Creating DOCSIS Cable modem configuration files
Creating DOCSIS Cable modem configuration files
http://www.cmtsinfo.net/index.php?howto=cm_config
1)Basics
First one must obtain a program to convert text config files to binary DOCSIS format.
A free, console program is found here. Install as usual, problems with compilation are to be expected.. (docsis program last update was in 2006).
Another program can be downloaded from here(Windows only). It supports GUI and tree like view.
2) Basic settings
Our first file will just allow network acces and limit download/upload speeds:
Main
{
NetworkAccess 1; /* enables packet forwarding */
GlobalPrivacyEnable 0; /* disables BPI(encryption) */
UsServiceFlow /* creates an upstream service flow */
{
UsServiceFlowRef 1; /* SF number */
QosParamSetType 7; /* activates SF */
TrafficPriority 3; /* sets medium priority */
MaxRateSustained 128000; /* max upstream transfer rate - 128kb/s */
}
DsServiceFlow /* creates an downstream service flow */
{
DsServiceFlowRef 2; /* SF number */
QosParamSetType 7; /* activates SF */
TrafficPriority 3; /* sets medium priority */
MaxRateSustained 1000000; /* max downstream transfer rate - 1Mb/s */
}
}
Reader's comment: Please note that Ds/UsServiceRef numbers must be unique in cable modem config.
On Cisco CM with same Ds and UsServiceFlowRef will end up with reject(c) status.
3) Adding advanced parameters
This file includes DS frequency, US channel number, 1 classifier, 3 service flows and limits user devices connected to modem.
Main
{
NetworkAccess 1; /* enables packet forwarding */
GlobalPrivacyEnable 0; /* disables BPI(encryption) */
DownstreamFrequency 410000000; /* sets DS frequency to 410MHz */
UpstreamChannelId 3; /* sets 3rd US channel */
MaxCPE 3; /* allows max 3 user devices */
CpeMacAddress 00:00:00:00:00:00; /* device #1 MAC is 00:00... */
CpeMacAddress 11:11:11:11:11:11; /* device #2 MAC is 11:11... */
DsPacketClass
{
ClassifierRef 2; /* Classifier number */
ServiceFlowRef 4; /* forwards packets using SF #4 */
RulePriority 3; /* Low priority classifier */
ActivationState 1; /* enables classifier */
IpPacketClassifier
{
IpTos 0x0808ff; /* matches ToS 0x08 */
}
}
UsServiceFlow
{
UsServiceFlowRef 1; /* SF number */
QosParamSetType 7; /* activates SF */
TrafficPriority 3; /* sets medium priority */
MaxRateSustained 128000; /* max transfer rate - 128kb/s */
}
DsServiceFlow
{
DsServiceFlowRef 2; /* SF number */
QosParamSetType 7; /* activates SF */
TrafficPriority 3; /* sets medium priority */
MaxRateSustained 1000000; /* max transfer rate - 1Mb/s */
}
DsServiceFlow
{
DsServiceFlowRef 4; /* SF number */
QosParamSetType 7; /* activates SF */
TrafficPriority 3; /* sets medium priority */
MaxRateSustained 2000000; /* max transfer rate - 2Mb/s */
}
}
4) Global Parameters explained
| Name | Description | Values |
|---|---|---|
| NetworkAccess | Controlls whether modem forwards data between USB/Ethernet and RF interfaces | 0 - forwarding disabled 1 - forwarding enabled |
| GlobalPrivacyEnable | Enables BPI(encryption on RF interface) | 0 - disables BPI 1 - enables BPI |
| DownstreamFrequency | Specifies downstream channel frequency in Hz | Frequency in HZ |
| UpstreamChannelId | Specifies the upstream channel number for that downstream | Desired upstream channel number |
| MaxCPE | Number of MAC addresses(computers, network devices), that modem will learn and forward packets from. This includes managed switches, APs etc. | Number of such devices |
| CpeMacAddress | Specifies MAC address of a computer/device. Number of CpeMacAddress commands must be less or equal MaxCPE. Usefull when you don't want the modem to learn Access point's IP address | MAC address of one device |
| MaxClassifiers | Maximum number of admitted and active upstream classifiers, that modem is allowed to have | |
| DocsisTwoEnable | Enables DOCSIS 2.0 | 0 - disabled, 1 - enabled |
| GenericTLV | Allows to enter TLVs unsupported by program | Sytnax: TlvCode XXX TlvLength X TlvValue 0xXX |
| SwUpgradeFilename | Specifies firmware filename on TFTP server. | "filename" |
| SwUpgradeServer | Specifies TFTP server IP address | IP address |
| SnmpMibObject | Specifies OID to set | Syntax: OID type value |
| SnmpWriteControl | ||
| MfgCVCData | Producers certificate used for firmware upgrade. | Must be used several times to represent whole certificate. Can specify 254 hex chars max at a time. |
| MtaConfigDelimiter |
Note: to create Mfg CVC Data, take mfg cert and then:
hexdump -v -e ' 2/1 "%02X" ' -n 254 cert.cer
The complete MfgCVCData option would be MfgCVCData 0xOUTPUT_FROM_ABOVE;
To create next portion just skip first 254 chars with -s:
hexdump -v -e ' 2/1 "%02X" ' -n 254 -s 254 cert.cer
Increase -s by 254 for next portions.
5)Service flow parameters explained
General SF parameters:
| Name | Description | Values |
|---|---|---|
| QosParamSetType | Quality of Service Parameter Set Type. Describes whether service flow is: Provisioned, Admitted and Active. Bit0 - Provisioned flag, Bit1 - Admitted flag, Bit2 - Active flag. For a servce flow to be working all 3 bits must be set to 1. Binary 111 equals 7 deciminal. | 7 - Active other - disabled |
| TrafficPriority | Sets priority for packets matching that service flow. CMTS should serve first SFs with higher priority. | 0 - lowest (default) 7 - highest |
| MaxRateSustained | Maximal transfer speed in b/s. | Speed in b/s |
| MaxTrafficBurst | Specifies how much data can be sent in one burst. | Value in bytes |
| MinReservedRate | Minimal bandwidth reserverd for that service flow | Speed in b/s |
| MinResPacketSize | Used for calculating minreserved rate, when smaller packets are sent, size from this field is taken for calculations instead of actual packet size. | Size in bytes. |
| ActQosParamsTimeout | Specifies how long CMTS reserves resources for that(active) service flow. | Value in seconds. |
| AdmQosParamsTimeout | Specifies how long CMTS reserves resources for that(admitted) service flow. | Value in seconds. |
| ServiceClassName | Specifies service class which that servce flow is part of | "service_class_name" |
Downstream specific parameters:
| Name | Description | Values |
|---|---|---|
| DsServiceFlow | Creates downstream service flow | none |
| DsServiceFlowRef | Number of downstream service flow - must match ServiceFlowRef in packet clasifiers(if exists). Service flows with lowest numbers are taken as default - no classifiers needed there. | any number (1-65535) |
| MaxDsLatency | Sprecifies maximal time between reception of packet and forwarding it to RF interface on t-he CMTS | Value in micro seconds. |
Upstream specific parameters:
| Name | Description | Values |
|---|---|---|
| UsServiceFlow | Creates upstream service flow | none |
| UsServiceFlowRef | Number of upstream service flow - must match ServiceFlowRef in packet clasifiers(if exists). Service flows with lowest numbers are taken as default - no classifiers needed there. | any number (1-65535) |
| MaxConcatenatedBurst | Maximum data in bytes to be transmited in one concatenation burst | Size in bytes, default 1522 |
| SchedulingType | Scheduling type to be used in service flow | 2- Best effort, 3 - Non-Real-Time Polling, 4 - Real-Time Polling, 5 - Unsolicited Grant Service with Activity Detection, 6 - Unsolicited Grant Service |
| RequestOrTxPolicy | Request/Transmission Policy - specifies behaviour of a serice flow | There are 16 bits numbered from 15 to 0. Bit0 disables all cm opportunities, bit1 disables Priority Request multicast opportunities, bit2 disables Request/Data opportunities for Requests bit3 same for data, bit4 disables piggyback requests with data, bit5 disables concatenation, bit6 disables fragmentation, bit7 disables payload header suppression, bit8 enables droping of packets that do not fit in the Unsolicited Grant. Example: 0x000001ff; Size |
| IpTosOverwrite | Enables overwriting ToS values for matchin packets | New ToS=(Old Tos AND AA) OR OO,example: 0xAAOO |
I've purposely omited information about other sheduling types: UGS, UGS with AD, non real-time polling, real-time polling.
Test revealed that they are only useful with VOIP and/or streaming video. One may use source ip or destination port based classifier to capture voip traffic and limit UP- and down-stream service flows to no more than 128k. Since its uselles for browsing the internet no one should exploit that SF. With streaming video destiantion IP of video server must be known because high speed, low latency connection is VERY likely to be exploited if unprotected properly. It might be good idea for voip to create separate IP address class for voip gateways and create best effort service flows with highest traffic priority. Adding MinReservedRate may give even better results.
6)Classifies
IP and port based classifier
UsPacketClass {
ServiceFlowRef 3;
ClassifierRef 11;
RulePriority 68;
ActivationState 1;
IpPacketClassifier { /* Matches: */
IpSrcAddr 192.168.0.0; /* source IPs from 192.168.0.0 */
IpSrcMask 255.255.255.0; /* to 192.168.0.255 */
SrcPortStart 1024; /* source ports from 1024 */
SrcPortEnd 2000; /* to 2000 */
IpDstAddr 113.206.95.144; /* destination IPs from 113.206.95.144 */
IpDstMask 255.255.255.248; /* to 113.206.95.151 */
DstPortStart 80; /* destination port 80 */
DstPortEnd 80;
IpProto 6; /* TCP protocol */
}
}
MAC address based classifier
UsPacketClass {
ServiceFlowRef 3;
ClassifierRef 11;
RulePriority 68;
ActivationState 1;
LLCPacketClassifier {
SrcMacAddress 00:11:22:33:44:55 /* Matches that MAC address */
}
}
General classifier parameters:
| Name | Description | Values |
|---|---|---|
| DsPacketClass | Creates downstream classifier | none |
| UsPacketClass | Creates upstream classifier | none |
| ClassifierRef | Number of classifier, must be unique in config file | any number (1-255) |
| ServiceFlowRef | ServiceFlowRef - number of service flow, which is used if packets matches that classifier. | Number of existing SF |
| RulePriority | Specifies the priority for the classifier. Higher number - higher priority. Classifiers with higher priority are checked first. | any number (0-255) |
| ActivationState | Enables classfier | 1 - enabled,0 - disabled? |
| DscAction | What to do with classifier when Dynamic Service Change Request is recived | 0 - Add clasifier,1 - replace classifier, 2 - delete classifier |
IP classifier parameters:
| Name | Description | Values |
|---|---|---|
| IpPacketClassifier | Creates IP classifier match | none |
| IpTos | Matches ToS values | 0xLLHHMM, where LL - low tos, HH -high tos, MM - tos mask. Matches packets, where LL >= (tos AND MM) <= HH. |
| IpSrcAddr | Matches source IP | IP address |
| IpSrcMask | Specifies source mask. Match = SrcIP AND SrcMask | IP address |
| IpDstAddr | Matches destination IP | IP address |
| IpDstMask | Specifies destination mask. Match = DstIP AND DstMask | IP address |
| SrcPortStart | Matches source ports staring from that value | 0(default)-65535 |
| SrcPortEnd | Matches source ports ending on that value | 0-65535(default) |
| DstPortStart | Matches destination ports staring from that value | 0(default) - 65535 |
| DstPortEnd | Matches destination ports ending on that value | 0-65535(default) |
| IpProto | Matches IP protocol | 1 - ICMP, 6 - TCP, 17- UDP 256 - any, 257 - TCP+UDP, 0 - ignore this field |
LLC classifier parameters:
| Name | Description | Values |
|---|---|---|
| LLCPacketClassifier | Creates LLC(MAC) classifier match | none |
| DstMacAddress | Matches destination MAC | MAC address |
| SrcMacAddress | Matches source MAC | MAC address |
| EtherType | Matches ethertype | Ethertype in hex |
802.1q classifier parameters:
| Name | Description | Values |
|---|---|---|
| IEEE802Classifier | Creates 802.1P/Q classifier match | none |
| UserPriority | Matches priority field | 0-7 |
| VlanID | Matches vlan ID field | 0-4095 |
IP, LLC and IEEE802 matches may be used together in one classifier.
7) SNMP parameters for use in docsis configuration files
SNMP v1 access table:
Allows read-only access for community string some_password from 192.168.0.1/24 coming only from RF interface of a CM.
.1 means that it's first entry - remember to change when adding more.
SnmpMibObject docsDevNmAccessStatus.1 Integer 4; /* createAndGo */ SnmpMibObject docsDevNmAccessIp.1 IPAddress 192.168.0.1 ; SnmpMibObject docsDevNmAccessIpMask.1 IPAddress 255.255.255.0 ; SnmpMibObject docsDevNmAccessControl.1 Integer 2; /* read */ SnmpMibObject docsDevNmAccessInterfaces.1 HexString 0x40; SnmpMibObject docsDevNmAccessCommunity.1 String "some_password" ;
Nmaccess entries explained:
| Name | Description | Values |
|---|---|---|
| docsDevNmAccessStatus | Configures row creation and it's activation | 1 - active, 2 - inactive, 4 - create and activate, 5 - create and deactivate, 6 - delete. Stick wtih 4. |
| docsDevNmAccessIp | Specifies source IP of a SNMP query matching this rule. | IP address |
| docsDevNmAccessIpMask | Specifies source IP mask of a SNMP query matching this rule. | mask address |
| docsDevNmAccessControl | Specifies access privileges | 2 - RO, 3 - RW, 4 - RO with traps, 5 - RW with traps, 6 - traps |
| docsDevNmAccessInterfaces | Specifies matching interface | 0x40 - cable, 0x80 - ethernet, 0xC0,0x00 - both |
| docsDevNmAccessCommunity | Specifies the community string | "desired_community_string" |
Firewall rule:
This firewall rule prevents users from sending mail using port 25(SMTP).
Note that by setting docsDevFilterIpDefault to 2(drop) one can allow only selected traffic insted of droping it.
SnmpMibObject docsDevFilterIpControl.7 Integer 1; /* discard */ SnmpMibObject docsDevFilterIpIfIndex.7 Integer 0 ; SnmpMibObject docsDevFilterIpDirection.7 Integer 3; /* both */ SnmpMibObject docsDevFilterIpBroadcast.7 Integer 2; /* false */ SnmpMibObject docsDevFilterIpSaddr.7 IPAddress 0.0.0.0 ; SnmpMibObject docsDevFilterIpSmask.7 IPAddress 0.0.0.0 ; SnmpMibObject docsDevFilterIpDaddr.7 IPAddress 0.0.0.0 ; SnmpMibObject docsDevFilterIpDmask.7 IPAddress 0.0.0.0 ; SnmpMibObject docsDevFilterIpProtocol.7 Integer 6 ; SnmpMibObject docsDevFilterIpSourcePortLow.7 Integer 0 ; SnmpMibObject docsDevFilterIpSourcePortHigh.7 Integer 65535 ; SnmpMibObject docsDevFilterIpDestPortLow.7 Integer 25 ; SnmpMibObject docsDevFilterIpDestPortHigh.7 Integer 25 ; SnmpMibObject docsDevFilterIpStatus.7 Integer 4; /* createAndGo */
Notable parameters
| Name | Description | Values |
|---|---|---|
| docsDevFilterIpControl | Discards or accepts the traffic | 1 - discard, 2 - accept |
| docsDevFilterIpDirection | Specifies the direction of packet to match. | 1 - incoming, 2 - outgoing, 3 - both directions |
| docsDevFilterIpBroadcast | Matches ONLY broadcast traffic. | 1 - yes, 0 - no |
Other:
Specifies maximal number of source IPs that modem is forwarding from Ethernet and USB interfaces.
WARNING: Undesired operation on some modems - allows only 1 IP per MAC address. This may sound good but PCs get modem assigned(192.168.100.X) and windows private IPs all the time. Result: no network access.
SnmpMibObject docsDevCpeIpMax.0 Integer 3 ;
8) Other configuarion parameters
Currently other parameters are only listed. Will write descriptions when there's time.
Baseline Privacy, must be turned on by GlobalPrivacyEnable.
| Name | Description | Values |
|---|---|---|
| SAMapWaitTimeout | ||
| SAMapMaxRetries | ||
| BaselinePrivacy | Specifies BPI options | none - tree |
| AuthTimeout | ||
| ReAuthTimeout | ||
| AuthGraceTime | ||
| ReKeyTimeout | ||
| TEKGraceTime | ||
| AuthRejectTimeout |
SNMPv3 specific:
| Name | Description | Values |
|---|---|---|
| SnmpV3Kickstart | Specifies SNMPv3 engine options | none - tree |
| SnmpV3SecurityName | ||
| SnmpV3MgrPublicNumber |
| Name | Description | Values |
|---|---|---|
| SnmpV3TrapReceiver | Specifies SNMPv3 traps settings | none - tree |
| SnmpV3TrapRxIP | ||
| SnmpV3TrapRxPort | ||
| SnmpV3TrapRxType | ||
| SnmpV3TrapRxTimeout | ||
| SnmpV3TrapRxRetries | ||
| SnmpV3TrapRxFilterOID | ||
| SnmpV3TrapRxSecurityName | "security_name" |
PHS - Payload header supression:
| Name | Description | Values |
|---|---|---|
| PHS | Specifies PHS options | none - tree |
| PHSClassifierRef | ||
| PHSClassifierId | ||
| PHSServiceFlowRef | ||
| PHSServiceFlowId | ||
| PHSField | ||
| PHSIndex | ||
| PHSMask | ||
| PHSSize | ||
| PHSVerify |
Vendor specific:
| Name | Description | Values |
|---|---|---|
| VendorSpecific | Specifies vendor specific options | none - tree |
| VendorIdentifier | Specifies vendor identifier | vendor id - 0xIIIIII |
Modem Capabilities:
Everything shuld be enabled by default so use it only to disable things.
| Name | Description | Values |
|---|---|---|
| ModemCapabilities | Starts the tree | none |
| ConcatenationSupport | ||
| ModemDocsisVersion | ||
| FragmentationSupport | ||
| PHSSupport | ||
| IGMPSupport | ||
| BaselinePrivacySupport | ||
| DownstreamSAIDSupport | ||
| UpstreamSIDSupport | ||
| DCCSupport | ||
| SubMgmtControl | ||
| SubMgmtFilters |