Control Point Discovery (CPD)

Table Of Contents

Control Point Discovery (CPD)

Contents

Prerequisites for Control Point Discovery

Restrictions for Control Point Discovery

Information About Control Point Discovery

Control Points

Network Layer Signaling (NLS)

NLS for CPD

Control Point Discovery

CPD Protocol Hierarchy

Control Relationship

How to Configure CPD

Enabling CPD Functionality

Prerequisites

Examples

Configuring Control Relationship Identifier

Examples

Enabling NLS Functionality

Examples

Configuring Authorization Group Identifier and Authentication Key

Examples

Configuring NLS Response Timeout

Examples

Additional References

Related Documents

Standards

Technical Assistance

Command Reference

cpd

cpd cr-id

debug cpd

debug nls

nls

nls ag-id auth-key

nls resp-timeout

show cpd

show nls

show nls ag-id

show nls flow

Feature Information for Control Point Discovery

Control Point Discovery (CPD)

---

OL-14657-01

First Published: August 21, 2007

This document describes the Control Point Discovery (CPD) feature. This feature, along with Network Layer Signaling (NLS), enables automatic discovery of any control point associated with an end point

History for the Generic Routing Encapsulation Feature

Release	Modification
12.3(21a)BC3	This feature was introduced.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Control Point Discovery" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Prerequisites for Control Point Discovery

•Restrictions for Control Point Discovery

•Information About Control Point Discovery

•How to Configure CPD

•Additional References

•Command Reference

•Feature Information for Control Point Discovery

Prerequisites for Control Point Discovery

There are no prerequisites for CPD.

Restrictions for Control Point Discovery

•The CPD feature does not sync any dynamic CPD/NLS related data between the route processors (RPs). After sending a NLS challenge to the controller, the new active PRE will ignore the NLS response as a result of any RP switchover.

•The CPEs become inaccessible for a small duration during line card switchovers. During this interval, any CPD request received on CMTS will be responded to as if the endpoint is not connected or as if the control relationship is not supported.

•The CPD functionality is restricted to default VPN table id (0).

•Only manual configuration of NLS authentication pass phrase would be supported for CPD/NLS security.

•For NLS authentication, HMAC SHA1 (no configuration option) is used with MAC length truncated to 96 bits.

Information About Control Point Discovery

To configure the Control Point Discovery feature, you should understand the following concepts:

•Control Points

•Network Layer Signaling (NLS)

•Control Point Discovery

Control Points

Control points are points in a network that can be used to apply certain functions and controls for a media stream. In a cable environment, the control points are Cable Modem Termination Systems (CMTS) and devices that utilizes these control points are referred to as CPD Requestors (or controllers).

Cable CPD Requestors include the following:

•Call Management Server (CMS)

•Policy Server (PS)

•Mediation Device for Lawful Intercept (MD)

Network Layer Signaling (NLS)

Network Layer Signaling (NSL) is an on-path request protocol used to carry topology discovery and other requests in support of various applications. In the CPD feature, NLS is used to transport CPD messages.

NLS for CPD

NLS is used to transport CPD messages. The CPD data is carried under an application payload of the NLS and contains a NLS header with flow id. The NLS flow id is used during NLS authentication to uniquely identify the CPD requests and responses for an end point of interest.

NLS Flags

All NLS headers contain bitwise flags. The CMTS expects the following NLS flag settings for CPD applications:

•HOP-BY-HOP = 0

•BUILD-ROUTE = 0

•TEARDOWN = 0

•BIDIRECTOINAL = 0

•AX_CHALLANGE = 0/1

•AX_RESPONSE = 0/1

---

Note Any requests with flags other then AX flags, set to one will be rejected with an error indicating a poorly formed message.

---

NLS TLVs

The following NLS TLVs are supported for all CPD applications:

•APPLICATION_PAYLOAD

•IPV4_ERROR_CODE

•IPV6_ERROR_CODE

•AGID

•A_CHALLENGE

•A_RESPONSE

•B_CHALLENGE

•B_RESPONSE

•AUTHENTICATION

•ECHO

The following NLS TLVs are not supported for CPD applications:

•NAT_ADDRESS

•TIMEOUT

•IPV4_HOP

•IPV6_HOP

Control Point Discovery

The control point discovery feature allows CPD Requestors to determine the control point IP address between the CPD Requestor and the media endpoint.

Using Networking Layer Signaling (NLS), the control point discovery feature sends a CPD message towards the end point (MTA). The edge/aggregation device (CMTS), located between the requestor and the endpoint, will respond to the message with its IP address.

---

Note For Lawful Intercept, it is important that the endpoint does not receive the CPD message. In this instance, the CMTS responds to the message without forwarding it to its destination.

---

CPD Protocol Hierarchy

CPD messages are sent over the NLS.

The CPD Protocol Hierarchy is as follows:

1. CPD

2. NLS

3. UDP

4. IP

---

Note Since NLS is implemented on the UDP protocol, there is a potential of message loss. If messages are lost, the controller will re-send the CPD request in any such event.

---

Control Relationship

A control relationship between a control point and a controller is identified as a function on a media flow that passes through a control point. A control relationship is uniquely defined by a control relationship type (CR TYPE) and control relationship ID (CR ID). The CR ID is provisioned on CMTS as well as the controller.

Table 2 lists the supported CR TYPEs and corresponding pre-defined CR IDs

Table 1 Supported Control Relationship Types and Corresponding Control Relationship IDs

Control Relationship Type	Pre-Defined Corresponding Control Relationship ID
CR TYPE = 1 (Lawful Intercept)	CR ID = 1: CMTS
	CR ID = 2: Aggregation router or switch in front of CMTS
	CR ID = 3: Aggregation router or switch in front of Media Services
	CR ID = 4: Media Gateway
	CR ID = 5: Conference Server
	CR ID = 6: Other
CR TYPE = 2 (DQoS)	CR ID = 1: CMTS
CR TYPE = 3 (PCMM)	CR ID = 1: CMTS

How to Configure CPD

This section contains the following tasks:

•Enabling CPD Functionality

•Configuring Control Relationship Identifier

•Enabling NLS Functionality

•Configuring Authorization Group Identifier and Authentication Key

•Configuring NLS Response Timeout

Enabling CPD Functionality

To enable the CPD functionality, use the cpd command in global configuration mode. The CPD message authentication is determined by NLS configuration.

Prerequisites

The CPD message authentication is determined by NLS configuration.

SUMMARY STEPS

1. enable

2. configure terminal

3. cpd

4. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	cpd Example: Router (config)# cpd	Enables CPD functionality •Us the "no" form of this command to disable CPD functionality.
Step 4	end Example: Router# end	Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the cpd enabled on a router:

Router (config)# cpd

Configuring Control Relationship Identifier

To configure a Control relationship identifier (CR ID) for CMTS, use the cpd cr-id command. When CPD request comes with a wild-card CR ID, the CMTS will respond with this configured value.

SUMMARY STEPS

1. enable

2. configure terminal

3. cpd cr-id

4. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	cpd cr-id Example: Router (config)# cpd cr-id 100	Configures a control relationship identifier (CR ID) for CMTS. •The cr-id can be from 1 to 65535. •The default cr-id is configured as 1 (CMTS).
Step 4	end Example: Router# end	Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the cpd cr-id command configured with a cr-id number of 100 on a router.

Router (config)# cpd cr-id 100

Enabling NLS Functionality

To enable the NLS functionality, use the nls command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

SUMMARY STEPS

1. enable

2. configure terminal

3. nls

4. debug nls

5. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	nls Example: Router (config)# nls	Enables NLS functionality. •NLS authentication is optional. •It is recommended that NLS message authentication be enabled at all times.
Step 4	debug nls Example: Router# debug nls	Enables NLS debug functionality.
Step 5	end Example: Router# end	Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls command enbaled on a router.

Router (config)# nls

Configuring Authorization Group Identifier and Authentication Key

The Authorization Group Identifier (AG ID) and corresponding authorization key are provisioned on CMTS, as well as on controller/CPD requester.

To configure the Authorization Group Identifier and Authentication Key, use the nls ag-id command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

SUMMARY STEPS

1. enable

2. configure terminal

3. nls ag-id

4. debug nls

5. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	nls ag-id Example: Router (config)# nls ag-id 100 auth-key 20	Configures the Authorization Group Identifier and Authentication Key. •Authorization Group ID (AG ID) can range from 1 to 4294967294. •Authentication Keys can range from 20 to 64.
Step 4	debug nls Example: Router (config)# debug nls	Enables NLS debug functionality.
Step 5	end Example: Router# end	Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls ag-id command with an Authorization Group ID of 100 and Authentication Key of 20.

Router (config)# nls ag-id 100 auth-key 20

Configuring NLS Response Timeout

The NLS response timeout governs the time CMTS will wait for getting a response for a NLS authentication request.

To configure the NLS response timeout, use the nls ag-id command in global configuration mode. It is recommended that NLS message authentication be enabled at all times.

SUMMARY STEPS

1. enable

2. configure terminal

3. nls resp-timeout

4. debug nls

5. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	nls resp-timeout Example: Router (config)# nls resp-timeout 60	Configures the NLS response time. •NLS response times can range from 1 to 60 seconds. •NLS response time has a default setting of 1 second.
Step 4	debug nls Example: Router (config)# debug nls	Enables NLS debug functionality.
Step 5	end Example: Router# end	Exits global configuration mode and enters privileged EXEC mode.

Examples

The following example shows the nls resp-timeout command with a response timeout setting of 60 seconds.

Router (config)# nls resp-timeout 60

Additional References

The following sections provide references related to the CPD feature.

Related Documents

Related Topic	Document Title
CMTS	•Cisco CMTS Feature Guide •Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators •Transparent LAN Service over Cable •Troubleshooting the System

Standards

Standard	Title
Internet Draft, Network Layer Signaling: Transport Layer	Internet Draft, Network Layer Signaling: Transport Layer (IETF draft-shore-nls-tl-05.txt)
PacketCable™ Control Point Discovery Interface Specification	PacketCable™ Control Point Discovery Interface Specification (PKT-SP-CPD-I02-061013)

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Command Reference

This section documents only commands that are new or modified.

•cpd

•cpd cr-id

•debug cpd

•debug nls

•nls

•nls ag-id auth-key

•nls resp-timeout

•show cpd

•show nls

•show nls ag-id

•show nls flow

cpd

To enable the Control Point Discovery (CPD) feature, use the cpd command in global configuration mode. To disable CPD, use the no form of this command.

cpd

no cpd

Command Default

CPD is enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows the cpd enabled on a router:

Router (config)# cpd

Related Commands

Command	Description
cpd cr-id	Configures a control relationship identifier.

cpd cr-id

To configure a Control relationship identifier (CR ID), the cpd cr-id command in global configuration mode. To disable the CR ID, use the no form of this command.

cpd cr-id cr id number

no cpd cr-id

Syntax Description

cr id number

Control relationship identifier. The valid range is 1 to 65535.

Command Default

The cr-id is configured as 1.

Command Modes

Global configuration

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows the control relationship identifier configured as 236:

Router(config)# cpd cr-id 236

Related Commands

Command	Description
cpd	Enables CPD functionality.

debug cpd

To debug the CPD feature, use the debug cpd command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug cpd verbose

no debug cpd verbose

Syntax Description

verbose

(Optional) Displays detailed debugging information.

Command Default

Debug is disabled and CPD request and response messages are not displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows enabling the debug cpd command:

Router# debug cpd

Related Commands

Command	Description
cpd	Enables CPD.

debug nls

To debug the NLS request, use the debug nls command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug nls verbose

no debug nls verbose

Syntax Description

verbose

(Optional) Displays detailed debugging information.

Command Default

Debug is disabled and NLS messages are not displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows enabling the debug nls command:

Router# debug nls

Related Commands

Command	Description
nls	Enables Network Layer signalling (NLS) functionality.

nls

To enable Network Layer Signaling (NLS) functionality, use the nls command in global configuration mode. To disable NLS functionality, use the no form of this command.

nls [authentication]

no nls [authentication]

Syntax Description

authentication

(Optional) Enables NLS protocol security authentication.

Command Default

Disabled.

Command Modes

Global configuration

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Usage Guidelines

It is recommended that NLS message authentication is enabled all the time.

Examples

The following example shows nls enabled on a router:

router (config)# nls

Related Commands

Command	Description
cpd	Enables the CPD feature.
nls ag-id auth-key	Configures an Authorization Group Identifier (AG ID) for CMTS.
nls resp-timeout	Configures NLS response timeout.

nls ag-id auth-key

To configure an Authorization Group Identifier (AG ID) for CMTS, use the nls ag-id auth-key command in global configuration mode. To disable the AG ID, use the no form of this command.

nls ag-id auth-key

no nls ag-id auth-key

Syntax Description

ag-id number	Authorization Group Identifier. The valid range is 1-4294967294.
auth-key char	Authentication key provisioned on CMTS. The valid range is 20-64.

Command Default

Disabled

Command Modes

Global configuration

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows configuring the AG ID:

Router(config) # nls ag-id 345 auth-key 54

Related Commands

Command	Description
cpd	Enables CPD.
nls	Enables Network Layer Signaling (NLS) functionality.
nls resp-timeout	Configures NLS response timeout.

nls resp-timeout

To configure the NLS response timeout, use the nls resp-timeout command in global configuration mode. To disable CPD, use the no form of this command.

nls resp-timeout timeout number

no nls resp-timeout timeout number

Syntax Description

timeout number

Controls the time CTMS will wait before getting a response for an NLS information request. The valid range is 1-60 seconds. Upon a response timeout, the CPD message is dropped.

Command Default

The default timeout is 1 second.

Command Modes

Global configuration

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows configuring the NLS response timeout:

Router(config)#nls rssp-timeout 35

Related Commands

Command	Description
cpd	Enables CPD.
nls	Enables Network Layer signalling (NLS) functionality.
nls ag-id auth-key	Configures an Authorization Group Identifier (AG ID) for CMTS.

show cpd

To display the CPD functionality state, use the show cpd command in privileged EXEC mode.

show cpd

Command Default

Information for the CPD state is displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows the output of the show cpd command:

Router# show cpd

CPD enabled

CR ID :12345

Related Commands

Command	Description
cpd	Enables CPD.

show nls

To display the Network Layer Signalling (NLS) functionality state, use the show nls command in privileged EXEC mode.

show nls

Command Default

Information for the NLS state is displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows the output of the show cpd command:

Router# show nls

NLS enabled

NLS Authentication enabled

NLS resp-timeout 45

Related Commands

Command	Description
cpd	Enables CPD.

show nls ag-id

To display authorization group ID information, use the show nls ag-id command in privileged EXEC mode.

show nls ag-id

Command Default

Authorization group ID information is displayed. The authentication key is saved encrypted and is not displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows the output of the show nls-sg-id command:

Router# show nls ag-id

Auth Group Id

12345

Related Commands

Command	Description
cpd	Enables CPD.

show nls flow

To display NLS active flow information, use the show nls flow command in privileged EXEC mode.

show nls flow

Command Default

Information for NLS active flows are displayed.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(21a)BC3	This command was introduced.

Examples

The following example shows the output of the show cpd command:

Router# show nls flow

NLS flowid CPE IP CR Type CR ID NLS State

4294967295 16.16.1.1 1 1 PEND_B_RESP

Related Commands

Command	Description
cpd	Enables CPD.

Feature Information for Control Point Discovery

Table 2lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

---

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

---

Table 2 Feature Information for <Phrase Based on Module Title> 

Feature Name	Releases	Feature Information
Control Point Discovery	12.3(21a)BC3	The control point discovery feature allows CPD Requestors to determine the control point IP address between the CPD The following commands were introduced or modified by this feature: •cpd •cpd cr-id •debug cpd •debug nls •nls •nls ag-id auth-key •nls resp-timeout •show cpd •show nls •show nls ag-id •show nls flow

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.