Guest

Cisco uBR10000 Series Universal Broadband Routers

Control Point Discovery (CPD)

  • Viewing Options

  • PDF (247.7 KB)
  • Feedback
Control Point Discovery (CPD)

Table Of Contents

Control Point Discovery (CPD)

Contents

Prerequisites for Control Point Discovery

Restrictions for Control Point Discovery

Information About Control Point Discovery

Control Points

Network Layer Signaling (NLS)

NLS for CPD

Control Point Discovery

CPD Protocol Hierarchy

Control Relationship

How to Configure CPD

Enabling CPD Functionality

Prerequisites

Examples

Configuring Control Relationship Identifier

Examples

Enabling NLS Functionality

Examples

Configuring Authorization Group Identifier and Authentication Key

Examples

Configuring NLS Response Timeout

Examples

Additional References

Related Documents

Standards

Technical Assistance

Command Reference

cpd

cpd cr-id

debug cpd

debug nls

nls

nls ag-id auth-key

nls resp-timeout

show cpd

show nls

show nls ag-id

show nls flow

Feature Information for Control Point Discovery


Control Point Discovery (CPD)


OL-14657-01
First Published: August 21, 2007

This document describes the Control Point Discovery (CPD) feature. This feature, along with Network Layer Signaling (NLS), enables automatic discovery of any control point associated with an end point

History for the Generic Routing Encapsulation Feature

Release
Modification

12.3(21a)BC3

This feature was introduced.


Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Control Point Discovery" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Control Point Discovery

Restrictions for Control Point Discovery

Information About Control Point Discovery

How to Configure CPD

Additional References

Command Reference

Feature Information for Control Point Discovery

Prerequisites for Control Point Discovery

There are no prerequisites for CPD.

Restrictions for Control Point Discovery

The CPD feature does not sync any dynamic CPD/NLS related data between the route processors (RPs). After sending a NLS challenge to the controller, the new active PRE will ignore the NLS response as a result of any RP switchover.

The CPEs become inaccessible for a small duration during line card switchovers. During this interval, any CPD request received on CMTS will be responded to as if the endpoint is not connected or as if the control relationship is not supported.

The CPD functionality is restricted to default VPN table id (0).

Only manual configuration of NLS authentication pass phrase would be supported for CPD/NLS security.

For NLS authentication, HMAC SHA1 (no configuration option) is used with MAC length truncated to 96 bits.

Information About Control Point Discovery

To configure the Control Point Discovery feature, you should understand the following concepts:

Control Points

Network Layer Signaling (NLS)

Control Point Discovery

Control Points

Control points are points in a network that can be used to apply certain functions and controls for a media stream. In a cable environment, the control points are Cable Modem Termination Systems (CMTS) and devices that utilizes these control points are referred to as CPD Requestors (or controllers).

Cable CPD Requestors include the following:

Call Management Server (CMS)

Policy Server (PS)

Mediation Device for Lawful Intercept (MD)

Network Layer Signaling (NLS)

Network Layer Signaling (NSL) is an on-path request protocol used to carry topology discovery and other requests in support of various applications. In the CPD feature, NLS is used to transport CPD messages.

NLS for CPD

NLS is used to transport CPD messages. The CPD data is carried under an application payload of the NLS and contains a NLS header with flow id. The NLS flow id is used during NLS authentication to uniquely identify the CPD requests and responses for an end point of interest.

NLS Flags

All NLS headers contain bitwise flags. The CMTS expects the following NLS flag settings for CPD applications:

HOP-BY-HOP = 0

BUILD-ROUTE = 0

TEARDOWN = 0

BIDIRECTOINAL = 0

AX_CHALLANGE = 0/1

AX_RESPONSE = 0/1


Note Any requests with flags other then AX flags, set to one will be rejected with an error indicating a poorly formed message.


NLS TLVs

The following NLS TLVs are supported for all CPD applications:

APPLICATION_PAYLOAD

IPV4_ERROR_CODE

IPV6_ERROR_CODE

AGID

A_CHALLENGE

A_RESPONSE

B_CHALLENGE

B_RESPONSE

AUTHENTICATION

ECHO

The following NLS TLVs are not supported for CPD applications:

NAT_ADDRESS

TIMEOUT

IPV4_HOP

IPV6_HOP

Control Point Discovery

The control point discovery feature allows CPD Requestors to determine the control point IP address between the CPD Requestor and the media endpoint.

Using Networking Layer Signaling (NLS), the control point discovery feature sends a CPD message towards the end point (MTA). The edge/aggregation device (CMTS), located between the requestor and the endpoint, will respond to the message with its IP address.


Note For Lawful Intercept, it is important that the endpoint does not receive the CPD message. In this instance, the CMTS responds to the message without forwarding it to its destination.


CPD Protocol Hierarchy

CPD messages are sent over the NLS.

The CPD Protocol Hierarchy is as follows:

1. CPD

2. NLS

3. UDP

4. IP


Note Since NLS is implemented on the UDP protocol, there is a potential of message loss. If messages are lost, the controller will re-send the CPD request in any such event.


Control Relationship

A control relationship between a control point and a controller is identified as a function on a media flow that passes through a control point. A control relationship is uniquely defined by a control relationship type (CR TYPE) and control relationship ID (CR ID). The CR ID is provisioned on CMTS as well as the controller.

Table 2 lists the supported CR TYPEs and corresponding pre-defined CR IDs

Table 1 Supported Control Relationship Types and Corresponding Control Relationship IDs

Control Relationship Type
Pre-Defined Corresponding Control Relationship ID

CR TYPE = 1 (Lawful Intercept)

CR ID = 1: CMTS

CR ID = 2: Aggregation router or switch in front of CMTS

CR ID = 3: Aggregation router or switch in front of Media Services

CR ID = 4: Media Gateway

CR ID = 5: Conference Server

CR ID = 6: Other

CR TYPE = 2 (DQoS)

CR ID = 1: CMTS

CR TYPE = 3 (PCMM)

CR ID = 1: CMTS


How to Configure CPD

This section contains the following tasks:

Enabling CPD Functionality

Configuring Control Relationship Identifier

Enabling NLS Functionality

Configuring Authorization Group Identifier and Authentication Key

Configuring NLS Response Timeout

Enabling CPD Functionality

To enable the CPD functionality, use the cpd command in global configuration mode. The CPD message authentication is determined by NLS configuration.

Prerequisites

The CPD message authentication is determined by NLS configuration.

SUMMARY STEPS

1. enable

2. configure terminal

3. cpd

4. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

cpd

Example:

Router (config)# cpd

Enables CPD functionality

Us the "no" form of this command to disable CPD functionality.

Step 4 

end

Example:

Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the cpd enabled on a router:

Router (config)# cpd
 
   

Configuring Control Relationship Identifier

To configure a Control relationship identifier (CR ID) for CMTS, use the cpd cr-id command. When CPD request comes with a wild-card CR ID, the CMTS will respond with this configured value.

SUMMARY STEPS

1. enable

2. configure terminal

3. cpd cr-id

4. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

cpd cr-id

Example:

Router (config)# cpd cr-id 100

Configures a control relationship identifier (CR ID) for CMTS.

The cr-id can be from 1 to 65535.

The default cr-id is configured as 1 (CMTS).

Step 4 

end

Example:

Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the cpd cr-id command configured with a cr-id number of 100 on a router.

Router (config)# cpd cr-id 100
 
   

Enabling NLS Functionality

To enable the NLS functionality, use the nls command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

SUMMARY STEPS

1. enable

2. configure terminal

3. nls

4. debug nls

5. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

nls

Example:

Router (config)# nls

Enables NLS functionality.

NLS authentication is optional.

It is recommended that NLS message authentication be enabled at all times.

Step 4 

debug nls

Example:

Router# debug nls

Enables NLS debug functionality.

Step 5 

end

Example:

Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls command enbaled on a router.

Router (config)# nls
 
   

Configuring Authorization Group Identifier and Authentication Key

The Authorization Group Identifier (AG ID) and corresponding authorization key are provisioned on CMTS, as well as on controller/CPD requester.

To configure the Authorization Group Identifier and Authentication Key, use the nls ag-id command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

SUMMARY STEPS

1. enable

2. configure terminal

3. nls ag-id

4. debug nls

5. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

nls ag-id

Example:

Router (config)# nls ag-id 100 auth-key 20

Configures the Authorization Group Identifier and Authentication Key.

Authorization Group ID (AG ID) can range from 1 to 4294967294.

Authentication Keys can range from 20 to 64.

Step 4 

debug nls

Example:

Router (config)# debug nls

Enables NLS debug functionality.

Step 5 

end

Example:

Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls ag-id command with an Authorization Group ID of 100 and Authentication Key of 20.

Router (config)# nls ag-id 100 auth-key 20
 
   

Configuring NLS Response Timeout

The NLS response timeout governs the time CMTS will wait for getting a response for a NLS authentication request.

To configure the NLS response timeout, use the nls ag-id command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

SUMMARY STEPS

1. enable

2. configure terminal

3. nls resp-timeout

4. debug nls

5. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

nls resp-timeout

Example:

Router (config)# nls resp-timeout 60

Configures the NLS response time.

NLS response times can range from 1 to 60 seconds.

NLS response time has a default setting of 1 second.

Step 4 

debug nls

Example:

Router (config)# debug nls

Enables NLS debug functionality.

Step 5 

end

Example:

Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls resp-timeout command with a response timeout setting of 60 seconds.

Router (config)# nls resp-timeout 60
 
   

Additional References

The following sections provide references related to the CPD feature.

Related Documents

Related Topic
Document Title

CMTS

Cisco CMTS Feature Guide

Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators

Transparent LAN Service over Cable

Troubleshooting the System


Standards

Standard
Title

Internet Draft, Network Layer Signaling: Transport Layer

Internet Draft, Network Layer Signaling: Transport Layer (IETF draft-shore-nls-tl-05.txt)

PacketCable™ Control Point Discovery Interface Specification

PacketCable™ Control Point Discovery Interface Specification (PKT-SP-CPD-I02-061013)


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html


Command Reference

This section documents only commands that are new or modified.

cpd

cpd cr-id

debug cpd

debug nls

nls

nls ag-id auth-key

nls resp-timeout

show cpd

show nls

show nls ag-id

show nls flow

cpd

To enable the Control Point Discovery (CPD) feature, use the cpd command in global configuration mode. To disable CPD, use the no form of this command.

cpd

no cpd

Command Default

CPD is enabled.

Command Modes

Global configuration

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows the cpd enabled on a router:

Router (config)# cpd

Related Commands

Command
Description

cpd cr-id

Configures a control relationship identifier.


cpd cr-id

To configure a Control relationship identifier (CR ID), the cpd cr-id command in global configuration mode. To disable the CR ID, use the no form of this command.

cpd cr-id cr id number

no cpd cr-id

Syntax Description

cr id number

Control relationship identifier. The valid range is 1 to 65535.


Command Default

The cr-id is configured as 1.

Command Modes

Global configuration

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows the control relationship identifier configured as 236:

Router(config)# cpd cr-id 236

Related Commands

Command
Description

cpd

Enables CPD functionality.


debug cpd

To debug the CPD feature, use the debug cpd command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug cpd verbose

no debug cpd verbose

Syntax Description

verbose

(Optional) Displays detailed debugging information.


Command Default

Debug is disabled and CPD request and response messages are not displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows enabling the debug cpd command:

Router# debug cpd

Related Commands

Command
Description

cpd

Enables CPD.


debug nls

To debug the NLS request, use the debug nls command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug nls verbose

no debug nls verbose

Syntax Description

verbose

(Optional) Displays detailed debugging information.


Command Default

Debug is disabled and NLS messages are not displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows enabling the debug nls command:

Router# debug nls

Related Commands

Command
Description

nls

Enables Network Layer signalling (NLS) functionality.


nls

To enable Network Layer Signaling (NLS) functionality, use the nls command in global configuration mode. To disable NLS functionality, use the no form of this command.

nls [authentication]

no nls [authentication]

Syntax Description

authentication

(Optional) Enables NLS protocol security authentication.


Command Default

Disabled.

Command Modes

Global configuration

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Usage Guidelines

It is recommended that NLS message authentication is enabled all the time.

Examples

The following example shows nls enabled on a router:

router (config)# nls

Related Commands

Command
Description

cpd

Enables the CPD feature.

nls ag-id auth-key

Configures an Authorization Group Identifier (AG ID) for CMTS.

nls resp-timeout

Configures NLS response timeout.


nls ag-id auth-key

To configure an Authorization Group Identifier (AG ID) for CMTS, use the nls ag-id auth-key command in global configuration mode. To disable the AG ID, use the no form of this command.

nls ag-id auth-key

no nls ag-id auth-key

Syntax Description

ag-id number

Authorization Group Identifier. The valid range is 1-4294967294.

auth-key char

Authentication key provisioned on CMTS. The valid range is 20-64.


Command Default

Disabled

Command Modes

Global configuration

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows configuring the AG ID:

Router(config) # nls ag-id 345 auth-key 54

Related Commands

Command
Description

cpd

Enables CPD.

nls

Enables Network Layer Signaling (NLS) functionality.

nls resp-timeout

Configures NLS response timeout.


nls resp-timeout

To configure the NLS response timeout, use the nls resp-timeout command in global configuration mode. To disable CPD, use the no form of this command.

nls resp-timeout timeout number

no nls resp-timeout timeout number

Syntax Description

timeout number

Controls the time CTMS will wait before getting a response for an NLS information request. The valid range is 1-60 seconds. Upon a response timeout, the CPD message is dropped.


Command Default

The default timeout is 1 second.

Command Modes

Global configuration

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows configuring the NLS response timeout:

Router(config)#nls rssp-timeout 35

Related Commands

Command
Description

cpd

Enables CPD.

nls

Enables Network Layer signalling (NLS) functionality.

nls ag-id auth-key

Configures an Authorization Group Identifier (AG ID) for CMTS.


show cpd

To display the CPD functionality state, use the show cpd command in privileged EXEC mode.

show cpd

Command Default

Information for the CPD state is displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows the output of the show cpd command:

Router# show cpd
CPD enabled
CR ID :12345

Related Commands

Command
Description

cpd

Enables CPD.


show nls

To display the Network Layer Signalling (NLS) functionality state, use the show nls command in privileged EXEC mode.

show nls

Command Default

Information for the NLS state is displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows the output of the show cpd command:

Router# show nls
NLS enabled
NLS Authentication enabled
NLS resp-timeout 45

Related Commands

Command
Description

cpd

Enables CPD.


show nls ag-id

To display authorization group ID information, use the show nls ag-id command in privileged EXEC mode.

show nls ag-id

Command Default

Authorization group ID information is displayed. The authentication key is saved encrypted and is not displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows the output of the show nls-sg-id command:

Router# show nls ag-id
Auth Group Id
12345
 
   

Related Commands

Command
Description

cpd

Enables CPD.


show nls flow

To display NLS active flow information, use the show nls flow command in privileged EXEC mode.

show nls flow

Command Default

Information for NLS active flows are displayed.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.3(21a)BC3

This command was introduced.


Examples

The following example shows the output of the show cpd command:

Router# show nls flow
NLS flowid CPE IP CR Type CR ID NLS State
4294967295 16.16.1.1 1 1 PEND_B_RESP
 
   

Related Commands

Command
Description

cpd

Enables CPD.


Feature Information for Control Point Discovery

Table 2lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 2 Feature Information for <Phrase Based on Module Title> 

Feature Name
Releases
Feature Information

Control Point Discovery

12.3(21a)BC3

The control point discovery feature allows CPD Requestors to determine the control point IP address between the CPD

The following commands were introduced or modified by this feature:

cpd

cpd cr-id

debug cpd

debug nls

nls

nls ag-id auth-key

nls resp-timeout

show cpd

show nls

show nls ag-id

show nls flow