Руководство По Проектированию для Cisco DNCS System Release 2.7 3.7 4.2

Скачать
Страница из 110
 
 
 
 
 
DOCSIS in a DBDS Environment 

Содержание для руководство по проектированию Cisco DNCS System Release 2.7 3.7 4.2

  • Страница 1DOCSIS in a DBDS Environment
  • Страница 2: Please Read This Entire GuidePlease Read This Entire Guide Important Please read this entire guide. Give particular attention to all security and safety statements....
  • Страница 3Notices Trademark Acknowledgments Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the...
  • Страница 4Contents Disclaimer ........................................................................................................................ xi About This Guide Introduction ............................................................................................................... xiii Purpose ....................................................................................................................... xiii Audience .................................................................................................................... xiii Scope ........................................................................................................................... xiv System...
  • Страница 5Contents, Continued DHCT Initialization .................................................................................................... 1-20 Introduction ............................................................................................................. 1-20 Obtain and Communicate IP Addresses.............................................................. 1-20 Communication Exchange ..................................................................................... 1-21 Communication...
  • Страница 6Contents, Continued Chapter 2 Guidelines for Configuring the DBDS for DOCSIS Overview ........................................................................................................................ 2-1 Introduction ............................................................................................................... 2-1 In This Chapter...
  • Страница 7Contents, Continued Enable DOCSIS in the DBDS ..................................................................................... 2-14 Introduction ............................................................................................................. 2-14 Enabling DOCSIS in the DBDS ............................................................................. 2-14 DNCS...
  • Страница 8Contents, Continued DBDS Network Security ............................................................................................ 3-11 Introduction ............................................................................................................. 3-11 Data Path 1: Communication Between End-User Devices and DOCSIS Servers...
  • Страница 9Contents, Continued Data Path 4: Communication Between Cable Service Provider Servers and Internet Service Provider Servers.............................................. 3-18 Data Path 5:...
  • Страница 10Contents, Continued Chapter 4 Configuring Mixed DOCSIS/DAVIC on the DNCS Overview ........................................................................................................................ 4-1 Introduction ............................................................................................................... 4-1 Assumptions .............................................................................................................. 4-1 In...
  • Страница 11Contents, Continued Chapter 6 Setting Up a Home Network Overview ........................................................................................................................ 6-1 Introduction ............................................................................................................... 6-1 In This Chapter .......................................................................................................... 6-1...
  • Страница 12Disclaimer Security Guidelines Disclaimer for Implementing DOCSIS in the DBDS THE DBDS DOCSIS NETWORK SECURITY GUIDELINES ARE PROVIDED “AS IS,...
  • Страница 13About This Guide Introduction Cisco® has designed the Explorer® Digital Home Communication Terminal (DHCTs) 4200 Home Gateway to include the...
  • Страница 14Scope This guide covers the following topics: • An introduction to DOCSIS in a DBDS environment and a brief description...
  • Страница 15 Chapter 1 Introducing DOCSIS Overview Introduction DOCSIS (Data-Over-Cable Service Interface Specifications) is a standard interface for cable modems that...
  • Страница 16Overview, Continued In This Chapter This chapter contains the following topics. Topic See Page Terminology 1-3 System Description 1-11 System...
  • Страница 17Terminology List of Terms The following terms are used in the discussions throughout this guide. Please become familiar with these...
  • Страница 18Terminology, Continued Term Definition Conditional Access (CA) Conditional Access data consists of the system, data software, and components necessary to...
  • Страница 19Terminology, Continued Term Definition DAVIC-capable only A DAVIC-capable only DHCT does not have a tuner to support DOCSIS. Cisco’s DHCTs...
  • Страница 20 Term Definition Digital Broadband The entire network architecture of Cisco’s digital Delivery System (DBDS) system that ultimately provides signal...
  • Страница 21Terminology, Continued Term Definition DOCSIS Media Access Same as MAC-sublayer domain. As defined in the Control (MAC) domain Data-Over-Cable Service...
  • Страница 22Terminology, Continued Term Definition Internet Control Message ICMP is an extension to the Internet Protocol (IP) Protocol (ICMP) defined by...
  • Страница 23Terminology, Continued Term Definition Ping floods A type of network security breach in which a network connected to the Internet...
  • Страница 24 Term Definition Stand-alone Cable Modem The stand-alone cable modem is currently deployed (SCM) by cable service providers and Internet...
  • Страница 25System Description Introduction This section describes the DBDS infrastructure in which DOCSIS-capable DHCTs operate. This section also provides descriptions of...
  • Страница 26System Description, Continued DHCT Communication Modes The following table describes each DHCT communication mode and the communication interfaces required for...
  • Страница 27System Description, Continued DOCSIS Settop Gateway (DSG) For DHCTs operating in DOCSIS mode, DBDS broadcast data must be carried over...
  • Страница 28System Description, Continued A Simplified Network View of the DHCT Communication Modes The following diagram shows the layout of a...
  • Страница 29System Requirements Introduction This section describes the network element requirements your DBDS must comply with to operate DOCSIS-capable DHCTs. Network...
  • Страница 30System Elements and Interfaces Introduction This section describes the system elements and interfaces that exist for a DBDS and shows...
  • Страница 31System Elements and Interfaces, Continued Network Elements The following elements are required to support DOCSIS functionality in the DBDS. •...
  • Страница 32System Elements and Interfaces, Continued DHCT Interfaces A DOCSIS-capable Explorer DHCT has an integrated cable modem and DHCT CPE. When...
  • Страница 33System Elements and Interfaces, Continued Note: A DOCSIS-capable DHCT has two MAC addresses. The DOCSIS-cable modem MAC address is often...
  • Страница 34DHCT Initialization Introduction This section describes how DOCSIS-capable DHCTs operating in Mixed DOCSIS/DAVIC mode obtain the IP addresses for their...
  • Страница 35DHCT Initialization, Continued The DNCS distinguishes between DAVIC DHCTs that obtain their IP addresses from the DNCS, and DOCSIS DHCTs...
  • Страница 36DHCT Initialization, Continued Communication Exchange for DAVIC Mode The following illustration shows the communication exchange between the DHCT and the...
  • Страница 37DHCT Initialization, Continued Communication Exchange for Mixed DOCSIS/DAVIC Mode The following illustration shows the communication exchange between the DHCT and...
  • Страница 38DHCT Initialization, Continued Communication Exchange for DOCSIS Mode The following illustration shows the communication exchange between the DHCT and the...
  • Страница 39DHCT Communication Modes Introduction This section describes the DHCT Communication Modes (DCMs) used by DOCSIS- capable DHCTs within a DBDS...
  • Страница 40DHCT Communication Modes, Continued Receiving Communication Mode Upon Initialization When a DHCT reboots, it attempts to establish an interactive connection...
  • Страница 41DHCT Response to System Interruptions Introduction This section describes how system interruptions affect a DOCSIS-capable DHCT. For each of the...
  • Страница 42DHCT Response to System Interruptions, Continued How a DHCT Operating in Mixed DOCSIS/DAVIC Mode Responds to the Loss of the...
  • Страница 43DHCT Response to System Interruptions, Continued The loss of the DAVIC channel in Mixed DOCSIS/DAVIC mode means that DHCT broadcast...
  • Страница 44DHCT Response to System Interruptions, Continued If the DHCT does not receive DBDS broadcast data, new IPPV event purchases will...
  • Страница 45 Chapter 2 Guidelines for Configuring the DBDS for DOCSIS Overview Introduction DOCSIS-capable DHCTs include a DHCT CPE and an...
  • Страница 46Assumptions Introduction This section lists the assumptions that Cisco has made about your system so that we can provide these...
  • Страница 47IP Address Assignment Introduction This section provides guidelines for assigning IP addresses using a carefully-planned IP addressing scheme and the...
  • Страница 48IP Address Assignment, Continued To use such a plan and to allow for network and subscriber growth within a region,...
  • Страница 49IP Address Assignment, Continued Subnet 2 (10.64.0.0/10) can be further subdivided into two subnets each with a /11 prefix to...
  • Страница 50IP Address Assignment, Continued Assigning Network Blocks to a CMTS Cable Interface Card The following table illustrates how you can...
  • Страница 51CMTS Configuration Introduction This section provides guidelines for configuring the CMTS to work with DHCTs in Mixed DOCSIS/DAVIC mode or...
  • Страница 52CMTS Configuration, Continued The example below shows a partial configuration of a CMTS DOCSIS MAC domain. Note: Stand-alone cable modem...
  • Страница 53DNCS and Server Configurations Introduction This section provides guidelines for configuring the following DNCS and Server components for a DBDS...
  • Страница 54DNCS and Server Configurations, Continued Mandatory DOCSIS1.0 Servers This section describes the DHCP and TFTP server configurations that are mandatory...
  • Страница 55DNCS and Server Configurations, Continued To allow a DHCP server to recognize DHCP DISCOVER messages coming from a Cisco DHCT,...
  • Страница 56Enable Mixed DOCSIS/DAVIC in the DBDS Introduction This section provides a summary of what you must do to the various...
  • Страница 57Enable Mixed DOCSIS/DAVIC in the DBDS, Continued • Configure the DHCP server to recognize DHCP DISCOVER messages coming from the...
  • Страница 58Enable DOCSIS in the DBDS Introduction This section provides a summary of what you must do to the various system...
  • Страница 59Enable DOCSIS in the DBDS, Continued • Add proper IP routes to reach the CMTS. • Configure the DHCP server...
  • Страница 60 Chapter 3 Security Recommendations for the DBDS Network in a DOCSIS Environment Overview Introduction Before deploying DOCSIS-capable DHCTs, we...
  • Страница 61Overview, Continued In This Chapter This chapter contains the following topics. Topic See Page Recommendations on IP Address Assignment 3-3...
  • Страница 62Recommendations on IP Address Assignment Introduction This section provides recommendations for assigning IP addresses to end-user devices. This section also...
  • Страница 63Recommendations on IP Address Assignment, Continued Security Recommendations Cisco recommends that you follow these security recommendations when assigning IP addresses...
  • Страница 64Types of Security Attacks Introduction Security attacks can be classified into three main categories: intrusion, denial of service, and theft...
  • Страница 65Data Paths and Traffic Flows Introduction One of the first steps in network security is to secure the data paths...
  • Страница 66Data Paths and Traffic Flows, Continued High-Level View of Data Paths and Traffic Flows in the DBDS Network The following...
  • Страница 67Data Paths and Traffic Flows, Continued Secure Data Paths The following table covers all the data paths and identifies which...
  • Страница 68Data Paths and Traffic Flows, Continued Data Path Flow Description Allowed or Denied 2 2.1 Registered integrated cable modem -...
  • Страница 69Data Paths and Traffic Flows, Continued Data Path Flow Description Allowed or Denied 3 3.1 Registered integrated cable modem -...
  • Страница 70DBDS Network Security Introduction This section provides a list of recommendations for the cable service provider to use to implement...
  • Страница 71DBDS Network Security, Continued # 60 Background: End-users may decide to forge their own DOCSIS configuration file that contains a...
  • Страница 72DBDS Network Security, Continued # 90 Configure the CMTS to allow IP traffic among subscribed PC CPEs. # 100 Configure...
  • Страница 73DBDS Network Security, Continued # 130 Background: This recommendation reduces the risk of spoofing of IP addresses by cable modems...
  • Страница 74DBDS Network Security, Continued Data Path 3: Communication Between DBDS Private Network and End-User Devices To implement the security recommendations...
  • Страница 75DBDS Network Security, Continued # 170 Background: Any traffic destined to the DHCT CPE must originate from either the DBDS...
  • Страница 76DBDS Network Security, Continued # 200 Configure Router 1 to deny any inbound IP traffic (from Router 2 or Router...
  • Страница 77DBDS Network Security, Continued # 240 Configure Router 1 to allow outbound ICMP echo request messages from the DBDS network....
  • Страница 78DBDS Network Security, Continued Data Path 5: Communication Between Cable Modems, CPEs, and the Internet # 290 Configure Router 3...
  • Страница 79DBDS Network Security, Continued Data Path 6: Communication Between the Internet and the Application Servers Data Path 6 is implemented...
  • Страница 80DBDS Network Security, Continued Data Path 8: Communication Between Server Farm and the DBDS Network The physical connection of the...
  • Страница 81 Chapter 4 Configuring Mixed DOCSIS/DAVIC on the DNCS Overview Introduction After implementing your security guidelines, you can configure Mixed...
  • Страница 82Configure Mixed DOCSIS/DAVIC Introduction To configure Mixed DOCSIS/DAVIC on your DNCS, you must change the DHCT Communication Mode (DCM) of...
  • Страница 83Configure Mixed DOCSIS/DAVIC, Continued Configuring Mixed DOCSIS/DAVIC Bridges in the DNCS Complete the following steps to configure Mixed DOCSIS/DAVIC bridge(s)...
  • Страница 84Configure Mixed DOCSIS/DAVIC, Continued 4. Click the File menu and select Open. Result: The QPSK Modulator window opens. 5. Click...
  • Страница 85Configure Mixed DOCSIS/DAVIC, Continued 7. Click OK. Result: The system returns to the QPSK Modulator window and the Cancel button...
  • Страница 86Configure Mixed DOCSIS/DAVIC, Continued 2. In the Available DHCT Types column, select the DHCT type(s) that you want to operate...
  • Страница 87 Chapter 5 Staging DOCSIS-Capable DHCTs Overview Introduction Staging is the process needed to prepare a DHCT for use by...
  • Страница 88Load Client Release Software CVT Download Process The DNCS uses the Code Version Table (CVT) to load client release software...
  • Страница 89Load Authorization EMMs Introduction There are three methods for loading authorization EMMs. This section describes each of those methods and...
  • Страница 90Load Authorization EMMs, Continued DhctInstantHit The DhctInstantHit transaction, sometimes called an “instant hit,” initiates the transmission of all existing EMMs...
  • Страница 91 Chapter 6 Setting Up a Home Network Overview Introduction With the new DOCSIS-capable Explorer DHCT, subscribers can set up...
  • Страница 92Connect the DOCSIS-Capable DHCT Directly to a PC Introduction This section covers the equipment the subscriber must have to connect...
  • Страница 93Connect the DOCSIS-Capable DHCT Directly to a PC, Continued 5. Verify that the subscriber has completed the configuration properly by...
  • Страница 94Connect the DOCSIS-Capable DHCT to a PC Through a Hub Introduction This section covers the equipment the subscriber must have...
  • Страница 95Connect the DOCSIS-Capable DHCT to a PC Through a Hub, Continued 4. Verify that the subscriber has completed the configuration...
  • Страница 96Connect the DOCSIS-Capable DHCT to a PC Through a Hub, Continued 9. Does the link light appear now? • If...
  • Страница 97Connect the DOCSIS-Capable DHCT to a PC Through a Router Introduction This section covers the equipment the subscriber must have...
  • Страница 98Connect the DOCSIS-Capable DHCT to a PC Through a Router, Continued 4. Verify that the subscriber has completed the configuration...
  • Страница 99Connect the DOCSIS-Capable DHCT to a PC Through a Router, Continued 10. Confirm that the PC can connect to the...
  • Страница 100 Chapter 7 Frequently Asked Questions Overview Introduction This chapter provides answers to the most frequently asked questions about setting...
  • Страница 101Questions and Answers Introduction This section provides the most frequently asked questions and answers about setting up DOCSIS in a...
  • Страница 102Questions and Answers, Continued Do both the DHCT CPE (RF) and cable modem (data) portions of the DOCSIS- capable DHCT...
  • Страница 103Questions and Answers, Continued How does the OOB data get to the CMTS so that it can use the DOCSIS...
  • Страница 104Questions and Answers, Continued What are the basic OS/SARA/SR requirements for the DOCSIS-capable DHCT? To use a DOCSIS-capable DHCT, your...
  • Страница 105Index connecting the home network through a hub, 6-4 10-network, 2-2 through a router, 6-7 core DHCT functionality, 1-4 CPE,...
  • Страница 106Index, Continued setting, 1-25, 1-26 Dynamic Host Control Protocol, RFC-2131, updated message, 1-25, 4-5, 4-6 2-2 demilitarized zone. See DMZ...
  • Страница 107Index, Continued assigning numbers, 2-3 PowerTV Home Gateway Edition 1.0, xiv, 1-1, 4-2 private IP address space, 2-3 Load authorization...
  • Страница 108Index, Continued TFTP server, 1-1, 2-9, 2-11, 2-13 theft of data attack, 3-1, 3-5 service attack, 3-12 Time Of Day...
  • Страница 109: Blank Page
  • Страница 110white text to force page to print Cisco Systems, Inc. 678 277-1120 5030 Sugarloaf Parkway, Box 465447 800 722-2009 Lawrenceville,...