Control Point Discovery

This document describes the Control Point Discovery (CPD) feature. This feature, along with Network Layer Signaling (NLS), enables automatic discovery of any control point associated with an end point.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/. An account on http://www.cisco.com/ is not required.

Contents

Hardware Compatibility Matrix for Cisco cBR Series Routers


Note


The hardware components introduced in a given Cisco IOS-XE Release are supported in all subsequent releases unless otherwise specified.


Table 1. Hardware Compatibility Matrix for the Cisco cBR Series Routers

Cisco CMTS Platform

Processor Engine

Interface Cards

Cisco cBR-8 Converged Broadband Router

Cisco IOS-XE Release 16.5.1 and Later Releases

Cisco cBR-8 Supervisor:

  • PID—CBR-CCAP-SUP-160G

  • PID—CBR-CCAP-SUP-60G

  • PID—CBR-SUP-8X10G-PIC

Cisco IOS-XE Release 16.5.1 and Later Releases

Cisco cBR-8 CCAP Line Cards:

  • PID—CBR-LC-8D30-16U30

  • PID—CBR-LC-8D31-16U30

  • PID—CBR-RF-PIC

  • PID—CBR-RF-PROT-PIC

  • PID—CBR-CCAP-LC-40G-R

Cisco cBR-8 Downstream PHY Modules:

  • PID—CBR-D30-DS-MOD

  • PID—CBR-D31-DS-MOD

Cisco cBR-8 Upstream PHY Modules:

  • PID—CBR-D30-US-MOD

  • PID—CBR-D31-US-MOD

Prerequisites for Control Point Discovery

No special equipment or software is needed to use the Control Point Discovery feature.

Restrictions for Control Point Discovery

  • The CPD feature does not sync any dynamic CPD/NLS related data between the route processors (RPs). After sending a NLS challenge to the controller, the new active PRE will ignore the NLS response as a result of any RP switchover.
  • The CPEs become inaccessible for a small duration during line card switchovers. During this interval, any CPD request received on CMTS will be responded to as if the endpoint is not connected or as if the control relationship is not supported.
  • The CPD functionality is restricted to default VPN table id (0).
  • Only manual configuration of NLS authentication pass phrase would be supported for CPD/NLS security.
  • For NLS authentication, HMAC SHA1 (no configuration option) is used with MAC length truncated to 96 bits.

Information About Control Point Discovery

To configure the Control Point Discovery feature, you should understand the following concepts:

Control Points

Control points are points in a network that can be used to apply certain functions and controls for a media stream. In a cable environment, the control points are Cable Modem Termination Systems (CMTS) and devices that utilizes these control points are referred to as CPD Requestors (or controllers).

Cable CPD Requestors include the following:

  • Call Management Server (CMS)
  • Policy Server (PS)
  • Mediation Device for Lawful Intercept (MD)

Network Layer Signaling (NLS)

Network Layer Signaling (NSL) is an on-path request protocol used to carry topology discovery and other requests in support of various applications. In the CPD feature, NLS is used to transport CPD messages.

NLS for CPD

NLS is used to transport CPD messages. The CPD data is carried under an application payload of the NLS and contains a NLS header with flow id. The NLS flow id is used during NLS authentication to uniquely identify the CPD requests and responses for an end point of interest.

NLS Flags

All NLS headers contain bitwise flags. The CMTS expects the following NLS flag settings for CPD applications:

  • HOP-BY-HOP = 0
  • BUILD-ROUTE = 0
  • TEARDOWN = 0
  • BIDIRECTOINAL = 0
  • AX_CHALLANGE = 0/1
  • AX_RESPONSE = 0/1

Note


Any requests with flags other then AX flags, set to one will be rejected with an error indicating a poorly formed message.
NLS TLVs

The following NLS TLVs are supported for all CPD applications:

  • APPLICATION_PAYLOAD
  • IPV4_ERROR_CODE
  • IPV6_ERROR_CODE
  • AGID
  • A_CHALLENGE
  • A_RESPONSE
  • B_CHALLENGE
  • B_RESPONSE
  • AUTHENTICATION
  • ECHO

The following NLS TLVs are not supported for CPD applications:

  • NAT_ADDRESS
  • TIMEOUT
  • IPV4_HOP
  • IPV6_HOP

Control Point Discovery

The control point discovery feature allows CPD Requestors to determine the control point IP address between the CPD Requestor and the media endpoint.

Using Networking Layer Signaling (NLS), the control point discovery feature sends a CPD message towards the end point (MTA). The edge/aggregation device (CMTS), located between the requestor and the endpoint, will respond to the message with its IP address.


Note


For Lawful Intercept, it is important that the endpoint does not receive the CPD message. In this instance, the CMTS responds to the message without forwarding it to its destination.

CPD Protocol Hierarchy

CPD messages are sent over the NLS.

The CPD Protocol Hierarchy is as follows:

  1. CPD
  2. NLS
  3. UDP
  4. IP

Note


Since NLS is implemented on the UDP protocol, there is a potential of message loss. If messages are lost, the controller will re-send the CPD request in any such event.

Control Relationship

A control relationship between a control point and a controller is identified as a function on a media flow that passes through a control point. A control relationship is uniquely defined by a control relationship type (CR TYPE) and control relationship ID (CR ID). The CR ID is provisioned on CMTS as well as the controller.

The table lists the supported CR TYPEs and corresponding pre-defined CR IDs

Table 2. Supported Control Relationship Types and Corresponding Control Relationship IDs

Control Relationship Type

Pre-Defined Corresponding Control Relationship ID

CR TYPE = 1 (Lawful Intercept)

CR ID = 1: CMTS

CR ID = 2: Aggregation router or switch in front of CMTS

CR ID = 3: Aggregation router or switch in front of Media Services

CR ID = 4: Media Gateway

CR ID = 5: Conference Server

CR ID = 6: Other

CR TYPE = 2 (DQoS)

CR ID = 1: CMTS

CR TYPE = 3 (PCMM)

CR ID = 1: CMTS

How to Configure CPD

Enabling CPD Functionality

To enable the CPD functionality, use the cpd command in global configuration mode. The CPD message authentication is determined by NLS configuration.

Before you begin

The CPD message authentication is determined by NLS configuration.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

cpd

Example:


Router (config)# cpd

Enables CPD functionality

  • Us the “no” form of this command to disable CPD functionality.

Step 4

end

Example:


Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples for CPD Enable

The following example shows the cpd enabled on a router:


Router (config)# cpd

Debugging CPD Functionality

To debug the CPD feature, use the debug cpd command in privileged EXEC mode. To disable debugging, use the no form of this command.

Configuring Control Relationship Identifier

To configure a Control relationship identifier (CR ID) for CMTS, use the cpd cr-id command. When CPD request comes with a wild-card CR ID, the CMTS will respond with this configured value.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

cpd cr-id

Example:


Router (config)# cpd cr-id 100

Configures a control relationship identifier (CR ID) for CMTS.

Step 4

end

Example:


Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the cpd cr-id command configured with a cr-id number of 100 on a router.


Router (config)# cpd cr-id 100

Enabling NLS Functionality

To enable the NLS functionality, use the nls command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

nls

Example:


Router (config)# nls

Enables NLS functionality.

  • NLS authentication is optional.
  • It is recommended that NLS message authentication be enabled at all times.

Step 4

end

Example:


Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls command enbaled on a router.


Router (config)# nls

Debugging NLS Functionality

To debug the NLS feature, use the debug nls command in privileged EXEC mode. To disable debugging, use the no form of this command.

Configuring Authorization Group Identifier and Authentication Key

The Authorization Group Identifier (AG ID) and corresponding authorization key are provisioned on CMTS, as well as on controller/CPD requester.

To configure the Authorization Group Identifier and Authentication Key, use the nls ag-id command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

nls ag-id

Example:


Router (config)# nls ag-id 100 auth-key 20

Configures the Authorization Group Identifier and Authentication Key.

Step 4

end

Example:


Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls ag-id command with an Authorization Group ID of 100 and Authentication Key of 20.


Router (config)# nls ag-id 100 auth-key 20

Configuring NLS Response Timeout

The NLS response timeout governs the time CMTS will wait for getting a response for a NLS authentication request.

To configure the NLS response timeout, use the nls ag-id command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

nls resp-timeout

Example:


Router (config)# nls resp-timeout 60

Configures the NLS response time.

Step 4

end

Example:


Router# end

Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls resp-timeout command with a response timeout setting of 60 seconds.


Router (config)# nls resp-timeout 60

Additional References

The following sections provide references related to the CPD feature.

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Control Point Discovery

Use Cisco Feature Navigator to find information about the platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to the www.cisco.com/go/cfn link. An account on the Cisco.com page is not required.


Note


The following table lists the software release in which a given feature is introduced. Unless noted otherwise, subsequent releases of that software release train also support that feature.


Table 3. Feature Information for Control Point Discovery

Feature Name

Releases

Feature Information

Control Point Discovery

Cisco IOS XE Everest 16.6.1

This feature was integrated into Cisco IOS XE Everest 16.6.1 on theCisco cBR Series Converged Broadband Routers.