A “101” on DOCSIS® Technology: The Heart of Cable Broadband
Welcome to the first installment of our CableLabs 101 series about a suite of breakthrough technologies that are instrumental in the path toward the cable industry’s 10G vision—a new era of connectivity that will revolutionize the way we live, work, learn and play. These technologies work together to further expand the capabilities of cable’s hybrid fiber coaxial (HFC) network by increasing connection speeds and capacity, lowering latency and enhancing network reliability and security to meet cable customers’ needs for many years to come.
What Is DOCSIS?
Initially released by CableLabs in 1997, DOCSIS—or Data Over Cable Service Interface Specification—is the technology that enables broadband internet service over an HFC network, now used by hundreds of millions of residential and business customers around the globe. It is essentially the set of specifications that allows different cable industry vendors to design interoperable cable modems (the piece of network equipment that sits in the home) and cable modem termination systems (CMTSs—the network equipment that sits in the cable operator’s hub site). The CMTS is a head-end traffic controller that routes data between the modem in the home and the internet.
DOCSIS technology helped usher in the era of broadband and “always on” internet connections, enabling a wave of innovation that continues to this day. With DOCSIS technology, internet customers were no longer forced to use dial-up solutions that tied up home phone lines and probably caused a significant spike in family feuds. The DOCSIS solution changed everything. Not only did it allow for an “always-on” cable connection (no dial-up required!), it was also significantly faster than dial up. We’ll talk about connection speed—along with capacity, latency and other network performance metrics—and how they affect you a little later in this article.
How Does It Work?
DOCSIS technology governs how data is transmitted over the HFC network. To understand how it works, we need to start with the HFC network—the physical infrastructure that most cable companies use to provide high-speed internet connectivity to their customers. As the name suggests, the HFC network is composed of two parts: the fiber optical network and the coaxial network. HFC networks are predominantly fiber, as illustrated in our recent blog post. The remaining portion of the HFC network is coaxial cable. The coaxial network is connected to the optical fiber network at a “fiber node,” where the (fiber) optical signals are converted to radio frequency electrical signals for transmission over the coaxial network to the subscriber’s home. The HFC network seamlessly transmits data from the CMTS to your cable modem (we call this “downstream” or “download” traffic) or from your modem back to the CMTS (“upstream” or “upload”). In turn, the CMTS is connected to the internet via a set of routers in the service provider’s network.
Think of the HFC network as a “highway” and the data as traffic moving in “lanes” in either direction. In the downstream direction, DOCSIS devices translate the data from the internet into signals carried on the fiber optic portion of the HFC network and then down the coaxial network to your modem. On the upstream, the data that you upload is sent back up the network on a separate upstream “lane.” Traditionally, this “highway” has had more lanes dedicated to the downstream traffic than upstream, which matches current customer traffic patterns. All of this is about to change with the 10G vision, which strives toward symmetrical upstream and downstream service speeds.
How Has This Technology Evolved?
DOCSIS technology has come a long way since 1997. Over the years, it has undergone a few iterations, through versions 1.0, 1.1, 2.0 and 3.0 to 3.1. As DOCSIS has evolved, it has gotten faster by adding more lanes in each direction and it has become more energy-efficient as well. Along the way, several additions to the base technology have been continuously added. These include enabling lower latencies, increased security of the traffic, and tools to make the network more reliable. Today’s cable networks leverage DOCSIS 3.1 technology, which has enabled the widespread availability of 1 Gbps cable broadband services, allowing us to easily enjoy services like 4K video, faster downloads, seamless online gaming and video calls.
DOCSIS 4.0, released in March 2020, is another stepping stone toward that 10G vision. It will quadruple the upstream capacity to 6 Gbps, to match changing data traffic patterns and open doors to even more gigabit services, such as innovative videoconferencing applications and more. DOCSIS 4.0 equipment is still in the process of being developed and is seeing great progress each day toward device certification. Once certification is complete, cable vendors will start mass-producing DOCSIS 4.0-compatible equipment. With the widespread deployment of DOCSIS 4.0 technology, cable operators will have the ability to offer symmetrical multigigabit broadband services over their HFC networks.
How Does This Technology Affect Me and My Future?
All this talk about connection speeds, low latency, reliability and other performance metrics matter to us technologists because it’s how we gauge progress. But it’s so much more than giga-this and giga-that. These metrics will directly impact your future in a real, tangible way.
Over the past two decades, high-speed internet connectivity went from an obscure tech geek novelty to an important part of modern life. We are now streaming in 4K, collaborating on video chat, playing online games with people around the world, driving connected cars and so on. Continuous advancements in DOCSIS technologies are helping make this reality possible by increasing download and upload speeds, lowering latency—or lag—for a more seamless experience, and improving reliability and security to protect our online information.
DOCSIS 4.0 technology will enable symmetrical multigigabit services, ushering in a new wave of innovation across industries and applications, including healthcare, education, entertainment, collaboration technologies, autonomous vehicles and many more. In the near future, we will see advanced health monitoring services, immersive learning and work applications, visually rich VR/AR, holodecks, omnipresent AI assistants and other game-changing innovations that we haven’t even thought of yet. In many ways, the reach and flexibility of cable’s HFC infrastructure is the backbone of our 10G future, and DOCSIS—in combination with other advanced network technologies—is key to helping us reach this Near Future.
Facts You May Not Know About the Cable Industry
The cable industry has been around since 1948, first delivering broadcast TV channels, then cable TV channels starting in the 1970s and finally—cable broadband internet in 1996. The introduction of fast-speed, “always-on” cable internet changed everything. It accelerated innovation across multiple industries and created whole new markets. Just take a moment to think: how many times a day do you do something that requires an internet connection and where would you be without it?
The cable broadband industry now serves over 200 million households—and counting—around the world. Even if yours is one of them, you probably don’t give too much thought to what cable internet is or how it works. Internet has become an important part of modern life enabling us to learn and work from home, watch in 4K, schedule telemedicine appointments, play online multiplayer games, remote control our home security systems and so on. In fact, cable industry is the leader in delivering next-generation broadband services, with cable gigabit services available to over 80% of U.S. homes. Plus, roughly half of global cable operators are also mobile providers, so you can take your modern conveniences on the go.
While it might seem like an overnight success, building a super-fast and reliable broadband platform for millions of everyday users required a lot of collaboration and around $290 billion dollars in infrastructure and network investments over the past 20 years in the U.S.. Earlier this year, CableLabs released the DOCSIS® 4.0 specification, the latest version of the technology that governs how a broadband internet signal is transmitted over cable. When widely adopted, DOCSIS 4.0 technology will quadruple network upload capacity to up to 6 Gbps, that will support a new wave of innovative experiences and much more. But we’re not stopping here. This is only a stepping stone toward cable’s 10G vision.
Along with speed, capacity, latency and other network performance metrics, the cable industry also improved the energy efficiency of its equipment by reducing energy consumption through voluntary commitments. All these ongoing improvements, together with cable’s expansive network footprint and unwavering commitment to meeting the needs of broadband customers, are the perfect recipe for building the super network of the future. Stay tuned!
A Fiber-Rich Cable Network: What Does It Really Mean?
Cable networks are fiber-rich, and cable operators have long invested in deploying more fiber deeper into their networks. A fiber-rich environment enables greater capacity, increased speeds and more flexibility to support a range of access technologies. Although cable broadband networks are typically composed of both fiber optic and coaxial cables, most cable customers are surprised to learn that the vast majority of the distance that an internet packet travels is over fiber.
In simple terms, a cable network is composed mostly of fiber that connects the interconnection border gateways to the regional hubs to the optical nodes. The remaining short distance—from the optical node to the customer’s home and then to each individual device in the home—is where the internet packet travels over coaxial cable and home Wi-Fi.
Let’s take a look at a simple real-life example, illustrated below. When a cable customer in Vancouver, Canada, makes a video call to a cable customer in Ames, Iowa, the data starts its journey over Wi-Fi to the home router and then travels about a quarter of a mile from the router to the nearest optical node via a coaxial cable. From that point, the data is converted to a fiber-optic signal that carries it for about 2,499 miles—or 99.96 percent of the total journey—to another neighborhood optical node in Ames. The remaining half-mile or less from the node to the other customer’s home is again transmitted over coax and Wi-Fi. As you can see, less than 1 mile (1.5 kilometers) of the data’s 2,500-mile (3,200-kilometer) journey between Vancouver and Ames is transmitted over coax and Wi-Fi—the rest is all fiber!
You can download the infographic here. Interested in learning more about cable networks in the future? Subscribe to our blog.
The Cable Security Experience
We’ve all adjusted the ways we work and play and socialize in response to COVID. This has increased awareness that our broadband networks are critical – and they need to be secure. The cable industry has long focused on delivering best-in-class network security and we continue to innovate as we move on towards a 10G experience for subscribers.
CableLabs® participates in both hybrid fiber coaxial (HFC) and passive optical network (PON) technology development. This includes the development and maintenance of the Data Over Cable Service Interface Specification (DOCSIS®) technology that enables broadband internet service over HFC networks. We work closely with network operators and network equipment vendors to ensure the security of both types of networks. Let’s review these two network architectures and then discuss the threats that HFC and PON networks face. We’ll see that the physical media (fiber or coax) doesn’t matter much to the security of the wired network. We’ll discuss the two architectures and conclude by briefly discussing the security of the DOCSIS HFC networks.
A Review of HFC and PON Architectures
The following diagram illustrates the similarities and differences between HFC and PON.
Both HFC and PON-based FTTH are point-to-multipoint network architectures, which means that in both architectures the total capacity of the network is shared among all subscribers on the network. Most critically, from a security perspective, all downlink subscriber communications in both architectures are present at the terminating network element at the subscriber – the cable modem (CM) or optical network unit (ONU). This necessitates protections for these communications to ensure confidentiality.
In an HFC network, the fiber portion is between a hub or headend that serves a metro area (or portion thereof) and a fiber node that serves a neighborhood. The fiber node converts the optical signal to radio frequency, and the signal is then sent on to each home in the neighborhood over coaxial cable. This hybrid architecture enables continued broadband performance improvements to support higher user bandwidths without the need to replace the coaxial cable throughout the neighborhood. It’s important to note that the communication channels to end users in the DOCSIS HFC network are protected, through encryption, on both the coaxial (radio) and fiber portions of the network.
FTTH is most commonly deployed using a passive optical networking (PON) architecture, which uses a shared fiber down to a point in the access network where the optical signal is split using one or more passive optical splitters and transmitted over fiber to each home. The network element on the network side of this connection is an Optical Line Terminal (OLT) and at the subscriber side is an ONU. There are many standards for PON. The two most common are Gigabit Passive Optical Networks (GPON) and Ethernet Passive Optical Networks (EPON). An interesting architecture option to note is that CableLabs developed a mechanism that allows cable operators to manage EPON technology the same way they manage services over the DOCSIS HFC network – DOCSIS Provisioning of EPON.
In both HFC and PON architectures, encryption is used to ensure the confidentiality of the downlink communications. In DOCSIS HFC networks, encryption is used bi-directionally by encrypting both the communications to the subscriber’s cable modem (downlink) and communications from the subscriber’s cable modem (uplink). In PON, bi-directional encryption is also available.
How might an adversary (a hacker) look at these networks? There are four attack vectors available to adversaries in exploiting access networks:
- Adversaries can directly attack the access network (e.g., tapping the coax or fiber cable).
- They may attack a customer premises equipment (CPE) device from the network side of the service, typically referred to as the wide area network (WAN) side.
- They may attack the CPE device from the home network side, or the local area network (LAN) side.
- And they may attack the network operator’s infrastructure.
Tapping fiber or coaxial cables are both practical. In fact, tools to allow legitimate troubleshooting and management by authorized technicians abound for both fiber and coaxial cables. An incorrect assumption is to believe that fiber tapping is difficult or highly technical, relative to tapping a coaxial cable. You can easily find several examples on the internet of how this is simply done. Depending where the media is accessed, all user communications may be available on both the uplink and downlink side. However, both HFC and PON networks support having those communications encrypted, as highlighted above. Of course, that doesn’t mean adversaries can’t disrupt the communications. They can do so in both cases. Doing so, however, is relegated only to houses passed on that specific fiber or coaxial cable; the attack is local and doesn’t scale.
For the other attack vectors, the risks to HFC or PON networks are equivalent. CPE and network infrastructure (such as OLTs or CMTSs) must be hardened against both local and remote attacks regardless of transport media (e.g., fiber, coax).
Security Tools Available to Operators
In both HFC and PON architectures, the network operator can provide the subscriber with an equivalent level of network security. The three primary tools to secure both architectures rely on cryptography. These tools are authentication, encryption, and message hashing.
- Authentication is conducted using a secret of some sort. In the case of HFC, challenge and response are used based on asymmetric cryptography as supported by public key infrastructure (PKI). In FTTH deployments, mechanisms may rely on pre-shared keys, PKI, EAP-TLS (IETF RFC 5216) or some other scheme. The authentication of endpoints should be repeated regularly, which is supported in the CableLabs DOCSIS specification. Regular re-authentication increases the assurance that all endpoints attached to the network are legitimate and known to the network operator.
- Encryption provides the primary tool for keeping communications private. User communications in HFC are encrypted using cryptographic keys negotiated during the authentication step, using the DOCSIS Baseline Privacy Interface Plus (BPI+) specifications. Encryption implementation for FTTH varies. In both HFC and PON, the most common encryption algorithm used today is AES-128.
- Message hashing ensures the integrity of messages in the system, meaning that a message cannot be changed without detection once it has been sent. Sometimes this capability is built into the encryption algorithm. In DOCSIS networks, all subscriber communications to and from the cable modem are hashed to ensure integrity, and some network control messages receive additional hashing.
It is important to understand where in the network these cryptography tools are applied. In DOCSIS HFC networks, user communications are protected between the cable modem and the CMTS. If the CMTS functionality is provided by another device such as a Remote PHY Device (RPD) or Remote MACPHY Device (RMD), DOCSIS terminates there. However, the DOCSIS HFC architecture provides authentication and encryption capabilities to secure the link to the hub as well. In FTTH, the cryptographic tools provide protection between the ONU and the OLT. If the OLT is deployed remotely as may be the case with RPDs or RMDs, the backhaul link should also be secured in a similar manner.
The Reality – Security in Cable
The specifications and standards that outline how HFC and PON should be deployed provide good cryptography-based tools to authenticate network access and keep both network and subscriber information confidential. The security of the components of the architecture at the management layer may vary per operator. However, operators are very adept at securing both cable modems and ONUs. And, as our adversaries innovate new attacks, we work on incorporating new capabilities to address those attacks – cybersecurity innovation is a cultural necessity of security engineering!
Building on more than two-decades of experience, CableLabs continues to advance the security features available in the DOCSIS specification, soon enabling new or updated HFC deployments to be even more secure and ready for 10G. The DOCSIS 4.0 specification has introduced several advanced security controls, including mutual authentication, perfect forward secrecy, and improved security for network credentials such as private keys. Given our strong interest in both optical and HFC network technologies, CableLabs will ensure its own specifications for PON architectures adopt these new security capabilities and will continue to work with other standards bodies to do the same.
Managing Network Quality and Capacity With Proactive Network Maintenance
You probably know that Proactive Network Maintenance (PNM) is about finding and fixing problems before they impact the customer to ensure highly reliable and available cable broadband services. But the other side of PNM is about managing the capacity or bandwidth available in the network. PNM may have started with the former concept in mind, but the latter is becoming more important as we rely on higher amounts of capacity at the edge. As the world adjusts to life during the COVID-19 pandemic, access network capacity is becoming even more critical. PNM is an important toolset for network capacity management, and CableLabs is helping operators manage network quality and capacity together.
Network condition impacts network capacity. Network impairments, a broad class of failures and flaws in the ability of a network to carry data, have to be addressed before they lead to service failure. The DOCSIS® protocol is a method for sending data over multiple radio frequencies in hybrid fiber-coax networks, and comes with several resiliency mechanisms, like profile management, that help service continue in spite of impairments, to a point. These impairments in the cable plant may impact a few or all frequencies. Impairments that impact specific frequencies may or may not be able to be compensated for, on those frequencies. If severe, the impairment may impact the data carried on those frequencies entirely, leading to correctable or even uncorrectable data errors. If not severe, profiles may be able to adjust to lower modulation orders to allow less data to be reliably carried than otherwise. Impairments that impact a larger amount of frequencies of course have a greater impact on the bandwidth the network can carry. In any case, impairments impact the capacity that the operator can get from the access network.
For example, consider that operators often place upstream bandwidth into lower frequencies, near where radio and electrical interference can enter the network through damaged cable or loose connectors. Upstream profiles can help make these frequencies useful when otherwise impaired; PNM can help operators find, work around, and fix ingress issues before they impact service. If the cable is damaged in multiple places (or say water gets into the cable due to wind causing it to move and get lose or damaged) then multiple frequencies can be impacted. But DOCSIS mechanisms help services be robust to these problems, and PNM can alert the operator to the problem, allowing a proactive fix.
PNM is a practical set of tools for network operators to manage network conditions, which becomes even more important as we move toward higher utilization of the access network capacity. As demand for bandwidth increases at the edge, PNM becomes an important network capacity management tool for network providers. The difference between a perfect network and one with flaws felt by customers begins to shrink. PNM begins to be an imperative; it is “table stakes” for maintaining communications services and managing the capacity of the network.
For almost all of us, we share our connection to the internet and our communication services whether fiber or coaxial cable is the final connection to the home. Over the years, DOCSIS has grown to provide much higher data rates over a shared medium, in addition to adding resiliency. Cable Modem Termination Systems (CMTSs) enable the network resources to be shared efficiently, so that we all have access to better communications through economies of scale, allowing us all to take advantage of the capacity available. Service providers can manage the network capacity with a number of methods to make sure service needs are met, PNM being one of those mechanisms.
CableLabs has been working with these issues in mind for some time. In July of 2019, I wrote on the subject of 10G and reliability, pointing out that higher bandwidth solutions closer to the customer will be required for 10G. Then, in August, I wrote on the subject of reliability from a cable perspective and pointed out that the impairments addressed through PNM impact capacity. So, we see that reliability and network capacity are closely coupled. As we move toward higher bandwidth services, expand the utilization of frequencies and further push the limits of technology, reliable and sufficient bandwidth become highly coupled. Therefore, so do the tools that network providers use to manage these service qualities. CableLabs is working on solutions to help operators succeed in this reality.
Upstream: How Much Speed Do You Need?
In the middle of a global pandemic, in which people are working and playing on their various devices at home, internet usage is surging—whether because of virtual meetings or streaming entertainment or mindlessly scrolling through apps. And it’s not just the heavily used downstream aspect that’s seeing increased usage, we’re also seeing an increase in upstream usage.
What Is Upstream?
Upstream is when data flows from the user to the network. When we play an online multiplayer video game or conduct a web conferencing call, we’re using the upstream channel. According to the NCTA’s COVID-19 dashboard, upstream internet traffic through late July was elevated, up 22.1 percent compared with pre-pandemic levels.
Cable networks have ably handled this increased traffic, aided by the fact that popular upstream-dependent applications require relatively modest bandwidth. A web audio conference call requires a modest 0.03 to 0.15 Mbps in bandwidth, whereas a video call may require up to 3 Mbps. Given that nearly all U.S. households passed by cable networks have currently available upstream speeds of at least 20 Mbps, there’s sufficient capacity to meet today's demands.
Your cable broadband internet connection can handle it today and we continue to advance cable network technology to ensure we're also ready for tomorrow.
How Reliable Is Cable Internet? Here’s How Our Networks Are Performing
Starting in mid-March, the world experienced a sudden surge in internet usage driven by the widespread COVID-19 stay-at-home orders that caused many of us to switch to working and studying at home in a matter of days. Cable broadband networks not only withstood this sudden surge in internet usage; they excelled. For example, for the week of June 27–July 4, 99.9 percent of U.S. cable broadband users saw no material impact on customer experience. Looking to the future, cable networks are also well-positioned to remain ahead of sustained increases in consumer demand. Although internet usage appears to have plateaued recently, CableLabs and the broader cable industry continue to develop further network advancements to ensure that internet performance stays well ahead of even the most demanding home users’ needs for years to come.
Internet Usage During COVID-19 and Cable Broadband Services
Network monitoring provider OpenVault reveals just how much home internet usage jumped over the past few months:
- In the United States, average daily downstream consumption from 9 a.m. to 5 p.m. in the first week of April totaled about 6.35 GB per household, up 42 percent from 4.46 GB in January. Upstream average usage during business hours rose to 0.39 GB, up 83 percent compared with 0.22 GB in January.
- Worldwide, looking at a sample of 500 fixed, mobile and Wi-Fi network providers, networking equipment provider Sandvine found that overall traffic increased 40 percent between February 1 and April 19. It also found that upstream traffic rose 121 percent during this period.
Even considering these dramatic increases, home internet use remains heavily asymmetrical. The amount of data transmitted to the home (downstream) vastly outweighs the amount of data transmitted from the home (upstream). This is driven by the continued use of video streaming services (e.g., Netflix, YouTube) that require substantial amounts of data to be transmitted to the home to enable the user to view a movie, TV show or other video. These applications require very little data transmitted from the home.
Two-way video collaboration tools (e.g., Zoom, Microsoft Teams) do require more data to be transmitted from the home (upstream) in comparison with video streaming services due to two-way audio and video functionality. Even with the increased use of these collaboration tools, upstream data transmissions remain well below a tenth of total data transmitted over home internet connections.
The predominance of downstream use is further confirmed in the detailed examination of broadband use from a top-tier North American cable broadband operator, as set forth in Figures 1 and 2 below. Over the past 8 years, the proportion of downstream traffic has increased and plateaued at roughly 92–94 percent of total traffic at peak. Looking more closely at the most recent 5 months illustrates the rapid increase in internet use due to COVID-19. Even with upstream increasing at a faster rate than downstream, upstream use at peak maxed out at only 9 percent of total traffic, as illustrated in Figure 2. Additional metrics, trends and observations on cable internet usage can be found on NCTA’s COVID-19 Dashboard.
Cable Broadband’s Outlook Is Healthy
The asymmetric design of cable’s internet service tiers accurately matches how consumers have been using the internet, even with the increased use during stay-at-home orders. This is important both to ensure a high-quality user experience and to efficiently allocate available network capacity. Cable operators continually monitor their networks and engineer them to accommodate significant fluctuations. There are indications that these increased levels of usage will be foundational as new use cases emerge and as a significant segment of the population continues to work and learn from home. For example, many companies have found that their remote workers maintained or even improved productivity—so much so that they may make the arrangement permanent.
Cable network technology, more formally known as Data Over Cable Service Interface Specification (DOCSIS®), has the flexibility and performance capabilities to handle further increases in consumer demand in both downstream and upstream data transmissions. With DOCSIS 3.1 technology, the current widely deployed version of cable network technology, cable operators are making gigabit services broadly available. For example, cable gigabit services are now available to 80 percent of U.S. housing units.
And there are more performance enhancements on the horizon with the recently released DOCSIS 4.0 specification, which will readily enable multi-gigabit internet services. In addition, the 10G platform provides increased reliability, enhanced security and reduced latency.
Taking a peek into the future, cable broadband networks have not only excelled in the initial surge in internet usage caused by the COVID-19 pandemic, but they will be ready for the potential long-term changes in consumer behavior that will drive increased internet usage. To learn more about the technologies that power cable’s broadband internet services today and into the future, click the button below.