I've been tasked with adding DOCSIS service to some apartments we manage. Most of my experience so far is in running the ethernet network at the adjacent property and building/maintaining the analog cable system at that property. We are about to launch a Dish Network QAM system for both properties as well as cable modem service for the smaller property where we only have existing RG6 to work with. There are 64 units.
I already have an Arris CMTS 1500. Modems are Motorola SB5101. What I'm wanting to accomplish is to have the cable modem network operate as a layer 2 bridge. I currently do all access control and provisioning elsewhere for our wired eithernet network at the larger property (132 units) and our wireless service. I want to manage the cable modem users the same way. Is there a way I can set up a single config with no bandwidth limitations but possibly some blocking to prevent rogue dhcp servers? I want to have the MAC addresses of the modems I've ordered authorized so I can just throw a modem out there and provision an IP to whatever device the user has behind the modem.
Questions I have:
how do I generate DOCSIS config files? I have not a clue where to even begin.
How do I control what config a modem gets? I already have a TFTP server in place.
Will the Arris CMTS/Motorola modems allow me to put the cmts on our management network and tag another vlan for the default on the ethernet port of the modem. I want the modem to be in vlan 2 where I can manage it but I want the CPE in vlan 20.
I'm using mikrotik for routing and dhcp. I'm not wanting to change things too much as I have a system that works very well for managing our customers and already have quite a bit of integration with our billing system (platypus)
I already have the RF side under control, we're in the process of building new fiber to the smaller property and have had fiber at the larger property all along. I've moved most of the larger property over to an HFC system using fiber equipment from Multicom. I have 2x 13dbm fiber transmitters, one for each property, 2x 8 way optical splitters and 8 return path receivers for the 8 buildings at the smaller property. No return path for the larger property as they already have ethernet jacks in the units. Our company is over the management of 20 properties across the US, most of which are owned by the parent company. as such, we have become our own PCO, just got approval from Dish 3 weeks ago.
I know I've thrown a lot out here, I want to thank anyone who can help out in advance. I'm wanting to learn from this and have not been successful in finding anyone local.
Stephen
Stephen,
You will probably need to break down your questions into more managable chunks to get meaningful answers.
but here goes.
how do I generate DOCSIS config files? I have not a clue where to even begin.
You will need a program to encode the files, there are several out there some notable ones include:
http://docsis.sourceforge.net -- a cli based config generator you use a text editor to set the directives then feed the text file to the encoder which spits out the binary files.
http://www.vulturesnest.net/cfgedit.html -- A visual gui click and add type config file generator
http://arrisi.com (PacketAce) -- If you are eligible for Arris support either by buying a support contract with Arris or being a member of the CoOp, you can gain access to PacketAce which is a good click and add type config generator. Its main drawback besides not being readily available is that you cannot add non Arris Specific Oids to the config.
With an Arris 1500 you will want docsis 1.0 configs I believe and they are the easiest to create there are several example configs included with docsis.sourceforge.net I would suggest starting there, also reading the relevant cable labs specs for docsis 1.0 could not hurt either.
How do I control what config a modem gets? I already have a TFTP server in place.
You tell the modem which config to download and where to download it via dhcp if you use dhcpd this is most easily accomplished with groups i.e.
group bronze {
# provide both options because some really old modems only accept the filename and some newer
# modems only take the bootfile-name option
filename "bronze.bin";
option bootfile-name "bronze.bin";
}
Then in your host definition
host 123456 {
hardware ethernet 0:0:0:0:0:1;
group "bronze";
}
Will the Arris CMTS/Motorola modems allow me to put the cmts on our management network and tag another vlan for the default on the ethernet port of the modem. I want the modem to be in vlan 2 where I can manage it but I want the CPE in vlan 20.
Tough Question, I am not sure if the Arris 1500 supports VLAN tagging for the CPEs Cisco CMTSes do but it is a pain in the Butt mostly only used for p2p vpns. I don't think anyone supports having the modems in a separate vlan than the cpes. This is because Modems are not routers or even switches Modems are transparent bridges, they are addressable but they do not route traffic. If you want to prevent CPEs from talking to the modem network this can be accomplished with IP filters which would go in the modem config file. I would get the network working properly before attempting this step because it will take a bit to get it right. On a related side note due to not being able to separate the modem and cpe traffic with VLANs it is a good Idea to physically separate the networks i.e. modems get a 10.x.x.x ip and cpes get a routeable or natted ip.
Is there a way I can set up a single config with no bandwidth limitations but possibly some blocking to prevent rogue dhcp servers?
The filters yes, a generic config file with no bandwidth limitations yes (docsis1.0) but probably not what you want to do. Docsis has bandwidth control built into the spec, in docsis 1.0 it is not very flexible but it seems silly to completely bypass the bandwidth controls on the CMTS to use the bandwidth controls on the Microtik as the CMTS probably has 10x the processing power of the microtik. Not to mention the CMTS allocates bandwidth based on RF-bandwidth available whereas doing that with the microtik is not possible. Bandwith allocation is usually done in the config file by either specifying the max bandwidth (docsis 1.0) or service Class name (docsis1.1+) and then specifying the bandwidth for that class in the cmts.
provisioning a CM and the CPE behind it is usually is as easy as creating a host entry in dhcpd for the modem with the config file name and optionally configuring a host entry for the CPE if you need to specify something i.e. a static IP otherwise just deny unknown clients to the modem subnet and allow unknown clients to the client subnet that way if a modem is authorized(host entry in dhcpd) any client behind it can connect and get dhcp if it does not have a host entry the modem will not come online. Not sure how different this is from your existing setup but it should be pretty close with the exception of the inline bridge (cable modem).
If you use dhcpd you will want to make use of shared-networks because the CPEs will have dhcp requests coming from the CMTSes IP i.e. the CMTS will become a dhcp relay, here is a sample config assuming 10.0.0.0/24 for the modems and 192.168.0.0/24 for the cpes
# generic starter config for you
# I would reccomend using classes to differentiate modems from other devices
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
group Bronze {
filename "bronze.bin";
option bootfile-name "bronze.bin";
}
group Silver {
filename "silver.bin";
option bootfile-name "silver.bin";
}
shared-network CMTS1 {
#modems Subnet
subnet 10.0.0.0 netmask 255.255.255.0 {
#modems require the following options set in order to come online
option time-offset -21600;
option tftp-server-name "192.168.1.1";
option time-servers 192.168.1.1;
option log-servers 192.168.1.1;
next-server 192.168.1.1;
option routers 10.0.0.1;
pool {
allow members of "CM";
deny unknown-clients;
range 10.0.0.2 10.0.0.254;
}
}
# Clients subnet
subnet 192.168.0.0 netmask 255.255.255.0 {
#CPEs are simpler they only need routers and dns servers.
option routers 192.168.0.1;
option name-servers 192.168.0.2;
pool {
allow unknown-clients;
deny members of "CM";
range 192.168.0.3 192.168.0.254;
}
}
}
#modems authorized
host 12345 {
hardware ethernet 0:0:0:0:0:1;
group "Bronze";
}
host 12346 {
hardware ethernet 0:0:0:0:0:2;
group "Silver";
}
Please post any additional questions you may have and we will see what we can do to help you.
Hello Steph
Try this online demo of our provisioning software: (Broaband Provisioner)
Below is the URL, user name and password of the online demo..
URL is: http://213.115.152.226:5000
user name is : admin
password:
Our Engineer can help you setup your network remotely through SSH.
Thanks for the pointers, I was able to get our test system working well today, we have a dhcpd config with groups for our different plans, doing rate limiting works out good on the modem just a little extra config.
The Mikrotik box in question has plenty of power, 2x dual core opteron in a dell sc1435. We're using it on a 100mb fiber connection currently, all hardware designed to handle at least 1gbps if we ever grow that far.
Would anyone here recommend going with docsis-server? or just continue where i'm at now and write a couple scripts to manage dhcp entries for modems? keep in mind I will only ever have a max of 64 cable modems on this system, the rest of our network is ethernet over fiber, copper and wireless.
I modified the dhcpd config slightly - removed the cpe dhcp part as I'm handing out dhcp to CPEs on a static basis from the mikrotik box. I abandoned the vlan idea once i had a better understanding of how vlans work in a DOCSIS environment. I assumed before i was educated that it worked just like ethernet, the idea came from how i operate our ethernet network. on a wireless customer, the CPE which I own has a management interface in one vlan and the customer facing port is placed in another vlan.
I'm not expecting anyone to do to much but I'm planning on also having a rate limit on the mikrotik router as a just in case someone figured out how to feed their modem a modified config they wouldn't be able to get anything.
i'm placing the modems in 192.168.200.xxx on the same physical network as 97.66.216.xxx /24 which is plenty for the modem addresses and I have a /24 of public addresses as welll.