FMA 101: Taking Things Apart to Make Them Even Better
This month, we continue our CableLabs 101 series by peeling back the next layer of the hybrid fiber-coax (HFC) distributed access network with a recently released specification called Flexible MAC Architecture (FMA). This technology isn’t as well known as DOCSIS®, Remote PHY or Coherent Optics, but it’s just as essential to make 10G a reality in the near future. Let’s take a closer look.
What Is FMA?
Without getting too technical, a big part of what we do involves analyzing how things work. We like to take things apart and see how we can reorganize or alter the components to build better, more efficient products. Essentially, that’s what innovation is all about! In this case, the “product” in question is the DOCSIS technology and the cable access network that delivers Internet to your home.
Some time ago, we figured out how to split key DOCSIS functions into two major pieces: the Media Access Control (MAC) function responsible for DOCSIS processing and the physical radio frequency function (PHY) responsible for DOCSIS signal generation. This initial split became known as Remote PHY, and you can read more about it in our previous blog post here. Subsequently, we built a complementary project involving the redistribution of these functions across the network to enable efficiencies in speed, reliability, latency and security. This newer project is FMA, which defines various ways of restructuring the MAC function’s management, control and data planes to support multi-gigabit data services of the future.
In September 2020, this extraordinary effort—involving thousands of work hours across the global cable industry—culminated in the specification. It’s a library of specifications that gives our industry vendors the technical means to develop interoperable products for our cable community, and it officially welcomes FMA into the 10G technologies toolkit.
How Does FMA Work and Why Do You Need It?
The Converged Cable Access Platform (CCAP)—a nearly decade-old technology—serves as a single platform for both video and broadband services. In a traditional CCAP architecture, all the major network functions, including the MAC layer functions we mentioned earlier, are unified at the headend. However, as consumers’ bandwidth consumption has continued to skyrocket with no sign of slowing down, the cable industry asked: Is there a better way to structure CCAP to prepare our networks for the needs of tomorrow?
The answer was yes.
That’s how the concepts of Remote PHY, Remote MAC-PHY and, eventually, FMA were born. By taking apart key CCAP functions and moving them to other places throughout the network (e.g., a fiber node), we can greatly reduce space and power demands at the headend, creating efficiencies that translate into faster network speeds, lower latencies and overall a better, and reliable cable access network.
Plus, FMA offers cable operators the ultimate flexibility to implement and deploy CCAP functionality in a way that makes the most sense for them. It fully supports the DOCSIS 4.0 requirements and, along with the other tools in the 10G arsenal, can help operators build adaptive and secure networks that can easily handle future demand.
How Does This Technology Affect You and Your Future?
Complete disaggregation of CCAP sounds great, but you might be asking yourself: “What’s in it for me?” As with any 10G technology that we’ll cover in this series, it’s always about improving the end user experience. All those technical efficiencies we talked about basically boil down to more room for data to go through the network at much faster speeds. This means more multi-gigabit services, low-latency applications such as ultra-realistic video experiences and overall a better quality of experience. One day soon, as we continue to build upon cutting-edge cable technologies like FMA, this will become reality.
The September 2020 FMA release is just a part of a much bigger initiative to completely virtualize cable access networks in the near future, so definitely stay tuned! In the meantime, we’ll continue taking things apart and putting them back together in new and better ways to take your connected experiences to the next level.
DAA 101: A Flexible Approach to Better, Faster Cable Networks
This month, we’d like to share information about Distributed Access Architecture (DAA) and how cable operators are using it to build the 10G networks of the future. In our previous posts about DOCSIS® and Coherent Optics technologies, we touched on some of the components of the cable hybrid fiber-coax (HFC) network, such as the headend and fiber nodes, but of course, there’s much more to it. Today, we’ll take a closer look at the functionality of the cable access network and how it can be distributed between various components to optimize network performance.
What Is Distributed Access Architecture?
DAA isn’t a single technology but rather an umbrella term that describes the network architecture cable operators use to future-proof their access networks. This network evolution involves moving various key network functions that are traditionally located at the cable operator’s hub site (or headend) closer to customers’ homes—while also leveraging signal-quality improvements inherent with digital optics and the ubiquity of Ethernet. In addition, closer is better because it reduces the amount of hardware at the headend and creates efficiencies in network speed, reliability, latency and security.
In a nutshell, CableLabs’ DAA technology solutions give cable operators the ability to cost-efficiently redesign their access networks in stages, when and how they see fit. Because all providers’ business objectives are different, CableLabs has designed several DAA approaches they can leverage. Ultimately, it’s all about building a robust 10G network that not only supports the needs of today’s gig consumers but also anticipates tomorrow’s high-rate applications such as holodecks, artificial intelligence (AI), virtual reality (VR) and more.
Let’s take a look at one particular embodiment of DAA, known as Distributed CCAP Architecture (DCA).
How Does Distributed CCAP Architecture Work?
In a traditional HFC network architecture, the operator’s hub—or headend—is connected via fiber to the fiber node in your geographical region. In the fiber node, the optical signal is converted to a radio frequency (RF) signal that travels via a coaxial cable to the cable modem in your home. The key functions responsible for the transmission of data and device access are placed at either end of the operator’s access network—the hub and the modem—like bookends.
In 2015, CableLabs figured out how to split the key DOCSIS network functions into two components: a Media Access Control (MAC) layer that’s responsible for how devices in a network gain access to the network, and a Physical (PHY) layer, a physical component that’s responsible for the transmission and reception of data. Decoupled, these components can now be partially or fully moved from the headend into a fiber node closer to subscribers’ homes, resulting in increased network capacity, greater speeds, lower latency and so on. That’s the basis for DCA.
How Can Distributed CCAP Architecture Help Build Better Networks?
Distributing key DOCSIS network functions out of the headend and closer to subscribers’ homes comes with many benefits. Primarily, it allows operators to:
- Maximize Their Network’s Potential
DCA allows cable operators to take full advantage of the gigabit capabilities of Coherent Optics and DOCSIS 3.1 technology, including Full Duplex DOCSIS and Low Latency DOCSIS. This means their networks will have more than enough bandwidth to support the latest-generation products for years to come.
- Achieve a Better-Quality RF Signal
With distributed architecture, the RF signal that usually originates in the regional hub can now originate in the optical node, closer to the subscriber’s home, thus reducing distortion and creating a more seamless user experience.
- Increase Network Reliability
Because the main functions of the network no longer need to be housed at the headend, the access network can be redesigned so that fewer homes are connected to any single optical node (where the fiber and coax portions of the network meet). This means that if there’s an outage, it will affect fewer customers, ultimately increasing the reliability of the overall network.
- Expand RF Spectrum in the Future
Because DCA solutions are easily customizable and budget-friendly, they provide new opportunities for cable operators to expand their RF spectrum (basically maximizing the capacity of the coax portion of the HFC network) to support future services.
How Does This Technology Affect Me and My Future?
Widespread adoption of DCA, and importantly the superset of capabilities provided by DAA, is essential to creating the 10G future that we’re all looking forward to. And although it might seem that DAA only provides cost-effective solutions for cable companies, ultimately the real beneficiary is you, the customer. By reimagining and reinventing cable access infrastructure, we’re finding greater efficiencies that translate into more powerful networks. These networks will enable a wave of new, innovative services that will transform the way we live, learn, work and play.
Just like DOCSIS technology, Coherent Optics and other technologies that we’ll be covering in our 101 series, DAA is another piece of the puzzle responsible for propelling cable’s HFC networks into the new decade and beyond. Stay tuned for another installment—coming soon!
10G: Enhancing the Power of Human Connection
If 2020 has taught us anything, it’s that connectivity is essential to our wellbeing and happiness. It fosters a sense of belonging—whether it’s to our family, our school, our company or just a random group of like-minded souls. And it’s not so much about the internet or the devices we use—it’s about experiences and staying connected to what matters most. That’s the ultimate goal of 10G.
In the last three decades, cable connection speeds increased from 9600 bps to 1 gig—now available to over 80% of U.S. homes! This has transformed our lives, giving us unparalleled access to the information we need, restructuring the way we conduct our businesses and communicate with others, anytime, anywhere around the world. And still, we’re nowhere near maximizing our networks’ potential. In the near future, 10G networks that are up to 100 times faster than what we have today will open doors to a whole new era of innovation, including autonomous vehicle fleets, holographic media, in-home telehealth solutions, immersive entertainment experiences and much more.
What will that mean for us? Will the seamless inner workings of our networks and smart devices help us lead healthier, happier and more fulfilling lives? Will this technology be able to take care of mundane and time-consuming tasks so we can focus on ourselves and our loved ones? We bet it will! We are now standing on the brink of an exciting new frontier, powered by super-fast, reliable and secure HFC networks.
To see more about what this means for changing people’s connected lives, check out this video:
Latency 101: Getting From There to Here
Welcome back, once again, to the CableLabs 101 series! In our most recent post, we discussed the fiber portion of the hybrid fiber-coax (HFC) network, as well as the coherent optics technology that’s widely considered to be the hyper-capacity future of internet connectivity. Today, we’ll focus on a topic of growing importance for many of the new applications in development—a topic that significantly impacts the user experience even if it’s not well known. That topic is latency.
What Is Latency?
Simply put, latency means delay.
In our post about coherent optics technology, we pointed out how quickly light can travel through a piece of fiber-optic cable: an astonishing 128,000 miles per second. However, as incredibly fast as that is, it still takes time for light to carry information from one point to another.
Imagine for a moment that you’re reading this blog post on a computer in New York City. That would mean you’re about 1,600 miles away from the CableLabs offices here in Colorado. If we assume that the entire network between you and our offices is made of fiber (which is close enough to true for our purposes), it would take a minimum of 0.0125 seconds—or 12.5 milliseconds (12.5 ms)—for the text to travel from our server to your computer.
That’s not a lot of time, but distance is not the only source of delay—and those delays can add up.
For example, to read this post, you had to click a link to view it. When you clicked that link, your computer sent a request to our server asking for the article. That request had to travel all the way to Colorado, which also took the same minimum of 12.5 ms. If you put the two times together, you get a round-trip time (the time it takes to go somewhere and back), which in our case would be a minimum of 25 ms. That’s a longer amount of time, but it’s still pretty small.
Of course, the server can’t respond instantly to your request. It takes a moment for it to respond and provide the correct information. That adds delay as well.
In addition, these messages have to traverse the internet, which is made up of an immense number of network links. Those network links are connected by a router, which routes traffic between those links. Each message has to hop from router to router, using the Internet Protocol to find its way to the correct destination. Some of those network links will be very busy, and others won’t; some will be very fast, and some might be slower. But each hop adds a bit more delay, which can ultimately add up and become noticeable—something you might refer to as lag.
Let’s try a little experiment to illustrate what we’re talking about.
If you’re on a Windows computer, select Start, Programs, Accessories, Command Prompt. Doing so will open up a window in which you can type commands.
First, try typing the following: ping www.google.com
After you hit Enter, you should see some lines of text. At the end of each line will be a “time” in milliseconds (ms). That’s the amount of time it took for a ping request to get from your computer to Google’s server and for a response to come back, or the round-trip latency. Each value is likely different. That’s because each time a ping (or any message) is sent, it has to wait a small but variable amount of time in each router before it’s sent to the next router. This “queuing delay” accumulates hop-by-hop and is caused by your ping message waiting in line with messages from other users that are traversing that same part of the internet.
Next, try typing the following: tracert www.google.com
You should see more lines of text. The first column will show a hop number (the number of hops away that point is), the next three will show times in milliseconds (since it checks the latency three times) and the final column will show the name or the address of the router that’s sending you the message. That will show you the path your request took to get from you to the Google server. You’ll notice that even as close as it is (and as low as your latency might be), it had to hop across a number of routers to get to its destination. That’s how the internet works.
(Note that you might have some fields show up as an asterisk [*]. That’s not a problem. It simply means that the specific device is configured not to respond to those messages.)
If you’re on a Mac, you can do the same thing without needing a command prompt: Just search for an application on your computer called Network Utility. To send a ping in that app, click on the Ping tab, type in www.google.com and click the Ping button. Similarly, to check the route, click on the Traceroute tab, type in the same website name and click the Trace button.
What Is Low Latency?
A term you might have heard is low latency. This term has been getting more and more attention lately. In fact, the mobile industry is touting it as an essential aspect of 5G. But what exactly is low latency, and how does it relate to our definition of latency?
The reality is that there’s no formal definition of what qualifies as low latency. In essence, it simply means that latency is lower than it used to be, or that it’s low enough for a particular application. For example, if you’re watching a streaming video, low latency might mean having the video start in less than a second rather than multiple seconds.
However, if you’re playing an online game (or perhaps using a cloud gaming service), you need the latency to be low enough so that you don’t notice a delay between moving your controller and seeing the resulting movement on your screen. Experiments have shown that anything above about 40ms is easily noticeable, so low latency, in this case, might mean something even lower than that.
How Do We Achieve Low Latency?
Reducing latency requires us to look at the sources of latency and try to figure out ways to reduce it. This can include smarter ways to manage congestion (which can reduce the “queuing delay”) and even changing the way today’s network protocols work.
Reducing latency on cable networks is something CableLabs has been working on for many years—long before it became a talking point for 5G—and we’re always coming up with new innovations to reduce latency and improve network performance. The most recent of these efforts are Low Latency DOCSIS, which can reduce latency for real-time applications such as online gaming and video conferencing, and Low Latency Xhaul, which reduces latency when a DOCSIS network is used to carry mobile traffic.
How Does Low Latency Affect Me and My Future?
Achieving low latency opens the door to do things in near real-time: to talk to friends and family as if they were close by, to interact in online worlds without delays and to simply make online experiences quicker and better. In the long term, when combined with the higher-capacity networks currently in development, low latency opens the door to new technologies like immersive interactive VR experiences and other applications that have not been invented yet.
The future looks fast and fun.
Coherent Optics 101: Coming at You at 0.69c
Welcome back to the CableLabs 101 series! In our previous post, we discussed the basic components of a typical hybrid fiber-coax (HFC) cable network infrastructure and the role of DOCSIS® technology in data transmission over the coaxial portion of the network. Today, we’ll focus on the fiber portion of the HFC network, as well as the coherent optics technology that’s widely considered to be the hyper-capacity future of internet connectivity.
What Is Coherent Optics Technology?
Cable’s HFC networks are “fiber-rich,” which means they’re composed mostly of fiber—a bundle of very thin, hair-like strands of glass or plastic wire. Fiber is light, durable, and most importantly, capable of transmitting a lot of data over very long distances incredibly quickly. Light travels through a vacuum at 186,282 miles per second, a universal constant that scientists denote as “c.” Although light traveling through fiber optic cable moves a little slower than that (69 percent of the speed of light in a vacuum, or 0.69c), it’s still incredibly fast at over 128,000 miles per second. That’s fast enough for a single burst of light to circle the earth more than five times in a single second.
Until recently, signals in a typical HFC network were transmitted over fiber using analog technologies: an electrical radio frequency signal would be converted to an analog optical signal, transmitted over fiber optic cables, and then converted back to an electrical signal at the fiber node. With the advent of Distributed Access Architecture technologies, which will help cable operators cost-effectively add more capacity to their networks, that same fiber is being re-used to carry digital signals rather than analog ones.
The digital fiber technology being deployed today in access networks uses an “on-off keying” approach, in which a transmitter rapidly turns the laser on and off to send a signal; each pulse can signal a single bit of digital information (a 1 or a 0). Coherent optics adds further dimensions to the optical signal to carry more information simultaneously: rather than just pulsing the light on and off, it uses other properties of light (e.g., amplitude, phase and polarization) to carry multiple bits with each burst of information rather than just one bit. That can increase the data-carrying capacity of a single fiber by as much as 70 times, compared with non-coherent technology.
How Has This Technology Evolved?
Coherent optics technology is not new. It’s been used for over 10 years in long-haul fiber networks that span thousands of miles between cities and countries. More recently, as the cost of coherent optics technology has come down and speeds have gone up (from forty to now hundreds of gigabits per second) it has seen growing deployment in metropolitan or regional networks. The one remaining frontier has been the access network—such as in a cable HFC network, which has a large number of relatively short links, requiring a very low-cost solution.
It was for this reason that CableLabs embarked on an effort to define the use of coherent optics for cable access networks: to define requirements specific to access networks, thereby promoting interoperability, scale and competition. All this reduces the cost of this technology to the point at which it could be used widely to grow the capacity of cable operator fiber networks.
This vision was realized with the publication of our initial Point-to-Point (P2P) Coherent Optics specifications (released in June 2018), which defined how to send 100 Gigabits per second (Gbps) on a single wavelength, and how to send up to 48 wavelengths on a single fiber. That was followed by our version 2 specifications (released in March 2019), which defined interoperable operations at 200 Gbps per wavelength, doubling the capacity of the network. And both specifications included support for another key technology called Full Duplex Coherent Optics, which doubles the capacity of each fiber yet again while enabling the cost-effective use of a single fiber rather than the normal fiber pair.
How Does This Technology Affect Me and My Future?
When you think about current technology trends and predictions for the future, you’ll notice a common thread. Future innovations—like holograms, 360° virtual reality (VR), artificial intelligence and so on—will all require super high-capacity, low-latency networks that can transmit a ton of data very, very quickly. We’re not talking about just long-haul networks between cities and countries, but everywhere.
This is why cable companies started investing in the expansion of their fiber infrastructure and fiber optic technology decades ago. By focusing on “fiber deep” architectures—a fancy term for bringing fiber closer to subscribers’ homes—and using technologies such as coherent optics to mine even more bandwidth out of the fiber that we already have in the ground today, we can ensure that our cable networks continue meeting the requirements of current and future innovations. Thanks to those efforts, you’ll be able to one day enjoy your VR chats in “Paris,” work in a “holo-room” and much, much more.
A Fiber-Rich Cable Network: What Does It Really Mean?
Cable networks are fiber-rich, and cable operators have long invested in deploying more fiber deeper into their networks. A fiber-rich environment enables greater capacity, increased speeds and more flexibility to support a range of access technologies. Although cable broadband networks are typically composed of both fiber optic and coaxial cables, most cable customers are surprised to learn that the vast majority of the distance that an internet packet travels is over fiber.
In simple terms, a cable network is composed mostly of fiber that connects the interconnection border gateways to the regional hubs to the optical nodes. The remaining short distance—from the optical node to the customer’s home and then to each individual device in the home—is where the internet packet travels over coaxial cable and home Wi-Fi.
Let’s take a look at a simple real-life example, illustrated below. When a cable customer in Vancouver, Canada, makes a video call to a cable customer in Ames, Iowa, the data starts its journey over Wi-Fi to the home router and then travels about a quarter of a mile from the router to the nearest optical node via a coaxial cable. From that point, the data is converted to a fiber-optic signal that carries it for about 2,499 miles—or 99.96 percent of the total journey—to another neighborhood optical node in Ames. The remaining half-mile or less from the node to the other customer’s home is again transmitted over coax and Wi-Fi. As you can see, less than 1 mile (1.5 kilometers) of the data’s 2,500-mile (3,200-kilometer) journey between Vancouver and Ames is transmitted over coax and Wi-Fi—the rest is all fiber!
You can download the infographic here. Interested in learning more about cable networks in the future? Subscribe to our blog.
CableLabs Member, Telia Norge, Launches the Fastest Broadband Service in Norway
There’s more great news from across the pond! Just a month after Vodafone Germany surpassed the 21 million gigabit homes passed milestone, another European telecommunications company and CableLabs® member, Telia Norge (Telia Norway), is launching the fastest broadband service in Norway for its customers, operating under the GET brand it acquired in 2018.
Now, Telia Norway’s GET customers have access to as much as 1,250 Mbps download speed and either 500 Mbps or 50 Mbps upload speed, depending on the package they choose. Either option gives them unprecedented freedom to surf, stream and share on multiple devices at the same time. In addition to much higher speeds, customers will also enjoy the benefits of a significant increase in network capacity and reliability. These improvements are a direct outcome of Telia Norway’s ongoing commitment to modernize and future-proof its hybrid fiber-coax (HFC) network in preparation for the next generation of high-speed digital products and services. By upgrading its network to CableLabs DOCSIS® 3.1 technology, Telia Norway will be able to not only greatly improve the broadband experience for its current customers but also ensure that it stays ahead of their broadband needs for years to come.
“This is a large and important program for us, where we will invest a lot in the years ahead,” said Pål Rune Kaalen, Telia Norway Director of the Private Market. “Through the program, we are greatly expanding the speed, capacity and stability of today's network—something our new broadband product is a good example of. For us, this technology represents the broadband of the future.”
As part of this large-scale modernization push, Telia Norway plans to continue investing in its HFC infrastructure with a goal of upgrading more than 300,000 homeowners to the new DOCSIS technology by 2023. The inherent flexibility of the DOCSIS technology will allow for a cost-effective upgrade without digging new trenches and negatively impacting the environment—or the bottom line. And that’s what the broadband of the future is all about.
Check out the full press release on Telia's news site (Norwegian).
The Cable Security Experience
We’ve all adjusted the ways we work and play and socialize in response to COVID. This has increased awareness that our broadband networks are critical – and they need to be secure. The cable industry has long focused on delivering best-in-class network security and we continue to innovate as we move on towards a 10G experience for subscribers.
CableLabs® participates in both hybrid fiber coaxial (HFC) and passive optical network (PON) technology development. This includes the development and maintenance of the Data Over Cable Service Interface Specification (DOCSIS®) technology that enables broadband internet service over HFC networks. We work closely with network operators and network equipment vendors to ensure the security of both types of networks. Let’s review these two network architectures and then discuss the threats that HFC and PON networks face. We’ll see that the physical media (fiber or coax) doesn’t matter much to the security of the wired network. We’ll discuss the two architectures and conclude by briefly discussing the security of the DOCSIS HFC networks.
A Review of HFC and PON Architectures
The following diagram illustrates the similarities and differences between HFC and PON.
Both HFC and PON-based FTTH are point-to-multipoint network architectures, which means that in both architectures the total capacity of the network is shared among all subscribers on the network. Most critically, from a security perspective, all downlink subscriber communications in both architectures are present at the terminating network element at the subscriber – the cable modem (CM) or optical network unit (ONU). This necessitates protections for these communications to ensure confidentiality.
In an HFC network, the fiber portion is between a hub or headend that serves a metro area (or portion thereof) and a fiber node that serves a neighborhood. The fiber node converts the optical signal to radio frequency, and the signal is then sent on to each home in the neighborhood over coaxial cable. This hybrid architecture enables continued broadband performance improvements to support higher user bandwidths without the need to replace the coaxial cable throughout the neighborhood. It’s important to note that the communication channels to end users in the DOCSIS HFC network are protected, through encryption, on both the coaxial (radio) and fiber portions of the network.
FTTH is most commonly deployed using a passive optical networking (PON) architecture, which uses a shared fiber down to a point in the access network where the optical signal is split using one or more passive optical splitters and transmitted over fiber to each home. The network element on the network side of this connection is an Optical Line Terminal (OLT) and at the subscriber side is an ONU. There are many standards for PON. The two most common are Gigabit Passive Optical Networks (GPON) and Ethernet Passive Optical Networks (EPON). An interesting architecture option to note is that CableLabs developed a mechanism that allows cable operators to manage EPON technology the same way they manage services over the DOCSIS HFC network – DOCSIS Provisioning of EPON.
In both HFC and PON architectures, encryption is used to ensure the confidentiality of the downlink communications. In DOCSIS HFC networks, encryption is used bi-directionally by encrypting both the communications to the subscriber’s cable modem (downlink) and communications from the subscriber’s cable modem (uplink). In PON, bi-directional encryption is also available.
How might an adversary (a hacker) look at these networks? There are four attack vectors available to adversaries in exploiting access networks:
- Adversaries can directly attack the access network (e.g., tapping the coax or fiber cable).
- They may attack a customer premises equipment (CPE) device from the network side of the service, typically referred to as the wide area network (WAN) side.
- They may attack the CPE device from the home network side, or the local area network (LAN) side.
- And they may attack the network operator’s infrastructure.
Tapping fiber or coaxial cables are both practical. In fact, tools to allow legitimate troubleshooting and management by authorized technicians abound for both fiber and coaxial cables. An incorrect assumption is to believe that fiber tapping is difficult or highly technical, relative to tapping a coaxial cable. You can easily find several examples on the internet of how this is simply done. Depending where the media is accessed, all user communications may be available on both the uplink and downlink side. However, both HFC and PON networks support having those communications encrypted, as highlighted above. Of course, that doesn’t mean adversaries can’t disrupt the communications. They can do so in both cases. Doing so, however, is relegated only to houses passed on that specific fiber or coaxial cable; the attack is local and doesn’t scale.
For the other attack vectors, the risks to HFC or PON networks are equivalent. CPE and network infrastructure (such as OLTs or CMTSs) must be hardened against both local and remote attacks regardless of transport media (e.g., fiber, coax).
Security Tools Available to Operators
In both HFC and PON architectures, the network operator can provide the subscriber with an equivalent level of network security. The three primary tools to secure both architectures rely on cryptography. These tools are authentication, encryption, and message hashing.
- Authentication is conducted using a secret of some sort. In the case of HFC, challenge and response are used based on asymmetric cryptography as supported by public key infrastructure (PKI). In FTTH deployments, mechanisms may rely on pre-shared keys, PKI, EAP-TLS (IETF RFC 5216) or some other scheme. The authentication of endpoints should be repeated regularly, which is supported in the CableLabs DOCSIS specification. Regular re-authentication increases the assurance that all endpoints attached to the network are legitimate and known to the network operator.
- Encryption provides the primary tool for keeping communications private. User communications in HFC are encrypted using cryptographic keys negotiated during the authentication step, using the DOCSIS Baseline Privacy Interface Plus (BPI+) specifications. Encryption implementation for FTTH varies. In both HFC and PON, the most common encryption algorithm used today is AES-128.
- Message hashing ensures the integrity of messages in the system, meaning that a message cannot be changed without detection once it has been sent. Sometimes this capability is built into the encryption algorithm. In DOCSIS networks, all subscriber communications to and from the cable modem are hashed to ensure integrity, and some network control messages receive additional hashing.
It is important to understand where in the network these cryptography tools are applied. In DOCSIS HFC networks, user communications are protected between the cable modem and the CMTS. If the CMTS functionality is provided by another device such as a Remote PHY Device (RPD) or Remote MACPHY Device (RMD), DOCSIS terminates there. However, the DOCSIS HFC architecture provides authentication and encryption capabilities to secure the link to the hub as well. In FTTH, the cryptographic tools provide protection between the ONU and the OLT. If the OLT is deployed remotely as may be the case with RPDs or RMDs, the backhaul link should also be secured in a similar manner.
The Reality – Security in Cable
The specifications and standards that outline how HFC and PON should be deployed provide good cryptography-based tools to authenticate network access and keep both network and subscriber information confidential. The security of the components of the architecture at the management layer may vary per operator. However, operators are very adept at securing both cable modems and ONUs. And, as our adversaries innovate new attacks, we work on incorporating new capabilities to address those attacks – cybersecurity innovation is a cultural necessity of security engineering!
Building on more than two-decades of experience, CableLabs continues to advance the security features available in the DOCSIS specification, soon enabling new or updated HFC deployments to be even more secure and ready for 10G. The DOCSIS 4.0 specification has introduced several advanced security controls, including mutual authentication, perfect forward secrecy, and improved security for network credentials such as private keys. Given our strong interest in both optical and HFC network technologies, CableLabs will ensure its own specifications for PON architectures adopt these new security capabilities and will continue to work with other standards bodies to do the same.
How Reliable Is Cable Internet? Here’s How Our Networks Are Performing
Starting in mid-March, the world experienced a sudden surge in internet usage driven by the widespread COVID-19 stay-at-home orders that caused many of us to switch to working and studying at home in a matter of days. Cable broadband networks not only withstood this sudden surge in internet usage; they excelled. For example, for the week of June 27–July 4, 99.9 percent of U.S. cable broadband users saw no material impact on customer experience. Looking to the future, cable networks are also well-positioned to remain ahead of sustained increases in consumer demand. Although internet usage appears to have plateaued recently, CableLabs and the broader cable industry continue to develop further network advancements to ensure that internet performance stays well ahead of even the most demanding home users’ needs for years to come.
Internet Usage During COVID-19 and Cable Broadband Services
Network monitoring provider OpenVault reveals just how much home internet usage jumped over the past few months:
- In the United States, average daily downstream consumption from 9 a.m. to 5 p.m. in the first week of April totaled about 6.35 GB per household, up 42 percent from 4.46 GB in January. Upstream average usage during business hours rose to 0.39 GB, up 83 percent compared with 0.22 GB in January.
- Worldwide, looking at a sample of 500 fixed, mobile and Wi-Fi network providers, networking equipment provider Sandvine found that overall traffic increased 40 percent between February 1 and April 19. It also found that upstream traffic rose 121 percent during this period.
Even considering these dramatic increases, home internet use remains heavily asymmetrical. The amount of data transmitted to the home (downstream) vastly outweighs the amount of data transmitted from the home (upstream). This is driven by the continued use of video streaming services (e.g., Netflix, YouTube) that require substantial amounts of data to be transmitted to the home to enable the user to view a movie, TV show or other video. These applications require very little data transmitted from the home.
Two-way video collaboration tools (e.g., Zoom, Microsoft Teams) do require more data to be transmitted from the home (upstream) in comparison with video streaming services due to two-way audio and video functionality. Even with the increased use of these collaboration tools, upstream data transmissions remain well below a tenth of total data transmitted over home internet connections.
The predominance of downstream use is further confirmed in the detailed examination of broadband use from a top-tier North American cable broadband operator, as set forth in Figures 1 and 2 below. Over the past 8 years, the proportion of downstream traffic has increased and plateaued at roughly 92–94 percent of total traffic at peak. Looking more closely at the most recent 5 months illustrates the rapid increase in internet use due to COVID-19. Even with upstream increasing at a faster rate than downstream, upstream use at peak maxed out at only 9 percent of total traffic, as illustrated in Figure 2. Additional metrics, trends and observations on cable internet usage can be found on NCTA’s COVID-19 Dashboard.
Cable Broadband’s Outlook Is Healthy
The asymmetric design of cable’s internet service tiers accurately matches how consumers have been using the internet, even with the increased use during stay-at-home orders. This is important both to ensure a high-quality user experience and to efficiently allocate available network capacity. Cable operators continually monitor their networks and engineer them to accommodate significant fluctuations. There are indications that these increased levels of usage will be foundational as new use cases emerge and as a significant segment of the population continues to work and learn from home. For example, many companies have found that their remote workers maintained or even improved productivity—so much so that they may make the arrangement permanent.
Cable network technology, more formally known as Data Over Cable Service Interface Specification (DOCSIS®), has the flexibility and performance capabilities to handle further increases in consumer demand in both downstream and upstream data transmissions. With DOCSIS 3.1 technology, the current widely deployed version of cable network technology, cable operators are making gigabit services broadly available. For example, cable gigabit services are now available to 80 percent of U.S. housing units.
And there are more performance enhancements on the horizon with the recently released DOCSIS 4.0 specification, which will readily enable multi-gigabit internet services. In addition, the 10G platform provides increased reliability, enhanced security and reduced latency.
Taking a peek into the future, cable broadband networks have not only excelled in the initial surge in internet usage caused by the COVID-19 pandemic, but they will be ready for the potential long-term changes in consumer behavior that will drive increased internet usage. To learn more about the technologies that power cable’s broadband internet services today and into the future, click the button below.
CableLabs Goes Down Under
In a bit of alright, CableLabs recently welcomed Australia’s National Broadband Network (nbn) – as our 56th member — and our first in Australia. CableLabs now has members across five continents — adding Australia to Asia, Europe, North America and South America.
Established by the Australian government in 2009 to design, build and operate Australia's new broadband network, nbn is unique among CableLabs members as a Layer 2 network which wholesales access to Retail Service Providers (RSPs). With the nbn network currently passing 4.6 million premises, approximately 50 RSPs are providing service to 2 million end user customers. nbn plans to extend its network to 12 million premises by 2020 – and will serve 8 million end user customers through its RSPs.
nbn is unique in another fundamental way. It is comprised of several heterogeneous network technologies, including fixed networks employing HFC, DSL and fiber (FTTx), together with wireless networks (fixed and satellite). Through a strategy titled “Multi Technology Mix,” nbn is a “network of networks” which integrates and optimizes these technologies to maximize speed of rollout, optimize economic return and enhance flexibility. This flexibility is at the heart of nbn’s strategy to provide access to fast broadband to all Australians as soon as possible.
By the end of 2018, nbn will deploy DOCSIS 3.1 in its HFC network, joining a growing number of CableLabs’ members across Canada, Europe and the U.S. who are deploying DOCSIS 3.1 multi-gigabit technology. These deployments will help deliver new customer experiences that are faster and more efficient. Examples of the improved experience include:
- 10Gbps downstream and up to 1Gbps upstream network capacity
- Improved responsiveness for applications such as online gaming and video streaming
- Ability to transmit up to 50 percent more data over the same spectrum, on existing HFC networks
- Increased cable modem energy efficiency through advanced energy management protocols
For more information about nbn, please visit http://www.nbnco.com.au/corporate-information/about-nbn-co.html.