Kabelska TV + Internet

Kot vemo, pri kabelski ne moremo imetu samo interneta, ampak moramo obvezno še vzeti TV...

Mene zanima -- glede na to da je oboje na istem kablu -- če bi bilo možno naročit samo kabelski TV, potem pa ta priključek uporabljati za internet?

Če ne drugega, se mi to zdi kot zanimiv tehniški problem :)

Teoretično izvedljivo je, ti pa je Spajky napisal oviro, kjer se teorija ustavi.

DOCSIS

Equipment

A DOCSIS architecture includes two primary components: a cable modem (CM) located at the customer premises, and a cable modem termination system (CMTS) located at the CATV headend. Cable systems supporting on-demand programming use a hybrid fiber-coaxial system. Fiber optic lines bring digital signals to nodes in the system where they are converted into RF channels and modem signals on coaxial trunk lines.

A typical CMTS is a device which hosts downstream and upstream ports (it is functionally similar to the DSLAM used in DSL systems). While downstream and upstream communications travel on a shared coax line in the customer premises, and connect to a single F connector on the cable modem, it is typical for the CMTS to have separate F connectors for downstream and for upstream communication. This allows flexibility for the cable operator. Because of the noise in the return (upstream) path, an upstream port is usually connected to a single neighborhood (fiber node), whereas a downstream port is usually shared across a small number of neighborhoods. Thus, there are generally more upstream ports than downstream ports on a CMTS. A typical CMTS has 4 or 6 upstream ports per downstream port.

Before a cable company can deploy DOCSIS 1.1 or above, it must upgrade its Hybrid fiber-coaxial (HFC) network to support a return path for upstream traffic. Without a return path, the old DOCSIS 1.0 standard still allows use of data over cable system, by implementing the return path over regular phone lines, e.g. "plain old telephone service" (POTS). If the HFC is already 'two-way' or "interactive", chances are high that DOCSIS 1.1 or higher can be implemented

The customer PC and associated peripherals are termed Customer-premises equipment (CPE). The CPE are connected to the cable modem, which is in turn connected through the HFC network to the CMTS. The CMTS then routes traffic between the HFC and the Internet. Using the CMTS, the cable operator (or Multiple Service Operators - MSO) exercises full control over the cable modem's configuration; the CM configuration is changed to adjust for varying line conditions and customer service requirements.

DOCSIS 2.0 is also used over microwave frequencies (10 GHz) in Ireland by Digiweb, using dedicated wireless links rather than HFC network. At each subscriber premises the ordinary CM is connected to an antenna box which converts to/from microwave frequencies and transmits/receives on 10 GHz. Each customer has a dedicated link but the transmitter mast must be in line of sight (most sites are hilltop, ).

DOCSIS 1.x, 2.0, and 3.0 architecture is also used for fixed wireless with equipment utilizing the 2.5 - 2.7 GHz MMDS microwave band in the U.S.


Security

DOCSIS includes MAC layer security services in its Baseline Privacy Interface specifications. DOCSIS 1.0 utilized the initial Baseline Privacy Interface (BPI) specification. BPI was later improved with the release of the Baseline Privacy Interface Plus (BPI+) specification used by DOCSIS 1.1 & 2.0. Most recently, a number of enhancements to the Baseline Privacy Interface were added as part of DOCSIS 3.0, and the specification was renamed "Security" (SEC).

The intent of the BPI/SEC specifications is to describe MAC layer security services for DOCSIS CMTS to cable modem communications. BPI/SEC security goals are twofold:

provide cable modem users with data privacy across the cable network
provide cable service operators with service protection; i.e., prevent unauthorized modems and users from gaining access to the network’s RF MAC services

BPI/SEC is intended to prevent cable users from listening to each other. It does this by encrypting data flows between the CMTS and the cable modem. BPI & BPI+ utilize 56-bit DES encryption, while SEC adds support for 128-bit AES. All versions provide for periodic key refreshes (at a period configured by the network operator) in order to increase the level of protection.

BPI/SEC is intended to allow cable service operators to refuse service to uncertified cable modems and unauthorized users. BPI+ strengthened service protection by adding digital certificate based authentication to its key exchange protocol, using a public key infrastructure (PKI), based on digital certificate authorities (CAs) of the certification testers, currently Excentis (formerly known as tComLabs) for EuroDOCSIS and CableLabs for DOCSIS. The relationship of the cable modem to the user is often done by means of manually adding the cable modem's MAC address to a customer's account with the cable service operator,[9][10] who would then allow network access to a cable modem which can attest to that MAC address using a valid certificate issued via the PKI. The earlier BPI specification (ANSI/SCTE 22-2) had limited service protection because the underlying key management protocol did not authenticate the user's cable modem.

Security in the DOCSIS network is vastly improved when only business critical communications are permitted, and end user communication to the network infrastructure is denied. Successful attacks often occur when the CMTS is configured for backwards compatibility with early pre-standard DOCSIS 1.1 modems. These modems were "software upgradeable in the field", but did not include valid DOCSIS or EuroDOCSIS root certificates.

Modem ti na ETH izhodu dovoli vsako napravo. Je pa res, da če ti ISP nameni le en zunanji IP naslov, si ob hitri menjavi opreme dejansko "zaklenjen" za nekaj časa, ker si porabil vse IP-je. Še posebej rado prihaja do takšnih težav v primeru, ko ISP na kabelski forsira (en) statični IP naslov. Tvoj router recimo drži zunanji IP, čeprav si ga že izklopil, ker release ni bil pravilno narejen oz zaznan s strani ISP.

ISP bo za mac na novo priklopljene naprave direktno za modemom v DHCP zaznal napako. Npr. peer holds all free leases.