SPAY009 – August 2002 White Paper

Requirements for a CableHome Residential Gateway

Lior Storfer, Product Marketing and Architectures Manager Jeff Mandin, Software System Architect Cable Broadband Communications Texas Instruments

Abstract • How are IP addresses Cable operators wish to deliver allocated within the home? additional services to the end user in a • How does the MSO support reliable and controllable way. The IP- problems within the home based is the natural network? infrastructure for delivery of these • How do we ensure that the services in the home. home network is secure? The CableHome initiative in CableLabs addresses the fundamental The discussions of the problems associated with having CableHome[1] forum covered a wide multiple IP devices within the home range of potential home network network: how addresses are allocated, architectures and reviewed the how the home network is secured and problems arising from them. The home how the multiple system operators network was divided into logical (MSO) can manage this to ensure domains, and devices were categorized service delivery. into several types. This paper presents CableHome Following the analysis phase, the from the MSO, end user and vendor’s CableHome forum focused on defining perspective. the requirements for the cable access device. CableHome 1.0 creates a foundation that guarantees home The Potential of the Home Network networks will have a consistent “look for Delivery of Services and feel” to enable services to heterogeneous devices. Potential and Problems The home network connects multiple Current Market Situation devices to enable the transfer of data to DOCSIS 1.0 and DOCSIS 1.1 cable end-points within the home. This creates are devices. This the opportunity to deliver new services means that in order for several home to the end user. devices to share an connection, The fundamental problem, each device must receive an IP address however, is that home networks must from the MSO. This creates a share some common “look and feel” provisioning burden on the MSO and the features to enable delivery of services in end user alike. a reliable way. These require answers to More and more users today buy a questions such as: “home ” type of device to augment the functionality of their cable .

Requirements for a CableHome Residential Gateway

These “home router” boxes provide In the case of “standalone PS,” functionality such as a dynamic host the additional device is an external configuration protocol (DHCP) server “home router” box that complies with and Address Translation (NAT/NAPT), CableHome. “Home router” boxes that which allow IP communication between will comply with CableHome will be very home devices and the global Internet, similar to the ones available in the while requiring only a single IP address market today but will share the same from the MSO. “look and feel.” This enables support These boxes also provide the from the MSO, optimizes utilization of end user with some level of additional the MSO’s hybrid fiber/coaxial (HFC) network security. Most provide NAT plant and provides the infrastructure for functionality; some provide a packet- the delivery of future advanced services. filtering or stateful . The end user is not always aware of the significant difference in the level of security Figure 1 illustrates these two options. provided by these two. HA with standalone PS Once a user installs a home

router, the MSO’s ability to support Cable PS CM problems in the home network becomes (Home Router) very limited. The behavior of the boxes varies between vendors, and the likelihood of a MSO support call (or HA with embedded PS even a service visit) rises significantly. In order to lay the foundation for Cable CM Router delivery of services into the home (CM+PS) network, these basic problems must be resolved. CableHome 1.0 addresses these issues. CableHome 1.0 Functionality Definition 1.0 covers the following major areas: CableHome 1.0 Overview - Addresses: How IP addresses are managed within the home Devices Affected by CableHome 1.0 network. CableHome 1.0 is focused on the Home - Management: With what tools, and Access (HA) entity. The HA is to what extent, the MSO supports composed of two components: the and controls the HA device. DOCSIS and a new - Security: How the home network is logical entity called the Portal Services protected with a firewall, as well as (PS). The PS may reside with the cable the means by which the HA modem or in an external box connected receives/ authenticates with the via /USB. Following similar Head End (HE) and receives naming convention to PacketCable[2], keying material. CableHome designates these two types - QoS: CableHome 1.0 defines very as “embedded PS” and “standalone limited Quality of Service (QoS) for PS.” An embedded PS is, thus, a cable proper function of PacketCable modem with home router functionality. devices.

2 SPAY009 – August 2002

Requirements for a CableHome Residential Gateway

Addresses in the Home Figure 2 below presents a typical home CableHome 1.0 defines a flexible means network. by which multiple devices in the home share a single connection to the external network and are allocated an external IP address used to communicate with the iMac external network. PC1 IP: 10.0.1.4 The HA is responsible for assigning addresses within the home. It performs

that by incorporating a DHCP server, PC2 IP: 10.0.1.5 which assigns IP addresses within the CM IP: 193.5.17.8 home. The IP addresses in the home NAT IP: 193.5.17.9 iMac are local to the home network. When accessing the external network, PC3 IP: 193.5.17.12 address translation (NAPT) is performed. Address translation is an effective Figure 2 presents a home network with mechanism for IP address sharing but three PCs. It assumes an HA with can cause complications with peer-to- embedded PS (i.e. a cable modem with peer applications like . As a firewall/NAT functionality). PC1 and PC2 remedy, CableHome allows specific both have local IP addresses that were devices to receive addresses in the received from the DHCP server located external address domain, or with NAT inside the CM. PC3 gets its IP address address translation, thus providing from the DHCP server at the Head End. maximum flexibility. It is an address outside the scope of the home. Securing the Home Network CableHome requires a stateful Implementing CableHome 1.0 inspection firewall to secure the home The layer 2 bridging architecture of the network. The firewall must be DOCSIS 1.1 cable modem can be manageable by the MSO and enable the naturally extended (with straight-forward MSO to upgrade the firewall functionality APIs) to support CableHome 1.0. The via download of a new configuration file. CableHome component performs To ensure the integrity of the firewall and NAT processing on packets management messages delivered to the after the preliminary bridging decisions HA, CableHome defines additional by DOCSIS are completed. security measures. The identity of the A security engine (similar to the HA is authenticated using one in PacketCable) implements the Kerberos/PKINIT (the same mechanism work of HA authentication and key used in PacketCable). exchange. Once authenticated, the simple Management network management protocol (SNMP) The MSO manages the HA with agent supports the CableHome MIBs for SNMP.v3 for protection against the management of the HA. Figure 3 snooping and spoofing. illustrates the software architecture of an HA with embedded PS. The HA

SPAY009 – August 2002 3

Requirements for a CableHome Residential Gateway

contains two logical entities: the Today a cable modem with a single DOCSIS cable modem and the PS. Ethernet port is a simple bridging device. In the future, even these “low end” cable modems may include Portal CableHome functionality, providing the DOCSIS CM Services user with firewall security as well as a DHCP TFTP TOD Security simple means to enable more than one Management SNMP PC in the home. The user just needs to buy a hub and connect it to the cable IP Stack modem. Sharing the Internet connection

Gateway: will already be taken care of by the HA Firewall DOCSIS Bridge component inside the cable modem box. NAT

End User Benefits 802.11 DOCSIS Driver Ethernet Wireles USB A box displaying the CableHome 1.0 Driver s LAN Driver sticker will provide the end user with the Driver following benefits: • Internet connection sharing: Ability to share a single Internet connection for multiple devices Differentiation in the home. CableHome 1.0 defines the basic • Enhanced and well-defined functionality that enables multiple security: devices in the home network to share a A firewall that can be managed secure connection to the external by the MSO and upgraded with network. For that purpose the HA device new policies. must implement the generic DHCP • Simple installation: Devices are server, firewall, NAT/NAPT and security easy to install in the home. features. • Support: Support is available Areas for vendor customization from the MSO if problems arise. include such features as VPN support and parental control, as well as the look- External CableHome Devices and-feel for the end user. Individual Today there are already millions of vendors will present different content in cable modems out in the field doing local Web pages that the user can simple bridging only. Users today solve browse in order to view and modify the the problem of Internet connection box’s configuration. To enable this, sharing by buying a home router device. boxes will likely include DNS and HTTP It is expected that in the future, servers. As well, CableHome does retail users will be able to buy home not require any specific physical routers that bear a CableHome sticker. networking media within the home. Once CableHome routers are readily Some vendors might offer Ethernet available, users will naturally prefer to within the home; others might offer a buy one that has the CableHome 802.11 access point. All can be sticker. CableHome compliant.

4 SPAY009 – August 2002

Requirements for a CableHome Residential Gateway

Next Steps IP devices within the home will be managed to ensure they receive the QoS data that is intended for them. Note that CableHome 1.0 addresses QoS in a the current CableHome 1.0 does very limited manner, ensuring provide some visibility to the IP device PacketCable traffic is handled correctly. performance via the CableHome Test It does not provide infrastructure for Portal. applications that require well-defined committed throughput and latency. Such Conclusion an infrastructure will be needed for time From an MSO, end user and vendor’s critical applications such as voice perspective, the IP-based home network delivery, video delivery and gaming. is the natural infrastructure for delivery of additional services in a reliable and Managing IP Devices controllable way. The CableHome 1.0 spec manages only the HA element. It does not specify how

Refererences

[1] http://www.cablelabs.com/cablehome/ [2] http://www.packetcable.com

*Reprinted with permission of NCTA, from the NCTA Technical Papers.

All trademarks are the property of their respective owners.

 2002 Texas Instruments Incorporated

Important Notice: The products and services of Texas Instruments Incorporated and its subsidiaries described herein are sold subject to TI’s standard terms and conditions of sale. Customers are advised to obtain the most current and complete information about TI products and services before placing orders. TI assumes no liability for applications assistance, customer’s applications or product designs, software performance, or infringement of patents. The publication of information regarding any other company’s products or services does not constitute TI’s approval, warranty or endorsement thereof.

SPAY009 – August 2002 5