Network Interface Unit, a Broadband Gateway Into the Home

Network Interface Unit, A Broadband Gateway Into The Home

Robert S. Burroughs Lucent Technologies, Cable Communications

Abstract ubiquity of their lines, their dominance of the commercial telephony market, their deep Cable has been promising two-way pockets, and their ability to bundle telephony services since the early 1970s, but only and high speed data in a single line. recently have significant numbers of Cable plants upgraded to full operational two-way. Market analysts are projecting revenues for high speed data services, from Cable Requirements are presented for Network Modem, to be from $11.9 billion [1] to $26 Interface Units (NIU) in two-way HFC billion [2], by 2003iii. Cable telephony could networks that are deploying or plan to reach 9 millioniv subscribers by 2003, at an deploy blended servicesi. Numerous attempts average of $35 per month, representing to deploy NIUs, mostly for broadband additional revenue of approximately $4 Conditional Access, have traditionally not billion. The projection for Cable’s video been very successful. An argument is put revenues for 2003, is about $38 billion. forth which encourages Cable to use NIUs to Clearly, cable data and telephony represent effectively deploy telephony and to use them considerable incentives to attract competition to secure a beachhead against competition. and venture capital.

The What, Why, and How of deploying Most current Cable telephony NIUs is discussed as well as several of the deployments are for switched rather than benefits, options, and problems to overcome. packetized telephony. This is due, in part, because the PacketCable specification is not complete. But, analysis demonstrates that INTRODUCTION even at the highest scales of economy, the total price per subscriber for the IP solution is Competition is the raison d’etre for NIUs. about half of that for the circuit switched Competition for the established Cable solution. The price gap is even larger when companies comes from overbuilders, the there are only a few subscribers on the Local Exchange Carriers (LEC), and the network. This suggests that IP telephony Competitive Local Exchange Carriers would be the natural tool for CLECs and (CLEC)ii. overbuilders to compete against the local telephone companies, and eventually against Overbuilders are differentiating Cable’s high-speed data and telephony themselves from the established Cable offerings. companies, by being more aggressive and deploying more of the new services, such as WHAT IS AN NIU? digital TV, Cable Modem, and cable telephony quicker. The LECs are capitalizing Definition : A Network Interface Unit on their Carrier Class networks, their (NIU) is a physical enclosure, located at the anticipated higher security, the world wide service endpoint, which connects between the

HFC network and local residential wiring. It HFC networks. But in today’s competitive establishes a point of demarcation between environment, NIUs and network powering the HFC network and the subscriber premise need to be an integral part of new HFC and may include a variety of functional network architectures. elements. To be an effective network element the The NIU demarcates, or clearly separates NIU needs to be more than just an RF the HFC network from the subscriber’s interface device. It can easily play a roll as

Demarcation HFC CPE

HFC CPE Broadband Service Drop Drop Control DOCSIS

Media IP HFC Cable Module LAN Mgmt Modem Embedded Power PacketCable Telephone MTA

Figure 1: NIU Major Components

network, and consequently demarcates the part of the distributed intelligence of modern Cable operator’s area of responsibility from HFC networks. the subscriber’s. Although the concept of an NIU can be used in traditional non-HFC NIU Components networks, the NIU is more suitable to the evolving HFC network architectures. HFC l HFC Management: terminates the coaxial was invented to exploit the broadband nature cable. It separates the RF signal into three of Cable. It has done very well for traditional components: one-way services for the past decade, but its real purpose was to encompass two-way − 50MHz to 860+ MHz (downstream) services. Because two-way services were not − 5MHz to 42 MHz. (upstream) widely available when HFC was deployed, − DC to 1 MHz. (power plus status) (the Internet was just beginning to emerge, telephony wasn’t even legal in most states, Additional Management Functions: interactive TV was faltering), NIUs were not seriously considered as an necessary part of − status monitoring of;

− NIU modules, One possible solution is to add a Gateway, − power usage, in the home, which would work together − the subscriber’s upstream RF, and with the NIU. The Gateway would control − other non-time-critical parameters all of the Home Networks and do all of the − control of upstream RF, from the necessary protocol and signal conversions subscriber, and downstream RF to the between Cable’s digital TV signals and subscriber those required by digital and/or analog TV − control of average power usage receiving devices. − other low speed data functions, such as meter reading, load shedding, etc. Some of the ways that an NIU can alleviate the Cable network/ CPE device interface dilemma are that the NIU: l Service Control provides demarcation of the RF, going to and coming from the − subscriber. It functionally: controls service access to the Gateway, for all TV channels − controls upstream impairments from (both digital and analog) − subscriber’s network ( e.g. RF drop), shares circuits, (such as the Out with an On/Off switch or filters Of Band modem), when there are − turns downstream services On and Off multiple TVs in the home − − allows a variety of conditional access does analog conditional access at control modules for analog and digital the demarcation point, so that this services, e.g. de-scrambling, traps, feature is not required in STBs or jammers, and whatever clever gateways (this is best done in the contraptions the vendors can conceive. NIU so that subscribers don’t have direct access to conditional Digital television and Open Cable access). present the same interfacing problem Cable has faced since the introduction of l DOCSIS Cable Modem, as an optional the first converter, Cable has more embedded element of the NIU, has key functionality than standard TV receiving system advantages: devices provide. The QAM is a prime − example of this trend. The 64/256 QAM, Cable Modems have an Ethernet bus, chosen by Cable, is not compatible with which can support multiple PCs in the either current TV receiving devices, or home. All that is needed is a twisted future digital TV receiving devices, since pair from the NIU (or a wireless LAN) 8VSB has been chosen as the North to each device that uses a data American broadcast standard for digital connection. Multiple Cable Modems transmission. Even if digital TV can be added for MDUs and receiving devices were equipped with enterprises. − 64/256 QAM receivers, the legacy NTSC it is always active, because of the and non-QAM receiving devices will lifeline feature, and is used for predominate well into the future. In the monitoring intrusions and hack attacks near term, it appears that Set Top Boxes − it can also be used in non-DOCSIS (STB) will be with us for some time, at modes to assist in HFC network least in the initial phases of digital TV. performance monitoring and control.

− a standard interface, such as PCMCIA l PacketCable MTA is the CableLabs is used to allow a variety of options interface, from Cable Modem to standard offered by several vendors. analog telephones. It is specified to have − the PCMCIA interface may make four twisted pair analog lines. If a Cable more sense in a Gatewayv in the Modem is included in the NIU, it is logical subscriber’s residence, so that the to include the embedded MTA to save a subscriber has easy access truck roll when the subscriber wants cable − in this case, the Ethernet, IP line, telephony. can be brought to the Gateway − it only makes sense to add the MM to − the MTA was created to attach to the an NIU if it is more cost effective than Ethernet bus of a Cable Modem adding a Gateway. located near a PC. But there is rational to embed the MTA in the NIU, where l Power is one of the critical elements, and twisted pairs to phones terminate problems, of NIUs. Operators are − each of the four lines can be requesting 5 watts or less of average power provisioned remotely from the OSS, no consumption (3 watts in some cases). truck rolls. Their concern is the cost of power, which − one of the lines can be provisioned to is significant when there are thousands of carry HPNA for other data services. NIUs deployed. l Media Module (MM) NIU power:

− The MM takes the IP output from the − Lifeline servicevi is required for Cable Modem and converts it to other primary line telephony standard interfaces, e.g. 802.11 and Bluetooth wireless, HPNA, etc. − For lifeline service, network power is

Fiber Node Large Battery Small/Medium Coa xial Plant Distribution Plant Distribution Hubs r be Fi NIU

PSTN

Interne t Master Headend * Power Node 90 V, 60 Hz 750 W to 6 kW Figure 2: Gratuitous Cable Network Power Architecture (Centralized Network Power)

more cost effective than batteries at the l Service and maintenance of NIU and NIU, when penetration of telephony subscriber’s account exceeds about 10%. − NIUs can be normally powered from Securing the Service the home and seamlessly switched to the network power when home power The NIU’s primary security feature, it is is lost out of reach and not easily tampered with by − New power distribution architectures the subscriber. It has tamper alarms that are evolving for Cable (Figure 2) indicate attempted tampering, either with the − these new architectures will have HFC drop cable or the NIU. If there is an status monitoring and control intrusion attempt, an alarm is sent to the capabilities, which could lessen Operations Support System (OSS) and the the burden of CMTSs to support appropriate action is taken locally within the similar functions NIU, (e.g. turn off all services, turn off specific services, inhibit the upstream), to be Operations and Maintenance (O&M) followed up by the Cable operator’s action.

A means is provided to provision an NIU, Key security functions: even if there is not an embedded Cable Modem or the Cable Modem has not yet been l NIU is always active initialized. An Out Of Band (OOB) modem is used either to work, as the Open Cable − tamper alarms OOB channel, or over the cable network − continuous monitoring of NIU status power system, using power line transmission and HFC network standards. − lifeline functionality for telephone

Provisioning includes functions such as: l Control of subscriber’s access to HFC: l Initial installation of NIU, − upstream RF − downstream RF − NIU arrives fully tested and configured with all security mechanisms ready l Modular for easily upgrading or changing − NIU is installed in a convenient services and features by service location for service and if possible, technicians close to telephony and power. − before installation l Common X.509 certificate and secret − subscriber has prepared all encryption keys, embedded by networks and wiring manufacturer, − Cable operator could use a separate group that does wiring − difficult to clone, because Cable installations operator knows credentials of all NIUs − − retail Cable Modems, MTAs, and STBs, l Changing and ordering services (basic, still represent a threat, but if there is pay, data, telephone) any suspected attacks, the NIU can block service.

HFC network functions, essential for telephony and effective high-speed data:

WHY USE AN NIU? l Network integrity, l Operations and Maintenance, Competition. By installing NIUs, the l Service access control. competition can roll out high speed data and telephony services faster than retail Network integrity distribution or in-home boxes. And the NIUs provide a more secure environment and a l Access and throughputs for Cable Modem well-behaved cable plant. NIUs are a key upstream traffic are increased because network element for competing in the high- impairments generated in the home do not speed data and telephony businesses. get into the HFC upstream. These can come from: l High speed data and telephony are − RF leakage; from TVs, VCRs, and profitable businesses in their own right STBs. and are a good way to gain new revenues − motors and cordless phones, (about $ 20 billion by 2003). − computers and other digital devices l DOCSIS and Packet Cable standards − disconnected coaxial drops dragged offer an attractive opportunity for CLECs across the radiator and Cable overbuilders l End-To-End IP telephony is substantially l Hackers don’t have direct access to the less expensive to deploy than the standard HFC network switched telephony approach, making it l High peak levels of upstream transmitter easier to compete with established bursts, (from Cable Modems or STBs in telephone companies using switched the home), will cause clipping in the technologies. upstream laser. Harmonics are generated l The battle for the subscriber’s data which can affect the full 5 to 42 MHz business could well hinge on the telephony spectrum. This can be detected and offering. controlled by the NIU. l Since PacketCable telephony requires a DOCSIS Cable Modem, it makes sense to Operations and Maintenance (O&M) deploy NIUs with these devices installed l LECs hold the edge in telephony, with The key to O&M is to reduce truck rolls: carrier class networks, business ex- perience, and worldwide presence. When l is conveniently located for service access. they get their high speed data act together, − typically external to the residence they will be a formidable competitor. l has status monitoring and control functions, Even though the Cable Modem and MTA l is modular for easy upgrading , are planned to be available through retail and l has tamper alarms supported by several MSOs, there are good system reasons for including these devices in Service Access Control the NIU. An NIU provides three important

Cable now can offer a broad array of − the hacker then inserts their own services to the subscriber. All of these downstream channel, and begins to services require access control, not only for initialize other Cable Modems, the distribution of downstream services, but bypassing security. also controlled use of the upstream, where − once initialized the rouge CMTS can bandwidth is scarce and the spectrum needs then download new software to the protection. unwary Cable Modems . − with the new software, the It is more difficult to secure services in the hacked Cable Modems can subscriber’s home, without an NIU: now be directed to send data to the hacker’s CMTS, or to − the devices can be powered off, so that process any requests the hacker the devices can not be continuously has for data. monitored for tampering, as can be done in the NIU − encryption keys and certificates are not HOW TO IMPLEMENT AN NIU in a trusted environment. − cloning threats, which can be reduced for in-home units as described in [3], How to provision an NIU, when it is still extorts a considerable burden on initially installed, is a matter of strategy. Not the CMTS every subscriber needs an NIU initially. It is only needed in those nodes that have There are several attacks a hacker can telephony or Cable Modem subscribers. launch against data and telephony services: What to put in the NIU, is also a matter of strategy. The basic elements are all required l Disruptive Attacks - inject impairments for network integrity, but different flavors of into the network to disrupt service, each element can be implemented. If the NIU and its interfaces are standardized by the l Mild Attacks SCTE, a variety of vendors will be available − sniff the downstream to learn when to supply modules. other Cable Modems are scheduled to transmit, and jam their bursts with the Installing the Cable Modem and MTA in intention of gaining more bandwidth every NIU, is primarily a cost and powering − get your own map information, but jam issue. If the Cable Modem is deployed in the other modems form getting their NIU, the MTA might as well be added too, information in the downstream because it is a modest cost-up. The cost will likely be offset by a simplification of l Sophisticated Attacks provisioning, (e.g. reduced truck rolls), when − clone Cable Modems, MTAs, and the subscriber eventually decides to try Cable STBs telephone service. − use authorized Cable Modems to steal service: Semiconductor vendors are continually − jam the downstream so that Cable integrating more functions into less chips Modems begin searching for with smaller geometry’s. Soon a single chip another downstream frequency. that does a complete Cable Modem and MTA

will be available. A logical argument could home. Network power is seamlessly be made to include the Cable Modem and the activated when home power is lost MTA in all NIUs. (Lifeline capability) l HFC Network Interface includes: l Status, monitor and control − diplexer for separating the spectrum: − powerline modem is used (e.g. CEBus − 40 to 90 VAC power spread-spectrum modem) − power line modem (status and − alternatively Open Cable Out Of control) Band (OOB) modem, or Cable − downstream (50 - 860+ MHz.) Modem could be used − upstream (5-42 MHz.) − monitored parameters − embedded Cable Modem (5 to 860+ − power usage and status MHz) − subscriber upstream power and − Low Noise Amplifier (LNA), optional, impairments to improve the noise figure of the − NIU functional status (all modules) downstream RF. − downstream status (requires Cable Modem or status monitoring plug-in l Power supply for downstream processing module − operates with network power (40 to 90 − tamper alarm V, 60 Hz) − controls − or 110 VAC home power − downstream service control (On/Off, − primary power is software selectable conditional access) from either network or the home. − upstream control (On/Off, filter adjust) − when primary power is from the − Cable Modem disconnect/connect

HFC DOCSIS IP LAN Network CableModem Telephone (4) Coaxial MTA Home Drop HFC 50-860 Network Coax -broadband Network Downstream Interface Interface Signal Processing 5-42 Home Power Upstream Signal Processing 115 VAC 40-90 VAC Data

Status Demarcation Monitor Power & Control

Figure 3: NIU Architecture - Typical Implementation − NIU master reset certificates. And with tamper monitoring in the NIU, any attempt to l Downstream processing gain illegal access to the NIU will A simple embodiment includes: result in an alarm being transmitted to the OSS and a possible disconnection − service On/Off switch from service. − Broadband amplifier, with digitally controlled output level l Home Network Interface (+Media − diplexers Adapter)

Provisions are made to incorporate There are four primary interfaces into the additional functionality by using plug-in home, from the NIU: modules: − filters and traps − coaxial drop, feeds any TV receiving − tuners devices or Cable Modem devices − − analog descrambler IP Ethernet, either 10BaseT or − other conditional access technologies 100BaseT is available − four twisted pair standard analog Downstream processing could also telephone lines contain QAM demods for digital TV − home power (optional) l Upstream processing The Media Adapter allows other Basic functionality includes an On/Off interfaces into the home: switch and upstream power level detector − Home PNA, Cable Modem data is Other plug-in modules could: multiplexed with one of the analog lines − filter specific upstream channels − PCMCIA, allows Cable Modem data to interface to several l Embedded Cable Modem and MTA transport interfaces such as IEEE 802.11 wireless. There are several advantages to including the DOCSIS Cable Modem and Enclosure: the Packet Cable components in the NIU: There are several challenges for housing − the data and telephony modules will be the NIU functions, including: isolated from any impairments generated in the subscriber’s RF network l Environment − a higher level of security is achievable l Heat dissipation because, the Cable Modem can always l Component access be guaranteed to be active. l Security − cloning attacks described in [3] are not a serious problem, because the High tech plastic has been effectively used subscriber doesn’t have access to to deal with typical environments that the either the embedded keys or NIU will encounter.

efforts toward standards for NIUs and NIU The use of multilayer polymer structures, plug-in modules. for the enclosure allows taylor-made properties meeting a wide range of Two types of standardized modules are requirements for the NIU. Plastics can be needed. Analog RF modules, which plug into made to meet the stringent requirements of an an RF bus and digital modules which use a NIU, but are much lower in cost than similar standard data bus, such as the PCI bus. All metal enclosures. For example, an enclosure modules should be plug-and-play at the cable consisting of a multilayer sandwich structure network level so different configurations can can be made particularly suitable for NIUs be easily changed or upgraded by service used outside. Structures can be made to personnel working in conjunction with the exhibit excellent long term weatherability and OSS. UV stability, good impact properties, (even at temperatures below -40 degrees centigrade), The downstream and the upstream signal and good chemical resistance. processing are separated in the NIU and each is processed independently. The upstream Heat dissipation is a major problem when processing has the capability to turn off the designing low cost electronic enclosures for upstream or filter impairments from the outdoor environments, particularly those Home Network. The downstream has a wide Arizona summers. A common approach is to band amplifier to compensate for losses put a large heat sink on the back of the NIU incurred by the Home Network. Addition- to dissipate the heat. This approach can be ally, conditional access technology for the expensive and makes for a heavy NIU. New analog and/or digital channels can be added, tools for meeting the challenges of outdoor depending on the Cable operator’s preferred environments are becoming available. implementation. Various types of conditional Semiconductor technologies, such as silicon- access technologies are available in the on-insulator, are currently used to make market, and could easily be adapted to the Cable tuners covering the Cable spectrum to NIU if standardized interfaces are defined by 860+ MHz. The typical operating range the industry. exceeds 85 degrees centigrade. Other high tech means to absorb or dissipate the heat Status Monitor from NIU components, such a heat absorbing gels and forced ventilation techniques, are A key NIU element is the status monitor being tested. The problem is still waiting on and control modem. This is used for an elegant solution. Fortunately there are provisioning (activating / deactivating condi- many solutions currently being developed, tional access, supporting plug-and-play not only for Cable, but for NIUs deployed for capability), monitoring the status of the telephony and other equipment such as upstream, downstream, and key elements of cellular base stations. the NIU.

Component access provides security, Power determines the ease of provisioning and servicing, and the flexibility to upgrade. It And finally a means of maintaining power would be a major advantage to the Cable in the NIU, even if the power is lost in the industry, if it were to turn its standardization home. This only critical when cable data and telephony services are deployed, to be able to [4]Jones, Doug, “PacketCable Security provide the lifeline capabilities provided in Overview”, Conference on Emerging primary line telephony, and may not be Technologies, January 11-13, 2000, needed for NIUs that only provide an RF Proceedings Manual. demarcation. The NIU can be powered from [5] Burroughs, Robert, “A Point of Entry the home, but when there is a power outage in Interface for 2-Way Broadband Information the home the HFC network should provide Delivery”, June 7, 1993, NCTA Cable ’93 the power, seamlessly, with no interruption of Proceedings Manual. service. This power could be, and is currently, provided by batteries located at the ACRONYMS home, but when the service penetration is greater than 10%, network powering becomes CLEC Competitive Local Exchange less expensive than the cost of the batteries, Carriers not to mention the ease and cost of CMTS Cable Modem Termination maintenance. System CPE Consumer Premise Equipment

CONCLUSION DOCSIS Data Over Cable System Interface Specification Home Phoneline Networking HPNA Ten years from now, 2010, virtually all Alliance HFC networks will have NIUs. That is a LEC Local Exchange Carrier pretty strong statement, but operators deploy HFC for their ability to provide blended two- LNA Low Noise Amplifier way services. Telephony could be the trump card that captures the high-speed data MM Media Module subscriber. This could be a likely scenario because, Cable has three strong competitors, MTA Multimedia Terminal Adapter LECs, CLECs, and overbuildersvii who will push for combined telephony and high-speed O & M Operations and Maintenance data services. As competition intensifies, over the next few years, NIUs will be required OOB Out Of Band to be able to manage the HFC networks efficiently and to enable the deployment of OSS Operations Support System new services and innovations rapidly. PCMCIA Personal Computer Media REFERENCES Communication Interface Adapter [1] Research group Kinetic Strategies, QAM Quadrature Amplitude (11/99) Modulation [2] IDC report (12/99) RF Radio Frequency ( > 5 MHz) [3] Medvinsky, Sasha; Anderson, Steven, “DOCSIS Security vs. Cable Modem SCTE Society of Cable Cloning”, Conference on Emerging Telecommunications Engineers Technologies, January 11-13, 2000, VSB Vestigial Side Band Proceedings Manual.

NOTES i Blended service, is a term that is currently in vogue to describe the new services that will be introduced when the PacketCable standard is implemented. It includes, high-speed IP data, IP telephony, streaming video, digital and interactive TV. With PacketCable, all of the services tend to blend together. ii CLEC, sounds like a tribe out of Star Wars. But, they are entrepreneurial companies that are competing with local telephone companies for the local telephone business. They’re typically very aggressive and looking for every avenue to compete. iii Cautionary note: Kagan, Q1 99, projected Cable’s high-speed data revenues to be only $3.8 billion by 2004. But, with Cable modems reaching more than 2 million units by 2/2000, this number appears too low, if you assume an average 1 month rental of $40. iv Typical number, at high end, from several sources: Forester 2/99- 9.1 million, Goldman Sachs 7/99 - 9 million, Kagan 6/99 - 5.8 million v The term Gateway usually refers to a device that passes traffic between different protocols, such as between Ethernet and Bluetooth protocols. The term gateway is used in its generic context, in the title of this paper, to mean the door between the subscriber’s Home Network and the HFC network. vi Lifeline power: power is available to make telephone calls even if there is no power in the residence. vii since the Internet represents a huge opportunity, there are more than the four major players looking to gain market share: satellite, wireless - PCS and broadband.