12/12/2009

Howto linux, CMTS

CMTS info
H e l p f u l l i n u x a n d DO C S IS / C M TS h o w t o s a n d t i p s

Start

Howtos

Links

Contact

Creating DOCSIS Cable modem configuration files

1)Basics
First one must obtain a program to convert text config files to binary DOCSIS format. A free, console program is found here. Install as usual, problems with compilation are to be expected.. (docsis program last update was in 2006). Another program can be downloaded from here(Windows only). It supports GUI and tree like view.

Latest articles:
DHC PD: auto upgrade C M SW Upgrading C M software DOC SIS conf files ARRIS - SNMP

Contact:
email: [email protected]

2) Basic settings
Our first file will just allow network acces and limit download/upload speeds: Main { NetworkAccess 1; GlobalPrivacyEnable 0; UsServiceFlow { UsServiceFlowRef 1; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 128000; } DsServiceFlow { DsServiceFlowRef 1; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 1000000; } }

w3c

/* enables packet forwarding */ /* disables BPI(encryption) */ /* creates an upstream service flow */ /* /* /* /* SF number */ activates SF */ sets medium priority */ max upstream transfer rate - 128kb/s */

/* creates an downstream service flow */ /* /* /* /* SF number */ activates SF */ sets medium priority */ max downstream transfer rate - 1Mb/s */

3) Adding advanced parameters

This file includes DS frequency, US channel number, 1 classifier, 3 service flows and limits user devices connected to modem. Main { NetworkAccess 1; GlobalPrivacyEnable 0; DownstreamFrequency 410000000; UpstreamChannelId 3; MaxCPE 3; CpeMacAddress 00:00:00:00:00:00; CpeMacAddress 11:11:11:11:11:11; DsPacketClass {

/* /* /* /* /* /* /*

enables packet forwarding */ disables BPI(encryption) */ sets DS frequency to 410MHz */ sets 3rd US channel */ allows max 3 user devices */ device #1 MAC is 00:00... */ device #2 MAC is 11:11... */

http://cmtsinfo.net/index.php?howto=

1/9

12/12/2009
ClassifierRef 2; ServiceFlowRef 4; RulePriority 3; ActivationState 1; IpPacketClassifier { IpTos 0x08fc08; } } UsServiceFlow { UsServiceFlowRef 1; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 128000; } DsServiceFlow { DsServiceFlowRef 2; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 1000000; } DsServiceFlow { DsServiceFlowRef 4; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 2000000; } } /* /* /* /*

Howto linux, CMTS

Classifier number */ forwards packets using SF #4 */ Low priority classifier */ enables classifier */

/* matches ToS 0x08 */

/* /* /* /*

SF number */ activates SF */ sets medium priority */ max transfer rate - 128kb/s */

/* /* /* /*

SF number */ activates SF */ sets medium priority */ max transfer rate - 1Mb/s */

/* /* /* /*

SF number */ activates SF */ sets medium priority */ max transfer rate - 2Mb/s */

4) Global Parameters explained

Name
NetworkAccess

Description
Controlls whether modem forwards data between USB/Ethernet and RF interfaces Enables BPI(encryption on RF interface) Specifies downstream channel frequency in Hz Specifies the upstream channel number for that downstream Number of M AC addresses(computers, network devices), that modem will learn and forward packets from. This includes managed switches, APs etc. Sp ecifies M AC address of a computer/device. Number of Cp eM acAddress commands must be less or equal MaxCPE. Usefull when y ou don't want the modem to learn Access p oint's IP address M aximum number of admitted and active upstream classifiers, that modem is allowed to have Enables DOCSIS 2.0

Values
0 - forwarding disabled 1 - forwarding enabled 0 - disables BPI 1 - enables BPI Frequency in HZ Desired upstream channel number

GlobalPrivacyEnable DownstreamFrequency UpstreamChannelId

M axCPE

Number of such devices

Cp eM acAddress

M AC address of one device

M axClassifiers DocsisTwoEnable

0 - disabled, 1 - enabled Sytnax: TlvCode XXX TlvLength X TlvValue 0xXX "filename" IP address Syntax: OID ty pe value

GenericTLV

Allows to enter TLVs unsupp orted by program

SwUpgradeFilename SwUp gradeServer Snmp M ibObject SnmpWriteControl

Sp ecifies firmware filename on TFTP server. Specifies TFTP server IP address Specifies OID to set

M ust be used several times to rep resent whole

http://cmtsinfo.net/index.php?howto=

2/9

12/12/2009
MfgCVCData

Howto linux, CMTS

Producers certificate used for firmware up grade.

to rep resent whole certificate. Can specify 254 hex chars max at a time.

M taConfigDelimiter Note: to create Mfg CVC Data, take mfg cert and then: hexdump -v -e ' 2/1 "%02X" ' -n 254 cert.cer The complete MfgCVCData option would be MfgCVCData 0xOUTPUT_FROM_ABOVE; To create next portion just skip first 254 chars with -s: hexdump -v -e ' 2/1 "%02X" ' -n 254 -s 254 cert.cer Increase -s by 254 for next portions.

5)Service flow parameters explained

General SF parameters:
Name Description
Quality of Service Parameter Set Ty pe. Describes whether service flow is: Provisioned, Admitted and Active. Bit0 Provisioned flag, Bit1 - Admitted flag, Bit2 - Active flag. For a servce flow to be working all 3 bits must be set to 1. Binary 111 equals 7 deciminal. Sets priority for packets matching that service flow. CM TS should serve first SFs with higher priority. M aximal transfer sp eed in b/s. Specifies how much data can be sent in one burst. M inimal bandwidth reserverd for that service flow Used for calculating minreserved rate, when smaller packets are sent, size from this field is taken for calculations instead of actual packet size. Sp ecifies how long CM TS reserves resources for that(active) service flow. Sp ecifies how long CM TS reserves resources for that(admitted) service flow. Specifies service class which that servce flow is p art of

Values
7 - Active other - disabled

QosParamSetTyp e

TrafficPriority M axRateSustained M axTrafficBurst M inReservedRate

0 - lowest (default) 7 - highest Speed in b/s Value in bytes Speed in b/s

M inResPacketSize

Size in by tes.

ActQosParamsTimeout

Value in seconds.

AdmQosParamsTimeout ServiceClassName

Value in seconds. "service_class_name"

Downstream specific parameters:

Name
DsServiceFlow

Description
Creates downstream service flow Number of downstream service flow - must match ServiceFlowRef in p acket clasifiers(if exists). Service flows with lowest numbers are taken as default no classifiers needed there.

Values
none any number (165535) Value in micro seconds.

DsServiceFlowRef

M axDsLatency

Sprecifies maximal time between reception of p acket and forwarding it to RF interface on t-he CM TS

Upstream specific parameters:

Name
UsServiceFlow

Description
Creates up stream service flow

Values
none

http://cmtsinfo.net/index.php?howto=

3/9

12/12/2009
Number of upstream service flow - must match ServiceFlowRef in packet clasifiers(if exists). Service flows with lowest numbers are taken as default - no classifiers needed there. Maximum data in by tes to be transmited in one concatenation burst Scheduling typ e to be used in service flow

Howto linux, CMTS

UsServiceFlowRef

any number (1-65535)

M axConcatenatedBurst

Size in bytes, default 1522

SchedulingType

2- Best effort, 3 - Non-Real-Time Polling, 4 - Real-Time Polling, 5 - Unsolicited Grant Service with Activity Detection, 6 - Unsolicited Grant Service There are 16 bits numbered from 15 to 0. Bit0 disables all cm op portunities, bit1 disables Priority Request multicast opp ortunities, bit2 disables Request/Data opportunities for Requests bit3 same for data, bit4 disables piggy back requests with data, bit5 disables concatenation, bit6 disables fragmentation, bit7 disables p ay load header supp ression, bit8 enables droping of packets that do not fit in the Unsolicited Grant. Examp le: 0x000001ff; Size New ToS=(Old Tos AND AA) OR OO,example: 0xAAOO

RequestOrTxPolicy

Request/Transmission Policy - sp ecifies behaviour of a serice flow

IpTosOverwrite

Enables overwriting ToS values for matchin p ackets

I've purposely omited information about other sheduling types: UGS, UGS w ith AD, non real-time polling, real-time polling. Test revealed that they are only useful with VOIP and/or streaming video. One may use source ip or destination port based classifier to capture voip traffic and limit UPand down-stream service flows to no more than 128k. Since its uselles for browsing the internet no one should exploit that SF. With streaming video destiantion IP of video server must be known because high speed, low latency connection is VERY likely to be exploited if unprotected properly. It might be good idea for voip to create separate IP address class for voip gateways and create best effort service flows with highest traffic priority. Adding MinReservedRate may give even better results.

6)Classifies

IP and port based classifier

UsPacketClass { ServiceFlowRef 3; ClassifierRef 11; RulePriority 68; ActivationState 1; IpPacketClassifier { IpSrcAddr 192.168.0.0; IpSrcMask 255.255.255.0; SrcPortStart 1024; SrcPortEnd 2000; IpDstAddr 113.206.95.144; IpDstMask 255.255.255.248; DstPortStart 80; DstPortEnd 80; IpProto 6; } }

/* /* /* /* /* /* /* /*

Matches: */ source IPs from 192.168.0.0 */ to 192.168.0.255 */ source ports from 1024 */ to 2000 */ destination IPs from 113.206.95.144 */ to 113.206.95.151 */ destination port 80 */

/* TCP protocol */

MAC address based classifier

UsPacketClass { ServiceFlowRef 3; ClassifierRef 11;

http://cmtsinfo.net/index.php?howto=

4/9

12/12/2009

Howto linux, CMTS

RulePriority 68; ActivationState 1; LLCPacketClassifier { SrcMacAddress 00:11:22:33:44:55 /* Matches that MAC address } }

*/

General classifier parameters:

Name
DsPacketClass UsPacketClass ClassifierRef ServiceFlowRef

Description
Creates downstream classifier Creates upstream classifier Number of classifier, must be unique in config file ServiceFlowRef - number of service flow, which is used if packets matches that classifier. Sp ecifies the priority for the classifier. Higher number higher priority. Classifiers with higher p riority are checked first. Enables classfier What to do with classifier when Dynamic Service Change Request is recived

Values
none none any number (1-255) Number of existing SF

RulePriority

any number (0-255)

ActivationState

1 - enabled,0 - disabled? 0 - Add clasifier,1 - replace classifier, 2 - delete classifier

DscAction

IP classifier parameters:
Name
IpPacketClassifier

Description
Creates IP classifier match

Values
none 0xLLM M HH, where LL - low tos, M M - tos mask, HH high tos. M atches p ackets, where (LL AND M M ) >= tos <= HH. IP address

IpTos

M atches ToS values

Ip SrcAddr

M atches source IP Sp ecifies source mask. Match = SrcIP AND SrcM ask M atches destination IP Sp ecifies destination mask. M atch = DstIP AND DstMask M atches source ports staring from that value M atches source ports ending on that value M atches destination ports staring from that value M atches destination ports ending on that value M atches IP p rotocol

IpSrcM ask

IP address

IpDstAddr

IP address

IpDstM ask

IP address

SrcPortStart

0(default)-65535

SrcPortEnd

0-65535(default)

DstPortStart

0(default) - 65535

DstPortEnd

0-65535(default) 1 - ICM P, 6 - TCP, 17- UDP 256 - any, 257 - TCP+UDP, 0 - ignore this field

IpProto

LLC classifier parameters:

Name
LLCPacketClassifier DstM acAddress

Description
Creates LLC(M AC) classifier match M atches destination M AC

Values
none M AC address

http://cmtsinfo.net/index.php?howto=

5/9

12/12/2009
SrcM acAddress EtherType

Howto linux, CMTS

M atches source M AC M atches ethertyp e M AC address Etherty pe in hex

802.1q classifier parameters:

Name
IEEE802Classifier UserPriority VlanID

Description
Creates 802.1P/Q classifier match M atches p riority field M atches vlan ID field

Values
none 0-7 0-4095

IP, LLC and IEEE802 matches may be used together in one classifier.

7) SNMP parameters for use in docsis configuration files

SNMP v1 access table:

Allows read-only access for community string some_password from 192.168.0.1/24 coming only from RF interface of a CM. .1 means that it's first entry - remember to change w hen adding more. SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject docsDevNmAccessStatus.1 Integer 4; /* createAndGo */ docsDevNmAccessIp.1 IPAddress 192.168.0.1 ; docsDevNmAccessIpMask.1 IPAddress 255.255.255.0 ; docsDevNmAccessControl.1 Integer 2; /* read */ docsDevNmAccessInterfaces.1 HexString 0x40; docsDevNmAccessCommunity.1 String "some_password" ;

Nmaccess entries explained:

Name
docsDevNmAccessStatus

Description
Configures row creation and it's activation Specifies source IP of a SNM P query matching this rule. Specifies source IP mask of a SNM P query matching this rule. Sp ecifies access privileges

Values
1 - active, 2 - inactive, 4 - create and activate, 5 - create and deactivate, 6 - delete. Stick wtih 4.

docsDevNmAccessIp

IP address

docsDevNmAccessIp Mask

mask address

docsDevNmAccessControl

2 - RO, 3 - RW, 4 - RO with traps, 5 - RW with traps, 6 - traps 0x40 - cable, 0x80 - ethernet, 0xC0,0x00 both "desired_community_string"

docsDevNmAccessInterfaces

Specifies matching interface Specifies the community string

docsDevNmAccessCommunity

Firewall rule:
This firewall rule prevents users from sending mail using port 25(SMTP). Note that by setting docsDevFilterIpDefault to 2(drop) one can allow only selected traffic insted of droping it. SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject docsDevFilterIpControl.7 Integer 1; /* discard */ docsDevFilterIpIfIndex.7 Integer 0 ; docsDevFilterIpDirection.7 Integer 3; /* both */ docsDevFilterIpBroadcast.7 Integer 2; /* false */ docsDevFilterIpSaddr.7 IPAddress 0.0.0.0 ; docsDevFilterIpSmask.7 IPAddress 0.0.0.0 ; docsDevFilterIpDaddr.7 IPAddress 0.0.0.0 ;

http://cmtsinfo.net/index.php?howto=

6/9

12/12/2009
SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject

Howto linux, CMTS

docsDevFilterIpDmask.7 IPAddress 0.0.0.0 ; docsDevFilterIpProtocol.7 Integer 6 ; docsDevFilterIpSourcePortLow.7 Integer 0 ; docsDevFilterIpSourcePortHigh.7 Integer 65535 ; docsDevFilterIpDestPortLow.7 Integer 25 ; docsDevFilterIpDestPortHigh.7 Integer 25 ; docsDevFilterIpStatus.7 Integer 4; /* createAndGo */

Notable parameters
Name
docsDevFilterIpControl docsDevFilterIpDirection docsDevFilterIp Broadcast

Description
Discards or accepts the traffic Sp ecifies the direction of p acket to match. Matches ONLY broadcast traffic.

Values
1 - discard, 2 - accept 1 - incoming, 2 - outgoing, 3 - both directions 1 - yes, 0 - no

Other:
Specifies maximal number of source IPs that modem is forwarding from Ethernet and USB interfaces. WARNING: Undesired operation on some modems - allows only 1 IP per MAC address. This may sound good but PCs get modem assigned(192.168.100.X) and windows private IPs all the time. Result: no network access. SnmpMibObject docsDevCpeIpMax.0 Integer 3 ;

8) Other configuarion parameters

Currently other parameters are only listed. Will write descriptions when there's time.

Baseline Privacy, must be turned on by GlobalPrivacyEnable.

Name
SAM ap WaitTimeout SAM ap MaxRetries BaselinePrivacy AuthTimeout ReAuthTimeout AuthGraceTime ReKeyTimeout TEKGraceTime AuthRejectTimeout Sp ecifies BPI op tions none - tree

Description

Values

SNMPv3 specific:
Name
SnmpV3Kickstart SnmpV3Security Name SnmpV3M grPublicNumber

Description
Specifies SNM Pv3 engine options

Values
none - tree

Name
SnmpV3TrapReceiver Snmp V3TrapRxIP

Description
Sp ecifies SNM Pv3 trap s settings

Values
none - tree

http://cmtsinfo.net/index.php?howto=

7/9

12/12/2009
SnmpV3Trap RxPort SnmpV3TrapRxTyp e Snmp V3Trap RxTimeout Snmp V3TrapRxRetries SnmpV3TrapRxFilterOID SnmpV3Trap RxSecurityName

Howto linux, CMTS

"security _name"

PHS - Payload header supression:

Name
PHS PHSClassifierRef PHSClassifierId PHSServiceFlowRef PHSServiceFlowId PHSField PHSIndex PHSM ask PHSSize PHSVerify

Description
Specifies PHS options

Values
none - tree

Vendor specific:
Name
VendorSpecific VendorIdentifier

Description
Specifies vendor specific options Sp ecifies vendor identifier

Values
none - tree vendor id - 0xIIIIII

Modem Capabilities:
Everything shuld be enabled by default so use it only to disable things.

Name
ModemCapabilities ConcatenationSupp ort M odemDocsisVersion FragmentationSupp ort PHSSupp ort IGM PSupport BaselinePrivacy Supp ort DownstreamSAIDSupp ort Up streamSIDSup port DCCSupp ort SubMgmtControl SubM gmtFilters

Description
Starts the tree

Values
none

T e m p l a t e : d e s i g n s b y d a r r e n .c o m o n l i c e n s e A l l t r a d e m a r k s b e l o n g t o t h e i r r e s p e c t i v e o wn e r s . A l l m a t e r i a l s p r e s e n t e d h e r e fo r i n f o r m a t i o n a l p u r p o s e s o n l y .

http://cmtsinfo.net/index.php?howto=

8/9

12/12/2009

Howto linux, CMTS

http://cmtsinfo.net/index.php?howto=

9/9