Control Point Discovery on the Cisco CMTS Routers
First
Published: February 14, 2008
Last Updated:
December 17, 2008
 Note |
Cisco IOS
Release 12.2(33)SCA integrates support for this feature on the Cisco CMTS
routers. This feature is also supported in Cisco IOS Release 12.3BC, and this
document contains information that references many legacy documents related to
Cisco IOS 12.3BC. In general, any references to Cisco IOS Release 12.3BC also
apply to Cisco IOS Release 12.2SC.
|
This document
describes the Control Point Discovery (CPD) feature. This feature, along with
Network Layer Signaling (NLS), enables automatic discovery of any control point
associated with an end point.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/. An account on http://www.cisco.com/ is not required.
Prerequisites for Control Point Discovery
The Control Point Discovery feature is supported on the Cisco CMTS
routers in Cisco IOS Release 12.3BC and 12.2SC. The table shows the hardware
compatibility prerequisites for this feature.
Table 1 Control Point Discovery Hardware Compatibility Matrix
CMTS Platform
|
Processor Engine
|
Cable Interface Cards
|
Cisco uBR10012 Universal Broadband Router
|
Cisco IOS Release 12.2(33)SCA
|
Cisco IOS Release 12.2(33)SCA
|
Cisco uBR7246VXR Universal Broadband Router
|
Cisco IOS Release 12.2(33)SCA
|
Cisco IOS Release 12.2(33)SCA
- Cisco uBR-MC28U/X
- Cisco uBR-MC16U/X
|
Cisco uBR7225VXR Universal Broadband Router
|
Cisco IOS Release 12.2(33)SCA
|
Cisco IOS Release 12.2(33)SCA
- Cisco uBR-E-28U
- Cisco uBR-E-16U
- Cisco uBR-MC28U/X
- Cisco uBR-MC16U/X
|
Restrictions for Control Point Discovery
-
The CPD feature does not sync any dynamic CPD/NLS related data between the route processors (RPs). After sending a NLS challenge to the controller, the new active PRE will ignore the NLS response as a result of any RP switchover.
-
The CPEs become inaccessible for a small duration during line card switchovers. During this interval, any CPD request received on CMTS will be responded to as if the endpoint is not connected or as if the control relationship is not supported.
-
The CPD functionality is restricted to default VPN table id (0).
-
Only manual configuration of NLS authentication pass phrase would be supported for CPD/NLS security.
-
For NLS authentication, HMAC SHA1 (no configuration option) is used with MAC length truncated to 96 bits.
Information About Control Point Discovery
To configure the Control Point Discovery feature, you should understand
the following concepts:
Control Points
Control points are points in a network that can be used to apply certain functions and controls for a media stream. In a cable environment, the control points are Cable Modem Termination Systems (CMTS) and devices that utilizes these control points are referred to as CPD Requestors (or controllers).
Cable CPD Requestors include the following:
-
Call Management Server (CMS)
-
Policy Server (PS)
-
Mediation Device for Lawful Intercept (MD)
Network Layer Signaling (NLS)
Network Layer Signaling (NSL) is an on-path request protocol used to carry topology discovery and other requests in support of various applications. In the CPD feature, NLS is used to transport CPD messages.
NLS for CPD
NLS is used to transport CPD messages. The CPD data is carried under an application payload of the NLS and contains a NLS header with flow id. The NLS flow id is used during NLS authentication to uniquely identify the CPD requests and responses for an end point of interest.
NLS Flags
All NLS headers contain bitwise flags. The CMTS expects the following NLS flag settings for CPD applications:
-
HOP-BY-HOP = 0
-
BUILD-ROUTE = 0
-
TEARDOWN = 0
-
BIDIRECTOINAL = 0
-
AX_CHALLANGE = 0/1
-
AX_RESPONSE = 0/1
 Note |
Any requests with flags other then AX flags, set to one will be rejected with an error indicating a poorly formed message.
|
NLS TLVs
The following NLS TLVs are supported for all CPD applications:
-
APPLICATION_PAYLOAD
-
IPV4_ERROR_CODE
-
IPV6_ERROR_CODE
-
AGID
-
A_CHALLENGE
-
A_RESPONSE
-
B_CHALLENGE
-
B_RESPONSE
-
AUTHENTICATION
-
ECHO
The following NLS TLVs are not supported for CPD applications:
-
NAT_ADDRESS
-
TIMEOUT
-
IPV4_HOP
-
IPV6_HOP
Control Point Discovery
The control point discovery feature allows CPD Requestors to determine the control point IP address between the CPD Requestor and the media endpoint.
Using Networking Layer Signaling (NLS), the control point discovery feature sends a CPD message towards the end point (MTA). The edge/aggregation device (CMTS), located between the requestor and the endpoint, will respond to the message with its IP address.
 Note |
For Lawful Intercept, it is important that the endpoint does not receive the CPD message. In this instance, the CMTS responds to the message without forwarding it to its destination.
|
CPD Protocol Hierarchy
CPD messages are sent over the NLS.
The CPD Protocol Hierarchy is as follows:
-
CPD
-
NLS
-
UDP
-
IP
 Note |
Since NLS is implemented on the UDP protocol, there is a potential of message loss. If messages are lost, the controller will re-send the CPD request in any such event.
|
Control Relationship
A control relationship between a control point and a controller is
identified as a function on a media flow that passes through a control point. A
control relationship is uniquely defined by a control relationship type (CR
TYPE) and control relationship ID (CR ID). The CR ID is provisioned on CMTS as
well as the controller.
The table lists the supported CR TYPEs and corresponding pre-defined CR
IDs
Table 2 Supported Control Relationship Types and Corresponding Control
Relationship IDs
Control Relationship Type
|
Pre-Defined Corresponding Control Relationship ID
|
CR TYPE = 1 (Lawful Intercept)
|
CR ID = 1: CMTS
|
CR ID = 2: Aggregation router or switch in front of CMTS
|
CR ID = 3: Aggregation router or switch in front of Media
Services
|
CR ID = 4: Media Gateway
|
CR ID = 5: Conference Server
|
CR ID = 6: Other
|
CR TYPE = 2 (DQoS)
|
CR ID = 1: CMTS
|
CR TYPE = 3 (PCMM)
|
CR ID = 1: CMTS
|
How to Configure CPD
Enabling CPD Functionality
To enable the CPD functionality, use the cpd command in global
configuration mode. The CPD message authentication is determined by NLS
configuration.
Before You Begin
The CPD message authentication is determined by NLS configuration.
| Command or Action | Purpose |
---|
Step 1 | enable
Example:
Router> enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 | configure
terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 | cpd
Example:
Router (config)# cpd
|
Enables CPD functionality
- Us the “no” form of this command to disable CPD functionality.
|
Step 4 | end
Example:
Router# end
|
Exits global configuration mode and enters privileged EXEC mode.
|
Examples for CPD Enable
The following example shows the cpd enabled on a router:
Router (config)# cpd
Configuring
Control Relationship Identifier
To configure a
Control relationship identifier (CR ID) for CMTS, use the cpd cr-id command.
When CPD request comes with a wild-card CR ID, the CMTS will respond with this
configured value.
| Command or Action | Purpose |
---|
Step 1 | enable
Example:
Router> enable
|
Enables
privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 | configure
terminal
Example:
Router# configure terminal
|
Enters global
configuration mode.
|
Step 3 | cpd
cr-id
Example:
Router (config)# cpd cr-id 100
|
Configures a
control relationship identifier (CR ID) for CMTS.
|
Step 4 | end
Example:
Router# end
|
Exits global
configuration mode and enters privileged EXEC mode.
|
Examples
The following example shows the cpd cr-id command configured with a
cr-id number of 100 on a router.
Router (config)# cpd cr-id 100
Enabling NLS
Functionality
To enable the NLS
functionality, use the nls command in global configuration mode. It is
recommended that NLS message authentication be enabled at all times.
| Command or Action | Purpose |
---|
Step 1 | enable
Example:
Router> enable
|
Enables
privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 | configure
terminal
Example:
Router# configure terminal
|
Enters global
configuration mode.
|
Step 3 | nls
Example:
Router (config)# nls
|
Enables NLS
functionality.
- NLS
authentication is optional.
- It is
recommended that NLS message authentication be enabled at all times.
|
Step 4 | debug
nls
Example:
Router# debug nls
|
Enables NLS
debug functionality.
|
Step 5 | end
Example:
Router# end
|
Exits global
configuration mode and enters privileged EXEC mode.
|
Examples
The following example shows the nls command enbaled on a router.
Router (config)# nls
Configuring
Authorization Group Identifier and Authentication Key
The Authorization
Group Identifier (AG ID) and corresponding authorization key are provisioned on
CMTS, as well as on controller/CPD requester.
To configure the
Authorization Group Identifier and Authentication Key, use the nls ag-id
command in global configuration mode. It is recommended that NLS message
authentication be enabled at all times.
| Command or Action | Purpose |
---|
Step 1 | enable
Example:
Router> enable
|
Enables
privileged EXEC mode.
- Enter your password if
prompted.
|
Step 2 | configure
terminal
Example:
Router# configure terminal
|
Enters global
configuration mode.
|
Step 3 | nls
ag-id
Example:
Router (config)# nls ag-id 100 auth-key 20
|
Configures
the Authorization Group Identifier and Authentication Key.
|
Step 4 | debug
nls
Example:
Router (config)# debug nls
|
Enables NLS
debug functionality.
|
Step 5 | end
Example:
Router# end
|
Exits global
configuration mode and enters privileged EXEC mode.
|
Examples
The following example shows the nls ag-id command with an
Authorization Group ID of 100 and Authentication Key of 20.
Router (config)# nls ag-id 100 auth-key 20
Configuring NLS
Response Timeout
The NLS response
timeout governs the time CMTS will wait for getting a response for a NLS
authentication request.
To configure the
NLS response timeout, use the nls ag-id command in global configuration mode.
It is recommended that NLS message authentication be enabled at all times.
| Command or Action | Purpose |
---|
Step 1 | enable
Example:
Router> enable
|
Enables
privileged EXEC mode.
- Enter your password if
prompted.
|
Step 2 | configure
terminal
Example:
Router# configure terminal
|
Enters global
configuration mode.
|
Step 3 | nls
resp-timeout
Example:
Router (config)# nls resp-timeout 60
|
Configures
the NLS response time.
|
Step 4 | debug
nls
Example:
Router (config)# debug nls
|
Enables NLS
debug functionality.
|
Step 5 | end
Example:
Router# end
|
Exits global
configuration mode and enters privileged EXEC mode.
|
Examples
The following example shows the nls resp-timeout command with a
response timeout setting of 60 seconds.
Router (config)# nls resp-timeout 60
Additional References
The following sections provide references related to the CPD feature.
Related Documents
Related Topic
|
Document Title
|
CMTS features
|
-
Cisco IOS CMTS Cable Software Configuration Guide
-
Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators
-
Transparent LAN Service over Cable
-
Troubleshooting the System
|
MIBs
MIB
|
MIBs Link
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.
|
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
|
Standards
Standard
|
Title
|
Internet Draft, Network Layer Signaling: Transport Layer
|
Internet Draft, Network Layer Signaling: Transport Layer (IETF draft-shore-nls-tl-05.txt)
|
PacketCable™ Control Point Discovery Interface Specification
|
PacketCable™ Control Point Discovery Interface Specification (PKT-SP-CPD-I02-061013)
|
Technical Assistance
Description
|
Link
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
|
http://www.cisco.com/cisco/web/support/index.html
|
Feature
Information for Control Point Discovery
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://tools.cisco.com/ITDIT/CFN/. An account on http://www.cisco.com/ is not required.
 Note |
The below table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
|
Table 3 Feature
Information for Control Point Discovery
Feature
Name
|
Releases
|
Feature
Information
|
Control
Point Discovery
|
12.3(21a)BC3
|
The
control point discovery feature allows CPD Requestors to determine the control
point IP address between the CPD Requestor and the media endpoint.
The
following commands were introduced or modified by this feature:
- cpd
- cpd
cr-id
- debug
cpd
- debug
nls
- nls
- nls
ag-id
auth-key
- nls
resp-timeout
- show
cpd
- show
nls
- show
nls
ag-id
- show
nls
flow
|
Control
Point Discovery
|
12.2(33)SCA
|
This
feature was integrated into Cisco IOS Release 12.2(33)SCA. Support for the
Cisco uBR7225VXR Universal Broadband Router was added.
|