Overview of the Cable Access Network
Before we examine in detail the workings of DOCSIS modems and their corresponding CMTSes, we will look briefly, at a high level, how a DOCSIS access network operates.
DOCSIS cable modems located in homes are clients of Cable Modem Termination Systems, which are located at the other end of the coax/fiber access link, at the MSO's headend. In order that the CMTS is properly able to manage the access network, on which there may be several hundred cable modems all competing for the available upstream and downstream bandwidth, DOCSIS cable modems are required to obtain and obey instructions from the CMTS. This ensures that the resources are allocated fairly and efficiently among the active cable modems on the network.
When a cable modem is first connected to the cable and powered up, a complex series of transactions takes place between the modem and its CMTS. The modem is at all times unaware (at least directly) of the presence of other modems on the network; the modem communicates only with the CMTS. This is true even if two modems on the same access network wish to communicate—all traffic passes through the CMTS.
The cable modem initialization sequence is as follows.
Locate a downstream channel and synchronize operation with the CMTS.
Obtain upstream transmit parameters from the CMTS.
Perform a ranging operation.
Confirm that IP connectivity exists.
Synchronize time of day with the CMTS.
Transfer operational parameters between CM and CMTS.
Initialize Baseline Privacy Plus.
In order to perform this sequence in a reliable and secure manner, two items are placed in the cable modem at the time of manufacture. These items are in nonvolatile memory and should never be changed.
A unique 48-bit MAC address (equivalent to the MAC address in an ordinary Ethernet network interface card)
An X.509 digital certificate, which is used to authenticate the modem to the CMTS. Typically, this certificate is signed by the modem manufacturer, whose public key the service provider has obtained through other means and that is loaded into the CMTS software so that it can authenticate modems as they attempt to initialize and obtain service.
The cable modem begins to scan the 6 MHz downstream video channels, looking for a CMTS signal. If the modem has previously been used and is simply restarting after a temporary failure—for example, power-down—the modem first tries to lock on to a CMTS signal in the most recently used downstream channel. It continues to scan until it finds a signal that it can properly detect and with which it can properly synchronize.
Obtaining Upstream Parameters
The CMTS periodically transmits messages called Upstream Channel Descriptors (UCDs) on all downstream channels. Nominally, UCDs are broadcast every two seconds. UCDs describe the correct parameters that a modem must use to transmit on the various upstream channels to which the CMTS is currently listening.
When the modem receives a UCD containing parameters for a channel that it can use, it stores this information and uses it to determine the transmit parameters for future upstream transmissions.
As well as UCDs, the CMTS periodically transmits SYNC messages (nominally every 200 milliseconds). These contain information about the CMTS's notion of time and allow the modem to synchronize properly with the CMTS and the other modems on the network.
A number of operational parameters within the modem may need to be adjusted slightly in order to guarantee that all modems on the access link are operating cooperatively. For example, the transmit power level or the center frequency of the upstream channel might need to be adjusted slightly if the modem is out of alignment. In addition, since cable modems are not all at the same distance from the CMTS, it is insufficient for a CM merely to synchronize its clock with the CMTS. It must also have some notion of the transmission delay between itself and the CMTS, otherwise the transmissions from two modems, one told to transmit at time t and another told to transmit at time t', might overlap.2
In order to make these adjustments, the cable modem must actively exchange information with the CMTS. It does this through a process known as ranging. Cable modem transmissions are sent in one of two modes: contention or noncontention. In the cable system, time is divided into short intervals known as minislots, which are a small multiple of 6.25 microseconds in length. (The precise duration of a minislot depends on the modulation scheme in use. Basically, a minislot is usually the time taken to transmit 16 octets.) Noncontention minislots are allocated by the CMTS in such a way that only one CM is permitted to transmit within the minislot. Transmissions occurring in noncontention minislots have a high probability of being received correctly at the CMTS, since it is guaranteed that there will be no other signal on the line in the same upstream channel at the same time. Contention minislots (which are typically about 25% of the available total) are unallocated, and any CM is permitted to transmit during them. These transmissions may have a low probability of being received correctly if there are many active devices on the access network.
The CMTS manages the ratio of contention to noncontention minislots, just as it manages exactly which modem may transmit during a noncontention minislot. In fact, at the risk of digressing from the point at hand, calculating optimum ratio of noncontention to contention minislots is an interesting problem in network bandwidth management, since it depends on the kind of data that is passing across the network. If most of the traffic flows at relatively constant rates (for example, when the network is handling principally telephony traffic), then there are fewer ad hoc requests for upstream bandwidth, and the need for contention minislots decreases. This in turn allows the CMTS to allocate more bandwidth to noncontention minislots, and thus even more telephony-like traffic may be permitted to flow. If, on the other hand, the traffic is "bursty", such as occurs with Web browsing, then the number of contention minislots typically needs to be increased and the usable bandwidth of the system decreases. A good working average of noncontention:contention mode slots for "typical" traffic is roughly 3:1.
Except for informational messages, transmissions sent in contention mode usually demand an explicit response from the CMTS. If the expected response is not received, the CM will usually retransmit the transmission in another contention-mode minislot, and will continue to do so until a response is received.
Ranging requests are sent in contention mode and so may need to be repeated a number of times before the CM receives the information it desires from the CMTS. In response to a ranging request, the CMTS will instruct the CM to adjust parameters such as clock skew, carrier frequency and transmit power so that they are within acceptable limits.
In addition to the ranging performed during initialization, the CMTS provides specific opportunities for each attached CM to perform subsequent ranging operations to ensure that slight adjustments to the operational parameters may be made as necessary, so that the entire system stays acceptably synchronized.
Establishing IP Connectivity
Once the low-level transmission parameters are properly set, the CM should be able to communicate correctly with the CMTS (and, through it, to the MSO's network on the far side of the CMTS). It now begins communication by transmitting a Dynamic Host Configuration Protocol (DHCP) "discover" request. In response, a DHCP server provides the modem with an assigned IP address, as well as the address of another DHCP server (possibly the same one) that can provide the modem with more parameters. The initial DHCP response also contains name of a file that contains further, network-specific configuration parameters for the CM. The CM issues a DHCP request to the second server and obtains whatever additional parameters are needed to establish IP connectivity with the network. Note that it does not yet download the configuration file.
Synchronizing Time of Day
As well as a low-level shared notion of time (for the correct synchronization of packet transmissions), the CM and the CMTS need to share a common notion of the approximate time of day, which may be used for logging abnormal events and for key management by the security system (which will typically require that keys be changed periodically).
One of the parameters obtained from the DHCP server is the address of a Time Server (which may be the DHCP server itself). The modem connects to this server on port 37 and obtains the time, using the Time Protocol specified in RFC 868.
Transferring Operational Parameters
The CM now downloads the configuration file whose name was provided by the original DHCP server. This download uses the Trivial File Transfer Protocol specified in RFC 1350. The operational parameters overwrite any default values configured into the modem during manufacture.
A large number of parameters may (but need not) be present in the configuration file. These parameters provide values used by the low-level system, such as upstream and downstream channel frequencies and data rates, as well the addresses of various network servers, timer values, and so on. If explicit values are not provided, the modem adopts sensible default values provided at the time of manufacture.
The configuration file may direct the modem to use an upstream or downstream channel different from the one it is already using, in which case the modem switches to the new channel(s) and performs a new Ranging request.
Once the modem has obtained and processed the configuration file, it informs its CMTS of the values of its operational parameters in a Registration Request message. The CMTS assigns Service IDs (SIDs), which will be used to identify the various classes of service flowing through this particular modem and informs the modem of the SID values that have been assigned to it.
Initializing Baseline Privacy Plus
A security association between a cable modem and its CMTS allows information to flow between the two without fear that the data can be read or manipulated by a third party. This is an important requirement on a cable access network, since there is at least a theoretical possibility that a neighbor may be eavesdropping on the CM-CMTS communication.
In order to create a security association, the modem now initializes its Baseline Privacy Plus (BPI+) configuration, which effectively secures the link from casual eavesdroppers. (BPI+, however, uses only 56-bit DES to secure the link, which is insufficient to deter a determined attempt to decrypt the traffic.) Once BPI+ is correctly initialized, the modem is a fully fledged member of the network, operating completely under the control of the CMTS.