20-14 summarizes the RCC capabilities of the E6000 CER with respect to RCP architectures. Table 20-1: RCC Capabilities with Respect to RCP Architectures RCC RCP Architecture Channels x Modules Static Dynamic Nx1 Y Y All receive channels connect to a single RM. NxN Y Y Channels and modules are equal in number and each channel connects to its own RM. MxN Y N Flexible channel-module assignments. Comments As discussed above, bonding group channel selection follows the RCC creation. Bonding groups may be statically defined or dynamically created. Dynamic RCCs Use the following command to enable the E6000 CER to dynamically create RCCs: configure interface cable-mac 1 cable dynamic-rcc Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-14 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Configuration Examples for Static RCC Configuring Static RCC Using One Block Use the following commands to create static RCCs using one block: configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 description "CLAB-6M-003" configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 module 1 min-center-frequency 621000000 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 module 1 connected-module 0 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 1 cable-downstream 12/0/0 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 1 module 1 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 1 primary-channel configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 2 cable-downstream 12/0/1 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 2 module 1 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 2 primary-channel no configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 3 cable-downstream 12/0/2 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 3 module 1 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 3 primary-channel no configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 4 cable-downstream 12/0/3 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 4 module 1 configure interface cable-mac 1 cable rcp-id 0010000003 rcc 1 cm-channel 4 primary-channel no Configuring Static RCC Using Two Separate Blocks Below is a configuration example of static RCC using two blocks. The modem in the example that follows, 001018 8061, is a Broadcom-based 8x4 modem. Its RCP has 2 tuners and 8 channels (2 x 30Mhz wide). configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 description "BCM-6M-8DS-001" configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 module 1 min-center-frequency 327000000 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 module 2 min-center-frequency 447000000 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 1 cable-downstream 12/0/0 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 1 module 1 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 1 primary-channel configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 2 cable-downstream 12/0/1 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 2 module 1 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 3 cable-downstream 12/0/2 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 3 module 1 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 4 cable-downstream 12/0/3 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 4 module 1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-15 PRELIMINARY E6000 CER Release 1.0 Channel Bonding configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 5 cable-downstream 12/0/4 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 5 module 2 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 6 cable-downstream 12/0/5 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 6 module 2 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 7 cable-downstream 12/0/6 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 7 module 2 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 8 cable-downstream 12/0/7 configure interface cable-mac 1 cable rcp-id 0010188061 rcc 1 cm-channel 8 module 2 Configuring Channel Bonding Groups Dynamic Groups Use the following command to enable the E6000 CER to dynamically create downstream bonding groups: configure interface cable-mac 1 cable downstream-bonding-group dynamic enable Static Groups Use the following commands to create static downstream bonding groups: configure interface cable-mac 1 <enter> cable downstream-bonding-group 1 cable-downstream 12/0/0 12/0/1 12/0/2 cable downstream-bonding-group 2 cable-downstream 12/0/0 12/0/1 12/0/2 NOTE: 12/0/3 If load balancing is disabled, then use the following command to enable changing the bonded modem’s primary downstream via RCC during registration: configure cable global modify-primary-DS-RCC Default = enabled. NOTE: If the modem does not support ECN 690, it may flap if the E6000 CER changes the primary downstream in the Reg-RspMP. The modem should be upgraded to support ECN 690. For more information on this ECN, see CableLabs specification CM-SP-MULPIv3.0-I09-090121. To turn off support for load balancing during registration, perform the following two steps: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-16 PRELIMINARY E6000 CER Release 1.0 1 Channel Bonding First, disable support for primary downstream change: configure no cable modify-primary-DS-RCC 2 Disable dynamic load-balancing. To do this, either turn off dynamic load balancing for the modem’s MAC domain, or turn it off for all MAC domains using the default group using one of the commands below: configure cable fiber-node <name> cable-mac <#> load-balance enable no configure cable load-balance general-group-defaults enable no Or instead of using one of these CLI commands, you may assign the modem to a policy or restricted load-balancing group that is disabled. See Chapter 29, Load Balancing. Per-packet Channel Selection for Bonding Groups When distributing packets across the multiple channels of a bonding group, the E6000 CER uses a rolling utilization average to determine the least loaded channel within the flow’s bonding group. The aim of the packet distribution algorithm is to load-balance for the purpose of even utilization across all of the channels (not just those in the bonding group). The packets are transmitted on the channel within the bonding group which is loaded lightest at the time that the packet is to be transmitted. The algorithm will automatically adjust to handle channels with different bandwidth capacities. No configuration is necessary for this feature. NOTE: Issue 1.0, 4 Feb 2013 Due to the use of the rolling utilization average distribution algorithm, the E6000 CER may send 2 or 3 packets in a row on the same channel. This is normal operation, therefore, you should not expect perfect distribution of downstream packets. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-17 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Upstream Channel Bonding (USCB) The E6000 CER supports upstream channel bonding in accordance with the DOCSIS 3.0 US bonding specification. It currently supports the bonding of four upstream channels. If the chassis and physical plant have already been configured to support Downstream Channel Bonding, then USCB can be enabled with the following two commands. The Selective Enabling of USCB within a MAC Domain procedure contains more details for those users who want only specific DOCSIS 3.0 modems to use Upstream Channel Bonding. Enable Multiple Transmit Channel mode: configure interface cable-mac <mac> cable mult-tx-chl-mode Enable dynamic upstream bonding groups: configure interface cable-mac <mac> cable upstream-bonding-group dynamic enable Or, configure a static bonding group: configure interface cable-mac <mac-id> cable upstream-bonding-group <int> cable-upstream <slot>/<port> The E6000 CER supports both dynamic and static creation of US bonding groups at the same time. Any newly-registering D3.0 modems will register using Multiple Transmit Channel Mode (MTCM) and the E6000 CER will use dynamic bonding group capabilities (if enabled) to determine if the E6000 CER configuration allows for bonding in the upstream. Selective Enabling of USCB within a MAC Domain When MTCM is enabled for a MAC domain, all modems that are capable of USCB will register with USCB enabled by default. If there is a need to enable USCB for a subset of USCB capable modems within the MAC domain, the following steps describe how to enable USCB selectively on modems while leaving it disabled on others within the same MAC domain. Note that when USCB is enabled, Continuous Concatenation and Fragmentation (CCF) will be enabled on all upstream flows except for UGS flows. When USCB is disabled, CCF is disabled on all upstream flows. 1 Allow USCB on the desired MAC domain(s) while leaving deployed modems unaffected. configure cable global mtcm-conditional-override This command prevents deployed modems from switching to MTCM, thus triggering USCB, when they re-register for any reason. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-18 PRELIMINARY E6000 CER Release 1.0 2 Channel Bonding Enable Multiple Transmit Channel mode: configure interface cable-mac <mac> cable mult-tx-chl-mode 3 Enable the E6000 CER to create upstream bonding groups dynamically: configure interface cable-mac <mac> cable upstream-bonding-group dynamic enable NOTE: 4 When mtcm-conditional-override is set, only CMs that have the bonding bit set in the SfRequiredAttributeMask to the hex string in the step below will be given MTCM (USCB) consideration on the CER. The following step is necessary before USCB can take place. (Optional) Create a static upstream bonding group: configure interface cable-mac <mac-id> cable upstream-bonding-group <int> cable-upstream <slot>/<port> (Example) To configure an US bonding group number 100 on cable-mac 1 with four US channels 1/0/0 through 1/0/3, use the following command: configure interface cable-mac 1 cable upstream-bonding-group 100 cable-upstream 1/0/0 1/0/1 1/0/2 1/0/3 5 Verify that the config file of this modem to be bonded includes a bonding-required attribute for at least one upstream service flow. The config file for this modem should have the following value for the attribute mask: SfRequiredAttributeMask = hexstr: 80.00.00.00 See Figure 20-2 on page20-20 for an example. 6 Issue 1.0, 4 Feb 2013 Allow a modem within the MTCM-enabled mac domain to register. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-19 E6000 CER Release 1.0 PRELIMINARY Channel Bonding Figure 20-2: Snapshot from Config File with Attribute Mask Set for USCB Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-20 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Non-Primary Channel Acquisition for Upstream Channel Bonding Under certain scaling conditions operators may see that an unacceptable number of upstream channel-bonded modems register with upstream partial service. This feature can be used to assist modems to register with upstream full service by forcing DOCSIS 3.0 modems with MTCM enabled to use only unicast ranging opportunities to acquire the non-primary upstream channels specified in their TCC(s) during registration. This behavior is controlled by the TLV 46.7 sent in the REG-RSP-MP message in accordance with DOCSIS specifications (MULPIv3.0 Annex C.1.5.1.7.) When this feature is disabled, the modem chooses to use either unicast or broadcast opportunities. NOTE: If this feature is enabled, all 46.7 TLVs sent will have a value of 2 (unicast). If it is disabled, all 46.7 TLVs will have a value of 3 (either unicast or broadcast). Not all modems support unicast ranging for non-primary US channel acquisition. The CLI command to enable this feature is: configure cable unicast-np-us-acquisition Use the NO version of the command to disable the feature: configure cable unicast-np-us-acquisition no This feature is disabled by default. Some brands of modems may react more slowly than others when beginning to acquire their upstream(s) using unicast ranging opportunities. Such modems will see several ranging opportunities sent out over a period of a few seconds before they respond to them. It is also possible that non-compliant modems may not understand the 46.7 TLV or may not be able to acquire their nonprimary upstreams using only unicast opportunities. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-21 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Partial Service Handling on the E6000 CER Partial service is a term used to indicate that service to a particular bonding-capable modem is in a degraded state, such that data cannot or should not be transmitted across some of the channels associated with the modem. The E6000 CER provides mechanisms for detecting, reporting, and recovering from some common partial service conditions. Upstream Impairment Detection and Recovery When upstream partial service occurs during the process of modem registration, the modem will remain in partial service until the modem re-registers. If the underlying cause of the original partial service condition was related to impairment or noise on the channel, the modem could register with partial service again. If, however, the cause of the original impairment was due to resource contention during registration, it is possible for the modem to re-register with full service. In cases where a modem fully registers on all candidate upstream channels in a bonding group, it will continue to periodically range on all channels. If the modem fails to respond to 16 consecutive station maintenance opportunities on any non-primary channel, as may occur if the channel becomes impaired, the E6000 CER will discontinue providing transmit opportunities to that modem on that channel. In order to provide for recovery of the channel for use in the bonding group, the E6000 CER will provide each modem in this state with one ranging opportunity during every ranging interval for every channel that was determined to be impaired. When the modem responds to that ranging opportunity and successfully completes ranging on that channel, the E6000 CER will then begin providing transmit opportunities to that modem on that channel again. NOTE: If a modem fails to range on the primary channel, then the modem will reset instead of going into partial service. Downstream Impairment Detection and Recovery The modem will go into downstream partial service during the process of modem registration when one or more bonded downstream channels are not acquired. If at a later point in time the modem acquires one or more of the impaired downstream channels, the modem will send a CM-STATUS message to the E6000 CER with a report of QAMFEC_LOCKRECOVERY indicating which downstream channels were acquired. The E6000 CER will then resume use of those downstream channels for that modem. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-22 PRELIMINARY E6000 CER Release 1.0 Channel Bonding In cases where a modem fully registers on all downstream channels and subsequently loses one or more downstream channels, some modems may respond by sending a CM-STATUS message to the E6000 CER with a report of QAMFEC_LOCKFAIL indicating which downstream channels were lost. When this occurs, the E6000 CER will discontinue sending bonded traffic to that modem via the reported downstream channels. The E6000 CER will continue to bond traffic across the remaining downstream channels associated with any given downstream service flow on that modem. When the modem recovers lock on the channel, it will send a CM-STATUS message with a report of QAMFEC_RECOVERY. The E6000 CER will then resume use of that downstream channel for that modem. Observability The E6000 CER provides visibility to modems which have not fully registered on all channels for which the topology would allow. Use the following commands: • show cable modem detail • show cable modem bonded-impaired Logging — The E6000 CER has the capability to enable a debug syslog message which will generate a log message whenever any CM-STATUS message is generated by a modem. The debug enable mechanism is configure logging debug cm-status. The following are samples of these messages: 14:00:50 13 debg: Debug:cm-status.msgs.expected:CM-STATUS from MAC=00:00:ca:c4:db:33, Transaction=1: Report: QAM/FEC - lock lost for Downstream Chan ID=2 14:00:56 13 debg: Debug:cm-status.msgs.expected:CM-STATUS from MAC=00:00:ca:c4:db:33, Transaction=1: Report: QAM/FEC - lock recovery for Downstream Chan ID=2 The E6000 CER will generate notice-level logging when disruption in modem ranging occurs on a non-primary channel. For example: 12:26:25 13 notc: MAC=00:15:a4:a4:58:1f; Upstream portNumber 3; SMRanger - Ranging opportunities exceeded on non-primary upstream. Removed non-primary upstream from service flows. 12:27:39 13 notc: MAC=00:15:a4:a4:58:1f; Upstream portNumber 3; SMRanger - Non-primary upstream resumed response to ranging opportunities. Restored non-primary upstream to service flows. The output of the show cable modem detail command below reflects when a CM is in an impaired state. The following is an example of the output for two modems. From the information highlighted in blue, you can tell that the first modem, 0015.96dd.e98a, is non-bonded because it is a DOCSIS 2.0 modem. Its upstream channel is 1/0/2; Its downstream channel is 12/0/1. The second modem shown, 0015.d0be.a08e, is a bonded modem because it is DOCSIS 3.0. It is supported by upstream channels 1/0/0, 1/0/1, 1,0/2, and 1/0/3; and by downstream channels 12/0/2, 12/0/3, 12/0/4, and 12/0/11. E6000# show cable modem detail 1Dec 4 13:22:26 12/0/1-1/0/2 CM 0015.96dd.e98a (Arris) D2.0 State=Operational D1.1/atdma PrimSID=2 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1, RCS=0x00000002 TCS=0x00000003 Timing Offset=1217 Rec Power= 0.25 dBmV Proto-Throttle=Normal Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-23 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Uptime= 0 days 17:12:07 IPv4=10.132.20.139 cfg=basic_11.bin LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Disabled MDF Capability= N/A MDF Mode= N/A u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports u 29 2 Activ BE 0 0 500 36117 0 0 1/0/2 d 30 15 Activ 0 0 493 33509 0 0 12/0/1 L2VPN per CM: (Disabled) Current CPE=0, IPv4 Addr=0, IPv6 Addr=0 Max CPE=16, IPv4 Addr=32, IPv6 Addr=64 12/0/11-1/0/2 CM 0015.d0be.a08e (Arris) D3.0 State=Operational D1.1/atdma PrimSID=8205 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1 RCP_ID= 0x0010000005 RCC_Stat= 4, RCS=0x01000004 TCS=0x01000004 Timing Offset=1224 Rec Power= 0.00 dBmV Proto-Throttle=Normal dsPartialServMask=0x00000000 usPartialServMask=0x00000000 Uptime= 0 days 16:48:44 IPv4=10.132.31.127 cfg=cw_basic_30.bin LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Disabled MDF Capability= GMAC Promiscuous(2) MDF Mode= MDF Enabled(1) u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports uB 33 8205 Activ BE 0 0 510 36533 0 0 1/0/0-3 dB 34 17 Activ 0 0 505 34976 0 0 12/0/2-4,11 L2VPN per CM: (Disabled) Current CPE=0, IPv4 Addr=0, IPv6 Addr=0 Max CPE=16, IPv4 Addr=32, IPv6 Addr=64 If a channel or channels are impaired, the show cable modem detail command lists them in parentheses at the end of the upstream/downstream bonded channel lines. If upstream 1/0/2 and downstream 12/0/11 were impaired, they would be listed: uB 283 dB 670 8220 Activ BE 335 Activ 0 13000000 0 0 0 0 0 0 2 368 0 0 1/0/0-3 (impaired: 1/0/2) 12/0/2-4,11 (impaired: 12/0/11) The show cable modem bonded-impaired command provides information on CMs that are not functioning at full capacity. It also states the reason for the impaired state. (See the Chapter 44, Command Line Descriptions for more details.) E6000# show cable modem bonded-impaired Dec 4 19:27:20 Interface (DS-US) S/C/P-S/CG/P ----------------12/2/7-1/1/11 +12/2/7-1/1/11 12/2/3-1/1/10 +12/2/3-1/1/10 12/2/4-1/1/11 +12/2/4-1/1/11 Actual Impair Mac Bonded Bonded Port --- ------ ------ -------3 4x4 4x3 U1/1/9 3 4x4 4x3 U1/1/9 3 4x4 4x3 U1/1/9 3 4x4 4x3 U1/1/9 3 4x4 4x3 U1/1/9 3 4x4 4x3 U1/1/9 Impair Reason ----------------badTcs t4Timeout badTcs t4Timeout badTcs t4Timeout DOC SIS --3.0 3.0 3.0 3.0 3.0 3.0 MAC address --------------0015.cf5b.6a0f 0015.cf5b.6a0f 0015.cf5b.6fff 0015.cf5b.6fff 0015.cf5b.70f3 0015.cf5b.70f3 IP Address ----------------------------------10.135.30.173 10.135.30.173 10.135.30.81 10.135.30.81 10.135.31.101 10.135.31.101 Total Oper Disable Init Offline ------------------------------------------------------Found 3 3 0 0 0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-24 PRELIMINARY E6000 CER Release 1.0 Channel Bonding Table 20-2: List of Commands Related to Partial Service Issue 1.0, 4 Feb 2013 Command Purpose configure interface cable-mac * cable cm-status enabled Enables the signaling of the CM-Status Event reporting mechanism for a cable MAC. configure interface cable-mac * cable cm-status event-type enabled Configures an event type via the CM-STATUS message. configure interface cable-mac * cable cm-status event-type ? This command requests the available cable modem status event types. These are the available event condition types: • secondaryChlMddTimeout • qamFecLockFailure • seqOutOfRange • mddRecovery • qamFecLockRecovery • t4Timeout • t3RetriesExceeded • t3RangingRecovery • cmOnBatteryBackup • cmAcPowerRestored • all © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 20-25 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Channel Bonding PRELIMINARY 20-26 PRELIMINARY E6000 CER Release 1.0 21 IPv6 IPv6 IPv6 Packet Structure 2 IPv6 Addressing Architecture 3 E6000 CER Security Features for IPv6 7 DHCPv6 PDRI and Bulk Lease Query 17 IPv6 Prefix Stability 23 IPv6 Distribute Lists 33 Overview The E6000 CER IPv6 Host and Routing feature adds standards-compliant routing of IPv6-conformant packets and an IPv6 host stack for management applications. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-1 PRELIMINARY E6000 CER Release 1.0 IPv6 IPv6 is defined by a relatively large number of RFCs and Internet Drafts. The requirements on both host stacks and routers are substantially more complex than those for IPv4, partly because many desirable features that are common in IPv4 deployments (but are not part of the basic IPv4 protocol) have been folded into the basic definition of the IPv6 protocol. Many of the changes in IPv6 are designed to help routers process packets more efficiently than is possible in IPv4. Consult the pertinent RFCs and Internet Drafts for more detail. IPv6 is dependent on the use of Multicast DSID-based Forwarding (MDF). MDF Multicast DSID-based Forwarding (MDF) is a key component of DOCSIS 3.0 multicast functionality. The E6000 CER supports MDFdisabled mode and GMAC-Promiscuous mode, as described in the DOCSIS 3.0 MULPI specification. To change the configuration for MDF you must first shut down the cable-mac. Execute the following command in order to enable MDF GMAC-Promiscuous mode for the specified cable-mac: configure interface cable-mac <mac> cable mcast-fwd-by-dsid GMAC Explicit Mode The E6000 CER supports DOCSIS 2.0+ IPv6 modems that are Multicast DSID-based Forwarding (MDF) incapable, as well as modems that are MDF Enabled GMAC Explicit. IPv6 Packet Structure The structure of an IPv6 packet header is defined in RFC-2460: IPv6 Protocol Specification. The header has a fixed length of 40 octets containing the following fields: Issue 1.0, 4 Feb 2013 • Version (4 bits): IP protocol version. Always has the value 6. • Traffic Class (8 bits): Used to prioritize IPv6 packets. Traffic Class has the same definition as the IPv4 TOS/DSCP field. • Flow Label (20 bits): Used to identify a flow (i.e., a set of packets that require identical routing treatment). • Payload Length (2 octets): Length of the packet in octets following the header. In IPv6, each packet is divided into exactly two portions: the header and the payload. Since the length of the Payload Length field is 2 octets, the maximum length of an ordinary IPv6 packet is (216-1 + 40) octets (i.e., 65,575 octets). Note that RFC-2675 defines a mechanism for sending larger IPv6 packets, called "jumbograms". The IPv6 feature on the E6000 CER does not include support for jumbograms. • Next Header (1 octet): A protocol number or a value to indicate an extension header follows the fixed header. This behaves somewhat similarly to the Protocol Type field in IPv4, in that it may contain a value corresponding to a layer 4 protocol such as UDP or TCP. However, it may also contain a value that tells the recipient/router that, immediately following the fixed header, the packet contains an Extension Header. In that case the value in the Next Header field identifies the Extension © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-2 PRELIMINARY E6000 CER Release 1.0 IPv6 Header that follows the IPv6 header. The complete list of allowed values is obtainable at: http://www.iana.org/assignments/protocol-numbers. • Hop Limit (1 octet): Maximum number of router hops permitted. This number is decremented by one each time the packet passes through a router. This is identical to the commonly accepted practice in IPv4 for decrementing the TTL field, although technically the IPv4 TTL is supposed to be decremented once per second. In IPv6, the defined behavior matches the common IPv4 practice where the counter is simply decremented once per hop. • Source Address (16 octets): 128-bit IPv6 source address. • Destination Address (16 octets): 128-bit IPv6 destination address. IPv6 Addressing Architecture Address Notation IPv6 addresses are 128 bits (16 octets) long displayed as eight 16-bit values in hexadecimal notation separated by colons. An IPv6 address is composed of a high-order network prefix and a low-order interface identifier with the boundary of the prefix designated by a slash decimal notation. For example, the IPv6 unicast address: 2001:01AB:00CD:0001:0000:0000:0000:0001/64 …designates an IPv6 unicast address with: - a 64-bit network prefix of 2001:01AB:00CD:0001 a 64-bit host identifier of 0000:0000:0000:0001 The full form of the address includes all leading zeros, while the preferred form suppresses the leading zeros and the compressed form replaces a single contiguous sequence of zeros with a double colon (::). In the example of a full form address shown above, the preferred form is 2001:1AB:CD:1:0:0:0:1/64 and the abbreviated form is 2001:1AB:CD:1::1/64. The hexadecimal address notation is not case sensitive. Types and Scope of Addresses Issue 1.0, 4 Feb 2013 There are three kinds of IPv6 addresses: unicast, multicast, and anycast. Unicast and multicast packets are treated similarly to unicast and multicast in IPv4. The IPv4 notion of broadcast is absent from IPv6, being replaced by certain forms of multicast (specifically an all-nodes link-local multicast). In addition, an IPv6 address has a notion of forwarding scope where node-local, link-local, site-local, and global scopes are defined. In IPv6, scope is encoded as part of the prefix and nodes are not permitted to forward link-local packets beyond their scope. In IPv4, scope was imprecisely defined by small TTL values, however in IPv6, scope is precisely defined and enforced. In particular, IPv6 scope enforcement applies to both source and destination IPv6 addresses. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-3 PRELIMINARY E6000 CER Release 1.0 IPv6 Table 21-1: IPv6 Address Ranges and Scope Address Range(s) Interface Assignment Scope 2000::/3 Global scope unicast addresses FEC0::/10 FC00::/8, and FD00::/8 Site-local scope unicast addresses FE80::/10 Link-local scope unicast addresses In IPv6, addresses are assigned to interfaces, not to nodes. A single interface may be assigned up to 128 IPv6 global addresses. The E6000 CER supports the assignment of only one link-local scope address to each physical interface. This address is typically assigned automatically and is unique over all interfaces in the E6000 CER. While uniqueness of site-local and global IPv6 addresses is enforced, assigning the same link-local to more than a single interface is allowed on the E6000 CER. IPv6 multicast addresses are taken from the FF00::/8 address space and include an explicit scope indicator in bits 12-15. Thus, IPv6 multicast addresses are of the form FF0x::/16 where x is the multicast scope indicator (encoded as 1 for node-local, 2 for link-local, 5 for site-local, and E for global scope). NOTE: Anycast addresses are not supported at this time. There are two special addresses in IPv6: 1 The unspecified address has the value 0:0:0:0:0:0:0:0 (or ::), and is more or less equivalent to 0.0.0.0 in IPv4. It cannot be used as a destination address and is only used as a source address when a new address is assigned to a link and is being tested by duplicate address detection (DAD). The address ::/0 is typically used as part of the default route statement. 2 General Limits for IP Addresses The loopback address has the value 0:0:0:0:0:0:0:1 (or ::1), and is more or less equivalent to 127.0.0.1 in IPv4. This address has node-local scope and may not be forwarded out of the node. Users of the E6000 CER should observe the following limits and guidelines that pertain to IP addresses: • A cable modem (CM) may be assigned only one IP address. It may be either IPv4 or IPv6. If it is assigned an IPv6 address, it may also have its own EUI-64 link-local address, but this will not be shown in the show cable modem detail output. • Typically a CPE may have only one (1) IPv4 address and only one (1) IPv6 link-local address.1 1. It is possible to use CPE Host Authorization to pre-provision more than one IPv4 address for a CPE. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-4 PRELIMINARY E6000 CER Release 1.0 IPv6 • In addition to its one IPv4 and its one IPv6 link-local address a CPE may have up to six other site-local or global IPv6 addresses up to a total of eight (8) IP addresses. • IPv6 prefixes can be delegated to CPE routers—these prefixes are not counted as IP addresses assigned to that CPE. • CPE hosts that are directly connected to the modem are allowed only one (1) IPv6 address per prefix. If a host obtains a new IPv6 address in that prefix, the new address overwrites the old one. • Packets using an IPv6 multicast address (FFxx::) or the unspecified address (::) as the Source IP (SIPv6) will be dropped, unless there is an unspecified SIP and the packet type is an ICMPv6 Neighbor Discovery1 (ND) packet. An ND packet is one the following: Neighbor Solicitation, Neighbor Advertisement, Router Solicitation, Router Advertisement or a Redirect. • The IP Packet Filtering / Subscriber Management feature affects the maximum number of IP addresses allowed. See Effect of IP Packet Filtering / Subscriber Management on IP Address Limits on page 16-18. • The maximum number of IPv4 and IPv6 addresses across CPEs behind one modem is configurable if submanagement is enabled (configure cable submgmt default active), but cannot exceed 32 IPv4s and 64 IPv6s. Submanagement can also be enabled in the CM configuration file using TLV 35. If this TLV is present, it overrides the default settings. For more information see Source Verification of Cable-side IP Addresses on page 27-22. Link-Local Addresses Addresses from the FE80::/10 space are designated as link-local unicast. Such addresses must not be forwarded outside of the link either as a source or destination address; these are commonly used for layer 2 connectivity. The following guidelines apply to CPEs using IPv6 link-local addresses: • A CPE can have only one link-local address. • CPEs are not required to use EUI-642 address formatting for link-local addresses, but CMs are. The EUI-64 address is unique because the first part of it (lower 64 bits) is based on the MAC address of the device. If a CPE or CM uses EUI-64 in its SIPv6 link-local address, the SMAC of packets must match its embedded MAC in its EUI-64 fprmatted link-local address in packets it sends. • The E6000 CER verifies that a link-local address being used by a cable-side host (CM or CPE) is not being used by any other cable-side host. • Reverse-path verify does not apply to link-local addresses. • IPv6 link-local addresses are not subject to DHCP host validation. • The E6000 CER supports Proxy Duplicate Address Detection (DAD), which ensures the IPv6 addresses are unique across all cable interfaces. IPv6 Proxy DAD applies to link-local, site-local, and global addresses. 1. Neighbor Discovery Protocol is used with IPv6 and ICMPv6 for address resolution, address autoconfiguration, router discovery, prefix discovery, and other functions. 2. EUI-64 is trademarked by the IEEE. “EUI” stands for “Extended Unique Identifier”. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-5 PRELIMINARY E6000 CER Release 1.0 IPv6 CAUTION If an IPv6 site-local or global address on a cable interface is changed or removed or prefix length on a cable interface is changed, then be well aware that all cable modems on that prefix will be reset and CPEs using an address based on that IPv6 prefix will be stranded until they DHCP to acquire a new IPv6 address. No communication with the cable modems or CPEs that use site-local or global IP addresses based on the removed IPv6 prefix is possible until the cable modems and CPEs DHCP to acquire a different IPv6 address on a prefix of that interface. NOTE: IPv6 over Ethernet It is recommended that when an IPv6 site-local/global address or prefix length is modified or removed from a cable interface, all IPv6 cable modems on that prefix be reset. IPv6 is transported over ethernet using its own ethertype: 0x86DD. Thus, IPv6 traffic is distinguished at Layer 2 from IPv4 and ARP traffic using ethertypes 0x0800 and 0x0806 respectively. Note that IPv6 does not use ARP to resolve unicast MAC addresses; rather it relies on the built-in ICMPv6 protocol to provide the equivalent Neighbor Discovery and Duplicate Address Detection functions found in ARP. This means that only one ethertype is used for all IPv6-related ethernet transport. Also note that IPv6 does not use the ethernet MAC broadcast address FFFF.FFFF.FFFF for any purpose — it is replaced by various forms of ethernet MAC multicast addresses designated for specific purposes. All IPv6 multicast addresses (FF0x::/16) are directly mapped into ethernet MAC multicast addresses of the form 3333.xxxx.xxxx, where xxxx.xxxx is the low order 32 bits of the IPv6 multicast address. It is expected that host node ethernet interfaces will only listen to specific MAC multicast addresses, while router node ethernet interfaces will listen to all MAC multicast addresses. Well-Known Multicast Addresses RFC-2375, IPv6 Multicast Address Assignments, defines a number of well-known multicast addresses that are reserved for specific purposes. Nodes are required to respond appropriately if they are of a type that matches the purpose. For example, the link-local multicast address FF02::2 is the "all-routers" address; therefore, any device that considers itself to be a router must respond to incoming packets with a destination address of FF02::2 as if the packet's destination was that router itself. One of the unique features of IPv6 is the concept of a "solicited node multicast address". This is a link-local scope multicast address of the form FF02::1:FFxx.xxxx that is intended to replace many of the ARP broadcasts found in IPv4. The solicited node IPv6 multicast address contains the same low-order 24 bits (xx:xxxx) as the IPv6 unicast address that it represents. This in turn maps to an ethernet multicast MAC address 3333.FFxx.xxxx that also contains these same low-order 24 bits. When a node is looking for a neighbor on the link with a given IPv6 unicast address and it does not have an active neighbor cache entry containing a unicast MAC address for that unicast IPv6 address, it will first send an ICMPv6 Neighbor Solicitation message (similar to an IPv4 ARP Request message) to the asso- Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-6 PRELIMINARY E6000 CER Release 1.0 IPv6 ciated solicited node multicast address in order to resolve the unknown unicast MAC address. The assumption is that there is only 1 interface (or a small number of interfaces) on the link that are using an IPv6 unicast address containing the same low-order 24 bits, and hence, only these nodes will be listening for their solicited node MAC multicast addresses (unlike IPv4 ARP where all nodes would have heard the broadcast ARP Request message). Furthermore, only the node that is actually using the full matching target IPv6 unicast address will respond with a ICMPv6 Neighbor Advertisement message, so the requesting node can expect that there will be only one response or none at all. This feature supports the well-known IPv6 multicast addresses and their equivalent ethernet MAC addresses in the table below. Note that packets with link-local scope multicast addresses will be consumed by the control plane and will not be reflected back to cable interfaces. The E6000 CER supports only link-local multicast. Table 21-2: IPv6 Well Known Multicast Groups Address Description ff02::1 All nodes on the local network segment ff02::2 All routers on the local network segment ff02::5 OSPFv3 AllSPF routers ff02::6 OSPFv3 AllDR routers ff02::9 RIP routers ff02::a EIGRP routers ff02::d PIM routers ff02::16 MLDv2 Reports ff02::1:2 All DHCP servers and relay agents on the local network ff05::1:3 All DHCP servers on the local network ff0x::fb Multicast DNS ff0x::101 Network Time Protocol ff0x::108 Network Infrastructure Service E6000 CER Security Features for IPv6 The E6000 CER provides a number of features to resist various IPv6 Denial of Service (DoS) or spoofing attacks. Here is a summary: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-7 PRELIMINARY E6000 CER Release 1.0 1 IPv6 Configure Commands IPv6 Since DHCPv6 and ND/RD packets are targeted to the E6000 CER host processor, there is a potential for a malicious subscriber to bombard the E6000 CER with a large amount of these packets. This could deny service to other legitimate subscribers. The E6000 CER has implemented two features to prevent this type of attack: a Host protocol throttling to throttle the rate at which individual protocol packets are passed to the E6000 CER host CPU. b Per MAC address throttling to limit the number of DHCPv6 and ND/RD packets that can be sent by any single modem. 2 The E6000 CER does not process any IPv6 RA or ICMP redirect messages. These are silently discarded. 3 Dataplane dropping of invalid IPv6 packets is also done by the E6000 CER. This eliminates the need for some IPv6 filters. a Received packets with IPv6 link-local source address are never routed through the E6000 CER. b Upstream Link-local traffic is terminated by the E6000 CER and is never re-forwarded on a downstream cable interface. c Only the well known link-local, site-local and global addresses are allowed as source or destination IP addresses. d - Link-local 0xfe80 - Global 0x20 - Site-local 0xfec0, 0xfc, 0xfd IPv6 multicast addresses are not valid as a source address and are silently dropped. e A source address of all zeros is allowed only with a multicast DMAC. f IPv6 multicast is currently not supported except for basic IPv6 functionality (DHCPv6, ND/RD, etc.). Non-basic IPv6 multicast is blocked. g Packets that have the IPv6 loopback address (::1) as their source or destination IP address are dropped. 4 The Cable Source Verify feature can also be used to verify the source IPv6 address of packets originating from a CPE. 5 The E6000 CER supports standard IPv6 ACLs, but not extended ACLs. Similar functionality to the extended ACLs can be achieved with cable filters. The following section provides a list of commands used to configure and enable IPv6 routing on the E6000 CER. NOTE: The IPv6 configuration commands do not support subinterfaces. To configure the IPv6 IP address for the specified interface: configure interface ethernet <6-7>/<0-7>[.<0-254>]> ipv6 address <addr> [eui-64] [link-local] Where: <addr> Represents the IPv6 address/prefix. To set the default limit for router advertisements and all IPv6 packets originated by the router: configure ipv6 [no] hop-limit <number> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-8 PRELIMINARY E6000 CER Release 1.0 IPv6 To display the usability status of interfaces configured for IPv6: show ipv6 interface <WORD> To establish static routes from the IPv6 route table: configure ipv6 route <ipv6-address1>/<prefix-length> <ipv6-address2> [admin-distance <int>] [metric <int>] The previous command has an interface option if the next-hop address is a link-local address, as can be seen in the following examples: E6000# configure ipv6 route 2001:1234:0:1::/64 ? <WORD> cable cable-mac ethernet null - Next Hop IPv6 address - Network Interface to use - Network Interface to use - Network Interface to use - Null Interface E6000# configure ipv6 route 2001:1234:0:1::/64 ethernet 6/0 ? <WORD> - Link Local Next Hop Address To configure a default route use the following command: E6000# configure ipv6 route <ipv6-address1>/<prefix-length> <ipv6-address2> Where: ipv6-address1 = Destination route address prefix-length A decimal value that indicates the length of the IPv6 prefix. ipv6-address2 = Next hop address The E6000 CER implementation of IPv6 supports four Equal Cost Multipath (ECMP) routes. For an example of how to configure a cable-mac, see 7. Configure Cable-MAC on page 10-8. Neighbor Discovery Commands Issue 1.0, 4 Feb 2013 This section provides a list of commands related to Neighbor Discovery (ND). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-9 PRELIMINARY E6000 CER Release 1.0 IPv6 Table 21-3: CLI Commands for Neighbor Discovery (ND) Command Purpose configure ipv6 neighbor <ipv6-address> <interface-type> <interface-number> <mac-address> [no] To create a static entry in the neighbor discovery (ND) cache for the interface. clear ipv6 neighbors [ipv6-address] To clear the IPV6 Neighbor Discovery cache, or to clear a specific IP address. configure interface cable-mac <mac> ipv6 nd reachable-time <milliseconds> [no] To set the amount of time a neighbor is considered reachable after the last confirmation. configure interface cable-mac <mac> ipv6 nd prefix <name> [off-link] [no-autoconfig] no-advertise To configure the IPv6 neighbor discovery (ND) prefix for the cable interface not to include the specified prefix in router advertisements. configure interface cable-mac <mac> ipv6 nd prefix <name> [off-link] [no-autoconfig] advertise To configure the IPv6 neighbor discovery (ND) prefix for the cable interface to include the specified prefix in router advertisements. configure interface cable-mac <mac> ipv6 nd ns-interval <int> [no] To set the minimum interval for neighbor solicitation retransmissions. configure interface cable-mac <mac> ipv6 nd prefix <word> [<valid_lifetime>] [<preferred_lifetime> [off-link] [no-autoconfig] [autoconfig] [no] To set the date and time when the prefix expires. configure interface cable-mac <mac> ipv6 nd prefix <word> infinite [off-link] [no-autoconfig] To configure the IPv6 neighbor discovery (ND) cache prefix for the cable interface not to expire. show ipv6 neighbors [<ipv6-address>] [<interface-type>] [<interface-number>] To display the IPv6 ND cache entry for an IPv6 address or optional interface. show ipv6 route [vrf <vrf-name>] [detail] [<word>] <ipv6-address> [connected] [local] [netmgmt] [static] [isis] [ospf] To display the contents of the IPv6 route table entries for an IPv6 address or interface. To display the IPv6 Neighbor Discovery (ND) cache entries for an interface: show ipv6 neighbors [<ipv6-address>] [<interface-type>] [<interface-number>] E6000# show ipv6 neighbors ethernet 6/0 Sample output: ND cache aging has been disabled Row IPv6 Address 1 fc00:cada:c435:600::1 2 fe80::218:74ff:fe2c:5c00 Link-layerAddr Type State 0018.742c.5c00 Dynamic Active 0018.742c.5c00 Dynamic Active Interface ether 6/0 ether 6/0 Another CLI command is used to obtain IPv6 ND information for an IPv6 address. The State values are the same as for the previous command. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-10 PRELIMINARY E6000 CER Release 1.0 IPv6 show ipv6 neighbors [<ipv6-address>] Sample output: ND cache aging has been disabled Row IPv6 Address 1 fc00:cada:c435:600::1 2 fe80::218:74ff:fe2c:5c00 3 fc00:cada:c435:603::1 4 fe80::6273:5cff:fed8:3091 5 fe80::218:74ff:fe2c:5c00 6 fc00:cada:c435:703::1 7 fe80::6273:5cff:fed8:3092 8 fc00:cada:c435:c001::91 9 fc00:cada:c435:c001::9c 10 fc00:cada:c435:c001::b7 11 fc00:cada:c435:c001::c4 12 fc00:cada:c435:c001::8b 13 fc00:cada:c435:c001::96 14 fc00:cada:c435:c001::c9 15 fc00:cada:c435:c001::ca 16 fc00:cada:c435:c001::80 17 fc00:cada:c435:c001::81 18 fc00:cada:c435:c001::af 19 fc00:cada:c435:c001::bc Router Advertisements for IPv6 Link-layerAddr 0018.742c.5c00 0018.742c.5c00 6073.5cd8.3091 6073.5cd8.3091 0018.742c.5c00 6073.5cd8.3092 6073.5cd8.3092 0000.0000.0000 0000.0000.0000 0000.0000.0000 0000.0000.0000 0000.e1ed.0a66 0000.e1ed.0a65 0000.e1ed.0766 0000.e1ed.0765 0000.e1ed.0a67 0000.e1ed.0a68 0000.e1ed.0768 0000.e1ed.0767 Type Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic State Active Active Active Active Active Active Active Not Present Searching Searching Not Present Active Active Active Active Active Active Active Active Interface ether 6/0 ether 6/0 ether 6/3 ether 6/3 ether 7/0 ether 7/3 ether 7/3 cMac 1.0 cMac 1.0 cMac 1.0 cMac 1.0 cMac 1 cMac 1 cMac 1 cMac 1 cMac 2 cMac 2 cMac 2 cMac 2 The following section provides a list of commands to configure the router advertisements messages. NOTE: Local interface prefixes are not advertised automatically. A prefix is advertised only if it is explicitly configured. To set the managed address configuration flag in the IPv6 router advertisements: configure interface cable-mac <mac> ipv6 nd managed-config-flag [no] To set the other stateful configuration flag in the IPv6 router advertisements: configure interface cable-mac <mac> ipv6 nd other-config-flag [no] To set the maximum (from 4 to 1800 seconds) and minimum (3 or 4 seconds) interval for neighbor solicitation retransmissions: configure interface cable-mac <mac> ipv6 nd ra interval <4-1800> <3-4> [no] To set the lifetime for the router advertisement on the specified interface: configure interface cable-mac <mac> ipv6 nd ra lifetime {0 | <4-9000>} [no] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-11 PRELIMINARY E6000 CER Release 1.0 Where: IPv6 0 indicates that the E6000 CER is not the default router and 4-9000 is the range in seconds of the lifetime value. DHCPv6 Relay Agent To configure the DHCP relay destination for IPv6 on the specified interface. Basic Configuration Script The following set of commands represents a minimal configuration script. This script does the following: configure interface cable-mac <mac> ipv6 dhcp relay destination <ipv6-addr> [cable-modem | host | any] • Instructs IPv6-capable modems on cable-mac 1 to attempt registration in IPv6 mode. • Shuts down cable-mac 1 (The cable-mac must be shut down in order to enable Multicast DSID-based Forwarding (MDF.) • Allows the E6000 CER to use Multicast DSID-based Forwarding (MDF) for an IPv6 CPE • Restores cable-mac 1 to service in order to cause the configuration change to take effect • Sets the IPv6 address on cable-mac 1 • Sets the DHCP server address so that CMs and CPEs can use DHCPv6 to acquire their IP addresses • Sets the IPv6 address on an interface • Configures an IPv6 default route. configure interface cable-mac 1 cable cm-ip-prov-mode ipv6only configure interface cable-mac 1 shutdown configure interface cable-mac 1 cable mcast-fwd-by-dsid configure interface cable-mac 1 shutdown no configure interface cable-mac 1.0 ipv6 address 2001:CADA:F409:C100::1/64 configure interface cable-mac 1.0 ipv6 dhcp relay destination 2001:CADA:F409:ED00::1 configure interface ethernet 6/0.0 ipv6 address 2001:CADA:F409:1700::2/64 configure interface ethernet 6/10.0 ipv6 address 2001:CADA:F409:1710::2/64 configure ipv6 route ::/0 2001:CADA:F409:1710::1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-12 PRELIMINARY E6000 CER Release 1.0 Ping and Traceroute Commands IPv6 The ping (Packet Internet Groper) command is a common method of troubleshooting the accessibility of devices. It sends a series of Internet Control Message Protocol (ICMP) echo-request packets to determine if a remote host is active or inactive. ping <ip address> [source <ip addr>| hostname] [repeat-count <int>] [timeout <int>] [size <int>] [tos <int>] [ttl <int>] [payload <payload pattern>] [validate] ] [don't-fragment <word>] [mgmt <word>] ping docsis <mac-addr | ip-addr|ipv6-addr> [count] [verbose] ping ipv6 <ipv6 address> [mgmt] [output-interface {cable-mac <num>| ethernet <slot/port> | loopback <num>}] [payload <payload pattern>] [repeat-count <int>] [size <int>] [source <ip address>] [timeout <int>] [tos <int>] [ttl <int>] [validate] The traceroute command is a troubleshooting tool that helps to determine the path a packet takes to get to a destination. traceroute <A.B.C.D> [source-ip <ip addr> | hostname <name>] [min-ttl <int>] [max-ttl <int>] [timeout <int>] [probe-count <int>] [port-number <int>] [tos <0 | 0..255>] traceroute ipv6 <ipv6 address> [max-ttl <int>] [mgmt] [source <ipv6 address>] [timeout <sec>] [probe-count <int>] [min-ttl <int>] [port-number <int>] [tos <int>] The IPv6 DHCP process differs from that of IPv4. See the output of trace logging dhcpv6 below for an example of the message exchange: trace logging dhcpv6 <mac> verbose IPv6 Show Commands For more information refer to the Command Line Descriptions chapter in this manual for additional information. Table 21-4: IPv6 Show Commands Command Purpose show all-commands | include ipv6 Displays a list of all commands that include the keyword ipv6, use the following command: show ipv6 interface ethernet <6-7>/<0-7> To display the IPv6 configuration for the interface Sample output: E6000# show ipv6 interface ethernet 6/0 ethernet 6/0.0 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-13 PRELIMINARY E6000 CER Release 1.0 Admin State / Oper State Link-local address Site-local address(es) Joined group address(es) IPv6 : : : : Up / IS fe80::201:5cff:fe61:2c01/10 fc00:cada:c435:600::2, subnet is fc00:cada:c435:600::/64 FF02::1 FF02::2 FF02::1:FF61:2c01 ff02::1:ff00:2 : None DHCP Relay Destination(s) Maximum Transmission Unit (MTU) : 1500 bytes ND reachable time : 3600000 ms ND advertised retransmit interval : 0 ms ND router advertisements are sent every : 600 sec ND router advertisements lifetime : 1800 sec Host address autoconfiguration : Statefull To display help text for the parameters of the show ipv6 route command: E6000# show ipv6 route ? <WORD> cable-mac connected detail ethernet include-inactive include-pd isis local netmgmt null ospf pd static summary vrf | <cr> - IPv6 network or host of interest Displays IPv6 routes for cable-mac (sub)interface Connected routes (aka netmgmt routes) Shows same routes in a non-abbreviated format Displays IPv6 routes for ethernet (sub)interface Shows active and inactive routes; defaults to displaying only active routes Include IPv6 Prefix Delegation routes in the output Intermediate System to Intermediate System (IS-IS) routes local routes (aka connected routes) netmgmt routes (aka static routes) Displays IPv6 routes for null interfaces Open Shortest Path First (OSPF) Prefix Delegation routes Static routes (aka netmgmt routes) Show total routes for each routing protocol VRF name Output modifiers There are various forms of the show ipv6 route command that you can use to display the IPv6 route table entries for an IPv6 address or interface. Sample output: Codes: Issue 1.0, 4 Feb 2013 (L1) internal level-1, (eL2) external level-2 (E1) external type-1, (E) external ACT Active-IS, (L2) internal level-2, (S) summary, (E2) external type-2, IS Inactive-IS, (eL1) external level-1, (IA) internal area, (I) internal, OOS Inactive-OOS Dist/ © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-14 PRELIMINARY E6000 CER Release 1.0 IPv6 Route Dest / mask ====================== 2002::/64 2001:CADA:F409:1700/64 2001:CADA:F409:1710/64 2001:CADA:F409:C100/64 IPv6 and Show Cable Modem Commands Act === ACT ACT ACT ACT IPv6 Next Hop Metric Protocol RouteAge Interface ================================= ========= ========= ======= =========== 2002::2 0/0 local 6 days cMac 1.0 2001:CADA:F409:1700::2 0/0 local 6 days gigE 6/0.0 2001:CADA:F409:1710::2 0/0 local 6 days TenGg 6/10.0 2001:CADA:F409:C100::1 0/0 local 6 days cMac 1.0 The following command is widely used to display cable modem status information. The output displays the IPv6 address for the CM and the number of CPE. See the command show cable modem on page 44-1051 for detailed information on the available keywords. To display the system description information with the IP Address: show cable modem system-description See the list of parameters for the show cable modem on page 44-1051 command for more information. To display the type of CM address, IPV4 or IPV6, use the following: show cable modem detail The CM must have either an IPv4 or an IPv6 address, not both. For example: E6000# show cable modem detail <mac> Sample output: Jan 11 17:06:17 12/0/0-1/0/0 CM 001d.cd87.653e (Arris) D3.0 State=Operational D1.1/atdma PrimSID=8247 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1 RCP_ID= 0x0010000008 RCC_Stat= 9, RCS=0x01000001 TCS=0x01000001 Timing Offset=1091 Rec Power= 0.00 dBmV Proto-Throttle=Normal dsPartialServMask=0x00000000 usPartialServMask=0x00000000 Uptime= 0 days 0:01:12 IPv6=fc00:cada:c431:c001:9150:488b:e212:300 cfg=789_ttm_bpi_nphs_dsx.bin LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Ready Ver=BPI Plus Authorized DES56 Primary SAId=8247 Seq=1 MDF Capability= GMAC Promiscuous(2) MDF Mode= MDF Enabled(1) u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports uB 345 8247 Activ BE 0 64000 24 3755 0 0 1/0/0-3 dB 346 173 Activ 0 64000 34 13144 0 0 12/0/0-7 uB 395 8248 Activ BE 0 1100000 23 3467 0 0 1/0/0-3 dB 396 198 Activ 0 6600000 71 16638 0 0 12/0/0-7 L2VPN per CM: (Disabled) Current CPE=1, IPv4 Addr=1, IPv6 Addr=0 Max CPE=5, IPv4 Addr=32, IPv6 Addr=64 CPE(MTA) 001d.cd87.653f Filter-Group:Up=0 Down=0 Proto-Throttle=Normal IPv4=10.131.0.44 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-15 PRELIMINARY E6000 CER Release 1.0 IPv6 Proxy Duplicate Address Detection When a CPE or client requests an address duplication check using a Neighbor Solicitation (NS) message, the E6000 CER checks the Neighbor Discovery (ND) cache to see if the target address is being used. The E6000 CER is called a proxy in this case because it responds for the client that already has the requested address. If the IPv6 address is being used, then the E6000 CER sends a Neighbor Advertisement (NA) message on behalf of the client that already has this address. The requesting client should honor this DAD message by acquiring a different address. If the target address in the NS message is not in use, then the E6000 CER takes no action. This feature applies to cable interfaces only. It is always on and has no configuration settings. Use the following command to set the number of neighbor solicitation messages sent to detect duplicate addresses. configure interface ethernet <6-7>/<0-7>[.<0-254>]> ipv6 nd dad attempts <0-600> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-16 PRELIMINARY E6000 CER Release 1.0 IPv6 DHCPv6 PDRI and Bulk Lease Query DHCPv6 Prefix Delegation with Route Injection (PDRI) is a feature that allows a customer premise equipment (CPE) router to obtain an IPv6 prefix from a DHCPv6 server and allows the E6000 CER to learn the prefix as a valid route. The CPE router then assigns IPv6 addresses from within this prefix to its directly connected CPEs. Prefix Delegation Prefix Delegation consists of an exchange of messages between the DHCPv6 server and the CPE router. The DHCPv6 server delegates or assigns prefixes to the CPE routers. The CPE routers then assign IPv6 addresses to the CPEs (clients) behind them using the routers’ delegated prefixes. DHCPv6 SERVER DHCP PD DHCP Prefix Delegation and Route Injection take place in the E6000 CER. The E6000 CER snoops only on DHCPv6-Reply and -Release messages.The PD defined in the messages is then injected into the local E6000 CER routing table. E6000 CER DHCP PD REQUEST CPE CLIENT CPE ROUTER These IPv6 addresses are from within the delegated prefix. CPE CLIENT Figure 21-1: Block Diagram of PDRI Feature Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-17 E6000 CER Release 1.0 PRELIMINARY IPv6 CPE routers use the link-local IP address in DHCPv6 messages in accordance with RFC 3315, Section 16, Client Source Address and Interface Specification. The DHCPv6 relay agent within the E6000 CER relays the DHCPv6 messages between the DHCPv6 server(s) and all directly connected CPEs and CPE routers on the cable side of the E6000 CER. The relay agent processes the PD options within the DHCPv6 messages, extracts the prefixes (routes), and adds them to the route table. This process of adding PD routes to the E6000 CER route table is referred to as Route Injection, which is needed to route traffic destined to IPv6 clients behind CPE routers. The E6000 CER marks injected routes as having protocol type PD. Their admin distance is configurable. The default distance is 2. Manually configured static routes have higher priority because their admin distance is 1. Route Injection can be enabled or disabled either per interface or globally, but the Prefix Delegation subfeature is always enabled in the E6000 CER. The E6000 CER recognizes the Identity Association for Prefix Delegation (IA_PD) options present in DHCPv6 messages in order to update the PD database. Routes from the PD database are used to update the E6000 CER route table. When the DHCPv6 server attempts to assign the same or overlapping prefixes to a different CPE, the E6000 CER checks its routing table and uses the lease query mechanism to verify the server’s records of the two prefixes (clients) in question. If the lease query response proves that the E6000 CER routing table is out of sync with the server, then the E6000 CER updates its routing table accordingly. However, if the E6000 CER routing table is in sync with the server but the server is mistakenly trying to assign the same or overlapping prefixes to a different client, then the E6000 CER logs a message (at the warning level) without injecting the most recent route. The E6000 CER supports up to a maximum of four prefixes per CPE router. Prefixes beyond that are not learned by the PD database or injected into the route table. See also Table 3-4, IPv4 and IPv6 Supported Routes, on page 3-9. If route injection is disabled globally, then all routes learned or injected by the PD feature are purged from the route table. If route injection is enabled globally and on an interface, then the E6000 CER injects all prefixes learned on that interface. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-18 PRELIMINARY E6000 CER Release 1.0 CLI Commands for PDRI IPv6 The following table lists the CLI commands used to configure and show PDRI: Table 21-5: CLI Commands for Prefix Delegation and Route Injection Command Purpose configure ipv6 pd-route-injection [no] Enable [disable] route injection globally. Default = enabled. configure interface cable-mac <WORD> ipv6 pd-route-injection [no] Enable [disable] route injection on a given cable-mac interface. clear ipv6 route pd {<all> | <pre-fix/length> | cable-mac <WORD>} Delete all entries or a specific entry (or all entries from a specific cable-mac). configure ipv6 route pd-data-retrieve {<link local ipv6-address> | all | cable-mac < WORD>} Retrieve the delegated prefixes from the DHCPv6 server for a specified link-local address, all devices, or a cable-mac. This requires bulk lease query. configure ipv6 router pd distance <INT> configure ipv6 router pd distance [<INT>] no Change or set the admin distance of PD injected routes in the route table. Default = 2. Use of the NO parameter restores the default. configure router isis address-family ipv6 redistribute pd [metric <INT>] [metric-type {internal | external}] {level-1 | level-2} [tag tag-value] [no] Enable [disable] redistribution of static PD routes to the ISIS IPv6 routing protocol. configure router isis address-family ipv6 redistribute pd-summary <PD prefix> [metric <INT>] [metric-type {internal | external}] {level-1 | level-2} [tag tag-value] [no] Enable [disable] redistribution of summary PD routes to the ISIS IPv6 routing protocol. configure ipv6 router ospf redistribute pd <metric [value] | metric-type [internal|external] | tag [value]> [no] Enable [disable] redistribution of prefix delegated routes in OSPFv3. show ipv6 pd-route-injection Displays PD route-injection configuration both globally and for individual cable-mac interfaces. show ipv6 route summary Shows a summary of all IPv6 routes, including the number of PD routes. show interface cable-mac <WORD> show ipv6 interface cable-mac <WORD> Shows status of the interface. Status of PD route injection is included in the results. show ipv6 route { pd | include-pd } Shows IPv6 routes including PD routes and their status. To show only IPv6 routes of type PD then use the first version of this command. To show all IPv6 routes including PD routes then use the second version of this command. show ipv6 pd database [<link local ipv6-address>] Displays the contents of the prefix delegation database. If the link-local address is supplied, the command filters on that address. show cable modem detail <mac address> Includes active delegated prefixes associated with the CM specified in the command. configure logging debug dhcpv6 pd [no] To enable [disable] debug logging of updates and events related to the PD database use the first command. configure logging debug dhcpv6 pd blq [no] The second command logs all Bulk Lease Query connections and messages between the E6000 CER and the DHCPv6 server. The [no] version disables logging. show logging history Issue 1.0, 4 Feb 2013 Use show logging history to display the logs of these commands. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-19 PRELIMINARY E6000 CER Release 1.0 Bulk Lease Query IPv6 The E6000 CER uses Bulk Lease Query as a means to recover binding information from the DHCPv6 server(s) in the event of a reboot. You can also use the Bulk Lease Query CLI commands to refresh the PD database manually if necessary. This binding information is used to restore routing to delegated prefixes. (See RFC 5460, DHCPv6 Bulk Lease Query). The E6000 CER issues a query of this type whenever a cable-mac virtual router interface (vri), in other words, a layer 3 interface, becomes operational. This approach keeps the PD database up to date. The Source IP (SIP) of bulk lease query messages is the same as the SIP of the DHCPv6 Relay Forward messages. Table 21-6: 1. CLI Commands for Bulk Lease Query Command Purpose configure ipv6 route pd-data-retrieve all Restore PD database entries for all cable-mac interfaces. configure ipv6 route pd-data-retrieve cable-mac <number> Restore PD database entries for a specific cable-mac interface. configure ipv6 route pd-data-retrieve [cpe ipv6 address]a Restore PD database entries for a specific CPE router. Where cpe ipv6 address is the link-local address of the CPE router. clear ipv6 route pd all Delete all PD database entries. clear ipv6 route pd cable-mac <number> Delete PD database entries for a specific cable-mac interface. clear ipv6 route pd [ipv6-address/prefix] Delete a specified PD prefix entry from the PD database. a. Because this command uses UDP it is technically a Lease Query operation. Bulk Lease Query uses the TCP protocol. Examples of Show Commands There are number of versions of the show ipv6 route command: CER# show ipv6 route ? <WORD> cable-mac connected detail ethernet include-inactive include-pd isis local netmgmt null ospf pd Issue 1.0, 4 Feb 2013 - IPv6 network or host of interest Displays IPv6 routes for cable-mac (sub)interface Connected routes (aka netmgmt routes) Shows same routes in a non-abbreviated format Displays IPv6 routes for ethernet (sub)interface Shows active and inactive routes; defaults to displaying only active routes Include IPv6 Prefix Delegation routes in the output Intermediate System to Intermediate System (IS-IS) routes local routes (aka connected routes) netmgmt routes (aka static routes) Displays IPv6 routes for null interfaces Open Shortest Path First (OSPF) Prefix Delegation routes © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-20 PRELIMINARY E6000 CER Release 1.0 static summary vrf | <cr> IPv6 - Static routes (aka netmgmt routes) - Show total routes for each routing protocol - VRF name - Output modifiers The following are examples of system responses to various show commands from a E6000 CER that has learned a single PD route. The highlighted line shows that Prefix Delegation has been enabled on this interface. show ipv6 interface cable-mac 1 cable-mac 1.0 Admin State / Oper State Link-local address Site-local address(es) Joined group address(es) DHCP Relay Destination(s) : : : : Up / IS fe80::201:5cff:fe61:2c46/10 fc00:cada:c435:c001::1, subnet is fc00:cada:c435:c001::/64 FF02::1 FF02::2 FF02::1:FF61:2c46 ff02::1:ff00:1 : fc00:cada:c435:ed00::3 for Traffic Type "any" Maximum Transmission Unit (MTU) : 1500 bytes ND reachable time : 3600000 ms ND advertised retransmit interval : 0 ms ND router advertisements are sent every : 600 sec ND router advertisements lifetime : 1800 sec Host address autoconfiguration : Statefull Prefix Delegation Route Injection : ENABLED show ipv6 route pd-route-injection Global PD Route Injection: Prefix Stability : Interface -------------------cable-mac 1.0 ENABLED ENABLED PDRI State ---------ENABLED show ipv6 route include-pd Codes: (L1) internal level-1, (eL2) external level-2 (E1) external type-1, (E) external ACT Active-IS, (L2) internal level-2, (S) summary, (E2) external type-2, (eL1) external level-1, (IA) inter-area, (I) internal, OOS Inactive-OOS Dist/ IPv6 Route Dest / mask Act Next Hop Metric Protocol RouteAge Interface ====================== === ======================================= ========= ========= ======== ============== ::/0 ACT fc00:cada:c422:1700::1 1/0 netmgmt 23:06:38 gigE 17/0.0 Issue 1.0, 4 Feb 2013 IS Inactive-IS, © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-21 PRELIMINARY E6000 CER Release 1.0 ::/0 fc00:cada:c422:1700/64 fc00:cada:c422:1701/64 fc00:cada:c422:1702/64 fc00:cada:c422:1703/64 fc00:cada:c422:1705/64 fc00:cada:c422:1800/64 fc00:cada:c422:1802/64 fc00:cada:c422:1803/64 fc00:cada:c422:1807/64 fc00:cada:c422:c001/64 fc0d:c422:ffff:ff00/64 fc0d:c422:ffff:ff01/64 fc0d:c422:ffff:ff04/64 fc0d:c422:ffff:ff05/64 fc0d:c422:ffff:ff06/64 fc0d:c422:ffff:ff07/64 fc0d:c422:ffff:ff08/64 ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT ACT fc00:cada:c422:1800::1 fc00:cada:c422:1700::2 fc00:cada:c422:1701::2 fc00:cada:c422:1702::2 fc00:cada:c422:1703::2 fc00:cada:c422:1705::2 fc00:cada:c422:1800::2 fc00:cada:c422:1802::2 fc00:cada:c422:1803::2 fc00:cada:c422:1807::2 fc00:cada:c422:c001::1 fe80::215:cf00:1f:d7 fe80::215:cf00:1f:b5 fe80::215:cf00:1f:5d fe80::215:cf00:1f:91 fe80::215:cf00:1f:d5 fe80::215:cf00:1f:d2 fe80::215:cf00:1f:93 IPv6 1/0 0/0 0/0 0/0 0/0 0/0 0/0 0/0 0/0 0/0 0/0 2/0 2/0 2/0 2/0 2/0 2/0 2/0 netmgmt local local local local local local local local local local pd pd pd pd pd pd pd 23:06:38 23:06:38 23:06:43 23:06:43 23:06:42 23:06:42 23:10:54 23:10:53 23:10:53 23:10:52 23:08:08 00:00:25 00:00:26 00:00:27 00:00:26 00:00:25 00:00:25 00:00:26 gigE gigE gigE gigE gigE gigE gigE gigE gigE gigE cMac cMac cMac cMac cMac cMac cMac cMac 18/0.0 17/0.0 17/1.0 17/2.0 17/3.0 17/5.0 18/0.0 18/2.0 18/3.0 18/7.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 1.0 show ipv6 route summary IPv6 routing table name is default(1) Route Source Routes ============ ====== Local 9 Netmgmt 1 PD 1 VR Total 11 Total 11 show ipv6 pd database IPv6 Route Dest: Next Hop: CM: Interface: IA ID: preferred-lifetime: valid-lifetime: T1: T2: Expires: Issue 1.0, 4 Feb 2013 2001:db8:0:f00::/56 fe80::216:46ff:fe88:5ab4 0015.d187.3b5d cable-mac 1.0 0x00290001 10000 604800 10000 20000 Feb 04 2011 11:15:42 AM (604108 seconds) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-22 PRELIMINARY E6000 CER Release 1.0 IPv6 IPv6 Prefix Stability Using Prefix-Stability in E6000 CERs IPv6 Prefix Stability feature is an enhancement to the existing Prefix Delegation and Route Injection (PDRI) feature. The PDRI feature allows the E6000 CER to learn IPv6 PD type routes as they are given via DHCPv6 to requesting IPv6 gateways. The E6000 CER keeps the PD route for the duration of the lease time. The Prefix Stability feature allows an IPv6 gateway/CPE to move seamlessly to another E6000 CER while keeping the same IPv6 Prefix Delegation (PD), as long as lease has not expired. This section describes the CLI commands and provides sample configurations for the Prefix-Stability feature. Configuration examples are provided for ISIS and OSPFv3 (OSPF for IPv6) as IGPs used in the network. PD-1: FC0D:C422:FFFF::/48 PD-2: FC0D:C420:FFFF::/48 PD-3: 2009:0DB8:85A2:0631::/64 North Bound Router (NBR) Level 1 IS-IS or OSPF PD-1: FC0D:C422:FFFF::/48 PD-2: FC0D:C420:FFFF::/48 Move CM Cable Modem 1 (with or without embedded Gateway CPE) PD-3: 2009:0DB8:85A2:0631::/64 Figure 21-2: Scenario for Prefix Stability Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-23 PRELIMINARY E6000 CER Release 1.0 IPv6 The setup in Figure 21-2 shows two E6000 CERs or CMTSs connected to one northbound router (NBR). In this scenario the cable modem is initially connected to the first one but then is moved to the second one as a result of node split. The DHCPv6 server is configured to delegate the IPv6 prefixes to CER-1 and CER-2. There are three different prefix ranges configured in this example. First, any residential subscriber on CER-1 is always delegated one of the /64 IPv6 prefixes from the pool FC0D:C422:FFFF::/48. Second, any residential subscriber on CER-2 is always delegated one of the /64 prefixes from the pool FC0D:C420:FFFF::/48. A third prefix, 2009:0DB8:85A2:0631::/64, is a floating prefix and is delegated to a commercial customer, no matter which of the two E6000 CERs this commercial customer may be connected to. NOTE: DHCPv6 Server For more information on how the E6000 CER uses IS-IS, Multiple Topology IS-IS, and OSPF (including OSPFv3), see the appropriate sections of the Dynamic Routing Protocols chapter. The procedure below provides an example of Prefix Stability configured to use isis. It assumes a Level 1 type node. Configure the DHCPv6 server to allocate a static IPv6 PD route to the gateway/CPE behind this modem. Static IPv6 PD means if a modem/CPE is moved from CER-1 to CER-2 or vice versa, the DHCPv6 Server will lease the same IPv6 PD to this gateway/CPE. Procedure 21-1: Configuring Prefix Stability Using ISIS Configuring CER-1 There are two parts of this procedure. Part 1 is the configuration of the first E6000 CER. 1 Configure ISIS at the node level: configure router isis is-type level-1 configure router isis net 47.0001.0002.0003.0004.00 configure router isis metric-style wide level-1-2 configure router isis address-family ipv6 multi-topology configure router isis address-family ipv6 enable configure router isis address-family ipv4 enable no 2 Configure the ISIS circuit: configure interface ethernet 6/2.0 ipv6 address 2001:cada:c422:1702::2/64 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-24 PRELIMINARY E6000 CER Release 1.0 IPv6 configure interface ethernet 6/2.0 ipv6 router isis configure interface ethernet 6/2.0 isis protocol no shutdown 3 Configure a static null route for the aggregated range of the PD: configure ipv6 route fc0d:c422:ffff::/48 null 0 4 Configure access list to deny redistribution of a range of PD routes that should not get advertised individually (also known as prefixes for residential customers): configure ipv6 access-list list1 deny fc0d:c422:ffff::/48 configure ipv6 access-list list1 permit any 5 Configure the redistributing routes in ISIS. The PD routes for the static commercial range should appear as ISIS LSP. The static route for the aggregated range should appear as one ISIS LSP for the entire range (null route). configure router isis address-family ipv6 distribute-list list1 out pd configure router isis address-family ipv6 redistribute static level-1 6 The following command line must be identical on all participating E6000 CERs. In particular, the metric type and metric value in this command must be exactly the same for all E6000 CERs configured to handle the route collisions that result from moving the commercial customers from one E6000 CER to another. configure router isis address-family ipv6 redistribute pd level-1 7 Enable ISIS: configure router isis shutdown no 8 Enable PDRI (enabled by default): configure ipv6 pd-route-injection configure interface cable-mac 1.0 ipv6 pd-route-injection 9 Enable Prefix Stability (enabled by default): configure ipv6 prefix-stability Configuring CER-2 The second part of this procedure begins here. It serves to configure the second E6000 CER in this example of Prefix Stability using IS-IS. 1 Configure IS-IS at the node level: configure router isis is-type level-1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-25 PRELIMINARY E6000 CER Release 1.0 IPv6 configure router isis net 47.0001.0002.0003.0044.00 configure router isis metric-style wide level-1-2 configure router isis address-family ipv6 multi-topology configure router isis address-family ipv6 enable configure router isis address-family ipv4 enable no 2 Configure the IS-IS circuit: configure interface ethernet 6/2.0 ipv6 address 2001:cada:c420:1702::2/64 configure interface ethernet 6/2.0 ipv6 router isis configure interface ethernet 6/2.0 isis protocol no shutdown 3 Configure the static null route for aggregated range of PD: configure ipv6 route fc0d:c420:ffff::/48 null 0 4 Configure the access list to deny redistribution range of PD routes that should not be advertised individually (also known as prefixes for residential customers): configure ipv6 access-list list1 deny configure ipv6 access-list list1 permit any 5 fc0d:c420:ffff::/48 Configure the redistributing routes in IS-IS. The PD routes for static commercial range should appear as IS-IS LSP. The static route for aggregated range should appear as one IS-IS LSP for the entire range (null route). configure router isis address-family ipv6 redistribute static level-1 configure router isis address-family ipv6 distribute-list list1 out pd 6 The following command line must be identical on all participating E6000 CERs. In particular, the metric type and metric value in this command must be exactly the same for all E6000 CERs configured to handle the route collisions that result from moving the commercial customers from one E6000 CER to another. configure router isis address-family ipv6 redistribute pd level-1 7 Enable IS-IS: configure router isis shutdown no 8 Enable PDRI (enabled by default): configure ipv6 pd-route-injection configure interface cable-mac 1.0 ipv6 pd-route-injection Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-26 PRELIMINARY E6000 CER Release 1.0 9 IPv6 Enable Prefix Stability (enabled by default): configure ipv6 prefix-stability — End of Procedure — Procedure 21-2: Configuring Prefix Stability Using OSPF CER-1 There are two parts of this procedure. Part 1 is the configuration of the first E6000 CER. 1 Configure OSPF at router level: configure ipv6 router ospf router-id 22.22.22.22 2 Configure the OSPF interfaces: configure interface ethernet 6/2.0 ipv6 address 2001:cada:c422:1702::2/64 configure interface ethernet 6/2.0 ipv6 ospf area 0.0.0.0 3 Configure the static null route for the aggregated range of PDs: configure ipv6 route fc0d:c422:ffff::/48 null 0 4 Configure an access list to deny the redistribution range of PD routes that should not be advertised individually (also known as prefixes for residential customers): configure ipv6 access-list list1 deny configure ipv6 access-list list1 permit any 5 fc0d:c422:ffff::/48 Configure redistribution routes in OSPF as follows. The PD routes for static commercial range should appear as OSPF LSAs. The static route for the aggregated range should appear as one OSPF LSA for the entire range (null route). configure ipv6 router ospf distribute-list list1 out pd configure ipv6 router ospf redistribute static metric 1 6 The following command line must be identical on all participating E6000 CERs. In particular, the metric type and metric value in this command must be exactly the same for all E6000 CERs configured to handle the route collisions that result from moving the commercial customers from one E6000 CER to another. configure ipv6 router ospf redistribute pd metric 1 7 Enable OSPF: configure ipv6 router ospf no shutdown Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-27 PRELIMINARY E6000 CER Release 1.0 8 IPv6 Enable PDRI (enabled by default): configure ipv6 pd-route-injection configure interface cable-mac 1.0 ipv6 pd-route-injection 9 Enable Prefix Stability (enabled by default): configure ipv6 prefix-stability — End of Procedure — CER-2 The second part of this procedure begins here. It serves to configure the second E6000 CER in this example of Prefix Stability with OSPF. 1 Configure OSPF at the router level: configure ipv6 router ospf router-id 20.20.20.20 2 Configure the OSPF interfaces: configure interface ethernet 6/2.0 ipv6 address 2001:cada:c420:1702::2/64 configure interface ethernet 6/2.0 ipv6 ospf area 0.0.0.0 3 Configure the static null route for the aggregated range of PDs: configure ipv6 route fc0d:c420:ffff::/48 null 0 4 Configure an access list to deny the redistribution range of PD routes that should not get advertised individually (also known as prefixes for residential customers): configure ipv6 access-list list1 deny configure ipv6 access-list list1 permit any 5 fc0d:c420:ffff::/48 Configure the redistribution routes in OSPF. The PD routes for the static commercial range should appear as OSPF LSAs. The static route for the aggregated range should appear as one OSPF LSA for the entire range (null route). configure ipv6 router ospf distribute-list list1 out pd configure ipv6 router ospf redistribute static metric 1 6 The following configuration line must be identical on all participating E6000 CERs. In particular, the metric type and metric value in this command must be exactly the same for all E6000 CERs configured to handle the route collisions that result from moving the commercial customers from one E6000 CER to another. configure ipv6 router ospf redistribute pd metric 1 7 Issue 1.0, 4 Feb 2013 Enable OSPF: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-28 PRELIMINARY E6000 CER Release 1.0 IPv6 configure ipv6 router ospf no shutdown 8 Enable PDRI (enabled by default): configure ipv6 pd-route-injection configure interface cable-mac 1.0 ipv6 pd-route-injection 9 Enable Prefix Stability (enabled by default): configure ipv6 prefix-stability — End of Procedure — Verifying PrefixStability After all configuration is completed and a modem is registered on CER-1 and has PD 2009:0DB8:85A2:0631::/64 delegated to it, move the modem to CER-2. When the modem gets moved to CER-2, verify that it gets the same PD (2009:0DB8:85A2:0631::/64) from the DHCPv6 server. This causes a collision, since both CER-1 and CER-2 have the PD route for this prefix. This collision is detected by both E6000 CERs while processing the IGP packets because both E6000 CERs are redistributing these PD routes into IGP. When the collision is detected, both E6000 CERs check to see if the modem is online. CER-1 finds that modem is offline and purges the PD route for this prefix. CER-2 finds that modem is online and keeps the PD route in its routing table. This clears up the collision since CER-1 removed the PD route from its routing table and IGP no longer has two updates from two different E6000 CERs for the same route. Verify that the PDs belonging to the residential customers in one E6000 CER are not visible in the other E6000 CER . The second E6000 CER should have only one route, learned through IGP, representing all of the residential customers in the first E6000 CER and vice versa. For example: CER-2 will see only one route FC0D:C422:FFFF::/48 advertised by CER-1. Similarly, CER-1 will see only one route FC0D:C420:FFFF::/48 advertised by CER-2. The PD 2009:0DB8:85A2:0631::/64 is for the commercial customer and is seen by both the E6000 CERs. In one E6000 CER it is a PD route; in the other it is an IGP learned route. Below are the outputs from the show route command for the IS-IS configuration discussed above after the modem has been moved. These outputs, one for each E6000 CER, show that each of the E6000 CERs has four residential PDs delegated in addition to the one commercial customer who moved from CER-1 to CER-2. CER# show ipv6 route include-pd Codes: Issue 1.0, 4 Feb 2013 (L1) internal level-1, (eL2) external level-2 (E1) external type-1, (L2) internal level-2, (S) summary, (E2) external type-2, (eL1) external level-1, (IA) inter-area, (I) internal, © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-29 PRELIMINARY E6000 CER Release 1.0 (E) ACT external Active-IS, IS Inactive-IS, IPv6 Route Dest / mask Act Next Hop ================ === =============================== ::/0 ACT 2001:cada:c422:1700::1 2009:0db8:85a2:0631/64 ACT fe80::216:46ff:fe88:5bbf fc0d:c420:ffff::/48 ACT fe80::216:46ff:fe88:5bbf fc0d:c422:ffff::/48 ACT :: fc0d:c422:ffff:25::/64 ACT fe80::217:13ff:fe05:122 fc0d:c422:ffff:26::/64 ACT fe80::217:13ff:fe05:108 fc0d:c422:ffff:27::/64 ACT fe80::217:13ff:fe05:10d fc0d:c422:ffff:28::/64 ACT fe80::217:13ff:fe05:101 2001:cada:c422:1702/64 ACT 2001:cada:c422:1702::2 IPv6 OOS Inactive-OOS Dist/ Metric Protocol RouteAge Interface ====== ======== ======= ========= 1/0 netmgmt 4 days gigE 6/2.0 18/20 isis(eL1) 00:01:10 gigE 6/2.0 118/20 isis(eL1) 00:02:10 gigE 6/2.0 1/0 netmgmt 4 days null 0 2/0 pd 01:46:46 cMac 1.0 2/0 pd 01:46:46 cMac 1.0 2/0 pd 01:46:46 cMac 1.0 2/0 pd 01:46:46 cMac 1.0 0/0 local 02:18:46 gigE 6/2.0 CER# show ipv6 route include-pd Codes: (L1) internal level-1, (eL2) external level-2 (E1) external type-1, (E) external ACT Active-IS, (L2) internal level-2, (S) summary, (E2) external type-2, IS Inactive-IS, IPv6 Route Dest / mask Act Next Hop ================= === ============================= ::/0 ACT 2001:cada:c420:1702::1 2009:0db8:85a2:0631/64 ACT fe80::216:46ff:fe88:2aaf fc0d:c420:ffff::/48 ACT :: fc0d:c420:ffff:25::/64 ACT fe80::217:13ff:fe05:122 fc0d:c420:ffff:26::/64 ACT fe80::217:13ff:fe05:108 fc0d:c420:ffff:27::/64 ACT fe80::217:13ff:fe05:10d fc0d:c420:ffff:28::/64 ACT fe80::217:13ff:fe05:101 fc0d:c422:ffff::/48 ACT fe80::217:13ff:fe05:105 2001:cada:c420:1702/64 ACT 2001:cada:c420:1702::2 (eL1) external level-1, (IA) inter-area, (I) internal, OOS Inactive-OOS Dist/ Metric Protocol RouteAge ====== ======= ======== 1/0 netmgmt 02:18:46 2/0 pd 00:01:15 1/0 netmgmt 01:39:55 2/0 pd 01:46:46 2/0 pd 01:46:46 2/0 pd 01:46:46 2/0 pd 01:46:46 118/20 isis(eL1) 00:02:10 0/0 local 02:18:46 Interface =========== gigE 6/2.0 cMac 1.0 null 0 cMac 1.0 cMac 1.0 cMac 1.0 cMac 1.0 gigE 6/2.0 gigE 6/2.0 For OSPF IGP, the route protocol type will be ospf(E1) instead of isis(eL1) for all OSPF learned routes. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-30 PRELIMINARY E6000 CER Release 1.0 Debug Logging IPv6 Logging should be turned on for debugging only and should be turned off in live systems. The following command can be issued (before moving the modem) to see the logging messages when the route collision is detected. configure logging debug dhcpv6 pd prefix-stab When the route collision is detected and debug logging is turned on, messages similar to the following appear in the logs: On CER-1: CER# show logging history 19:44:19 6 debg: Debug:dhcpv6.pd.prefix-stab:Prefix Stability Enabled: Received notification of IGP(ISIS) route conflict for PD Prefix - Prefix 2009:0DB8:85A2:0631::/64 NHIP :: 19:44:19 6 debg: Debug:dhcpv6.pd.prefix-stab:Checking that modem 00:15:cf:9a:4b:e1 is online for PD Prefix 2009:0DB8:85A2:0631::/64 NHIP fe80::200:ff:fe00:5 19:44:19 6 warn: IPv6 Prefix-Stability: CM 00:15:cf:9a:4b:e1 is offline - deleting PD Prefix 2009:0DB8:85A2:0631::/64 NHIP fe80::200:ff:fe00:5 On CER-2: CER# show logging history 17:57:26 7 debg: Debug:dhcpv6.pd.prefix-stab:Prefix Stability Enabled: Received notification of PD Prefix conflict for IGP(ISIS) route - Prefix 2009:0DB8:85A2:0631::/64 NHIP fe80::217:13ff:fe05:105 17:57:26 7 debg: Debug:dhcpv6.pd.prefix-stab:Checking that modem 00:15:cf:9a:4b:e1 is online for PD Prefix 2009:0DB8:85A2:0631::/64 NHIP fe80::216:46ff:fe88:2aaf 17:57:26 7 debg: Debug:dhcpv6.pd.prefix-stab:CM 00:15:cf:9a:4b:e1 is online - keeping PD Prefix 2009:0DB8:85A2:0631::/64 NHIP fe80::216:46ff:fe88:2aaf Operational Concerns It is important that Prefix-Stability is configured correctly in order to see the expected results. The following are some possible configuration errors: Issue 1.0, 4 Feb 2013 • If one of the participating E6000 CERs is not configured to redistribute PD routes and yet a commercial customer was moved from or to this E6000 CER, then the two E6000 CERs will not detect the collision. The collision can be detected only by IGP protocol packets generated as result of redistributing the PD routes. Make sure the participating E6000 CERs are configured to redistribute the PDs that are expected to move. • Make sure all participating E6000 CERs are redistributing the PDs into the IGP using the same metric type (i.e. Internal or External Metric type in IS-IS and External Type 1 or External Type 2 in OSPF) and the same metric value. Different metric values © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-31 PRELIMINARY E6000 CER Release 1.0 IPv6 or different metric types in participating E6000 CERs would alter the IGP protocol’s processing logic and hence IGPs would behave differently (as far as their route selection criteria is concerned). This would impact the detection of route collisions. Participating E6000 CERs are those that expect to see a set of commercial customers moved among them. • Make sure that the address ranges for commercial and residential customers are different and non- overlapping. If these address ranges are mixed or overlapping, there will be unexpected collisions. Whenever collisions are detected, the E6000 CERs check to see if the modem is online or offline and accordingly keep or delete the PD route. Bad configurations can result in the deletion of routes incorrectly if the modems in question happen to be offline at that time. • The OSPF area type must be either Regular or NSSA. Other area types will not be able to process the Type 5 or Type 7 LSAs that are generated by OSPF when PD routes are redistributed; as a result, route collision detection will not work. • The IS-IS Node type must be either L1 or L2. The IS-IS Node Type L1L2 is not supported for use with Prefix Stability. Such a configuration would generate an excessive amount of TLVs for all E6000 CERs to process. The DOCSIS MULPI Specification, version 3.0, contains a description of this feature. The E6000 CER implements this feature using IPv6 distribute lists and route snooping. It is expected that MSOs will use route snooping primarily for commercial customers who must maintain the same leased IPv6 prefix when there are node splits. IPv6 distribute lists will be used to aggregate PDRI routes for all other customers. IPv6 Prefix Stability is enabled by default. To disable this feature use the following command: configure ipv6 prefix-stability no Cleaning up Stale Routes for IPv6 Prefix Stability Issue 1.0, 4 Feb 2013 Route snooping provides an automatic mechanism to clean up previously established PDRI routes that subsequently have been moved to a different E6000 CER. When a routing protocol indicates that a route from such a prefix is listed in the routing tables of two E6000 CERs, then the E6000 CERs establish which one has a connected cable modem using that route. The E6000 CER that determines that the CM associated with that route is offline deletes that route from its routing table. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-32 PRELIMINARY E6000 CER Release 1.0 IPv6 IPv6 Distribute Lists IPv6 Distribute Lists allow certain routes, including PDRI routes, to be and advertised (redistributed) via a null route. ACLs are used to specify IP-based filters. The distribute lists specify the type of redistributed route (connected, static, or PD) on which the filter is to be applied. The E6000 CER supports the application of distribute lists to the following types of IPv6 route redistribution: • Connected into OSPFv3 and IS-IS • Static into OSPFv3 and IS-IS • Prefix Delegation (PD) into OSPFv3 and IS-IS Use the procedure below to create an example of a distribute list that redistributes PD routes into OSPFv3. In this example the system operator wants to redistribute PD routes via OSPFv3, but there is one particular route (fc00:cada:c420:c001::2/64) that he does not want to be redistributed. NOTE: For more information see Route Redistribution for IPv4 Addresses on page 14-72. Procedure 21-3: Sample Distribute List for OSPFv3 PD Routes 1 Redistribute PD routes via OSPFv3: configure ipv6 router ospf redistribute pd 2 Define an access list with the particular IP address to be denied: configure ipv6 access-list ingress_acl deny fc00:cada:c420:c001::2/64 3 Configure the access list to permit everything else: configure ipv6 access-list ingress_acl permit any 4 Configure the access list to filter outbound redistributed PD routes: configure ipv6 router ospf distribute-list ingress_acl out pd 5 Confirm and verify your work: show distribute-list — End of Procedure — Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 21-33 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved IPv6 PRELIMINARY 21-34 PRELIMINARY E6000 CER Release 1.0 22 IP Video IP Video Overview 1 IP Video Functionality 3 ASM Architecture 5 SSM Architecture 6 IP Video Provisioning 8 Configure Multicast Routing 13 IP Video Visibility 14 IP Video Monitoring and Management 23 Overview The goal of an IP Video Architecture is to provide a means for delivering video services using Internet Protocol to the TV, PC, and/or handheld devices of consumers through a broadband access network. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-1 PRELIMINARY E6000 CER Release 1.0 IP Video The Quality of Service (QoS) functions ensure that the subscriber receives a suitable level of service and that video content is delivered in a reliable manner. IP Video provides the capability for searching available video content using a fast and easy approach, as well as providing the ability to utilize various modes including pause, rewind, and fast-forward. The IP Video over DOCSIS approach uses the E6000™ Converged Edge Router to send managed IP video packets over a DOCSIS delivery system via the Hybrid Fiber Coax (HFC) network. This is the way that IP packets are transported from the head-end to the home. Some of the benefits of IP Video over DOCSIS are: • Increased number of programs that can be offered due to Statistical Multiplexing Gain resulting from DOCSIS 3.0 Channel Bonding • High availability characteristics provided by the E6000™ Converged Edge Routers can be extended to IP Video • Channel efficiencies resulting from Switched Digital Video-like (SDV-like) operation provided by the dynamic activation of service flows and IP multicast streams within the E6000 CER • The E6000 CER QoS functionality that manages and limits the bandwidth of third-party IP Video content from the Internet allows that content to be safely multiplexed into the mix of the MSO-managed video streams. Figure 22-1: IP Video Architecture Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-2 PRELIMINARY E6000 CER Release 1.0 IP Video IP Video Functionality The IP Video architecture incorporates different functional areas that are integrated into single subsystems which reduce the total number of required system components to be managed. These system functions include: • Video Customer Premise Equipment (CPE) • Video Management • Video Access Subscriber Management and Billing ARRIS ServAssure ARRIS Portal Server Video CPE Video Management (QoS, DRM, Bandwidth, Encryption, Media) (Simple Control of Content for all 3 screens, Monitoring, Advertising, Billing) Content Acquisition ARRIS VIPr Transcoder DRM ARRIS XMS Video Server ARRIS ConvergeMedia Management Suite ARRIS E6000 CER ARRIS Media Player PC Portal ARRIS Multimedia Gateway Mobile Portal Video Access (QoS, Capacity, Metrics) Figure 22-2: IP Video Subsystems Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-3 PRELIMINARY E6000 CER Release 1.0 Video CPE IP Video The Video CPE function consists of the following subsystems: Media player/PC portal/mobile portal — These are sometimes called the IP Video clients and include the application software that is implemented on the hardware platforms. They participate in authentication and authorization activities and appropriate encryption requests. Media (IP Video) gateway — Provides the interface between the Hybrid Fiber Coaxial (HFC) network and home network to act as the primary interface for IP Video streams entering the home. Video Management The Video Management functions reside in the headend and involve the following subsystems: Content acquisition — This acts as a “card catalog” for the local video library. Digital Rights Management (DRM) — This is responsible for protecting IP Video content from theft using various forms of encryption. DRM registers and authenticates clients, tracking and distributing license certificates to new subscribers. It manages the scope of distribution of the video content. Session manager — Ensures that all the components in the IP Video architecture remain coordinated with one another. Video Access The Video Access function consists of the following subsystems: Transcoder — Resides in the headend and pre-processes IP Video content streams as they arrive from satellite, Over-the-Air antennae, or Over-the-Top IP Video providers who partner with the MSO. Video server — Provides the long-term and short-term storage of video content that is available to subscribers. E6000 CER — Acts as the interface between the headend and the HFC network. It intelligently manages the flow of IP video streams onto the dedicated IP Video DOCSIS channels of the HFC plant. It also provides routing functions into and out of the “last mile” connection on the internet. Valid Multicast Address Ranges The following multicast addresses are supported by the E6000 CER: • SSM ranges 232.0.0.1 to 232.255.255.255 and 239.0.0.0 to 239.255.255.255 • ASM ranges 224.0.1.0 to 231.255.255.255 and 239.0.0.0 to 239.255.255.255 Additional information is provided in Chapter 23, Multicast. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-4 PRELIMINARY E6000 CER Release 1.0 IP Video ASM Architecture The E6000 CER provides multicast capabilities including support for forwarding multicast traffic to hosts that have dynamically joined an IP multicast group at address G from any multicast source. The notation used to describe this is (*,G). This is known as Any Source Multicast (ASM). On the E6000 CER, ASM is supported on the network-side interface via the IGMPv2 protocol. The control protocol, IGMP, allows hosts to dynamically join an IP multicast group. Multicast Video Sources (S1) Internet 7/0 IGMPv2 6/0 IGMPv2 E6000 CER IGMPv3 D3.0 Modem IGMPv2 CPE Host Figure 22-3: ASM Architecture Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-5 PRELIMINARY E6000 CER Release 1.0 ASM Components IP Video The ASM architecture consists of several components, including: • IGMPv2 host on the network side • IGMPv3 router/querier on the cable side • Host IGMPv2 joins received on the cable side to the network side • MDF enabled mac-domain • IGMPv2 CPE host • Proxy converts the cable-side router to network-side host in the E6000 CER • Video Source is the source of video packets used (Unicast or Multicast) SSM Architecture With Source-Specific Multicast (SSM), clients join a selected IP multicast group at address G from a specific multicast source at host IP address S. The notation used to describe this is (S, G). On the E6000 CER, SSM is supported on the network-side interface via the PIM-SSM protocol. SSM requires support of Multicast DSID-based Forwarding (MDF) which means that the E6000 CER and the CM must both be MDF-enabled. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-6 PRELIMINARY E6000 CER Release 1.0 IP Video Multicast Video Sources (S1) Internet PIM-SSM IGMPv3 D3.0 Modem IGMPv3 CPE Host Figure 22-4: SSM Architecture SSM Components Issue 1.0, 4 Feb 2013 The SSM architecture consists of several components, including: • PIM-SSM on the network side • PIM-SSM on the cable side as passive • IGMPv3 router/querier on the cable side • MDF-enabled mac-domain • IGMPv3 clients (CPE) • Video Source is the source of video packets used (Multicast) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-7 PRELIMINARY E6000 CER Release 1.0 IP Video IP Video Provisioning Several E6000 CER elements must be provisioned for the IP Video feature. Some of these are explained in greater detail in other chapters, including Chapter 23, Multicast and Chapter 25, PacketCable™ Services and Voice Applications. The following is a general list of what needs to be provisioned: • Multicast DSID-based Forwarding (MDF) must be configured for each cable-mac in use. • The MSO user’s IP video attribute definitions must be communicated to the E6000 CER via the video encoding attribute mask. These definitions allow the E6000 CER to identify the downstream channels upon which it must collect extra IP Video statistics. • Configure channels and bonding groups with attribute masks defined. • Configure QoS and service class attributes through defined Service Class Names (SCNs). • Configure multicast routing. The following procedures and steps provide information on how to provision and configure the IP Video feature. This is an example of how to set up an ASM configuration from start-to-finish. Note that the example CLI commands are shown with sample parameters or values. More information on the commands and parameters are found in the Chapter 44, Command Line Descriptions. Configure MDF To enable Multicast DSID-based Forwarding (MDF) for each cable-mac in use, enter the following commands: configure interface cable-mac 1 shutdown configure interface cable-mac 1 cable mcast-fwd-by-dsid configure interface cable-mac 1 no shutdown Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-8 PRELIMINARY E6000 CER Release 1.0 Video Encoding Attribute Mask/ Service Flow Attributes IP Video The use of attribute masks in the assignment of service flows to downstream bonding groups and channels is described in Channel Assignment on page 20-2. When viewed in a slightly different manner, an individual downstream channel’s attribute mask can provide a hint of the types of service flows which will use the channel. This aspect of attribute masks is leveraged to allow the E6000 CER to selectively collect extra IP Video statistics only on the channels that are to carry IP Video services. However, the bit-level encoding of an attribute mask is not specified by the DOCSIS 3.0 standard and is left to be defined by the MSO user. Because of this, the E6000 CER must be told which bit or bits in an attribute mask indicate an IP video capability. The MSO user communicates the IP Video bit encoding(s) by setting the bit(s) in the video encoding attribute mask. The E6000 CER will compare the bits set in the video encoding attribute mask against the bits set in each individual downstream channel’s attribute mask to determine upon which channels to collect IP Video statistics. Note that the attribute mask in downstream bonding groups is NOT used for this purpose. The video encoding attribute mask is used for monitoring and management. The characteristics include: • Bits are set in the video encoding attribute mask. Multiple bits can be used to differentiate types of video (For example, VOD versus linear can be identified.) • The attribute masks are configured for each downstream channels for which video metrics are to be gathered. Procedure 22-1: Configure Video Encoding Attribute Mask 1 To configure the video encoding attribute mask, enter: configure ip-video attribute-encoding 0x00000002 2 To display the IP Video encoding attribute mask value: show ip-video global 3 If desired, configure the individual DS channel attributes to segregate HSD (12/1/0 through 12/1/3) and Video (12/1/4 through 12/1/7) using connector as shown in this example. For HSD: configure interface cable-downstream 12/1/0 cable attribute-mask value 0x80000001 configure interface cable-downstream 12/1/1 cable attribute-mask value 0x80000001 configure interface cable-downstream 12/1/2 cable attribute-mask value 0x80000001 configure interface cable-downstream 12/1/3 cable attribute-mask value 0x80000001 For Video encoding: configure interface cable-downstream 12/1/4 cable attribute-mask value 0x80000002 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-9 E6000 CER Release 1.0 PRELIMINARY IP Video configure interface cable-downstream 12/1/5 cable attribute-mask value 0x80000002 configure interface cable-downstream 12/1/6 cable attribute-mask value 0x80000002 configure interface cable-downstream 12/1/7 cable attribute-mask value 0x80000002 For video downstreams (12/1/4 - 12/1/7), you can disable primary-capable so that legacy modems do not use them by entering: configure interface cable-downstream 12/1/4 shutdown configure interface cable-downstream 12/1/5 shutdown configure interface cable-downstream 12/1/6 shutdown configure interface cable-downstream 12/1/7 shutdown configure interface cable-downstream 12/1/4 cable primary-capable no configure interface cable-downstream 12/1/5 cable primary-capable no configure interface cable-downstream 12/1/6 cable primary-capable no configure interface cable-downstream 12/1/7 cable primary-capable no configure interface cable-downstream 12/1/4 shutdown no configure interface cable-downstream 12/1/5 shutdown no configure interface cable-downstream 12/1/6 shutdown no configure interface cable-downstream 12/1/7 shutdown no — End of Procedure — Configure QoS Groups Creating a QoS Group includes configuring Service Class Names (SCNs) with the required attribute mask to match the video attribute and channel attribute, configuring an entry of the Multicast Group QoS (GQC) table, and configuring the Multicast QoS Groups (GC) and assigning to the GQC ID. The following is an example of how to create from one to four different QoS groups with different max-rates for the various devices on which the video will be used. It also provides an example of having session ranges. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-10 PRELIMINARY E6000 CER Release 1.0 IP Video Procedure 22-2: To Create Different QoS Groups for Different Devices 1 If only one group configuration is required, enter these commands: configure qos-sc name video-3d max-tr-rate 12000000 required-attr-mask-value 0x80000002 dir 1 configure cable multicast group-qos 1 scn video-3d configure cable multicast qos group 1 group-qos 1 session-range 235.1.1.1/24 source 0.0.0.0/32 2 To configure additional QoS groups (three groups in this case), enter the following commands: configure qos-sc name video-hd max-tr-rate 8000000 required-attr-mask-value 0x80000002 dir 1 priority 3 configure cable multicast group-qos 2 scn video-hd configure cable multicast qos group 2 group-qos 2 session-range 236.1.1.1/24 source 0.0.0.0/32 configure qos-sc name video-pc max-tr-rate 3000000 required-attr-mask-value 0x80000002 dir 1 priority 3 configure cable multicast group-qos 3 scn video-pc configure cable multicast qos group 3 group-qos 3 session-range 237.1.1.1/24 source 0.0.0.0/32 configure qos-sc name video-handheld max-tr-rate 300000 required-attr-mask-value 0x80000002 dir 1 priority 3 configure cable multicast group-qos 4 scn video-handheld configure cable multicast qos group 4 group-qos 4 session-range 238.1.1.1/24 source 0.0.0.0/32 3 Enable multicast with the following: configure interface cable-mac 1.0 ip igmp configure interface cable-mac 1.0 ip igmp version 3 configure interface cable-mac 1.0 ip igmp proxy-interface ethernet 6/0 configure interface cable-mac 1.0 ip igmp backup-proxy-interface ethernet 7/0 configure interface ethernet 6/0.0 ip igmp configure interface ethernet 6/0.0 ip igmp version 2 configure interface ethernet 7/0.0 ip igmp configure interface Ethernet 7/0.0 ip igmp version 2 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-11 PRELIMINARY E6000 CER Release 1.0 4 IP Video Configure the fiber-node for the all the downstreams: configure cable fiber-node FN1 configure cable fiber-node FN1 cable-downstream 12/1/0 12/1/1 12/1/2 12/1/3 12/1/4 12/1/5 12/1/6 12/1/7 configure cable fiber-node FN1 cable-upstream 1/0/0 1/0/1 1/0/2 1/0/3 Configure Bonding Groups Downstream dynamic bonding must be disabled; requiring the configuration of all downstream bonding groups for the following reason: If a multiple downstream CM registers at a fiber node that carries more channels than the CM can support at one time, then the E6000 CER must make a choice as to which channels to assign the CM to use for its downstream channel set. As opposed to statically configured service flows, the E6000 CER does not know which channels a CM may need for any dynamically created (for PCMM or IGMP, for example) service flows at the time that the CM registers. Since the E6000 CER does not currently move a CM’s downstream channels after it registers, all static bonding groups must be configured to include the channels that may be assigned to the dynamic service flows. This example displays how to disable dynamic downstream channel bonding on the cable-mac and create two static bonding groups for the HSD and video configurations. 1 To disable downstream dynamic bonding: configure interface cable-mac 1 cable downstream-bonding-group dynamic enable no 2 To enable static bonding for the HSD group: configure interface cable-mac 1 cable downstream-bonding-group 1 cable-downstream 12/1/0 12/1/1 12/1/2 12/1/3 configure interface cable-mac 1 cable downstream-bonding-group 1 attribute-mask value 0x80000001 3 To enable static bonding for the Video group: configure interface cable-mac 1 cable downstream-bonding-group 2 cable-downstream 12/1/4 12/1/5 12/1/6 12/1/7 configure interface cable-mac 1 cable downstream-bonding-group 2 attribute-mask value 0x80000002 Note that sample outputs for some commands for the IP Video feature are located the section IP Video Visibility on page 22-14. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-12 PRELIMINARY E6000 CER Release 1.0 IP Video Configure Multicast Routing The previous section provided an example of setting up an ASM configuration. The following procedure summarizes the E6000 CER routing configuration part of the IP Video provisioning process for the IGMPv3 cable-macs and PIM-SSM (SSM) using MDF-enabled. Configure SSM This procedure addresses the SSM architecture for configuring IP Video. 1 Enable the router/querier on the cable-mac. Default is IGMPv2: configure interface cable-mac 1 ip igmp 2 Enable the router/querier on the cable-mac to IGMPv3: configure interface cable-mac 1 ip igmp version 3 3 Enable multicast routing: configure ip multicast-routing 4 Configure PIM-SSM on the cable-mac as passive: configure interface cable-mac 1 ip pim sparse-mode-ssm passive 5 Enable PIM-SSM on the network interface: configure interface ethernet 7/0 ip pim sparse-mode-ssm Additional Configuration References The following is a list of references to other chapters for additional information to provision the IP Video feature. Issue 1.0, 4 Feb 2013 • For configuring individual downstream and upstream channels in the MD-DS-SG, see Chapter 13, Cable-side Configuration. • For configuring downstream bonding groups and channels, see Chapter 20, Channel Bonding. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-13 PRELIMINARY E6000 CER Release 1.0 IP Video IP Video Visibility Numerous commands support and verify the configurations associated with the IP Video feature and the status of related elements. This section provides a list of commands with output examples. Verify the configuration with these commands: show interface cable-mac 1 multicast mcast-fwd-by-dsid cable-mac --------1 multicast forwarding by DSID ---------------------------true show ip-video global Attribute bit(s) indicating type of IP Video: Time between DBC messages sent to a single modem: IP Multicast is subject to CAC: Per-channel limit for IP multicast: 0x00000000 100 msec false ----- show interface cable-downstream 12/1/4 Downstream Port 12/1/4 --------------Port state: Connector: Channel-ID: Cable-Mac: Primary-Capable: Upstream Ports: Cable Standard: Frequency (Hz): Interleave depth (no of taps): Modulation: Provisioned Power (tenth of dBmV): Measured Power (tenth of dBmV): Power Fine Adjustment (steps): Max Round Trip Delay(microseconds): Load Balance Group Id: Max Allowable Normal Voice BW (%): Reserved Normal Voice BW (%): Max Allowable Emergency Voice BW (%): Reserved Emergency Voice BW (%): Max Allowed Total (Emergency + Normal) (%): Emergency Preemption: Token Bucket Mode: Issue 1.0, 4 Feb 2013 IS 0 5 1 False 5/4/0-3 5/5/0-11 Annex B from ITU-J83 645000000 32 q256 490 488 0 1600 16779264 50 0 70 0 70 enabled shape © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-14 PRELIMINARY E6000 CER Release 1.0 Automatic Gain Control: Attribute Mask: IP Video enabled 0x80000002 show cable multicast qos group Group ---------1 2 3 4 Group-QoS --------1 2 3 4 Priority -------0 0 0 0 Session-Range ------------------235.1.1.1/24 236.1.1.1/24 237.1.1.1/24 238.1.1.1/24 Source ------------------0.0.0.0/24 0.0.0.0/24 0.0.0.0/24 0.0.0.0/24 low high mask --------------0 255 0 0 255 0 0 255 0 0 255 0 show cable multicast group-qos Group-QoS --------1 2 3 4 QoS-Sc Name(SCN) ---------------video-3d video-hd video-pc video-handheld QoSCtrl ---------------singleSession singleSession singleSession singleSession show qos-sc video-3d QOS Service Class Name: Relative Service Flow Priority: Max Sustained Traffic Rate (bits/sec): Max Traffic Burst (bytes): Min Reserved Rate (bits/sec): Min Reserved Packet Size (bytes): Max Concat Burst for US flow (bytes): Nominal Poll Interval (microseconds): Poll Jitter (microseconds): Unsolicited Grant Size (bytes): Nominal Grant Interval (microseconds): Grant Jitter (microseconds): Data Grants Per Nominal Grant Interval: Max Latency for DS flows (microseconds): Active Timeout (seconds): Admitted Timeout (seconds): Upstream Scheduling Service: Request Policy: TosQos and-mask: TosQos or-mask: Interface Direction: Peak Traffic Rate: Required Attr Mask: Forbidden Attr Mask: Attr Aggr Rule Mask: Scheduling algorithm: Issue 1.0, 4 Feb 2013 video-3d 0 12000000 3044 0 0 1522 0 0 0 0 0 0 0 0 200 Best Effort 0x00000000 0x00 0x00 Downstream 0 0x00000000 0x00000000 0x80000002 normal © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-15 PRELIMINARY E6000 CER Release 1.0 IP Video To verify bonding group information: CER# show cable bonding-group-status Cable -mac ----1 1 1 1 1 1 1 1 chSetId ---------0x01000007 0x01000008 0x01000009 0x0100000a 0x01000005 0x01000006 0x01000007 0x01000008 mDSsg/ mUSsg ------D1 D1 D1 D1 U1 U4 U3 U2 CfgId ------dynamic dynamic dynamic dynamic dynamic dynamic dynamic dynamic AttrMask -------------------------- CER# show cable channel-sets Cable -mac ----1 1 1 1 1 1 1 1 1 1 1 1 chSetId DS/US Channel Set ---------- ----- --------------------------------------------------------------------------0x00000100 DS 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 0x01000007 DS 12/0/0 12/0/1 12/0/7 0x01000008 DS 12/0/0 12/0/1 12/0/2 12/0/3 12/0/4 12/0/5 12/0/6 12/0/7 0x01000009 0x0100000a 0x00000100 0x00000101 0x00000102 0x00000103 0x01000005 0x01000006 0x01000007 DS DS US US US US US US US 12/0/1 12/0/0 3/6/0 3/7/0 3/7/4 3/7/8 3/6/0 3/7/8 3/7/4 12/0/2 12/0/5 3/6/1 3/7/1 3/7/5 3/7/9 3/6/1 3/7/9 3/7/5 12/0/3 12/0/6 3/6/2 3/7/2 3/7/6 3/7/10 3/6/2 3/7/10 3/7/6 12/0/4 12/0/7 3/6/3 3/7/3 3/7/7 3/7/11 3/6/3 3/7/11 3/7/7 To verify router configurations, use the following commands: show ip igmp interfaces Sample output: IGMP interface cable-mac 1: IGMP host configured version is 2 IGMP host version 1 querier timer is 0h0m0s IGMP host version 2 querier timer is 0h0m0s IGMP router configured version is 2 IGMP query interval is 125 seconds IGMP max query response time is 10000 ms IGMP last member query response interval is 1000 ms Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-16 E6000 CER Release 1.0 PRELIMINARY IP Video IGMP proxy interface is Ethernet 6/0 IGMP backup proxy interface is Ethernet 7/0 IGMP active proxy interface is Ethernet 6/0 IGMP rcv 4 pkts over interval 38 second(s) for avg 0 pkts/sec IGMP snd 1 pkts over interval 38 second(s) for avg 0 pkts/sec IGMP host robustness is 2 IGMP robustness is 2 IGMP activity: 6 joins, 1 groups, 0 wrong version queries Inbound IGMP access group is not set IGMP querying router is 192.168.180.1 Multicast groups joined by this system: 224.0.0.22 IGMP interface Ethernet 6/0: IGMP host configured version is 2 IGMP host version 1 querier timer is 0h0m0s IGMP host version 2 querier timer is 0h0m0s IGMP router configured version is 2 IGMP query interval is 125 seconds IGMP max query response time is 10000 ms IGMP last member query response interval is 1000 ms IGMP proxy interface is none IGMP backup proxy interface is none IGMP active proxy interface is none IGMP rcv 0 pkts over interval 38 second(s) for avg 0 pkts/sec IGMP snd 2 pkts over interval 38 second(s) for avg 0 pkts/sec IGMP host robustness is 2 IGMP robustness is 2 IGMP activity: 6 joins, 1 groups, 0 wrong version queries Inbound IGMP access group is not set IGMP querying router is 192.168.176.1 Multicast groups joined by this system: 224.0.0.5 224.0.0.22 235.1.1.1 IGMP interface Ethernet 7/0: IGMP host configured version is 2 IGMP host version 1 querier timer is 0h0m0s IGMP host version 2 querier timer is 0h0m0s IGMP host robustness is 2 Multicast groups joined by this system: 224.0.0.5 224.0.0.22 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-17 PRELIMINARY E6000 CER Release 1.0 IP Video show ip igmp groups IGMP Connected Group Membership Group Address Interface 235.1.1.1 cable-mac 1 235.1.1.1 Ethernet 7/0 Uptime 0d0h0m 0d0h0m Expires 0h3m42s 0h3m46s V1 Timer 0h0m0s 0h0m0s V2 Timer 0h3m42s 0h3m46s Last Reporter 192.168.180.3 192.168.176.2 show ip igmp groups host IGMP Host Group/Source Membership Group Address Interface 224.0.0.22 loopback 0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/0.0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/1.0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/3.0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/4.0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/6.0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/7.0 Group filter-mode: Exclude Empty source list 224.0.0.22 cable-mac 1.0 Group filter-mode: Exclude Empty source list 224.0.0.22 ethernet 7/1.1 Group filter-mode: Exclude Empty source list 224.0.0.22 cable-mac 1.1 Group filter-mode: Exclude Empty source list Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-18 PRELIMINARY E6000 CER Release 1.0 IP Video show ip mroute IP Multicast Forwarding Table (*, 235.1.1.1), packets: 123 Incoming interface: Ethernet 6/0 Outgoing interface list: cable-mac 1 PIM IP Multicast Routing Table No PIM routes (The following command is used for SSM only.) show ip pim interface PIM Interface Table Address Interface 10.108.0.1 10.58.1.2 10.58.10.2 10.58.129.2 10.58.138.2 cable-mac 1 ethernet 7/1 ethernet 7/2 ethernet 6/1 ethernet 6/2 Nbr Count 0 1 1 1 1 Query Intvl 30 30 30 30 30 DR 10.108.0.1 10.58.1.2 10.58.10.2 10.58.129.2 10.58.138.2 (The following command is used for SSM only.) show ip pim neighbor PIM Neighbor Table Neighbor Interface Address 10.58.1.1 ethernet 7/1 10.58.10.1 ethernet 7/2 10.58.129.1 ethernet 6/1 10.58.138.1 ethernet 6/2 Uptime/Expires 0d0h23m/0h1m37s 0d0h22m/0h1m32s 0d0h21m/0h1m36s 0d0h21m/0h1m36s DR Priority 1 1 1 1 show ip igmp groups detail IGMP Connected Group Membership Group Address Interface 235.1.1.1 cable-mac 1 Group filter-mode: Exclude Empty source list 235.1.1.1 ethernet 7/0 Group filter-mode: Exclude Empty source list Issue 1.0, 4 Feb 2013 Uptime Expires V1 Timer V2 Timer Last Reporter 0d0h2m 0h1m48s 0h0m0s 0h1m48s 192.168.180.3 0d0h2m 0h3m28s 0h0m0s © 2013 ARRIS Group, Inc. — All Rights Reserved 0h3m28s 192.168.176.2 PRELIMINARY 22-19 PRELIMINARY E6000 CER Release 1.0 IP Video Once IP Video is running, the following commands display additional system information: show cable modem detail 12/0/7-1/0/2 CM 0002.0000.000f (Netwave) D2.0 State=Operational D1.1/atdma PrimSID=1 Cable-Mac= 1, mCMsg = 1 mDSsg = 1 mUSsg = 1, RCS=0x00000008 TCS=0x00000003 Timing Offset=1192 Rec Power= 0.00 dBmV Proto-Throttle=Normal Uptime= 0 days 2:23:20 IPv4=2.0.15.0 cfg=RegReq172 LB Policy=0 LB Group=16779264 Filter-Group CM-Down:0 CM-Up:0 Privacy=Ready Ver=BPI Plus Authorized DES56 Primary SAId=65535 Seq=255 BPI Err MDF Capability= N/A MDF Mode= N/A u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports u 49 1 Activ BE 0 0 0 0 0 0 1/0/2 d 50 25 Activ 0 10000000 0 0 0 0 12/0/7 u 55 3 Activ BE 0 0 0 0 0 0 1/0/2 u 56 4 Activ BE 0 0 0 0 0 0 1/0/2 u 57 5 Activ BE 0 0 0 0 0 0 1/0/2 d 58 28 Activ 0 45000 0 0 0 0 12/0/7 d 59 29 Activ 0 45000 0 0 0 0 12/0/7 d 60 30 Activ 0 45000 0 0 0 0 12/0/7 L2VPN per CM: (Disabled) Current CPE=2, IPv4 Addr=2, IPv6 Addr=2 Max CPE=32, IPv4 Addr=32, IPv6 Addr=64 CPE 0002.0001.000f Filter-Group:Up=0 Down=0 Proto-Throttle=Normal IPv6=fe80:1001:200:f01:2:1: f:1000 +CPE 0002.0001.000f IPv4=2.0.15.1 CPE 0002.0002.000f Filter-Group:Up=0 Down=0 Proto-Throttle=Normal IPv6=fe80:1001:200:f02:2:2: f:1000 +CPE 0002.0002.000f IPv4=2.0.15.2 12/0/7-1/0/6 CM 0002.0000.0013 (Netwave) D2.0 State=Operational D1.1/atdma PrimSID=1 Cable-Mac= 1, mCMsg = 2 mDSsg = 1 mUSsg = 2, RCS=0x00000008 TCS=0x00000007 Timing Offset=1192 Rec Power= 0.00 dBmV Proto-Throttle=Normal Uptime= 0 days 2:23:18 IPv4=2.0.19.0 cfg=RegReq172 LB Policy=0 LB Group=16781312 Filter-Group CM-Down:0 CM-Up:0 Privacy=Ready Ver=BPI Plus Authorized DES56 Primary SAId=1 Seq=1 MDF Capability= N/A MDF Mode= N/A u/d SFID SID State Sched Tmin Tmax DFrms DBytes CRC HCS Slot/Ports u 51 1 Activ BE 0 0 0 0 0 0 1/0/6 d 52 26 Activ 0 10000000 0 0 0 0 12/0/7 u 61 2 Activ BE 0 0 0 0 0 0 1/0/6 u 62 3 Activ BE 0 0 0 0 0 0 1/0/6 u 63 4 Activ BE 0 0 0 0 0 0 1/0/6 d 64 31 Activ 0 45000 0 0 0 0 12/0/7 d 65 32 Activ 0 45000 0 0 0 0 12/0/7 d 66 33 Activ 0 45000 0 0 0 0 12/0/7 NOTE: Issue 1.0, 4 Feb 2013 The show cable modem detail command may result in an extensive amount of data. The above output is only a partial sample. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-20 PRELIMINARY E6000 CER Release 1.0 IP Video show cable multicast db Cbl mac --1 Multicast Session GrpIP --------------------235.1.1.1 Multicast Session SrcIP -----------------------0.0.0.0 DCS ID ---------0x01000009 Grp SFID -------36 Session Type -----IGMP-B CM count ------1 show cable multicast db cm cable-mac 1 grp-service-flow 36 Feb 11 22:09:13 Cable-Mac: 1 Group SFID: 36 Multicast Group IP: 235.1.1.1 Multicast Source IP: 0.0.0.0 DCS ID: 0x01000009 Downstream Channels: 11/4/1,11/4/2,11/4/3,11/4/4 Session Type: IGMP DSID: 22 CM Count: 1 CM-Mac CPE-Mac --------------- -------------001d.cdc3.e454 0011.2513.e249 To show channel rates: show controllers Ethernet 7/0 Issue 1.0, 4 Feb 2013 INGRESS EGRESS INGRESS EGRESS RATE RATE RATE RATE bits/sec from bits/sec to frames/sec from frames/sec to INGRESS INGRESS INGRESS EGRESS EGRESS BYTES FRAMES FRAMES BYTES FRAMES Ethernet Ethernet Ethernet Ethernet from Ethernet from Ethernet dropped at Ethernet sent to Ethernet sent to Ethernet : : : : 1085192 656 100 1 : : : : : 56635388 43491 0 115942 1435 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-21 PRELIMINARY E6000 CER Release 1.0 IP Video show interface cable-downstream 12/1/4 cable ip-video all Feb 11 22:14:15 Hourly IP Video packet counts. Last collected at 22:13:28. Next collection at 23:13:28 video drop counts for entire slot 12 connector 0 (chan 12/1/0-7) IP Video dropped packets: 0 IP Video dropped unicast: 0 IP Video dropped multicast: 0 cable-downstream 12/1/4 IP Video Multicast packets transmitted: 12148 IP Video New Multicast Service Flows set up: 2 IP Video Unicast packets transmitted: 0 IP Video New Unicast Service Flows set up: 0 show interface cable-mac bit-rate Issue 1.0, 4 Feb 2013 DS S/C/P -------5/0/0 5/0/1 5/0/2 5/0/3 5/0/4 5/0/5 5/0/6 5/0/7 Cable Mac ----1 1 1 1 1 1 1 1 Load Bits/sec -----------------2273239 2272321 2272311 2272266 2272528 2272462 2271982 2273363 US S/CG/P -------8/0/0 8/0/1 8/0/2 8/0/3 Cable Mac ----1 1 1 1 Bits/sec -----------0 0 0 0 Instant Bits/sec -----------------2269996 2269874 2270111 2270217 2270767 2270324 2269912 2272056 Mac Instant Bits/sec -----------------968 968 968 968 968 968 968 968 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-22 PRELIMINARY E6000 CER Release 1.0 IP Video IP Video Monitoring and Management To monitor service, activity, and quality, metrics may be collected for the service group and stored internally on the E6000 CER. These counts are collected to help monitor trends over a long period of time. These metrics are collected on an hourly basis on the hour. NOTE: The IP Video metrics collection occurs on the hour. This implies the following: 1. Once initiated, statistics will not be visible until the next changing of the hour. 2. The first hour’s statistics will be suspect as the interval will not be for an entire hour. The set of collected metrics include: • Total number of packets dropped by all channels in the downstream service group • Total number of Multicast packers dropped by all channels in the downstream service group • Total number of Unicast packets dropped by all channels in the downstream service group • Per downstream channel statistics - Total number of linear (multicast) program packets transmitted Total number of linear program packets whose latency percentage exceeded the flow maximum latency Total number of new linear program service flows set up Total number of VOD (unicast) packets transmitted Total number of VOD packets whose latency percentage exceeded the flow maximum latency Total number of new VOD service flows set up CLI commands support setting the multicast and unicast threshold set-ups. For example, to set a value in the attribute mask for monitoring a type of IP Video, enter: configure ip-video attribute-encoding <hex> To display the value of indicated in the attribute mask, enter: show ip-video global To show the current hour per-connector drop counts: show interface cable-downstream <slot/connector/port> cable ip-video drops Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-23 PRELIMINARY E6000 CER Release 1.0 IP Video Sample output: show interface cable-downstream 12/1/4 cable ip-video drops video drop counts for entire connector associated with channel 12/1/4 IP Video dropped packets 370 IP Video dropped unicast 270 IP Video dropped multicast 100 Current Hour Results Counts are collected every hour on the hour. To show current hour results (as a demand-based count): show interface cable-downstream <slot/connector/port> cable ip-video [ drops | multicast | unicast | all ] Note that all is the default. An example of the output: show interface cable-downstream 12/1/0 cable ip-video all video drop counts for entire connector associated with channel 12/1/0 IP Video dropped packets 370 IP Video dropped unicast 270 IP Video dropped multicast 100 cable-downstream 12/1/0: IP Video Multicast packets transmitted 2034556 IP Video New Multicast Service Flows set up 392 IP Video Unicast packets transmitted 9384 IP Video new Unicast Service Flows set up 4923 cable-downstream 12/1/1: IP Video Multicast packets transmitted 2034556 IP Video New Multicast Service Flows set up 392 IP Video Unicast packets transmitted 9384 IP Video new Unicast Service Flows set up 4923 To show counts of one type in vertical histogram format: NOTES: Note that granularity is the number of hours to be summed into one line for display (default is 2 hours). Scale is how many packets/flows is represented by each asterisk. show interface cable-downstream <slot/connector/dport> cable ip-video histogram dropped-pkts [granularity {hours} ] [ scale {packets} ] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-24 E6000 CER Release 1.0 PRELIMINARY IP Video show interface cable-downstream <slot/connector/dport> cable ip-video histogram dropped-unicast [granularity {hours} ] [scale {packets}] show interface cable-downstream <slot/connector/dport> cable ip-video histogram dropped-multicast [granularity {hours}] [scale {packets}] show interface cable-downstream <slot/connector/dport> cable ip-video histogram multicast-pkt [granularity {hours} ] [ scale {packets}] show interface cable-downstream <slot/connector/dport> cable ip-video histogram multicast-flows [granularity {hours} ] [ scale {packets}] show interface cable-downstream <slot/connector/dport> cable ip-video histogram unicast-pkt [granularity {hours} ] [ scale {packets}] show interface cable-downstream <slot/connector/dport> cable ip-video histogram unicast-flows [granularity {hours} ] [ scale {packets}] show interface cable-downstream 3/1/4 cable ip-video histogram multicast-pkt 2011 March 3 15:45:56 Week histogram of multicast-packets received on cable-downstream 3/1/4 Each * represents <10000> packets 15:00 **************** 17:00 ******************************** 19:00 ****************************************** 21:00 ************************************************* 23:00 ************************************** 01:00 (suspect) 03:00 ********************* 05:00 ************ 07:00 ****** (suspect) 11:00 ********* CER> show interface cable-downstream 3/1/4 cable ip-video histogram dropped-pkts scale 10 2011 March 3 15:47:34 Week histogram of dropped packets on connector with cable-downstream 3/1/4 Each symbol represents 10 packets (# represents value too large to display) 15:00 ** 17:00 ****** 19:00 ******** 21:00 ******* 23:00 ****** 01:00 (suspect) 03:00 ** 05:00 ** 07:00 * (suspect) 11:00 ** Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-25 PRELIMINARY E6000 CER Release 1.0 NOTE: IP Video The term “suspect” in the output indicates that the data may reflect counts incorrectly or incompletely for the monitoring period. CLI Commands The following commands are associated with the IP Video feature: Table 22-1: IP Video CLI Commands Purpose Issue 1.0, 4 Feb 2013 CLI Command Configure the multicast Group QoS Configuration (GQC) and assigned SCNs configure cable multicast group-qos <int> scn <scn_name> [no] Set the multicast QoS Group Configuration (GC) and assign to a GQC ID configure cable multicast qos group <int> group-qos <int> Set the priority on the multicast QoS Group Configuration (GC) configure cable multicast qos group <int> [group-qos <int>] priority [<int>] Set multicast Group Configuration SSM or ASM and source IP ranges configure cable multicast qos group <int> [group-qos <int>] session-range <ip_addr> source <ip_addr> Set type of service on the multicast Group Configuration configure cable multicast qos group <int> [group-qos <int>] Set IP Video attribute(s) configure ip-video attribute-encoding <hex> [no] Display IP Video attributes show ip-video global Display multicast GQC show cable multicast group-qos Display multicast QoS Group Configurations show cable multicast qos group Display current per-channel counts show interface cable-downstream <word> cable ip-video [{drops|multicast|unicast|all}] Display channel counts in histogram format show interface cable-downstream <word> cable ip-video histogram {droppedpkt|dropped-multicast|dropped-unicast|multicast-pkt|multicast-flows|unicastpkt|unicast-flows} [granularity <int>] [scale <int>] Display summary of per-channel counts results show interface cable-downstream <word> cable ip-video summary © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 22-26 PRELIMINARY E6000 CER Release 1.0 23 Multicast Multicast IP Multicast 2 IGMP Implementation 3 Protocol-Independent Mode—Source-Specific Multicast 4 Multicast Routing 5 Overview This chapter provides information on Multicast and the Internet Group Management Protocol (IGMP) technology for E6000™ Converged Edge Router applications. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-1 PRELIMINARY E6000 CER Release 1.0 Multicast IP Multicast This section describes the E6000 CER implementation of multicasting as it relates to the handling and forwarding of IP multicast traffic. What is IP Multicast? IP Multicast is an Internet technology that permits a sender to send data (either clear or encrypted) simultaneously to many hosts. Unlike unicasting, multicasting does not send the same data as many times as there are recipients. Furthermore, unlike broadcasting, it does not flood a network by sending packets to all the hosts when they are meant only for some. Multicasting sends the data only to those interfaces on which there are hosts that have requested it. In order to receive a multicast service, hosts must join a multicast group. This multicast group has an associated group address. The source of this multicast traffic sends data to this group address. Any host belonging to the group processes the multicast data. Hosts that do not belong to the group do not process this data. The sender is not required to belong to the group: a multicast server can transmit to the group without belonging to it. Multicast Traffic Multicast traffic is often used for network equipment communication protocols. Network protocols such as Internet Group Management Protocol (IGMP), Routing Information Protocol (RIP), and Open Shortest Path First (OSPF) all communicate via multicast. MDF Multicast DSID-based Forwarding (MDF) is a key component of DOCSIS 3.0 multicast functionality. NOTE: Since MDF supports various applications, caution must be exerted when the MDF-disabled mode is used so that it does not affect other applications in your system. More details are described in the DOCSIS 3.0 MULPI specification. For more information, see the following command: configure interface cable-mac <mac>.<subif> cable mcast-fwd-by-dsid [no] NOTE: Issue 1.0, 4 Feb 2013 The cable-mac must first be shutdown for this change to complete. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-2 PRELIMINARY E6000 CER Release 1.0 Multicast Routing Multicast Two forms of multicast are supported on the E6000 CER: ASM — Any Source Multicast (ASM) denoted as (*,G) ASM is a multicast control technique where clients join a selected multicast group (G) without specifying the source of the multicast traffic. SSM — Source-Specific Multicast (SSM) denoted as (S,G) SSM clients join a selected multicast group and are also able to specify the source (S) from which to receive the packets. Valid Multicast Address Ranges The following multicast addresses are supported by the E6000 CER: • SSM ranges 232.0.0.1 to 232.255.255.255 and 239.0.0.0 to 239.255.255.255 • ASM ranges 224.0.1.0 to 231.255.255.255 and 239.0.0.0 to 239.255.255.255 Exceptions: • • - 232.0.0.0 is reserved and should not be used. IGMP joins in the 224.0.0.0 - 224.0.0.255 range are reserved for the use of routing protocols (e.g. IGMP, OSPF) and other lowlevel topology discovery or maintenance protocols and will be dropped. IGMP joins in the 239.255.X.X range are defined as local non-routable and will be dropped. IGMP joins in this range can be permitted through the use of an IGMP software ACL. (See IGMP ACLs on page 31-7). NOTE: By default, both ASM and SSM IGMP joins are permitted in the 239/8 range. ASM and SSM joins to the same multicast group should be avoided since this will cause conflicts in the forwarding of multicast data traffic. ASM and SSM conflicts in the 239/8 range can be avoided by defining multicast ranges in the QOS group. (See Configure QoS Groups on page 22-10). For all other cases, an ASM join to an SSM group will fail and a SSM join to an ASM group will fail. IGMP Implementation IGMP is an Internet protocol (IP) for managing multicast groups on the Internet and for the IP Video feature. For an overview of standards related to IGMP, see RFCs 2236, 2933, 3376, 4601, and 4607. The E6000 CER supports IGMP version 2 for host and router functionality and IGMP version 3 for router functionality. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-3 PRELIMINARY E6000 CER Release 1.0 Multicast DOCSIS® Compliance for IGMP The DOCSIS® Specifications (SP-RFIv2.0-106-040804 and SP-OSSIv3.0-I12-100611) describe IGMP DOCSIS® 3.0 requirements as either Passive or Active operation modes. IGMP Terminology The following definitions support the IGMP terminology: IGMP Proxy Interface — forwards (proxies) IGMP membership reports on behalf of another interface when using an IGMP proxy configuration. Typically, this is an E6000 CER network interface that proxies IGMP membership reports received from a cable interface. IGMP Host — sends the IGMP membership reports to request multicast data from an IGMP router, for example, the ingress interface of the multicast data. The host function is configured on each E6000 CER interface by default and operates in IGMP version 2 mode. IGMP Router — provides the IGMP query function that is used to track IGMP group membership. The IGMP router must be configured on those interfaces where IGMP group membership is expected to be the destination interface for the forwarding of multicast data. The IGMP router operates in IGMPv2 mode by default once configured. NOTE: IGMPv3 must be used in an MDF-enabled mac-domain for IGMP query signaling. Protocol-Independent Mode—Source-Specific Multicast The PIM-SSM feature permits a router, in this case the E6000 CER, to filter multicast traffic based on the ingress interface and source IP address. The Source-Specific Multicast (SSM) service defines a multicast channel. This channel is defined as a tuple (a way of defining an ordered list). In this case it consists of the source IP address and the multicast group destination address. This design is meant to ensure that only one sender can transmit on this multicast channel; therefore, multicast spamming is eliminated. SSM is useful for eliminating denial-of-service attacks by unauthorized transmission to multicast channels, but is not effective in eliminating malicious attacks such as address spoofing. To perform this filtering the SSM protocol performs a Reverse Path Forward (RPF) lookup on the source IP address of the multicast channel. This routing table search yields the RPF next-hop and ingress router interface for the SSM channel. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-4 PRELIMINARY E6000 CER Release 1.0 Multicast Multicast Routing The E6000 CER Multicast routing supports the following configurations: ASM Configuration — IGMPv2 multicast clients on E6000 CER cable-side interfaces and IGMP proxy on the network-side interfaces. For ASM, the following configuration is supported: • IGMPv2 host on the network side • IGMPv3 router/querier on the cable side • Proxy IGMPv2 joins received on the cable side to the network side • MDF enabled mac-domain • IGMPv2 hosts (CPE) • Video Source(s) - the source of video packets used (Unicast or Multicast) SSM Configuration — IGMPv3 SSM multicast clients on E6000 CER cable-side interfaces and PIM-SSM on E6000 CER network-side interfaces For SSM, the supported configuration is: • PIM-SSM on the network side • PIM-SSM on the cable side as passive • IGMPv3 router/querier on the cable side • MDF-enabled mac-domain • IGMPv3 clients (CPE) • Video Source(s) - the source of video packets used (Unicast or Multicast) Restrictions • NOTE: Issue 1.0, 4 Feb 2013 Simultaneous ASM and SSM configurations on the same mac-domain is not supported. PIM-SSM and IGMP Proxy cannot be configured on the same network-side interface. Also, some combinations of DSG using SSM or ASM are not supported with IGMPv2 or v3 in the same cable-side MAC domain. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-5 PRELIMINARY E6000 CER Release 1.0 Multicast ASM/SSM Configurations The following procedures summarize the E6000 CER routing configuration for IGMPv2 Proxy (ASM) and IGMPv3 cable-macs and PIMSSM (SSM) using MDF-enabled. This describes how to configure the E6000 CER to track IGMP membership from CPEs on a cable interface. These are sent out to the network proxy interface to forward multicast data from the network interface through the E6000 CER to the cable interface. The first procedure addresses the IGMPv2 architecture: Procedure 23-1: Configure Network to Cable ASM Data Forwarding 1 The IGMPv2 host on the network-side interface is enabled when an interface is configured with an IPv4 address. Therefore, no command is needed to configure the host on the network side interface. 2 Enable the IGMP router/querier on the cable-mac. Default is IGMPv2. configure interface cable-mac <mac>.<subif> ip igmp 3 Enable the IGMP router/querier on the cable-mac for IGMPv3. configure interface cable-mac <mac>.<subif> ip igmp version 3 4 Enable the IGMP primary proxy interface joins received which is used to proxy membership reports on the cable-mac to be the network-side interface: configure interface cable-mac <mac>.<subif> ip igmp proxy-interface ethernet <slot>/<port> 5 Configure the IGMP backup proxy interface joins received on the cable-mac to an alternate network side interface if the primary is down. configure interface cable-mac <mac>.<subif> ip igmp backup-proxy-interface ethernet <slot>/<port> — End of Procedure — The following procedure addresses the SSM architecture for configuring with IP Video: Procedure 23-2: Configure Network to Cable SSM Data Forwarding 1 Issue 1.0, 4 Feb 2013 Enable the IGMP router/querier on the cable-mac. Default is IGMPv2: © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-6 PRELIMINARY E6000 CER Release 1.0 Multicast configure interface cable-mac <mac>.<subif> ip igmp 2 Enable the IGMP router/querier on the cable-mac to IGMPv3: configure interface cable-mac <mac>.<subif> ip igmp version 3 3 Enable multicast routing: configure ip multicast-routing 4 Configure PIM-SSM on the cable-mac as passive: configure interface cable-mac <mac>.<subif> ip pim sparse-mode-ssm passive 5 Enable PIM-SSM on the network interfaces: configure interface ethernet <slot>/<port>[.<subif>] ip pim sparse-mode-ssm — End of Procedure — IGMP Visibility Several commands support and verify router information and configurations. This section provides a list of commands with output examples. To verify router configurations: CER# show ip igmp interfaces <cable-mac 1> IGMP interface cable-mac 1: IGMP host configured version is 2 IGMP host version 1 querier timer is 0h0m0s IGMP host version 2 querier timer is 0h0m0s IGMP router configured version is 2 IGMP query interval is 125 seconds IGMP max query response time is 10000 ms IGMP last member query response interval is 1000 ms IGMP proxy interface is none IGMP backup proxy interface is none IGMP active proxy interface is none IGMP rcv 711 pkts over interval 4906 second(s) for avg 0 pkts/sec IGMP snd 41 pkts over interval 4906 second(s) for avg 0 pkts/sec IGMP host robustness is 2 IGMP robustness is 2 IGMP activity: 14 joins, 0 groups, 0 wrong version queries Inbound IGMP access group is not set IGMP querying router is 10.105.0.1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-7 PRELIMINARY E6000 CER Release 1.0 Multicast Multicast groups joined by this system: 224.0.0.22 Note that the output to the following command contains information on both dynamic (in blue) and static joins. CER# show ip igmp groups <cable-mac 1> IGMP Connected Group Membership Group Address Interface 232.20.20.1 cable-mac 1 235.10.0.124 cable-mac 1 235.52.0.127 cable-mac 1 235.52.0.129 cable-mac 1 235.52.0.133 cable-mac 1 235.52.3.12 cable-mac 1 235.53.0.0 cable-mac 1 235.53.0.23 cable-mac 1 235.53.0.123 cable-mac 1 Uptime 0d22h2m 0d22h4m 0d22h9m 0d22h5m 0d22h5m 0d22h5m 0d22h5m 0d22h5m 0d22h5m Expires 0h2m44s 0h2m41s never never never never never never never V1 Timer 0h0m0s 0h0m0s N/A N/A N/A N/A N/A N/A N/A V2 Timer 0h0m0s 0h2m41s N/A N/A N/A N/A N/A N/A N/A Last Reporter 10.110.63.250 10.110.58.239 N/A N/A N/A N/A N/A N/A N/A CER# show ip igmp groups host <cable-mac 1> IGMP Host Group/Source Membership Group Address Interface 224.0.0.22 cable-mac 1 Group filter-mode: Exclude Empty source list CER# show ip mroute <233.1.1.2> IP Multicast Forwarding Table (233.1.1.2, 68.86.134.102), packets: 15653407 Incoming interface: ethernet 7/5 Outgoing interface list: cable-mac 2 (233.1.1.2, 68.86.134.102), packets: 16654212 Incoming interface: ethernet 7/10 Outgoing interface list: cable-mac 2 PIM IP Multicast Routing Table (233.1.1.2, 68.86.134.102), 0d16h51m Incoming interface: Ethernet 7/1.0, RPF nbr 10.58.10.1 Outgoing interface: cable-mac 1 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-8 PRELIMINARY E6000 CER Release 1.0 Multicast (The following command is used for SSM only.) CER# show ip pim interface PIM Interface Table Address Interface 10.58.1.2 10.58.10.2 10.58.129.2 10.58.138.2 10.108.0.1 Ethernet 6/1.0 Ethernet 6/1.0 Ethernet 7/1.0 Ethernet 7/1.0 cable-mac 1.0 1 1 1 1 0 Nbr Count 30 30 30 30 30 Query DR Intvl 10.58.1.2 10.58.10.2 10.58.129.2 10.58.138.2 10.108.0.1 (The following command is used for SSM only.) CER# show ip pim neighbor PIM Neighbor Table Neighbor Interface Address 10.58.1.1 Ethernet 6/1.0 10.58.10.1 Ethernet 6/1.0 10.58.129.1 Ethernet 7/1.0 10.58.138.1 Ethernet 7/1.0 Uptime/Expires DR Priority 0d0h23m/0h1m37s 0d0h22m/0h1m32s 0d0h21m/0h1m36s 0d0h21m/0h1m36s 1 1 1 1 CER# show ip igmp groups detail <cable-mac 1> IGMP Connected Group Membership Group Address Interface 232.20.20.1 cable-mac 1.0 Group filter-mode: Include Group source list: (IN) 20.20.20.2 Expires: 0h3m19s Issue 1.0, 4 Feb 2013 Uptime Expires V1 Timer V2 Timer Last Reporter 0d22h8m 0h3m19s 0h0m0s 0h0m0s 10.110.63.250 235.10.0.124 cable-mac 1.0 Group filter-mode: Exclude Empty source list 0d22h9m 0h3m20s 0h0m0s 0h3m20s 10.110.58.239 235.52.0.127 cable-mac 1.0 Group filter-mode: Include Group source list: (IN) 17.17.17.2 Expires: never 0d22h15m never N/A N/A N/A 235.52.0.129 cable-mac 1.0 Group filter-mode: Exclude Empty source list 0d22h10m never N/A N/A N/A 235.52.0.133 cable-mac 1.0 Group filter-mode: Exclude Empty source list 0d22h10m never N/A N/A N/A © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-9 PRELIMINARY E6000 CER Release 1.0 IGMP ACLs Multicast The IGMP ACL feature provides support for standard ACLs that define which multicast groups can be joined on a given interface. In other words, the ACL is provisioned to filter IGMP join requests on the basis of IP subinterfaces (VRIs). Procedure 23-3: Use a standard ACL to Allow Restricted IGMP Range 1 Enable the desired access list on the interface: configure access-list 99 permit 239.255.255.100 0.0.0.0 2 Set the IGMP group access on the interface: configure interface cable-mac 1 ip igmp access-group 99 — End of Procedure — Procedure 23-4: Use an ACL to Deny a Specific Multicast Group 1 Enable the desired access list on the interface: configure access-list 99 deny 225.0.0.1 255.255.255.255 2 Set the IGMP group access on the interface: configure interface cable-mac 1 ip igmp access-group 99 — End of Procedure — Source-specific modes for IGMP are not supported by the IGMP ACL feature. Support for filtering on both source address and group address of IGMP join requests is planned for a future release. A permit ACL entry means that the join is processed normally; a deny ACL entry means the join request is ignored. If the specified access-group does not exist, then all IGMP joins are accepted. If an access-group is specified but the group address does not match any entry in the ACL, then an implicit deny occurs and the join request is ignored. Use show ip igmp interfaces to display the access-group assigned to an interface. If no access-group is assigned, then the text Inbound IGMP access group is not set is displayed. If an access-group is assigned, then the text Inbound IGMP access group is <acl-id> is displayed. The ACL feature supports both names and numbers. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-10 PRELIMINARY E6000 CER Release 1.0 Multicast Static IGMP Joins IGMP memberships can be statically defined in two ways via either a static host join or a static router join. Both methods are capable of static SSM or ASM joins. These were also known as static non-SSM joins. However, the static router join is the preferred method. Static host joins simply has the router itself join a group. The router will act as any other host in the network sending out IGMP membership report messages for the membership. If the IGMP router functionality is turned on for the interface, it sees these membership report messages thus learning about the need for a host on the network to receive traffic for the joined multicast group. The command to do a host join is … configure interface cable-mac <mac>.<subif> ip igmp join-group <group> [source <source>] Static router joins differ from host joins because there is no IGMP messaging involved. If the IGMP router functionality is enabled on the interface doing the static router join, the router both “learns” the membership and also filters out any IGMP membership state received by the router via IGMP membership reports and leaves. No external event can remove the membership. Static router joins can be configured at different interface levels. The first is at the layer 3 interface level where the router statically joins a group for all layer 2 interfaces on a layer 3 (sub)interface for which IGMP router functionality is enabled; the second is at the layer 2 interface or mac-domain level and the third is at the cable-downstream level. Layer 3 Static Joins For a Layer 3 Ethernet interface static join: configure interface ethernet <slot>/<port>[.<subif>] ip igmp static-group <group> [source <source>] For a Layer 3 DCAM cable-side interface static join: configure interface cable-mac <mac>.<subif> ip igmp static-group <group> [source <source>] The second is at the layer 2 interface level where the router statically joins the group on the layer 2 interface for all layer 3 interfaces for which the layer 3 interface contains the layer 2 interface and IGMP router functionality is enabled. NOTE: Layer 2 Static Joins For a Layer 3 static join, the subinterface is needed. For a Layer 2 Ethernet interface static join: configure interface ethernet <slot>/<port>[.<subif>] ip igmp static-group <group> [source <source>] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-11 PRELIMINARY E6000 CER Release 1.0 Multicast For a Layer 2 DCAM cable-side interface static join: configure interface cable-mac <mac> ip igmp static-group <group> [source <source>] The third is at the cable downstream interface level where the router statically joins the group for a given cable downstream. NOTE: For a Layer 2 static join, the subinterface is not used. For a cable downstream interface static join: configure interface cable-downstream <slot/connector/dsport> ip igmp static-group <group> [source <source>] With both the Layer 2 and Layer 3 Static router join command, the no version of the command has the same effect as a router leave command. In addition to configuring the router to not do dynamic multicast (process IGMP messages) for individual multicast groups via static router joins, all IGMP message processing may be turned off in order to allow for a state where all memberships can only be “learned” via static router joins. The IGMP router protocol can be viewed externally as turned off at this point and only the membership tracking functionality is being used internally. The command to do this is: configure interface cable-mac <mac>.<subif> ip igmp multicast-static-only The no version of the command allows dynamic multicast again. CLI Commands Table 23-1 on page-23-12 lists the commands that are directly related to the multicast feature. A brief explanation of the purpose of each command is included. Table 23-1: CLI Commands for Multicast Purpose CLI Command Enable [disable] IGMP on the interface configure interface cable-mac <mac>.<subif> ip igmp [no] configure interface ethernet <slot>/<port>.<subif> ip igmp [no] Change the IGMP router version number for an interface. IGMP host commands. Issue 1.0, 4 Feb 2013 configure interface ethernet <slot>/<port>.<subif> ip igmp version <number> configure interface cable-mac <mac>.<subif> ip igmp host-robustness <int> © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-12 PRELIMINARY E6000 CER Release 1.0 Purpose CLI Command Set the static IGMP router joins for Layer3 (Layer3 joins must include the subinterface.) Issue 1.0, 4 Feb 2013 Multicast configure interface cable-mac <mac>.<subif> ip igmp static-group configure interface ethernet <slot>/<port>.<subif> ip igmp static-group Sets the membership tracking functionality to be used internally. cconfigure interface cable-mac <mac>.<subif> ip igmp multicast-static-only To set proxy memberships from one interface to another configure interface cable-mac <mac>.<subif> ip igmp proxy-interface ethernet <slot/port[.subif]> To change the IGMP version of the router/querier configure interface cable-mac <mac>.<subif> ip igmp version <version> To apply an ACL to permit or deny an IGMP join request configure interface cable-mac <mac>.<subif> ip igmp access-group <acl> Sets up a backup proxy interface. configure interface cable-mac <mac>.<subif> ip igmp backup-proxy-interface ethernet <slot/port[.subif]> Set the last member query interval Default = 10 seconds. Range = 0-255. configure interface cable-mac <mac>.<subif> ip igmp last-member-query <last member query interval> [no] Remove the proxy interface configure interface cable-mac <mac>.<subif> ip igmp no proxy-interface ethernet <slot/port[.subif]> Set the query interval Default = 125 seconds. Range = 0 to (232 - 1). configure interface cable-mac <mac>.<subif> ip igmp query-interval <query interval> Set the query max response time Default = 1 seconds. Range = 0-255. configure interface cable-mac <mac>.<subif> ip igmp query-max-response-time <time> Set the robustness Default = 2. Range = 1-255. configure interface cable-mac <mac>.<subif> ip igmp robustness <robustness> Show the IGMP multicast group membership status show ip igmp groups [slot/port] Display host and router configuration status for all interfaces and all multicast groups joined for each interface. show ip igmp interfaces Display the current host and router configuration status for the cable-mac interface specified. show ip igmp interfaces cable-mac <int> Display the source memberships status for each group membership. show ip igmp interfaces detail © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-13 PRELIMINARY E6000 CER Release 1.0 Purpose Multicast CLI Command Allow the E6000 CER to use IP Multicast for MDF-disabled mode. configure interface cable-mac <mac>.<subif> cable mcast-fwd-by-dsid [no] PIM-Related Commands Issue 1.0, 4 Feb 2013 Change the PIM DR priority, where higher is better. Default = 1 configure interface cable-mac <mac>.<subif> ip pim dr-priority <priority> Change how often PIM sends out hello messages. Default = 30 configure interface cable-mac <mac>.<subif> ip pim query-interval <seconds> Change how often PIM neighbors hold advertised join/prune. Default = 210 configure interface cable-mac <mac>.<subif> ip pim message-holdtime <seconds> Change how often PIM sends join/prune messages. Default = 60 configure interface cable-mac <mac>.<subif> ip pim message-interval <seconds> Change what PIM advertises in the hold time option in hello messages. Default = 105 configure interface cable-mac <mac>.<subif> ip pim hello-time <seconds> Enables PIM-SSM on an interface. configure interface cable-mac <mac>.<subif> ip pim sparse-mode-ssm [passive] Turns on multicast routing before PIM-SSM can be enabled. configure ip multicast-routing Displays the current interfaces for which PIM is configured. show ip pim interfaces Displays learned PIM neighbors. show ip pim neighbor Displays learned PIM multicast routes. show ip mroute Displays group service flow information on multicast cable-mac show cable multicast db cm cable-mac <int> grp-service-flow Enables tracing of IPv4 or IPv6 address to logging history trace logging ipvideo © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 23-14 PRELIMINARY E6000 CER Release 1.0 24 Connection Admission Control Connection Admission Control General CAC Description 2 Multicast CAC Description 3 Configuring CAC 5 Overview This chapter provides information on the Connection Admission Control (CAC) feature that is used to determine if adequate channel bandwidth is available to permit new service flows to be established. This includes Multicast flows (IP Video and DOCSIS Set-Top Gateway or DSG) for the CAC feature. The E6000 CER provides the capability for partitioning the available bandwidth on a per channel basis between telephony (Voice Over IP or VoIP), IP Video, and High Speed Data (HSD) services. The data portion of the channel bandwidth is still allowed to be oversubscribed. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-1 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control General CAC Description CAC is a E6000 CER feature used to determine if adequate resources (specifically, channel bandwidth) are available to permit a new service flow to be established. The CAC feature tracks allocated bandwidth based on the minimum throughput (MinSFRerserved) value of the service flow, and tracks the total allocated bandwidth on a new per channel basis. This total is used to determine if the additional bandwidth for the new flow will exceed a configured threshold for a given channel. Separate “buckets” are used to track the bandwidth allocated for normal voice, emergency voice, and multicast. NOTE: Reserved Bandwidth The Call Management Server (CMS) or Policy Server detect and signal the priority of the call (normal versus emergency) to the E6000 CER. Bandwidth resources can be reserved exclusively for both emergency voice calls and normal voice calls. Reserved percentages are set using CLI commands. Rules that apply to reserved bandwidth implementation include: • Multicast flows may not use bandwidth that was reserved for normal or emergency VoIP calls • Bandwidth that is used for a normal call reserved may be preempted by an emergency VoIP call (up to the maximum emergency call bandwidth threshold) if the system is configured accordingly. PacketCable CAC Description PacketCable (or voice) CAC thresholds for upstream and downstream channels for allowed-normal-voice should be configured so that adequate bandwidth is available for channel management and modem registration purposes. The value for allowed-emergencyvoice should have at least enough bandwidth to do basic channel management of creating and destroying dynamic service flows. The guidelines below provide settings for PacketCable CAC thresholds that should not be exceeded so that the channel can be managed effectively. Exceeding the guidelines could result in a channel becoming overloaded and prevent dynamic service flow set up and tear down. NOTE: Issue 1.0, 4 Feb 2013 PacketCable voice limits do not apply to PCMM unless the gate is specified as a voice flow (Unsolicited Grant Service (UGS) for upstream, or constant bit rate for downstream). The E6000 CER treats non-voice PCMM flows as normal data flows. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-2 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control CAC handles PacketCable MultiMedia priorities and preemption similar to the way they are handled by PacketCable DQoS calls. SIP/PCMM VoIP calls using voice flows are also handled this way. The PCMM specification defines eight levels of priority. On the E6000 CER, these eight levels are mapped to only two priority levels used for PacketCable DQoS calls. One is for normal calls and the other is for emergency calls. Session classes of 0 and 1 for the PCMM gates are mapped to normal calls and all other values are mapped to emergency calls. Downstream PCMM flows that look like constant bit rate (i.e. having equal max and min bit rates) are treated by CAC as voice flows so that the voice limits can be used to prevent downstream channels from being oversubscribed. By default, the E6000 CER allows emergency calls to preempt normal calls if a channel has reached the Max Allowed Total Bandwidth (BW). In general, operators should configure the Max Allowed Emergency BW to be equal to the Max Allowed Total BW so that emergency calls always go through, provided there is enough bandwidth available on the channel for voice flows. A normal call that is preempted by an emergency call is counted as a failed normal call. Multicast CAC Description Multicast CAC provides a way for MSOs to manage IP Video services in their network. Characteristics of multicast CAC: Guidelines for CAC Thresholds - Nonconverged System Issue 1.0, 4 Feb 2013 • Feature is disabled by default; enabled using SNMP or CLI • Applies to downstream only • Has its own threshold separate from the voice thresholds • Applies to bonded and non-bonded flows • New emergency or normal VoIP call flows may not preempt an existing multicast flow (also known as Group Service Flow) • Bandwidth for a new bonded multicast flow is distributed across the least loaded channels of the modem’s bonding group based on the total allocated bandwidth for each channel. Redistribution or rebalancing is not done when the bonded flow is destroyed. • An IGMP “join” results in creation of a multicast flow which requests bandwidth from multicast CAC. The amount of bandwidth allocated is the minimum reserve rate (Tmin) of the Service Class Name (SCN) associated with the IGMP join. Threshold values are expressed in percentages of channel bandwidths, where the data throughput is a function of channel width and compression technique. Allowed-total-voice should be equal to allowed-emergency-voice. NOTE: In non-converged systems, voice channels are separate from multicast channels. (See Chapter 22, IP Video and Chapter 23, Multicast for more information.) © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-3 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control The following table provides recommendations for setting allowed-normal-voice and allowed-emergency-voice thresholds for a non-converged system: Upstream Channel BW allowed-normal-voice 1.28 Mbps 55% 2.56 Mbps 75% 5.12 Mbps 85% 10.24 Mbps and greater 90% allowed-emergency-voice 75% 85% 90% 90% Downstream Channel BW allowed-normal-voice 42 Mbps 85% allowed-emergency-voice 85% Downstream (for multicast only) Channel BW Multicast 42 Mbps 75% Guidelines for CAC Thresholds in Converged System The following table provides recommendations for setting allowed-normal-voice, allowed-normal-emergency-voice, and multicast thresholds for a converged (voice and multicast) system: NOTE: In a converged system, voice and multicast data are on the same channels. Upstream Channel BW allowed-normal-voice 1.28 Mbps 55% 2.56 Mbps 75% 5.12 Mbps 85% 10.24 Mbps and greater 90% allowed-emergency-voice 75% 85% 90% 90% Downstream Channel BW allowed-normal-voice allowed-emergency-voice multicast 42 Mbps 70% 70% 20% Multicast CAC is disabled by default. To enable multicast CAC, enter: configure cable admission-control multicast enable [no] Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-4 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control Use the no option to disable. The default maximum value of the multicast CAC settings in a converged system is 20%. Configuring CAC Use the following commands to set voice limits for all downstream or upstream channels: configure packetcable voice-limits <x> [upstream | downstream] Where: x is: allowed-normal <%bw> - Maximum% DS and/or US channel bandwidth allowed for normal voice use allowed-emergency <%bw> - Maximum% DS and/or US channel bandwidth allowed for emergency voice use allowed-total <%bw> - % US and/or DS Bandwidth allowed for all classes of voice traffic emergency-preemption - allows emergency traffic to preempt normal traffic reserved-emergency <%bw> - Minimum% US and/or DS channel bandwidth reserved for emergency voice use reserved-normal <%bw> - Minimum% US and/or DS channel bandwidth reserved for normal voice use After changing a voice limit that applies to all downstream or upstream channels, use the following command to propagate default global voice limits for PacketCable to all channels in the E6000 CER: configure packetcable voice-limits set-all To set the Tmin for CAC to track the allocated bandwidth, enter: configure qos-sc name <service class name> min-res-rate <value> Setting Downstream Values (DCAMs) — Use the following commands (in the order listed) to set downstream values: configure interface cable-downstream <slot/connector/dsport> cable voice-limits allowed-normal <percent> configure interface cable-downstream <slot/connector/dsport> cable voice-limits reserved-normal <percent> configure interface cable-downstream <slot/connector/dsport> cable voice-limits allowed-emergency <percent> Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-5 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control configure interface cable-downstream <slot/connector/dsport> cable voice-limits reserved-emergency <percent> configure interface cable-downstream <slot/connector/dsport> cable voice-limits allowed-total <percent> Setting Upstream Values (UCAMs) — Use the following commands (in order listed) to set upstream values: configure interface cable-upstream <slot>/<conn-grp>/<uport> cable voice-limits allowed-normal <percent> configure interface cable-upstream <slot>/<conn-grp>/<uport> cable voice-limits reserved-normal <percent> configure interface cable-upstream <slot>/<conn-grp>/<uport> cable voice-limits allowed-emergency <percent> configure interface cable-upstream <slot>/<conn-grp>/<uport> cable voice-limits reserved-emergency <percent> configure interface cable-upstream <slot>/<conn-grp>/<uport> cable voice-limits allowed-total <percent> Configuring Multicast CAC Threshold — Use the following command to provision the allowed bandwidth for multicast CAC: configure cable admission-control multicast allowed <percent> [no] NOTE: The “no” option sets the percentage value back to the default of 20 percent. Show/Display Commands This section provides commands used to output status and configuration information relating to the CAC feature. Use the following command to show Packetcable global configuration: show packetcable global The system response includes the administrative state of PacketCable, COPS parameters, event messaging parameters, and voice limits. With the multicast CAC feature, the output also displays the IP multicast (Mcast) downstream allowed and indicates whether multicast CAC is enabled. To display IP Video allowed usage and multicast CAC status, enter: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-6 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control show ip-video global Note that when multicast CAC is enabled, the output indicates true. When disabled, a dash (–) is displayed. To show the current PacketCable bandwidth allocation/usage of all CAMs, enter: show interface cable-mac allocated-bandwidth The output to the above show command will output the percentage of bandwidth that is reserved for the normal, emergency and multicast channels. An example output: CER# show interface cable-mac allocated-bandwidth Aug 26 16:56:43 ----Total Chan----------Normal Calls----------Emergency Calls---------Multicast-----Cable Capacity BW S/C/P Mac (Mb/sec) Alloc Allow Resv Alloc Number Allow Resv Alloc Number Allow Alloc Number ----------------------------------------------------------------------------------------------------------------------5/0/0 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/1 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/2 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/3 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/4 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/5 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/6 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 5/0/7 1 42.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 0.0% 0 8/0/0 1 30.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 8/0/1 1 30.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 8/0/2 1 30.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 8/0/3 1 30.00 0.0% 50% 0% 0.0% 0 70% 0% 0.0% 0 ----------------------------------------------------------------------------------------------------------------------Mac 1 Total Normal Calls: 0 Emergency Calls: 0 Multicast: 0 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Total Normal Calls: 0 Emergency Calls: 0 Multicast: 0 For DCAMs To show the current settings for a downstream channel, enter: show controllers cable-downstream <slot/connector/dsport> For UCAMs Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-7 PRELIMINARY E6000 CER Release 1.0 Connection Admission Control To show the current settings for an upstream channel, enter: show controllers cable-upstream <slot/conn-grp/uport> General To show the current PacketCable bandwidth allocation/usage of a single CAM, enter: show interface cable-downstream <slot/connector/dsport> allocated-bandwidth -orshow interface cable-upstream <slot/conn-grp/uport> allocated-bandwidth To show the current setting for all the downstream channels or all the upstream channels (depending on card specified), enter: show controllers cable-mac <mac-ID> Preemption of Normal Calls by Emergency Calls If completion of an emergency call would cause the channel to exceed the allowed-total-percentage CAC limit, the E6000 CER randomly searches for an existing normal call on that channel to preempt. If a normal call to preempt is found, the E6000 CER simultaneously initiates a tear-down of that normal call while allowing the emergency call to be set up. The E6000 CER always follows the packetcable voice-limit emergency-preemption configuration to determine if a PCMM normal priority flow can be preempted by an emergency priority flow. The following command is used to configure emergency preemption of PCMM normal flows. By default, emergency preemption is enabled. Use the no version of this command to disable emergency preemption. configure packetcable voice-limits emergency-preemption [no] The E6000 CER does not allow preemption to be configured on a per-gate basis. Data Consistency Checks The E6000 CER uses the following rules to ensure that data is consistent: Issue 1.0, 4 Feb 2013 • Percent reserved-normal can never be greater than percent allowed-normal and percent reserved-emergency can never be greater than percent allowed-emergency • Percent allowed-normal can not be greater than 90 or greater than percent allowed-total • Percent allowed-emergency can not be greater than 90 or greater than percent allowed-total © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-8 PRELIMINARY E6000 CER Release 1.0 • Connection Admission Control Percent allowed-total can not be greater than 90 Where the values for normal and emergency percentages <percent> must be expressed as integers from 0-90 • Multicast Allowed Usage + Emergency Reserved Usage + Normal Reserved Usage can not be greater than 100% • Percent reserved-normal + percent reserved-emergency are reserving bandwidth for normal and emergency calls. The sum of the two values cannot exceed allowed-total of the channel bandwidth. The following rules apply only when preemption-allowed is disabled: Issue 1.0, 4 Feb 2013 • Normal Reserved Usage + Emergency Allowed Usage can not be greater than Total Allowed Usage • Normal Allowed Usage + Emergency Reserved Usage can not be greater than Total Allowed Usage © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 24-9 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved Connection Admission Control PRELIMINARY 24-10 PRELIMINARY E6000 CER Release 1.0 25 Issue 1.0, 4 Feb 2013 PacketCable™ Services and Voice Applications PacketCable™ Services and Voice Applications PacketCable Overview 2 PacketCable Multimedia Overview 5 PCMM Classification for Remotely Connected Subnets 9 Configuration Procedures 12 PacketCable Settings 13 DSx DQoS VoIP 21 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-1 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications PacketCable Overview PacketCable Voice-only refers to the functionality defined by the following CableLabs specifications: • PacketCable 1.0 • PacketCable 1.1 • PacketCable 1.5 PacketCable 2.0 is address later in this chapter. Packetized voice traffic, such as that carried over an IP network, tends to have stringent latency and jitter requirements. If one adjusts for the packet arrival jitter through the use of a large jitter buffer, the latency of the audio hampers a normal conversation pattern. If the jitter buffer is too small, poor audio quality results as the audio codec hardware under- or overflows due to packets arriving too late or too early. In order to reduce both jitter and latency simultaneously in a network that has not been over-engineered, the packets must be treated with an enhanced quality-of-service (QoS). PacketCable services on the E6000™ Converged Edge Router provide the ability to place enhanced-QoS telephone calls over an existing DOCSIS cable data access network. To provide this capability, the E6000 CER must communicate with several other specialized servers over a managed IP network that is capable of providing enhanced QoS from end-to-end. See Figure 25-1 on page25-3. These other servers may be packaged separately or they may be bundled together in any combination. Specifically, the E6000 CER itself must communicate with the Call Management Server (CMS), the Record Keeping Server (RKS), and the Delivery Function (DF) for various portions of signaling information. NOTE: Issue 1.0, 4 Feb 2013 The IP addresses and ports for RKS and DF are configured on the CMS, not on the E6000 CER. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-2 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Announcement Controller (ANC) Call Management Server (CMS) Telephone E-MTA Announcement Player (ANP) HFC access network (DOCSIS) CMTS E6000 CER Telephone Telephone Managed IP Network PSTN E-MTA E-MTA Media Gateway (MG) SYSLOG Server Key Distribution Center (KDC) DHCP Servers Record Keeping Server (RKS) DNS Servers Provisioning Server TFTP/HTTP Servers Delivery Function (DF) HFC access network (DOCSIS) CMTSCER E6000 Telephone Media Gateway Controller (MGC) Signaling Gateway (SG) E-MTA Figure 25-1: PacketCable Voice-only Network Reference Architecture Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-3 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Table 25-1: Explanation of Network Elements Network Element Issue 1.0, 4 Feb 2013 Purpose Announcement Controller (ANC) Initiates and manages all announcement services that are provided by the announcement player Announcement Player (ANP) Delivers the appropriate announcement(s) to the MTA under control of the announcement controller Converged Edge Router (CER) Provides connectivity between DOCSIS network and PacketCable devices; also performs call authorization enforcement, bandwidth allocation, and call trace functions Call Management Server (CMS) Provides call control and signaling services for the MTA, E6000 CER, and PSTN gateways; typically performs both Call Agent (handles call state) and Gate-Controller (authorization) functions as well. Delivery Function (DF) Aggregation point for electronic surveillance; delivers reasonably available call-identifying information and call content based on the requirements of lawful authorization DHCP Server Server that provides initial boot-up networking information such as the querying device’s IP addresses, nexthop routers, server information, etc. DNS Server Server that provides translation between the Domain name and the IP address of a device Embedded Multimedia Terminal Adapter (E-MTA) Single device containing a DOCSIS cable modem and a telephony device that provides one or more line interfaces Key Distribution Center (KDC) Performs security key negotiations for MTA and Provisioning Server in the PacketCable network Media Gateway (MG) Provides media (voice packets) connectivity between the PSTN and the PacketCable network Media Gateway Controller (MGC) Provides bearer mediation between the PSTN and the PacketCable network Provisioning Server (OSS) Provides provisioning information for PacketCable devices via SNMPv3 Record Keeping Server (RKS) Collection point for all PacketCable Event Messages; may also correlate Event Messages to create Call Detail Records for billing interfaces Signaling Gateway (SG) Provides signaling mediation between the PSTN and the PacketCable network SYSLOG server Optional server used to collect, store, and retrieve logging messages for devices on the network TFTP/HTTP server Server that provides download capability for device configuration files © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-4 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications PacketCable Multimedia Overview PacketCable Multimedia (PCMM) is a CableLabs specified framework which defines an architecture for deployment of QoS-enabled, general multimedia services. This framework leverages DOCSIS QoS functionality and is founded on much of the functionality that was defined in PacketCable Voice-only architectures. The architecture of PacketCable 1.x was customized for delivering residential telephony, but PCMM is designed for the delivery of a variety of multimedia services (i.e., Video Phone, IP Video, and SIP Voice) requiring QoS treatment. PCMM specifically addresses the issues of policy authorization, QoS signaling, resource accounting, and security. The primary benefit of PCMM is that it gives control of special services to the cable operator. Among the advantages of PCMM are the following: • Good, Better, Best service delivery options to the subscriber • Efficient use of bandwidth and QoS services on an as needed basis • New revenue sources from these additional services • Higher subscriber satisfaction because subscribers are paying for the services they want. The ARRIS implementation of PCMM is based on the E6000 CER’s carrier class redundancy, high-speed architecture, and DOCSIS QoS capabilities, which are described elsewhere in this document. PacketCable Multimedia supports IPv6 addresses for Classifiers and Subscriber IDs. For greater detail see Sections 6.13, 6.1.5, 6.4.2.3, and 6.4.2.6 of the Packet Cable Multimedia Specification, (PKT-SP-MM-I06-110629). Note that Engineering Change Notice (ECN) MM-N-07.0430-3 has been incorporated into the PCMM specification. This ECN defines the IPv6 extensions for PCMM. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-5 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Applications PCMM DOCSIS 1.1 QoS Wire-Speed Architecture Carrier Grade Redundancy Figure 25-2: Foundations of PCMM Architecture To provide PCMM functionality, the E6000 CER must communicate with several other network elements, as defined by the PCMM architecture. An example of such a network configuration is as follows: PCMM introduces two new elements: the Application Manager and the Policy Server. Application Manager (AM) — A system that interfaces to Policy Server(s) for requesting QoS-based service on behalf of an enduser or network management system. The AM is characterized by the following: • It is analogous to the PC1.x Call Agent. • It is a Common Open Policy Service (COPS) Policy Decision Point (PDP) • It executes the application signaling with the client • It grants or rejects requests for service. NOTE: The AM can also be dedicated to other applications, such a gaming. It is not limited to calls only. Once the AM grants a request to access a service, it sends a request for bandwidth to the Policy Server. Policy Server (PS) — A system that primarily acts as an intermediary between Application Manager(s) and E6000 CER(s). It applies network policies to Application Manager requests and proxies messages between the Application Manager and E6000 CER.1 The following are the functions of the PS: 1. PacketCable Multimedia Specification, PKT-SP-MM-I02-040930 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-6 PRELIMINARY E6000 CER Release 1.0 • Applies provisioned rules before forwarding requests to the E6000 CER (for example, a given service may be granted to no more than ten users at a time) • Synchronizes states • Proxies messages between the AM and the E6000 CER or E6000 CERs • Acts as a COPS Policy Enforcement Point (PEP) with respect to the AM • Acts as a COPS Policy Decision Point (PDP) with respect to the E6000 CER • Communicates with one or more AMs and one or more E6000 CERs PacketCable™ Services and Voice Applications See Figure 25-3 on page25-8 for a diagram of the network elements. In the current implementation of PCMM the client is ignorant of the PCMM or QoS protocols. The client has no built-in network awareness or intelligence to negotiate PCMM or QoS levels. Subscribers can use their current client hardware and software, for game applications, teleconferencing, VPN, and so on. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-7 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Application Manager Record Keeping Server Policy Server E6000 TM 0 1 2 3 4 5 6 7 8 9 10 11 12 13 E6000 CER FA N TRAY 0 F A N T RA Y FA N TRAY 1 AL AR M OK F AN T RA Y FA N TRAY 2 AL AR M OK F AN T RA Y AL AR M OK DOCSIS 3.0 DSX CMs/MTA Sta nd Ba by t te Ba ry 2 T T el ep e le ph O hon t er L i nk n -l y in e e o ne 1 1 2 U S DS Pow er St and by B at te Ba ry 2 T el Te ep le t er p ho h one y ne 1 1 2 L i nk On -li ne US DS Sta Pow er ndb Ba y te Bat ry 2 Te T el le ep t er pho ho y 1 n e 2 ne 1 L in O k n- l in e US DS P ow er CPE Figure 25-3: Network Diagram of PCMM Implementation Compliance with PCMM Standards For a listing of the PacketCable Multimedia specifications that the E6000 CER complies with, refer to Table 3-5, DOCSIS-related Specifications Compliance, on page 3-10. Future releases of the E6000 CER will support: Issue 1.0, 4 Feb 2013 • Octet counts per gate • Commit time accumulation © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-8 PRELIMINARY E6000 CER Release 1.0 • Time and volume-based gate-state-report triggers • Event messaging PacketCable™ Services and Voice Applications PCMM Classification for Remotely Connected Subnets Feature Application and Overview Cable operators have been successfully leveraging the PacketCable™ Multimedia (PCMM) architecture to deliver new services using dynamic quality of service on the DOCSIS® channels. This feature adds the ability to offer PCMM-based services to CPE IP addresses that are remotely connected (i.e., behind another router) to the cable interface of the E6000 CER. Prior to this feature, PCMM-based services would only work for CPE IP addresses that were directly connected to the E6000 CER. PCMM for remotely connected subnets is useful for operators who have subscribers with routers behind or embedded within the cable modem. Using a cable modem with an embedded router for business services is a particularly interesting use case for this feature. ARRIS and other CM/EMTA manufacturers have a cable modem feature that allows operators to configure the modem as a simple router with the remote subnet provisioned in the cable modem configuration file. The cable modem then uses a dynamic routing protocol—typically RIPv2—to advertise the remote subnet back to the E6000 CER. Operators can use this cable modem feature to statically assign an IP address (or range of IP addresses) to a subscriber with the benefit that the IP address(es) will seamlessly migrate with the subscriber across E6000 CERs during HFC topology changes. If an operator uses this solution, the CPE IP address is regarded by the E6000 CER as a remotely connected subnet because the CM acts as a router. If the operator needs to provide PCMM-based service(s) to the CPEs, the E6000 CER must support PCMM for these remotely connected subnets in order to provide the service. An E6000 CER that supports PCMM for remotely connected subnets can be used in conjunction with a cable modem with embedded router to enable operators to deploy PCMM-based business services more effectively. MSOs can use statically assigned CPE IP addresses with the confidence that the addresses will migrate with the subscriber without requiring the operator to manually reconfigure all of the IP settings of the business services. Other Applications Issue 1.0, 4 Feb 2013 The description above is expected to be the primary application for this feature, but other applications are possible. For example, operators who are using a standalone router behind a cable modem with static or dynamic routing may also find this feature useful. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-9 E6000 CER Release 1.0 PRELIMINARY IP NETWORK PacketCable™ Services and Voice Applications PCMM POLICY SERVER E6000 CER Subnet A CM 1 Subnet A CM 2 CPE ROUTER 1 (embedded or standalone) Subnet A Subnet B HOST 2 Subnet B HOST 1 Subnet B HOST 2 NOTE: Subnet B is remotely connected to the E6000 CER. Figure 25-4: PCMM Support for Using Remote Subnet IPs as Subscriber IDs on the E6000 CER Standards Compliance Issue 1.0, 4 Feb 2013 The capability of using a remote subnet IP address as the subscriber ID (as depicted by Hosts 1 and 2 in Chapter 25-4 is clarified in section 6.1.3 of the I06 version of the PCMM specification (PKT-SP-MM-I06-110629). © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-10 PRELIMINARY E6000 CER Release 1.0 CLI Commands PacketCable™ Services and Voice Applications The E6000 CER supports multiple routing tables using the VRF feature. To prevent confusion that could occur if the same subscriber ID existed in two different VRFs, the E6000 CER allows only one VRF to support remote subscriber IDs for PCMM. If you wish to use the default VRF to support remote subnets and the VRF does not already exist, you need only ensure that PCMM is enabled: configure packetcable pcmm no shutdown If you wish to use a VRF other than the default VRF to support remote subnets and the VRF does not already exist, you must first create the VRF you wish to use: configure ip vrf <vrf name> Once the VRF that you wish to use is created, use the following command to designate that named VRF as the one that will be used for remote subscriber IDs (in other words, for this feature): configure packetcable pcmm subscriber-id vrf <vrf name> Use the NO version of the command to restore the default VRF as the one used for remote subscriber IDs: configure packetcable pcmm subscriber-id vrf no NOTE: The VRF used for remote subnets cannot be renamed while PCMM is running. To change the name of this VRF, you must first shut down PCMM. Also, before enabling PCMM, you may wish to execute a show packetcable global command in order to see the name of the VRF being used for remote subscriber IDs: show packetcable global To shut down PCMM: configure packetcable pcmm shutdown To enable PCMM: configure packetcable pcmm no shutdown Use the following command to display the PacketCable gates that are currently active: show packetcable gate pcmm Use the following command to enable logging of all PCMM traces, event messages, and modem events (except BPI and registration) for a single customer: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-11 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications trace logging packetcable pcmm <IP address> Where: <IP address> is the IPv4 or IPv6 address of the CM or CPE. Configuration Procedures Procedure Outline To configure the E6000 CER for PacketCable services, the following steps must be taken: • Configure and bring in-service all cards in a system • (Optional) Configure SYSLOG server • Configure and connect cable and network interfaces • Configure CAM sparing groups (Optional) • Configure CAM bundle groups (Optional) • Configure In-band Management or Out-of-Band access for one of the interfaces (typically a logical loopback interface) to have access to RSM • Configure DHCP relay agent to perform policy routing with all DHCP clients as cable helpers • Configure and start the NTP client (NTP is required for Event Messaging and PC1.x Electronic Surveillance.) • Configure and start PacketCable Services - Feature Interaction Issue 1.0, 4 Feb 2013 Bring up COPS connection(s) from CMS(s) and/or Policy Server(s) Configure PacketCable timers Configure and enable Event Messaging if desired, or as required for support of Electronic Surveillance (Optional) Configure bandwidth thresholds for upstream and downstream telephony usage per CAM PacketCable services have been designed to work with all other features of the E6000 CER including In-band-Management, DHCP relay agent, and redundancy. In fact, for Control Complex Redundancy to work properly, the interface (typically a logical loopback interface) used for connections to the Call Management Server, Policy Server, Record Keeping Server, and Delivery Function needs to be configured with the In-band-Management feature to have RSM access. This way, if a CCR failover occurs, the links to the failed RSM would be automatically restarted on the redundant RSM. CAM redundancy works with PacketCable through the same sparing groups that are set up for data services. The DHCP relay agent is typically configured to perform policy-based agent functionality so that the MTAs (which behave as CPE hosts) are provided with an IP address space that is separate from the cable modem address space. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-12 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications PC1.x and PCMM are designed to coexist on the E6000 CER. Either one or both can be enabled. Either can be disabled without impairing the function of the other. PacketCable Settings Showing status Viewing PacketCable settings — To view many of the important settings relating to PacketCable on the E6000 CER, issue the CLI command: show packetcable global The following is a typical system response: Proto Local Addr Server Addr.Port KA PCMM IPSec UpTime Timer PSID _______ _______________ ______________________ _____ ______ _____ __________________ E6-34# show packetcable global PacketCable DQoS Administrative state: UP COPS TCP port: 2126 Timer t0: 30 seconds Timer t1: 250 seconds Optional subscriber ID in gate messages: disabled PacketCable Multimedia Administrative state: UP COPS TCP port: 3918 Timer t1: 300 deciseconds Version: I05(COPS version 4.0) Remotely connected SubscriberID VRF: default Gate Message Throttling: RSM NORMAL max Gate Messages per 10 seconds: 900 RSM YELLOW max Gate Messages per 10 seconds: 900 RSM RED max Gate Messages per 10 seconds: 300 Admission Control Limits: Upstream Priority Reserved Allowed -------- ------Norm Voice 0% 50% Emrg Voice 0% 70% Total 70% Preemption: enabled IP Multicast Issue 1.0, 4 Feb 2013 Downstream Reserved Allowed -------- ------0% 50% 0% 70% 70% - © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-13 PRELIMINARY E6000 CER Release 1.0 Mcast CAC: PacketCable™ Services and Voice Applications disabled Event Messaging Parameters Enabled: no - cadEvMsgEnableFlag disabled Element ID: 12345 Event messaging UDP source port: 1813 Maximum number of events per batched message: 10 Batch timer: 1 minute ACK timer: 8000 milliseconds Maximum number of retransmissions to RKS: 0 Viewing Connected Network Elements — To display the current connections, issue the following CLI command: show packetcable cops server The E6000 CER generates an output similar to the following text: CER# show packetcable cops servers Proto Local Addr Server Addr.Port KA Timer ------- --------------- ---------------------- ----PC vI09 10.44.14.200 10.44.240.17.54389 10s PC vI09 10.44.14.200 10.44.249.2.33634 30s MM vI02 10.44.14.200 10.44.249.14.47052 60s MM vI02 10.44.14.200 10.44.249.14.47054 60s MM vI02 10.44.14.200 10.44.249.18.60274 60s MM vI04 10.44.14.200 10.44.249.70.57465 60s MM vI04 10.44.14.200 10.44.249.86.43914 60s Enabling and Disabling PacketCable Services PCMM IPSec UpTime PSID ------ ----- -----------------No 0 days 2:15:13 No 0 days 2:14:37 none 0 days 2:14:52 none 0 days 2:14:48 none 0 days 2:14:41 0x0 0 days 2:14:49 0x0 0 days 2:13:28 By default, PacketCable services are disabled on the E6000 CER. When PacketCable Services are disabled, the E6000 CER disallows any PacketCable signaling connections using the Common Open Policy Service (otherwise known as COPS) from a Call Management Server (CMS) or Policy Server (PS). As a result, all PC1.x and PCMM requests fail. To enable PacketCable services on the E6000 CER, issue the CLI command: configure packetcable PC1.x and PCMM can be enabled independently using the following commands: configure packetcable dqos no shutdown configure packetcable pcmm no shutdown Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-14 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications When PacketCable services transition from enabled to disabled, all PacketCable calls in progress are aborted and signaling links to all E6000 CERs are torn down. If PCMM is shut down, all associated PacketCable gates are torn down and all signaling links to the PSs are torn down. With PC1.x services enabled, the E6000 CER accepts and maintains PacketCable COPS TCP connections to port 2126. In addition, the E6000 CER processes PacketCable signaling messages from the Call Management Server and uses this signaling to authorize call requests from the subscribers’ Multimedia Terminal Adapters (MTAs). Likewise, with PCMM enabled, the E6000 CER accepts and maintains PacketCable COPS and TCP connections to port 3918. Subscriber ID in DQoS Messages To enable the use of a subscriber ID in DQoS gate-open and gate-close messages, enter: configure packetcable gate send-subscriberID By default, use of the subscriber ID is disabled. PC1.x TimersPD The following timers are specific to the PacketCable DQoS protocol. The E6000 CER functions properly in most environments using the default values. In rare cases, the parameters may be modified through the use of CLI commands. To set the threshold value of a particular timer of the E6000 CER, issue the CLI command: configure packetcable dqos timer {timer name} <value> Where {timer name} is t0 or t1. Timer T0 — timer T0 limits the amount of time between the reception of a Gate-Alloc message and a Gate-Set message for the same DQoS Gate. The default is 30 seconds. This timer has a range of 1 to 60 seconds. Timer T1 — This timer limits the validity period for authorization of a particular PacketCable call. This timer is started whenever a Gate is established and stopped whenever a Commit operation is performed on the resources authorized by the gate. It is also stopped for a reserve operation. Ordinarily, timer T1 is received in the Gate-Set message. If the value given in the Gate-Set message is zero, then timer T1 is set to a provisioned value. The default is 250 seconds. This timer has a range of 1 to 600 seconds. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-15 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Timer T7 — The value of Timer T7 is determined by the CMS and is sent to the E6000 CER in a Gate-Set message along with the rest of the authorization parameters of a call. Timer T7 corresponds to the DOCSIS 1.1 parameter, which is known as the Timeout for Admitted QoS Parameters for the service flow. This parameter limits the period of time that the E6000 CER must hold resources for a service flow's Admitted QoS Parameter Set that are in excess of its Active QoS Parameter Set. In other words, this specifies the amount of time that reserved resources can be held without actually committing them. If the CMS sends a value of zero to the E6000 CER in the Gate-Set message then the E6000 CER will disable the timer for the call. The default is 200 seconds. NOTE: ARRIS recommends that timer T7 be set to a non-zero value on the CMS to avoid unnecessary resource usage during busy periods. Timer T8 — The value of timer T8 is determined by the CMS and is sent to the E6000 CER in a Gate-Set message along with the rest of the authorization parameters of a call. Timer T8 corresponds to the DOCSIS 1.1 parameter, which is known as the Timeout for Active QoS Parameters for the service flow. This parameter limits the period of time resources remain unused on an active service flow. If the CMS sends a value of zero to the E6000 CER in the Gate-Set message then the E6000 CER does not poll for activity on the service flow. The default value of this timer is 30 seconds. NOTE: PCMM Timers ARRIS recommends that timer T8 be set to a non-zero value on the CMS. If for whatever reason the CMS fails to release stuck flows at the end of a PacketCable call, then the E6000 CER automatically uses the T8 timer to decide when to release them. The following timers are specific to the PacketCable Multimedia protocol. The value of the timers is determined by the Policy Server and is sent to the E6000 CER in a Gate-Set message along with the rest of the authorization parameters of a call. The E6000 CER functions properly in most environments using the default values. In rare cases, the parameters may be modified through the use of CLI commands. To set the threshold value of a particular timer of the E6000 CER, issue the CLI command: configure packetcable pcmm timer t1 <value> Where: NOTE: Issue 1.0, 4 Feb 2013 <value> is the time, in deciseconds. Default = 300 deciseconds. ARRIS recommends that timers T1 be set to values other than zero to avoid unnecessary and inefficient use or resources during busy periods. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-16 E6000 CER Release 1.0 PRELIMINARY PacketCable™ Services and Voice Applications Timer T1 — This timer limits the validity period for Authorization of a particular PCMM flow. This timer is started whenever a Gate is established and stopped whenever a gate-set reserves resources for the PCMM flow. Ordinarily, timer T1 is received in the GateSet message. If the value given in the Gate-Set message is zero, then timer T1 is set to a provisioned value. A Gate in the Authorized state expects the resources to be reserved. Once the E6000 CER receives a reserve request, it verifies that the request is within the authorization limits established for the Gate and performs admission control procedures. If the request is granted, the Gate transitions from Authorized to the Reserved state, and the E6000 CER starts the T2 Timer. If the Reserve request does not arrive before timer T1 expires, the E6000 CER deletes the Gate, and notifies the Policy Server of the state change. If admission control succeeds, the E6000 CER puts the Gate in the Reserved state, stops timer T1, and starts timer T2. If admission control procedures fail, the E6000 CER maintains the Gate in the Authorized state and sends a Gate-Set-Err response to the PS. Timer T2 — This timer limits the validity period for the Reserved state. The Policy Server may delete a Gate in the Reserved state by issuing a Gate-Delete message. If the Commit request does not arrive before the T2 timer expires, the E6000 CER deletes the Gate, stops timer T2, and notifies the Policy Server of the state change. A Gate in the Reserved state expects the client to commit or activate resources. To commit resources, the Policy Server issues a GateSet command with a Traffic Profile that includes the Committed Envelope. The E6000 CER again authorizes the requested QoS against the Reserved envelope. If the authorization succeeds, the E6000 CER starts timer T3, and stops timer T2 if the Authorized envelope equals the Committed envelope or restarts timer T2 if the Authorized Envelope is greater than the Committed Envelope. If the authorization fails, the E6000 CER restarts timer T2. Timer T3 — This timer limits the amount of time that the flow associated with the gate can go without passing traffic. It corresponds to the Committed state. In the Committed state, the Application Manager may delete the Gate by issuing a Gate-Delete message to the Policy Server, which in turn relays the message to the E6000 CER. The E6000 CER then deletes the Gate and the corresponding Service Flow, and stops timers T2 and T3 if they are running. If the E6000 CER detects that the flow is unused for a time in excess of the T3 timer, the E6000 CER notifies the Policy Server that the service-flow associated with the gate has been unused, starts the T4 timer, and transitions the Gate to the Committed-Recovery state. Timer T4 — This timer limits the amount of time the Gate can spend in the Committed-Recovery state. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-17 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications In the Committed state the flow associated with the Gate is active. If the E6000 CER detects that the flow is unused for a time in excess of the T3 timer, the E6000 CER notifies the Policy Server (which notifies the Application Manager) that the service-flow associated with the gate has been unused, starts the T4 timer and transitions the Gate to the Committed-Recovery state. (Note: If the T2 timer is running it will continue running.) The AM must decide either to refresh the policy by issuing a Gate-Set message to the PS or delete the Gate by issuing a Gate-Delete message to the PS. The Policy Server forwards the Gate-Set message or Gate-Delete message to the E6000 CER. NOTE: If the Gate is in the committed state and timer T4 equals zero, then the E6000 CER deletes the Gate and notifies the PS when timer T3 expires. If, while in the Committed-Recovery state, the E6000 CER receives a Gate-Set message for the Gate before the timer T4 expires, then the E6000 CER stops the T4 timer, restarts the T3 timer, transitions the Gate back to the Committed state, and starts or restarts the T2 timer if the Reserved Envelope is greater than the Committed Envelope. If T2 timer is running and the new Reserved Envelope is equal to the Committed Envelope, then the E6000 CER stops the T2 timer. If, while in the Committed-Recovery state, the v receives a Gate-Delete message before the timer T4 expires, then the E6000 CER stops the T4 Timer, deletes the Gate and the corresponding service flow, and stops the T2 timer if necessary. If timer T4 simply expires while the Gate is in the Committed-Recovery state, then the E6000 CER sends a Gate-Report-State message to the PS, stops timer T2 if it is running, tears down the service flow associated with the Gate, and then deletes the Gate. The Policy Server notifies the Application Manager of the state change. More details are available in the latest PacketCable™ Multimedia Specification in Section 6.2 under Gate transitions. Showing PacketCable Timers To display all of the PacketCable timer settings, enter: show packetcable global Look for timer settings in the following output to obtain needed timer information: PacketCable DQoS Administrative state: UP COPS TCP port: 2126 Timer t0: 30 seconds Timer t1: 250 seconds Optional subscriber ID in gate messages: disabled PacketCable Multimedia Administrative state: UP COPS TCP port: 3918 Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-18 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Timer t1: 300 deciseconds Version: I05(COPS version 4.0) Remotely connected SubscriberID VRF: default Gate Message Throttling: RSM NORMAL max Gate Messages per 10 seconds: 900 RSM YELLOW max Gate Messages per 10 seconds: 900 RSM RED max Gate Messages per 10 seconds: 300 Admission Control Limits: Upstream Priority Reserved Allowed -------- ------Norm Voice 0% 50% Emrg Voice 0% 70% Total 70% Preemption: enabled IP Multicast Mcast CAC: disabled Downstream Reserved Allowed -------- ------0% 50% 0% 70% 70% - Event Messaging Parameters Enabled: no - cadEvMsgEnableFlag disabled Element ID: 12345 Event messaging UDP source port: 1813 Maximum number of events per batched message: 10 Batch timer: 1 minute ACK timer: 8000 milliseconds Maximum number of retransmissions to RKS: 0 Setting the Upstream DiffServ Code Point When setting up a data network with voice, it is recommended that the entire network (access and backbone) be configured to provide an enhanced QoS for telephony. One of the ways to do this is to use the DiffServ protocol. This protocol uses a field in the IP header to determine the quality of service level to be used for each network hop. The E6000 CER marks all upstream voice packets with the DiffServ code point that is provided by the CMS in the Gate-Set message. This parameter should be provisionable on the CMS. Event Messaging PacketCable uses the notion of half-calls for its call model. Each half call consists of the portion of a call from the E6000 CER to the other device – either an MTA or a PSTN gateway. These half-calls are signaled independently of one another and are tied together only by the logical connection that the CMS creates when it sets up each half call. These half-calls are also signaled separately for billing purposes. Billing events for each half call are transmitted to a Record Keeping Server (RKS). The RKS then correlates all events for the full call and creates billing records. The protocol used by devices that communicate to the RKS is known as Event Messaging. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-19 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Event Messaging port number — The E6000 CER uses the static port 1813 for Event Messages. The E6000 CER listens to port 1813 when PacketCable services are enabled, and uses port 1813 as the source port in the UDP header of any Event Messages. Event Messaging Retry Interval — The Event Messaging Retry Interval is the maximum amount of time that the E6000 CER waits for an acknowledgement of an event message before the E6000 CER assumes that the message is lost. At this point, the E6000 CER either retransmits the message or switches to the secondary RKS. To set the Event Messaging Retry Interval, issue the CLI command: configure packetcable eventmsg retry timer <time> The default value of this timer is 1000 milliseconds. This timer has a range of 10 to 10,000 milliseconds. Event Messaging Retry Count — The Event Messaging Retry Count is the maximum number of times that the Event Messaging Retry Interval may expire before the E6000 CER switches to the secondary RKS. To set the Event Messaging Retry Count, issue the CLI command: configure packetcable eventmsg retry limit <count> The default value is 1. The count has a range of 0 to 9. Event Messaging Maximum Batch Events — The Event Messaging Maximum Batch Events is the maximum number of event messages collected and combined into one packet for transmission to the RKS. Use the following command: configure packetcable eventmsg batch-size <n> The default value is 3. The count has a range of 2 to 10. NOTE: To enable or disable Event Messaging Batch Mode, refer to the CMS documentation. Event Messaging Element Identifier — The Event Messaging element Identifier is a number that is assigned to the E6000 CER and is included in all event messages from the E6000 CER. This number is used by the RKS so that it knows that the event message came from this particular E6000 CER. configure packetcable eventmsg element-id <id> There is no default value. This number must be configured for event messaging to work. The range of values is 0 to 99999. Disabling the Generation of All Event Messages — To disable generation of all event messages enter: configure packetcable eventmsg element-id no Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-20 PRELIMINARY E6000 CER Release 1.0 PacketCable™ Services and Voice Applications Enabling Event Messaging Error Logging — Event Messaging on the E6000 CER has the capability to dump the contents of an event message to a file if all attempts to communicate with the RKS have failed. These records can be used later to manually update the RKS when it becomes operational. By default, this error logging is turned off. It should be turned on if the system is relying on event messaging from the E6000 CER for billing. To turn on this capability, the syslog server must be configured. Once the syslog server is configured, type the following at the CLI prompt: configure logging override event 2473082648 DSx DQoS VoIP Dynamic Services (DSx) / Dynamic Quality of Service (DQoS) provides for guaranteed Quality of Service for voice applications using DOCSIS 1.1 Dynamic Services (DSx) functionality. This mode accepts DSx signaling from any DSx-capable modem. DSx DQoS VoIP does not provide full PacketCable™ operation within the E6000 CER. DSx DQoS Provisioning The following command should be run for all cable-macs which will be used for DSx DQoS call processing: configure interface cable-mac <mac-id> authorization-module open-dynamic-flow-policy This command allows for authorization of non-PacketCable DQoS through DSx signaling on the CAM. Enabling open-dynamic-flowpolicy is required when the operator does not want the various components used for voice in the network set up (CMs or MTAs, for example) to utilize or expect packetcable gates. The following CLI command can be used to alter timers on the E6000 CER: configure cable global max-qos-admitted-timeout <timeout in seconds> Default = 200 configure cable global max-qos-active-timeout <timeout in seconds> Default NOTE: = 30 If DSx DQoS VoIP is enabled, the admitted timeout should be set at 200 seconds (the default), and the active timeout should be set to 30 seconds. This command is for DSx DQoS; it has no effect on PacketCable. The defaults ensure that inactive resources are released. Increasing these default values or setting them to 0 (which represents infinity) is not recommended. The default values serve as a precaution for freeing resources in the event that any device or transmission path in the network does not perform as required. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 25-21 E6000 CER Release 1.0 Issue 1.0, 4 Feb 2013 PRELIMINARY © 2013 ARRIS Group, Inc. — All Rights Reserved PacketCable™ Services and Voice Applications PRELIMINARY 25-22 PRELIMINARY E6000 CER Release 1.0 26 Converged Services (Voice and Data) Converged Services (Voice and Data) Overview 1 QoS Levels 2 Overview Converged services is the term applied to the deployment of various applications such as voice, video, and high speed data on a single E6000™ Converged Edge Router (CER). Voice and data are on the same channels. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 26-1 PRELIMINARY E6000 CER Release 1.0 Converged Services (Voice and Data) QoS Levels Ensuring QoS in a Converged Services Environment To ensure that appropriate QoS levels are enforced in this mixed services environment, QoS parameters must be applied to enforce appropriate relative prioritization of traffic. ARRIS recommends the utilization of some of these DOCSIS parameters in association with each of the applications that might potentially run on the E6000 CER. Keep in mind that other settings can be used, as long as the relative priority of the various applications is set as desired. However, some of the values are strongly recommended, as noted, based on ARRIS experiences with lab testing of converged services in system overload conditions. See Table 26-1 on page-26-2 below. Table 26-1: Recommended Traffic Priorities for Different Applications UPSTREAM DOCSIS Traffic Priority Application N/A The E6000 CER guarantees service to UGS flows, per the DOCSIS specification; therefore, this flow type is always higher priority than any other. Upstream Voice and Video Signaling Traffic 6 ARRIS recommends that this priority exceeds that of the High Speed Data Upstream (Best Effort) to ensure service set up even in the presence of high speed data overload. This signaling includes things like PacketCable 1.x NCS, DSx, DBC, IGMP messaging, ARP, ICMP, SIP, etc. High Speed Data Upstream (Best Effort) 1 Priority 1 is often used for upstream high speed data. It is recommended that the priority set is lower than US Voice and Video Signaling Traffic and higher than the Default HSD and DSG Tunnel Data. Default HSD and DSG Tunnel Data 0 Priority 0 is the default priority applied to high speed data unless otherwise specified via a modem config file. 5 For PacketCable Voice-only, this traffic priority is fixed, per CableLabs specification. If a mix, which includes PacketCable 1.x, of voice applications is to be deployed, priorities should be applied at this level, in order to treat the various voice applications equally. Of course, if it is desired that one type of voice application be given priority over another type, priority should be set appropriately for the desired behavior. Upstream Voice Bearer Traffic: UGS and UGS/AD Downstream Voice Bearer Traffic Issue 1.0, 4 Feb 2013 Notes © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 26-2 PRELIMINARY E6000 CER Release 1.0 Converged Services (Voice and Data) UPSTREAM Application Notes Downstream Voice and Video Signaling Traffic 4 This value is recommended to be lower priority than the actual downstream voice bearer traffic, but as high as possible. As in the upstream, “signaling” includes PacketCable 1.x NCS, DSx, DBC, IGMP messaging, ARP, ICMP, SIP, etc. Multicast Video Payload 3 Multicast video priority is set in the Service Class Name, not in the modem config file. 1 Priority 1 is often used for downstream high speed data. It is recommended that the priority set is lower than DS Voice and Video Signaling Traffic and higher than the Default HSD and DSG Tunnel Data. 0 Priority 0 is the default priority applied to high speed data and DSG Tunnel data, unless otherwise specified via a modem config file (for HSD) or via SCN (for DSG). High Speed Data Downstream (Best Effort) Default HSD and DSG Tunnel Data Overload Conditions DOCSIS Traffic Priority ARRIS recommends the following for adjusting SfMinReservedRate (tmin) and SfMaxTrafficRate (tmax) as shown in Table 26-2 whenever there is a desire to maintain toll grade performance under data overload conditions: Table 26-2: Adjusting Tmax and Tmin for Overload Conditions Application Issue 1.0, 4 Feb 2013 Notes Upstream Voice and Video Signaling Traffic ARRIS strongly recommends that settings are considered to ensure that sufficient opportunities are given for data to be transmitted on these flows. This is especially critical if there is a desire to maintain toll grade performance under high speed data overload conditions. Values should be selected based on your individual set up and determined by the type of signaling and number of lines. Downstream Voice and Video Signaling Traffic ARRIS strongly recommends that settings are considered to ensure that sufficient opportunities are given for data to be transmitted on these flows. This is especially critical if there is a desire to maintain toll grade performance under high speed data overload conditions. Values should be selected based on your individual set up and determined by the type of signaling and number of lines. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 26-3 PRELIMINARY E6000 CER Release 1.0 Application High Speed Data Converged Services (Voice and Data) Notes Leaving HSD at the tmin default of 0k reinforces the priority for polling opportunities given to the applications listed above. The following diagram shows one possible classification scheme to set up flows with the parameters recommended above. Note that the voice flows would be set up dynamically and the data and signaling flows would be set up via a modem configuration file. Figure 26-1: Example of Classification for Combined Voice, Video, and Data NOTE: Issue 1.0, 4 Feb 2013 Port 2427 is an example of a commonly used port for Network-based Call Signaling (NCS). The Multimedia Terminal Adapter (MTA) and Call Management Server (CMS) devices may be configured to use a port other than 2427. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 26-4 PRELIMINARY E6000 CER Release 1.0 27 Security Security AAA Overview 1 TACACS+ 6 SSH2 15 Routing to a Null Interface 21 Source Verification of Cable-side IP Addresses 22 Advanced CM Configuration File Verification 24 Cable Modem MAC Deny List 28 AAA Overview The AAA feature enhances the authentication, authorization, and accounting capabilities of the E6000™ Converged Edge Router by means of the Terminal Access Controller Access Control System Plus (TACACS+) protocol. This protocol not only standardizes the interface to a network element’s AAA capabilities, it also enables centralized administration of security policies across a network of heterogeneous elements. AAA allows a customer to: Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 27-1 PRELIMINARY E6000 CER Release 1.0 The AAA Model Security • Maintain a central database of user IDs, user groups, passwords, and authentication policies • Customize access policies for the E6000 CER command set • Maintain standardized, centralized security accounting records. The AAA security model is an architectural framework for the implementation and management of common security functions within a network of heterogeneous elements. The model distinguishes authentication (verification of a user’s identity) from authorization (verification that a user’s actions are permissible) and offers accounting services with respect to both. Moreover, the model separates security policy from policy enforcement, thereby enabling a distributed security scheme with centralized policy management for each independent function. Figure 27-1 provides a network-level illustration. Router login attempt Authentication Servers Authorization Servers login attempt E6000 TM 0 1 2 3 4 5 6 7 8 9 10 11 12 Accounting Servers 13 command xyz FA N TRAY 0 FA N TRAY 1 FA N TRAY 2 E6000 CER F AN T RAY AL AR M OK F AN T R AY AL AR M OK F AN T RAY AL AR M OK Figure 27-1: AAA Security Model In Figure 27-1, the E6000 CER and the Router are AAA clients that defer login authentication and command authorization responsibilities to remote servers. Information regarding each authentication or authorization exchange is forwarded to accounting servers where historical records of user activity are maintained. Issue 1.0, 4 Feb 2013 © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 27-2 PRELIMINARY E6000 CER Release 1.0 Security Note that the AAA model itself does not demand a distributed security scheme but simply offers enough flexibility to accommodate it. Any or all of the AAA functions can be administered locally at an element. For example, an element can defer login authentication to a remote authority while authorizing each command locally based on element-specific policy such as the user’s privilege level. Similarly, an element can authenticate locally (e.g., from a password file) while deferring authorization to an external server on a percommand basis. Line Interfaces Login and enable services are available via telnet - or virtual terminal - sessions over the Router System Module (RSM) maintenance ethernet interface located on the RSM Peripheral Interface Card or RPIC and via the Craft console. Since each interface offers a different level of physical security, each may require a different level of AAA services or possibly none at all. These interfaces are referred to as “lines” and provide AAA configuration capabilities on a per-line basis. The line interface is also the target of non-AAA configuration parameters such as data rate, session timeout value, idle timeout value, pagination, and line password. Cisco’s line interface model is included as part of this feature. A line is any point of origin for a CLI session. The E6000 CER currently supports two types of lines: console lines and vty (virtual terminal) lines. A console line is a CLI session over the RPIC’s console port, while a vty line is a CLI session over a virtual terminal. All lines are independently configurable. This allows an operator to modify the configuration of a given line without affecting the configuration of other lines of the same type. For example, a user logged in on vty 0 may disable/enable pagination without disturbing the state of pagination on vty lines 1 through 15. The following is a summary of the provisioning of the line interfaces: • Configuration information includes at least session timeout, idle timeout, pagination mode, and password. The E6000 CER maintains unique parameter values for two console lines (one for each RSM) and sixteen vty (virtual terminal) lines numbered 0 through 15. The session timeout provides the maximum session length in seconds. A value of zero (default) indicates no timeout. The idle timeout provides the maximum idle time in seconds. A value of zero (default) indicates no timeout. The pagination mode provides the number of lines of consecutive output to display before pausing and prompting. A value of zero (default) indicates no pagination. The password provides the line password used for authentication if line-based authentication is active. By default, the line password is undefined. • The configuration of login authentication, enable authentication, authorization, shell accounting, and command accounting services are supported on a per-line basis. • By default: - There are two console lines, consoles 0 and 1. Console 0 is the new-start configuration port and is physically secure. There are a total of sixteen (16). Vty lines are not new-start configuration ports and are not necessarily physically secure. They may be manually configured work by default. - Issue 1.0, 4 Feb 2013 Login authentication is disabled on all lines. © 2013 ARRIS Group, Inc. — All Rights Reserved PRELIMINARY 27-3 PRELIMINARY E6000 CER Release 1.0 Security Until authentication is manually configured, access to any of the configured lines is granted without challenge. - Enable authentication is disabled on all lines. Until enable authentication is manually configured, access to enable mode on any of the configured lines is granted without challenge. - Authorization is disabled on all lines. Until authorization is manually configured, any command may be entered on any line without challenge. Note that this does not include the enable command. The enable command represents a change of privilege level; therefore, it is subject to authentication rather than authorization. - Acc