Support User Manuals

Cisco Systems uBR7200 Network Router User Manual

Open as PDF

of 328

4-4

Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide

OL-2239-03

Chapter4 Configuring DOCSIS Baseline Privacy Interface on the Cisco uBR7200 Series

DOCSIS 1.1 Baseline Privacy Interface Plus Overview

Note For the CMTS, BPI is enabled by default when you select an image that supports BPI. For CMs, enable

BPI via the DOCSIS configuration file using one of the provisioning tools identified in the “DOCSIS

1.0 Feature Support” section on page1-49.

When baseline privacy is enabled, the CiscouBR7200series generates Traffic Encryption Keys (TEKs)

for each applicable SID; 56-bit encryption/decryption is the default for CiscouBR7200 series

equipment.

The router uses the keys to encrypt downstream data and decrypt upstream traffic from two-way

cableinterfaces. The CiscouBR7200series router generates keys for unicast, broadcast, and multicast

operation as appropriate. Keys are refreshed periodically and have a default lifetime of 12hours.

DOCSIS 1.1 Baseline Privacy Interface Plus Overview

DOCSIS 1.0 included a BPI to protect user data privacy across the shared-medium cable network and to

prevent unauthorized access to DOCSIS-based data transport services across the cable network. BPI

encrypts traffic across the RF interface between the cable modem and CMTS, and also includes

authentication, authorization, and accounting (AAA) features.

BPI supports access control lists (ACLs), tunnels, filtering, protection against spoofing, and commands

to configure source IP filtering on RF subnets to prevent subscribers from using source IP addresses that

are not valid.

DOCSIS 1.1 enhances these security features with Baseline Privacy Interface Plus (BPI+), which

includes the following enhancements:

• Digital certificates provide secure user identification and authentication.

• Key encryption uses 168-bit Triple DES (3DES) encryption that is suitable for the most sensitive

applications.

• 1024-bit public key with Pkcs#1 Version 2.0 encryption.

• Multicast support.

• Secure software download allows a service provider to upgrade a cable modem's software remotely,

without the threat of interception, interference, or alteration.

Note BPI+ is described in the Baseline Privacy Interface Plus Specification (SP-BPI+-I07-010829), available

from CableLabs (http://www.cablelabs.com).

previous next