BCC 6 0 ConfigurationQuickStartGuide

Configuration Quick StartGuide

Incognito Software Inc.375 Water Street, Suite 500Vancouver, BC CanadaV6B 5C6

604.688.4332www.incognito.com

Broadband Command Center 6.0

All rights reserved. Address Commander, Broadband Command Center, DNS Commander, FastFlow BPM, IP Commander,Name Commander, Network Resource Commander (NRC), Service Activation Center (SAC), TFTP Commander, and the“Incognito Software” logo are trademarks of Incognito Software Incorporated. All other trademarks are the property of theirrespective owners.

No parts of this work may be reproduced in any form or by any means — graphic, electronic, or mechanical, includingphotocopying, recording, taping, or information storage and retrieval systems — without the written permission of thepublisher.

While every precaution has been taken in the preparation of this document, the publisher and the author assume noresponsibility for errors or omissions, or for damages resulting from the use of information contained in this document orfrom the use of programs and source code that may accompany it. In no event shall the publisher and the author be liablefor any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by thisdocument.

Incognito Software Inc., 375 Water Street, Suite 500, Vancouver, BC, Canada, V6B 5C6.

This product contains licensed software developed by the Apache Software Foundation (http://www.apache.org/).

This product includes licensed software developed by the OpenSSL Project for use in the OpenSSL Toolkit(http://www.openssl.org/).

TRADEMARKS:

CableLabs and DOCSIS are trademarks of Cable Television Laboratories, Inc.

CORBA is a registered trademarks of Object Management Group, Inc. in the United States and/or other countries.

Debian is a registered trademark of Software in the Public Interest, Inc.

Intel, Pentium, and Xeon are trademarks of Intel Corporation in the U.S. and other countries.

Linux is a registered trademark of Linus Torvalds.

Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in theUnited States and/or other countries.

Oracle and Java are registered trademarks of Oracle Corporation and/or its affiliates.

Red Hat and Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries.

SPARC is a registered trademark of SPARC International, Inc. in the United States and other countries.

TAO and ACE are registered trademarks of Washington University.

UNIX is a registered trademark of The Open Group.

Part Code: BCC6_0_QSUG-6.0.12/24/2010

© 2010 Incognito Software Inc.

I

Contents

Configuration Quick Start Guide

Table of Contents

........................................................................................................................................ 1Help and Support

........................................................................................................................................ 2Configuration Overview

........................................................................................................................................ 3Installation Packages

........................................................................................................................................ 4Management Interfaces

...................................................................................................................................................................... 4Java™ Incognito Management Console .......................................................................................................................................................... 4Java Web Start Service .......................................................................................................................................................... 5Using the JIMC

...................................................................................................................................................................... 7Command Line Interface

...................................................................................................................................................................... 7APIs

........................................................................................................................................ 8DHCP Configuration

...................................................................................................................................................................... 8CMTS Behavior and DHCP Subnet Determination

...................................................................................................................................................................... 8General Preparation

...................................................................................................................................................................... 9Supported Operating Systems

...................................................................................................................................................................... 9Hardware Preparation ...................................................................................................................................................................... 10Software Installation ...................................................................................................................................................................... 10Starting the Service ...................................................................................................................................................................... 11Software Registration ...................................................................................................................................................................... 12DHCP General Service Configuration

.......................................................................................................................................................... 12Enable DHCP Failover

.......................................................................................................................................................... 12Enable Multicast Integration

.......................................................................................................................................................... 13Enable Time of Day Service

.......................................................................................................................................................... 13Configure Server-Wide Defaults

.......................................................................................................................................................... 13Configure CM Blocking

.......................................................................................................................................................... 14Configure the MTA Voice Service Classes

.......................................................................................................................................................... 15Configure the Cable Modem Service Classes

.......................................................................................................................................................... 16Configure the Client Class Groups

.......................................................................................................................................................... 16Configure the Cable Modem Container Rule

.......................................................................................................................................................... 17Configure the MTA Container Rule

.......................................................................................................................................................... 17Configure the CPE Container Rule

.......................................................................................................................................................... 18Database Backup Scheduling

.......................................................................................................................................................... 18Service Notifications

.......................................................................................................................................................... 18SNMP Integration

.......................................................................................................................................................... 18Audit Scheduling

.......................................................................................................................................................... 19Administrator Accounts

.......................................................................................................................................................... 19CMTS Specific DHCP Service Configuration .................................................................................................................................................... 19CMTS Configuration.................................................................................................................................................... 20Adjacent Network Settings

........................................................................................................................................ 21MPS Configuration...................................................................................................................................................................... 21General Preparation ...................................................................................................................................................................... 21Supported Operating Systems ...................................................................................................................................................................... 21Hardware Preparation ...................................................................................................................................................................... 23Software Installation ...................................................................................................................................................................... 23Starting the Service ...................................................................................................................................................................... 23Software Registration ...................................................................................................................................................................... 24MPS Service Configuration

.......................................................................................................................................................... 24Enabling Multicast Integration

.......................................................................................................................................................... 24Configure the Packet Cable Service Classes

II

Contents




.......................................................................................................................................................... 26SNMP Integration


........................................................................................................................................ 27KDC Configuration...................................................................................................................................................................... 27General Preparation ...................................................................................................................................................................... 27Supported Operating Systems ...................................................................................................................................................................... 27Hardware Preparation ...................................................................................................................................................................... 29Software Installation ...................................................................................................................................................................... 29Starting the Service ...................................................................................................................................................................... 29Software Registration ...................................................................................................................................................................... 30KDC Service Configuration

.......................................................................................................................................................... 30Configure KDC License

.......................................................................................................................................................... 30Configure KDC Configuration File

.......................................................................................................................................................... 30Configure KDC Service Keys and Certificates



........................................................................................................................................ 32CFM Configuration...................................................................................................................................................................... 32General Preparation ...................................................................................................................................................................... 32Supported Operating Systems ...................................................................................................................................................................... 32Hardware Preparation ...................................................................................................................................................................... 34Software Installation ...................................................................................................................................................................... 34Starting the Service ...................................................................................................................................................................... 34Software Registration ...................................................................................................................................................................... 35CFM Service Configuration





........................................................................................................................................ 37CFM Proxy Configuration...................................................................................................................................................................... 37General Preparation ...................................................................................................................................................................... 37Supported Operating Systems ...................................................................................................................................................................... 37Hardware Preparation ...................................................................................................................................................................... 39Software Installation ...................................................................................................................................................................... 39Starting the Service ...................................................................................................................................................................... 39Software Registration ...................................................................................................................................................................... 40CFM Proxy Service Configuration





........................................................................................................................................ 41Configuring a Cable Modem with IPv6...................................................................................................................................................................... 41Define Routing Elements ...................................................................................................................................................................... 42Create a Client Class for IPv6 modems ...................................................................................................................................................................... 42Create a dynamic DOCSIS File specifically for DOCSIS 3.0 devices ...................................................................................................................................................................... 42Create a Quality of Service Client Class ...................................................................................................................................................................... 43Create a rule for DHCPv6 Clients

........................................................................................................................................ 44Appendix A: Installation Directories and Files...................................................................................................................................................................... 44Windows ...................................................................................................................................................................... 44Solaris

III

Contents


...................................................................................................................................................................... 45RedHat Linux

...................................................................................................................................................................... 45Debian Linux

........................................................................................................................................ 47Appendix B: Interoperability Testing (eMTA device list)...................................................................................................................................................................... 47Motorola

.......................................................................................................................................................... 47SBV4200 VoIP Cable Modem (CG4D firmware)

.......................................................................................................................................................... 48SBV4200 VoIP Cable Modem

.......................................................................................................................................................... 48SBV5120 VoIP Cable Modem

.......................................................................................................................................................... 48SBV5120E VoIP Cable Modem (Euro) ...................................................................................................................................................................... 50Scientific Atlanta

.......................................................................................................................................................... 50WebStar DPX2203 ...................................................................................................................................................................... 52Arris

.......................................................................................................................................................... 52Touchstone Telephony Modem TM402P ...................................................................................................................................................................... 53Packet Cable Secure Flow Template File ...................................................................................................................................................................... 54Notes

Help and Support

Configuration Quick Start Guide 1

Help and SupportFor general inquiries, contact our corporate headquarters. User assistance is provided through the CLI helpcommand. Registered users can contact Incognito Software for assistance with installing, updating, andoperating this product. For support options, please see the support page at www.incognito.com/support/.

Knowledge Base

You may find answers to your questions more quickly in the Knowledge Base. Visit the support page fordetails.

Training

Interactive, “hands-on” training is available to help you to maximize productivity. Learn the basics, such asinstallation, configuration, and administration as well as useful tips on protocols and troubleshooting. Trainingcan be customized for all user levels. Visit the support page for details.

Contact Us

Technical support representatives are available from 6:00 a.m. to 5:00 p.m. (Pacific), Monday to Friday andoutside office hours if emergency support is required. You can request assistance through:

email: [email protected]

phone: +1-604-688-4332

fax: +1-604-688-4339

Please provide the following information in your support request:

• Product serial number (registration number)

• Your name, company name, and phone number

• Product name and version number

• Type of operating system and release/service pack

• Detailed description of the problem, including the steps to reproduce it

• Any error messages displayed

• Steps you have already taken to resolve the problem

• Any service logs taken at the time the problem occurred

Note: support services are subject to Incognito Software prices, terms, and conditions in place at the time theservice is used.

Configuration Overview


Configuration OverviewWelcome to the Broadband Command Centre Configuration Quick Start Guide. This guide presents a quickstep-by-step configuration of the available BCC services to enable the operation of a BCC network. Werecommend you follow the chapters in the order they are listed, and follow the contents of each chapter in theorder presented. For additional information, please consult the User and Installation Guides for the serviceyou are configuring, or contact Incognito Software.

Broadband Command Center consists of a number of network services that work together to manage andprovision DOCSIS cable modems, PacketCable MTAs, and customer premise equipment (CPE) host deviceson a broadband network. These network services include:

· DHCP

· Time of Day (the BCC DHCP service has an embedded ToD service)

· MPS – Multimedia Provisioning Service, which includes a PacketCable MTA Device ProvisioningService

· CFM

· CFM Proxy

· KDC

Before proceeding with the configuration of your services you will need the following information:

1. The list of subnets (gateway IP addresses + subnet masks) and the type of device each subnet isservicing (or just the ‘running config’ on the CMTS).

2. The CMTS shared secret for the CM configuration file.

3. The CMTS behaviour: Does it insert the primary giaddr into all device packets; or does it insert theprimary giaddr only into CM packets and the first secondary giaddr into all CPE packets; what giaddrdoes it insert into MTA packets?

4. Do you already have static modem configuration files that have been used previously? These canmake the configuration easier; the point is that you need to know what goes into the configuration files(e.g. upload/download speed for each QoS, and how many QoS services to provide) .

5. The IPs of your DNS service(s).

Note: All services need to use the same Multicast IP address and Port and Multicast Group/Cluster ID. Inaddition, all services need a valid FQDN which should be resolvable in the DNS services provided to cablemodems and MTAs.

The following is the order of service component chapters in the guide, and the order in which configurationshould proceed:

· DHCP Configuration

· MPS Configuration

· KDC Configuration

· CFM Configuration

· CFM Proxy Configuration

Installation Packages


Installation PackagesYou can obtain installation packages from the Incognito downloads webpage.

The Service installation packages include platform-specific installers for your BCC services and theManagement GUI installation package includes the Java™ Incognito Management Console (JIMC), the JavaWeb Start service and all service plug-ins.

https://www.incognito.com/downloads/index.jsp

Management Interfaces


Management InterfacesAll BCC services can be managed through the Java™ Incognito Management Console (JIMC), CommandLine Interfaces or through APIs. The JIMC and CLIs are installed on client computers that connect to theservices through a network connection.

Java™ Incognito Management Console

The JIMC is a Java-based graphical user interface that enables the administration and configuration of allBCC services through a web browser. The JIMC loads installed dynamic link libraries that are used toconfigure the Incognito services. These libraries are called plug-ins because they ‘plug in to’ the JIMC. TheJIMC interface is platform-independent and can manage services that are running on all supported platforms.

Minimum client requirements:

Java Version * Java 1.6 Update 20 (JRE 1.6.20)

Cache space for Java applications 300MB

RAM 1 GB

* Note: You must have a copy of the Java Runtime Environment (JRE) on your system to run the Java WebStart Service.

Java Web Start Service

The JIMC is launched directly from your browser using Java Web Start technology. The JIMC installationpackage includes the JIMC Web Start service installer. This contains the Jetty web service which enables theJava Web Start application to operate via an end user web browser.

To install JIMC Web Start, follow the installation instructions provided by the installer. Once installation iscomplete, start the Java Web Start service.Note: The JIMC data directory contains the configuration startup file which includes the listener IP and port forthe JIMC Jetty Web Service. These should be changed to avoid conflict with any other web services operatingon port 8080.

Start the JIMC Web Start service by running the following command with root permissions:

Windows: C:\Program Files\Incognito Software\NT\JIMC\startjimc

Solaris: /etc/init.d/jimc start

RedHat Linux: /etc/rc.d/init.d/jimc start

Debian Linux: /etc/init.d/jimc start

In a Web browser, type the URL, the port and the JIMC directory of the server that is running the JIMC WebStart service. For example: http://192.168.10.82:8080/jimc. You will then see the screen below where youcan choose services and launch the JIMC. The JIMC will create a product node for each service selected.



Using the JIMC

Each time you connect you must supply a username and password for each service running on the servers.The default username is administrator and the default password is incognito. The first time you log in you willbe required to change this default password.

When launching the JIMC for the first time, clients need to add a server or region and register the service(s)that they wish to connect to. The following information is required:

· The IP addresses of the server· The service license key(s)



Once you have connected to your service(s), select a product node to view the service properties. Only theservices you selected when starting the JIMC will be displayed in the product nodes. All service functionalityis provided through menus and dialogs. The service also includes utilities and diagnostic tools that are fullyconfigurable.

For further details about service functionality, please reference the User's Guides included with yourinstallation package.



Command Line Interface

The Command Line Interfaces (CLIs) can be used to manage all features of the service. The CLI allows forautomation of tasks through the use of scripting or batch file processing. Please refer to the individual serviceCLI Manuals for more information. For the location of the CLI executables please see Appendix A: InstallationDirectories and Files.

APIs

For information regarding APIs, please refer to the Software Development Kit (SDK) documentation.

DHCP Configuration


DHCP ConfigurationThis chapter defines the procedure for the initial configuration of a single BCC DHCP/MPS failover cluster. This includes all configuration that does not vary from subnet to subnet or from CMTS to CMTS.

CMTS Behavior and DHCP Subnet Determination

There are two distinct gateway IP address values associated with a device:

1. The gateway IP address inserted by a DHCP relay agent into the giaddr header field of each DHCPpacket it forwards.

2. The gateway IP address(es) sent to a client in DHCP option 3 (gateways) by the DHCP service.

On an HFC network, the CMTS is the “DHCP relay agent” and it inserts the first type of gateway IP address,the giaddr, into all DHCP packets it forwards.

By default, a DHCP service determines which subnet a device should belong to by the value of the giaddr fieldfound in the client DHCP packet. On HFC networks, this is typically not sufficient for determining which subneta device should belong to. Additionally, different CMTSs behave differently, or can be configured to behavedifferently, with respect to how they select which giaddr value to insert into a DHCP packet, as follows:

1. A CMTS may insert the primary interface gateway address into all DHCP packets. Typically, this isthe subnet intended for cable modems. Which means the DHCP service must be configured to pushdevices which are not cable modems onto another subnet.

2. A CMTS may insert the primary interface gateway address into all cable modem DHCP packets, andthe first secondary interface gateway address into all non-cable modem DHCP packets.

3. A CMTS may be able to differentiate many different devices, and, for example, may insert onegateway address for cable modems, a different gateway address for MTAs, and another gatewayaddress for all other devices.

The behavior of your CMTS will affect the configuration requirements for the DHCP service.

General Preparation

Before beginning to install and setup a DHCP failover cluster, you should be sure to gather the followinginformation and have it available:

1. The IP addresses that will be assigned to each server.

2. A decision on which server will be designated as the primary server and which will be the secondaryserver.

3. The DHCP license keys.

4. The list of client class names (service packages, etc) you intend to configure on the services, and theassociated Network Settings and DOCSIS file setting configurations.

DHCP Configuration


Supported Operating Systems

· Debian® 4.0 Etch (32-bit and 64-bit)

· Microsoft® Windows Server® 2003 (SP2)

· Red Hat® Enterprise Linux® 5.1 (32-bit)


· Sun™ Solaris™ 9 (SPARC®)


Hardware Preparation

Each DHCP failover cluster consists of two servers: a primary DHCP server and a secondary DHCP server. The DHCP service should be installed on each server according to the installation instructions that areprovided with the service software. Each server must be prepared as follows:

1. The server time has been correctly set using the local time zone.

2. One or more network interface cards have been correctly installed and configured with the static IPaddress that it will use when deployed on the network.

3. The server’s routing table has been configured correctly with persistent routes to the CMTS HFCnetworks for each CMTS the server will service.

4. Ensure the DHCP server has network reachability to both the access network, as well as anynetworks of dependent OSS systems.

Before installing, ensure that your server meets the minimum requirements according to the size of yourdeployment.

SMALL DEPLOYMENT (fewer than 10,000 IP leases)

OperatingSystem

Linux Solaris Windows

Disk Space (GB) 15 15 15

Processor Pentium® 4 2.8 GHz UltraSPARC-IIi650 MHz

Pentium® 4 3.0 GHz

RAM (MB) 1024 1024 1024

Number ofProcessors

1 1 1

Network Card 1 1 1

RAID/SCSI/IDE IDE IDE IDE

DHCP Configuration


MEDIUM DEPLOYMENT (fewer than 50,000 IP leases)

OperatingSystem



Processor Xeon® 2.4 GHz UltraSPARC-IIICu 1.2 GHz

Xeon® 2.6 GHz

RAM (MB) 2048 2048 2048

Number ofProcessors

1 1 1

Network Card 1 1 1

RAID/SCSI/IDE SCSI SCSI SCSI

LARGE DEPLOYMENT (up to 250,000 IP leases)

OperatingSystem



CPU Speed Xeon® 2.8 GHz UltraSPARC-IIICu 1.2 GHz

Xeon® 3.0 GHz

RAM (MB) 4096 4096 4096

Number ofProcessors

1 1 1

Network Card 1 1 1

RAID/SCSI/IDE SCSI/RAID SCSI/RAID SCSI/RAID

Software Installation

The DHCP service should be installed on each server according to the installation instructions that areprovided with the service software.

Starting the Service

The DHCP service must be started on each server by running the following command with root permissions:

DHCP Configuration


Windows: Services are started from the Windows Service Control Manager (SCM) also known as theServices applet in the Windows Control Panel.

Solaris: /etc/init.d/ipcmdrd start

RedHat Linux: /etc/rc.d/init.d/ipcmdrd start

Debian Linux: /etc/init.d/ipcmommander6 start

NOTE: To log in to the service you must separately install the JIMC product. The JIMC is the clientadministration utility for all BCC services. Please see the JIMC_install.pdf document for information oninstalling the JIMC.

Software Registration

The DHCP service on each server must be registered with the license key provided. To register a licensekey, choose Server > Register from the main menu, select a service, and enter the license key.

DHCP Configuration


DHCP General Service Configuration

Only the primary DHCP service needs to be configured. Once failover is enabled the secondary DHCPservice will be automatically synchronized with the primary DHCP service.

Enable DHCP Failover

Failover allows two DHCP Services with the same configuration information to run simultaneously. Duringnormal operation, only one server (the Primary) performs IP address management functions while thesecond server (Secondary) is dormant. When the Primary service unexpectedly shuts down or stopscommunicating with the Secondary server, the Secondary server assumes the role of allocating IPaddresses.

To enable DHCP failover:

1. From the node tree select Configuration > Network Integration > Failover.

2. Click the Initiate Failover button.

3. When prompted by the wizard, enter the Hostname or Secondary server IP address

and click Next.

4. You will be prompted to log in to the secondary server. Enter the secondary DHCP service login nameand password and click OK.

5. Continue following the prompts from the wizard. The last step will save the configuration and enablefailover.

6. Failover will now be initiated and the DHCP services will automatically be synchronized.

Enable Multicast Integration

Multicast integration allows services to send heartbeat notifications indicating service status and other data toeach other. This is required for redundancy, failover functions, service monitoring, load balancing, andfeatures that require data sharing, such as dynamic device configuration file generation.

Note: To enable the multicast integration feature and to allow communications between services, multicastmust first be enabled on your network.

1. From the node tree select Configuration > Network Integration > Multicast Integration.

2. Enter the Embedded Multicast Parameters.

3. The Multicast IP address and port number must be the same on all services.

4. In the Local fully qualified domain name field, enter the full hostname of the server the DHCPservice is running on. For example, dhcp1.incognito.com.

5. In the CFM database synchronization port field enter an arbitrary port that meets the followingcriteria:

a. The port is not currently in use on your server.

b. The port is different than the “Database Synchronization Port” port configured on the CFM Proxyservice. For example, 9092 is likely valid.

6. In the Multicast Groups section, add a multicast group that this DHCP service will belong to. Allservices need to use the same Multicast Group/Cluster ID.

7. Click the Save button.

DHCP Configuration


Enable Time of Day Service

The service supports an embedded time of day service as described in RFC 868. This allows other deviceson the network to use this protocol in order to synchronize their clocks to that of the DHCP service.

To enable TOD service:

1. From the node tree, select Configuration > Time of Day Service.

2. Check the Enable the time of day service (RFC 868) box.

3. The time of day service port does not need to be changed.


Configure Server-Wide Defaults

Server-wide defaults contain DHCPv4 option values and DDNS settings that provide default settings for alldevices provisioned from the service.

To configure Server-Wide Defaults:

1. From the tree node, select Server-Wide Defaults.

2. If dynamic DNS will be supported for all or most devices, ensure that :

a. Enable DDNS is checked

b. The Inherit DDNS box is checked and the IP field contains the IP address of the primary DDNSserver.

Alternately, DDNS settings can be configured on a per subnet or client class basis by setting theabove data in the Template record that you create and link to the relevant subnet rule(s) and/or clientclass(es).

3. Modify DHCP option 51 to set the lease time.

4. Set DHCP option 6 (Domain (DNS) Server) with the data set to the primary DNS server IP address.Add any additional DNS servers to this option data.

5. Add any additional DHCP options that apply to all devices. For example, DHCP Option 12: Hostnamemay be applied here, or on the more specific templates added later. Note that you may wish togenerate a hostname for only those devices that send a hostname to DHCP (“HOST$” mask); or forevery device that negotiates a lease (see the list of hostname masks available).

6. Are gateway IP addresses uniform across the network? For example, is the first address in everysubnet the gateway IP address? If so, set DHCP Option 3 (Gateways) with the subnet portion of theIP address set to zeros. For example: 0.0.0.1. The zeroed out portion of the address will be filled inwith a client’s subnet when the client is being provisioned. You will not need to configure anymoregateway IP addresses.

7. Click the Save button to save your changes.

Configure CM Blocking

If you do not wish to configure the system to be able to easily block cable modems (e.g. for abuse subscribersor subscribers who have not paid their bills), then this step can be skipped.

1. From the top of the Management Console screen choose the Advanced > Manage DOCSIS FileSettings menu item.

2. Next click the Create button.

3. Enter Block as the name for this new DOCSIS File Setting.

DHCP Configuration


4. Select the Edit button to add configuration settings.

5. Select General Settings from the left-side list. In [3] Network Access Control set the value toDenied Access.

6. Next select Class of Service from list. In [4.1] Class ID, set the value to 1 (you can select either I forinteger or H for hex as 1 is the same in both notations). Click the OK button and then click the Backbutton to return to the main screen.

7. Click the Save button and then click the Close button.

8. Next, from the node tree select Client Classes.

9. Click the Create button.

10. Enter Block as the name for this client class.

11. Select the Members tab.

12. From the Membership Type drop-down box, select MAC Address.

13. Next, click the DHCPv4 Network Settings tab.

14. Double-click in the Value 1 field for DHCP option 67 (Bootfile) to edit the Creation Mask options.

15. From the Creation Mask Tokens list select Dynamic Creation File (DYNFILE$). Next, choose theDOCSIS file you created in the steps above and then click Add and then click OK. The value field willnow populated with the new Creation Mask.


Configure the MTA Voice Service Classes

If you are not deploying PacketCable MTAs for voice service, this step can be skipped. For each voice (MTA)service class:



3. In the name field, specify the desired service class name as the name for this DOCSIS File Setting.

4. Click the Edit button.

5. Select General Settings from the left side list. In [3] Network Access Control set the value to HasAccess.

6. Configure both the [22] Upstream Packet Classifiers and the [23] Downstream Packet Classifiersthat capture voice related traffic.

7. Configure both the [24] Upstream Service Flows and the [25] Downstream Service Flows for thisMTA service.

8. Click the OK button, then click the Back button.

9. Click the Save button then click Close.

10. From the node tree select Client Classes.


12. Specify the service name as the name for this client class.

13. Define the priority of the client class. It is recommended that client class priorities be configured inincrements of 100 so that new client classes can be inserted easily in the future. As the priorityspecify <the number of service classes already configured> *100.

DHCP Configuration



15. From the Membership Type drop-down box, select DHCPv4 Option.

16. From the DHCP Option drop-down box, select 43 Vendor Specific, and enter 3 for the Sub-Option(optional) field.

17. At the bottom of the screen click Add. In the pop-up box, ensure H is displayed and enter the valueECM:EMTA. Note: This box functions as a switch between types of input. If the box displays the letterH you are in alphanumeric mode. If you click on the H, it will change you to Hex mode and you willsee an A will be displayed.



20. From the Creation Mask Tokens list select Dynamic Configuration File (DYNFILE$). Next,choose the DOCSIS file that was created in the steps above. Click Add and then click OK.

21. Double-click in the Value 1 field for DHCP option 122 to edit the PacketCable VoIP ClientConfiguration. Enter 1 for the sub-code and then enter the IP address of the primary DHCP service.Click OK.

22. Click Add Column. Double-click in the Value 2 field for DHCP option 122. Enter 2 for the sub-codeand then enter the IP address of the secondary DHCP service. Click OK.

Configure the Cable Modem Service Classes

For each data (cable modem) service class:



3. In the name field, specify the desired service class name as the name for this DOCSIS File Setting.

4. Click the Edit button.

5. Select General Settings from the left side list. In [3] Network Access Control set the value to HasAccess.

6. Configure both the [24] Upstream Service Flows and the [25] Downstream Service Flows for thisCable Modem service.

7. Click the OK button, then click the Back button.

8. Click the Save button then click Close.



11. Specify the service name as the name for this client class.

12. Define the priority of the client class. It is recommended that client class priorities be configured inincrements of 100 so that new client classes can be inserted easily in the future. As the priorityspecify <the number of service classes already configured> *100.


14. From the Membership Type drop-down box, select MAC Address.



DHCP Configuration


17. From the Creation Mask Tokens list select Dynamic Configuration File (DYNFILE$). Next,choose the DOCSIS file that was created in the steps above. Click Add and then click OK.

Configure the Client Class Groups

Client class groups are used by the Multimedia Provisioning Service to provide services for cable modems,host devices, and MTAs. They define the services that are available for each of these devices.

1. From the node tree, select Client Class Groups.

2. Click the Create button. Enter CM Service as the name.

3. In the Client Class Membership area, move the Client Classes that are to be a part of this groupfrom the panel on the right side to the panel on the left side. Click Save.

4. Repeat the above steps for every other client class group that you wish to add. For example, if youhad multiple brands of cable modems on your network, you might have a Client Class Group calledVendors containing Client Classes for each make & model of cable modem.

Configure the Cable Modem Container Rule

This is a rule which all cable modem subnets will be placed under, and which provides default DHCP optiondata for cable modems.

1. From the node tree select DHCPv4 Subnet Rules.

2. Click Create and enter Cable Modems as the name of the rule.

3. Specify an IP address range (lower and upper limit) that will cover all subnets assigned to cablemodems.

4. Specify the default subnet mask for cable modems if applicable.

5. The default gateway does not need to be set.

6. Click the Rule Criteria tab.

7. Note that this step can be skipped if the CMTS assigns a different gateway IP address (giaddr) tocable modem DHCP packets than the one it assigns to non-cable modem DHCP packets. Otherwise,enter OPTIONSTRING(60, docsis*) as the rule criteria.

8. Select the DHCPv4 Network Settings tab.

9. Double click the “Value 1” field for each of the following options:

· DHCP option 2 (Time Offset) – Enter the data set to the time offset for the local time zone

· DHCP option 4 (Time Server) – Enter the data set to the secondary DHCP service IP address. Add the primary DHCP server IP address as “Value 2”. This allows the secondary server, whichis otherwise inactive, to handle time requests by default, while the primary server handles DHCPrequests

· If a log server will be deployed to capture cable modem log messages, then add DHCP option7(Log Server), with the data set to the log server IP address

· DHCP option 51 (Lease Time), with the data set to the lease time for cable modems

· DHCP Option 66 (TFTP Server), with either the IP address of the TFTP server, or255.255.255.<multicast group ID> if using clustering.


DHCP Configuration


Configure the MTA Container Rule

If you are not deploying PacketCable MTAs for voice service, this step can be skipped. This is a rule which allMTA subnets will be placed under, and which provides default DHCP option data for MTAs.


2. Click Create and enter MTA as the name of the rule.

3. Specify an IP address range (lower and upper limit) that will cover all subnets assigned to MTAs.

4. Specify the default subnet mask for MTAs if applicable.



7. Note that this step can be skipped if the CMTS assigns a different gateway IP address (giaddr) toMTA DHCP packets than the one it assigns to non-MTA DHCP packets. Otherwise, enter

OPTIONSTRING(60, pktc*) as the rule criteria.


9. Ensure that Enable Automatic DDNS Updates is checked.

10. Ensure that Inherit DDNS Settings is NOT checked.

11. In the Dynamic DNS field, enter the IP address of the primary DNS server for the MTA domain.

12. Double click the Value 1 field for each of the following options:

· DHCP option 15 (Domain Name), with the data set to the domain that MTAs will be assigned to

· DHCP Option 122 (PacketCable VoIP (RFC 3495))

o Within the Value 1 Field, enter sub-code 3 (TSP’s Provisioning Server Address) and set thevalue to FQDN for the MPS servers and click “OK”

o Within the Value 2 Field, enter sub-code 6 (TSP’s Kerberos Realm Name) and set the valueto the provisioning flow to be used


Configure the CPE Container Rule

This is a rule which all CPE subnets will be placed under.


2. Click Create and enter CPE as the name of the rule.

3. Specify an IP address range (lower and upper limit) that will cover all subnets assigned to CPEs.

4. Specify the default subnet mask for CPEs if applicable.



7. Note that this step can be skipped if the CMTS assigns a different gateway IP address (giaddr) tocable modem and MTA DHCP packets than the one it assigns to CPE (host) packets. Otherwise,enter NOT OPTIONSTRING(60, docsis*) AND NOT OPTIONSTRING(60, pktc*) as the rule criteria.


DHCP Configuration


Database Backup Scheduling

The database can be backed-up and restored to prevent data loss or for archival purposes.

1. From the node tree select Configuration > Service Configuration >

Database Backup Scheduling.

2. Select the days and times you would like the service to automatically backup its databases. Youshould create a cron job or other script that automatically moves service backups to external storage.


Service Notifications

You can configure a service to notify users when specified events occur. Service notification settings allowyou to configure where SNMP traps are sent, the SNMP relay data necessary for sending email notificationmessages, and the events that trigger notifications.

1. From the node tree select Configuration > Network Integration > Service Notifications.

2. From the Notification Methods tab, click the Add button beside the SNMP trap destination list.

3. Add the IP address of a NOC SNMP station that SNMP Traps should be sent to when an SNMPtrap-enabled event occurs.

4. On this page you may also select Enable logging to system logs.

5. Click the Notification Events tab. Select which events should trigger SNMP Trap (and other)notifications. It is recommended that you select all events.

6. Click the Email Notifications tab and enter the email addresses that notifications will be sent to.


SNMP Integration

Service statistics can be retrieved using SNMP, and the service is capable of sending SNMP traps whensystem critical events occur.

1. From the node tree select Configuration > Network Integration > SNMP Integration.

2. In the Cable Modem (DOCSIS) SNMP Configuration section enter the read community and thewrite community for managing cable modems.


Audit Scheduling

Auditing lets you keep records of IP address usage (in order to create address usage reports for ARIN andRIPE), as well as to troubleshoot problems in the service.

1. From the node tree select Configuration > Service Configuration > Audit Scheduling.

2. Check the Enable Audits box.

3. For the Archive Schedule Type, Maximum Records is recommended. Note: Daily auditing can bememory intensive.

DHCP Configuration


4. Select which events to audit. In order to maintain a complete IP address trail, it is recommended thatthe following events be audited:

· IP address allocations

· DHCP renews

· DHCP releases

· DHCP declines

· Expired leases

· Deleted leases


Administrator Accounts

You will need to create a login for each administrator that may configure this server. At the minimum, anaccount that will be used by MPS to configure the DHCP service is required. To create this account:

1. From the node tree select Configuration > Administrative Security > User Accounts.

2. Click the Create button to add a new account.

3. Use the Account Attributes check boxes to set the following permissions:

a. Rule (read-only)

b. Template Management

c. HW Mapping Management

d. Static Address Management

e. Client Classes Management

f. View Leases

g. DOCSIS File Settings Management

4. Record the account login name and password as you will need to configure it on the MPS server.

CMTS Specific DHCP Service Configuration

This section describes how to configure the DHCP service to support a CMTS and the networks on thatCMTS.

CMTS ConfigurationCMTS Configuration

In order to support dynamic DOCSIS file generation and provisioning of CPE static addresses through theMPS service, you must configure a Routing Element record for each CMTS as follows:

1. From the node tree select Routing Elements.

2. Click the Create button and assign a name to the CMTS.

3. Specify the CMTS DOCSIS version. This is required because all cable modems behind a DOCSIS1.0 CMTS must be put into DOCSIS 1.0 mode, even if those modems support other versions ofDOCSIS.

4. Specify and confirm the shared secret configured on the CMTS that is used to generate the cablemodem configuration file (CMTS Message Integrity Check (MIC)).

5. In the Networks section click the Add button. Specify:

DHCP Configuration


a. The type of network

b. The gateway IP address (giaddr)

c. Networks that devices assigned to the above gateway IP address can belong to

6. Repeat Step 5 for each gateway that the CMTS may assign to a cable modem (used to determinewhich CMTS a cable modem is behind when a DHCP packet is received from that cable modem) andeach gateway that may be used for provisioning static addresses for subscriber CPE devices.


Adjacent Network SettingsAdjacent Network Settings

If the CMTS inserts the primary interface gateway IP address into all DHCP packets, then a set of adjacentnetwork settings must be created and the Rule Criteria must be specified. Follow these steps for each cableinterface on the CMTS and for each secondary interface on the cable interface.

1. From the top of the Management Console screen choose the Advanced > Manage AdjacentNetworks menu item.

2. Enter a name for the new Adjacent Network Entry and click the Add button.

3. Specify the primary interface gateway and subnet mask as the first network, and the secondaryinterface gateway and subnet mask as the second network in the adjacent network pair.


MPS Configuration


MPS ConfigurationThis chapter defines the procedure for the initial configuration of a single BCC MPS service.

General Preparation

Before beginning to install and setup an MPS service, you should be sure to gather the following informationand have it available:

1. The IP address that will be assigned to each MPS server.

2. The IP addresses of the servers in the DHCP failover cluster that will be associated with the MPSservice. Note that an MPS service MUST be associated with a single DHCP failover cluster. The MPSservice can be co-hosted on the DHCP servers.

3. The IP addresses of the servers in the TFTP failover cluster that will be associated with the MPSservice. Note that an MPS service MUST be associated with a single TFTP failover cluster. The MPSservice can be co-hosted on the TFTP servers.

4. The MPS license keys.









Each server must be prepared as follows:

1. The server time has been correctly configured with the local time zone and current date and time.


3. The server’s route table has been configured correctly with persistent routes to the CMTS HFCnetworks for each CMTS the server will service.

There are three different sized deployments requiring different hardware. Ensure that your server isoperating with these minimum system requirements:

SMALL DEPLOYMENT <10,000 MPS subscriber device records

OperatingSystem

Windows (2003) Linux Solaris


MPS Configuration


CPU Speed Pentium 4 2.6 GHz Pentium 4 2.4GHz

UltraSPARC-lli Processor @ 650MHz

RAM (MB) 256 256 256

Number ofProcessors

1 1 1

Network Card 1 1 1


MEDIUM DEPLOYMENT <50, 000 MPS subscriber device records

OperatingSystem



CPU Speed Xeon 2.0 GHz Xeon 2.0 GHz UltraSPARC-Ill Cu Processor @1.2 GHz

RAM (MB) 512 512 512

Number ofProcessors

1 1 1

Network Card 1 1 1


LARGE DEPLOYMENT up to 250,000 MPS subscriber device records

OperatingSystem



CPU Speed Xeon 2.4 GHz Xeon 2.0 GHz UltraSPARC-Ill Cu Processor @1.2 GHz

RAM (MB) 2048 2048 2048

Number ofProcessors

1 1 1

MPS Configuration


Network Card 1 1 1



The MPS service should be installed on each server according to the installation instructions that are providedwith the service software.


The MPS service must be started on each server by running the following command with root permissions:


Solaris: /etc/init.d/mpscmdrd start

RedHat Linux: /etc/rc.d/init.d/mpscmdrd start

Debian Linux: /etc/init.d/mpscommander6 start



The MPS service on each server must be registered with the license key provided. To register a license key, choose Server > Register from the main menu, select a service, and enter the license key.

MPS Configuration


MPS Service Configuration

Enabling Multicast Integration






4. In the Local fully qualified domain name field, enter the full hostname of the server the MPSservice is running on. For example, mps1.incognito.com.




6. In the Multicast Groups section, add a multicast group that this MPS service will belong to. Allservices need to use the same Multicast Group/Cluster ID.


Configure the Packet Cable Service Classes

If you are not deploying PacketCable MTAs for voice service, this step can be skipped.

1. From the node tree select System Root > Packet Cable Service Classes.

2. Click the Create button and then enter a name for this new service class.

3. Enter the SNMP Read and Write community strings that will be used

4. Next select the Members tab.

5. The membership for this service class will control which template the MTA devices will be able todownload. Membership is based on one of the following:

a. The strings for Vendor, Model, Hardware Version, Software Version and the GIADDR of theCMTS the MTA is connected through.

b. A list of MTA hardware addresses.

6. Next select the Configure File Settings tab.

7. Ensure configure settings for dynamically generated file is selected.

8. Click on the Basic Packet Cable Settings Wizard button.

a. Enter the full hostname of the Call Management system at the MSO site. For example:cms.incognito.com.

MPS Configuration


b. The default UDP port (2427) should be sufficient.

c. Enter the Kerberos realm at the MSO site.

d. Enter the Organization name, which would be the telephony service provider name that the MSOhas registered with the PacketCable Service Provider Certificate purchased through Verisign.

9. The Configuration file contents area of the wizard should look similar to below:TLV11 PKTC-MTA-MIB pktcMtaDevEnabled=trueTLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-9="CMS.INCOGNITO.COM"TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort-9=2427TLV11 PKTC-MTA-MIB pktcMtaDevCmsIpsecCtrl-CMS.INCOGNITO.COM=trueTLV11 PKTC-MTA-MIBpktcMtaDevCmsKerbRealmName-CMS.INCOGNITO.COM="INCOGNITO.COM"TLV11 PKTC-MTA-MIB pktcMtaDevRealmOrgName-INCOGNITO.COM="Amazing IncognitoTelephony System"

10. Click the OK button.

11. Enter any additionally required MIB data under the Mib Modules tree.














5. Click the Notification Events tab. Select which events should trigger SNMP Trap (and other)notifications. It is recommended that you select only the following events:

· License Exceeded

· Service Starting

· Service Stopping

· Service Paused

· Service Resumed

MPS Configuration


· Low Diskspace

· DHCP login failed

· TFTP upload failed



SNMP Integration

Service statistics can be retrieved using SNMP, and the service is capable of sending SNMP traps whensystem critical events occur.

1. From the node tree select Configuration > Network Integration > SNMP Integration.

2. In the group box that is labeled “Specify the community strings used when the service sends SNMPv2GET and SET messages:” enter the read community name and the write community name formanaging cable modems.



You will need to create a login for each administrator that may configure this server.



3. Use the Account Attributes check boxes to select the permissions you want the account to have.

KDC Configuration


KDC ConfigurationThis chapter defines the procedure for the initial configuration of a BCC KDC service.

General Preparation

Before beginning to install and setup a KDC service, you should be sure to gather the following informationand have it available:

1. The fully qualified domain name for the MPS service(s).

2. The service keys shared with the MPS service(s).

3. The KDC license keys.












3. The server’s route table has been configured correctly with persistent routes to the CMTS HFCnetworks for each CMTS the server will service.

There are three different sized deployments requiring different hardware. Ensure that your server is operating withthese minimum system requirements:


SMALL DEPLOYMENT (fewer than 10,000 Configuration Files)

OperatingSystem



KDC Configuration



Pentium® 4 3.0 GHz

RAM (MB) 1024 1024 1024

Number ofProcessors

1 1 1

Network Card 1 1 1


MEDIUM DEPLOYMENT (fewer than 50,000 Configuration Files)

OperatingSystem




Xeon® 2.6 GHz

RAM (MB) 2048 2048 2048

Number ofProcessors

1 1 1

Network Card 1 1 1


LARGE DEPLOYMENT (up to 250,000 Configuration Files)

OperatingSystem




Xeon® 3.0 GHz

RAM (MB) 4096 4096 4096

Number ofProcessors

1 1 1

KDC Configuration


Network Card 1 1 1



The KDC service should be installed on each server according to the installation instructions that are providedwith the service software.


The KDC service must be started on each server by running the following command with root permissions:


Solaris: /etc/init.d/kdcwrapper start

RedHat Linux: /etc/rc.d/init.d/kdcwrapper start

Debian Linux: /etc/init.d/kdcwrapper6 start



Note that the KDC service has both a “license key” (for the “KDC wrapper service”) and a “license file” (for thecore KDC service).

The KDC Wrapper service on each server must be registered with the license key provided. To register alicense key, choose Server > Register from the main menu, select a service, and enter the license key.

KDC Configuration


KDC Service Configuration

Configure KDC License

1. From the node tree, select KDC License.

2. Click on Set License File button and point to where on disk KDC license file resides, wait until you getnotification about KDC restart status (pop up window).

Configure KDC Configuration File

Two configuration parameters are required: interface address and FQDN.

1. Select KDC Configuration File node in the tree view.

2. On the right hand side enter parameter pair: Parameter Name = interface address, Parameter Value= <IP address of KDC server in decimal dotted notation, e.g. 192.168.75.83>.

3. Enter parameter pair: Parameter Name = FQDN, Parameter Value = <fully qualified domain name forKDC, e.g. kdc.incognito.com>.

4. Configure any other parameters needed (for info on all configuration parameters please look at IPfonixPacketCable KDC User Guide PDF file).

5. Click on Set button, wait until you get notification about KDC restart status (pop up window).

Alternately, if you already have a KDC configuration file, kdc.ini (e.g. from previous installment of KDC on thesame box), you can:

1. Click on button Set Config from a File and point to where on disk kdc.ini file resides, wait until you getnotification about KDC restart status (pop up window)

Configure KDC Service Keys and Certificates

Testing certificates are automatically installed so is KDC certificate associated private RSA key. However, forproduction environment, the new set of certificates are needed.

To install new set of certificates and KDC RSA private key:

1. Select Keys and Certificates node in the tree view.

2. In Certificates pane on the right hand side check all 5 boxes.

3. Click on Set button and point to where on the disk certificates reside, wait until you get notificationabout KDC restart status (pop up window).

4. Click on Set button in Private RSA Key pane and point to where on disk KDC RSA private key resides,wait until you get notification about KDC restart status (pop up window).

To install Service Key:

1. Select Keys and Certificates node in tree view.

2. From the drop down list, select Service Key Name: mtaprovsrvr, mtafqdnmap or cms; mtaprovsrvrdesignates provisioning service key, mtafqdnmap designates MTA MAC to FQDN mapping servicekey, and cms designates call management service key. mtaprovsrvr and mtafqdnmap service keysmust have the same value as the keys configured in MPS (see Enabling PacketCable Security in MPSconfiguration section).

KDC Configuration


3. Enter values for all of Server FQDN, Realm, KDC Service Key, and KDC Key Version.

4. Click on Set button, wait until you get notification about KDC restart status (pop up window).








You will need to create a login for each administrator that may configure this server.



3. Use the Account Attributes check boxes to select the permissions you want the account to have.

CFM Configuration


CFM ConfigurationThis chapter defines the procedure for the initial configuration of a BCC CFM service.

General Preparation

Before beginning to install and setup a CFM service, you should be sure to gather the following informationand have it available:


2. The CFM license keys.












3. The server’s route table has been configured correctly with persistent routes if required to the CMTSHFC networks for each CMTS the server will service.




OperatingSystem




Pentium® 4 3.0 GHz

RAM (MB) 1024 1024 1024

CFM Configuration


Number ofProcessors

1 1 1

Network Card 1 1 1



OperatingSystem




Xeon® 2.6 GHz

RAM (MB) 2048 2048 2048

Number ofProcessors

1 1 1

Network Card 1 1 1



OperatingSystem




Xeon® 3.0 GHz

RAM (MB) 4096 4096 4096

Number ofProcessors

1 1 1

Network Card 1 1 1


CFM Configuration



The CFM service should be installed on each server according to the installation instructions that are providedwith the service software.


The CFM service must be started on each server by running the following command with root permissions:


Solaris: /etc/init.d/cfmcmdrd start

RedHat Linux: /etc/rc.d/init.d/cfmcmdrd start

Debian Linux: /etc/init.d/cfmcommander6 start



The CFM service on each server must be registered with the license key provided. To register a license key, choose Server > Register from the main menu, select a service, and enter the license key.

CFM Configuration


CFM Service Configuration

Proper configuration enables the CFM service to communicate with the other BCC services.







4. In the Local fully qualified domain name field, enter the full hostname of the server the CFMservice is running on. For example, cfm1.incognito.com.




6. In the Multicast Groups section, add a multicast group that this CFM service will belong to. Allservices need to use the same Multicast Group/Cluster ID.









· License Exceeded

· Service Starting

· Service Stopping

· Service Paused

· Service Resumed

CFM Configuration


· Low Diskspace












You will need to create a login for each administrator that may configure this server. At the minimum, youneed to add an account that will be used by the MPS to upload MTA configuration files to the server. Tocreate this account:




a. Service Configuration (Full Control)


CFM Proxy Configuration


CFM Proxy ConfigurationThis chapter defines the procedure for the initial configuration of a BCC CFM Proxy service.

General Preparation

Before beginning to install and setup a CFM Proxy service, you should be sure to gather the followinginformation and have it available:


2. The CFM Proxy license keys.












3. The server’s route table has been configured correctly with persistent routes if required to the CMTSHFC networks for each CMTS the server will service.



OperatingSystem




Pentium® 4 3.0 GHz

RAM (MB) 1024 1024 1024



Number ofProcessors

1 1 1

Network Card 1 1 1



OperatingSystem




Xeon® 2.6 GHz

RAM (MB) 2048 2048 2048

Number ofProcessors

1 1 1

Network Card 1 1 1



OperatingSystem




Xeon® 3.0 GHz

RAM (MB) 4096 4096 4096

Number ofProcessors

1 1 1

Network Card 1 1 1





The CFM Proxy service should be installed on each server according to the installation instructions that areprovided with the service software.


The CFM Proxy service must be started on each server by running the following command with rootpermissions:


Solaris: /etc/init.d/cfmproxycmdrd start

RedHat Linux: /etc/rc.d/init.d/cfmproxycmdrd start

Debian Linux: /etc/init.d/cfmproxycommander6 start



The CFM Proxy service on each server must be registered with the license key provided. To register a licensekey, choose Server > Register from the main menu, select a service, and enter the license key.



CFM Proxy Service Configuration

Proper configuration enables the CFM Proxy service to communicate with the other BCC services.







4. In the Local fully qualified domain name field, enter the full hostname of the server the CFM Proxyservice is running on. For example, cfmp1.incognito.com.




6. In the Multicast Groups section, add a multicast group that this CFM Proxy service will belong to. Allservices need to use the same Multicast Group/Cluster ID.









· License Exceeded

· Service Starting

· Service Stopping

· Service Paused

· Service Resumed



· Low Diskspace












You will need to create a login for each administrator that may configure this server. At the minimum, youneed to add an account that will be used by the MPS to upload MTA configuration files to the server. Tocreate this account:




a. Service Configuration (Full Control)


Configuring a Cable Modem with IPv6

Define Routing Elements

1. From the node tree select Routing Elements.


3. Enter the CMTS name, DOCSIS Type and Shared Secret.

4. Click Add to add Serviced Networks.

5. Change the type of network to IPv6.

6. Enter the Local Line Prefix (GIADDR) as well as the serviced networks.

7. Click the OK button, then click the Save button.



Create a Client Class for IPv6 modems


2. Create a new Client Class called IPv6_Modems.


4. Define the criteria to be based on DHCPv6 option 16 (CableLabs Vendor Class) with the stringdocsis3.0 in hex notation.


6. The following list of options should be set. These values will be set to your server’s IPv6 address.Note the translation from DHCPv4 to DHCPv6.

· TFTP Server (66) = 17.32

· Syslog Server (7) = 17.34

· Time Server (4) = 17.37

· Time Offset (2) = 17.38


Create a dynamic DOCSIS File specifically for DOCSIS 3.0devices



3. Enter the name as Gold_DOCSIS3.0.

4. Select General Settings from the left-side list. In [3] Network Access Control set the value to HasAccess.

5. Configure both the [24] Upstream Service Flows and the [25] Downstream Service Flows for thisdata service.

6. Configure the SNMPv1v2c Co-Existence (TLV 53) settings for this device.

7. Click the Save button, then the Apply button.

Create a Quality of Service Client Class


2. Create a new Client Class called Gold_DOCSIS3.0.




4. From the Membership Type drop-down box, select Client ID.

5. Set the client ID of your device, which is typically in the form of “00030001+MAC (i.e.,000300010015CFEE4B17). Note that this value should be entered in Hex.


7. Define the Configuration File name (option 17.33) to the DOCSIS file created in the previous steps.


Create a rule for DHCPv6 Clients



3. Name the new rule DHCPv6 Modems.

4. Enter the starting IP address and range.

5. Select the Rule Criteria tab.

6. Define the membership as CLIENTCLASS(Gold_DOCSIS3.0).


Appendix A: Installation Directories and Files


Appendix A: Installation Directories and FilesThe locations for installation directories and files depend on the platform you are using.

Windows

Base DirectoryThe installation package will prompt you for the base directory for the installation. By default it is c:\ProgramFiles\Incognito Software\NT.

Service ExecutablesService executables are located in the base installation directory. The service directories contain the serviceexecutable, as well as the service data sub-directory. The service data directory contains the servicedatabases, configuration file and log files.

DHCP <basedir>\IPCmdr\ipsvc.exe

MPS <basedir>\MPS\mpssvc.exe

KDC <basedir>\KDCWrapper\kdcsvc.exe

CFM <basedir>\CFM\cfmsvc.exe

CFMProxy <basedir>\CFMP\cfmproxysvc.exe

CLI Executables

CLI executables are located in the <basedir>\IMC directory.

DHCP <basedir>\IMC\ipcli.exe

MPS <basedir>\IMC\mpscli.exeCFM <basedir>\IMC\cfmcli.exe

CFMP <basedir>\IMC\cfmproxycli.exe

KDC <basedir>\IMC\kdcwrappercli.exe

Solaris

Base Directory

The installation package will prompt you for the base directory for the installation. By default it is “/usr/local”.

Service ExecutablesThe service directories contain the service executables. By default it is located at <basedir>/sbin.

DHCP <basedir>/sbin/ipcmdrd

MPS <basedir>/sbin/mpscmdrd

KDC <basedir>/sbin/kdcwrapperd

CFM <basedir>/sbin/cfmcmdrd

CFMP <basedir>/sbin/cfmproxycmdrd

The service data directory contains the service databases, configuration files and log files. By default it is



located at <basedir>/lib/<service>/data.

CLI Executables

CLI executables are located in the <basedir>/bin directory.

DHCP <basedir>/bin/ipcli

MPS <basedir>/bin/mpscli

KDC <basedir>/bin/kdcwrapper

CFM <basedir>/bin/cfmcli

CFMP <basedir>/bin/cfmproxycli

RedHat Linux

Base Directory

The installation package will prompt you for the base directory for the installation. By default it is “/usr/local”.

Service ExecutablesThe service directories contain the service executables. By default it is located at <basedir>/sbin.

DHCP <basedir>/sbin/ipcmdrd

MPS <basedir>/sbin/mpscmdrd

KDC <basedir>/sbin/kdcwrapperd

CFM <basedir>/sbin/cfmcmdrd

CFMP <basedir>/sbin/cfmproxycmdrd

The service data directory contains the service databases, configuration files and log files. By default it islocated at <basedir>/lib/<service>/data.

CLI Executables







Debian Linux

Base Directory



The installation package will prompt you for the base directory for the installation. By default it is “/usr”.

Service ExecutablesThe service directories contain the service executables. By default it is located at <basedir>/lib.The service data directory contains the service databases, configuration file and log files. By default it islocated at <basedir>/lib<service>/data.

DHCP <basedir>/lib/ipcmdr/data

MPS <basedir>/lib/mpscmdr/data

KDC <basedir>/lib/kdcwrapper/data

CFM <basedir>/lib/cfmcmdr/data

CFMP <basedir>/lib/cfmproxycmdr/data

CLI Executables







Appendix B: Interoperability Testing (eMTA device list)


Appendix B: Interoperability Testing (eMTA device list)This appendix provides a list of embedded MTA devices, which have undergone successful interoperabilitytesting with Multimedia Provisioning Service. Devices are sorted by vendor, for each vendor hardware,software, and boot revision is included. For each device only the most recent revision is listed, however olderrevisions are supported as well. In addition, for each device model, corresponding MPS template file usedduring testing is provided. Provided template files are sufficient for device provisioning, no voice settings (e.g.from SPM) are needed. If applicable, for each device the procedure on how to install a new Service Provider CA Root certificate isdetailed.

Service Provider CA Root certificate used during interoperability testing was:

1) in domestic PacketCable Secure mode

* all devices except Arris eMTAs: IPfonix Service Provider Root* Arris eMTAs: testing CableLabs Service Provider Root

2) in Euro PacketCable Secure mode: tComLabs Service Provider Root

Motorola

SBV4200 VoIP Cable Modem (CG4D firmware)

BTI Software Version: CG4D_05.4.01

Provisioning Flow Mode: Quasi-Hybrid (PacketCable w/out KDC and w/out hash settingmode)

Template file contents:

# PacketCable MTA MIB required device attributesTLV11 PKTC-MTA-MIB pktcMtaDevEnabled[0] = 1

# pktcMtaDevSnmpEntity must be present, and must be a NULL stringTLV11 PKTC-MTA-MIB pktcMtaDevSnmpEntity[0] = ""

# These are the recommended settings for this system config with 10 ms packetization # period.TLV11 btiTALineNomJitterBufferSizeVoice[0] = 15TLV11 btiTALineMaxJitterBufferSizeVoice[0] = 30TLV11 btiTALineNomJitterBufferSizeNonVoice[0] = 15TLV11 btiTALineMaxJitterBufferSizeNonVoice[0] = 30

# set btiQosType to 1 for Single-Phase Commit Dynamic Upstream only (5.X with # DQos-lite Disabled)TLV11 btiQosType[0] = undefined

# set btiCmtsTypeTLV11 btiCmtsType[0] = motorolaRD

# set btiCallAgentMfgTLV11 btiCallAgentMfg[0] = undefined

# set btiSignallingProtocolTLV11 btiSignallingProtocol[0] = limitedNCS1dot0



# set btiEndpointNameBase (default: use line numbers 1 - 4)TLV11 btiEndpointNameBase[0] = 2

# set btiUsePiggybacking true=1 for SafariTLV11 btiUsePiggybacking[0] = 1

# set No Inband Signaling for SafariTLV11 btiSignalling[0] = noInbandSignalling

# Change the Max Waiting Delay for sending RSIPs to 10 seconds for all lines# Do these mibs sets first so the RSIPs are not sent before changing these!# NOTE: line 1 = [101], line 2 = [102]REPEAT TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigMWD[101] = 10

# set pktcNcsEndPntConfigCallAgentId for line #1REPEAT TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId[101] = "[email protected]"

# set pktcNcsEndPntConfigCallAgentUdpPort for line #1REPEAT TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort[101] = 2727

#===========================================================# START: MTA DEBUG MIB Objects#===========================================================TLV11 btiDebug[0] = 0x0b 0x05 0x02 0x00 0x00 0x00 0x05

TLV11 btiTALineXgcpAdminStatus[1] = 1 TLV11 btiTALineXgcpAdminStatus[2] = 1

SBV4200 VoIP Cable Modem

Hardware Revision: 1.0

Software Revision: SBV4200-07.2.06-ENG00-FATSH

Boot Revision: 1.0

Provisioning Flow Mode: PacketCable Secure

Template File: see PacketCable Secure Flow Template File

SBV5120 VoIP Cable Modem


Software Revision: SBV5120-2.9.1.0-SCM27-SHPC

Boot Revision: 8.2

Provisioning Flow Mode: PacketCable Secure & Hybrid 1 and 2


SBV5120E VoIP Cable Modem (Euro)


Software Revision: SBV5120E-2.9.1.0-SCM22-SHPC

Boot Revision: 8.2

Provisioning Flow Mode: Euro PacketCable Secure & Hybrid 1 and 2



Template File Contents:

# IETF MTA MIB required device attributesTLV11 PKTC-IETF-MTA-MIB pktcMtaDevEnabled[0] = 1

# if this template file is used for devices in PacketCable Hybrid 1 or 2 mode, # following line can be # commented out

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevRealmName[1] = "TCOMLABS.COM"

# if this template file is used for devices in PacketCable Hybrid 1 or 2 mode, # following line can be commented out

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevRealmOrgName[1] = "cableProvider"

# if this template file is used for devices in PacketCable Hybrid 1 or 2 mode, # following line can be commented out

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevCmsKerbRealmName[1] = "TCOMLABS.COM"

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevCmsFqdn[1] = "mps.incognito.com"

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevCmsIpsecCtrl[1] = 2

# Change the Max Waiting Delay for sending RSIPs to 10 seconds for all linesTLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigMWD[9] = 10

TLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigMWD[10] = 10

# Set UDP Port# for NCS SignalingTLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort[9] = 2727

TLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort[10] = 2727

# Set Call Agent IP address for NCS SignalingTLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentId[9] = "[email protected]"

TLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentId[10] = "[email protected]"

How to install new Service Provider Root certificate (SBV5120 and SBV5120E)

Telnet to CM: telnet <CM IP Address> (password is needed, most likely “mtrl”)Go to MTA CONSOLE: mta_console

MAIN> mta_consolemta_consoleMTA DEBUG CONSOLEmta_console>

Use iptele_dld command to download new root certificate:mta_console> iptele_dldiptele_dldDownload IP Telephony Root Certificate from TFTP serverEnter the TFTP Server IP address and File Name in Following format: <TFTP Server IP> <File Name>

Example: 172.1.1.6 certificate.cer



Scientific Atlanta

WebStar DPX2203


Software Revision: v2.0.1r1133-0108

Boot Revision: 2.1.5

Provisioning Flow Mode: PacketCable Secure & PacketCable w/out KDC


How to enable telnet and install new Service Provider Root certificate

Telnet

Add the following 3 TLVs to the DOCSIS TLV Definitions database, under DOCSIS 1.0 - TLV 43 (VendorSpecific Information):

add tlvdefinition TelnetEnable parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 106 mandatory no configurable yes maxinstance 1datatype binary

add tlvdefinition "Telnet Login Name" parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 107 mandatory no configurable yes maxinstance 1datatype string

add tlvdefinition "Telnet Password" parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 108 mandatory no configurable yes maxinstance 1datatype string

Create DOCSIS File Setting that contains above TLVs configured as follows:

TLVCODE: 43.106:1TLVDATA: 01(01 mean enable telnet access, 00 means disable telnet access (default))

TLVCODE: 43.107:1TLVDATA: <login name>

TLVCODE: 43.108:1TLVDATA: <login password>

TLVCODE: 43.8:1TLVDATA: <first 3 bytes of MTA MAC address>

Then create a client class for the Scientific Atlanta MTAs that contains the above DOCSIS File Setting.

SP Root Certificate



Add the following 4 TLVs to the DHCP Service DOCSIS TLV Definitions database,under DOCSIS 1.0 -TLV 43 (Vendor Specific Information):

add tlvdefinition CertDownloadAction parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 16 mandatory no configurable yes maxinstance 1 datatype binary

add tlvdefinition CertificateTFTP parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 17 mandatory no configurable yes maxinstance 1 datatype ipaddress

add tlvdefinition CertificateDate parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 18 mandatory no configurable yes maxinstance 1 datatype binary

add tlvdefinition CertificateName parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION 0 TLVCODE 19 mandatory no configurable yes maxinstance 1 datatype string

Create DOCSIS File Setting that contains above TLVs configured as follows:

TLVCODE: 43.16:1TLVDATA: 16

(note the above 16 is in hex, in decimal this is value 22, and it tells what cert(s) todownload, it means "download the service provider root cert")

TLVCODE: 43.17:1TLVDATA: <IP address of the TFTP service>

TLVCODE: 43.18:1TLVDATA: 04091d00

(the above is the download date in format YY.MM.DD.HH, 4 bytes in hex, if the cert that MTA currently haswas downloaded after this date, the MTA will not download it gain. So we just set it to today's date:04.09.29.00, meaning 2004 September 29, :00)

TLVCODE: 43.19:1TLVDATA: <certificate file name, must be less than 31 characters!>

TLVCODE: 43.8:1TLVDATA: <first 3 bytes of MTA MAC address>

Note: 43.8 only needs to be set once, so if both the telnet and the cert 43 TLVs are to be set,you only need this 43.8 value once.

Then create a client class for the Scientific Atlanta MTAs that contains the above

DOCSIS File Setting.

And reboot the CM.

How to switch to PacketCable w/out KDC provisioning modeAdd the following TLVs to the DHCP Service DOCSIS TLV Definitions database, under DOCSIS 1.0 - TLV 43



(Vendor Specific Information):add tlvdefinition Provisioning Mode parenttlvcode 43 DOCSISMAJORVERSION 1 DOCSISMINORVERSION0 TLVCODE 25 mandatory no configurable yes maxinstance 1 datatype binaryCreate DOCSIS File Setting that contains above TLV configured as follows:

TLVCODE: 43.25:1TLVDATA: 03

(value 3 means " Dual File Provisioning using both DOCSIS and MTA config files without Kerberos Security. MTAconfig file specified in SNMP set from provisioning server.")

Then create a client class for the Scientific Atlanta MTAs that contains the above

DOCSIS File Setting and reboot the CM.

Arris

Touchstone Telephony Modem TM402P

Hardware Revision: 07

Software Revision: TS.04.01.04.031504

Boot Revision: 4.02

Provisioning Flow Mode: PacketCable Secure & PacketCable w/out KDC

Template File Contents:

TLV11 PKTC-MTA-MIB pktcMtaDevEnabled=1

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-9 = "MPS.INCOGNITO.COM"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-10 = "MPS.INCOGNITO.COM"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort-9 = 2727


TLV11 PKTC-MTA-MIB pktcMtaDevCmsIpsecCtrl-MPS.INCOGNITO.COM = 1

# if this template file is used for devices in PacketCable w/out KDC provisioning mode, # following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevCmsKerbRealmName-MPS.INCOGNITO.COM = "IPFONIX.COM"

# if this template file is used for devices in PacketCable w/out KDC provisioning mode, # following line can be commented out



TLV11 PKTC-MTA-MIB pktcMtaDevRealmOrgName-IPFONIX.COM = "CableLabs, Inc."

TLV11 PKTC-SIG-MIB pktcSigDefNcsReceiveUdpPort = 2427

REPEAT TLV11 ifAdminStatus-9 = 1

How to install new Service Provider Root certificate

Arris device embeds 2 root certificates: official CableLabs Service Provider Root certificate and testingCableLabs Service Provider Root certificate. Default is use official root certificate. Testing SP hierarchy isavailable for download at http://www.cablelabs.com/certqual/security, however KDC certificate is not providedso one should generate KDC certificate by itself (e.g. using OpenSSL). Private key of either Service Provideror Local System certificate can be used for KDC certificate signing and this key is provided together withhierarchy.

Realm name in KDC certificate generated and used during interoperability testing was set to IPFONIX.COM(note above template config line pktcMtaDevRealmOrgName-IPFONIX.COM). To use either testing CableLabs SP hierarchy or to install new root certificate onto device create DOCSIS FileSetting with following 3 SNMP MIB Object TLVs:

TLV 11 < OID = 1.3.6.1.4.1.4115.10.1.29.1.1 > (ppCfgMtaDevSPTestRootCertServer)< Value Type = IP Address >< Object Value = TFTP Server IP address used for downloading root certificate >

TLV 11 < OID = 1.3.6.1.4.1.4115.10.1.29.1.2 > (ppCfgMtaDevSPTestRootCertFilename)< Value Type = Octet String > < Display as ASCII Text >< Object Value = the file name of root certificate to be downloaded >

TLV 11 < OID = 1.3.6.1.4.1.4115.10.1.29.1.3 > (ppCfgMtaDevSPTestRootCertAdminStatus)< Value Type = Integer > < Object Value = 1 if want to use embedded test root certificate >, or < Object Value = 2 if want to download/install new root certificate >

Then create a client class for the Arris MTAs that contains the above DOCSIS File Setting and reboot the CM.

How to switch to PacketCable w/out KDC provisioning mode

Create DOCSIS File Setting with following SNMP MIB Object TLV:

TLV 11 < OID = 1.3.6.1.4.1.4115.1.3.1.1.2.3.2 > (ArrisCmDevProvMethodIndicator) < Value Type = Integer > < Object Value = 2 >

Then create a client class for the Arris MTAs that contains the above DOCSIS File Setting and reboot theCM.

Packet Cable Secure Flow Template File

TLV11 PKTC-MTA-MIB pktcMtaDevEnabled = 1

# if this template file is used for devices in PacketCable Hybrid 1 or 2 or w/out KDC



# provisioning mode, following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevRealmOrgName-IPFONIX.COM = "Really Amazing Telephone Company"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-9 = "CMS.INCOGNITO.COM"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-10 = "CMS.INCOGNITO.COM"

# if this template file is used for devices in PacketCable Hybrid 1 or 2 or w/out KDC # provisioning mode, following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevCmsKerbRealmName-CMS.INCOGNITO.COM = "IPFONIX.COM"

TLV11 PKTC-MTA-MIB pktcMtaDevCmsIpsecCtrl-CMS.INCOGNITO.COM = 1



Notes

1. Some call agents seem to require UDP port for the CMS object (pktcNcsEndPntConfigCallAgentUdpPort) to be setto default value of 2727 (e.g. CedarPoint Safari CMS), whereas others (e.g. Nuera) use 2427.

2. Some CMS (e.g. Nuera) require MTA UDP receive port for NCS (pktcSigDefNcsReceiveUdpPort) to be set, e.g. intemplate file TLV11 pktcSigDefNcsReceiveUdpPort = 2427

3. Arris eMTA devices require Call Management Server Name object (pktcNcsEndPntConfigCallAgentId) to be set inupper case letters and without ‘@’ character in the name. According to PacketCable Provisioning spec, this valuemust be FQDN, which allows lower case letters.

Date post:	08-Feb-2016
Category:	Documents
Upload:	astrosutradhar
View:	345 times
Download:	14 times

BCC 6 0 ConfigurationQuickStartGuide

Documents