Creating DOCSIS Cable modem configuration files

最新推荐文章于 2021-07-22 17:37:16 发布

kewb_2013

最新推荐文章于 2021-07-22 17:37:16 发布

阅读量2.2k

点赞数

文章标签： create config file

本文链接：https://blog.csdn.net/kewbblog/article/details/8908164

版权

DOCSIS 专栏收录该内容

54 篇文章 1 订阅

订阅专栏

Creating DOCSIS Cable modem configuration files

http://www.cmtsinfo.net/index.php?howto=cm_config

1)Basics

First one must obtain a program to convert text config files to binary DOCSIS format.

A free, console program is found here. Install as usual, problems with compilation are to be expected.. (docsis program last update was in 2006).

Another program can be downloaded from here(Windows only). It supports GUI and tree like view.

2) Basic settings

Our first file will just allow network acces and limit download/upload speeds:

Main
{
  NetworkAccess 1;            /* enables packet forwarding */
  GlobalPrivacyEnable 0;      /* disables BPI(encryption) */
  UsServiceFlow               /* creates an upstream service flow */
  {
    UsServiceFlowRef 1;       /* SF number */
    QosParamSetType 7;        /* activates SF */
    TrafficPriority 3;        /* sets medium priority */
    MaxRateSustained 128000;  /* max upstream transfer rate - 128kb/s */
  }
  
  DsServiceFlow               /* creates an downstream service flow */
  {
    DsServiceFlowRef 2;       /* SF number */
    QosParamSetType 7;        /* activates SF */
    TrafficPriority 3;        /* sets medium priority */
    MaxRateSustained 1000000; /* max downstream transfer rate - 1Mb/s */
  }

}

Reader's comment: Please note that Ds/UsServiceRef numbers must be unique in cable modem config.
On Cisco CM with same Ds and UsServiceFlowRef will end up with reject(c) status.

3) Adding advanced parameters

This file includes DS frequency, US channel number, 1 classifier, 3 service flows and limits user devices connected to modem.

Main
{
    NetworkAccess 1;                   /* enables packet forwarding */
    GlobalPrivacyEnable 0;             /* disables BPI(encryption) */
    DownstreamFrequency 410000000;     /* sets DS frequency to 410MHz */
    UpstreamChannelId 3;               /* sets 3rd US channel */
    MaxCPE 3;                          /* allows max 3 user devices */
    CpeMacAddress 00:00:00:00:00:00;   /* device #1 MAC is 00:00... */
    CpeMacAddress 11:11:11:11:11:11;   /* device #2 MAC is 11:11... */
    
    DsPacketClass
    {
      ClassifierRef 2;                 /* Classifier number */
      ServiceFlowRef 4;                /* forwards packets using SF #4 */
      RulePriority 3;                  /* Low priority classifier */
      ActivationState 1;               /* enables classifier */
      IpPacketClassifier
      {
        IpTos 0x0808ff;                /* matches ToS 0x08 */
      }
    }
    
    UsServiceFlow
    {
      UsServiceFlowRef 1;              /* SF number */
      QosParamSetType 7;               /* activates SF */
      TrafficPriority 3;               /* sets medium priority */
      MaxRateSustained 128000;         /* max transfer rate - 128kb/s */
    }
    
    DsServiceFlow
    {
      DsServiceFlowRef 2;              /* SF number */
      QosParamSetType 7;               /* activates SF */
      TrafficPriority 3;               /* sets medium priority */
      MaxRateSustained 1000000;        /* max transfer rate - 1Mb/s */
    }
    
    DsServiceFlow
    {
      DsServiceFlowRef 4;              /* SF number */
      QosParamSetType 7;               /* activates SF */
      TrafficPriority 3;               /* sets medium priority */
      MaxRateSustained 2000000;        /* max transfer rate - 2Mb/s */
    }
}

4) Global Parameters explained

Name	Description	Values
NetworkAccess	Controlls whether modem forwards data between USB/Ethernet and RF interfaces	0 - forwarding disabled 1 - forwarding enabled
GlobalPrivacyEnable	Enables BPI(encryption on RF interface)	0 - disables BPI 1 - enables BPI
DownstreamFrequency	Specifies downstream channel frequency in Hz	Frequency in HZ
UpstreamChannelId	Specifies the upstream channel number for that downstream	Desired upstream channel number
MaxCPE	Number of MAC addresses(computers, network devices), that modem will learn and forward packets from. This includes managed switches, APs etc.	Number of such devices
CpeMacAddress	Specifies MAC address of a computer/device. Number of CpeMacAddress commands must be less or equal MaxCPE. Usefull when you don't want the modem to learn Access point's IP address	MAC address of one device
MaxClassifiers	Maximum number of admitted and active upstream classifiers, that modem is allowed to have
DocsisTwoEnable	Enables DOCSIS 2.0	0 - disabled, 1 - enabled
GenericTLV	Allows to enter TLVs unsupported by program	Sytnax: TlvCode XXX TlvLength X TlvValue 0xXX
SwUpgradeFilename	Specifies firmware filename on TFTP server.	"filename"
SwUpgradeServer	Specifies TFTP server IP address	IP address
SnmpMibObject	Specifies OID to set	Syntax: OID type value
SnmpWriteControl
MfgCVCData	Producers certificate used for firmware upgrade.	Must be used several times to represent whole certificate. Can specify 254 hex chars max at a time.
MtaConfigDelimiter

Note: to create Mfg CVC Data, take mfg cert and then:

  hexdump -v -e ' 2/1 "%02X" ' -n 254 cert.cer

The complete MfgCVCData option would be MfgCVCData 0xOUTPUT_FROM_ABOVE;
To create next portion just skip first 254 chars with -s:

   hexdump -v -e ' 2/1 "%02X" ' -n 254 -s 254 cert.cer

Increase -s by 254 for next portions.

5)Service flow parameters explained

General SF parameters:

Name	Description	Values
QosParamSetType	Quality of Service Parameter Set Type. Describes whether service flow is: Provisioned, Admitted and Active. Bit0 - Provisioned flag, Bit1 - Admitted flag, Bit2 - Active flag. For a servce flow to be working all 3 bits must be set to 1. Binary 111 equals 7 deciminal.	7 - Active other - disabled
TrafficPriority	Sets priority for packets matching that service flow. CMTS should serve first SFs with higher priority.	0 - lowest (default) 7 - highest
MaxRateSustained	Maximal transfer speed in b/s.	Speed in b/s
MaxTrafficBurst	Specifies how much data can be sent in one burst.	Value in bytes
MinReservedRate	Minimal bandwidth reserverd for that service flow	Speed in b/s
MinResPacketSize	Used for calculating minreserved rate, when smaller packets are sent, size from this field is taken for calculations instead of actual packet size.	Size in bytes.
ActQosParamsTimeout	Specifies how long CMTS reserves resources for that(active) service flow.	Value in seconds.
AdmQosParamsTimeout	Specifies how long CMTS reserves resources for that(admitted) service flow.	Value in seconds.
ServiceClassName	Specifies service class which that servce flow is part of	"service_class_name"

Downstream specific parameters:

Name	Description	Values
DsServiceFlow	Creates downstream service flow	none
DsServiceFlowRef	Number of downstream service flow - must match ServiceFlowRef in packet clasifiers(if exists). Service flows with lowest numbers are taken as default - no classifiers needed there.	any number (1-65535)
MaxDsLatency	Sprecifies maximal time between reception of packet and forwarding it to RF interface on t-he CMTS	Value in micro seconds.

Upstream specific parameters:

Name	Description	Values
UsServiceFlow	Creates upstream service flow	none
UsServiceFlowRef	Number of upstream service flow - must match ServiceFlowRef in packet clasifiers(if exists). Service flows with lowest numbers are taken as default - no classifiers needed there.	any number (1-65535)
MaxConcatenatedBurst	Maximum data in bytes to be transmited in one concatenation burst	Size in bytes, default 1522
SchedulingType	Scheduling type to be used in service flow	2- Best effort, 3 - Non-Real-Time Polling, 4 - Real-Time Polling, 5 - Unsolicited Grant Service with Activity Detection, 6 - Unsolicited Grant Service
RequestOrTxPolicy	Request/Transmission Policy - specifies behaviour of a serice flow	There are 16 bits numbered from 15 to 0. Bit0 disables all cm opportunities, bit1 disables Priority Request multicast opportunities, bit2 disables Request/Data opportunities for Requests bit3 same for data, bit4 disables piggyback requests with data, bit5 disables concatenation, bit6 disables fragmentation, bit7 disables payload header suppression, bit8 enables droping of packets that do not fit in the Unsolicited Grant. Example: 0x000001ff; Size
IpTosOverwrite	Enables overwriting ToS values for matchin packets	New ToS=(Old Tos AND AA) OR OO,example: 0xAAOO

I've purposely omited information about other sheduling types: UGS, UGS with AD, non real-time polling, real-time polling.
Test revealed that they are only useful with VOIP and/or streaming video. One may use source ip or destination port based classifier to capture voip traffic and limit UP- and down-stream service flows to no more than 128k. Since its uselles for browsing the internet no one should exploit that SF. With streaming video destiantion IP of video server must be known because high speed, low latency connection is VERY likely to be exploited if unprotected properly. It might be good idea for voip to create separate IP address class for voip gateways and create best effort service flows with highest traffic priority. Adding MinReservedRate may give even better results.

6)Classifies

IP and port based classifier

UsPacketClass {
  ServiceFlowRef 3;
  ClassifierRef 11;
  RulePriority 68;
  ActivationState 1;
  IpPacketClassifier {          /* Matches: */
    IpSrcAddr 192.168.0.0;      /* source IPs from 192.168.0.0 */
    IpSrcMask 255.255.255.0;    /* to 192.168.0.255 */
    SrcPortStart 1024;          /* source ports from 1024 */
    SrcPortEnd 2000;            /* to 2000 */
    IpDstAddr 113.206.95.144;   /* destination IPs from 113.206.95.144 */
    IpDstMask 255.255.255.248;  /* to 113.206.95.151 */
    DstPortStart 80;            /* destination port 80 */
    DstPortEnd 80;
    IpProto 6;                  /* TCP protocol */
  }
}

MAC address based classifier

UsPacketClass {
  ServiceFlowRef 3;
  ClassifierRef 11;
  RulePriority 68;
  ActivationState 1;
  LLCPacketClassifier {         
    SrcMacAddress 00:11:22:33:44:55 /* Matches that MAC address  */
  }
}

General classifier parameters:

Name	Description	Values
DsPacketClass	Creates downstream classifier	none
UsPacketClass	Creates upstream classifier	none
ClassifierRef	Number of classifier, must be unique in config file	any number (1-255)
ServiceFlowRef	ServiceFlowRef - number of service flow, which is used if packets matches that classifier.	Number of existing SF
RulePriority	Specifies the priority for the classifier. Higher number - higher priority. Classifiers with higher priority are checked first.	any number (0-255)
ActivationState	Enables classfier	1 - enabled,0 - disabled?
DscAction	What to do with classifier when Dynamic Service Change Request is recived	0 - Add clasifier,1 - replace classifier, 2 - delete classifier

IP classifier parameters:

Name	Description	Values
IpPacketClassifier	Creates IP classifier match	none
IpTos	Matches ToS values	0xLLHHMM, where LL - low tos, HH -high tos, MM - tos mask. Matches packets, where LL >= (tos AND MM) <= HH.
IpSrcAddr	Matches source IP	IP address
IpSrcMask	Specifies source mask. Match = SrcIP AND SrcMask	IP address
IpDstAddr	Matches destination IP	IP address
IpDstMask	Specifies destination mask. Match = DstIP AND DstMask	IP address
SrcPortStart	Matches source ports staring from that value	0(default)-65535
SrcPortEnd	Matches source ports ending on that value	0-65535(default)
DstPortStart	Matches destination ports staring from that value	0(default) - 65535
DstPortEnd	Matches destination ports ending on that value	0-65535(default)
IpProto	Matches IP protocol	1 - ICMP, 6 - TCP, 17- UDP 256 - any, 257 - TCP+UDP, 0 - ignore this field

LLC classifier parameters:

Name	Description	Values
LLCPacketClassifier	Creates LLC(MAC) classifier match	none
DstMacAddress	Matches destination MAC	MAC address
SrcMacAddress	Matches source MAC	MAC address
EtherType	Matches ethertype	Ethertype in hex

802.1q classifier parameters:

Name	Description	Values
IEEE802Classifier	Creates 802.1P/Q classifier match	none
UserPriority	Matches priority field	0-7
VlanID	Matches vlan ID field	0-4095

IP, LLC and IEEE802 matches may be used together in one classifier.

7) SNMP parameters for use in docsis configuration files

SNMP v1 access table:

Allows read-only access for community string some_password from 192.168.0.1/24 coming only from RF interface of a CM.
.1 means that it's first entry - remember to change when adding more.

SnmpMibObject docsDevNmAccessStatus.1 Integer 4; /* createAndGo */
SnmpMibObject docsDevNmAccessIp.1 IPAddress 192.168.0.1 ;
SnmpMibObject docsDevNmAccessIpMask.1 IPAddress 255.255.255.0 ;
SnmpMibObject docsDevNmAccessControl.1 Integer 2; /* read */
SnmpMibObject docsDevNmAccessInterfaces.1 HexString 0x40;
SnmpMibObject docsDevNmAccessCommunity.1 String "some_password" ;

Nmaccess entries explained:

Name	Description	Values
docsDevNmAccessStatus	Configures row creation and it's activation	1 - active, 2 - inactive, 4 - create and activate, 5 - create and deactivate, 6 - delete. Stick wtih 4.
docsDevNmAccessIp	Specifies source IP of a SNMP query matching this rule.	IP address
docsDevNmAccessIpMask	Specifies source IP mask of a SNMP query matching this rule.	mask address
docsDevNmAccessControl	Specifies access privileges	2 - RO, 3 - RW, 4 - RO with traps, 5 - RW with traps, 6 - traps
docsDevNmAccessInterfaces	Specifies matching interface	0x40 - cable, 0x80 - ethernet, 0xC0,0x00 - both
docsDevNmAccessCommunity	Specifies the community string	"desired_community_string"

Firewall rule:

This firewall rule prevents users from sending mail using port 25(SMTP).
Note that by setting docsDevFilterIpDefault to 2(drop) one can allow only selected traffic insted of droping it.

SnmpMibObject docsDevFilterIpControl.7 Integer 1; /* discard */
SnmpMibObject docsDevFilterIpIfIndex.7 Integer 0 ;
SnmpMibObject docsDevFilterIpDirection.7 Integer 3; /* both */
SnmpMibObject docsDevFilterIpBroadcast.7 Integer 2; /* false */
SnmpMibObject docsDevFilterIpSaddr.7 IPAddress 0.0.0.0 ;
SnmpMibObject docsDevFilterIpSmask.7 IPAddress 0.0.0.0 ;
SnmpMibObject docsDevFilterIpDaddr.7 IPAddress 0.0.0.0 ;
SnmpMibObject docsDevFilterIpDmask.7 IPAddress 0.0.0.0 ;
SnmpMibObject docsDevFilterIpProtocol.7 Integer 6 ;
SnmpMibObject docsDevFilterIpSourcePortLow.7 Integer 0 ;
SnmpMibObject docsDevFilterIpSourcePortHigh.7 Integer 65535 ;
SnmpMibObject docsDevFilterIpDestPortLow.7 Integer 25 ;
SnmpMibObject docsDevFilterIpDestPortHigh.7 Integer 25 ;
SnmpMibObject docsDevFilterIpStatus.7 Integer 4; /* createAndGo */

Notable parameters

Name	Description	Values
docsDevFilterIpControl	Discards or accepts the traffic	1 - discard, 2 - accept
docsDevFilterIpDirection	Specifies the direction of packet to match.	1 - incoming, 2 - outgoing, 3 - both directions
docsDevFilterIpBroadcast	Matches ONLY broadcast traffic.	1 - yes, 0 - no

Other:

Specifies maximal number of source IPs that modem is forwarding from Ethernet and USB interfaces.
WARNING: Undesired operation on some modems - allows only 1 IP per MAC address. This may sound good but PCs get modem assigned(192.168.100.X) and windows private IPs all the time. Result: no network access.

SnmpMibObject docsDevCpeIpMax.0 Integer 3 ;

8) Other configuarion parameters

Currently other parameters are only listed. Will write descriptions when there's time.

Baseline Privacy, must be turned on by GlobalPrivacyEnable.

Name	Description	Values
SAMapWaitTimeout
SAMapMaxRetries
BaselinePrivacy	Specifies BPI options	none - tree
AuthTimeout
ReAuthTimeout
AuthGraceTime
ReKeyTimeout
TEKGraceTime
AuthRejectTimeout

SNMPv3 specific:

Name	Description	Values
SnmpV3Kickstart	Specifies SNMPv3 engine options	none - tree
SnmpV3SecurityName
SnmpV3MgrPublicNumber

Name	Description	Values
SnmpV3TrapReceiver	Specifies SNMPv3 traps settings	none - tree
SnmpV3TrapRxIP
SnmpV3TrapRxPort
SnmpV3TrapRxType
SnmpV3TrapRxTimeout
SnmpV3TrapRxRetries
SnmpV3TrapRxFilterOID
SnmpV3TrapRxSecurityName		"security_name"

PHS - Payload header supression:

Name	Description	Values
PHS	Specifies PHS options	none - tree
PHSClassifierRef
PHSClassifierId
PHSServiceFlowRef
PHSServiceFlowId
PHSField
PHSIndex
PHSMask
PHSSize
PHSVerify

Vendor specific:

Name	Description	Values
VendorSpecific	Specifies vendor specific options	none - tree
VendorIdentifier	Specifies vendor identifier	vendor id - 0xIIIIII

Modem Capabilities:

Everything shuld be enabled by default so use it only to disable things.

Name	Description	Values
ModemCapabilities	Starts the tree	none
ConcatenationSupport
ModemDocsisVersion
FragmentationSupport
PHSSupport
IGMPSupport
BaselinePrivacySupport
DownstreamSAIDSupport
UpstreamSIDSupport
DCCSupport
SubMgmtControl
SubMgmtFilters

kewb_2013

关注

0
点赞
踩
3

收藏

觉得还不错? 一键收藏
0
评论
Creating DOCSIS Cable modem configuration files

Creating DOCSIS Cable modem configuration fileshttp://www.cmtsinfo.net/index.php?howto=cm_config1)BasicsFirst one must obtain a program to convert text config files to binary DOCSIS
复制链接

扫一扫