... and the wall is winning. We're just attempting to get a basic setup going. Got things working
just fine with the all-in-one lab setup on the uBR with a 6 foot network, so sorta know what we're
doing, sorta? Maybe?
So now we're trying some approaches like this on a CentOS box with ISC DHCPD to
see what kind of trouble we can get into.....
**********************************
authoritative;
ddns-update-style none;
log-facility local6;
allow bootp;
allow booting;
allow unknown-clients;
deny client-updates;
option domain-name "oberlin.net";
option domain-name-servers xxx.xxx.xxx.x, xxx.xxx.xxx.x;
option subnet-mask 255.255.0.0;
option broadcast-address 10.10.1.255;
option static-routes 10.1.1.1 10.10.1.3;
option routers 10.10.1.1;
option time-servers 10.10.1.1;
option log-servers 10.10.1.3;
next-server 10.10.1.3;
option tftp-server-name "10.10.1.3";
shared-network ModemNetwork {
authoritative;
deny client-updates;
allow unknown-clients;
# uBR c3/0
subnet 10.1.1.0 netmask 255.255.255.0 {
}
subnet 10.10.0.0 netmask 255.255.0.0 {
range dynamic-bootp 10.10.0.10 10.10.10.254;
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
}
# Jones, B.
host 0002 {
filename "platinum.bin";
hardware ethernet 00:13:71:18:81:CC;
fixed-address 10.10.1.12;
}
}
# 256
group {
deny client-updates;
allow unknown-clients;
ddns-updates off;
filename "256.bin";
use-host-decl-names off;
# Smith, J.
host 0001 {
deny client-updates;
allow unknown-clients;
filename "256.bin";
hardware ethernet 00:04:BD:BC:AD:8A;
fixed-address 10.10.1.11;
}
}
*************************************************
....with this rather generic uBR config....
*************************************************
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
service linenumber
service udp-small-servers max-servers no-limit
!
hostname oberlin-uBR7246
!
boot system flash disk0:/ubr7200-ik8s-mz.122-15.BC2.bin
boot bootldr disk0:/ubr7200-boot-mz.120-15.SC
logging queue-limit 100
logging buffered 1000000 debugging
no logging console
enable secret 5 $1$ltFZ$sryHiSXB0VXidzjGSM0MR/
enable password 7 0559125A00435923
!
clock timezone EDT -5
clock summer-time EDT recurring
fastether transmit store_and_forward enable
cable qos profile 8
cable qos profile 8 tos-overwrite 0xFF 0x0
cable qos profile 10
cable qos profile 10 tos-overwrite 0xFF 0x0
cable qos profile 10 grant-size 1500
cable qos profile 12 guaranteed-upstream 100000
cable qos profile 12 tos-overwrite 0xFF 0x0
no cable qos permission create
no cable qos permission update
cable qos permission modems
cable time-server
ip subnet-zero
!
!
ip cef
ip domain name oberlin.net
ip name-server xxx.xxx.xxx.x
!
mpls ldp logging neighbor-changes
!
!
!
!
!
!
interface FastEthernet0/0
ip address xxx.xxx.xxx.x 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex full
!
interface FastEthernet1/0
ip address 10.10.1.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex full
!
interface FastEthernet1/1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
duplex half
!
interface Cable3/0
ip address xxx.xxx.xxx.x 255.255.255.0 secondary
ip address 10.1.1.1 255.255.0.0
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream channel-id 0
cable upstream 0 frequency 39008000
cable upstream 0 power-level 0
cable upstream 0 channel-width 1600000
cable upstream 0 minislot-size 4
cable upstream 0 modulation-profile 1
cable upstream 0 s160-atp-workaround
no cable upstream 0 shutdown
cable upstream 1 channel-width 1600000
cable upstream 1 minislot-size 4
cable upstream 1 modulation-profile 1
cable upstream 1 shutdown
cable upstream 2 channel-width 1600000
cable upstream 2 minislot-size 4
cable upstream 2 modulation-profile 1
cable upstream 2 shutdown
cable upstream 3 channel-width 1600000
cable upstream 3 minislot-size 4
cable upstream 3 modulation-profile 1
cable upstream 3 shutdown
cable upstream 4 channel-width 1600000
cable upstream 4 minislot-size 4
cable upstream 4 modulation-profile 1
cable upstream 4 shutdown
cable upstream 5 channel-width 1600000
cable upstream 5 minislot-size 4
cable upstream 5 modulation-profile 1
cable upstream 5 shutdown
cable dhcp-giaddr policy
cable helper-address 10.10.1.3
no keepalive
!
!
ip default-gateway xxx.xxx.xxx.x
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.x
no ip http server
no ip http secure-server
!
!
!
access-list 99 deny any
cdp run
!
snmp-server community xxxxxxxx RW 99
snmp-server community xxxxxxxx RO 99
***************************************
......and getting a whole lot of this....
***************************************
Dec 3 13:43:22 Newtrick dhcpd: DHCPDISCOVER from 00:04:bd:bc:ad:8a via 10.1.1.1
Dec 3 13:43:22 Newtrick dhcpd: DHCPOFFER on 10.10.1.11 to 00:04:bd:bc:ad:8a via 10.1.1.1
********************************************************************************
Any tips or advice to push us in the right direction will be greatly appreciated by our remaining
brain cells. TIA.
psmit
Hello Poge,
Looks to me like you have your addressing wrong on the cable interface on the uBR.
If you intend to have IP's assigned to the modems in the following space:
subnet 10.10.0.0 netmask 255.255.0.0 {
range dynamic-bootp 10.10.0.10 10.10.10.254;
Then the block above must be on the cable interface....
What is see is you have the following on Cable3/0
interface Cable3/0
ip address xxx.xxx.xxx.x 255.255.255.0 secondary
ip address 10.1.1.1 255.255.0.0
The discover is functioning..
Dec 3 13:43:22 Newtrick dhcpd: DHCPDISCOVER from 00:04:bd:bc:ad:8a via 10.1.1.1
Dec 3 13:43:22 Newtrick dhcpd: DHCPOFFER on 10.10.1.11 to 00:04:bd:bc:ad:8a via 10.1.1.1
But the offer doesn't match the scope assigned to the interface.
Thanks for the response.
....But the offer doesn't match the scope assigned to the interface.
That's where I thought the shared network business and the cable helper address kicked in to facilitate the discrepency
between the server's network (and its interface on the uBR) and the cable interface itself.
So what is a better example for a 10.10.0.0 network (server and uBR fa0/1) to reach ca0/3 to distribute the
block(s) and config files without the networks 'overlapping/conflicting' on either the uBR or in DHCPD? I seem to
keep getting one error or the other (or both). Any direction toward a better understanding of assigning the required
or desired parameters on both the server and uBR would do wonders for the wall and help get me into modem config
file abuse and confusion next.
Thanks in advance for any patience and consideration available out there.
psmit
your ubr config looks ok, though I would reccommend using a bundle instead of the cable interface, this is easily accomplished by adding a cable bundle 1 to your cable interface, The reason why is if you ever have more than one cable interface they can share the same ip info, really simplifies things.
in your dhcpd server do this
shared-network ModemNetwork {
authoritative;
deny client-updates;
allow unknown-clients;
# uBR c3/0 Modems subnet
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.2 10.1.1.254;
# plus other required dhcpd options (routers, time-server, time-offset, tftp-server, bootfile-name etc...)
}
# Clients subnet
subnet xxx.xxx.xxx.x netmask 255.255.255.0 {
range dynamic-bootp xxx.xxx.xxx.x xxx.xxx.xxx.254;
# plus other required client dhcpd options (generally routers, domain-name-servers)
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
}
}
#This subnet is to make DHCPd listen on this interface, it is empty because we don't want the modems or clients using ips from this subnet, which is also why
# it is not in the shared network.
subnet 10.10.0.0 netmask 255.255.0.0 {
}
The DHCP requests will hit the DHCP server from the primary ip on the cable or bundle interface on the cmts, the shared network command in dhcpd is to join the modem/client subnets into a larger subnet. A good way to think of a shared network is similar to a VLan, i.e. all the subnets in a shared-network are treated as if they are all in the same broadcast domain.
Something in that batch of suggestions is beginning to get results. Not sure what
due to quite a few simultaneous modifications to my dhcpd.conf, but I have some
relatively happy SB4100's at the moment. Can't say the same for the SB5120's
I've tried so far as they are hanging in init looking for TOD -- which in this case is
the uBR and specified in my dhcpd.conf. 'Course the modem config file is a very
basic and generic 1.0 file which may be lacking something the 5120's want to see,
though the same file worked in the all-in-one setup with the uBR as the DHCP server.
And as for the bundling, that's the plan. Three more MC16-C's and 1400 modems
spread across 20 nodes will necessitate that -- provided the uBR doesn't fall on
its side first with just a NPE225.
Anyway, now comes the fun part -- trying to make this all work in parallel with an
existing legacy LANcity network while methodically migrating everything to DOCSIS.
To make things more interesting is the fact that our entire network is based on static
addressing for both the modems and CPE devices -- and we'd like to keep it that way,
(or at least most of it) since all modems are already mapped in SNMPc as our monitor
and manage piece along with being identified in our customer database by a basic
numbering system that cross-refs everything by the modem MAC/IP address binding
inherent in the modem config file -- including the CPE IP address and customer name
which is also bound to the modem MAC in several places. I see some hope for doing
something similar with docsis, though it would certainly seem like idiocy to most of you
since the whole docsis animal is predicated on dhcp -- and I understand why it is, so
don't get me wrong! Thing is, we already have our databases covered, our snmp platform
in place (including most of the essential docsdevMIBs), and a mature market already
assigned static IP addresses that simply needs transitioned to docsis.
Piece o' cake, right? Sure. No problem. Suggestions anyone (besides more asprin)?
'preciate any help I can get, gang.
Many thanks so far.
Regards,
Poge Smit
Netx thing your going to tell us SNMPc is running on Windows for Workgroups?
Have you complied in any of the DOCSIS MIBS Yet?
Windows for Workgroups? Hell, no. We're rockin' with Win95C complete
with all the Y2K upgrades. Cutting edge, my man. And don't you forget
it.
I have actually compiled the whole cluster-fun of docsis mibs into a
4.3 version of SNMPc and created an initial .men structure to reflect
the chaos, but it still needs some work and weed pulling to tighten up
the essentials for any reasonable navigation of basic functionality for
day to day operations. The later SNMPc releases include all the MIBs
for DOCSIS right out of the box, but the box is way expensive and not
within the realm of my budget -- which is zero.
Chewin' gum, bailin' wire, and a coupla PowerEdge 2300's plus this
forum is how I'm divin' into the future.
And Dude, the future is here and screamin' at me at the top of its lungs...
THE FUTURE'S NOT HERE YET, MAN!
DARE NOT TREAD! GO BACK! THERE IS NOT ENOUGH ASPIRIN OR WHISKEY
TO SOOTH THE REMAINING BRAIN CELLS YOU SHOULD BE UTILIZING FOR
OTHER PURPOSES AS YOU EMBARK INTO THIS UNKNOWN WORLD CALLED
DOCSIS!
But, hey. I started out with a Jerrold SJ plant and a handful of Zenith HW
modems back in '97 and made that work against all odds and advice and
my LANcity network has been kickin' ass longer than lotsa folks even
know what DOCSIS is.
That musta been the part that made me crazy enough to try pulling this
off instead of just goin' fishin' instead.
Silly me.
Anybody got any worms?
psmit
More Aspirin is definitely reccommended :D
As to your problems, static, or fixed addresses as dhcpd calls them, are not too much of a problem, it will do it and not complain too much, though you are going to have to track what IPs are available externally. The real problem however is to switch them all over from lancity->docsis because your are going to need two different subnets for docsis modems and lan city modems, unless the Lan City CMTS is just a bridge then it may work but it is definitely going to be tricky.
As to a plain jane config to work off of here goes
Assumes
192.168.241.10 is your dhcp server
192.168.241.3 and 192.168.245.13 are your DNS servers
192.168.241.1 is the address on your FA on the CMTS
10.200.0.1 is the primary IP on your bundle
192.168.242.1 is the secondary ip on your bundle
dhcpd
#DHCPD.conf
#turn off Dynamic DNS updates
ddns-update-style none;
ignore client-updates;
# Remember Agent info
# Requires ip dhcp relay information option be set on CMTS
# also known as option 82
stash-agent-options on;
# Optional Omapi Settings
# Useful for adding hosts without stopping and starting the server
omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "some hmac-md5 string";
};
omapi-key omapi_key;
# One lease per client
one-lease-per-client true;
# Map option 43 values for Docsis modems
# Not necessary but comes in handy if you need to make changes to a specific brand or model of modem.
option space vendorOptions;
option vendorOptions.deviceType code 2 = string;
option vendorOptions.serialNumber code 4 = string;
option vendorOptions.hardwareVersion code 5 = string;
option vendorOptions.softwareVersion code 6 = string;
option vendorOptions.bootRomVersion code 7 = string;
option vendorOptions.oui code 8 = string;
option vendorOptions.modelNumber code 9 = string;
option vendorOptions.docsisVendor code 10 = string;
option vendorOptions-pkt code 43 = encapsulate vendorOptions;
#Lease Times can be overridden below
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
# Cable Modem Class
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match Clients as determined by option 61
class "Client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,5) != "pktc1"));
spawn with hardware;
}
# The group controls what config file a modem gets
group silver {
filename = "silver.bin";
option bootfile-name "silver.bin";
}
shared-network MyCableSystem {
# Subnet for Authorized Modems
subnet 10.200.0.0 netmask 255.255.0.0 {
option subnet-mask 255.255.0.0;
option routers 10.200.0.1;
# Known Modems
pool {
allow known-clients;
deny unknown-clients;
range 10.200.33.1 10.200.62.254;
allow members of "CM";
deny members of "Client";
option tftp-server-name "192.168.241.3";
option time-servers 192.168.241.1;
option log-servers 192.168.241.3;
next-server 192.168.241.3;
# Time offset
option time-offset -21600;
}
}
# Clients
subnet 192.168.242.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.242.1;
# Pool for clients
pool {
range 192.168.242.2 192.168.242.128;
allow known-clients;
deny unknown-clients;
allow members of "Client";
deny members of "CM";
option domain-name-servers 192.168.241.3, 192.168.245.13;
}
}
}
# Subnet of the ethernets primary Nic Empty because we don't want to listen on this Subnet
subnet 192.168.241.0 netmask 255.255.255.0 {
}
#Host entries Need to be separate from the shared network
#Modem entries would look like this
host someuniquestring {
hardware ethernet 00:14:e8:b7:76:ca;
fixed-address 10.200.0.2;
group "silver";
}
# Client entries would look like this
host someuniquestring2 {
hardware ethernet 00:14:e8:b7:47:28;
fixed-address 192.168.242.2;
}
CMTS
ip dhcp relay information option
interface fa 0/0
ip address 192.168.241.1 255.255.255.0
interface cable 3/0
cable bundle 1
interface cable 4/0
cable bundle 1
interface cable 5/0
cable bundle 1
interface cable 6/0
cable bundle 1
interface Bundle1
ip address 192.168.242.1 255.255.255.0 secondary
ip address 10.200.0.1 255.255.0.0
cable helper-address 192.168.241.10
Thanks so much for such a nice little starter roadmap. I get
most of it, but admit the OMAPI solution may be somewhat beyond
my current *nixen skillset -- though I clearly understand the main
benefit of going that route.
As for the two setups running side by side, well, they sorta are by
necessity as I move further along. The LANcity CMTS's are indeed
bridges -- 13 of them which are essentially 2x2 predecessors to
the original MCNS BayNetworks Versalar which ultimately became the
ARRIS CMTS 1000. And I'll bet you thought I was kidding with the WIN95C
server platform, huh? Nope! Sorta needed to stay in that realm due to the
proprietary nature of some of the server components, etc. But it still keeps
plugging away.
There are requests coming in to dhcpd from the LANcity network,
but they're just denied and logged with no apparent ill effects -- at least
not anything obvious that I'm aware of. The LANcity server is filtered
to only accept requests from that network and I presume there's a way
to do that for the DOCSIS network with iptables or something as well ?
The LANcity network is 10.2.0.0 and the DOCSIS network is across
10.10.0.0 and 10.1.0.0. My public space is a /21 with two available
/24's for a combination fixed and dhcp transition for CPE application
and existing address assignment reclamation. I'm very fortunate to
have that wiggle room. And I'm quite used to manually managing the
address allocation and inventory process, so that won't be anything new,
just a lot more of it until the last legacy modem is swapped out.
The initial task at hand would seem to be creating basic host entries
with fixed addresses for the modems for customer provisioning on
down the road -- or to at least experiment with before any field trial
deployment, like getting acquainted with all the SNMP business and
config file nuances and necessities such as customer-side filters for
all the usual ports, etc., more lab work, really.
I have a handful of SB4100's and some SB5120's that came right up
using the uBR for the provisioning. I can get the 4100's up with both
fixed and dynamic address assignments with dhcpd, but the 5120's
won't have any part of it and keep hanging on TOD in init. Getting
past that would ideally be my next step -- followed by whatever
firmware upgrades are available for the particular models. Any tips
here would be much appreciated. I have the firmware, but no clue
what's missing in that process -- unless it's the certs which I thought
were included in the firmware itself.
Anyway, the journey into DOCSIS LAND doesn't seem quite so
intimidating today.
And if it weren't fun...
Thank you.
Poge
The 5120s are probably not stuck at TOD but whatever comes before it, thats the problem with using the web page not as verbose. On the UBR run the command
show cable modem xxxx.xxxx.xxxxx (mac of modem in question)
and note what status the modem gets to, should be something like init(o), or init(t) or init(io) which can give you an idea of where to look for the problem. if you get stuck post the details here and we will see if we can help you.
Usually when modems get stuck coming online it is one of a few things
1. routing problems the modem cannot communicate with the TFTP server
2. the file the modem is requesting is missing *nix is case sensitive so this is a real issue
3. missing options in dhcp config i.e. some older modems want the bootfile-name bootp option for their config file while the newer ones want the filename option instead same thing with tftp some modems want the the next-server bootp option and others the tftp-server-name option I find it best to include the right settings for both which appeases both modems. This is most likely the problem with your 5120s ....
As for SNMPc, I am not familiar with it at all except by name only, so no help there, while your transitioning to docsis, you may want to look at a different monitoring system as well. I am partial to Zenoss myself which I use for our regular network and am working on for our modems, it is a bit harder as we have 10,000+ modems, all with dynamic addresses, to monitor. A single modern Zenoss server works well past 1500 modems according to my tests, but I have not had time to work on the distributed version which will scale up to my needs.
dhcpd will only assign ips from subnets its configured to listen on so if you don't want dhcpd handling the lancity subnet don't configure it it will ignore any requests from that subnet. No IP tables needed
then eventually try again. They pull an address both dynamically or fixed, just don't seem
to like the file or the dhcpd.conf.
*****************************************************************
Latest version...
authoritative;
ddns-update-style none;
log-facility local6;
allow bootp;
allow booting;
allow unknown-clients;
deny client-updates;
option domain-name "oberlin.net";
option domain-name-servers 208.66.208.2, 208.66.208.3;
option subnet-mask 255.255.0.0;
option broadcast-address 10.10.1.255;
option routers 10.10.1.1;
option time-servers 10.10.1.1;
option log-servers 10.10.1.3;
next-server 10.10.1.3;
option tftp-server-name "10.10.1.3";
shared-network ModemNetwork {
authoritative;
deny client-updates;
allow unknown-clients;
# uBR c3/
subnet 10.1.1.0 netmask 255.255.255.0 {
option time-offset -18000;
option ntp-servers 128.4.40.12;
authoritative;
deny client-updates;
allow unknown-clients;
range 10.1.1.4 10.1.1.254;
option domain-name "oberlin.net";
option domain-name-servers 208.66.208.2 , 208.66.208.3;
option subnet-mask 255.255.0.0;
option broadcast-address 10.10.1.255;
option routers 10.10.1.1;
option time-servers 10.10.1.1;
option log-servers 10.10.1.3;
next-server 10.10.1.3;
option tftp-server-name "10.10.1.3";
option bootfile-name "platinum.bin";
filename "platinum.bin";
# Doe, J.
host 0001 {
server-name "10.10.1.3";
option time-servers 10.10.1.1;
option bootfile-name "platinum.bin";
filename "platinum.bin";
hardware ethernet 00:04:BD:BC:A8:E0;
fixed-address 10.1.1.5;
}
}
subnet 208.66.214.0 netmask 255.255.255.0 {
range dynamic-bootp 208.66.214.10 208.66.214.254;
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
}
}
subnet 10.10.0.0 netmask 255.255.0.0 {
}
*****************************************************************
...and very basic config file
FileVersion = Version 6.0
03 (Net Access Control) = 1
04 (Class of Service Encodings Block)
S01 Class ID = 1
S02 Maximum DS Rate = 10000000
S03 Maximum US Rate = 1024000
S04 US Channel Priority = 7
S05 Minimum US Data Rate = 0
S06 Maximum US Xmit Burst = 0
S07 Privacy Enable = 0
18 (Maximum Number of CPE) = 3
39 (DOCSIS 2.0 Enable) = 0
***********************************************
I disabled DOCSIS 2.0 as a result of a suggestion I ran across elsewhere in
the forum. Didn't make any difference so I eliminated it. The uBR config remains
as originally posted.
My 4100's are happy as clams using this same config file. Shouldn't the 5120's
be backward compatible with such a basic 1.0 config file?
As for the dhcpd.conf, I'm obviously attempting to start as simple as possible
and work my way into greater degrees of capability a step or two at a time
in order to not get too far ahead of myself (confused?) -- which I already seem
to be.
Would like to get past this and on to firmware upgrades (if possible) and more
sophisticated modem config files. 'Course I'll be stuck at 1.1 with MC16-C cards,
but it's better than where I am now.
BTW, SNMPc was Castle Rock's competition for OpenView in the early days and got
its wings being packaged as the management/monitoring component of the LANcity
LCn provisioning system complete with all the LANcity MIB's integrated right out of
the box. Icon based point and click with very inuitive functionality and flexibility --
even the older version I still use. Castle Rock's latest efforts are light years more
advanced and reasonably priced -- if you actually have a budget, that is.
www.castlerock.com
I'm also playing around with Cacti and recently built another box for Zenoss, but
seem to be just a bit sidetracked lately with all this DOCSIS bizness and haven't
been making much progress on any of my other fronts!
Somethings are wrong here
first can't have a 10.1.1.0/24 subnet with a 10.10.1.1 routers not sure how 4100s came up with this setup, the routers (default gateway) needs to be reachable from the modem i.e. should be from the modems subnet. Also I would leave the broadcast address option totally out.
second, even a basic config for a modem needs the default baseline privacy settings
unless you want all your modems to get the "platinum.bin" config it does not belong in the subnet declaration.
last your subnet mask declaration has to match the netmask in the subnet declaration so change option subnet-mask 255.255.0.0; to option subnet-mask 255.255.255.0;
I would build this block like so
# uBR c3/
subnet 10.1.1.0 netmask 255.255.255.0 {
option time-offset -18000;
option ntp-servers 128.4.40.12;
authoritative;
deny client-updates;
allow unknown-clients;
range 10.1.1.4 10.1.1.254;
option domain-name "oberlin.net";
option domain-name-servers 208.66.208.2 , 208.66.208.3;
option subnet-mask 255.255.255.0;
option routers 10.1.1.1;
option time-servers 10.10.1.1;
option log-servers 10.10.1.3;
next-server 10.10.1.3;
option tftp-server-name "10.10.1.3";
}
Somethings are wrong here
first can't have a 10.1.1.0/24 subnet with a 10.10.1.1 routers not sure
how 4100s came up with this setup, the routers (default gateway) needs
to be reachable from the modem i.e. should be from the modems subnet.
************************************************************
Was misunderstanding the term 'routers' to mean the server's gateway of 10.10.1.1 (fa0/1) with
what is evidently interpreted to mean the cable interface address. Changed that option on the
# uBRc3/ 10.1.1.0 subnet as you suggested and the 5120's came right up. Given the logic there,
I too wonder how the 4100's came up, tho again was relying on the magic of the shared network
concept.
********************************************
Also I would leave the broadcast address option totally out.
********************************************
Doesn't seem to matter, though I recall reading somewhere to include it
for good measure.
**********************************************************************
second, even a basic config for a modem needs the default baseline privacy settings
**********************************************************************
Seems to work as simply 'disabled' in the example config. Question here; How much
CPU overhead is gobbled up when BPI is enabled? Minimal? Excessive? I ask due to
the obvious limits inherent in the NPE225 and want to put the least load possible on the
uBR until I know what it can and can't be expected to do -- or until I can get a VXR
chassis and NPE with more horsepower. Remember the limited budget of ZERO, here!
*************************************************************
unless you want all your modems to get the "platinum.bin" config it does
not belong in the subnet declaration.
*************************************************************
Ack on that. I intend to migrate toward a more functional and flexible config
as I gain a better understanding and comfort zone relative to what actually
works and how/why it does.
**************************************************************
last your subnet mask declaration has to match the netmask in the subnet
declaration so change option subnet-mask 255.255.0.0; to option subnet-mask
255.255.255.0;
**************************************************************
Ack again.
Your help is tremendously appreciated and is yielding immediate results for
my particular level of understanding, but I obviously have a long way to go.
Next will be to attempt integrating a firmware upgrade process to the latest
greatest (available?) for the modems I have. I realize the potential issues
with SB4100's, but shouldn't I at least be able to upgrade them to 1.1 w/o
CVC but simply not have BPI+ capability?
And don't I just need the CVC to upgrade the 5120's to their latest firmware
release, or is it somehow included in the firmware itself -- or either/or
depending on the actual file? I've read that the extension of the upgrade
file indicates whether or not the CVC is integrated, but that was a fairly old
release note and may not apply these days.
Tom was kind enough to send me some later release notes that I've yet to
review, and I do have login credentials to Moto's Businessonline resource
if anyone knows exactly what I should be looking for there.
Again, thanks very much.
Not sure on the BPI, as far as CPU processing is concerned, because I have never run with it off, but as a ballpark figure, we have worked well with a NONVxR 7246 up to around 1100 customers, with BPI on, and 4 MC16C blades so your barking up the right tree, the speeds you employ will have a far greater impact on your CPU load than BPI will. Moving your edge traffic off the CMTS helps alot too. But CPU overhead is not your only concern, without BPI on it is possible to "see" all the traffic on whatever port your connected to.
Firmware upgrades are a bit trickier beast:
I will start with the 4100's, without a proper certificate (which is no longer available) to verify against, you will not be able to upgrade or downgrade 4100s that already have docsis 1.1 code, the ones that have never been upgraded to docsis1.1+ can be upgraded once to a version of docsis1.1 however they will not be able to be upgraded further. Those already upgraded to docsis 1.1 can not be upgraded further because the CVC for them has expired and Motorola chose not to support it anymore.
With 4100s you can tell if they are docsis 1.0 or docsis 1.1 by looking at the firmware version
Docsis 1.0 only has a 0 in first or second digit
SB4100-0.4.9.5-SCM01-NOSH
SB4100-4.0.6-SCM-NOSHELL
Docsis 1.1 has a 1 in first digit
SB4100-1.4.9.0-SCM00-NOSH
The reason for this is:
Docsis 1.1 modems require a manufacturers CVC (Certificate Verification Certificate I believe) be present in the config file in order to upgrade/downgrade firmware. This is to verify that the firmware you are loading came from the manufacturer. Without this CVC the modem will ignore upgrade attempts.
CVCs use PKI (public key cryptography) to ensure this, (this is also how BPI works too)
In PKI when a certificate is created it basically creates two keys a public key and a private key. Items signed with the private key can only be decrypted/verified by the public key and items signed with the public key can only be decrypted/verified by the private key.
So in our case the Manufacturer signed the firmware with their CVC's private key, your modem needs the CVCs public key so it can verify the firmware. This, in theory, prevents Joe User from installing firmware not built by the manufacturer.
Firmware upgrades are for lack of a better term, a pain in the @!!$%, with the appropriate CVC in your config file however it is possible to do it via SNMP, or if you prefer you can do it in the config file, this is still a hard thing for me to do in anything but a one at a time scenario, which in my case (10,000+ modems ) is just not possible, Arris modems are a little bit better in this reguard as they can be done entirely in the config file.
I would suggest getting up and running with what ya got and leave firmware upgrades until the last.
Here is a simple docsis 1.1 config file with BPI turned on and the current Motorola MFG CVC in it
NetworkAccess = 1
SnmpMib = docsDevSwAdminStatus.0 allowProvisioningUpgrade
MaxCpeAllowed = 3
MaxClassifiers = 20
PrivacyEnable = 1
ManufacturerCVC = hexstr:
30.82.03.A1.30.82.02.89.A0.03.02.01.02.02.10.3F.DF.7C.62.0B.B3.24.FB.57.2B.12.50.78.84.06.66.30.0D.06.09.2A.86.48.86.F7.0D.01.01.05.05.00.30.81.97.31.0B.30.09.06.03.55.04.06.13.2.55.53.31.39.30.37.06.03.55.04.0A.13.30.44.61.74.61.20.4F.76.65.72.20.43.61.62.6C.65.20.53.65.72.76.69.63.65.20.49.6E.74.65.72.66.61.63.65.20.53.70.65.63.69.66.69.63.61.74.69.6F.6.73.31.15.30.13.06.03.55.04.0B.13.0C.43.61.62.6C.65.20.4D.6F.64.65.6D.73.31.36.30.34.06.03.55.04.03.13.2D.44.4F.43.53.49.53.20.43.61.62.6C.65.20.4D.6F.64.65.6D.20.52.6F.6F.74.20.4.65.72.74.69.66.69.63.61.74.65.20.41.75.74.68.6F.72.69.74.79.30.1E.17.0D.30.31.30.37.31.31.30.30.30.30.30.30.5A.17.0D.31.31.30.37.31.30.32.33.35.39.35.39.5A.30.65.31.0B.30.09.06.0.55.04.06.13.02.55.53.31.1D.30.1B.06.03.55.04.0A.13.14.4D.6F.74.6F.72.6F.6C.61.20.43.6F.72.70.6F.72.61.74.69.6F.6E.31.0F.30.0D.06.03.55.04.0B.13.06.44.4F.43.53.49.53.31.26.30.24.06.3.55.04.03.13.1D.43.6F.64.65.20.56.65.72.69.66.69.63.61.74.69.6F.6E.20.43.65.72.74.69.66.69.63.61.74.65.30.82.01.22.30.0D.06.09.2A.86.48.86.F7.0D.01.01.01.05.00.03.82.01.0F.00.30.2.01.0A.02.82.01.01.00.B9.FB.C5.7A.F8.81.46.4D.58.30.BC.16.77.8E.EC.A0.6A.CB.E6.C7.B8.85.92.4B.2D.AC.F5.94.E3.BE.23.32.03.CB.20.80.36.3D.67.73.B2.0C.8E.61.AE.2F.10.4D.4B.C8.E.4C.66.4C.B3.52.86.04.EE.9F.62.1A.E4.5D.BB.C8.49.1F.79.88.89.5E.79.41.79.5F.95.D5.FB.1C.A6.97.37.59.5C.F4.FF.20.10.80.1C.22.14.EE.DE.3D.DB.17.32.D0.FD.5E.0A.7E.34.29.BC.20.85FE.47.1C.E0.06.58.E8.CE.BD.18.AC.A1.68.0E.C4.34.58.E5.9B.B6.1F.64.9B.F0.50.12.36.89.D2.DC.4D.5E.34.23.51.9F.CB.34.16.69.F3.A9.6E.F3.BA.1E.33.71.B9.C2.E4.3A.B1.03.FC.DC.3B.AC21.1E.B4.1D.30.48.A1.6A.3E.A1.EC.86.55.8A.C5.D7.89.39.00.9D.AC.77.73.6F.66.9A.0B.63.27.BD.CB.63.37.44.60.4E.2E.DB.6A.8D.A4.11.73.1E.F1.D9.B9.20.CF.7F.22.D1.A1.BC.37.5B.8F.0B76.3F.7D.D9.D1.26.1D.28.4D.77.6F.DB.F8.58.90.7B.AA.F2.98.F5.92.08.60.0E.27.41.E0.5D.B8.7D.BB.02.03.01.00.01.A3.1A.30.18.30.16.06.03.55.1D.25.01.01.FF.04.0C.30.0A.06.08.2B.06.1.05.05.07.03.03.30.0D.06.09.2A.86.48.86.F7.0D.01.01.05.05.00.03.82.01.01.00.5C.5E.38.4A.E8.FB.24.77.4E.C0.87.A0.C9.80.60.CF.3C.2F.5D.1F.EC.60.18.2B.92.A1.B8.B1.ED.9D.49.FE.82.0.CB.21.04.DF.EE.31.92.D6.D6.2B.A2.B9.92.9F.89.75.AB.1D.D9.68.41.3A.1A.71.E6.69.A0.B3.6C.C1.14.67.36.CA.11.49.8E.D6.71.1D.62.34.52.7A.28.14.C8.D6.86.64.21.5E.C9.F3.80.44.F1.7.C6.7B.CA.F6.F3.4D.97.8F.AA.18.74.78.9D.D1.5D.91.CF.D3.55.A2.4A.F0.F1.BD.CC.30.19.3C.48.C3.94.84.CC.C3.C9.DA.C3.E6.91.94.37.8A.A8.D7.6F.B0.73.A4.B2.4E.FC.87.43.42.D4.F7.F505.47.90.2F.42.E0.B5.8D.F4.28.AD.59.16.75.C6.9E.70.63.96.50.8E.E1.E9.00.A4.E1.9B.6A.EA.0B.8C.5C.34.59.DF.0E.12.62.72.A7.D9.01.BB.FF.F3.8F.B2.17.34.3F.79.08.B8.3A.0A.C8.91.88.807C.31.EA.23.E9.B9.30.9A.28.A8.88.E7.A1.50.98.4E.7D.D9.42.D8.6B.15.A8.E6.24.75.9F.DC.A6.2A.4E.E5.C2.07.DC.A7.BD.56.7D.09.CC.EA.C7.4F.58.66.5B.B8
BaselinePrivacy =
AuthorizeWaitTimeout = 10
ReauthorizeWaitTimeout = 10
KekGraceTime = 600
OpWaitTimeout = 10
RekeyWaitTimeout = 10
TekGraceTime = 600
AuthorizeRejectWaitTimeout = 60
SAMapWaitTimeout = 1
SAMapMaxRetries = 4
UpstreamServiceFlow =
SfReference = 1
SfQosSetType = 7
SfTrafficPriority = 1
SfMaxTrafficRate = 512000
SfSchedulingType = 2
SfRqTxPolicy = 138
DownstreamServiceFlow =
SfReference = 101
SfQosSetType = 7
SfTrafficPriority = 1
SfMaxTrafficRate = 3200000
Poge,
It might also help looking at the modems built in web interface to see what the modem is complaining about.
Plug a laptop into the modem. When the modem is NOT registered it will assign an ipaddress to the PC someplace in the range of 192.168.100.something if I recall right. You can do an ipconfig on the laptop to see what it really is.
Open a web browser and type in the ip address of the gateway, probably 100.1. This will open the web interface and they will be all sorts of details including what steps are completed and probably whats hanging things up.
The modem upgrades are going to be tricker. It's all depends on what type of code is currently running on the modems. More than likely all the 5120's will require a CVC in the configuration file to push any other upgrades. The 41xx may have docsis 1.0 code and to upgrade to 1.1 wont require a CVC. There is another nightmare that may await you with the 4100's. Motorola had a buch of modem certificate issues and they may not be able to run BPI. Motorola ended support to push cert upgrades the end of december last year. Dont buy any used 41xx modems.....
-Tom