There are many tools available that provide a means for a cable operator system administrator to manage cable modems and/or CMTSs. A brief list of these tools includes:
While each of these tools operates in a different fashion, they all function on the basic principles of SNMP (Simple Network Management Protocol). In summary, SNMP is a protocol, used in-band, that provides system administrators the ability to query, monitor, or configure any SNMP compatible device on the network.
Any one of these tools requires what is called an SNMP Management Information Base (MIB). A MIB is essentially a source code file that defines an organization of SNMP objects (OID) in a tree structure. There are many published MIB files for various types of SNMP devices. The minimum required MIBs that are defined for cable modems are referenced as RFC2669 and RFC2670.
Any SNMP management tool will require additional MIB source files for proper functionality. These are typically included when the SNMP management tool is installed and is available via the Web site at http://www.usr.com/MSO as "cable modem SNMP mibs.zip." Beyond what is considered the "standard" set of MIBs to support SNMP v1 and v2 devices, the following should be included for full support of SNMP management of cable modems:
Figure 4 - 1 MIBs
There are four basic functions of SNMP:
Figure 4 - 2 SNMP Functions
To access any device via SNMP requires what is called a community string. A community string is analogous to a password. There are two default community strings. The first is public which allows read-only access to all SNMP information. The second is private and permits read/write access to all SNMP information. These can be changed via the DOCSIS configuration file or SNMP by specifying what is called a network management entry. Under DOCSIS 1.0, SNMPv1 is supported and under DOCSIS 1.1, full support of SNMPv3 is enabled. For even more added security, the USR6000 cable modem supports community strings of up to 32 characters and supports all standard ASCII character sets.
Any cable modem in a default state is configured to allow SNMP access from any network-accessible (CPE and RF) computer. This can create an undesirable situation for an MSO4. To alleviate this problem, one or more docsDevNMAccessTable entries should be created to restrict and define how the cable modem responds to SNMP queries. The USR6000 Cable Modem can support up to 16 NMAccess filter entries.
4Revisions of the USR6000 firmware after 2.13.6003 permit SNMP read-only access from the CPE interface as a default state.
While this serves as a functional example, it is imperative to understand that the subject of network management access is complex and requires a complete understanding of how SNMP works. The definition of any network management access entry will be unique to the network topology of the MSO. It is for these reasons that USRobotics will require all MSOs to establish and maintain their own network management definitions. For reference, a minimal DOCSIS configuration file containing this example set of network management entries filters is available from http://www.usr.com/MSO as "basic nmaccess.cfg." It is saved with HMAC - No key specified.
To demonstrate, consider the following example:
Given these statements, a table can be constructed to represent what the MSO wants. For reference, the SNMP OID for network management access is 184.108.40.206.220.127.116.11.2.1.x.y, where x equals the specific field for the IP filter entry, and y equals the arbitrary index reference for the IP filter entry. The USRobotics Cable Modem accepts the creation of network management entries in any order. It will always process the filters using the index reference in numeric ascending order.
The SNMP OID docsDevNMAccessControl can be set as follows:
Figure 4 - 3 SNMP OID docsDEVNMAccess Control
The SNMP OID docsDevNMAccessInterfaces is a hex representation of a bitmask. The bits correspond with the interfaces listed in the ifIndex table with the left most bit (MSB) associated with the lowest numbered index in the table.
Figure 4 - 4 bitMask SettingsdocsDevNMAccess Example
Figure 4 - 5 DocsDevNMAccess Example
It is common to use the cable modem as a basic firewall for all attached CPEs. This is done as a means to protect both the MSO cable network and the end user computing environment. IP filters can be both very simple and very complex. The USRobotics Cable Modem supports the creation of IP filters through both the DOCSIS configuration file and through SNMP management. The DOCSIS configuration file method will be described here.
While this serves as a functional example, it is imperative to understand that the subject of IP filtering is complex and requires a complete understanding of TCP/IP networking. The definition of any filter will be unique to the network topology of the MSO. It is for these reasons that USRobotics will require all MSOs to establish and maintain their own IP filter definitions. For reference, a minimal DOCSIS configuration file containing this set of filters is available from http://www.usr.com/MSO as "basic ip filter.cfg." It is saved with HMAC - No key specified.
In this example, the MSO would like to create a set of three filters.
Given these statements, a table can be constructed that represents what the MSO wants. For reference, the SNMP OID for IP filters is 18.104.22.168.22.214.171.124.6.4.1.x.y, where x equals the specific field for the IP filter entry, and y equals the arbitrary index reference for the IP filter entry. The USRobotics Cable Modem accepts the creation of IP filters in any order. It will always process the filters using the index reference in ascending order.
The SNMP OID docsDevFilterIpStatus can be set as follows:
The SNMP OID docsDevFilterIPControl can be set as follows:
The SNMP OID docsDevFilterIPIfIndex should contain the reference of the ifIndex table that specifies the interface that the filter is applied to. Only physical interfaces can be specified. The USRobotics physical interface reference is as follows:
The SNMP OID docsDevFilterIpDirection determines if the filter should be applied to (1) inbound traffic, (2) outbound traffic, or (3) both.
The SNMP OID docsDevFilterIpBroadcast determines if the filter should be applied to just (1) broadcast and multicast traffic or (2) all traffic.
Figure 4 - 6 docsDevFilterIP Example
Note that the second example actually creates two IP filters in the table. This demonstrates that there are multiple ways to communicate a single filter expression. The USRobotics Cable Modem, model USR6000, can support up to 10 LLC filters and up to 32 IP filters.
There are two standard methods to upgrade a cable modem's firmware. Firmware is the operational software the cable modem uses. Both require knowledge of SNMP, and both require access to the TFTP server providing the code to the cable modem.
In either method, ensure that the firmware image file for the cable modem exists in the directory on the TFTP server used by the cable modem.
SNMP Management Console Method
Once Step 4 is accomplished, the cable modem(s) selected will immediately initiate a TFTP file transfer to the specified IP address and request the specified file name. Once the file is downloaded, the cable modem(s) will reboot and reestablish connectivity to the CMTS system.
DOCSIS Configuration File Method
docsDevSwAdminStatus : 126.96.36.199.188.8.131.52.3.3
This method of upgrading will not occur immediately. It will only happen the next time the cable modem is rebooted. This means that an upgrade might not happen for days or even months.
Verification of Upgrade
To check the progress of the upgrade, you can monitor your TFTP server while the upgrade is actually transferred or monitor the following MIB OID of the selected cable modem(s) from your SNMP management tool.
docsDevSwOperStatus : 184.108.40.206.220.127.116.11.3.4
A value of 1 indicates that the TFTP is in progress. A value of 2 indicates that the upgrade was initiated as a result of a DOCSIS configuration file process. A value of 3 indicates that the upgrade occurred as a result of an SNMP initiated process. A value of 4 indicates that the last upgrade attempt failed.