Filter
Top Products
4-3
Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide
OL-2239-03
Chapter4 Configuring DOCSIS Baseline Privacy Interface on the Cisco uBR7200 Series
Enabling DOCSIS BPI
Differentiating Traffic Streams
BPI only encrypts data on the cable network and only encrypts the user data itself, not cable MAC
headers. BPI also does not encrypt MAC management messages. After BPI is enabled, however, and
encryption has been negotiated for a given SID, all user data sent via that SID is encrypted. BPI
differentiates traffic based on SID alone.
CM Communication with BPI
Figure4-2 illustrates BPI communications. When user A sends packets to user B, the CM encrypts those
packets using special keys specific to user’s A CM. Packets are then transmitted to the CMTS where
they are decrypted.
If user B is attached to the cable TV network, the CMTS then re-encrypts the information using a key
specific to user B and the encrypted data is passed to user B’s CM where it is decrypted and sent to user
B. In this manner, an unauthorized user is not able to see unencrypted traffic between user A and user B.
Caution Since BPI occurs only on the cable TV network, however, all traffic going upstream will be decrypted
as it passes the CMTS. If user A is attempting to communicate with someone beyond the cable
network—user C—all traffic beyond the CMTS will not be encrypted.
Figure4-2 BPI Encrypted Data on the Cable TV network
Enabling DOCSIS BPI
To enable BPI, choose software images at both the CMTS and CM that support the mode of operation.
For the Cisco uBR7200 series software, choose an image with “k1” in its file name or BPI in the
featureset description. For Cisco uBR924 cable access routers, all CM images from Cisco IOS
Release12.0(5)T1 or later support this by default. For earlier Cisco IOS release cable modem images,
choose an image with “k1” in its file name or BPI in the featureset description.