Wow. I work as a systems engineer for a cable ISP. Your explanation of the basics of an RF plant and the CM registration process are spot-on! Definitely subscribing.
On the latency side, 6-7ms is about the best you'll get with DOCSIS. To go lower, you'll need DOCSIS Low Latency mode or DOCSIS Full Duplex, which is supported starting with DOCSIS 3.0 and DOCSIS 3.1 respectively. Other than that, great video! Old CMTSs and DSLAMs are pretty easy to get a hold of, and are fun to play with.
FDX was split off to define DOCSIS 4.0. "Low Latency DOCSIS" (LLD) is also a D4.0 feature. D3.1 has Active Queue Management (AQM) which helps lower latency. D2.0 introduced QoS that was the first attempts to reduce latency. (messing with the interleave depth can as well, but can create other issues.)
Thank you, good demo. I got my CCNP back in the early 2000s and I was surprised that CMTS snd DOCSIS were barely covered. The study material and exams spent a lot of time beating on ISDN and ISO networking. Most of the exams were pretty easy, but I saved routing for last. On all the exams up to that point, they would say “Congratulations, you passed your exam,” at the end. The routing exam had two configuration simulations and one was buggy so I had to click done and move on. Time ran out as I was answering the last question. At the end, all it said was “you completed this exam.” I assumed I flunked and walked away dejected, but the lady in charge came running, “Don’t you want your certificate?” I never worked in a large enough environment mor had a complex enough home lab that I believed I had enough hands-on experience to get through the lab based part CCIE exam. I was able to do all the practice I needed for the CCNP using a 24 port Catalyst switch and a 1711 security router. My employer was satisfied with CCNP so I left it at that.
Yeah it seems like this stuff is somewhat lacking in terms of documentation too, I mean there's good examples but there's no typical several hundred page Cisco book that goes over literally everything you need to know like there is for ADSL. I would love to get some form of certification but I don't know what to go for, I'm more interested in the voice portion than routing/switching.
@@KJ7BZC Thanks for the reply. I got my Cisco certification when I was between jobs. It was a good way to stay current. I know Cisco has branched out with some additional certification tracks, but I haven’t stayed up to date. My background was mainly the data side, but I did a little bit with the smaller Cisco PBX units (forget the model number at the moment) to distribute 23B+D ISDN primary into an IP phone network. The PBX configuration was pretty straight forward and auto configured many parameters. There was also a pretty good GUI management console which was simple enough for less experienced personnel to perform move/change updates. I also had some experience with Cisco modem banks for providing dial-up access fed from CAS T-1. The older units were actually US Robotics racks with 24 56K modems and Cisco router cards approximately like a 2600 router in them. Likewise, the documentation on Cisco TAC for those wasn’t too good. I’ve never worked in the CATAV industry, so it was very interesting to get an introduction to the hardware. My home landline is via a cable company Arris box separate from the cable modem. The boot-up is somewhere around three minutes. I don’t know much about the technology, which I assume is VOIP. The telephony appears to be a separate network though it shares the same distribution infrastructure. I have been impressed with the call quality because there is very little audio delay and in the 11 years I’ve had the service, I’ve never heard a s stutter or drop-out which belies it may be VOIP service. The acid test is that it is suitable for fax transmissions. The business I worked for decided to move from Centrex to owning its telephony infrastructure. AT&T tried to sell VOIP delivered over commodity Internet and call quality was inferior. We decided to use ISDN pri circuits from Level3.
It's actually kind of funny seeing work being done on these SurfBoard modems. I pulled out out of service a few months ago at a relative's house that had been in continual service since 2009. Spectrum never bothered to send them an upgrade, and it was still getting decent speeds when it was decommissioned.
Man the flood of memories that hit when I seen this gear, almost brought a tear to my eye. When we were rolling out Docsis 3.0 we kept coming across these 72xx series in areas that were forgotten about during D2 rollout. I wish I'd have grabbed some, they ended up at the recycler for sure.
These videos are awesome! You and clabretro are both relatively new to me, but i am loving the content! Currently i am on both gpon and xgspon, those would be some cool technologies to look into as well!
Nice video. DSL can also use DHCP to configure whatever's on the end of the circuit (CPE), once in sync it's just an Ethernet connection. A lot of ISPs use PPP because they know how it works and to make accounting a little easier. However, DSLAMs can inject the circuit number into DHCP requests coming from subscribers, so even without knowing the MAC of the CPE, the ISP know which circuit it accessing the network, and can account/log/whatever they need to do. I believe a similar thing applies to networks using PPPoE on DSL, the DSLAM can inject the circuit number, and then you could confirm that a PPP user is appearing from the correct port on the DSLAM (or even, the correct DSLAM at all.) Then once you have Ethernet and IP setup, the CPE could down a configuration from a provisioning server, but that's all vendor specific stuff at that point.
@@KJ7BZC Yeah worth a go, plus you don't get the MTU hit that PPPo(E/ATM/whatever) gives you. Most decent Telcos will enable baby-jumboframes on their DSLAMS/OLTs to give your port a 1508MTU, which means you can send full 1500MTU Ethernet frrames, as you have the extra 8 bytes for the PPP overhead.
_PPP because..._ they already had extensive PPP supporting infrastructure. (i.e. all those years of dialup modems.) There were even cable operators that used that crap. (PPPoE)
@@KJ7BZC there’s also the MTU overhead to consider. PPP adds an 8 byte overhead to the MTU, if the Ethernet link is set to 1500, using PPP reduces your usable MTU to 1492, which isn’t the best. There’s a way to get around it, and most telcos set their DSLAMs/OLTs to allow baby jumbo frames, typically allowing an MTU of 1508, so when you take away the PPP headers, you still have a full 1500 byte packets, rather handy. DHCP-based addressing avoids that entirely by not having an encapsulation protocol around the packets.
Always fun to see the old systems and how they are setup. Thank you for bringing this to our screens. As an improvement for your video making, a screen capture (or even a few screenshots edited for privacy) would improve clarity in reading configurations. There's all kinds of screen capture software out there, but the downside is that you then have to do video editing. Your current methods let you focus on the lab side of your channel rather than the video editing side, of course. It's understandable if you don't want to do all of the video editing work!
Yeah I would like to do screen capture for the configurations, but it's been a long time since I touched a video editing software. I'll probably give it a shot again in later videos, but this was of course just a short demo of it working, plenty more to come in the future.
Great job on the deep dive... This is bringing back memories when I deployed the first CMTS for a rural ISP Co-Op, I managed like 20 years ago... We used the exact same system as well as the multi channel card interface... Can't recall 100$%, but I can remember having issues because of missing or incorrect MAC-Host Authorization file mismatch or setup... We ended up using a solution from C9 networks.. It was a 1U "Pizza Box" style setup but it required an external server to handle all TFTP and policy.cm files... Looking forward to seeing your setup as your progress down the rabbit hole of legacy DOCSIS modems...
I'm glad for these videos, they convince me to look at ebay to discover just how unobtainably expensive things like this are on this side of the world still these days. But then the rest of the video saves me from having to play with one directly
Wow, never thought I'd see a working UBR 72xx again. I remember back in the day when we upgraded to VXR chassis' and had US/DS cards with built in upconverters (MC28u if memory serves?) Anyway, I wonder if your downstream speed issue has something to do with the DS freq you're using. I have no idea how the tuner in a modem will behave if your center freq isn't aligned to a proper EIA 6mhz wide channel. Try moving to a properly aligned channel like 633mhz, 639, 645, etc... For the upstream, if I remember correctly the default config is only a 1.6mhz wide channel at QPSK modulation, you need to configure 3.2mhz wide channel and a QAM16 modulation profile in order to get the max speed that the hardware can do which is in the neighborhood of 10Mbps. 2.5Mbps sounds about right for 1.6/QPSK. Going to 3.2 should get you 5Mbps and then QAM16 would double you again to 10Mbps. I probably have some old configs stashed away somewhere, let me know if you need any help and I can dig something out of the archives.
I love seeing these type of videos, especially with CATV systems. If you could cover HFC networks at some point I think that would make for a really interesting video. Like you said this is just a basic CMTS setup. Once you get into CMTSes and fiber nodes it can get very involved with DOCSIS and different setups.
@@KJ7BZC Something a lot of people don't realize: traditional HFC (before stuff like R-PHY) is all analog. Analog RF goes into the transmitter, gets converted to analog AM optical, goes over fiber, and the node puts it back to analog RF. There's a lot of tweaking with optical power meters and RF spectrum/DOCSIS analyzers involved, especially in the days of analog video.
Interesting that you need an L-band upconverter which supports a 44MHz input; most of the ones I've seen need a higher frequency input than that. I've seen a few cards for sale recently for that particular CMTS which have built-in downstream upconverters and they aren't terribly expensive.
LOL, DOCSIS was not just used over coax. We used to feed hundreds of clients on a single CMTS into a radio system running 3.6GHz band and up the mast to an Omni antenna to subcriber radios, back down to power injector and into Motorla SB modems.
Pretty cool. I always wanted to implement a CMTS using GNU Radio and a HackRF but i never found even the time to start researching all the protocols involved. I mean DOCSYS and DVB-C itself are big junky standards.
18:40 'Next-Server' is the IP address of your TFTP server hosting the configuration files. As you said the UBR has it's own built in, so you'll just be using that.
This is awesome, I'm currently working on a video with my Zyxel DSLAM with adsl2+ bonding, been trying to find a CMTS too but the prices for them are still high.
Sweet, I'd be interested to see that running, CMTSs are indeed expensive still. I would've liked a uBR7246VXR so I could use the cards with the integrated upconverter, maybe they'll come down further in price someday...
@@KJ7BZC Well, that got sidetracked as I just purchased a VES1724-56B2 with VDSL2 30a and bonding! So I'm going to try to set a video up with that instead.
I still come across the odd Surfboard every couple weeks it seems. And I still install or replace the odd Arris modem (we call em DPTs) but our ISP is selling most new customers converged phone service right out of the XB6/7/8s. Less money for us...
This just makes me think if it would be possible to have modem uplink on 6m and downlink on 70cm or 33cm band? A log periodic could work on the modem end and at the "headend" normal 6m and 70cm ATV band antennas.
Back in the day, you could win a race condition by hosting your own TFTP server over the ethernet port, offer up an edited config file and set a much higher upload/download speed than would normally be in the config file. Oh the good ole days (2000 & 2001)
That shouldn't have worked as late as 2000/2001. DOCSIS 1.1 and 2.0 security standards were very explicit on how that process was supposed to work. (but yes, the early years of DOCSIS [97/98] were full of bad engineering and designs.]
If you have old coax in your house but are no longer using it for internet or TV, there are devices called MOCA adapters that let you run 2.5Gbit ethernet connections across the COAX. Apparently they can also coincide with TV and Cable but I don't know if you get reduced speed or not. Might be a good way to get a wired connection across a house without having to go into the attic and run ethernet.
Do you have any info about pre-DOCSIS cable modems? I remember the first modem I had in the late 90s was a surfboard but it was a flat style, and remember we had to upgrade to a DOCSIS compatible one
16:59 What I would start with and I didn't really hear you say if you did this or not... You do have a domain listed in the config file yes.. However, did you set the A records from your domain hosting provider to your homes public IP? then open ports and forward them to the CMTS local ip from your home router / ISP modem. This could also be the cause for a few issues. The modems are trying to ping to a domain, and continue to be left with no response to download the config from the CMTS, which would also not be helpful trying to obtain a public ip from the CMTS network. That is where I would start with hopefully thats a fix for you.
dunno about older versions of docsis wrt: the date, but certificates can't be verified without the clock being set; the 'new' privacy & authentication modes use public key stuff to identify specific devices. mac cloning would work on some really old networks but i think even then they had other ways to control access w/ docsis 1.0
Hey buddy, what are you trying to do here? start DOCSIS ISP in a third-world country using decommissioned hardware from first-world countries. Great content guy.
Lmao I forgot it was named that, it's a particularly annoying piece of equipment at my friend's place that constantly has weird issues requiring me to telnet into it.
@@KJ7BZCis it possible that you can display any message to the on-screen display like you did in one of your videos with the computer running MS-DOS with a program running
Hey. That's a nice little setup. I'm not really into this type of setup. My skill set is more on the security side. I would say you are probably correct about the frequency generator not being the correct frequency as being the issue. I just wanted to chime in to warn about the type of info you share. In particular to the Mac address. If you could I'd definitely blur that out or just flat out not show it.
I don't think it really matters, the MAC address isn't exposed to the open internet at any point. Just like how people freak out if you accidently show a class A,B.C address.
Curious about this one, what is bad about sharing the MAC address of these modems? I could see it potentially being an issue if it was a modem in service still, but I just don't understand in the case of a lab setup like this.
@EvertG8086 I agree with this, Media Access Control (MAC) addresses really only matter in or with Address Resolution Protocol (ARP) tables, which you usually see in switches and end devices that are talking in local networks since that's handled at layer 2 of the Open Systems Interconnect (OSI) model. Routers and anything over longer distances (multiple hops) will care more about IP addresses (which are layer 3), but private IP ranges (like 192.168.anything.anything or 10.anything.anything.anything) don't reveal location information since those are always hiding behind Network Address Translation (NAT), typically with Port Address Translation (PAT). You would need the public facing IP address to cause issues. That said, those who don't know the difference tend to see any IP address and want to block it out because they are taking a safer stance on the basis of their lack of detailed networking knowledge. They (in this case @PinnacleSaint) mean well, and it's a rule that can be hard to parse without networking experience.
Hi, Maybe your low speed is du too buffering / timing configuration. Here some config i use for service class on a docis 3.0 cmts on my lab. It maybe can help you. Can reach nearby the max bandwidth of my mac domain. cable service-class 1 name SP-UNLIMIT-DOWN priority 3 max-traffic-rate 1000000000 max-traffic-burst 18000 min-packet-size 0 max-concat-burst 18000 req-trans-policy 0x0 tos-overwrite 0xFF 0x0 downstream app-id 0 multiplier-contention-req-window 4 multiplier-bytes-req 1 cable service-class 2 name SP-UNLIMIT-UP priority 3 max-traffic-rate 1000000000 max-traffic-burst 18000 min-packet-size 0 max-concat-burst 18000 req-trans-policy 0x0 tos-overwrite 0xFF 0x0 app-id 0 multiplier-contention-req-window 4 multiplier-bytes-req 1
@@KJ7BZC yes, there is some. But tuning those Can impact bandwidth speed and maybe there is some similar config on your. Also, euro docsis and us docsis have non similar max bw. Eurodocsis use 8mhz and us use 6mhz.(Pal/ntsc, it's based on dvb) There is also some similarities between D1, D2 and D3. D3 mostly add ds and us bonding as an example.
@@wrthchld That's not "authoritative". That's either an explicit configuration (IP list, acl, etc), or a lame attempt at security by looking for specific options. For example, APC's "magic cookie". (which is absolutely useless. It only confuses admins who don't know about it. A smart bot can see the request is from an APC device and put that stupid cookie in the response. It's a well known, static value. Even if people did change it, dhcp is unencrypted broadcast messages... you wrote the password on a whiteboard visible from the parking lot.) Cable modems don't need a special ("magic") DHCP server. They just demand a precise answer. Leave out an option, or format it in a way it doesn't like, and it may not work. The dhcp captures I have show modems only needing timezone, time server, bootfile (their configuration file), server IP (tftp server for the config), and packet-cable (option 177) It's possible they may require other bits from dhcp if they aren't in the config - like hostname and domain, which in my case is not coming from dhcp. (customers get NS+DN, but modems don't)
Try this IP... RUclips won't let me write or spell numbers. First octet is double 96 Second octet is double 84 Third octet is double 50 Fourth octet is one.
I worked for the cable Co... Tried to comment several times the secret IP to get to the cable modem page, but RUclips is deleting comments that contain numbers. Can you do something about that? I can't help you with tons of insider info if your comment restrictions are too tight.
They do that a lot nowadays to avoid those spam bot comments. I’m glad it’s gone, but sometimes it’s really annoying when it actually deletes useful comments.
I don't have anything configured to block certain comments apart from the ".vom" and ".fyi" link spam that was an issue a few years ago. I believe it's their algorithms trying to stop spam unfortunately.
There's no "magic IP". The modem gets everything from the CMTS. Once it has an acceptable DHCP answer for the HFC side of the system, it should be reachable at that address from the CMTS side. You will not be able to access anything other than the standard "hundred-dot-one" CPE UI from the CPE side. (even if you know the modems' HFC address; it is not accessible from the CPE side.) I'm pretty sure there's no HTML "admin" interface; there usually isn't even a shell (the "NOSH" firmware images.) It's all managed via SNMP.
@@jfbeam first off, let me list my credentials. I have a CCIE for DOCSIS and worked for a cable company. I went on to write firmware for 3com cable modems then went on to write firmware used in Motorola/Arris modems, 8ncluding the SB5100 in this video. I still have the source code. I can assure you I know what I'm talking about. Yes, the modem requests a dhcp IP from the CMTS, which is accessible on the HFC side. What you DON'T know is that most cable modems (including that SB5100, which happens to be a modem that I wrote firmware for, running VXWORKS on that modem) has a secondary hard-coded IP that I mentioned. And I'll give you a bonus tip. You don't have to add a local subnet to your NIC's routing table. Even thought your NIC will attempt to send packets destined for that subnet for the ISP default gateway, the modem sniffs for packets to that one IP and intercept them from the stream and directly responds to them. I never said there was shell access, without modification. But there is an admin login page accessible from the CPE side. It won't grant network access or let you change speeds. But neither will the SNMP. Those are done bty the configure file.
@@jfbeam myself and a few other collaboratively authored a book on cable modems called "Hacking the Cablemodem" under Ryan Harris/DerEngel. We were the founders of TCNiSO/Telesyn. If you want to learn about VXWorks and writing Cablemodem firmware, check it out. A lot of the source code in Blackcat/Sigma written by me is in that book.
Wow. I work as a systems engineer for a cable ISP. Your explanation of the basics of an RF plant and the CM registration process are spot-on! Definitely subscribing.
On the latency side, 6-7ms is about the best you'll get with DOCSIS. To go lower, you'll need DOCSIS Low Latency mode or DOCSIS Full Duplex, which is supported starting with DOCSIS 3.0 and DOCSIS 3.1 respectively.
Other than that, great video! Old CMTSs and DSLAMs are pretty easy to get a hold of, and are fun to play with.
interesting... that explains a lot about why the latency always seems higher than alternatives
FDX was split off to define DOCSIS 4.0. "Low Latency DOCSIS" (LLD) is also a D4.0 feature. D3.1 has Active Queue Management (AQM) which helps lower latency. D2.0 introduced QoS that was the first attempts to reduce latency. (messing with the interleave depth can as well, but can create other issues.)
Thank you, good demo. I got my CCNP back in the early 2000s and I was surprised that CMTS snd DOCSIS were barely covered. The study material and exams spent a lot of time beating on ISDN and ISO networking. Most of the exams were pretty easy, but I saved routing for last. On all the exams up to that point, they would say “Congratulations, you passed your exam,” at the end. The routing exam had two configuration simulations and one was buggy so I had to click done and move on. Time ran out as I was answering the last question. At the end, all it said was “you completed this exam.” I assumed I flunked and walked away dejected, but the lady in charge came running, “Don’t you want your certificate?”
I never worked in a large enough environment mor had a complex enough home lab that I believed I had enough hands-on experience to get through the lab based part CCIE exam. I was able to do all the practice I needed for the CCNP using a 24 port Catalyst switch and a 1711 security router. My employer was satisfied with CCNP so I left it at that.
Yeah it seems like this stuff is somewhat lacking in terms of documentation too, I mean there's good examples but there's no typical several hundred page Cisco book that goes over literally everything you need to know like there is for ADSL. I would love to get some form of certification but I don't know what to go for, I'm more interested in the voice portion than routing/switching.
@@KJ7BZC Thanks for the reply. I got my Cisco certification when I was between jobs. It was a good way to stay current. I know Cisco has branched out with some additional certification tracks, but I haven’t stayed up to date. My background was mainly the data side, but I did a little bit with the smaller Cisco PBX units (forget the model number at the moment) to distribute 23B+D ISDN primary into an IP phone network. The PBX configuration was pretty straight forward and auto configured many parameters. There was also a pretty good GUI management console which was simple enough for less experienced personnel to perform move/change updates. I also had some experience with Cisco modem banks for providing dial-up access fed from CAS T-1. The older units were actually US Robotics racks with 24 56K modems and Cisco router cards approximately like a 2600 router in them. Likewise, the documentation on Cisco TAC for those wasn’t too good.
I’ve never worked in the CATAV industry, so it was very interesting to get an introduction to the hardware. My home landline is via a cable company Arris box separate from the cable modem. The boot-up is somewhere around three minutes. I don’t know much about the technology, which I assume is VOIP. The telephony appears to be a separate network though it shares the same distribution infrastructure. I have been impressed with the call quality because there is very little audio delay and in the 11 years I’ve had the service, I’ve never heard a s stutter or drop-out which belies it may be VOIP service. The acid test is that it is suitable for fax transmissions. The business I worked for decided to move from Centrex to owning its telephony infrastructure. AT&T tried to sell VOIP delivered over commodity Internet and call quality was inferior. We decided to use ISDN pri circuits from Level3.
@@KJ7BZC There is, but this gear is so old they've deleted it from history.
It's actually kind of funny seeing work being done on these SurfBoard modems. I pulled out out of service a few months ago at a relative's house that had been in continual service since 2009. Spectrum never bothered to send them an upgrade, and it was still getting decent speeds when it was decommissioned.
I still come across the odd one every couple weeks.
I don't know what it is, put saying these old network labs just makes me so happy for some reason.
Man the flood of memories that hit when I seen this gear, almost brought a tear to my eye. When we were rolling out Docsis 3.0 we kept coming across these 72xx series in areas that were forgotten about during D2 rollout. I wish I'd have grabbed some, they ended up at the recycler for sure.
Awesome. I've been wanting to get into a setup like this, I appreciate you laying it all out in an easy to understand way!
These videos are awesome! You and clabretro are both relatively new to me, but i am loving the content! Currently i am on both gpon and xgspon, those would be some cool technologies to look into as well!
Nice video. DSL can also use DHCP to configure whatever's on the end of the circuit (CPE), once in sync it's just an Ethernet connection. A lot of ISPs use PPP because they know how it works and to make accounting a little easier.
However, DSLAMs can inject the circuit number into DHCP requests coming from subscribers, so even without knowing the MAC of the CPE, the ISP know which circuit it accessing the network, and can account/log/whatever they need to do.
I believe a similar thing applies to networks using PPPoE on DSL, the DSLAM can inject the circuit number, and then you could confirm that a PPP user is appearing from the correct port on the DSLAM (or even, the correct DSLAM at all.)
Then once you have Ethernet and IP setup, the CPE could down a configuration from a provisioning server, but that's all vendor specific stuff at that point.
In Poland. PPPoATM
Interesting, I do remember there being an option for DHCP in my modem as well, might have to give it a shot once I get that going again.
@@KJ7BZC Yeah worth a go, plus you don't get the MTU hit that PPPo(E/ATM/whatever) gives you. Most decent Telcos will enable baby-jumboframes on their DSLAMS/OLTs to give your port a 1508MTU, which means you can send full 1500MTU Ethernet frrames, as you have the extra 8 bytes for the PPP overhead.
_PPP because..._ they already had extensive PPP supporting infrastructure. (i.e. all those years of dialup modems.) There were even cable operators that used that crap. (PPPoE)
@@KJ7BZC there’s also the MTU overhead to consider.
PPP adds an 8 byte overhead to the MTU, if the Ethernet link is set to 1500, using PPP reduces your usable MTU to 1492, which isn’t the best.
There’s a way to get around it, and most telcos set their DSLAMs/OLTs to allow baby jumbo frames, typically allowing an MTU of 1508, so when you take away the PPP headers, you still have a full 1500 byte packets, rather handy.
DHCP-based addressing avoids that entirely by not having an encapsulation protocol around the packets.
Always fun to see the old systems and how they are setup. Thank you for bringing this to our screens. As an improvement for your video making, a screen capture (or even a few screenshots edited for privacy) would improve clarity in reading configurations. There's all kinds of screen capture software out there, but the downside is that you then have to do video editing. Your current methods let you focus on the lab side of your channel rather than the video editing side, of course. It's understandable if you don't want to do all of the video editing work!
Yeah I would like to do screen capture for the configurations, but it's been a long time since I touched a video editing software. I'll probably give it a shot again in later videos, but this was of course just a short demo of it working, plenty more to come in the future.
Thanks for showing some network hardware Ive always known about, but never seen before.
Great job on the deep dive... This is bringing back memories when I deployed the first CMTS for a rural ISP Co-Op, I managed like 20 years ago... We used the exact same system as well as the multi channel card interface... Can't recall 100$%, but I can remember having issues because of missing or incorrect MAC-Host Authorization file mismatch or setup... We ended up using a solution from C9 networks.. It was a 1U "Pizza Box" style setup but it required an external server to handle all TFTP and policy.cm files... Looking forward to seeing your setup as your progress down the rabbit hole of legacy DOCSIS modems...
I'm glad for these videos, they convince me to look at ebay to discover just how unobtainably expensive things like this are on this side of the world still these days. But then the rest of the video saves me from having to play with one directly
Love theese videos, really helps in understanding how a docsis provider can work
I was going to say, that thing looks like a 7200 series. Very cool hardware!
Internally they're a 7200VXR. The DOCSIS cards are longer, use more power, and generate _way_ more heat. Thus the oddball chassis.
Hey dude, just saw your channel! Love your style of video dude. Subscribed!
Very interesting video. Keep them coming!
love this stuff such a flashback to the only days how quickly fibre technology is replacing, absolutely everything in its path
Great video!
Wow, never thought I'd see a working UBR 72xx again. I remember back in the day when we upgraded to VXR chassis' and had US/DS cards with built in upconverters (MC28u if memory serves?) Anyway, I wonder if your downstream speed issue has something to do with the DS freq you're using. I have no idea how the tuner in a modem will behave if your center freq isn't aligned to a proper EIA 6mhz wide channel. Try moving to a properly aligned channel like 633mhz, 639, 645, etc... For the upstream, if I remember correctly the default config is only a 1.6mhz wide channel at QPSK modulation, you need to configure 3.2mhz wide channel and a QAM16 modulation profile in order to get the max speed that the hardware can do which is in the neighborhood of 10Mbps. 2.5Mbps sounds about right for 1.6/QPSK. Going to 3.2 should get you 5Mbps and then QAM16 would double you again to 10Mbps. I probably have some old configs stashed away somewhere, let me know if you need any help and I can dig something out of the archives.
Interesting stuff. I was always curious how this works behinds the scenes.
Great work, as is your DSLAM video. Will you be doing fiber GPON next?
I love seeing these type of videos, especially with CATV systems. If you could cover HFC networks at some point I think that would make for a really interesting video. Like you said this is just a basic CMTS setup. Once you get into CMTSes and fiber nodes it can get very involved with DOCSIS and different setups.
I'd love to do something with HFC, I really just need to learn the architecture first and figure out what equipment I need to keep an eye out for.
@@KJ7BZC Something a lot of people don't realize: traditional HFC (before stuff like R-PHY) is all analog. Analog RF goes into the transmitter, gets converted to analog AM optical, goes over fiber, and the node puts it back to analog RF. There's a lot of tweaking with optical power meters and RF spectrum/DOCSIS analyzers involved, especially in the days of analog video.
Interesting that you need an L-band upconverter which supports a 44MHz input; most of the ones I've seen need a higher frequency input than that. I've seen a few cards for sale recently for that particular CMTS which have built-in downstream upconverters and they aren't terribly expensive.
LOL, DOCSIS was not just used over coax. We used to feed hundreds of clients on a single CMTS into a radio system running 3.6GHz band and up the mast to an Omni antenna to subcriber radios, back down to power injector and into Motorla SB modems.
It was also used on wireless-cable installations, converting frequencies with LNBs to the 2.5ghz band :)
@@mystica-subs I just said that....
RUclips keeps deleting my comments with useful insider docsis info.
i like that thinkpad
Pretty cool. I always wanted to implement a CMTS using GNU Radio and a HackRF but i never found even the time to start researching all the protocols involved. I mean DOCSYS and DVB-C itself are big junky standards.
18:40 'Next-Server' is the IP address of your TFTP server hosting the configuration files. As you said the UBR has it's own built in, so you'll just be using that.
This is awesome, I'm currently working on a video with my Zyxel DSLAM with adsl2+ bonding, been trying to find a CMTS too but the prices for them are still high.
Sweet, I'd be interested to see that running, CMTSs are indeed expensive still. I would've liked a uBR7246VXR so I could use the cards with the integrated upconverter, maybe they'll come down further in price someday...
@@KJ7BZC Well, that got sidetracked as I just purchased a VES1724-56B2 with VDSL2 30a and bonding! So I'm going to try to set a video up with that instead.
I still come across the odd Surfboard every couple weeks it seems. And I still install or replace the odd Arris modem (we call em DPTs) but our ISP is selling most new customers converged phone service right out of the XB6/7/8s. Less money for us...
This just makes me think if it would be possible to have modem uplink on 6m and downlink on 70cm or 33cm band?
A log periodic could work on the modem end and at the "headend" normal 6m and 70cm ATV band antennas.
Back in the day, you could win a race condition by hosting your own TFTP server over the ethernet port, offer up an edited config file and set a much higher upload/download speed than would normally be in the config file. Oh the good ole days (2000 & 2001)
That shouldn't have worked as late as 2000/2001. DOCSIS 1.1 and 2.0 security standards were very explicit on how that process was supposed to work. (but yes, the early years of DOCSIS [97/98] were full of bad engineering and designs.]
If you have old coax in your house but are no longer using it for internet or TV, there are devices called MOCA adapters that let you run 2.5Gbit ethernet connections across the COAX. Apparently they can also coincide with TV and Cable but I don't know if you get reduced speed or not. Might be a good way to get a wired connection across a house without having to go into the attic and run ethernet.
Do you have any info about pre-DOCSIS cable modems? I remember the first modem I had in the late 90s was a surfboard but it was a flat style, and remember we had to upgrade to a DOCSIS compatible one
its possible the arris modem isnt liking the frequencies from your converter or its possibly not compatible with docsis 1.0
Don't tell anybody how the first docsis standard also worked over wireless.
16:59 What I would start with and I didn't really hear you say if you did this or not...
You do have a domain listed in the config file yes.. However, did you set the A records from your domain hosting provider to your homes public IP? then open ports and forward them to the CMTS local ip from your home router / ISP modem. This could also be the cause for a few issues.
The modems are trying to ping to a domain, and continue to be left with no response to download the config from the CMTS, which would also not be helpful trying to obtain a public ip from the CMTS network.
That is where I would start with
hopefully thats a fix for you.
dunno about older versions of docsis wrt: the date, but certificates can't be verified without the clock being set; the 'new' privacy & authentication modes use public key stuff to identify specific devices. mac cloning would work on some really old networks but i think even then they had other ways to control access w/ docsis 1.0
Huh, in metro Australia we have hybrid fibre coaxial. I thought the cmts was all fibre as it goes from coax to fibre in the street
Would a system like this be used with HFC cable?
Very interesting. Please find more interesting protocols and make labs like these.
Hey buddy, what are you trying to do here? start DOCSIS ISP in a third-world country using decommissioned hardware from first-world countries.
Great content guy.
is that a Motorola surf board.. have not seen one of those since 2000
They've made "surf board" ("SB"xxxx) modems for decades. Still are, in fact; SB8200. (aka CM8200) But the "fin" case design died with the 5100's.
15:15 Excuse me, what's that last saved putty connection?
Lmao I forgot it was named that, it's a particularly annoying piece of equipment at my friend's place that constantly has weird issues requiring me to telnet into it.
@@KJ7BZCis it possible that you can display any message to the on-screen display like you did in one of your videos with the computer running MS-DOS with a program running
Need more type 2
Yeah I've been meaning to work on that for a while lol, I'll get around to it sometime
Hey. That's a nice little setup. I'm not really into this type of setup. My skill set is more on the security side. I would say you are probably correct about the frequency generator not being the correct frequency as being the issue. I just wanted to chime in to warn about the type of info you share. In particular to the Mac address. If you could I'd definitely blur that out or just flat out not show it.
I don't think it really matters, the MAC address isn't exposed to the open internet at any point. Just like how people freak out if you accidently show a class A,B.C address.
Curious about this one, what is bad about sharing the MAC address of these modems? I could see it potentially being an issue if it was a modem in service still, but I just don't understand in the case of a lab setup like this.
@EvertG8086 I agree with this, Media Access Control (MAC) addresses really only matter in or with Address Resolution Protocol (ARP) tables, which you usually see in switches and end devices that are talking in local networks since that's handled at layer 2 of the Open Systems Interconnect (OSI) model. Routers and anything over longer distances (multiple hops) will care more about IP addresses (which are layer 3), but private IP ranges (like 192.168.anything.anything or 10.anything.anything.anything) don't reveal location information since those are always hiding behind Network Address Translation (NAT), typically with Port Address Translation (PAT). You would need the public facing IP address to cause issues. That said, those who don't know the difference tend to see any IP address and want to block it out because they are taking a safer stance on the basis of their lack of detailed networking knowledge. They (in this case @PinnacleSaint) mean well, and it's a rule that can be hard to parse without networking experience.
Hi,
Maybe your low speed is du too buffering / timing configuration.
Here some config i use for service class on a docis 3.0 cmts on my lab. It maybe can help you. Can reach nearby the max bandwidth of my mac domain.
cable service-class 1
name SP-UNLIMIT-DOWN
priority 3
max-traffic-rate 1000000000
max-traffic-burst 18000
min-packet-size 0
max-concat-burst 18000
req-trans-policy 0x0
tos-overwrite 0xFF 0x0
downstream
app-id 0
multiplier-contention-req-window 4
multiplier-bytes-req 1
cable service-class 2
name SP-UNLIMIT-UP
priority 3
max-traffic-rate 1000000000
max-traffic-burst 18000
min-packet-size 0
max-concat-burst 18000
req-trans-policy 0x0
tos-overwrite 0xFF 0x0
app-id 0
multiplier-contention-req-window 4
multiplier-bytes-req 1
I'll have to see if this unit supports these commands, I would assume there's a large difference between 1.0 and 3.0.
@@KJ7BZC yes, there is some. But tuning those Can impact bandwidth speed and maybe there is some similar config on your. Also, euro docsis and us docsis have non similar max bw. Eurodocsis use 8mhz and us use 6mhz.(Pal/ntsc, it's based on dvb) There is also some similarities between D1, D2 and D3. D3 mostly add ds and us bonding as an example.
I'd blame his obsession with "no interleave" is much of the problem. DOCSIS isn't designed to work like that.
The DHCP more than likely has to be an authoratative DHCP server.
No such thing. A DHCP server is a DHCP server. Who ever answers first "wins". (I guess you've never been on a network with a rogue dhcp server.)
Yes there is an authoritative dhcp server. Some devices will not respond to just any random dhcp server.
@@wrthchld That's not "authoritative". That's either an explicit configuration (IP list, acl, etc), or a lame attempt at security by looking for specific options. For example, APC's "magic cookie". (which is absolutely useless. It only confuses admins who don't know about it. A smart bot can see the request is from an APC device and put that stupid cookie in the response. It's a well known, static value. Even if people did change it, dhcp is unencrypted broadcast messages... you wrote the password on a whiteboard visible from the parking lot.)
Cable modems don't need a special ("magic") DHCP server. They just demand a precise answer. Leave out an option, or format it in a way it doesn't like, and it may not work. The dhcp captures I have show modems only needing timezone, time server, bootfile (their configuration file), server IP (tftp server for the config), and packet-cable (option 177) It's possible they may require other bits from dhcp if they aren't in the config - like hostname and domain, which in my case is not coming from dhcp. (customers get NS+DN, but modems don't)
Try this IP... RUclips won't let me write or spell numbers.
First octet is double 96
Second octet is double 84
Third octet is double 50
Fourth octet is one.
I'll give this a shot, hopefully it'll work.
@@KJ7BZC find it?
I worked for the cable Co... Tried to comment several times the secret IP to get to the cable modem page, but RUclips is deleting comments that contain numbers. Can you do something about that?
I can't help you with tons of insider info if your comment restrictions are too tight.
They do that a lot nowadays to avoid those spam bot comments. I’m glad it’s gone, but sometimes it’s really annoying when it actually deletes useful comments.
I don't have anything configured to block certain comments apart from the ".vom" and ".fyi" link spam that was an issue a few years ago. I believe it's their algorithms trying to stop spam unfortunately.
There's no "magic IP". The modem gets everything from the CMTS. Once it has an acceptable DHCP answer for the HFC side of the system, it should be reachable at that address from the CMTS side. You will not be able to access anything other than the standard "hundred-dot-one" CPE UI from the CPE side. (even if you know the modems' HFC address; it is not accessible from the CPE side.) I'm pretty sure there's no HTML "admin" interface; there usually isn't even a shell (the "NOSH" firmware images.) It's all managed via SNMP.
@@jfbeam first off, let me list my credentials. I have a CCIE for DOCSIS and worked for a cable company. I went on to write firmware for 3com cable modems then went on to write firmware used in Motorola/Arris modems, 8ncluding the SB5100 in this video. I still have the source code. I can assure you I know what I'm talking about.
Yes, the modem requests a dhcp IP from the CMTS, which is accessible on the HFC side.
What you DON'T know is that most cable modems (including that SB5100, which happens to be a modem that I wrote firmware for, running VXWORKS on that modem) has a secondary hard-coded IP that I mentioned. And I'll give you a bonus tip. You don't have to add a local subnet to your NIC's routing table. Even thought your NIC will attempt to send packets destined for that subnet for the ISP default gateway, the modem sniffs for packets to that one IP and intercept them from the stream and directly responds to them.
I never said there was shell access, without modification. But there is an admin login page accessible from the CPE side. It won't grant network access or let you change speeds. But neither will the SNMP. Those are done bty the configure file.
@@jfbeam myself and a few other collaboratively authored a book on cable modems called "Hacking the Cablemodem" under Ryan Harris/DerEngel. We were the founders of TCNiSO/Telesyn. If you want to learn about VXWorks and writing Cablemodem firmware, check it out. A lot of the source code in Blackcat/Sigma written by me is in that book.
Lots of these are going to be available cheap now that cable companies are finally switching to fiber.