Probing DOCSIS 3.1 messages: translating a light-speed language
From an engineering point of view, DOCSIS 3.1 protocol messages are pretty mind-blowing. They travel almost at the speed of light through your coaxial cable – all to support your online life. Imagine pausing time and taking a peek at the conversation between the cable modem (CM) and the cable modem termination system (CMTS). Wait, we can! Let’s have a look using the XRA-31 real-time RF analyzer that we will be launching soon.
The XRA-31 DOCSIS protocol analyzer essentially looks at the electrons zooming through the coax and translates this signature into something we’re all more familiar with – Wireshark traces.
Ever since the inception of DOCSIS 1.0, the ranging ‘heartbeat’ between the CMTS and its CMs has been used to tune the RF transmission. Channel characteristics like attenuation and micro-reflections change over time, and the ranging request/response ping-pong is used to adjust transmission levels or pre-equalization coefficients. This process allows DOCSIS to cope with RF layer changes.
Highlighting differences between 3.0 and 3.1 probing
Let’s try to follow-up on these dynamics in a 3.1 context and see if we can make some sense out of these messages. The images below show a typical 3.1-style ranging transaction captured using the XRA-31. The transaction starts with the CMTS sending out a P-MAP (probe MAP) asking the CMs to do ‘3.1 probing’ – the 3.1 style of traditional 3.0 ranging. The CMs then generate probes (which are not visible in the Wireshark trace because they are actually ‘signals’ instead of ‘messages’), after which the CMTS responds with a multitude of ranging response messages.
For normal 3.0 CMs, a single-ranging response message is typically sufficient, but with 3.1 probing, there is much more information to exchange.
Probing in a nutshell
CM with SID 860 is invited for probing
The creation of a clean signal
As the probe signal will have traveled through the network, the effect of the network is fingerprinted in the signal. This fingerprint is used to derive ‘single tap transmit equalizer coefficients’, which represent the effect of the network on each individual subcarrier. The whole ‘transmit equalizer’, a.k.a. ‘pre-equalizer’, idea is that the CM will apply this (inverse) fingerprint before transmission so that the network (which applies this fingerprint) wipes out its own fingerprint. The result is a clean signal received at CMTS reception.
[The channel we are using in this example is a 3.1 OFDMA channel which is defined on a grid of 2048 subcarriers. They are not all in use, but these subcarriers are numbered in packs of 2048 because of the inverse fast Fourier transform (IFFT) used during the creation of the OFDM symbol.]
The five subsequent ranging response messages each contain a fraction of these coefficients. [They come in pairs, I and Q values as part of the QAM modulation – think of complex numbers. Each of these numbers is encoded in 2 bytes, which yields at least 2048 x 2 bytes x 2 = 8192 bytes. Or, enough content for 5 messages of ~1530 bytes each.]
Example ranging response containing single tap equalization coefficients
A bird’s-eye view of the channel
A trained eye can derive a lot of information from these coefficients as they describe ‘the state of the channel’. These pre-equalization values signal that there is something going on in the channel (e.g. micro reflections) but the system is actively wiping out the channel effect (fingerprint) and, as such, the real problem is often disguised as there is no packet loss due to this correction.
DOCSIS 3.1 Proactive Network Management provides an interface with these coefficients, but for this post, we simply looked at the pure DOCSIS 3.1 ranging messages.