BCC Quick Start

7/23/2019 BCC Quick Start

http://slidepdf.com/reader/full/bcc-quick-start 1/50

BCC Configuration

Quick Start

Version 5.1

Suite 500 - 375 Water StreetVancouver, BC

Canada, V6B 5C6 604.688.4332www.incognito.com

CONFIDENTIALITY NOTICE

This document contains confidential and proprietary information belonging exclusively toIncognito Software Inc. The information and data embodied in this document are strictlyconfidential. It is supplied on the understanding that they will be held confidentially and notdisclosed to third parties without the prior written consent of Incognito Software Inc.

http://www.incognito.com/

http://www.incognito.com/



BCC Configuration User Manual

Copyright © 2006 Incognito Software Inc. All rights reserved. Address Commander, BroadbandCommand Center, DNS Commander, Enterprise Command Center, IP Commander, IP RegistryCommander, Name Commander, Network Resource Commander (NRC), Registrar Commander,TFTP Commander, and the "Incognito Software Inc." logo are trademarks of Incognito SoftwareIncorporated. All other trademarks are the property of their respective owners.

Published by:Incognito SoftwareSuite 500 - 375 Water StreetVancouver, BCCanada, V6B 5C6

Telephone: (604) 688-4332Fax: (604) 688-4339Web: www.incognito.comPrinted in CanadaNo part of this publication may be reproduced, stored in a retrieval system, in any form or by anymeans (photocopying, electronic, mechanical, recording, or otherwise), without permission in writing

from the publisher, except by a reviewer who may quote brief passages in a review.This manual may contain dated information. Use of these materials is based on the understandingthat this manual may not contain all the information, or the most current information relevant tosituation or intended application. Support and update services are available from IncognitoSoftware, by separate written agreement.

Document Last Revised: 2006-03-07

i




Table of Contents

1 About This Manual 1-1

1.1

Need Help? ................................................................................................................1-1 1.1.1

Technical Publication..................................................................................1-1

1.1.2

Technical Support.......................................................................................1-1

E-mail ..................................................................................................................1-1

FAQs ...................................................................................................................1-1

Telephone ...........................................................................................................1-1

1.2 We Want to Hear from You........................................................................................1-2

1.2.1 Products......................................................................................................1-2

1.2.2 Documentation............................................................................................1-2

1.2.3

Sales...........................................................................................................1-2

1.3

Corporate Information................................................................................................1-2

1.4 How to Use this Manual.............................................................................................1-3

2 Broadband Command Center Overview 2-1

2.1

BCC Component Overview........................................................................................2-1

2.2

Functional Overview of MPS .....................................................................................2-1

2.2.1

Subscriber Management ............................................................................2-1

2.2.2 Customer Care Interface ............................................................................2-1

2.2.3 Kerberos AP Request/Reply Service..........................................................2-1

2.2.4

SNMPv3 Support ........................................................................................2-1

2.2.5 FQDN to MAC Address Support.................................................................2-2

3 Configuration Overview 3-1

4 TFTP Configuration 4-1

4.1 Introduction ................................................................................................................4-1

4.2

General Preparation ..................................................................................................4-1

4.3 Hardware Preparation................................................................................................4-1

4.4

Software Installation ..................................................................................................4-1 4.5

Starting the Services..................................................................................................4-2

4.6

Software Registration ................................................................................................4-2

4.7 TFTP Service Configuration ......................................................................................4-2

4.7.1

Slave TFTP Service Configuration .............................................................4-2

4.7.2

Master TFTP Service Configuration ...........................................................4-3

4.7.2.1

TFTP Cluster Synchronization.............................................................4-3

4.7.2.2 Enable DHCP Integration ....................................................................4-3

4.7.2.3 Service Notifications ............................................................................4-3

4.7.2.4 OTF Configuration File Generator .......................................................4-3

4.7.2.5 Administrator Accounts........................................................................4-3

5 DHCP Configuration 5-1

5.1

Introduction ................................................................................................................5-1

5.1.1

CMTS Behavior and DHCP Subnet Determination ....................................5-1

5.2



5.4 Software Installation ..................................................................................................5-2

5.5


5.6


5.7 DHCP General Service Configuration .......................................................................5-3

5.7.1 Enable DHCP Failover ...............................................................................5-3

5.7.2

Enable TFTP Integration ............................................................................5-3

ii




5.7.3 Enable Time of Day Service .......................................................................5-3

5.7.4 Configure System Wide Defaults................................................................5-4

5.7.5

Configure CM Blocking...............................................................................5-4

5.7.6

Configure the MTA Voice Service Classes ................................................5-5

5.7.7

Configure the Cable Modem Service Classes............................................5-5

5.7.8

Configure the Cable Modem Container Rule .............................................5-6

5.7.9

Configure the MTA Container Rule ............................................................5-7

5.7.10 Configure the CPE Container Rule.............................................................5-8

5.7.11 Database Backup Scheduling ....................................................................5-8

5.7.12 Service Notifications ...................................................................................5-8

5.7.13

SNMP Integration .......................................................................................5-8

5.7.14

Audit Scheduling.........................................................................................5-9

5.7.15 Administrator Accounts...............................................................................5-9

5.8

CMTS Specific DHCP Service Configuration ............................................................5-9

5.8.1

CMTS Configuration ...................................................................................5-9

5.8.2

Configure the Networks............................................................................5-10

5.8.3 Adjacent Network Settings .......................................................................5-10

6 MPS Configuration 6-1

6.1

Introduction ................................................................................................................6-1 6.2




6.5 Starting the Services..................................................................................................6-2

6.6 Software Registration ................................................................................................6-2

6.7 MPS Service Configuration........................................................................................6-2

6.7.1 Basic Provisioning Behavior .......................................................................6-2

6.7.2

Enabling PacketCable Security ..................................................................6-3

6.7.3

Enabling DHCP Integration ........................................................................6-3

6.7.4 Enabling TFTP Integration..........................................................................6-3

6.7.5 Data Service Classes .................................................................................6-3

6.7.6

Configure the Default Voice Settings Template File...................................6-4

6.7.7

Database Backup Scheduling ....................................................................6-4 6.7.8 Service Notifications ...................................................................................6-4

6.7.9 SNMP Integration .......................................................................................6-5

6.7.10

Administrator Accounts...............................................................................6-5

6.7.11 Slave TFTP Service Integration..................................................................6-5

7 DNS Configuration 7-1

7.1 Introduction ................................................................................................................7-1

7.2


7.3

Hardware Preparation................................................................................................7-1


7.5 Starting the Services..................................................................................................7-2

7.6


7.7

DNS Service Configuration........................................................................................7-2

7.7.1

Configure the secondary DNS service .......................................................7-2

7.7.2 Dynamic DNS (DDNS) ...............................................................................7-3

7.7.3 DNS Lying (for self-provisioning)................................................................7-3

7.7.4 Support Zone Transfers with the Secondary DNS Service ........................7-3

7.7.5 Add Primary Domains.................................................................................7-4

7.7.6

Add KDC Support (PacketCable Security) .................................................7-4

8 KDC Configuration 8-1

8.1

Introduction ................................................................................................................8-1

iii



BCC Configuration User Manual iv

8.2 General Preparation ..................................................................................................8-1


8.4

Software Installation ..................................................................................................8-1

8.5


8.6


8.7

Service Configuration ................................................................................................8-2

8.7.1

Configure KDC License ..............................................................................8-2

8.7.2 Configure KDC Configuration File ..............................................................8-2

8.7.3 Configure KDC Service Keys and Certificates ...........................................8-3

9 Appendix A: Installation Directories and Files 9-1

9.1 Solaris & Linux...........................................................................................................9-1

9.1.1

Solaris & Linux Base Directory...................................................................9-1

9.1.2 Solaris & Linux Directories .........................................................................9-1

9.1.3 Solaris & Linux Files ...................................................................................9-1

9.2

Windows ....................................................................................................................9-2

9.2.1

Windows Base Directory ............................................................................9-2

9.2.2

Service Directories .....................................................................................9-2

9.2.3 IMC Directory..............................................................................................9-2

9.2.4

Files ............................................................................................................9-2

10 Appendix B – Interoperabili ty Testing (eMTA device l is t) 10-1

10.1

Motorola.............................................................................................................10-1

10.1.1 SBV4200 VoIP Cable Modem (CG4D firmware)......................................10-1

10.1.2 SBV4200 VoIP Cable Modem ..................................................................10-2 10.1.3 SBV5120 VoIP Cable Modem ..................................................................10-2 10.1.4 SBV5120E VoIP Cable Modem (Euro).....................................................10-3

10.2 Terayon .............................................................................................................10-4

10.2.1 TA-102X....................................................................................................10-4

10.3

Scientific Atlanta................................................................................................10-5

10.3.1

WebStar DPX2203 ...................................................................................10-5

10.4 Ar r is ...................................................................................................................10-7

10.4.1

How to install new Service Provider Root certificate................................10-8

10.5

Packet Cable Secure Flow Template File .........................................................10-9

10.6 Notes .................................................................................................................10-9



BCC Configuration User Manual 1-1

1 About This Manual

Welcome to BCC Configuration Quick Start Manual. This section describes the purpose of the BCCConfiguration Quick Start Manual. We recommend you read this section before you read ahead.

1.1 Need Help?

If you require additional help, refer to these alternative resources.

1.1.1 Technical PublicationFor additional help using BCC, refer to the electronic documents such as release notes, importwizard instructions and other technical documentation located in the directory where you haveinstalled the BCC software.

1.1.2 Technical SupportNOTE: You must be a registered user to access Incognito Software support services. IncognitoSoftware support services are subject to Incognito software prices, terms, and conditions in place atthe time the service is used.If you cannot find the solution to your problem, call Incognito for help. Before contacting Incognito,make sure you have the following information:

• Product serial number (registration number).

• Your name, company name, and phone number.

• Product name and version number.

• Type of operating system (for example, Windows 2000).

• Web browser and version

•

Detailed description of the problem, including steps to reproduce it.• The error message displayed, if any.

• Steps you have already taken to resolve the problem.

E-MAIL

Receive detailed information from Technical Support by addressing your questions [email protected]. A technical support representative will send you an e-mail response assoon as possible.

FAQS

You may find an answer to your question more quickly in our Frequently Asked Questions. TheIncognito Technical Support FAQ is located at www.incognito.com/support.

TELEPHONEYou can reach Incognito Software Technical Support by phone Monday to Friday at 1-604-688-4332, from 6:00 A.M. to 5:00 p.m. Pacific Standard Time




1.2 We Want to Hear from You

Incognito is committed to providing you with quality products and services. To ensure your

continued satisfaction, we welcome your suggestions for improvements to Network ResourceCommander and user documentation.

1.2.1 ProductsYou can contact a technical support representative by using one of the following:Telephone: 1-604-688-4332 Fax: 1-604-688-4339 E-mail: [email protected]: www.incognito.com/support Our technical support representatives are ready to listen to your comments and suggestions.

1.2.2 Documentation

At Incognito, we strive to produce the highest quality documentation. If you have comments orsuggestions about our online help or printed guides, you can e-mail us [email protected] include the following information with your feedback:

• Product name and version number.

• Type of user document (manual or online help).

• Topic title (for online help).

• Page number (for printed manual).

• Brief description of content and your suggestion for improvement. (for example, are youreviewing step-by-step instructions that are inaccurate, grammatical errors in a specificparagraph, information that requires clarification or more details, etc.).

• Your suggestion for how to correct/improve documentation.

This e-mail address [email protected] is only for documentation feedback. You will notreceive a reply. If you have a technical question, please contact Technical Support.

1.2.3 SalesIncognito’s professional sales staff is ready to answer your sales questions Monday to Friday from6:00 A.M. to 5:00 P.M. Pacific Standard Time.Contact your sales representative for information about the latest Incognito products, the IncognitoSoftware Subscription Plan, upgrade options and prices, and more. If you have a technical questionor problem, please contact Technical Support.Contact your Incognito sales representative by doing one of the following:Sales: 1-604-688-4332Sales fax: 1-604-688-4339

Website www.incognito.comSales e-mail: [email protected] When sending e-mail, please include your company name, city, and state to ensure prompthandling of your request.

1.3 Corporate Information

For general inquiries, contact our corporate headquarters:Telephone: 1-604-688-4332Fax: 1-604-688-4339Website: www.incognito.com




1.4 How to Use this Manual

This manual is designed as a step-by-step checklist for the configuration of Broadband CommandCenter. It was created to provide instruction when users are unsure of how to proceed when

configuring BCC.For users who have not used BCC before, but want to get it up and running right away, you shouldfirst read the chapter “Broadband Command Center Overview” on page 2-1.




2 Broadband Command Center Overview

This section provides a detailed description of the Broadband Command Center (BCC) framework.This section is broken down into the following sub-sections:

• Broadband Commander Center Component Overview

• Functional Overview of MPS

2.1 BCC Component Overview

As shown in Figure 2, BCC includes 4 services to provide High Speed Data (HSD) and VoIPprovisioning. These services are:

Multimedia Provision ing Service (MPS)

Provides support for Packet Cable, compliant MTAs and includes an XML/Corba interface toCustomer Care Centers(CCCs).

DHCP Service

Provides IP address management, allocates IP addresses and configuration information toCM, MTAs and CPE devices. DPM’s DHCP service can be installed in minutes and hasimport wizards to automatically import existing lease and configuration information fromCisco CNR or Microsoft DHCP. DPM’s DHCP service provides object-oriented and criteria-based processing that allows it to provide service selection and easily deployment of newservices.

ToD Service

The ToD Service maintains the correct time and responds to time requests from DOCSIScompliant cable modems as specified in RFC 868 and the PacketCable provisioningprocess.

TFTP Service

The TFTP service provides a high availability TFTP (redundant) access point from whichCMs and MTAs can download their configuration files. The provisioning server accesses thisTFTP service when it creates dynamic TFTP files for MTAs. The TFTP service is built on ahigh-performance engine and incorporates a proprietary implementation of failover and load

balancing to prevent bottlenecks when a large number of subscribers attempt to get onlineat the same time.

DNS Service

The DNS provides a domain name server that support DDNS, zone transfers and nameresolution. BCC’s DNS service is a secure, multi-platform alternative to BIND that hasadvanced management features that make it easy to use and has extensive integration withthe DHCP service.




2.2 Functional Overview of MPS

Traditional broadband data services requires device provisioning software to support DHCP and

TFTP services to provide IP address and configuration information to broadband devices such asmodems and Customer Premise Equipment (CPE).With the advent of the CableLabs PacketCable 1.x standard to support voice over DOCSIS, deviceprovisioning software must support additional provisioning sequences such as, Kerberosauthentication, SNMP v2/3 and Fully Qualified Domain Name (FQDN).BCC’s MPS service provides support for PacketCable compliant MTAs and includes an XML/Corbainterface to Customer Care Centers (CCCs).

MPS includes: Subscriber management; Customer Care Center (CCC) Interface Kerberos AP Request/Reply Service

FQDN Mapping SNMP v2/3 support

2.2.1 Subscriber ManagementThe MPS Subscriber Management module allows the administration of subscriber information andalso groups together all the devices and services related to this subscriber, improving servicesmanagement and reducing troubleshooting time. This module lets you to offer voice serviceswithout a Customer Care Center (CCC) application.

The MPS Subscriber Management module allows the offering of voice services without a CustomerCare Center (CCC) application. Subscriber information is grouped together with devices andservices related to a subscriber, providing quick access to this information. The results are a quick

service provisioning reducing troubleshooting time.

2.2.2 Customer Care InterfaceMPS can be configured to bi-directionally communicate with others CCC applications using a XMLinterface.

2.2.3 Kerberos AP Request/Reply ServiceThe KDC service provides a Ticket and Authenticator to MTAs through a PKINIT (AS) Reply. TheKDC Service Key is responsible for encrypting the Ticket part of the AP Request sent from the MTAwhile the Authenticator part is encrypted using the Session Key embedded in the Ticket.The Service Key must be configured out-of-band, on both the KDC server and MPS service. MPSuses its copy of the key to decrypt and authenticate the AP request.

2.2.4 SNMPv3 SupportMPS can generate a PacketCable SNMPv3 “sub-key”. The process consists in deriving two keysfrom this sub-key. The keys are used for subsequent SNMPv3 communications between the MTAand MPS.

• One key is used for SNMPv3 authentication

• The second key is used for SNMPv3 privacy. This second key is only derived and used ifMPS is configured with “SNMPv3 Privacy Protocol” set to “DES”. SNMPv3 Privacy is anoptional component of PacketCable Security and defaults to NULL (no privacy).




After the sub-key is generated, two SNMPv3 keys are derived from it. MPS adds an entry for theMTA and the SNMPv3 keys to the embedded SNMPv3 stack User Security Model (USM) database,this allows SNMPv3 stack to process SNMPv3 informs received from the MTA and also exchangeother SNMPv3 messages with the MTA.

2.2.5 FQDN to MAC Address SupportMPS performs KDC MTA FQDN to MAC address lookups. For this purpose, MPS stores aversioned 24-byte key (shared secret), which KDC must also be configured with in order to encryptand decrypt communications. Additionally, MPS shares a versioned “AP Request/Reply” 24-bytekey (shared secret) with KDC service, allowing MPS to decrypt the AP request part ofcommunications used to negotiate a sub-key from which SNMPv3 authentication and privacy keysare derived.




3 Configuration Overview

Broadband Command Center consists of a number of network services that work together tomanage and provision DOCSIS cable modems, PacketCable MTAs, and customer premisesequipment (CPE) host devices on a broadband network. These network services include:

1. DHCP2. DNS3. TFTP4. Time of Day5. MPS – Multimedia Provisioning Service, which includes a PacketCable MTA Device

Provisioning Service.

The chapters following this one present a step-by-step configuration of the available BCC services

to enable the operation of a BCC network.

We recommend you follow the chapters in the order they are listed, and follow the contents of eachchapter in the order presented.

The following is the order of service component chapters in the manual, and the order configurationshould proceed:

1. TFTP Configuration2. DHCP Configuration3. MPS Configuration4. DNS Configuration

5. KDC Configuration

There are also two appendices that deal with specific technical issues:

• Appendix A: Installation Directories and Files

• Appendix B: Interoperability Testing (eMTA device list)




4 TFTP Configuration

4.1 Introduction

This chapter defines the procedure for the initial configuration of a single BCC TFTP failover cluster.

4.2 General Preparation

Before beginning to install and setup a BCC TFTP failover cluster, you should be sure to gather thefollowing information and have it available:

1. The IP addresses that will be assigned to each TFTP server.2. The IP addresses of all BCC DHCP servers that will be deployed (even if they are not

currently deployed).3. One server in the TFTP cluster must be designated as the Master TFTP service. This allows

you to make configuration changes to the Master service and have them automaticallypropagated to the secondary services.

4. The TFTP license keys.

4.3 Hardware Preparation

Up to 255 servers can belong to a single TFTP cluster. Each server must be prepared as follows:

1. The server time has been correctly configured with the local time zone and current date andtime.

2. One or more network interface cards have been correctly installed and configured with thestatic IP address that it will use when deployed on the network.

3. The server’s route table has been configured correctly with persistent routes to the CMTSHFC networks for each CMTS the server will service.

Additionally a management station that meets the following criteria must be prepared or availableon the same network as the servers:

1. One of the following Windows operation systems are installed:a. Win XP

b. Win 2000c. Win NT SP6d. Win 98 Second Edition (SE)

4.4 Software Installation

The TFTP service should be installed on each server according to the installation instructions thatare provided with the service software.

Additionally the TFTP Incognito Management Console must be installed on the management stationaccording to the installation instructions that are provided with the management software.




4.5 Starting the Services

The TFTP service must be started on each server by running the following command with rootpermissions:

Solaris and Linux:>/etc/init.d/tftpcmdrd start

Windows: services are started from the Windows Service Control Manager (SCM).

4.6 Software Registration

The TFTP service on each server must be registered with the license key provided. To register alicense key:

1. Start the Incognito Management Console (IMC) on the management workstation.2. Select the node labeled “TFTP” in the management console tree view.3. Click the “Service Select” menu item.4. Enter the IP address the server.5. You will be prompted to modify the Administrator super-user account password to a secure

password. Be sure you do not lose this password.6. Click the “Service Register” menu item.7. Enter the DNS license key (it can be pasted and copied from other documents using control-

c (copy) and control-v (paste).8. Click the OK button.9. Repeat steps 2 - 8 for each server.

4.7 TFTP Service Configuration

In the TFTP cluster, one TFTP server should be designated as the “Master” service, and all otherTFTP services are designated as “Slave” services. General configuration changes can then bemade on the Master service and automatically propagated to all Slave services. Additionally, staticconfiguration files can be added to the Master service and automatically propagated to all Slaveservices. This saves time when initially configuring the services.

Note that the “Master – Slave” designation of services in a TFTP cluster has no impact on TFTPfailover, load balancing or dynamic file generation.

4.7.1 Slave TFTP Service ConfigurationFor each slave TFTP service:

1. Select the “Service Configuration Failover” node in the IMC tree view.2. Check the “Enable Failover” checkbox.3. Uncheck the “Primary Server” checkbox.4. Click the “Save Configuration Changes” button.




4.7.2 Master TFTP Service Configuration

4.7.2.1 TFTP CLUSTER SYNCHRONIZATION

For each slave TFTP service:

1. Select the “Service Configuration Failover” node in the IMC tree view.2. Check the “Enable Failover” checkbox.3. Check the “Primary Server” checkbox.4. Under the list view click the “Add” button and specific the IP address of one of the “slave”

TFTP servers. Repeat for each slave TFTP server.5. Click the “Save Configuration Changes” button.

4.7.2.2 ENABLE DHCP INTEGRATION

DHCP integration is required to support TFTP failover, load balancing and dynamic DOCSIS file

generation.

1. Select the “Service Configuration DHCP Integration” node in the IMC tree view.2. Enter an arbitrary port, that is not currently in use on your server, into the “Database

Synchronization Port” field. For example, 9091 is likely not in use.3. Enter the value 1 (one) into the “Cluster Identifier” field.4. Under the “DHCP Services” list view click the Add button and specify the IP address of the

Incognito DHCP service on your network. Repeat for each DHCP service.5. Click the “Save Configuration Changes” button.

4.7.2.3 SERVICE NOTIFICATIONS

1. Select the “Service Configuration Service Notifications” node in the IMC tree view.2. The Notification Methods page tab will be visible. Click the “Add” button inside the SNMP

trap destination list to add the IP address of a NOC SNMP station that will monitor the TFTPcluster. Repeat for each NOC SNMP station that will monitor the TFTP cluster.

3. Click the “Notification Events” page tab.4. On this page you may select which events should trigger SNMP Trap notifications. It is

recommended that you select all events.5. Click the “Save Configuration Changes” button.

4.7.2.4 OTF CONFIGURATION FILE GENERATOR

1. Select the “Service Configuration OTF Config File Generator” node in the IMC tree view.2. Check the “Ignore TLV type number of instances error” checkbox. This will allow the file

generator to automatically resolve DOCSIS file setting conflicts using client class priorities,rather than logging an error and refusing to return a configuration file to a client.

3. Click the “Save Configuration Changes” button.

4.7.2.5 ADMINISTRATOR ACCOUNTS

1. Select the “Administrator Accounts” node in the IMC tree view.




2. Add an account with the appropriate permissions for each administrator that may configurethis server.

3. You should at least add an account that will be used by the MPS to upload MTAconfiguration files to the server. This account will require “Service Manager” access rights.

Record this information – you will need to configure it on the MPS server.




5 DHCP Configuration

5.1 Introduction

This chapter defines the procedure for the initial configuration of a single BCC MPS/DHCP failovercluster.

This includes all configuration that does not vary from subnet to subnet or from CMTS to CMTS.

5.1.1 CMTS Behavior and DHCP Subnet DeterminationThere are two distinct “gateway IP address” values associated with a device:

1. the gateway IP address inserted by a DHCP relay agent into the “giaddr” header field ofeach DHCP packet it forwards

2. the gateway IP address(es) sent to a client in DHCP option 3 (gateways) by the DHCPservice.

On an HFC network, the CMTS is the “DHCP relay agent” and it inserts the first type of gateway IPaddress, the “giaddr”, into all DHCP packets it forwards.

By default, a DHCP service determines which subnet a device should belong to by the value of thegiaddr field found in the client DHCP packet. On HFC networks, this is typically not sufficient fordetermining which subnet a device should belong to. Additionally, different CMTS’ behavedifferently, or can be configured to behave differently, with respect to how it selects which giaddrvalue to insert into a DHCP packet, as follows:

1. A CMTS may insert the “primary interface” gateway address into all DHCP packets.Typically, this is the subnet intended for cable modems. Which means the DHCP servicemust be configured to push devices which are not cable modems onto another subnet.

2. A CMTS may insert the “primary interface” gateway address into all cable modem DHCPpackets, and the first “secondary interface” gateway address into all non-cable modemDHCP packets.

3. A CMTS may be able to differentiate many different devices, and, for example, may insertone gateway address for cable modems, a different gateway address for MTAs, and anothergateway address for all other devices.

The behavior of your CMTS will effect the configuration requirements for the DHCP service.


Before beginning to install and setup a DHCP failover cluster, you should be sure to gather thefollowing information and have it available:

1. The IP addresses that will be assigned to each server.2. A decision on which server will be designated as the primary server and which will be the

secondary server.3. The DHCP license keys.




4. The list of client class names (service packages, etc) you intend to configure on theservices, and the associated Template and DOCSIS file setting configurations.

5.3 Hardware PreparationEach DHCP failover cluster consists of two servers: a primary DHCP server and a secondary DHCPserver. Each server must be prepared as follows:




Additionally a management station that meets the following criteria must be prepared or available

on the same network as the servers:

1. One of the following Windows operation systems are installed:a. Win XPb. Win 2000c. Win NT SP6d. Win 98 Second Edition (SE)


The DHCP service should be installed on each server according to the installation instructions thatare provided with the service software.

Additionally the DHCP Incognito Management Console must be installed on the managementstation according to the installation instructions that are provided with the management software.


The DHCP service must be started on each server by running the following command with rootpermissions:

Solaris and Linux:>/etc/init.d/ipcmdrd start



The DHCP service on each server must be registered with the license key provided. To register alicense key:

1. Start the Incognito Management Console (IMC) on the management workstation.2. Select the node labeled “DHCP” in the management console tree view.3. Click the “Service Select” menu item.4. Enter the IP address the server.




5. You will be prompted to modify the Administrator super-user account password to a securepassword. Be sure you do not lose this password.

6. Click the “Service Register” menu item.7. Enter the DNS license key (it can be pasted and copied from other documents using control-


5.7 DHCP General Service Configuration

Only the primary DHCP service needs to be configured. This is because once failover is enabledthe secondary DHCP service will be automatically synchronized with the primary DHCP service.

5.7.1 Enable DHCP Failover

1. Connect to the primary DHCP service.2. Select the “Service Configuration Failover” node in the IMC tree view.3. Enter the “Secondary server IP address”.4. Click the “Initiate Failover” button.5. You will be prompted to verify the CORBA port for configuring the secondary service. Leave

the value at it’s default (9998) and click OK.6. You will be prompted to login to the secondary server. Specify the secondary DHCP service

login name and password.7. Failover will now be initiated and the DHCP services will automatically be synchronized.

5.7.2 Enable TFTP Integration

TFTP integration must be enabled to support TFTP failover and load balancing.

1. Select the “Service Configuration DDNS & TFTP Integration” node in the IMC tree view.2. Click on the “TFTP Cluster Integration Configuration” tab.3. In the TFTP Commander Notifications Port field enter the value: 85264. In the Dynamic DOCSIS file generation DB synchronization port enter an arbitrary port that

meets the following criteria:

a. The port is not currently in use on your serverb. The port is different than the “Database Synchronization Port” port configured on the

TFTP service.

For example, 9092 is likely valid.


5.7.3 Enable Time of Day Service

1. Select the “Service Configuration Time of Day” node in the IMC tree view.2. Check the “Enable the time of day service” checkbox.3. Click the “Save Configuration Changes” button.




5.7.4 Configure System Wide Defaults

1. Select the “Rules Global Template” node in the IMC tree view. This node holds system

wide defaults for DHCP options.2. If dynamic DNS will be supported for all or most devices, ensure that the following fields are

completed from the “General” tab:a. “Enable automatic DNS updates” is checkedb. The “Dynamic DNS” field contains the IP address of the primary DNS server.

Alternatively, DDNS settings can be configured on a per subnet or client class basis bysetting the above data in the Template record that you create and link to the relevant subnetrule(s) and/or client class(es).

3. From the DHCP options tab, enter the following:

a. Modify DHCP option 51 to set the CPE lease time.b. Move DHCP option 6 (Domain (DNS) Servers) from the Available DHCP Options list

to the Selected DHCP Options List, with the data set to the primary DNS server IPaddress. Add any additional DNS servers to this option data.c. Add any additional DHCP options that apply to all CPE devices.d. Are gateway IP addresses uniform across the network? For example, if the first

address in every subnet the gateway IP address? If so, add DHCP option 3(Gateways) with the subnet portion of the IP address set to zeros. For example:

0.0.0.1The zeroed out portion of the address will be filled in with a client’s subnet when theclient is being provisioned. You will not need to configure anymore gateway IPaddresses.

4. Click the “Apply” button to save your changes.

5.7.5 Configure CM BlockingIf you do not wish to configure the system to be able to easily block cable modems (e.g. for abusesubscribers or subscriber who have not paid their bill), then this step can be skipped.

1. Select the “DOCSIS File Settings” node in the IMC tree view.2. Specify “Block” as the name for this DOCSIS File Setting.3. Select (check) the DOCSIS 1.0 – [3] Network Access setting and set the value to “disabled”.4. Select (check) the DOCSIS 1.0 – [4] Class of Service – [1] Flow Reference ID and set the

value to 1.5. Click the “Add” button.

6. Select the “Templates” node in the IMC tree view.7. Specify “Block” as the name for this Template.8. Select the DHCP Options tab.9. Double-click on DHCP option 67 (Bootfile). Specify the following value for the boot file and

click OK:DYNFILE(Block)

10. Click the Add button.

11. Select the “Client Classes” node in the IMC tree view.12. Specify “Block” as the name for this client class.13. Select “Block” as the template.





5.7.6 Configure the MTA Voice Service Classes

If you are not deploying PacketCable MTAs for voice service, this step can be skipped. For eachvoice (MTA) service class:

1. Select the “DOCSIS File Settings” node in the IMC tree view.2. Specify service class name as the name for this DOCSIS File Setting.3. Select (check) the DOCSIS 1.0 – [3] Network Access setting and set the value to “enabled”.4. Configure the upstream and downstream packet classifiers that capture voice related

traffic.*5. Configure the upstream and downstream service flows for this MTA service.6. Click the “Add” button.

7. Select the “Templates” node in the IMC tree view.

8. Specify the service name as the name for this Template.9. Select the DHCP Options tab.10. Double-click on DHCP option 67 (Bootfile). Specify the following value for the boot file and

click OK:DYNFILE(<service name>)

11. Double-click on DHCP option 122 (CableLabs Client Configuration Option). Specify the IPaddress of the primary DHCP service (sub-code 1) and click OK.

12. Click on the “Add” button under the Option Value list view, enter the IP address of thesecondary DHCP service (sub-code 2) and click OK.


14. Select the “Client Classes” node in the IMC tree view.

15. Specify the service name as the name for this client class.16. Select the template with the service name as the “Template link” for this client class.17. It is recommended that client class priorities be configured in increments of 100 so that new

client classes can be inserted easily in the future. As the priority specify <the number ofservice classes already configured>*100.


5.7.7 Configure the Cable Modem Service ClassesFor each data (cable modem) service class:

1. Select the “DOCSIS File Settings” node in the IMC tree view.

2. Specify the service class name as the name for this DOCSIS File Setting.3. Select (check) the DOCSIS 1.0 – [3] Network Access setting and set the value to “enabled”.4. Configure the upstream and downstream service flows for this data service.5. Click the “Add” button.

6. Select the “Templates” node in the IMC tree view.7. Specify the service class name as the name for this Template.8. Select the DHCP Options tab.9. Double-click on DHCP option 67 (Bootfile). Specify the service class name as the DYNFILE

value for the boot file and click OK:DYNFILE(<service class name>)






17. Select “CM Default Options” as the “template link”.18. Click the Add button.

5.7.9 Configure the MTA Container RuleIf you are not deploying PacketCable MTAs for voice service, this step can be skipped.

This is a rule which all MTA subnets will be placed under, and which provides default DHCP optiondata for MTAs.

First we add the DHCP options template:

1. Select the “Templates” node in the IMC tree view.2. Specify “MTA Default Options” as the name.3. Ensure that “Enable Automatic DNS Updates” is checked.4. Ensure that “Inherit DNS Settings” is NOT checked.

5. In the “Dynamic DNS” field enter the IP address of the primary DNS server for the MTAdomain.

6. Select the “DHCP Options” tab.7. Move DHCP option 15 (Domain Name) from the Available DHCP Options list to the Selected

DHCP Options List, with the data set to the domain that MTAs will be assigned to.8. Move DHCP option 122 (PacketCable VoIP (RFC 3495)) from the Available DHCP Options

list to the Selected DHCP Options List. At the data prompt, enter the following data and click“OK”:

a. Sub-Code: 3 (TSP’s Provisioning Server Address)b. Enter data as: Fully Qualified Domain Name (FQDN).c. Data: the FQDN for the MPS servers.

9. Under the far right-hand side option value list for DHCP option 122, click the “Add” button. At

the data prompt, enter the following data and click “OK”:d. Sub-Code: 6 (TSP’s Kerberos Realm Name)e. Select the Provisioning Flow Type: Secure Provisioning Flowf. Data: <MSO’s Kerberos realm name>


Next we add the MTA container rule:

11. Select the “Rules” node in the IMC tree view.12. Specify “MTA” as the name.13. Specify an IP address range (lower and upper limit) that will cover all subnets assigned to

MTAs.

14. Specify the default subnet mask for MTAs if applicable.15. The gateway does not need to be set.16. Click the “Rule Criteria” tab.17. Note that this step can be skipped if the CMTS assigns a different gateway IP address

(giaddr) to MTA DHCP packets than the one it assigns to non-MTA DHCP packets. Enterthe following as the rule criteria:

OPTIONSTRING(60, pktc*)

18. Select “MTA Default Options” as the “template link”.19. Click the Add button.




5.7.10 Configure the CPE Container RuleThis is a rule all CPE subnets will be placed under.

1. Select the “Rules” node in the IMC tree view.2. Specify “CPE” as the name.3. Specify an IP address range (lower and upper limit) that will cover all subnets assigned to

CPEs.4. The gateway does not need to be set.5. Click the “Rule Criteria” tab.6. Note that this step can be skipped if the CMTS assigns a different gateway IP address

(giaddr) to cable modem and MTA DHCP packets than the one it assigns to CPE (host)packets. Enter the following as the rule criteria:

NOT OPTIONSTRING(60, docsis*) AND NOT OPTIONSTRING(60, pktc*)


5.7.11 Database Backup Scheduling

1. Select the “Service Configuration Database Backup Scheduling” node in the IMC treeview.

2. Select the days and times you would like the service to automatically backup its databases.You should create a cron job or other script that automatically moves service backups toexternal storage.


5.7.12 Service Notifications

1. Select the “Service Configuration Service Notifications” node in the IMC tree view.2. The Notification Methods page tab will be visible. Click the “Add” button inside the SNMP


3. Click the “Notification Events” page tab.4. On this page you may select which events should trigger SNMP Trap notifications. It is

recommended that you select all events.


5.7.13 SNMP Integration

1. Select the “Service Configuration SNMP Integration” node in the IMC tree view.2. In the group box that is labeled “Cable modem (DOCSIS) SNMP configuration:” enter the

read community and the write community for managing cable modems.3. Click the “Save Configuration Changes” button.




5.7.14 Audit Scheduling

1. Select the “Service Configuration Audit Scheduling” node in the IMC tree view.

2. Click the “Enable audits” checkbox.3. Select which events to audit. In order to maintain a complete IP address trail, it is

recommended that the following events be audited:a. IP address allocationsb. DHCP renewsc. DHCP releasesd. DHCP declinese. Expired leasesf. Deleted leases


5.7.15 Administrator Accounts

1. Select the “Administrator Accounts” node in the IMC tree view.2. Add an account with the appropriate permissions for each administrator that may configure

this server.3. You should at least add an account that will be used by the MPS to configure the DHCP

service. Record the account login name and password – you will need to configure it on theMPS server. This account will require the following access rights:

a. Rule (read-only)b. Template Managementc. HW Mapping Managementd. Static Address Management

e. Client Classes Managementf. View Leasesg. DOCSIS File Settings Management

5.8 CMTS Specif ic DHCP Service Configuration

This section describes how to configure the DHCP service to support a CMTS and the networks onthat CMTS.

5.8.1 CMTS ConfigurationIn order to support dynamic DOCSIS file generation and provisioning of CPE static addressesthrough the MPS service, you must configure a CMTS Setting record for each CMTS as follows:

1. Click on the “CMTS Settings” node.2. Assign a name to the CMTS.3. Specify the “authorization key” configured on the CMTS. This is the shared secret

configured on the CMTS and used to generate to the cable modem configuration file (CMTSMessage Integrity Check (MIC)).

4. Specify the CMTS DOCSIS version. This is required because all cable modems behind aDOCSIS 1.0 CMTS must be put into DOCSIS 1.0 mode, even if those modems supportother versions of DOCSIS.

5. In the “gateway” list specify:






6 MPS Configuration

6.1 Introduction

This chapter defines the procedure for the initial configuration of a single BCC MPS service.


Before beginning to install and setup an MPS service, you should be sure to gather the followinginformation and have it available:

1. The IP addresses that will be assigned to each MPS server.2. The IP addresses of the servers in the DHCP failover cluster that will be associated with the

MPS service. Note that an MPS service MUST be associated with a single DHCP failovercluster. The MPS service can be co-hosted on the DHCP servers.

3. The IP addresses of the servers in the TFTP failover cluster that will be associated with theMPS service. Note that an MPS service MUST be associated with a single TFTP failovercluster. The MPS service can be co-hosted on the TFTP servers.

4. The MPS license keys.


Each server must be prepared as follows:







The MPS service should be installed on each server according to the installation instructions thatare provided with the service software.

Additionally the MPS Incognito Management Console must be installed on the management stationaccording to the installation instructions that are provided with the management software.





The MPS service must be started on each server by running the following command with rootpermissions:

Solaris and Linux:>/etc/init.d/ mpscmdrd start



The MPS service on each server must be registered with the license key provided. To register alicense key:

1. Start the Incognito Management Console (IMC) on the management workstation.2. Select the node labeled “MPS” in the management console tree view.3. Click the “Service Select” menu item.4. Enter the IP address the server.5. You will be prompted to modify the Administrator super-user account password to a secure



First Login1. The first time you login, the “Welcome” Wizard should appear. If it does not, you can stop

the MPS service, delete the contents of its data directory, and restart the MPS service inorder to start it in a clean state that will force this wizard to appear at login.

2. The first screen introduces the wizard, click the “Next” button.

6.7 MPS Service Configuration

6.7.1 Basic Provisioning Behavior

1. Indicate whether MPS should be responsible for provisioning CM and MTA FQDNs. WhenMPS provisions an FQDN for a device it creates a Hardware Mapping/Template pair for thedevice that maps a specific FQDN to the device. This is disabled by default because it isgenerally not recommended: instead it is recommended that the DHCP service beautomatically configured to generate an FQDN for the device based on a dynamic creationmask, such as assigning the device it’s MAC address as its hostname.

2. Indicate whether to provision unknown MTAs and whether to enable PacketCable security. Ifyou are not provisioning MTAs, then both of these options should be disabled.

3. Click the “Next” button.




6.7.2 Enabling PacketCable SecurityIf you are not deploying PacketCable MTAs for voice service with the SECURE provisioning flow,

this step can be skipped.

1. If you are not using the wizard, you can configure the following data from the “ServiceConfiguration PacketCable Security” node in the IMC tree view:

a. Enter the Kerberos realm for the service.b. Enter the KDC and MTA kerberos keys as hexadecimal values representing the

binary keys.c. Click “Next”

6.7.3 Enabling DHCP Integration

1. If you are not using the wizard, you can configure the following data from the “DHCPIntegration” node in the IMC tree view:

a. Enter the primary DHCP service IP address in the Host field.b. Enter the administrator account login name and password configured for MPS on the

primary DHCP service.c. Click the “Test Login” button. If login failed, you must correct the IP address, login

name and/or password.d. Repeat the above steps 5a-c for the secondary DHCP service.e. Click “Next”.

6.7.4 Enabling TFTP Integration

1. If you are not using the wizard, you can configure the following data from the “TFTPIntegration” node in the IMC tree view:

a. Enter the TFTP service login name (e.g. “Administrator” [no quotes]) and password.b. Click “Next”.

2. Uncheck the “Enable customer care center integration” checkbox and click “Next”

6.7.5 Data Service Classes

1. If you are not using the wizard, you can configure the following data from the “ServiceConfiguration Data Service Classes” node in the IMC tree view:a. You will not configure any ISP service classes. Click “Next”.b. Add the name of each data (cable modem) service class to the QoS Service Classes

list.c. Click “Next”.d. You will not configure any Location service classes. Click “Next”.e. You will not configure any Vendor service classes. Click “Next”.f. Add the name “Block” (no quotes) to the Status Data Service Classes list. Click

“Next”.2. Click “Finish”




6.7.6 Configure the Default Voice Settings Template FileIf you are not deploying PacketCable MTAs for voice service, this step can be skipped.

1. Select the “Service Configuration Default Voice Settings” node in the IMC tree view.2. In the “File Name” field enter “PACKETCABLE-SECURE-FLOW-TEMPLATE.txt” (no

quotes).3. Click the “Add” button.4. In the template file list view select the new entry (there should only be the one entry).5. Click the “Edit Template File” button.6. In the Edit dialog you will see the data shown below. The values highlighted in red below

should be modified to the appropriate values for the network such that “CMS.MSO.CL” isreplaced with the FQDN of the call management system at MSO site, “IPFONIX.COM” is thename of the Kerberos realm at the MSO site and “Really Amazing Telephone Company” ismodified with the telephony service provider name which the MSO has registered with thePacketCable Service Provider Certificate they have purchased from Verisign.

TLV11 pktcMtaDevEnabled=1TLV11 pktcMtaDevCmsKerbRealmName-CMS.MSO.CL="IPFONIX.COM"TLV11 pktcMtaDevCmsIpsecCtrl- CMS.MSO.CL=1TLV11 pktcMtaDevRealmOrgName-IPFONIX.COM="Really Amazing Telephone Company"

7. Once the file has been completed, click the “Save” button.

6.7.7 Database Backup Scheduling

1. Select “Service Configuration Database Backup Scheduling” node in the IMC tree view.2. Select the days and times you would like the service to automatically backup its databases.

You should create a cron job or other script that automatically moves service backups toexternal storage.


6.7.8 Service Notifications

1. Select “Service Configuration Service Notifications” node in the IMC tree view.2. The Notification Methods page tab will be visible. Click the “Add” button inside the SNMP


3. Click the “Notification Events” page tab.

4. On this page you may select which events should trigger SNMP Trap notifications. It isrecommended that you select only the following events:

a. License Exceededb. Service Startingc. Service Stoppingd. Service Pausede. Service Resumedf. Low Diskspaceg. DHCP login failedh. TFTP upload failed





6.7.9 SNMP Integration

1. Select the “Service Configuration SNMP Integration” node in the IMC tree view.2. In the group box that is labeled “Specify the community strings used when the service sends

SNMPv2 GET and SET messages:” enter the read community name and the writecommunity name for managing cable modems.


6.7.10 Administrator Accounts

1. Select the “Administrator Accounts” node in the IMC tree view.2. Add an account with the appropriate permissions for each administrator that may configure

this server.

6.7.11 Slave TFTP Service IntegrationThe startup wizard only prompts the user to configure the Master TFTP service for integration withthe TFTP cluster. If the Master TFTP service fails, MPS can also integrate directly with the slaveTFTP services.

1. Select the “TFTP Integration” node in the IMC tree view.2. Specify a unique priority number for the slave TFTP service.3. Specify the IP address, login name and password for the slave TFTP service.4. Click the “Add” button.5. Repeats steps 1 – 4 above for each slave TFTP service.




7 DNS Configuration

7.1 Introduction

This chapter defines the procedure for the initial configuration of a single BCC DNS cluster.


Before beginning to install and setup a DNS cluster, you should be sure to gather the followinginformation and have it available:

1. The IP addresses that will be assigned to each DNS server.2. The IP addresses of the servers in the DHCP failover cluster, if supporting dynamic DNS.3. The DNS license keys.








The DNS service should be installed on each server according to the installation instructions thatare provided with the service software.

Additionally the DNS Incognito Management Console must be installed on the management stationaccording to the installation instructions that are provided with the management software.





The DNS service must be started on each server by running the following command with root

permissions:

Solaris and Linux:>/etc/init.d/ dnscmdrd start



The DNS service on each server must be registered with the license key provided. To register alicense key:

1. Start the Incognito Management Console (IMC) on the management workstation.2. Select the node labeled “DNS” in the management console tree view.3. Click the “Service Select” menu item.4. Enter the IP address the server.5. You will be prompted to modify the Administrator super-user account password to a secure



7.7 DNS Service Configuration

7.7.1 Configure the secondary DNS service

1) If you wish to setup a DNS that will be a secondary to your primary DNS:1. Login into the secondary DNS service.2. Select the “Service Configuration Transfer” node in the IMC tree view.3. Check the “Enable zone transfers” checkbox if it is not already checked.4. Set the “Incremental zone transfer” drop down list to “Incoming and Outgoing”.5. Set the “Notify delay” drop down list to “60”6. Click the “Save Configuration Changes” button.

7. You will now need to stop and restart the secondary DNS service8. log out and login back in from the IMC.9. Select the “Secondary Domains” node in the IMC tree view.10. Click on the “Notify” tab.11. Add the IP address of the primary DNS server to the “Domain Notify Preferences”

list.12. Click the “Apply” button.13. You can now logout from the secondary DNS server, you are done.

The remaining steps in the following sections are all executed on the primary DNS server.




7.7.2 Dynamic DNS (DDNS)

2) Enable dynamic DNS:

1. Select the “Service Configuration Transfer” node in the IMC tree view.2. Set the “Allow dynamic updating (DDNS)” drop down list to “Incoming only”.3. Check the “DDNS synchronize reverse zone” checkbox.4. Check the “DDNS update forwarding” checkbox.5. If you have a DNS service that you wish to act as a secondary for this DNS:

1. Check the “Enable zone transfers” checkbox if it is not already checked.2. Set the “Incremental zone transfer” drop down list to “Incoming and

Outgoing”.3. Set the “Notify delay” drop down list to “60”

6. Click the “Save Configuration Changes” button.7. You will now need to stop and restart the DNS service8. log out and back in again from the IMC.

9. Select the “Primary Domains” node in the IMC tree view.10. Click on the “DDNS Sources” tab.11. Add the IP address of the DHCP service(s) to the “Dynamic DNS Sources

Preferences” list.12. Click the “Apply” button.

7.7.3 DNS Lying (for self-provisioning)

3) If you want to enable DNS Lying (for self provisioning support):1. Select the “Service Configuration DNS Lying” node in the IMC tree view2. Click the Add button

3. In the “IP Range to Lie To” field, add the subnet that will be dedicated to unknownCPE (not cable modem) devices which can self-provision.4. In the “Resource Record Query to Lie to” box, specify an asterisk (*) in the “Name”

field. Type should be left at “A Address”.5. In the “Answer” box, specify the FQDN of the self-provisioning website in the

“Name” field, and the IP address of the self-provisioning website in the IP addressfield.

6. Click the “Add” button at the bottom of the dialog box to close it.7. Click the “Save Configuration Changes” button.

7.7.4 Support Zone Transfers with the Secondary DNS Service

4) If you have configured a secondary DNS service, you must specify the zone transferdefaults:

1. Select the “Primary Domains” node in the IMC tree view.2. Click on the “Notify” tab.3. Add the IP address of the secondary DNS server to the “Domain Notify

Preferences” list.4. Click the “Apply” button.5. Click on the “Transfer” tab.6. Add the IP address of the secondary DNS server to the “Hosts which can Request

Zone Transfers” list.7. Click the “Apply” button.




7.7.5 Add Primary Domains

5) To add domains for cable modems, MTAs and/or CPEs:1. Select the “Primary Domains” node in the IMC tree view.2. Click on the “Add Primary Domain” tab, if it is not already focused.3. Enter the “Domain name”, for example:

cablemodems.commtas.comcpes.com

4. Choose to “Create Domain from Template” and select the“GlobalDomainTemplate.”

5. Click the Add button.6. Select and right-click on the newly created domain that has appeared below the

“Primary Domains” node.

7. Click on the “Generate In-Addr.Arpa” menu item from the pop-up context menu.8. Add the subnet addresses for the subnets that devices with FQDNs in this domain

may belong to, and click the “OK” button.

7.7.6 Add KDC Support (PacketCable Security)

6) If you will be supporting PacketCable Security, configure the kerberos realm domain, KDCServer Location record and KDC Address record:

1. Follow step #5 above to add a primary for the kerberos realm being used (forexample, IPFONIX.COM).

2. The kerberos realm domain (e.g. IPFONIX.COM) node should now be selected in

the tree view. Click on the “Configuration” tab.3. Click the “Add Resource Records” button.4. From the “Type” drop down list select “SRV Service Location”.5. In the “Name” field enter “ _kerberos._udp.” (no quotes)

6. In the data group box:1. In the priority and weight fields enter 0.2. In the Port field enter “88” (no quotes).3. In the Name field enter FQDN of the KDC service, for example:

“kdc.testlab.com.” (no quotes)7. Select the domain that the KDC service belongs to. If the domain does not yet exit,

follow step #5 above to create it.8. Click on the “Configuration” tab.

9. Click the “Add Resource Records” button.10. In the “Name” field enter the hostname of the KDC service (for example “kdc” (no

quotes)).11. In the IP Address field enter the IP address of the KDC service.12. Click the “OK” button.




8 KDC Configuration

8.1 Introduction

This chapter defines the procedure for the initial configuration of a BCC KDC service.


Before beginning to install and setup an KDC service, you should be sure to gather the followinginformation and have it available:

1. The fully qualified domain name for the MPS service(s).2. The service keys shared with the MPS service(s).3. The KDC license keys.








8.4 Software InstallationThe KDC service should be installed on each server according to the installation instructions thatare provided with the service software.

Additionally the KDC Incognito Management Console must be installed on the management stationaccording to the installation instructions that are provided with the management software.





The KDC service must be started on each server by running the following command with rootpermissions:

Solaris and Linux:>/etc/init.d/kdcwrapper start



Note that the KDC service has both a “license key” (for the “KDC wrapper service”) and a “licensefile” (for the core KDC service).

The KDC service on each server must be registered with the license key provided. To register a

license key:

1. Start the Incognito Management Console (IMC) on the management workstation.2. Select the node labeled “MPS” in the management console tree view.3. Click the “Service Select” menu item.4. Enter the IP address the server.5. You will be prompted to modify the Administrator super-user account password to a secure


c (copy) and control-v (paste).8. Click the OK button.

9. Repeat steps 2 - 8 for each server.

8.7 Service Configuration

8.7.1 Configure KDC License

1. Select KDC License node in KDC Wrapper IMC tree view2. Click on Set button and point to where on disk KDC license file resides, wait until you get

notification about KDC restart status (pop up window) critisize

8.7.2 Configure KDC Configuration File

Two configuration parameters are required: interface address and FQDN.

1. Select KDC Configuration File node in KDC Wrapper IMC tree view2. On the right hand side enter parameter pair: Parameter Name = interface address, Parameter

Value = <IP address of KDC server in decimal dotted notation, e.g. 192.168.75.83>




3. Enter parameter pair: Parameter Name = FQDN, Parameter Value = <fully qualified domainname for KDC, e.g. kdc.incognito.com>

4. Configure any other parameters needed (for info on all configuration parameters please look atIPfonix PacketCable KDC User Guide pdf file)

5. Click on Set button, wait until you get notification about KDC restart status (pop up window)

Alternatively, if you already have KDC configuration file, kdc.ini (e.g. from previous installment ofKDC on the same box), you can:

1. Click on button Set Config from a File and point to where on disk kdc.ini file resides, wait untilyou get notification about KDC restart status (pop up window)

8.7.3 Configure KDC Service Keys and Certificates

Testing certificates are automatically installed so is KDC certificate associated private RSA key.

However, for production environment, the new set of certificates are needed.

To install new set of certificates and KDC RSA private key:

1. Select Keys and Certificates node in KDC Wrapper IMC tree view2. In Certificates pane on the right hand side check all 5 boxes3. Click on Set button and point to where on the disk certificates reside, wait until you get

notification about KDC restart status (pop up window)4. Click on Set button in Private RSA Key pane and point to where on disk KDC RSA private key

resides, wait until you get notification about KDC restart status (pop up window)

To install Service Key:

1. Select Keys and Certificates node in KDC Wrapper IMC tree view2. From the drop down list, select Service Key Name: mtaprovsrvr, mtafqdnmap or cms

mtaprovsrvr designates provisioning service key, mtafqdnmap designates MTA MAC to FQDNmapping service key, and cms designates call management service key. mtaprovsrvr andmtafqdnmap service keys must have the same value as the keys configured in MPS (seeEnabling PacketCable Security in MPS configuration section).

3. Enter values for all of Server FQDN, Realm, KDC Service Key, and KDC Key Version4. Click on Set button, wait until you get notification about KDC restart status (pop up window).




9 Appendix A: Installation Directories and Files

9.1 Solaris & Linux

9.1.1 Solaris & Linux Base DirectoryThe install packages will prompt you for the base directory for the installation, by default it is“/usr/local” .

9.1.2 Solaris & Linux DirectoriesWindows Interface Installs: <basedir>/lib/incognito/

Service stop/start scripts: /etc/init.d/Service Executable:

<basedir>/sbin

CLI: <basedir>/binDocumentation: <basedir>/doc/incognito/IMC Windows InstallShield: <basedir>/lib/incognito/Service data directory: <basedir>/lib/<service>/data

where <service> is one of dpcmdr (MPS), ipcmdr (DHCP), tftpcmdr (TFTP), dnscmdr (DNS) or kdc

9.1.3 Solaris & Linux Files

The following service stop/start scripts are located at /etc/init.dipcmdrd (DHCP)tftpcmdrd (TFTP)dnscmdrd (DNS)dpcmdrd (MPS)kdcwrapper (KDC)

CLIs are located at <basedir>/binipcli (DHCP)dnsctl (DNS)mpscli (MPS)

Windows Interface Installs are located at <basedir>/lib/incognito:DHCPIMC_<version>.exeTFTPIMC_<version>.exeDNSCmdrIMC_<version>.exeDPCmdrIMC_<version>.exeKDC_Wrapper_IMC_<version>.exe

Documentation (release notes, manuals, etc) is located at <basedir>/doc/incognito/




9.2 Windows

There are no service stop/start scripts, services are stopped and started from the Windows ServiceControl Manager (SCM), also known as the “Services” applet in the Windows “Control Panel”.

9.2.1 Windows Base DirectoryThe install packages will prompt you for the base directory for the installation, by default it isc:\Program Files\Incognito Software\NT.

9.2.2 Service DirectoriesThe service directories contain the service executable, as well as the service data sub-directory.The service data directory contains the service databases, configuration file, and log files.

<basedir>/IPCmdr (DHCP)

<basedir>/TFTPCmdr (TFTP)<basedir>/DNS (DNS)<basedir>/DPCmdr (MPS)c:\kdc (KDC)

9.2.3 IMC DirectoryClient executables (Incognito Management Console (IMC), command line interfaces, IMC snap-ins,etc) and documentation are located in the IMC directory at:

<basedir>\IMC\

9.2.4 FilesService executables are located in the base installation directory as follows

IPCmdr\dipsvc.exe (DHCP)TFTPCmdr\tftpsvc.exe (TFTP)DNS\dnssvc.exe (DNS)DPCmdr\dpmsvc.exe (MPS)

Command line interfaces are located in the IMC directory:ipcli.exe (DHCP)dnsctl.exe (DNS)mpscli.exe (MPS)

Incognito Management Console (IMC) is located in the IMC directory:IMC.exe

IMC Snap-ins are located in the IMC directory:ipcmd.dll (DHCP)tftpcmd.dll (TFTP)dnscmd.dll (DNS)dpcmd.dll (MPS)KDCWrapper.dll (KDC)




10 Appendix B – Interoperabil ity Testing (eMTA devicelist)

This appendix provides a list of embedded MTA devices, which have undergone successfulinteroperability testing with Multimedia Provisioning Service. Devices are sorted by vendor, for eachvendor hardware, software, and boot revision is included. For each device only the most recentrevision is listed, however older revisions are supported as well. In addition, for each device model,corresponding MPS template file used during testing is provided. Provided template files aresufficient for device provisioning, no voice settings (e.g. from SPM) are needed.If applicable, for each device the procedure on how to install a new Service Provider CA Rootcertificate is detailed.

Service Provider CA Root certificate used during interoperability testing was:

7) in domestic PacketCable Secure mode

* all devices except Arris eMTAs: IPfonix Service Provider Root* Arris eMTAs: testing CableLabs Service Provider Root

8) in Euro PacketCable Secure mode: tComLabs Service Provider Root

10.1 Motorola10.1.1 SBV4200 VoIP Cable Modem (CG4D firmware)

BTI Software Version: CG4D_05.4.01

Provisioning Flow Mode: Quasi-Hybrid (PacketCable w/out KDC and w/out hash setting mode)

Template file contents:

# PacketCable MTA MIB required device attributesTLV11 PKTC-MTA-MIB pktcMtaDevEnabled[0] = 1

# pktcMtaDevSnmpEntity must be present, and must be a NULL stringTLV11 PKTC-MTA-MIB pktcMtaDevSnmpEntity[0] = ""

# These are the recommended settings for this system config with 10 ms packetization # period.TLV11 btiTALineNomJitterBufferSizeVoice[0] = 15TLV11 btiTALineMaxJitterBufferSizeVoice[0] = 30TLV11 btiTALineNomJitterBufferSizeNonVoice[0] = 15TLV11 btiTALineMaxJitterBufferSizeNonVoice[0] = 30

# set btiQosType to 1 for Single-Phase Commit Dynamic Upstream only (5.X with# DQos-lite Disabled)TLV11 btiQosType[0] = undefined

# set btiCmtsType




TLV11 btiCmtsType[0] = motorolaRD

# set btiCallAgentMfgTLV11 btiCallAgentMfg[0] = undefined

# set btiSignallingProtocolTLV11 btiSignallingProtocol[0] = limitedNCS1dot0

# set btiEndpointNameBase (default: use line numbers 1 - 4)TLV11 btiEndpointNameBase[0] = 2

# set btiUsePiggybacking true=1 for SafariTLV11 btiUsePiggybacking[0] = 1

# set No Inband Signaling for SafariTLV11 btiSignalling[0] = noInbandSignalling

# Change the Max Waiting Delay for sending RSIPs to 10 seconds for all lines# Do these mibs sets first so the RSIPs are not sent before changing these!# NOTE: line 1 = [101], line 2 = [102]REPEAT TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigMWD[101] = 10

# set pktcNcsEndPntConfigCallAgentId for line #1REPEAT TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId[101] = "[email protected]"

# set pktcNcsEndPntConfigCallAgentUdpPort for line #1REPEAT TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort[101] = 2727

#===========================================================# START: MTA DEBUG MIB Objects#===========================================================

TLV11 btiDebug[0] = 0x0b 0x05 0x02 0x00 0x00 0x00 0x05

TLV11 btiTALineXgcpAdminStatus[1] = 1TLV11 btiTALineXgcpAdminStatus[2] = 1

10.1.2 SBV4200 VoIP Cable Modem

Hardware Revision: 1.0

Software Revision: SBV4200-07.2.06-ENG00-FATSH

Boot Revision: 1.0

Provisioning Flow Mode: PacketCable Secure

Template File: see PacketCable Secure Flow Template File

10.1.3 SBV5120 VoIP Cable Modem


Software Revision: SBV5120-2.9.1.0-SCM27-SHPC

Boot Revision: 8.2




Provisioning Flow Mode: PacketCable Secure & Hybrid 1 and 2


10.1.4 SBV5120E VoIP Cable Modem (Euro)


Software Revision: SBV5120E-2.9.1.0-SCM22-SHPC

Boot Revision: 8.2

Provisioning Flow Mode: Euro PacketCable Secure & Hybrid 1 and 2

Template File Contents :

# IETF MTA MIB required device attributesTLV11 PKTC-IETF-MTA-MIB pktcMtaDevEnabled[0] = 1

# if this template file is used for devices in PacketCable Hybrid 1 or 2 mode,# following line can be # commented out

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevRealmName[1] = "TCOMLABS.COM"

# if this template file is used for devices in PacketCable Hybrid 1 or 2 mode,# following line can be commented out

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevRealmOrgName[1] = "cableProvider"

# if this template file is used for devices in PacketCable Hybrid 1 or 2 mode,# following line can be commented out

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevCmsKerbRealmName[1] = "TCOMLABS.COM"

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevCmsFqdn[1] = "mps.incognito.com"

TLV11 PKTC-IETF-MTA-MIB pktcMtaDevCmsIpsecCtrl[1] = 2

# Change the Max Waiting Delay for sending RSIPs to 10 seconds for all linesTLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigMWD[9] = 10

TLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigMWD[10] = 10

# Set UDP Port# for NCS SignalingTLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort[9] = 2727

TLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort[10] = 2727

# Set Call Agent IP address for NCS SignalingTLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentId[9] = "[email protected]"

TLV11 PKTC-IETF-SIG-MIB pktcNcsEndPntConfigCallAgentId[10] = "[email protected]"




How to install new Service Provider Root certificate (SBV5120 and SBV5120E)

Tel net t o CM: t el net <CM I P Addr ess> ( passwor d i s needed, most l i kel y“mt r l ”)Go t o MTA CONSOLE: mt a_consol e

MAIN> mta_console

mta_console

MTA DEBUG CONSOLE

mta_console>

Use i pt el e_dl d command to downl oad new r oot cer t i f i cat e:mta_console> iptele_dld

iptele_dld

Download IP Telephony Root Certificate from TFTP server

Enter the TFTP Server IP address and File Name in Following format:

<TFTP Server IP> <File Name>Exampl e: 172. 1. 1. 6 cer t i f i cat e. cer

10.2 Terayon10.2.1 TA-102X


Software Revision: 6.5.4.v

Boot Revision: 3.3

Provisioning Flow Mode: PacketCable Secure


How to install new Service Provider Root certificate

Access CM CLI by connect i ng hardware dongl e t o l i ne port 1 or 2:Entering CableModem CLI

Starting CLI with security level: MAINTENANCE

L2K ##

Conf i gur e uni t t hat on the next r eboot i t shoul d go to MTA CLI :L2K ## mta cli set 1

MTA CLI will be operated next reboot

L2K ##

Reboot CM:reboot 0

I n MTA CLI , go t o conf i g/ sec menu:$/admin> config

$/admin:config> sec

$/admin:config:sec>

Use kdcRoot command t o sel ect whi ch r oot cer t i f i cat e to use:




$/admin:config:sec> kdcRoot ?

kdcRoot: Select the root X.509 cert to work with

Usage: kdcRoot 0|1|2|3|4

cert : Root cert type

0 : IPFONIX1 : PacketCable

2 : Alopa

3 : IPCable

4 : CableLabsTest

10.3 Scienti fic Atlanta10.3.1 WebStar DPX2203


Software Revision: v2.0.1r1133-0108

Boot Revision: 2.1.5

Provisioning Flow Mode: PacketCable Secure & PacketCable w/out KDC


How to enable telnet and install new Service Provider Root certificate

Telnet

Add the following 3 TLVs to the DOCSIS TLV Definitions database, under DOCSIS 1.0 - TLV 43(Vendor Specific Information):

add tlvdefinition TelnetEnable parenttlvcode 43 DOCSISMAJORVERSION 1DOCSISMINORVERSION 0 TLVCODE 106 mandatory no configurable yesmaxinstance 1 datatype binary

add tlvdefinition "Telnet Login Name" parenttlvcode 43 DOCSISMAJORVERSION 1DOCSISMINORVERSION 0 TLVCODE 107 mandatory no configurable yesmaxinstance 1 datatype string

add tlvdefinition "Telnet Password" parenttlvcode 43 DOCSISMAJORVERSION 1

DOCSISMINORVERSION 0 TLVCODE 108 mandatory no configurable yesmaxinstance 1 datatype string

Create DOCSIS File Setting that contains above TLVs configured as follows:

TLVCODE: 43.106:1TLVDATA: 01(01 mean enable telnet access, 00 means disable telnet access (default))

TLVCODE: 43.107:1TLVDATA: <login name>




TLVCODE: 43.108:1TLVDATA: <login password>

TLVCODE: 43.8:1TLVDATA: <first 3 bytes of MTA MAC address>

Then create a client class for the Scientific Atlanta MTAs that contains the above

DOCSIS File Setting.

SP Root Certificate

Add the following 4 TLVs to the DHCP Service DOCSIS TLV Definitions database,under DOCSIS 1.0- TLV 43 (Vendor Specific Information):

add tlvdefinition CertDownloadAction parenttlvcode 43 DOCSISMAJORVERSION 1

DOCSISMINORVERSION 0 TLVCODE 16 mandatory no configurable yesmaxinstance 1 datatype binary

add tlvdefinition CertificateTFTP parenttlvcode 43 DOCSISMAJORVERSION 1DOCSISMINORVERSION 0 TLVCODE 17 mandatory no configurable yesmaxinstance 1 datatype ipaddress

add tlvdefinition CertificateDate parenttlvcode 43 DOCSISMAJORVERSION 1DOCSISMINORVERSION 0 TLVCODE 18 mandatory no configurable yesmaxinstance 1 datatype binary

add tlvdefinition CertificateName parenttlvcode 43 DOCSISMAJORVERSION 1

DOCSISMINORVERSION 0 TLVCODE 19 mandatory no configurable yesmaxinstance 1 datatype string

Create DOCSIS File Setting that contains above TLVs configured as follows:

TLVCODE: 43.16:1TLVDATA: 16

(note the above 16 is in hex, in decimal this is value 22, and it tells what cert(s) to download,it means "download the service provider root cert")

TLVCODE: 43.17:1TLVDATA: <IP address of the TFTP service>

TLVCODE: 43.18:1TLVDATA: 04091d00

(the above is the download date in format YY.MM.DD.HH, 4 bytes in hex, if the cert that MTA currentlyhas was downloaded after this date, the MTA will not download it gain. So we just set it to today'sdate: 04.09.29.00, meaning 2004 September 29, :00)

TLVCODE: 43.19:1TLVDATA: <certificate file name, must be less than 31 characters!>




TLVCODE: 43.8:1TLVDATA: <first 3 bytes of MTA MAC address>

Note: 43.8 only needs to be set once, so if both the telnet and the cert 43 TLVs are to be set,you only need this 43.8 value once.


DOCSIS File Setting.

And reboot the CM.

How to switch to PacketCable w/out KDC provisioning mode Add the following TLVs to the DHCP Service DOCSIS TLV Definitions database, under DOCSIS 1.0 -TLV 43 (Vendor Specific Information):

add tlvdefinition Provisioning Mode parenttlvcode 43 DOCSISMAJORVERSION 1DOCSISMINORVERSION 0 TLVCODE 25 mandatory no configurable yes maxinstance 1 datatypebinaryCreate DOCSIS File Setting that contains above TLV configured as follows:

TLVCODE: 43.25:1TLVDATA: 03

(value 3 means " Dual File Provisioning using both DOCSIS and MTA config files without Kerberos Security. MTAconfig file specified in SNMP set from provisioning server.")


DOCSIS File Setting and reboot the CM.

10.4 Arris

Touchstone Telephony Modem TM402P

Hardware Revision: 07

Software Revision: TS.04.01.04.031504

Boot Revision: 4.02

Provisioning Flow Mode: PacketCable Secure & PacketCable w/out KDC

Template File Contents :

TLV11 PKTC-MTA-MIB pktcMtaDevEnabled=1

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-9 = "MPS.INCOGNITO.COM"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-10 = "MPS.INCOGNITO.COM"




TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentUdpPort-9 = 2727


TLV11 PKTC-MTA-MIB pktcMtaDevCmsIpsecCtrl-MPS.INCOGNITO.COM = 1

# if this template file is used for devices in PacketCable w/out KDC provisioning mode,# following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevCmsKerbRealmName-MPS.INCOGNITO.COM = "IPFONIX.COM"

# if this template file is used for devices in PacketCable w/out KDC provisioning mode,# following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevRealmOrgName-IPFONIX.COM = "CableLabs, Inc."

TLV11 PKTC-SIG-MIB pktcSigDefNcsReceiveUdpPort = 2427

REPEAT TLV11 ifAdminStatus-9 = 1

10.4.1 How to install new Service Provider Root certificate Arris device embeds 2 root certificates: official CableLabs Service Provider Root certificate andtesting CableLabs Service Provider Root certificate. Default is use official root certificate. TestingSP hierarchy is available for download at http://www.cablelabs.com/certqual/security, however KDCcertificate is not provided so one should generate KDC certificate by itself (e.g. using OpenSSL).Private key of either Service Provider or Local System certificate can be used for KDC certificatesigning and this key is provided together with hierarchy.

Realm name in KDC certificate generated and used during interoperability testing was set toIPFONIX.COM (note above template config line pktcMtaDevRealmOrgName-IPFONIX.COM).

To use either testing CableLabs SP hierarchy or to install new root certificate onto device createDOCSIS File Setting with following 3 SNMP MIB Object TLVs:

TLV 11< OID = 1.3.6.1.4.1.4115.10.1.29.1.1 > (ppCfgMtaDevSPTestRootCertServer)< Value Type = IP Address >< Object Value = TFTP Server IP address used for downloading root certificate >

TLV 11< OID = 1.3.6.1.4.1.4115.10.1.29.1.2 > (ppCfgMtaDevSPTestRootCertFilename)

< Value Type = Octet String >< Display as ASCII Text >< Object Value = the file name of root certificate to be downloaded >

TLV 11< OID = 1.3.6.1.4.1.4115.10.1.29.1.3 > (ppCfgMtaDevSPTestRootCertAdminStatus)< Value Type = Integer >< Object Value = 1 if want to use embedded test root certificate >, or< Object Value = 2 if want to download/install new root certificate >

Then create a client class for the Arris MTAs that contains the above

http://www.cablelabs.com/certqual/security

http://www.cablelabs.com/certqual/security




DOCSIS File Setting. And reboot the CM.

How to switch to PacketCable w/out KDC provisioning mode

Create DOCSIS File Setting with following SNMP MIB Object TLV:

TLV 11< OID = 1.3.6.1.4.1.4115.1.3.1.1.2.3.2 > (ArrisCmDevProvMethodIndicator)< Value Type = Integer >< Object Value = 2 >

Then create a client class for the Arris MTAs that contains the aboveDOCSIS File Setting and reboot the CM.

10.5 Packet Cable Secure Flow Template File

TLV11 PKTC-MTA-MIB pktcMtaDevEnabled = 1

# if this template file is used for devices in PacketCable Hybrid 1 or 2 or w/out KDC# provisioning mode, following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevRealmOrgName-IPFONIX.COM = "Really Amazing TelephoneCompany"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-9 = "CMS.INCOGNITO.COM"

TLV11 PKTC-SIG-MIB pktcNcsEndPntConfigCallAgentId-10 = "CMS.INCOGNITO.COM"

# if this template file is used for devices in PacketCable Hybrid 1 or 2 or w/out KDC# provisioning mode, following line can be commented out

TLV11 PKTC-MTA-MIB pktcMtaDevCmsKerbRealmName-CMS.INCOGNITO.COM ="IPFONIX.COM"

TLV11 PKTC-MTA-MIB pktcMtaDevCmsIpsecCtrl-CMS.INCOGNITO.COM = 1



10.6 Notes

1. Some call agents seem to require UDP port for the CMS object (pktcNcsEndPntConfigCallAgentUdpPort) to be setto default value of 2727 (e.g. CedarPoint Safari CMS), whereas others (e.g. Nuera) use 2427.



2. Some CMS (e.g. Nuera) require MTA UDP receive port for NCS (pktcSigDefNcsReceiveUdpPort) to be set, e.g. intemplate file TLV11 pktcSigDefNcsReceiveUdpPort = 2427

3. Terayon and Arris eMTA devices require Call Management Server Name object (pktcNcsEndPntConfigCallAgentId)to be set in upper case letters and without ‘@’ character in the name. According to PacketCable Provisioning spec,this value must be FQDN, which allows lower case letters.

Documents

BCC Quick Start