Patent Grant
7864686
Cable operators have deployed millions of digital set-top boxes (STBs) enabling broadcast and interactive services. Millions of cable modems have also been deployed with the associated infrastructure including Cable Modem Termination Systems (CMTSs), routers and network connectivity. There is significant interest in enabling high-speed data communications to digital set-top boxes for advanced services that leverage the existing infrastructure of digital video and Data Over Cable Service Interface Specifications (DOCSIS) networks.
The intended service allows transparent uni-directional and bi-directional transport of Out-of-Band (OOB) messaging over Internet Protocol (IP), between the cable system headend and customer locations, over an all-coaxial or hybrid-fiber/coax (HFC) cable network. The intent is to transparently transport the OOB message traffic between a set-top controller and the CMTS over a Wide Area Network (WAN) and then forward the OOB messaging from the CMTS to the set-top device over the cable network.
One technique establishes tunnels for sending the OOB messaging over the cable network. The CMTS may receive packets over the WAN that contains the OOB messaging. The CMTS changes the received packet MAC addresses to preconfigured MAC addresses for the STBs in the cable network. One problem is that STBs from different manufactures may have different MAC addresses. This can prevent the CMTS from using the same tunnels for sending data to different STBs.
The present invention addresses this and other problems associated with the prior art.
A cable network includes a Data Over Cable Service Interface Specifications (DOCSIS) set-top gateway (DSG) server connected to an Internet Protocol (IP) network and a DSG client operating in a set-top device connected to a cable network. A DSG agent operates in a cable modem termination system (CMTS) coupled between the IP network and the cable network. The DSG agent receives data from the DSG server and sends the data to the DSG client over dynamically assigned DSG tunnels.
The foregoing and other objects, features and advantages of the invention will become more readily apparent from the following detailed description of a preferred embodiment of the invention which proceeds with reference to the accompanying drawings.
Abbreviations and Acronyms
The following terms are used to help describe different operations performed during a DSG advance mode. These terms are used for explanation purposes only and are not intended to limit the scope for any aspect of the DSG advanced mode.
Application ID This is a field indicating a numeric ID for an application running on a set-top device. The Application ID may be assigned through a Source Name Sub-table (SNS) or equivalent table carried in a broadcast DSG tunnel.
CA_system_ID This is a field indicating a type of conditional access (CA) system applicable for either an associated ECM and/or entitlement management messaging (EMM) stream. The CA_system_ID may be used as a DSG client ID in the DSG advanced mode.
DSG Address Table A collection of DSG rules and DSG classifiers contained within a DCD message. A DSG client uses its DSG client ID as an index into the DSG address table to determine what DSG tunnel address to receive.
DSG Advanced Mode Operation with a DCD message. Address assignment is dynamic. The DSG tunnel address is determined by the DSG agent and learned by the DSG client through the DSG address table in the DCD message.
DSG Agent The DSG agent implements a DSG protocol within the CMTS. The DSG agent creates the DSG tunnel, places content from the DSG server into the DSG tunnel, and sends the DSG tunnel to the DSG client.
DSG Basic Mode Operation without the DCD message. Address assignment is static. The DSG tunnel address is determined by the DSG client and learned by the DSG agent through configuration. This mode provides backwards compatibility with earlier versions of DSG.
DSG Channel Any DOCSIS downstream channel that contains one or more DSG tunnels.
DSG Client The DSG client implements the DSG protocol within the set-top device. The DSG client terminates the DSG tunnel and receives content from the DSG server. There may be more than one DSG client within a set-top device.
DSG Client ID This is an identifier that uniquely identifies a DSG client. The DSG client ID is unique per DSG client, but may not be unique per set-top device as the same DSG client which provides the same function may exist in multiple set-top devices. In DSG basic mode, the DSG client ID may be a MAC address. In DSG advanced mode, the DSG client ID may additionally be an application ID, a CA_system_ID, or a broadcast ID.
DSG Rule An entry within the DSG address table that assigns a DSG client ID to a DSG tunnel address.
DSG Server The DSG server refers to any network device such as an application server or other network attached device that provides content that is transported through the DSG tunnel to the DSG client.
DSG Tunnel The DSG tunnel exists between the DSG agent in the CMTS and the DSG client in the set-top device. The DSG tunnel is identified by its DSG tunnel address, and it carries one or more IP datagram streams which originated from the DSG server. Multiple DSG tunnels may exist on a single downstream DOCSIS channel, and a DSG tunnel may span one or more downstreams.
DSG Tunnel Address This specifically refers to the destination MAC address of the DSG tunnel. If the source MAC address, the destination IP address, or the source IP address is to be referenced, then that reference is explicitly stated.
Embedded CM A DOCSIS cable modem integrated into a set-top device.
One-Way This expression infers that the downstream path (from the network to the subscriber) is operational, and that the upstream path (from the subscriber to the network) is not operational. This may occur because the upstream path is not available, the set-top device is not registered, or the set-top device does not support a two-way mode of operation.
Out-Of-Band Messaging The control and information messages sent from the set-top controller (or Application Server or similar device for legacy out-of-band (OOB) messaging) to one or more set-top devices. Specifically, OOB infers the use of a dedicated channel for signaling which is separate from the video channels. This includes but is not limited to the following types of messages:
QoS Parameter Set A set of service flow encodings that describe the quality of service (QoS) attributes of a service flow or a service class.
Service Class A set of queuing and scheduling attributes that is named and configured at the CMTS. A service class is identified by a service class name. A service class has an associated QoS parameter set.
Set-top Controller This is the computer system responsible for managing the set-top devices within a cable system. It manages set-top devices through control and information messages sent via the out-of-band channel.
Set-top Device A cable receiver that contains an embedded cable modem for DOCSIS connectivity, an embedded processor for an application environment, and either an embedded or removable module for conditional access.
Two-Way This infers that the downstream path and the upstream path are operational.
Well-Known MAC Address This refers to the MAC address of the DSG client within the set-top MAC Address device. This MAC address has been assigned by the manufacturer of the CableCARD and/or conditional access system within the set-top device, and has been made known to the MSO for use in configuring the DSG agent.
The set-top controller 14 communicates with the set-top devices 22 through a cable modem termination system (CMTS) 18 that couples the IP network 16 to the cable network 20. The CMTS 18 formats the IP packets received over the IP network 16 containing the OOB messaging 24 into a DOCSIS format. The DOCSIS frames then relay the OOB messaging 24 over the cable network 20 to the set-top devices 22. The set-top device 22 then uses the OOB messaging 24 for supplying or configuring data used by an endpoint device such as a television 26 or a computer 28.
DSG Basic Mode
Referring to
The expression “DSG tunnel address” refers to a destination MAC address of the DSG tunnel 40. The DSG agent 32 defines the uniqueness of the DSG tunnel 40 in relation to an IP multicast destination address, IP subnets, and DOCSIS downstreams. In a DSG basic mode, a destination MAC address of the DSG tunnel 40 is set equal to a DSG client ID which is a multicast (group) MAC Address. The DSG client 34 in the set-top device 22 recognizes the DSG tunnel 40 by the uniqueness of a DSG tunnel address. Multiple IP addresses may use the same DSG tunnel address. This allows a many-to-one scenario where multiple set-top controllers 14 can send OOB messaging or other content 25 to the set-top devices 22.
Each IP address is resolvable to a single destination MAC address. This conforms with IP conventions and prevents a one-to-many scenario where one set-top controller 14 can send data to many selectable different set-top devices 22. The traffic for a single DSG tunnel 40 may be replicated on one or more DOCSIS downstreams. This group of downstreams may be a subset of the downstreams within one or more IP subnets.
DSG Advanced Mode
The following functionality may be achieved with the DSG advanced mode. Multiple types of DSG clients 34A and 34B, each with different DSG client IDs can be assigned to a single DSG tunnel 42. This provides the one-to-many scenario that is not supported by the DSG basic mode. The DSG clients 34 can be assigned different DSG tunnels based upon downstream or upstream associations. The uniqueness of the DSG tunnel 42 for a particular DSG client 34 is per downstream on a one-way HFC plant, and per upstream on a two-way HFC plant.
The DSG advanced mode can use a multicast (group) MAC address as the DSG tunnel address 48. Multicast addressing is referred to in RFC 1112, which is herein incorporated by reference. Since more than one IP multicast address can map to the same multicast MAC address, the DSG clients 34 can use both a destination MAC address and a destination IP address to receive the DSG tunnel 42. If a unicast MAC address is used based upon the manufacturer's Organizational Unique Identifier (OUI), then it will be unique, and an IP address does not have to be used for receiving the DSG tunnel 42.
A multicast (group) MAC address is preferred for DSG advanced mode since DSG tunnels 42 are multicast in nature. Use of the DSG advanced mode presumes that the cable modems have been configured to disable the IP multicast forwarding of DSG traffic to the home network. In one embodiment, the addressing of the IP multicast packets and the addressing of the DSG tunnel 42 are the same. The DSG tunnel 42 encapsulates the IP multicast datagrams in DOCSIS frames.
Under certain circumstances, DSG advanced mode allows the MAC address to be re-written to either another multicast MAC address or a unicast MAC address. The signaling protocols for the two can be slightly different. This allows DSG to work on a one-way plant. Conventional IP multicasts have several different protocols which allow end points to join the IP multicast session. In DSG, the CMTS 18 assigns end points 22 to DSG tunnels 42 using DOCSIS MAC management messages.
For example, a manufacturer assigns MAC addresses as before to set-top devices 22 which in one example is the client ID 50. However, the MAC address is not used to receive packets but alternatively used as an index into the DSG address table 46. The DSG address table 46 is sent by the CMTS 18 to the set-top devices 22. The DSG address table 46 maps the preconfigured MAC addresses 50 to one or more dynamically assigned tunnel MAC addresses 48. The CMTS 18 can then send information to the set-top devices 22 over tunnels having the indexed tunnel MAC addresses 48 in the DSG address table 46. This allows set-top devices 22 with different MAC addresses to receive data over the same tunnel 42.
The DSG address tables 46 linking the tunnel MAC addresses 48 to the set-top MAC addresses 50 can be dynamically changed by the CMTS 18 and then re-broadcast to the set-top devices 22. The DSG agent 32 in the CMTS 18 broadcasts the DSG address tables 46. In one embodiment, the tables 46 are broadcast to the set-top devices 22 using a downstream channel descriptor (DCD).
In an alternative embodiment, MAC addresses may not be used as the client ID 50. For example, there may be software applications that may need to receive content over a particular tunnel. In this version, an application ID is sent in the DSG address table 46. The application ID pointed to in the table 46 identifies an associated tunnel containing information used by the software application.
For example, the application ID may be a number space owned by an MSO. The MSO would then associate a particular software application, such as a TV guide service, with an associated application ID value. The MSO then sends a DSG address table 46 that notifies the set-top devices 22 of the application ID and associated tunnel address 48 for the TV guide information. The set-top decides 22 with the TV guide application then receive the TV guide information over the tunnel address 48 mapped to the TV guide application ID value.
In yet another embodiment, the DSG address table 46 may map a conditional access (CA) system ID to the set-top device MAC address 50. In another embodiment, a broadcast tunnel is established that is listened to by every set-top device 22. Configuration information, such as the DSG address table 46, is then sent to all of the set-top devices 22 at the same time. In this embodiment, a particular tunnel MAC address is identified as a broadcast tunnel. For example, a tunnel 42 having a MAC address of all zeros. All set-top devices 22 read the contents of the tunnel having the broadcast MAC address.
Thus, the DSG address table 46 can have different types of inputs. For example, the input to the table 46 can be a well known MAC address, a CA system ID, a broadcast ID or an application ID. Of course other identifiers can also be used. This allows any arbitrary application to be tied to any tunnel.
The DSG agents 32_1-32_m map IP datagrams received on IP network interface to N DSG tunnels 42 on the DOCSIS transport. In particular, the DSG agents 32 receive IP multicast or unicast datagrams on potentially multiple IP addresses 17 (1 to L). The DSG agents 32 then map these datagrams to one of potentially multiple DSG tunnels 42 on the DOCSIS transport and forwards the datagrams to the DSG clients 34.
The DSG agents 32 may provide transparent transport of out-of-band messaging over a DOCSIS channel that is traditionally carried on dedicated channels and may have one or more DOCSIS downstream channels and one or more IP subnets. An IP subnet may span one or more DOCSIS downstream channels and a DOCSIS downstream channel may be a member of one or more IP subnets. There may be one instantiation of the DSG tunnel 42 per DSG agent 32 and each IP subnet requiring the DSG tunnel 42 joins the IP multicast session. The IP address associated with the DSG tunnel 42 is the IP address of the IP multicast connection from the DSG server 30 to the DSG agent 32.
DOCSIS Set-Top Gateway (DSG)
Referring back to
The set-top device 22 functions in either a one-way or two-way environment. The set-top devices 22 might use a two-way IP session over DOCSIS for return traffic. For example, an out-of-band polling message may be sent from the DSG server 30 to the DSG client 34 via the DSG agent 32. The set-top device 22 response to the message might be returned to the headend 18 via IP over DOCSIS.
An embedded cable modem in the set-top device 22 would then follow standard DOCSIS initialization and registration processes, with certain exceptions. For example, in acquiring the appropriate DOCSIS downstream channel, the DSG client 34 may search for a DOCSIS channel that contains either a DSG tunnel 42 having a destination MAC address matching the DSG client ID (basic mode), or may look for DCD messages with DSG address tables contains a DSG client ID (advanced mode). The embedded cable modem in device 22 then attempts to register on the network after acquiring the appropriate DOCSIS downstream channel.
IP Addressing for DSG Tunnels
The DSG agent 32 maps the IP multicast (or unicast) address 35 to a DSG tunnel address 48. The DSG agent 32 typically does not allow one IP multicast address 35 to be mapped to more than one DSG tunnel address 48. The DSG agent 32 is configured so that each interface requiring the DSG tunnel 42 is a member of the appropriate multicast group. An IP multicast address to DSG tunnel address association may span one or more IP subnets and an IP subnet may span one or more downstreams.
The DSG agent 32 may support IP multicast tunneled over IP unicast. DSG allows a unicast or multicast stream from the backbone to be forwarded to a DSG tunnel which uses a unicast or multicast address. The DSG server 30, or a router external to the DSG server 30, can encapsulate the IP multicast packets within an IP unicast packet. The DSG agent 32 then de-encapsulates the IP unicast tunnel and forwards the IP multicast packets onto the DSG tunnel 42. The DSG agent 32 can also translate an IP unicast address to an IP multicast address. The new multicast packet would then be forwarded onto the DSG tunnel 42. In another embodiment, the IP unicast packets are forwarded directly onto the DOCSIS downstream.
Enhanced Security
Enhanced security is achieved through a combination of techniques. First, the destination MAC address of the DSG tunnel 42 can be replaced dynamically. If the DSG client ID 50 were to ever become widely known, it may provide the opportunity for a PC to assume that MAC address and snoop the DSG tunnel. This problem is reduced by substituting the known DSG tunnel address with a MAC address assigned by the DSG agent 32. The DSG advanced mode can also provide the DSG clients 34 with a downstream filter which will further qualify the DSG tunnel 42 based upon destination IP address, source IP address, and destination UDP port. In one instantiation, the CMTS randomly changes the DSG tunnel address on a periodic basis and updates the DSG address table accordingly.
Regionalization
An upstream channel identifier (UCID) can be published in the DSG address table 46 that maps to particular tunnels. The CMTS 18 publishes the DSG address table 46 containing the upstream channel identifiers along with rules requesting the set-top devices 22 to listen to particular tunnels. This allows regionalization where different content can be sent to a relatively small number of households. The DSG basic mode is able to provide a unique DSG tunnel per IP subnet for each DSG client ID 50. The DSG advanced mode 50 takes this further by allowing the DSG tunnel 42 to be unique per downstream on a one-way plant, and unique per upstream on a two-way plant.
Layer 4 Multiplexing
In DSG basic mode, the content destined for each DSG client ID 50 is a separate IP flow. In DSG advanced mode, a DSG server 30 may use destination UDP ports to distinguish content, and then combine all the content onto one IP session. This reduces the number of IP unicast or IP multicast addresses required for the configuration of DSG tunnels. Specifically, the DSG server 30 multiplexes UDP ports into an IP stream, the DSG agent 32 then forwards that IP stream to a DSG tunnel 42, and the DSG client 34 demultiplexes the stream based upon UDP port number.
Referring to
The DCD message 70 contains a DSG address table that provides an address substitution and classification mechanism that increases the flexibility and security of the DSG tunnel 42. The DCD message 70 allows the use of multicast addresses as the DSG tunnel destination address. For example, multicast sessions from the IP backbone based upon RFC 1112 addressing, which requires that the end point perform IP address filtering as well as MAC layer filtering, may be passed through the CMTS 18 as a DSG tunnel 42 without address translation. The DCD messages 70 also allow an MSO to assign any set-top device 22 to any DSG tunnel 42.
The DCD Message 70 can contain a group of DSG rules and DSG classifiers as part of the DSG address table 46. The DSG clients 34 use an associated local DSG client ID 50 and an upstream channel ID (UCID) (if present) as an index into the DSG address table 46 to discover which DSG tunnel to receive and which DSG classifier to apply. The DSG agent 32 includes all DSG tunnels on the current downstream in the DSG address table 46 contained in the DCD message 70.
In one implementation, the DSG agent 32 inserts a DCD message 70 sequence at least once per second on each DOCSIS downstream that contains a DSG tunnel. The DSG agent 32 may also insert a DSG channel list type, length, value (TLV) in the DCD message 70 sequence at least once per second on each DOCSIS downstream that does not contain a DSG tunnel. The DSG client 34 can accept the inclusion of the DSG client ID 50 in the DSG address table 46 as validation that a DSG tunnel exists on the downstream for that DSG client 34.
The DCD message 70 includes a management message header 72 that is compatible with other DOCSIS management messages as defined in the DOCSIS 2.0 Radio Frequency Interface which is herein incorporated by reference. A configuration change count field 74 is incremented by the DSG agent 32 whenever any of the values of the downstream channel descriptor 70 change. A number of fragments field 76 allows the DCD TLV parameters to be spread across more than one DCD message 70, thus allowing the total number of DCD TLV parameters to exceed the maximum payload of a single DCD message 70. The value of field 76 represents the number of DCD messages 70 that a unique and complete set of DCD TLV parameters are spread across. A sequence number field 78 is the sequence of which the DCD message 70 was fragmented.
All other parameters are coded as TLV tuples in the TLV encoded information field 80. The DSG agent 32 can change these parameters dynamically during normal operation in response to configuration changes. If the parameters in information field 80 are changed, the DSG agent 32 increments the configuration change count 74. When the configuration change count is incremented, all DSG rules and DSG classifiers from the previous DCD message 70 are considered invalid and are replaced by the DSG rules and DSG classifiers from the current DCD message 70.
DSG rules are parameters contained in the information field 80 used by the DSG client 34 to determine which DSG tunnel to receive and if there are any DSG classifiers to apply. DSG client configuration information include various operating parameters for the DSG client 34, including timer values for the DSG client state machines and a list of the downstream frequencies containing DSG tunnels.
DSG Address Table
DSG Classifier
The DSG classifier contains information about the contents in a DSG tunnel. The DSG classifier directs the receiving set-top devices 22 to take particular actions when receiving data on a particular DSG tunnel address. For example, the DSG classifier may filter the data based on the source IP address and/or destination IP address. This allows the set-top device 22 to distinguish between different multicast sessions that may use a same MAC address. As shown above in
The DSG classifiers in one embodiment are coded as TLV tuples. The definitions of the TLV values are defined in section “Packet Classification Encodings” in Annex C of the DOCSIS-RFI specification. The DSG classifier parameters are set through a DSG management information base (MIB). When DSG classifiers are configured, the DSG agent 32 includes the DSG classifier encodings in the DCD messages 70 on the downstream channels to which the classifiers apply. The DSG classifier ID is unique per DSG agent 32.
The DSG agent 32 applies the DSG classifier parameters to incoming packets from the DSG server 30 in order to assign the packet to the appropriate DSG tunnel. The DSG agent 32 classifies incoming packets based upon the classification parameters listed in table 82 with the exception of the UDP port. The DCD message 70, which is intended for use by the DSG client 34, may include any of the classification parameters in table 82.
DSG Rule Parameters
The DSG agent 32 (
A DSG UCID range value specifies the matching parameters for the upstream channel ID for which the DSG rule applies. A DSG client 34 with UCID value “ucid” matches this parameter if ucid-low<=ucid<=ucid-high. If this TLV is omitted, then the DSG rule applies to all values of UCID, regardless if the UCID is known or unknown by the DSG client 34. A DSG client ID value specifies the matching parameters for the DSG client ID 50 (
The DSG client ID recognizes that IDs may originate from different address spaces. Each of those address spaces are coded as sub-TLVs within the DSG client ID TLV. These sub-TLVs may be repeated within the DSG client ID TLV to include additional DSG client IDs. The same DSG client ID may be listed in more than one DSG rule. If the same DSG client ID is listed in more than one DSG rule, the expected behavior of the DSG client is to accept all the DSG rules while taking the DSG priority field into account.
A DSG broadcast ID is a DSG client ID received by all set-top devices 22. A DSG well-known MAC address of this type is received by a DSG client 34 that has been assigned that MAC address. A CA system ID is a DSG client ID received by a DSG client 34 that has been assigned a CA_system_ID as defined by the MPEG specification and assigned by CAS_ID.
An application ID is a DSG client ID received by a DSG client 34 that has been assigned an application ID. The application ID is typically taken from a private address space managed by the MSO. The application ID is assigned to the DSG client 34 from a table contained within the DSG broadcast tunnel. There may be one or more applications per DSG tunnel. There may be one or more DSG tunnels that are used for carrying application traffic.
A DSG tunnel address is the destination MAC address that will be used for the DSG tunnel. This TLV allows the DSG client ID 50 to be dynamically remapped to another MAC address as described above. A DSG classifier identifier specifies a classifier identifier that identifies the corresponding DSG classifier to be used with the DSG rule. A DSG rule vendor specific parameters entry allow vendors to encode vendor-specific DSG parameters within a DSG rule.
A DSG client configuration contains parameters for configuration and operation of the DSG client 34. A DSG channel list allows a DSG agent 32 to advertise which downstreams contain DSG tunnels. This is intended to reduce the set-top device initial scan time. The DSG channel list entry is a receive frequency that is available to be used by the DSG client 34 in the set-top device 22 for receiving DSG tunnels. This TLV may be repeated to create a DSG channel list which is a list of downstreams containing DSG tunnels.
The state machines in the embedded cable modem in the set-top device 22 may have several timer values which define the operation of DSG. The set of DSG timer TLVs allows those timer values to be dynamically provisioned from the DSG agent 32.
A DSG service class is used to manage the Quality of Service of the DSG tunnels within the DSG agent 32. The DSG service class is identified with a service class name and has an associated QoS parameter set. The DSG service class parameters are set through the DSG MIB or through the CMTS command line interface (CLI). Multiple DSG tunnels may reference the same DSG service class. The DSG agent 32 may recognize the following DSG service class parameters. In one embodiment these parameters are defined in the “Service Flow Encodings” section in Annex C of DOCSIS 2.0 radio frequency interface specification. This parameter may include service class name, traffic priority, downstream maximum sustained traffic rate (R), maximum traffic burst (B), minimum reserved traffic rate, and assumed minimum reserved rate packet size.
DSG vendor specific parameters are vendor-specific information for DSG clients 34 and, if present, is encoded in a vendor specific information field (VSIF) using a Vendor ID field to specify which TLV tuples apply to which vendor's products. Vendor specific parameters may be located inside or outside of a DSG rule.
DSG classification parameters in the information field 80 are used to provide additional layer 3 and layer 4 filtering for the DSG tunnel.
Security
Security considerations for a DSG system can be grouped into receiver based and sender based categories. Receiver based broadly refers to ensuring content is received by the desired end points and no others. In DSG basic mode, the reserved MAC address for the DSG tunnel provides a basic but unsecured way of choosing which end points will receive the content from the DSG tunnel. Should the DSG client IDs be placed in the public domain, then it may be possible for a subscriber to adopt that MAC address and begin receiving DSG tunnel content. In DSG advanced mode, security is enhanced by allowing the DSG agent 32 to substitute new values for the DSG tunnel address 48. The set-top device manufacturer can also provide application layer encryption which runs between the DSG server 30 and the DSG client 34 to protect sensitive DSG tunnel content.
Sender based security broadly refers to ensuring the content that is received by the set-top device 22 originates from the correct sender. This can be accomplished by specifying operating procedures at the set-top device 22 and the CMTS 18. In DSG basic mode, the DSG client 34 receives DSG tunnels solely based upon the DSG tunnel address. This may not provide protection against unauthorized senders.
In DSG advanced mode, a packet filter may be installed in the DSG client 34 which further qualifies the packets in the DSG tunnel by adding access control based upon the source IP address, destination IP address, and destination UDP port. Enhanced security provided by the CMTS 18 and the IP network 16 prevents packets from illegally entering the head end IP cable network 20 with these fields.
The set-top device manufacturer can also provide an application layer protocol that allows the set-top device 22 to authenticate the sender of the content of the DSG tunnel. The CMTS 18 hosting the DSG agent 32 ensures that other network protocols (such as address resolution protocol (ARP), Dynamic Host Configuration Protocol (DHCP), DOCSIS registration, Baseline Privacy Interface Key Management (BPKM) signaling, etc.) do not associate the destination MAC address of the DSG tunnel with a non-DSG IP address, or does not disassociate the destination MAC address of the DSG tunnel from its designated DSG IP address.
This prevents a security threat in which an external entity sends a packet or signaling message on any inbound CMTS interface which infers ownership by that external entity of a MAC address in use by a DSG tunnel. In such a scenario, unless specifically prevented, other protocols in the CMTS could create false associations of DSG tunnel MAC addresses to other IP addresses. Most of these security concerns can be negated by using a multicast (group) MAC address for the DSG tunnel as described in the DSG advanced mode, since the above protocols generally operate in conjunction with IP flows with unicast (individual) MAC addresses.
The CMTS 18 hosting the DSG agent 32 may not allow packets sourced from the DOCSIS upstream to be retransmitted to a DSG tunnel. This prevents a security threat in which an external entity connected to a DOCSIS CM sends a packet which imitates a packet from the DSG server 30 with the intent of having that packet be retransmitted to the DSG tunnel. This also identifies and prevents a denial of service scenario where packets sent from a single entity on a DOCSIS upstream are not allowed to shut down the operation of a DSG tunnel.
Interoperability
On the DSG agent network side interface (NSI), the DSG agent 32 advertises via a multicast routing protocol, the multicast routes/groups that are configured in the DSG agent 32. On the DSG agent RF side interface (RFI), IP multicast addresses that are associated with DSG tunnels via the DCD message 70 may not be managed by Internet Group Management Protocol (IGMP). As such, the downstream channel carrying the DCD message 70 is considered to be “statically joined” to each multicast group included in the DCD message 70. For these associated multicast groups, the DSG agent 32 ignores IGMP messages (membership queries, membership reports, leave messages) on the RF interface, and does not generate IGMP messages (group-specific queries, membership reports, leave messages) on the RF interface.
In the case of IP multicast, where the destination IP address is multicast and the DSG tunnel address has been derived from RFC 1112 multicasting, the DSG rule includes a DSG classifier with an entry for the destination IP address. This is used because the addressing algorithm in RFC 1112 allows up to 32 IP addresses to map to the same MAC address. By including a source IP address in the DSG classifier, source specific multicast as specified in RFC 3569 like operation can be used at the DSG client 34.
When using a RFC 1112 derived MAC address, the format of a DSG tunnel is similar to that of a standard IP multicast packet over DOCSIS. The difference between a DSG tunnel and an IP multicast over DOCSIS session is the signaling protocols for setting up the session. The DSG tunnel uses the DCD message 70, while the standard multicast session over DOCSIS uses IGMP.
DSG Basic and Advanced Modes
In DSG basic mode, the DSG tunnel address 48 (the destination MAC address of the DSG tunnel) is set equal to the DSG client ID (which is a MAC address for DSG basic mode). In DSG advanced mode, the DSG agent 32 assigns the DSG tunnel address 48 using the DSG address table 46 located in the DCD message 70 as described above. In DSG basic mode, the DSG client ID 50 and hence the DSG tunnel address 48 could be either unicast or multicast, whereas in DSG advanced mode, the DSG tunnel address is typically multicast.
In general, the DSG agent 32 uses different DSG tunnels for DSG basic mode and DSG advanced mode since the DSG tunnels may have different DSG tunnel addresses 48. There is an exception case. If the DSG client 34 has a DSG client ID which was a multicast MAC address, that multicast MAC address could be used for the DSG tunnel address, and the same DSG tunnel could be used for both DSG basic mode and DSG advanced mode. In this case, the DSG agent 32 might not arbitrarily change the DSG tunnel address as this could invalidate the DSG basic mode tunnel.
A set-top device 22 supporting both modes can use the presence of the DCD message 70 to determine which mode the DSG client 34 supports. If the DCD message 70 is present, the set-top device 22 assumes DSG advanced mode of operation. If the DCD message 70 is absent, the set-top device 22 assumes DSG basic mode of operation.
A DSG agent 112 in a CMTS 104 maps the different multicast sessions 108 and 110 into different DSG tunnels. In this example, the IP multicast session 108 with IP destination address 228.9.9.1 is mapped into a DSG tunnel 114 with a MAC destination address of 105.5.5. The IP multicast session 110 with IP destination address 228.9.9.2 is mapped into a DSG tunnel 116 having a MAC destination address of 106.6.6.
In example # 1, the DSG agent 112 sends two DCD messages 118 and 120 on the downstream cable plant that contain different rules. Rule #1 in DCD message 118 links DSG tunnel 114 having MAC destination address 105.5.5 to DSG client ID 101.11. Rule #2 in DCD message 120 links DSG tunnel 116 having MAC destination address 106.6.6 to DSG client ID 102.2.2.
The DSG clients 106 and 107 search the DSG address table in DCD messages 118 and 120 for matching DSG rules. When a match is found, the DSG clients 106 and 107 use the DSG rules to obtain the destination MAC address of the DSG tunnel (known as the DSG tunnel address), and uses the DSG classifiers to determine what Layer 3 and/or Layer 4 parameters to filter on.
For example, the DSG client 106 has the DSG client ID identified in DCD message 118. Therefore, DSG client 106 receives data sent over DSG tunnel 114. The DSG client 107 has the same DSG client ID identified in DCD message 120 and therefore receives the data sent over DSG tunnel 116.
Regionalization
An operator may want to send different content to different set-top devices on different HFC network segments. This can be accomplished in a variety of ways. In DSG basic mode, this requires placing the different DSG tunnels on different IP subnets. This is because packets are switched between downstreams within an IP subnet based upon their destination MAC address. Thus, there cannot be different DSG tunnels with the same DSG tunnel address within the same IP subnet when using DSG basic mode. Since IP subnets tend to span an entire CMTS, regionalization in DSG basic mode tends to be done per CMTS.
In DSG advanced mode, a DSG tunnel address substitution may be made on a per downstream basis. For example, there can be multiple IP flows from the DSG server 100 or 102 to the DSG agent 112. These different IP flows may be intended for the same function, such as EAS information, but the content may differ across downstreams within the same subnet. Each of these flows gets mapped to a different DSG tunnel address on each downstream, or group of downstreams, depending upon geographical requirements. Each downstream then has a unique DCD message which may contain the same DSG client ID, but contains a unique DSG tunnel address.
Example #2 in
On a two-way HFC plant, the DSG clients can use an upstream channel ID (UCID) for further granularity. One approach writes a separate DSG rule for each range of UCIDs that are within a region. Each DSG rule is for a separate DSG tunnel. In this scenario, multiple DSG rules have the same DSG client ID, but a different DSG tunnel address and a different UCID range. In
In another approach that uses fewer DSG tunnels, the DSG server 100 or 102 places the regionalized content onto different destination UDP ports. Each destination UDP port is then associated with a different range of UCIDs. In this scenario, multiple DSG rules may have the same DSG client ID and the same DSG tunnel address, but a different UCID range. In both approaches, at least one DSG rule may include the default DSG tunnel for DSG clients which could not register and obtain a UCID. This rule then possibly has a lower rule priority than the other DSG rules.
Layer 4 Multiplexing
Referring to
The DSG address table contains a series of DSG rules which point all participating DSG clients to the same DSG tunnel, but each of which contain a different pairing of destination UDP port and DSG client ID. A variant of this feature as described above uses the UCID range in the DSG rule to steer content from different UDP ports to different regions.
This is useful as there are less IP addresses on the CMTS 104 to be reserved, and it permits DSG configurations to scale without impacting IP address space limitations. This also simplifies the networking configuration of multicast by reducing the number of required multicast sessions and by pushing the management of different DSG tunnel content to layer 4. In this mode of operation, the DSG clients 106 and 107 not only use the DSG classifier as part of an accept/discard filter, but also to forward the correct content based upon UDP port to the correct destination within the set-top device.
Referring to example #4 in
Many to One
In a many to one scenario, one DSG server 100 or 102 may supply content to multiple DSG clients 106, 107, etc. over a larger area, while other DSG servers may be supplying directed content to a smaller serving area. Within a downstream, however, the content from both DSG servers 100 and 102 are going to the same DSG client.
Both the DSG basic mode and the DSG advanced mode allow multiple IP flows from the IP backbone to merge into a same DSG tunnel. In DSG advanced mode, this is indicated to the DSG client 106 and 107 by including multiple DSG classifiers within one DSG rule. Note that the multiple IP flows could be IP unicast, IP multicast, or both.
Referring to example #5 in
One to Many
The ability to have multiple entries within the DSG client ID TLV for a DSG rule allows one DSG server 100 or 102 to send common content in a single IP stream to the DSG agent 112, and then use a shared DSG tunnel to DSG clients from different manufacturers with different client IDs. This allows a one-to-many connectivity of DSG server 100 or 102 to DSG clients 106 and 107, while maintaining the requirement that one IP address is resolvable to only one MAC address. This is shown in example #5 in
DSG Channel List
A DSG channel is a downstream channel that contains one or more DSG tunnels. A DSG channel list is therefore a list of downstreams that contain DSG tunnels. Set-top devices pick a DSG channel from the DSG channel list based upon some owned criteria. The DSG channel list is not intended to indicate which set-top device should go on which downstream. Typically, the DSG channel list contains a list of all the DSG channels, and the DSG channel list will be advertised on all DOCSIS downstream channels, regardless if the DOCSIS downstream channel is a DSG channel. This typical scenario may have each DOCSIS downstream serving different physical areas of the plant. A single CMTS may actually span two regions of the plant which have different frequencies for their DOCSIS downstreams. Thus, the DSG channel list would be different for each of those regions.
As an example, if the DSG tunnels for a vendor A were on downstream A, the DSG tunnels for vendor B may be on downstream B, and downstreams C and D may have no DSG tunnels. In this example, the DSG channel list would exist on downstreams A through D, but only list downstreams A and B. The set-top device would decide whether to transition between downstream A and B based upon whether all its DSG clients were able to find their appropriate DSG tunnels.
The DSG clients 34 pull the extension out from the DCD message 55 and display it to a user. The user is then prompted to click on the displayed identifier if they wish to watch the advertised football game. A user selects the displayed message, for example, by selecting a button on a set-top control device 53. Detecting the selection, the DSG clients 34A and 34N extract rules and classifiers in the DCD message 55 required for receiving the football game over the DSG tunnel identified in DSG address table 57.
In
Thus, different endpoints can be assigned to a multicast group even over a one-way cable plant. This is different from conventional IP multicast sessions that require two-way communications. This is also different from the MPEG environment where tables are published in a MPEG structure but not sent over DOCSIS. The MPEG environment can not manage IP multicast information as described above. Conversely, MPEG manages broadcast channels on a time division multiplexed (TDM) MPEG transport.
The system described above can use dedicated processor systems, micro controllers, programmable logic devices, or microprocessors that perform some or all of the operations. Some of the operations described above may be implemented in software and other operations may be implemented in hardware.
For the sake of convenience, the operations are described as various interconnected functional blocks or distinct software modules. This is not necessary, however, and there may be cases where these functional blocks or modules are equivalently aggregated into a single logic device, program or operation with unclear boundaries. In any event, the functional blocks and software modules or features of the flexible interface can be implemented by themselves, or in combination with other operations in either hardware or software.
Having described and illustrated the principles of the invention in a preferred embodiment thereof, it should be apparent that the invention may be modified in arrangement and detail without departing from such principles. Claim is made to all modifications and variation coming within the spirit and scope of the following claims.
This application claims priority to U.S. Provisional Application No. 60/668,747, filed on Apr. 5, 2005, and to U.S. Provisional Application No. 60/635,995, filed on Dec. 13, 2004, and to U.S. Provisional Application No. 60/624,490, filed on Nov. 1, 2004, and to U.S. Provisional Application No. 60/622,312, filed on Oct. 25, 2004, and to U.S. Provisional Application No. 60/590,509, filed on Jul. 23, 2004, and to U.S. Provisional Application No. 60/588,635, filed on Jul. 16, 2004, and to U.S. Provisional Application No. 60/582,732, filed on Jun. 22, 2004, and to U.S. Provisional Application No. 60/574,876, filed on May 26, 2004, and to U.S. Provisional Application No. 60/574,506, filed on May 25, 2004.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4977593 | Balance | Dec 1990 | A |
| 5153763 | Pidgeon | Oct 1992 | A |
| 5457678 | Goeldner | Oct 1995 | A |
| 5604735 | Levinson et al. | Feb 1997 | A |
| 5724510 | Arndt et al. | Mar 1998 | A |
| 5784597 | Chiu et al. | Jul 1998 | A |
| 5805602 | Cloutier et al. | Sep 1998 | A |
| 5918019 | Valencia | Jun 1999 | A |
| 5931954 | Hoshina et al. | Aug 1999 | A |
| 5933420 | Jaszewski et al. | Aug 1999 | A |
| 5963557 | Eng | Oct 1999 | A |
| 6023769 | Gonzalez | Feb 2000 | A |
| 6078595 | Jones et al. | Jun 2000 | A |
| 6101180 | Donahue et al. | Aug 2000 | A |
| 6137793 | Gorman et al. | Oct 2000 | A |
| 6233235 | Burke et al. | May 2001 | B1 |
| 6233246 | Hareski et al. | May 2001 | B1 |
| 6275990 | Dapper et al. | Aug 2001 | B1 |
| 6331987 | Beser | Dec 2001 | B1 |
| 6381214 | Prasad | Apr 2002 | B1 |
| 6418324 | Doviak et al. | Jul 2002 | B1 |
| 6434141 | Oz et al. | Aug 2002 | B1 |
| 6438123 | Chapman | Aug 2002 | B1 |
| 6490727 | Nazarathy et al. | Dec 2002 | B1 |
| 6510162 | Fijolek et al. | Jan 2003 | B1 |
| 6516345 | Kracht | Feb 2003 | B1 |
| 6546017 | Khaunte | Apr 2003 | B1 |
| 6556591 | Bernath et al. | Apr 2003 | B2 |
| 6640248 | Jorgensen | Oct 2003 | B1 |
| 6693878 | Daruwalla et al. | Feb 2004 | B1 |
| 6697970 | Chisolm | Feb 2004 | B1 |
| 6698022 | Wu | Feb 2004 | B1 |
| 6751230 | Vogel et al. | Jun 2004 | B1 |
| 6763032 | Rabenko et al. | Jul 2004 | B1 |
| 6771606 | Kuan | Aug 2004 | B1 |
| 6804251 | Limb et al. | Oct 2004 | B1 |
| 6807193 | Beser | Oct 2004 | B1 |
| 6819682 | Rabenko et al. | Nov 2004 | B1 |
| 6829250 | Voit et al. | Dec 2004 | B2 |
| 6847635 | Beser | Jan 2005 | B1 |
| 6853680 | Nikolich | Feb 2005 | B1 |
| 6857132 | Rakib et al. | Feb 2005 | B1 |
| 6901079 | Phadnis et al. | May 2005 | B1 |
| 6930988 | Koodli et al. | Aug 2005 | B2 |
| 6950399 | Bushmitch et al. | Sep 2005 | B1 |
| 6959042 | Liu et al. | Oct 2005 | B1 |
| 6986157 | Fijolek et al. | Jan 2006 | B1 |
| 6993016 | Liva et al. | Jan 2006 | B1 |
| 6993353 | Desai et al. | Jan 2006 | B2 |
| 6996129 | Krause et al. | Feb 2006 | B2 |
| 7006500 | Pedersen et al. | Feb 2006 | B1 |
| 7007296 | Rakib et al. | Feb 2006 | B2 |
| 7023871 | Lind et al. | Apr 2006 | B2 |
| 7023882 | Woodward et al. | Apr 2006 | B2 |
| 7039049 | Akgun et al. | May 2006 | B1 |
| 7050419 | Azenkot et al. | May 2006 | B2 |
| 7065779 | Crocker et al. | Jun 2006 | B1 |
| 7067734 | Abe et al. | Jun 2006 | B2 |
| 7110398 | Grand et al. | Sep 2006 | B2 |
| 7113484 | Chapman et al. | Sep 2006 | B1 |
| 7116643 | Huang et al. | Oct 2006 | B2 |
| 7117526 | Short | Oct 2006 | B1 |
| 7139923 | Chapman et al. | Nov 2006 | B1 |
| 7145887 | Akgun | Dec 2006 | B1 |
| 7149223 | Liva et al. | Dec 2006 | B2 |
| 7161945 | Cummings | Jan 2007 | B1 |
| 7164690 | Limb et al. | Jan 2007 | B2 |
| 7197052 | Crocker | Mar 2007 | B1 |
| 7206321 | Bansal et al. | Apr 2007 | B1 |
| 7209442 | Chapman | Apr 2007 | B1 |
| 7269159 | Lai | Sep 2007 | B1 |
| 7290046 | Kumar | Oct 2007 | B1 |
| 7359332 | Kolze et al. | Apr 2008 | B2 |
| 7363629 | Springer et al. | Apr 2008 | B2 |
| 7467227 | Nguyen et al. | Dec 2008 | B1 |
| 7490345 | Rakib et al. | Feb 2009 | B2 |
| 7492763 | Alexander, Jr. | Feb 2009 | B1 |
| 7548558 | Rakib et al. | Jun 2009 | B2 |
| 7646786 | Droms et al. | Jan 2010 | B2 |
| 20010010096 | Horton et al. | Jul 2001 | A1 |
| 20010055319 | Quigley et al. | Dec 2001 | A1 |
| 20010055469 | Shida et al. | Dec 2001 | A1 |
| 20020009974 | Kuwahara et al. | Jan 2002 | A1 |
| 20020010750 | Baretzki | Jan 2002 | A1 |
| 20020023174 | Garret et al. | Feb 2002 | A1 |
| 20020052927 | Park | May 2002 | A1 |
| 20020062450 | Carlson et al. | May 2002 | A1 |
| 20020067721 | Kye | Jun 2002 | A1 |
| 20020073432 | Kolze | Jun 2002 | A1 |
| 20020073433 | Furuta et al. | Jun 2002 | A1 |
| 20020088003 | Salee | Jul 2002 | A1 |
| 20020093935 | Denney et al. | Jul 2002 | A1 |
| 20020093955 | Grand et al. | Jul 2002 | A1 |
| 20020131403 | Desai et al. | Sep 2002 | A1 |
| 20020131426 | Amit et al. | Sep 2002 | A1 |
| 20020133618 | Desai et al. | Sep 2002 | A1 |
| 20020136203 | Liva et al. | Sep 2002 | A1 |
| 20020141585 | Carr | Oct 2002 | A1 |
| 20020144284 | Burroughs et al. | Oct 2002 | A1 |
| 20020146010 | Shenoi et al. | Oct 2002 | A1 |
| 20020147978 | Dolgonos et al. | Oct 2002 | A1 |
| 20020154655 | Gummalla et al. | Oct 2002 | A1 |
| 20020161924 | Perrin et al. | Oct 2002 | A1 |
| 20020198967 | Iwanojko et al. | Dec 2002 | A1 |
| 20030014762 | Conover et al. | Jan 2003 | A1 |
| 20030026230 | Ibanez et al. | Feb 2003 | A1 |
| 20030043802 | Yazaki et al. | Mar 2003 | A1 |
| 20030058794 | Pantelias et al. | Mar 2003 | A1 |
| 20030061415 | Horton et al. | Mar 2003 | A1 |
| 20030066087 | Sawyer et al. | Apr 2003 | A1 |
| 20030067944 | Sala et al. | Apr 2003 | A1 |
| 20030101463 | Greene et al. | May 2003 | A1 |
| 20030140131 | Chandrashekhar et al. | Jul 2003 | A1 |
| 20030163341 | Banerjee et al. | Aug 2003 | A1 |
| 20030214943 | Engstrom et al. | Nov 2003 | A1 |
| 20030214982 | Lorek et al. | Nov 2003 | A1 |
| 20040039466 | Lilly et al. | Feb 2004 | A1 |
| 20040045037 | Cummings et al. | Mar 2004 | A1 |
| 20040071148 | Ozaki et al. | Apr 2004 | A1 |
| 20040073902 | Kao et al. | Apr 2004 | A1 |
| 20040101077 | Miller et al. | May 2004 | A1 |
| 20040105403 | Lin et al. | Jun 2004 | A1 |
| 20040105406 | Kayama et al. | Jun 2004 | A1 |
| 20040143593 | Le Maut et al. | Jul 2004 | A1 |
| 20040160945 | Dong et al. | Aug 2004 | A1 |
| 20040163129 | Chapman et al. | Aug 2004 | A1 |
| 20040181800 | Rakib et al. | Sep 2004 | A1 |
| 20040244043 | Lind et al. | Dec 2004 | A1 |
| 20040248530 | Rakib et al. | Dec 2004 | A1 |
| 20050010958 | Rakib et al. | Jan 2005 | A1 |
| 20050018697 | Enns et al. | Jan 2005 | A1 |
| 20050122976 | Poli et al. | Jun 2005 | A1 |
| 20050138669 | Baran | Jun 2005 | A1 |
| 20050198684 | Stone et al. | Sep 2005 | A1 |
| 20050201399 | Woodward, Jr. et al. | Sep 2005 | A1 |
| 20050220126 | Gervais et al. | Oct 2005 | A1 |
| 20050226257 | Mirzabegian et al. | Oct 2005 | A1 |
| 20050232294 | Quigley et al. | Oct 2005 | A1 |
| 20050259645 | Chen et al. | Nov 2005 | A1 |
| 20050265261 | Droms et al. | Dec 2005 | A1 |
| 20050265309 | Parandekar | Dec 2005 | A1 |
| 20050265338 | Chapman et al. | Dec 2005 | A1 |
| 20050265376 | Chapman et al. | Dec 2005 | A1 |
| 20050265392 | Chapman et al. | Dec 2005 | A1 |
| 20050265394 | Chapman et al. | Dec 2005 | A1 |
| 20050265397 | Chapman et al. | Dec 2005 | A1 |
| 20050265398 | Chapman et al. | Dec 2005 | A1 |
| 20050289623 | Midani et al. | Dec 2005 | A1 |
| 20060002294 | Chapman et al. | Jan 2006 | A1 |
| 20060098669 | Enns et al. | May 2006 | A1 |
| 20060126660 | Denney et al. | Jun 2006 | A1 |
| 20060159100 | Droms et al. | Jul 2006 | A1 |
| 20060168612 | Chapman et al. | Jul 2006 | A1 |
| 20070274345 | Taylor et al. | Nov 2007 | A1 |
| 20080037545 | Lansing et al. | Feb 2008 | A1 |
| Number | Date | Country |
|---|---|---|
| 0072509 | Nov 2000 | WO |
| 0072509 | Nov 2000 | WO |
| 2005117310 | Dec 2005 | WO |
| 2005117358 | Dec 2005 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20050265398 A1 | Dec 2005 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60574506 | May 2004 | US | |
| 60574876 | May 2004 | US | |
| 60622312 | Oct 2004 | US | |
| 60624490 | Nov 2004 | US | |
| 60635995 | Dec 2004 | US | |
| 60588635 | Jul 2004 | US | |
| 60582732 | Jun 2004 | US | |
| 60590509 | Jul 2004 | US | |
| 60668747 | Apr 2005 | US |
