|
Multi-user Residential Cable Modem
Provisioning a multiple CPE cable modem
By: Bruce Bahlmann - Contributing Author (your
feedback
is important to us!)
Created: December 4, 1997
Note: For help designing/implementing your multi-CPE cable modem service or developing tools to help you improve or implement such a program contact Birds-Eye.Net.
Overview/History:
One limitation of basic Express service is that it is capable of only activating a
single computer. This limitation is based two criteria: first the customer care database
(Remedy) is designed around a single record per customer and second, the existing software
that runs on the cable modem (LCp - LANCity personal) only supports a single mac address
(NIC) connected to it. If multiple basic residential service connections are requested we
currently install additional cable modems to support them. However, this is somewhat
kludgy since a single customer in the billing database represents multiple records in
customer care database. Unfortunately, there is not always enough RF signal strength to
support multiple cable modems so we can’t always install additional connections for
people who request them. It is also more costly for us to install additional cable modems
in a single home because the second connection is usually cheaper but our costs are the
same as new customer.
While a LCw (LANCity workgroup) cable modem is available that supports up to 4
connections, there are technical issues that have delayed its use. Unlike the LCp which
supports a single mac address, the LCw's software supports up to 4 mac addresses. To
achieve multiple connections using an LCw, installers would need to connect a second
network device called a hub which permit up to four computers to connect to the single
ethernet receptacle on the cable modem.
Next generation software for cable modems (available in first quarter 98) will
eliminate the differences between LCps & LCws by essentially allowing all of them to
support up to 16 computers. Since this functionality is significantly different than the
current product definition this document is targeted at identifying potential
installation/technical problems with this new capability and suggesting how we could best
implement/upgrade our existing provisioning system to handle this functionality .
Technology Capabilities of Modems:
Throttling
Configuring the throughput of modems offers the single greatest definition of service
classes. Modems offer throttling of speeds from 10kbs to 10,000kbs in 1k increments both
ways (down stream and up stream). This feature is configurable in the file (MD5) that is
downloaded to the modem as part of the booting process.
Maximum ethernet nodes supported
This feature enables a modem to limit the number of network devices that can access the
Express network. For example if this is property is set to one, only a single mac address
(i.e. NIC) can access the Express network through that modem (the first mac address
learned by this device). There are two ways of fulfilling this configurable feature as far
as limiting the number of mac addresses that are allowed to pass data through the modem
once it has been set to some number. Either the modem is allowed to control this on its
own (default) or one could preload mac addresses. If the default option is used the modem
internally learns mac addresses of network devices connected to the modem and permit these
devices to pass data through the modem. In networks where the number of network devices
exceeds the number of devices the modem will support, there will inevitably be an access
problem (one or more, of the authorized computers will not be able to use our network
because they were not learned by the modem).
Preloading or Pre-stuffing
A feature that works hand in hand with the maximum ethernet nodes supported is
pre-stuffing. Pre-stuffing is a way of loading the authorized mac addresses directly into
the configuration file downloaded by the modem during the boot process. This method
further restricts the modem by only allowing specified mac addresses to communicate on our
network (the ones we know about). The feature over rides the learned option because the
modem is instructed by its "unique" configuration file which mac addresses are
allowed to communicate through the modem
Access priority and burst traffic
This feature prohibits a modem from consuming more than its share of the available
bandwidth. Essentially there are two parameters: access priority (low, normal, high) and
burst traffic (0-4). The combination of these two parameters allows us to define service
classes that meet network usage. For example, residential service traffic should have
lower priority than business traffic so all residential classes have a "low"
priority level associated with them (other devices such as headend nodes have the high
priority where as business classes would probably receive normal priority). The level of
priority and burst traffic should also be based on how much this service class costs. In
absence of defined service classes the best direction would be to give everyone low access
so as not to conflict with new classes of service as they are defined.
Filtering
Modems have the ability to filter data packets in such a way that we can increase the
security of Express customers computers, reduce the amount of unwanted customer traffic
that spills on to our network, and provide security to our provisioning systems. There are
two kinds of filtering available to residential customers: standard and limited filtering.
Limited filtering involves the most basic filtering available to customers allowing such
things as file and print sharing yet restricting traffic from customers that is either
impacts other customer’s performance or is a security risk. Standard filtering is a
superset of limited filtering with the addition of limiting file and print sharing for
Windows 95 clients.
Suggested Residential Service Class Divisions:
Taking into account the existing limitations of both modem software and customer care
database, it is difficult to immediately migrate to a provisioning system that supports
multiple connections yet does not involve customer care database retooling. Instead of
waiting for the technology needed to implement a full-featured system that would be
customized by connection (seat), the following model would be relatively easy to migrate
towards with little development effort.
Basic residential service
Class of service for low end Express customer with no more than ONE computer in the
home. Customer’s with more than one computer in the home should be directed to a
higher service class. Offers options as far as bandwidth (future) but with low priority
and access to spare bandwidth.
- Supports a single customer computer connection
- LCp will only acknowledge a single NIC card – the first one it learns
Advanced residential service
Class of service for advanced residential Express customers with no more than three
computers in the home. Customer’s with more than THREE computers (or three computers
and a network printer) should be directed to a higher service class. This class of service
is similar to the lower class but has access to slightly larger blocks of bandwidth when
its available.
- Supports up to 3 customer computer connections
- LCp will permit up to 3 learned mac addresses.
Professional residential service
Class of service for high end residential/telecommuting markets with up to 8 computers
and no more than a total of 12 network devices (computers, hubs, printers).
Customer’s with more than this number of computers should be recommended to a small
business class of service. This class of service is still classified as having low access
but is able to use larger blocks of bandwidth when its available.
- Supports 4-8 customer computer connections (allowing for printers and fudge factor of 4)
- LCp will permit up to 16 learned mac addresses
While this dividing of service is far from feature rich, it is pretty straight forward
and would not require a significant amount of development effort in order to launch a
multi-user residential service that would drive up revenue and lower costs. Once launched,
we could focus our development efforts and vendor requests on a more exact service that
would target a by seat approach (perhaps using an idea discussed later). However, the key
point here is that a less than perfect product is better than no product or waiting for
the right product. Implementing this method provide a means (both financial and
architectural) towards the requirements of next-generation provisioning and development of
new service offerings.
Foundational Change Needed in Provisioning System:
Up to this point, the provisioning system has been based solely on mac addresses. The
mac addresses (in this case) act as a security feature of the network by disallowing
computers (that are not registered in the provisioning server) from accessing the
DHCP/BOOTP server. Each customer has various computer and modem mac addresses associated
with their account(s) that we register for them on the provisioning server to grant them
access to our network.
What I propose is that we eliminate the registering of mac addresses entirely and
completely open up our provisioning system architecture. The way I propose we do this is
by using a certain feature on the modem (Maximum ethernet nodes supported ) that
restricts the number of connections or computer NICs the modem is capable of learning.
Rather than preloading, this restriction is open enough to allow customers to replace
their NICs without calling into customer care. Instead, we merely keep track of the name
of the service the customer has requested. The service name will identify various settings
of the cable modem options described earlier.
Taking this idea further, service technicians would no longer need to use Stage to
change out cable modems, and customers who replace NIC cards would not need to call in to
have new ones provisioned. One of the greatest features is that once the cable modem
booted, they would grant access to only four machines: one that would permit the computer
to obtain an IP address, one that would permit download of a our web browser, one that
would provide very limited DNS services, and one that would enable the technician to
configure the customer’s service (Web page). Using these four machines the installer,
or customer would have the access they need to upgrade the service that particular modem
is receiving. In this model the modem restricts what the computer behind it can access
(limiting it to only necessary machines).
Who Needs Mac Addresses?
Customer care believes they need mac addresses to troubleshoot problems down to a
particular customer. In reality, the registered mac address is not needed for an existing
customer to access the Express service. Simply typing in a random static IP address to the
TCP/IP configurations on a PC and then swapping out the existing NIC foils our ability to
troubleshoot a customer by his/her NIC. To use effectively use the NIC as a means to
represent the customer, we need to motivate the customer to provide us with their correct
mac address. Offering free persistent hostname services and vanity domain services is a
reliable way to ensure the customer maintains our database with their correct NIC. Since
an appreciable and growing percent of our existing customers are using static IP addresses
we just don’t have the resources to track down all of them.
Due to this growing static IP address problem, we really need to look closer at the
modem as being our de-mark for controlling access to Express Internet service. If we focus
on this point we can further regulate permitted connections and types of traffic by
building our provisioning system around this idea. One means of controlling the number of
valid connections at the modem may be to request a learning IP address filter in the
modem. If a modem could learn the IP addresses of the devices requesting DHCP leases
through it, we would have a sure way of eliminating the use of static IP addresses on our
network. The number of IP addresses learned must be a function of the number of devices we
authorize. This would also help us better manage the use of IP addresses. The other side
of not registering mac addresses is very complex and involves architectural changes to the
customer care database and re-engineering the provisioning system to handle pre-stuffing.
Technical Challenges:
The following are issues that were raised by John Fiske and Will Biedron about
limitations of Stage/Provisioning server that would prohibit us from implementing this
residential product. Each of these is addresses from the frame of reference that the
provisioning system must be reworked in the manner described previously.
Vulnerability to the issue of provisioning a single mac address that would support
up to 16 computers/printers/intelligent hubs/etc.
This challenge has significant impact on how we use Stage. Since Stage can presently
only handle one association per customer the method of provisioning a single customer must
not consume more than one record to remain compatible. The above system addresses this by
finally establishing a one-to-one relationship with every customer and a single modem.
Using that single modem one can authorize any number of computers (currently up to 4) and
starting in the spring (up to 12 – leaving some room for learned mac addresses that
are not computers [printers, hubs, etc]).
Changing NIC’s
The current provisioning system restricts individuals from changing NICs because each
one must be registered for it to obtain an IP address from the server. The new system must
not be dependent on registering mac addresses as its security measure. Instead, one can
change out NICs at will with the only inconvenience that if the user is only authorized a
few mac addresses, they will need to power cycle the cable modem for the new NIC to work.
Since computer’s need to be shut down to replace a NIC this is not foreseen as a
problem (however, access to modem must be granted to each physical location [closet, etc.]
where the cable modem resides).
Static configurations
Use of static IP addresses or customers that manually enter IP information into their
computers will remain a problem for the Express service. While currently its relatively
easy to look up the customer who has a particular NIC in their computer the new system
would not have this association. There are some tools that exist today that could locate
this but it would not be a simple lookup in Stage. To combat this problem more advanced
tools will be needed but as of today, this has not been a major problem.
How costly is it to prestuff mac addresses?
The issue of prestuffing is with us today because we base our system off registering
each mac address with the server. Since the gating factor of prestuffing means that each
modem would require a unique configuration file, this capability would not scale past
several thousand modems due to storage space problems and UNIX OS’s ability to manage
machines that would need to access thousands of small files. The new provisioning system
must either create these configuration files on-the-fly (See On-The-Fly TFTP Server
Specification - Bahlmann) or simply create a few select files that can be shared by like
hosts (how the existing system is designed). The provisioning system could come at
prestuffing from another angle by only limiting the number of devices (mac addresses)
rather than limiting specific mac addresses. In this way, we would leave the
specificity’s (as far as computer mac addresses) up the customer and the handling of
how many can access and what they can access up to us.
How costly is it to produce a customer interface (web or otherwise)?
My experience with producing a customer web interface is that this is a relatively
simple task and that our business was build on hardware that is conducive to this method
of interacting with different applications. The problem today is that the way our existing
provisioning system is configured there is no way to interface with all the systems needed
to change some customer’s account (would need to access systems on both sides of the
firewall). The new provisioning system must be located entirely outside the firewall to
enable customers to change their account. This product could be rapidly developed
utilizing existing components and a small amount of custom code.
How costly is it to integrate provisioning and filtering?
Expanding/building on the existing system would take months to plan and perhaps longer
to test and execute. This is due to the communications needed to coordinate each
group’s (Engineering, HSD Operations, IT, regions) involvement in the execution of
the plan that would be quite complex due to the need to communicate with systems on both
sides of the firewall. The new provisioning system would greatly simplify this by reducing
the need to store large amounts of pertinent provisioning information in the customer
account. The only items needed would be the mac address of the modem (needed for asset
tracking) and the service class a customer has selected (probably all stored in LDAP).
Since particulars regarding the modem capabilities (throughput, filtering, etc.) are
associated with service classes, these features are applied when the cable modem receives
its configuration file.
If the customer has 12 devices on a LAN but only wants 3 how do we deal with that?
The existing provisioning system would not be able to deal with this because it only
supports 1 mac address or 16 (no room for the niche market in between these extremes). The
new provisioning system would have the capability to segment the market for this product
by providing differing service classes based on variations of throughput, priority,
filtering, and number of devices allowed. This customer would not be able to use the
service that only supports 3 network devices because his total number of network devices
was 12. Where we could help this individual out is that we could still call it residential
service by keeping his bandwidth and access priority the same as other residential
products (rather than calling this a business product that would require higher
performance and bandwidth – and cost significantly more) yet he could connect up the
rest of his computers/printers at will.
How do we deal with printers connected in the home that would show up as mac address
that would be learned by the cable modem?
The way to address this is to create a buffer or fudge factor when selling the service
to the customer. Rather than having a product that allows up to 16 computers to connect to
the network we sell it as only a 12 network device capable cable modem. To arrive at what
service fits the customer’s needs we simply count the number of network devices the
customer has in the home. The total number of devices divides which class of service they
fall under. The fudge factor gets around the need of having to pre-stuff which complicates
the system and requires significantly more administration by the operations group as well
as by the customer (when they want to swap machines, etc.).
Can Birds-Eye.Net help you or your Company?
Receive your Birds-Eye.Net articles and white
papers hot off
the presses by adding our RSS feed to your reader.
|