Manualshelf

Installation guide

ManualsBrandsCisco ManualsComputer equipmentUBR924 - uBR 924 Router
71727374757677787980
3-25
Cisco uBR7100 Series Universal Broadband Router Software Configuration Guide
OL-2238-03
Chapter 3 Configuring the Cisco Cable Interface
Enabling and Configuring Baseline Privacy
At that time, BPI provides basic protection against theft of service by ensuring the CM, identified by its
MAC address, can obtain keying materials only it is authorized to access. The CMTS replies with a list
of SIDs on which to run BPI. The reply also includes an authorization key from which the CM and CMTS
derive the keys needed to secure a CM’s subsequent requests for additional encryption keys. After
obtaining the traffic encryption key, the CMs begin to transmit encrypted data.
Differentiating Traffic Streams
BPI only encrypts data on the cable network and only encrypts the user data itself, not cable MAC
headers. BPI also does not encrypt MAC management messages.
After BPI is enabled, however, and encryption has been negotiated for a given SID, all user data sent
using that SID is encrypted. BPI differentiates traffic, based on the SID alone.
CM Communication with BPI
Figure 3-2 illustrates BPI communications. When user A sends packets to user B, the CM encrypts those
packets using special keys specific to the user’s CM. Packets are then transmitted to the CMTS where
they are decrypted.
If user B is attached to the cable TV network, the CMTS then re-encrypts the information using a key
specific to user B, and the encrypted data is passed to user B’s CM where it is decrypted and sent to user
B. In this manner, an unauthorized user is not able to see unencrypted traffic between user A and user B.
Caution Since BPI occurs only on the cable TV network, however, all traffic going upstream is decrypted as it
passes the CMTS. If user A is attempting to communicate with someone beyond the cable network—user
C—all traffic beyond the CMTS is not encrypted.
Figure 3-2 BPI Encrypted Data on the Cable TV Network
37395
Cable
modem
A
B
C
Cable
network
Cisco
uBR7100 series
CMTS
MSO
network
Internet
Communication from A to B
(cable network only) is secured by BPI
Communication from A to C (cable network and other networks)
is not fully secured by BPI
Cable
modem