BigPond Cable - HFC Channels and IP Addressing

Author:	John.Marshall@riverwillow.com.au
Date:	10-Jun-2004
Revised:	26-May-2005

This page describes what I have observed in the context of our own BigPond Broadband Cable connection. My observations are offered for the interest of others and are confined to the following context:

Telstra BigPond Broadband DOCSIS Cable Service in Western Sydney
Our local UBR - ubr9.nsw.bigpond.net.au
Motorola SB5100 "SURFboard" cable modem - using Ethernet port
Cisco 1710 Router

This article assumes a basic knowledge of the cable network as outlined in our previous article, DOCSIS, DHCP and Firewalls.

Solutions documented on this page worked for us until 12-May-2005 when BigPond changed our world by replacing our local UBR. See our subsequent article on DHCP Lease Renewal Problems for further details.

Yesterday morning I noticed that the cable modem's Online light was flashing: Power, Receive and Send lights were all on solid. A quick check confirmed a lack of Internet connectivity. After about 10 minutes the Receive, Send and Online lights extinguished, the Recieve light blinked a few times and then changed to On, the Send light blinked a few times and then changed to On, and the Online also light blinked a few times and settled back to On. "Ah good!" I thought, "We're back on the air!" Not so!

I checked the cable modem's status pages and noticed that it had selected a new pair of downstream and upstream cable channels. I checked the router - the WAN port was still configured with its public IP address, and the DHCP lease still had another half hour or so to run. BPALogin was retrying login every minute without success. It is not an uncommon thing for the heartbeat server to disappear from time to time, but even then it is still possible to talk to the BigPond DNS and FTP servers. This time, there was no DNS and no FTP either - we had absolutely no IP connectivity...

What Happens When the Cable Modem Changes Channels?
How Are IP Subnets Allocated on the UBR?
What Are the Implications for CPE Configuration?
SB5100 Status Pages

What Happens When the Cable Modem Changes Channels?

The short answer is that you land on a different subnet:

Your cable modem acquires a different private address on its HFC interface
Your DHCP Relay Agent is now a different 10.n.n.1 address
Your CPE WAN interface needs to acquire an address in a different public IP subnet, with a different gateway address, in order to communicate with the authentication server and the Internet
Your DHCP Server address remains the same

A DHCP timer on our router's WAN interface fired and it started trying to talk to the DHCP server. No joy - it didn't have a route. Then, I started seeing BOOTP replies coming from 10.128.132.1 - my firewall rules only permitted DHCP traffic from 10.128.136.1 and I wasn't seeing anything from it. I decided to permit that traffic and watched the router's WAN interface come up in a different subnet (144.136.100/22 instead of 144.136.104/22). After that, I could once again talk to the BigPond DNS and FTP servers, and BPALogin found the authentication server and logged me in. We were back on the air.

Noticing that the previous and current private and public IP subnets were adjacent to each other, I conducted some experiments in which I forced the cable modem to change downstream and upstream channels. I concluded that:

Our local UBR uses at least 4 Downstream Channels
The subnet change follows a change in Downstream Channel
Different Upstream Channels can be selected for a given Downstream Channel without affecting the subnet
In all cases the DHCP server address remained the same (172.18.18.80 in our case)

How Are IP Subnets Allocated on the UBR?

I discovered 4 adjacent Downstream Cable Channels on our local UBR, across which 20-bit IP network allocations had been distributed in consecutive 22-bit subnets. There may well be more channels involved. The following table shows my findings.

UBR Cable-side Addresses
for
ubr9.nsw.bigpond.net.au
Downstream Channel (MHz)	IP Addresses		MAC Address
Downstream Channel (MHz)	Primary (DHCP Relay)	Secondary (Gateway)	MAC Address
561	10.128.140.1/22	144.136.108.1/22	00:05:5F:EC:38:54
567	10.128.136.1/22	144.136.104.1/22	00:05:5F:EC:38:70
573	10.128.132.1/22	144.136.100.1/22	00:05:5F:EC:38:8C
579	10.128.128.1/22	144.136.96.1/22	00:05:5F:EC:38:A8

What Are the Implications for CPE Configuration?

More firewall rules! We need to permit BOOTP broadcast replies from the Primary (private) IP address on each of the UBR's HFC interfaces. It is also helpful to permit ICMP traffic from those addresses. I noticed that if I log out BPALogin, I start seeing ICMP 3/13 packets returned from the current channel's primary UBR address (10.128.n.1) - that's the UBR telling me "Destination Unreachable: Communication Administratively Prohibited", which provides instant indication of heartbeat/dce-server problems.

Add rules to permit inbound traffic from UBR Primary addresses. Unless these are permitted (implicitly or explicitly) you will never obtain a DHCP lease of a public IP address. You need many of these as you have downstream channels which your cable modem might fancy. For example:
- permit udp host 10.128.128.1 eq 67 host 255.255.255.255 eq 68
- permit udp host 10.128.132.1 eq 67 host 255.255.255.255 eq 68
- permit udp host 10.128.136.1 eq 67 host 255.255.255.255 eq 68
- permit udp host 10.128.140.1 eq 67 host 255.255.255.255 eq 68
Whether or not you choose to permit the Destination Unreachable ICMP replies from the UBR, it can be useful to log them:
- permit icmp host 10.128.128.1 any 3 13 log
- permit icmp host 10.128.132.1 any 3 13 log
- permit icmp host 10.128.136.1 any 3 13 log
- permit icmp host 10.128.140.1 any 3 13 log
You don't need to change the rules for the DHCP server, all UBR interfaces relay to the same local DHCP server. If you can't communicate with the DHCP server, you won't be able to renew your DHCP lease and your equipment will lose its IP address every few hours. Note that, for the Cisco router, it is not necessary to create rules for the outbound DHCP traffic because it originates from the interface (only traffic which traverses the interface gets dragged through the output filter). It is, however, necessary to configure a route to the DHCP server.
- permit udp host 172.18.18.80 eq 67 any eq 68 log
- ip route 172.18.18.80 255.255.255.255 Ethernet0

SB5100 Status Pages

The SB5100 cable modem runs its own HTTP server on TCP Port 80 on its default LAN address (192.168.100.1). This server provides access to a handful of status and configuration pages which are very useful for diagnostic purposes. Even during normal operation (when the modem is in bridging mode) it listens for, and intercepts, HTTP traffic addressed to itself. If your router/firewall swallows outbound traffic addressed to private addresses, then you will want to define a host route to this address and a rule to permit http browser access to it. This link should show the status pages on your cable modem.

Glossary

ICMP 3/13 Packets

An ICMP Type 3 packet denotes, "Destination Unreachable". An ICMP Type 3 packet with a Code of 13 denotes, "Communication Administratively Prohibited" as described in RFC1812. A router returns an ICMP 3/13 packet if it drops a packet as a result of administrative filtering.

ICMP Parameters is an IANA "Assigned Numbers" document which lists the ICMP packet Type numbers and their associated Codes.

Document Revision History

10-Jun-2004	Original Document
26-May-2005	Modify Notice at top to include reference to article on UBR replacement

Riverwillow Pty Ltd