Hello everyone. I am working with a uBR7225 SCG3. I work for a small MSO, we have a native IP multicast backbone that delivers multicast tv channels to traditional QAM video. We started IPTV with some of our commercial(fiber) customers and would like to expand that across our DOCSIS plant. The basic multicast stuff is pretty easy, just PIM,IGMP and multicast-routing and I was watching a 20Mbps channel. Right now I'm just using a macbook air with VLC, but later will be testing with an entone hybrid STB.
I want to be able to lock down all customers from watching multicast over their modem, unless they are authorized. In the modem config file I have a service flow name that maps to a service class on the CMTS but I cannot find where the auth profile-name will map to a modem. Is this something i need to apply to the CM config file? I figured I could just map a service class profile to the auth profile.
Any help would be appreciated!
cable service class 10 name mcast-default
cable service class 10 downstream
cable service class 10 max-rate 50000000
cable service class 10 priority 2
cable qos permission create
cable qos permission update
cable qos permission modems
cable multicast group-qos default scn mcast-default aggregate
!
!
cable multicast auth enable default-action deny max-sessions 0
!
cable multicast auth profile-name mcast-default default
match rule ipv4 source 0.0.0.0/0 232.0.0.0/8 128 permit
d3-cmts1-hsdlab#scm 0015.cf2d.841f qos
Sfid Dir Curr Sid Sched Prio MaxSusRate MaxBrst MinRsvRate Throughput
State Type
49 US act 16 BE 1 3500000 8000 0 2044
50 DS act N/A N/A 1 33000000 3044 0 0
64 DS act N/A N/A 2 50000000 3044 0 0
No, it doesn't work like that
multicast profile-name is not a "cable service class" name
My understanding is you have to load the profile-name as an appropriate TLV in the CM config file (TLV 43.10)
http://www.cablelabs.com/wp-content/uploads/specdocs/CM-SP-MULPIv3.0-I25...
Page 295-298, and page 492
If you don't want to go to that complexity, another cheat you can use is to put an ACL in the config file which blocks IGMP (thus the customer will not be able to join any groups). eg :
/* permit non-matched IP */
SnmpMibObject docsDevFilterIpDefault.0 Integer 2; /* accept */
/* block IGMP in and out (prevent customer joining any groups) */
SnmpMibObject docsDevFilterIpIfIndex.10 Integer 0 ; /* all interfaces */
SnmpMibObject docsDevFilterIpDirection.10 Integer 3; /* both */
SnmpMibObject docsDevFilterIpProtocol.10 Integer 2 ; /* IGMP */
SnmpMibObject docsDevFilterIpStatus.10 Integer 4; /* createAndGo */
Another option is to just permit anyone to join groups, but encrypt all the groups, and then the STB can be responsible for allowing access to whatever channels the customer has paid for.
Also you should pay attention to ensure the multicast is actually one-to-many, and not actually one-to-one. It depends on the way you setup the CMTS. Are you serving multicast to D3 modems only? Or a mix of D3 and D2?
Thanks for the insight. It all makes perfect sense now. I wanted to try and avoid adding anything into our existing boot file but I think that is the route I will take.
I did take the D2 vs D3 modem into consideration and we've decided that to be able to receive multicast, you must have a D3 modem. And I will be steering IPTV with secondary bundles and attributes to a specific wideband interface. This is some neat stuff once it's working! Thanks again!
Yes we do it this same way
We have 20x20 cards which we split up into 4 mac domains, each mac domain has 4 primary DS, and then span the remaining 4 DS across these 4 mac domains
This provides 4 and 8 way bonding, and allows us to send one set of multicast multicast on the spanned channels and reach all 4 mac domains
Customers who need to receive the multicast are provided with an 8x4 D3 modem.