Appendices

Appendix I: Example RG Queuing Architecture

The queuing and scheduling discipline envisioned upstream for the RG is shown in Figure 24, taken from the description of TR-059 [57].

There are multiple access sessions supported in this model, however, all traffic is classified and scheduled in a monolithic system. So, while it might appear at first that the Diffserv queuing and scheduling might apply only to IP-aware access – in fact all access, IP, Ethernet, or PPP is managed by the same system that adheres to the Diffserv model.

For example, at the bottom of the figure, BE treatment is given to the non-IP-aware access sessions (PPPoE started behind the RG or delivered to an L2TP tunnel delivery model). This queue might be repeated several times in order to support fairness among multiple PPPoE accesses – or it can be a monolithic queue with separate rate limiters applied to the various access sessions.

The PTA access is a single block of queues. This is done because NSP access typically works with a single default route to the NSP, and managing more than one simultaneously at the RG would be perilous. The ∑ rate limiter would limit the overall access traffic for a service provider.

Rate limiters are also shown within the EF and AF service classes because the definition of those Diffserv types is based on treating the traffic differently when it falls into various rates.

Finally, at the top of the diagram is the ASP access block of queues. In phase 1A, these queues are provisioned and provide aggregate treatment of traffic mapped to them. In phase 1B, it will become possible to assign AF queues to applications to give them specific treatment instead of aggregate treatment. The EF service class can also require a high degree of coordination among the applications that make use of it so that its maximum value is not exceeded.

Notable in this architecture is that all the outputs of the EF, AF, and BE queues are sent to a scheduler (S) that pulls traffic from them in a strict priority fashion. In this configuration EF traffic is, obviously, given highest precedence and BE is given the lowest. The AF service classes fall in-between.

Note that there is significant interest in being able to provide a service arrangement that would allow general Internet access to have priority over other (bulk rate) services. Such an arrangement would be accomplished by assigning the bulk rate service class to BE and by assigning the default service class (Internet access) as AF with little or no committed information rate.

A “bulk rate” service class would typically be used for background downloads and potentially for peer-to-peer applications as an alternative to blocking them entirely.

Given this arrangement, the precedence of traffic shown in the figure is arranged as:

  1. EF – red dotted line
  2. AF – blue dashed line (with various precedence among AF classes as described in RFC 2597 [16])
  3. BE – black solid line
Figure 24: Queuing and Scheduling Example for RG

In Figure 24 the following abbreviations apply:

    ASP – Application Service Provider
    PTA – PPP Terminated Aggregation
    PPP – Point-to-Point Protocol
    EF – Expedited Forwarding – as defined in RFC 3246 [21]
    AF – Assured Forwarding – as defined in RFC 2597 [16]
    BE – Best Effort forwarding
    RL – Rate Limiter
    ∑RL – Summing Rate Limiter (limits multiple flows)
    S – Scheduler

Appendix II: Use of Bridging Objects for VLAN Tagging

In the case of an Ethernet upstream Interface or a VDSL2 upstream Interface based on PTM-EFM, 802.1Q Tagging can be used to tag egress traffic. This choice enables a multi-VLAN architecture in order to deploy a multi-service configuration (high speed Internet, VoIP, Video Phone, IPTV, etc.), where one VLAN or a group of VLANs are associated with each service. If 802.1Q tagging on the upstream interface is used, it is necessary to have a way to associate incoming upstream 802.1Q tagged or untagged traffic or internally generated traffic (PPPoE, IPoE connections) to the egress (and vice-versa). The solution is to apply coherent bridging rules.

Regarding different traffic bridging rules, the possible cases are characterized as follows:

To better understand the different cases, refer to Figure 25 and to the following examples.

Figure 25: Examples of VLAN configuration based on Bridging and VLAN Termination objects

II.1 Tagged LAN to Tagged WAN Traffic (VLAN Bridging)

Ethernet port 1 (instance Device.Ethernet.Interface.2) might be dedicated to VoIP service, receiving VLAN ID x tagged traffic from a VoIP phone, and this port would be included in the same bridge dedicated to VoIP service on the upstream interface (instance Device.Ethernet.Interface.1), identified with the same VLAN ID x.

To achieve this, an interface-based bridge would be created using the Bridging object. A Bridge table entry would be created with entries for Ethernet port 1 and the upstream interface and for the VLAN ID x associated with VoIP.

The Bridging model is depicted in Figure 26, while the configuration rules for this situation are summarized in Table 6.

Figure 26: Bridge 1 model
Table 6: Tagged LAN to tagged WAN configuration
Description Bridging Configuration
Bridge between WAN and LAN 1 interfaces with VLANID=x

[Define VLANx]

Device.Bridging.Bridge.1.VLAN.1
Name VLANx
VLANID X

[Define Ingress Port2-3 – Create an entry for the upstream and downstream port]

Device.Bridging.Bridge.1.Port.2
PVID x
Name Port2
AcceptableFrameTypes AdmitOnlyVLANTagged
Device.Bridging.Bridge.1.Port.3
PVID x
Name Port3
AcceptableFrameTypes AdmitOnlyVLANTagged

[Associate Egress Port2-3 to VLANx – Create an entry for the upstream and downstream port]

Device.Bridging.Bridge.1.VLANPort.1
VLAN VLANx
Port Port2
Untagged false
Device.Bridging.Bridge.1.VLANPort.2
VLAN VLANx
Port Port3
Untagged false

II.2 Tagged LAN to Tagged WAN Traffic (Special Case with VLAN ID Translation)

Ethernet port 2 (instance Device.Ethernet.Interface.3) might be dedicated to Video Phone service, receiving VLAN ID y tagged traffic from a Video phone, and this port would be included in the same bridge dedicated to Video Phone service on the upstream interface (instance Device.Ethernet.Interface.1), identified by a different VLAN ID (VLAN ID z). In this case a VLAN translation needs to be performed.

To achieve this, a bridge would be created using the Bridging object. A Bridge table entry would be created along with two associated Filter object entries for {Ethernet port 2/VLAN ID z} and {upstream interface/VLAN ID y}. The Filter identifies the ingress interface and causes the ingress frames to be bridged to the egress VLAN, permitting VLAN-ID translation.

The Bridging model is depicted in Figure 27, while the configuration rules for this situation are summarized in Table 7.

Figure 27: Bridge 2 model
Table 7: Tagged LAN to tagged WAN configuration (VLAN ID translation)
Description Bridging Configuration

Tagged LAN 2 to tagged WAN traffic (and vice versa) (special case with VLAN ID translation)

upstream VLAN-ID=z

downstream VLAN-ID=y

[Define VLANy and VLANz]

Device.Bridging.Bridge.2.VLAN.1
Name VLANy
VLANID y
Device.Bridging.Bridge.2.VLAN.2
Name VLANz
VLANID z

[Define Ingress Port2 – Create an entry for upstream port]

Device.Bridging.Bridge.2.Port.2
PVID Z
Name Port2
AcceptableFrameTypes AdmitOnlyVLANTagged

[Define Ingress Port3 – Create an entry for the downstream port]

Device.Bridging.Bridge.2.Port.3
PVID y
Name Port3
AcceptableFrameTypes AdmitOnlyVLANTagged

[Associate Egress Port2 to VLANz - Create an entry for upstream port]

Device.Bridging.Bridge.2.VLANPort.1
VLAN VLANz
Port Port2
Untagged false

[Associate Egress Port3 to VLANy - Create an entry for each downstream port]

Device.Bridging.Bridge.2.VLANPort.2
VLAN VLANy
Port Port3
Untagged false

[Define filter on upstream: ingress from Port 2 is associated with VLANy]

Device.Bridging.Filter.1.
Bridge VLANy
Interface Port2

[Define filter on downstream: ingress from Port 3 is associated with VLANz]

Device.Bridging.Filter.2.
Bridge VLANz
Interface Port3

II.3 Untagged LAN to Tagged WAN Traffic

Ethernet port 3 (instance Device.Ethernet.Interface.4) might be dedicated to IPTV service, receiving untagged traffic from a STB, and this port would be included in the same bridge dedicated to IPTV service on the upstream interface (instance Device.Ethernet.Interface.1), identified with the VLAN ID k.

To achieve this, an interface-based bridge would be created using the Bridging object. A Bridge table entry would be created, associating in the same bridge untagged frames on Ethernet port 3 with tagged frames on the upstream interface.

The Bridging model is depicted in Figure 28, while the configuration rules for this situation are summarized in Table 8.

Figure 28: Bridge 3 model
Table 8: Untagged LAN to tagged WAN configuration
Description Bridging Configuration
Untagged LAN 3 to tagged WAN (VLAN-ID=k) traffic

[Define VLANk]

Device.Bridging.Bridge.3.VLAN.1
Name VLANk
VLANID k

[Define Ingress Port2 – Create an entry for upstream port]

Device.Bridging.Bridge.3.Port.2
PVID k
Name Port2
AcceptableFrameTypes AdmitOnlyVLANTagged

[Define Ingress Port3 – Create an entry for the downstream port]

Device.Bridging.Bridge.3.Port.3
Name Port3
AcceptableFrameTypes AdmitAll

[Associate Egress Port2 to VLANk - Create an entry for upstream port]

Device.Bridging.Bridge.3.VLANPort.1
VLAN VLANk
Port Port2
Untagged false

[Associate Egress Port3 to VLANk - Create an entry for each downstream port]

Device.Bridging.Bridge.3.VLANPort.2
VLAN VLANk
Port Port3
Untagged true

II.4 Internally Generated to Tagged WAN Traffic

A CPE PPPoE internal session (instance Device.PPP.Interface.1) might be dedicated to Management service and this logical interface would encapsulate/de-encapsulate its outgoing or incoming traffic in the VLAN ID j, dedicated to Management service.

To achieve this, instead of using a bridging object, a VLAN Termination interface would be created (Device.Ethernet.VLANTermination.1). The Bridging model is depicted in Figure 29, while the configuration rules for this situation are summarized in Table 9.

Figure 29: VLAN Termination model
Table 9: Internally generated to tagged WAN configuration
Description Bridging Configuration
Internal to tagged WAN (VLAN-ID=j) traffic

[DefineVLAN Termination on top of Ethernet Link]

Device.Ethernet.VLANTermination.1
VLANID j
LowerLayers Ethernet.Link.1

II.5 Other Issues

The previous rules can be applied to allow all combinations of traffic. If the subscriber’s services are modified, the Bridging configuration might need to be modified accordingly.

It can be interesting to detail the configuration of three special cases:

II.5.1 More than one Downstream Interface in a Bridge

Referring to the example in Tagged LAN to tagged WAN traffic (VLAN bridging), consider adding other Ethernet interfaces (e.g., Ethernet ports 3 and 4 = instance Device.Ethernet.Interface.3/4) to the Video Phone service. The behavior is the same as for the existing Ethernet port 2 (instance Device.Ethernet.Interface.2).

To achieve this, new entries need to be added for interface Eth-3 and Eth-4. The Bridging model is depicted in Figure 30, while the configuration rules for this situation are summarized in Table 6 and Table 10.

Figure 30: Bridge 1 model (additional Ethernet interfaces)
Table 10: Configuration to be added to “Tagged LAN to tagged WAN configuration” table
Description Bridging Configuration
Bridge between WAN and LAN 2/LAN 3 interfaces with VLANID=x (Configuration to be added to Table 6)

[Define Ingress Port4-5 – Create an entry for the other downstream ports]

Device.Bridging.Bridge.1.Port.4
PVID x
Name Port4
AcceptableFrameTypes AdmitOnlyVLANTagged
Device.Bridging.Bridge.1.Port.5
PVID x
Name Port5
AcceptableFrameTypes AdmitOnlyVLANTagged

[Associate Egress Port4-5 to VLANx - Create an entry for the downstream ports]

Device.Bridging.Bridge.1.VLANPort.3
VLAN VLANx
Port Port4
Untagged false
Device.Bridging.Bridge.1.VLANPort.4
VLAN VLANx
Port Port5
Untagged false

II.5.2 802.1D (Re)-marking

The 802.1Q Tag includes the 802.1D user priority bits field. All the previous cases can also be extended to mark (or re-mark) this 802.1D field. To achieve this, there are different configuration options; one of them is to use the DefaultUserPriority or PriorityRegeneration fields in the Bridge Port object. For untagged frames, more complex rules can be defined referring to the QoS Classification, using the PriorityTagging value. The Bridging configuration rules for marking egress traffic on the upstream interface are summarized in Table 11]. Compare it with Table 6.

Table 11: 802.1D (re-)marking
Description Bridging Configuration

802.1D (re-)marking

Remark all WAN egress traffic

[Mark the ingress frames with Default user Priority, in this case 0]

Device.Bridging.Bridge.1.Port.2.
DefaultUserPriority 0

[Remark each ingress priority value (0,1,2,3,4,5,6,7) with the priority regeneration string, in this case (0,0,0,0,4,4,4,4)]

Device.Bridging.Bridge.1.Port.2.
PriorityRegeneration 0,0,0,0,4,4,4,4

[In case of ingress untagged frames, for more complex classification, QoS object are referred. In this case remark with 0]

Device.Bridging.Bridge.1.Port.2.
PriorityTagging true
Device.QoS.Classification.{i}.
EthernetPriorityMark 0

II.5.3 More than one VLAN ID Tag Admitted on the Same Downstream Interface

Another scenario that can be further detailed is the case of more than one VLAN ID tag admitted on the same downstream interface. A practical example would be a 2 box scenario, with a User Device generating traffic segregated in multiple VLANs (e.g., a router offering services to the customer), and a Residential Gateway, providing upstream connectivity to the Access Network, with the connection between the two pieces of equipment using an Ethernet interface.

In this case, we assume the User Device is able to tag the different traffic flows, segregating the different services (Voice, Video, …) into different VLANs. The Residential Gateway needs, on the same downstream interface, to be able to receive different VLAN ID and correctly forward or translate to the upstream interface (and vice versa). To achieve this, appropriate Bridging objects need to be configured.

Figure 31: Example of VLAN configuration in a 2 box scenario

Referring to Figure 31 as an example, assume the case of three VLANs (VLAN ID=x,y,z) offered by a User Device to the Residential Gateway on the same downstream interface (Eth #1). The Residential Gateway bridges two of them (VLAN ID=x,y) and translates the other one (VLAN ID=z) to the upstream interface (VLAN ID=k).

On the Residential Gateway, this can be achieved using a combination of the Bridging objects detailed in the preceding sections, with 3 bridge entries and their related entries. Refer to Figure 32 for the Bridging model and Table 12 for the global configuration.

Figure 32: Bridge 1,2,3 model
Table 12: More than one VLAN ID tag admitted on the same Downstream interface
Description Bridging Configuration
More than one VLAN ID tag admitted on the same downstream interface

The configuration is the sum of [Tagged LAN to Tagged WAN Traffic VLAN Bridging] and [Tagged LAN to Tagged WAN Traffic Special Case with VLAN ID Translation], but on the downstream side the lower layer to be configured for each Bridge Port is always: Ethernet.Interface.2

Device.Bridging.Bridge.1.Port.3.
LowerLayers Ethernet.Interface.2
Device.Bridging.Bridge.2.Port.3.
LowerLayers Ethernet.Interface.2
Device.Bridging.Bridge.3.Port.3.
LowerLayers Ethernet.Interface.2

Appendix III: Wi-Fi Theory of Operation

This section discusses the theory of operations for various technologies in the Wi-Fi domain found within the Device:2 data model.

III.1 Multi-radio and Multi-band Wi-Fi Radio Devices

The WiFi.Radio object description says “This object models an 802.11 wireless radio on a device. If the device can establish more than one connection simultaneously (e.g., a dual radio device), a separate WiFi.Radio instance will be used for representing each physical radio of the device.”

The following sections clarify when multiple WiFi.Radio instances are needed, and the impact on their underlying parameters in the case of multi-radio and/or multi-band devices.

III.2 Definitions

Each physical radio allows the transmission and reception of data on a single Wi-Fi channel at a given time. A single-radio device is able to transmit/receive a packet at a given time only on one Wi-Fi channel. Similarly, a dual-radio device is able to simultaneously transmit/receive data on two Wi-Fi channels. In general, a device with N radios is able to simultaneously transmit/receive data on N Wi-Fi channels.

An important point is that Wi-Fi can operate at different frequency bands, 2.4 GHz, 5 GHz and 6 GHz, as follows:

Radios that operate at a single frequency band (e.g., 2.4 GHz only 802.11b/g devices) are called single-band radios. Radios that can operate at both 2.4 and 5 GHz frequency bands (e.g., 802.11a/b/g/n/ac devices) are called dual-band radios.

A dual-band device can be a single-radio device if it can be configured to operate at 2.4 or 5 GHz frequency bands. However, only a single frequency band is used to transmit/receive at a given time. In such a case the device has a single physical radio that is dual-band.

Also, a dual-radio single-band device can exist (although uncommon) if both radios are single-band.

III.3 Number of Instances of WiFi.Radio Object

Given the definitions above, a separate WiFi.Radio instance will be used for each physical radio of the device, i.e., one instance for a single-radio device, two instances for dual-radio devices, and so on. A single WiFi.Radio instance will therefore be used for a dual-band single-radio device.

Each WiFi.Radio instance is configured separately and is, in general, completely independent of other instances.

III.4 SupportedFrequencyBands and OperatingFrequencyBand

The frequency band used by a WiFi device is an important parameter. With first generations of WiFi technologies, the specific frequency band was linked to the IEEE standard in use (i.e., 802.11b/g are 2.4 GHz standards, while 802.11a is a 5 GHz standard). With the introduction of the IEEE 802.11n standard, which can work both at 2.4 and 5 GHz, two specific parameters are used to indicate the supported frequency bands and the operating frequency band.

SupportedFrequencyBands is a list-valued parameter, containing one item for single-band radios (either 2.4GHz or 5GHz) and two items for dual-band radios (both 2.4GHz and 5GHz). 802.11ax can also operate in the 6 GHz band.

The OperatingFrequencyBand parameter specifies which frequency band is currently being used by a dual-band radio (i.e., set to one of the two items listed in the SupportedFrequencyBands parameter). For single-band radios, OperatingFrequencyBand always has the same value as SupportedFrequencyBands (since only one frequency band is supported).

III.5 Behavior of Dual-band Radios when OperatingFrequencyBand Changed

When the configured operating frequency band of a dual-band radio is changed (i.e., the value of the OperatingFrequencyBand parameter is modified), this has an impact on other parameters within the WiFi.Radio object.

The Channel parameter has to be changed, since channels for the 2.4 GHz frequency band are in the range 1-14, while channels for the 5 GHz frequency band can be in the range of 36-165 (for example). The expected behavior is that, upon modifying the OperatingFrequencyBand parameter, the device automatically selects a new channel that is valid for the new frequency band (according to some vendor-specific selection procedure).

Other related parameters of significance for the Channel properties are AutoChannelEnable, OperatingChannelBandwidth and CurrentOperatingChannelBandwidth.

Persistence of the Channel parameter value for the previous frequency band is not required. For example, if OperatingFrequencyBand is later changed back to 5GHz, a new valid value for the Channel parameter is automatically selected by the device, but this value need not be the same as was selected the last time OperatingFrequencyBand was set to 5GHz.

Other parameters whose values can be impacted when the OperatingFrequencyBand changes, include: ExtensionChannel, PossibleChannels, SupportedStandards, OperatingStandards, IEEE80211hSupported, and IEEE80211hEnabled. If the current value is no longer valid, the device will automatically select a valid new value according to some vendor-specific procedure, and the old value need not persist.

III.6 SupportedStandards and OperatingStandards

The SupportedStandards parameter is a list of all IEEE 802.11 physical layer modes supported by the devices. Wi-Fi is in general backward compatible, so 802.11g devices are also 802.11b devices, 802.11n devices are also 802.11b/g devices (if operating at 2.4 GHz), and 802.11n devices are also 802.11a devices (if operating at 5 GHz).

For dual-band radios, the OperatingFrequencyBand parameter is used for switching the operating frequency band. For this reason SupportedStandards only includes those values corresponding to operation in the frequency band indicated by the OperatingFrequencyBand parameter. For example, for dual-band 802.11a/b/g/n devices, SupportedStandards can be b, g, n when OperatingFrequencyBand is 2.4GHz and a, n, ac, ax when OperatingFrequencyBand is 5GHz. In addition an 802.11ax device can support tri-band operation in the 2.4, 5, and 6 GHz bands.

The OperatingStandards parameter is used to limit operation to a subset of physical modes supported. For example, an 802.11b/g/n radio will have b, g, n value for the SupportedStandards parameter, but can be configured to operate only with 802.11n by setting the OperatingStandards parameter to n.

III.7 Different Types of WiFi Errors

This section first describes the different WiFi data units and the layers where they apply.

The MAC Service Data Unit (MSDU) is the service data unit that is received from the logical link control (LLC) sub-layer which lies above the medium access control (MAC) sub-layer in the protocol stack.

The MAC protocol data unit (MPDU) is a message exchanged between MAC entities in a communication system. “WiFi frames” refer to MPDUs and WiFi counters are counts of MPDUs.

The Physical Layer Convergence Procedure (PLCP) protocol data unit (PPDU) corresponds with the bits that are actually transmitted across the physical layer.

The MSDU is the frame that interfaces to higher layers, while the MPDU is the frame that is actually transmitted through the wireless medium, excluding the physical layer overhead. The MPDU is the MSDU plus MAC layer overhead (header, FCS, etc.). The PPDU is the MPDU plus physical layer overhead (preamble, PHY header, etc.).

The number of errored MPDUs is the number of MPDUs without corresponding ACKs. In most cases, the number of MSDUs is the same as the number of MPDUs. However, if fragmentation is enabled, then one MSDU can become multiple MPDUs, and there is one ACK per MPDU, hence multiple ACKs for one MSDU.

With frame aggregation in 802.11n, multiple MPDUs become one aggregated MPDU (A-MPDU). There is usually one block ACK for each A-MPDU, and only the errored MPDU(s) can be retransmitted selectively. In this case the WiFi counters will count the original MPDUs and not the A-MPDUs.

To avoid confusion that may be caused by fragmentation or frame aggregation, “WiFi frames” or packets are all considered here to be MPDUs and WiFi counters refer to MPDUs.

Figure 33 explains the process of the MSDU/MPDU flow structure through the MAC layer of the WiFi receiver.

Figure 33: WiFi functions within layers

PLCPErrorCount: This error occurs at point (1) in Figure 33, and is the first error type that can be counted. The PLCPErrorCount is the number of errors in the PLCP headers of the received MPDUs, which is the number of frames for which the parity check of the PLCP header failed.

There are two errors that happen at point (2) of the wireless reception:

After verifying that the frame was received without errors, the WiFi receiver will then check if the frame was designated for its own use or not (still MAC layer).

PacketsOtherReceived: This counter is used to catch those MPDUs that are not addressed to this radio. This can be assessed by checking if the ‘Address 1’ field of the 802.11 MAC header contains a MAC address that is associated with this radio, if not then ‘PacketsOtherReceived’ is incremented.

After this step, the AP can also discard duplicate frames or fragments among the frames addressed to it, to simplify higher-level processing.

The ErrorsReceived count is the sum of the PLCPErrorCount plus the FCSErrorCount plus the InvalidMACCount.

III.8 Wi-Fi Data Elements

The Wi-Fi Alliance has specified Wi-Fi CERTIFIED Data Elements [3]. Wi-Fi Data Elements objects are under the Device.WiFi.DataElements. tree. Wi-Fi Data Elements Release 1.0 objects were put into Device:2.13, and Wi-Fi Data Elements Release 2.0 objects were put into Device:2.15.

In addition to Wi-Fi Data Elements, additional objects and parameters have been specified in TR-181 which are useful for managing Multi-AP Wi-Fi networks. These had been in the Device.WiFi.MultiAP. tree, however the Device.WiFi.MultiAP. tree has been deprecated in Device:2.15, with some parameters deleted and other parameters moved into the structure of Wi-Fi Data Elements under the Device.WiFi.DataElements. tree. Objects whose titles contain “MultiAP” are not Wi-Fi Data Elements. These MultiAP objects are in the Device.WiFi.DataElements. tree to simplify the structure and avoid duplication, but they are not specified by the Wi-Fi Alliance.

The structure of Device.WiFi.DataElements. differs somewhat from that of the pre-existing Device.WiFi; and there is some overlap between these structures.

Appendix IV: Use Cases

This section presents a number of management-related use cases that correspond to typical Controller activities.

IV.1 Create a WAN Connection

The Controller can create the objects in the interface stack bottom-up. Each time a new higher-layer object is created, the link with the underlying interface object needs to be set. The layer 1 interface, in this case a DSL.Channel and DSL.Line object, will already exist (A Controller cannot create physical interfaces).

  1. The Controller creates a new ATM.Link object, a new Ethernet.Link object, a new PPP.Interface object, and a new IP.Interface object.

  2. The LowerLayers parameter in an existing DSL.Channel object is already linked to an existing DSL.Line object (A Controller cannot configure this linkage).

  3. The Controller configures the new objects including enabling the objects and using the LowerLayers parameters as follows:

    • Setting the LowerLayers parameter in the ATM.Link object to link it to an existing DSL.Channel object that is configured with ATM encapsulation (i.e., the read-only LinkEncapsulationUsed parameter in the DSL.Channel object is set to one of the ATM-related enumeration values).
    • Setting the LowerLayers parameter in the Ethernet.Link object to link it to the ATM.Link object.
    • Setting the LowerLayers parameter in PPP.Interface object to link it to the Ethernet.Link object.
    • Setting the LowerLayers parameter in IP.Interface object to link it to the PPP.Interface object.

  4. The CPE updates the InterfaceStack table automatically. The stack looks like this: IP.Interface → PPP.Interface → Ethernet.Link → ATM.Link → DSL.Channel → DSL.Line.

  5. Note that the Controller might also want to update other related objects, including the NAT object, the Routing.Router object, or various QoS and Bridging tables. VLANs might also need to be created.

IV.2 Modify a WAN Connection

In this use case, the Controller needs to modify an existing WAN connection, in order to insert a new layer in the stack or to change some portion of the interface stack. This is not the management WAN connection. For the purposes of this example, the Controller is changing the WAN connection in the Create a WAN Connection use case to make use of PTM rather than ATM-based aggregation.

  1. The Controller creates a new PTM.Link object.

  2. The Controller configures the objects, including enabling the new PTM.Link object and using the LowerLayers parameter as follows:

    • Setting the LowerLayers parameter in the PTM.Link object to link it to an existing DSL.Channel object that is configured with PTM encapsulation (i.e., the read-only LinkEncapsulationUsed parameter in the DSL.Channel object is set to one of the PTM-related enumeration values).
    • Setting the LowerLayers parameter in the Ethernet.Link object to refer to the PTM.Link object rather than the ATM.Link object.
    • Setting the LowerLayers parameter in the IP.Interface object to refer to the Ethernet.Link object rather than the PPP.Interface object.

  3. The CPE updates the InterfaceStack table automatically. The stack looks like this: IP.Interface → Ethernet.Link → PTM.Link → DSL.Channel → DSL.Line.

  4. Note that the Controller might also want to update other related objects, including the Bridging table. The Controller might also want to delete the existing PPP.Interface and ATM.Link objects.

IV.3 Delete a WAN Connection

Assume that we want to delete the WAN connection as it is configured in the Create a WAN Connection use case.

  1. The Controller deletes the IP.Interface object.

  2. The Controller deletes the PPP.Interface object.

  3. The Controller deletes the Ethernet.Link object.

  4. As each of these objects is deleted, the InterfaceStack is adjusted automatically by the CPE.

  5. Any strong references to the deleted objects, e.g., in Device.QoS classification rules, will automatically be set to empty strings.

IV.4 Discover whether the Device is a Gateway

Many operators want to determine if a particular device is a “gateway” or not. The term “gateway”, however, is rather vague; usually the operator wants to know one (or more) of the following things:

  1. If the device terminates the WAN connection(s).

  2. If the device is responsible for providing DHCP addresses to the other devices in the home.

  3. If the device provides functionality such as NAT or routing capabilities.

In order to determine if the device terminates a WAN connection, the Controller might look for an interface object with a technology that is by definition WAN (such as DSL) or for a technology that could be a WAN termination technology (such as Ethernet or MoCA).

In order to determine if the device is responsible for providing addresses to other devices in the home, the Controller could check for the existence of the DHCP Server object. The existence of the Host table also indicates that the device is aware of Hosts, by whatever means they’re addressed.

For CWMP managed CPEs, the existence of the ManageableDevice table within the ManagementServer object also indicates that the device serves as the DHCP server for the TR-069 managed device exchange defined in TR-069 [58] Annex F, which is also often an indication of “gateway” functionality.

In order to determine if the device provides functionality such as NAT or a router, the Controller would check for the existence of an enabled NAT or Routing.Router object.

IV.5 Provide Extended Home Networking Topology View

Another use case is to determine the topology of the home network behind the gateway. For a generic understanding of the network, the Host table provides information such as the layer 2 and layer 3 interfaces via which the Host is connected as well as DHCP lease information for each connected Host.

If the operator is interested in UPnP devices in the home network, the UPnP.Discovery tables (RootDevice, Device, and Service) provide that information in addition to the Host table entries that correspond to a particular UPnP Root Device, Device, or Service.

Finally for CWMP enabled CPEs, the ManageableDevice table within the ManagementServer object provides information about the CWMP managed devices that the CPE has learned about through the DHCP message exchange defined in TR-069 [58] Annex F.

IV.6 Determine Current Interfaces Configuration

One of the most fundamental Controller tasks is to determine the general picture of the interfaces for a device so that it can understand which WAN and LAN side connections exist.

In the Device:2 data model managed with CWMP, it would work this way:

  1. The ACS would issue a GetParameterValues for the InterfaceStack table. This table would provide a list of all the Interface connections. The ACS could use this table to build up the general picture of the Interfaces that are part of the current configuration.

  2. If the ACS is interested in the specifics of an individual interface, it can then go and issue GetParameterNames or GetParameterValues for the interfaces of interest.

If the CPE is managed by USP:

  1. The USP Controller would issue a Get request for the InterfaceStack table. This table would provide a list of all the Interface connections. The USP Controller could use this table to build up the general picture of the Interfaces that are part of the current configuration.

  2. If the USP Controller is interested in the specifics of an individual interface, it can then go and issue a filtered Get request message for the interfaces of interest.

IV.7 Create a WLAN Connection

In this use case the Controller creates a new WLAN connection. For the purposes of illustration, in this example the Controller will create a new SSID object to link to an existing radio (a new SSID object implies a different SSID value than those used by existing WiFi connections). The layer 1 interface, in this case a WiFi.Radio object, will already exist (Controller can not create physical interfaces).

  1. The Controller creates a new WiFi.SSID object and WiFi.AccessPoint object.

  2. The Controller configures the new WiFi.SSID object, including enabling it and setting the value of the LowerLayers parameter to reference the device’s WiFi.Radio object.

  3. The Controller adds the new WiFi.SSID object to the LowerLayers parameter of an existing non-management Bridging.Bridge.{i}.Port object, as appropriate.

    A non-management bridge port is indicated when its ManagementPort parameter is set to false.

  4. The Controller configures the new WiFi.AccessPoint object, including enabling it and sets the value of its SSIDReference parameter to reference the WiFi.SSID object.

  5. The CPE updates the InterfaceStack table automatically.

  6. Note that the Controller might also want to update other related objects; also, if there were no appropriate existing bridge port to which to connect the SSID, the Controller might need to create that object as well.

IV.8 Delete a WLAN Connection

In this use case the Controller deletes the SSID created in the Create a WLAN Connection use case.

  1. The Controller deletes the WiFi.SSID object and the WiFi.AccessPoint object.

  2. The CPE automatically updates the InterfaceStack table.

  3. Note that if the radio has no other SSIDs configured, this would operationally disable the wireless interface.

IV.9 Configure a DHCP Client and Server

In this use case, the Controller wants to configure a DHCP server to provide private 192.168.1.x IP addresses to most home network (HN) devices, but to obtain IP addresses from the network for HN devices that present an option 60 (vendor class ID) value that begins with “ACME”.

The ACME devices are remotely managed, so the Controller will also configure the DHCP clients on those devices and the DHCP server on the gateway.

IV.9.1 DHCP Client Configuration (ACME devices)

The ACME devices are quite simple. Each has a single wired Ethernet port and a single IP interface.

A DHCP Client object is created and configured as follows:

DHCPv4.Client.1.Enable true
DHCPv4.Client.1.Interface Device.IP.Interface.1
DHCPv4.Client.1.SentOption.1.Enable true
DHCPv4.Client.1.SentOption.1.Tag 60
DHCPv4.Client.1.SentOption.1.Value “ACME Widget” (as hexBinary)

IV.9.2 DHCP Server Configuration (gateway)

The gateway is also relatively simple. Its downstream IP interface is IP.Interface.1.

A DHCP Server object is created and configured as follows:

DHCPv4.Server.Enable true
DHCPv4.Relay.Enable true
DHCPv4.Relay.Forwarding.1.Enable true
DHCPv4.Relay.Forwarding.1.Interface Device.IP.Interface.1
DHCPv4.Relay.Forwarding.1.VendorClassID “ACME”
DHCPv4.Relay.Forwarding.1.VendorClassIDMode “Prefix”
DHCPv4.Relay.Forwarding.1.LocallyServed false
DHCPv4.Relay.Forwarding.1.DHCPServerIPAddress 1.2.3.4
DHCPv4.Server.Pool.1.Enable true
DHCPv4.Server.Pool.1.Interface Device.IP.Interface.1
DHCPv4.Server.Pool.1.MinAddress 192.168.1.64
DHCPv4.Server.Pool.1.MaxAddress 192.168.1.254
DHCPv4.Server.Pool.1.ReservedAddresses 192.168.1.128, 192.168.1.129
DHCPv4.Server.Pool.1.SubnetMask 255.255.255.0

If a DHCP request includes an option 60 value that begins with “ACME”, the request is forwarded to the DHCP server at 1.2.3.4. All other requests are served locally from the pool 192.168.1.64 - 192.168.1.254 (excluding 192.168.1.128 and 192.168.1.129).

IV.10 Reconfigure an Existing Interface

The Controller might want to reconfigure an existing Interface to provide alternate routing functionality. For the purposes of this illustration, an existing Ethernet Interface that is configured for the downstream-side will be reconfigured as an upstream Ethernet Interface replacing an existing DSL Interface.

The current configuration on the upstream side looks like:

IP.Interface.1 → Ethernet.Link.1 → ATM.Link.1 → DSL.Channel.1 → DSL.Line.1

The current configuration on the downstream side contains:

The Controller would follow these steps to reconfigure the Ethernet.Interface:

  1. Determine which Ethernet.Interface is to be reconfigured. For the purpose of this illustration we will use Ethernet.Interface.1.

  2. Retrieve the InterfaceStack.

  3. Find the higher-layer Interface of Ethernet.Interface.1 by finding the InterfaceStack entry that has Ethernet.Interface.1 as the LowerLayer. The HigherLayer parameter of the identified InterfaceStack instance will be the Interface we are interested in, for the purpose of this illustration we found Bridging.Bridge.1.Port.2.

  4. Remove the Bridging.Bridge.1.Port.2. This removal will automatically clean up the InterfaceStack instances that connect Bridging.Bridge.1.Port.1 → Bridging.Bridge.1.Port.2 and Bridging.Bridge.1.Port.2 → Ethernet.Interface.1. Also, it will remove Bridging.Bridge.1.Port.2 from the LowerLayers parameter contained within Bridging.Bridge.1.Port.1.

  5. Find the DSL.Line reference within the LowerLayer parameter of the InterfaceStack.

  6. Follow the InterfaceStack up to the Ethernet.Link reference by looking at the HigherLayer parameter in the current InterfaceStack instance and then finding the InterfaceStack instance containing that Interface within the LowerLayer parameter until the HigherLayer reference is the Ethernet.Link Interface. For the purpose of this illustration, we found Ethernet.Link.1.

  7. Reconfigure the LowerLayers parameter of Ethernet.Link.1 such that its value is “Device.Ethernet.Interface.1” instead of “Device.ATM.Link.1”.

  8. The CPE updates the InterfaceStack table and sets the Upstream parameter to true on the Ethernet.Interface.1 instance automatically.

  9. Note that the Controller might also want to update other related objects, including the NAT object, the Routing.Router object, or various QoS and Bridging tables. VLANs might also need to be created.

After the CWMP Session is completed and the CPE commits the configuration, the upstream side will look like:

IV.11 Backup / Restore Using Vendor Configuration Files

This use case is written from a CWMP perspective, but would also apply to USP.

In certain troubleshooting scenarios, a Device that has its user configuration modified in a manner that cannot be easily restored by setting individual parameters can have the Device’s user configuration restored by applying a previous user configuration to the Device. When performing a backup and restoration of configuration files, the Controller can correlate the instance number of the VendorConfigFile retrieved during backup (Upload RPC) operation with the URL of the restore (Download) operation. The following sequence diagrams depict a backup and restoration scenario that correlates these attributes of a configuration file.

Figure 34 depicts a message sequence scenario where a configuration is backed up from the Device to the ACS using CWMP.

Figure 34: Device User Configuration Backup

Step 1: Retrieve instances and values of VendorConfigFile and DeviceInfo:

The parameter values of the DeviceInfo and VendorConfigFile provide the information necessary to restore a Device to a point in time. Minimally the information needed to create a snapshot includes:

Only instances of DeploymentUnit with VendorConfigFile instances with the UseForBackupRestore parameter set to the value true as items in the instance’s VendorConfigList parameter will need to be backed up.

This information is necessary as restoring Device configurations with different hardware versions, software versions or deployment units that existed at the time of the backup can result in a failed restoration attempt or a corrupted Device.

Step 1a: The parameters returned by the Device in the GetParameterValuesResponse are used to create a “snapshot” of the Device. The definition of what is needed to create a snapshot and how a snapshot is administered in an ACS is implementation specific.

Step 2: Backup each configuration file defined by the Device in the VendorConfigFile table with the UseForBackupRestore parameter set to the value “true” using the Upload RPC with a File Type “3 Vendor Configuration File x” where “x” is the instance number of the file in the VendorConfigFile table.

An ACS can also have additional information, outside step 1, to discern which configuration files are necessary to restore a Device, as well as the order in which the configuration files need to be restored where dependencies exist between the configuration files within the potential snapshot.

Step 3, 3a: Upon completion of the transfer for each file via the Transfer Complete event, the ACS will update the state of the snapshot. The lifecycle and state management of the snapshot by an ACS is implementation specific.

At this point a Device snapshot exists that can be used to restore a Device to this point in time.

Figure 35 depicts a message sequence scenario where a configuration is restored to the Device from the ACS

Figure 35: Device User Configuration Restore

Step 1: For each user configuration file in the snapshot, retrieve the information for the location of the configuration file.

Step 2, 2a: Download the configuration using the File Type “3 Vendor Configuration File” and the location of the configuration file.

Other elements (e.g., credentials) might be required but are outside the scope of this sequence. When downloaded, a VendorConfigFile instance with the same value for Name or Alias (if supported and present) will update the corresponding instance in the VendorConfigFile table and will not create a new entry within the table.

Step 3, 3a: The Device performs the download of each configuration file and responds with a Transfer Complete event.

Appendix V: IPv6 Data Modeling Theory of Operation

The Device:2 data model supports IPv6 (introduced in Amendment 2) via various IPv6-specific objects and parameters that are designed to be used with other IP version neutral and IPv4-specific objects and parameters. This Appendix briefly reviews all the relevant objects and parameters, and then presents some example configurations.

V.1 IPv6 Overview

The IETF published RFC 2460 [14], Internet Protocol, Version 6 (IPv6) Specification in 1998. Since then, it has published a variety of RFCs to create a suite of protocols (and extensions to protocols) for operating, managing, and configuring IPv6 networks and devices. In addition there are RFCs that document transition mechanisms (to transition from IPv4 to IPv6) and best current practices (that describe which RFCs to implement depending on what a device is or needs to do).

The Broadband Forum has published several Technical Reports describing IPv6 architectures and device requirements. Specifically, TR-124 Issue 2 [61] includes IPv6 requirements for Residential Gateways (RGs), TR-177 [63] describes migration to IPv6 in the context of TR-101 [59], and TR-187 [64] describes an architecture for IPv6 for PPP Broadband Access. The Device:2 IPv6 Data Model is intended to ensure that TR-069 [58] or USP [67] managed End Devices, RGs, and other Network Infrastructure Devices can be managed and configured, consistent with the requirements listed in these documents.

The basic elements of IPv6 data modeling involve information on IPv6 capabilities, and enabling those capabilities on devices and device interfaces (see Enabling IPv6), configuring addresses, prefixes , and configuration protocols on upstream and downstream interfaces (see Configuring Upstream IP Interfaces and Configuring Downstream IP Interfaces), interacting with other devices on the Local Area Network (LAN) (see Device Interactions), and configuring IPv6 routing and forwarding information (see *[Configuring IPv6 Routing and Forwarding*]).

Configuration protocols include Neighbor Discovery (ND; RFC 4861 [36]) and DHCPv6 (RFC 3315 [23]). Neighbor Discovery includes several messages that are important to configuration, including Router Solicitation (RS) [sent by devices looking for routers], Router Advertisement (RA) [sent by routers to other devices on the LAN], Neighbor Solicitation (NS) [used to identify if any other device on the LAN is using the same IPv6 address, and used to see if previously detected devices are still present; the latter is called Neighbor Unreachability Detection (NUD)], and Neighbor Advertisement (NA) [used to respond to a NS sent to one of the device’s IPv6 addresses]. These messages are central to the stateless address autoconfiguration (SLAAC) mechanism described in RFC 4862 [37]. SLAAC is expected to be the primary means of IPv6 address configuration for devices inside a home network. RFC 4191 [29] extended the RA message to support a RouteInformation option. RFC 6106 [43] extended the RA message to support sending Recursive DNS Servers (RDNSS) information for DNS configuration.

DHCPv6 can also be used for IPv6 address provisioning, through its IA_NA option. DHCPv6 was extended by RFC 3633 [25] to provide the IA_PD option for delegating IPv6 prefixes to routers (that the routers can then use to provide IPv6 addresses to other devices on the LAN, or to further sub-delegate to other routers inside the LAN). Both IA_NA and IA_PD require the DHCPv6 server to maintain state for these assignments (since they have lifetimes, can expire, and require renewal). DHCPv6 can also supply a variety of stateless configuration options, including recursive DNS server information. RGs can have both DHCPv6 client and server, and it may be desirable for some of the stateless options to be passed through from the client to the server.

Interfaces that support IPv6 will have more than one IPv6 address. IPv6 interfaces are always required to have a link-local address (described in RFC 4862 [37]). Other IPv6 addresses may be acquired through SLAAC, DHCPv6 IA_NA, or they may be statically configured. Routers may acquire prefixes (for use with address assignment in the LAN) from DHCPv6 IA_PD, static configuration, or by generating their own Unique Local Address (ULA) prefixes from a self-generated ULA Global ID (RFC 4193 [30]).

Because of the various IPv6 addresses that devices can have, maintaining good routing table and IPv6 forwarding information is critical. Route information can be obtained from received RA messages (both by noting that the sending device is a router, and from the RouteInformation option) as well as other protocols.

V.2 Data Model Overview

This Theory of Operations focuses on data modeling for the purpose of establishing upstream and downstream connectivity for TR-069 [58] or USP [67] enabled devices, and for configuration of IPv6-related parameters. This is not an exhaustive description of data model changes made in support of IPv6, and only intends to describe the working of elements that are not readily obvious.

The following tables are key to IPv6 data modeling:

Note that the following tables have separate theories of operation, and are not described again here:

Firewall includes some IPv6 elements that are not described, since it does not interact with tables other than an association with IP.Interface. As such, its IPv6 usage is considered straightforward, and explanation is considered unnecessary.

Similarly, DNS.Client.Server is not described.

Use of DHCPv6 elements of Bridging.Filter are also not described, as there is no conceptual difference between how they are used and how DHCPv4 elements are used.

Figure 36 shows the relationship of IPv6 configuration messages to devices and the tables used to configure the protocol messages and store the responses.

Figure 36: Relationship of Protocols to Data Model

Figure 37 shows internal relationships of parts of the data model involved in IPv6 addresses and IPv6 prefixes. The following sections describe in greater detail how these various tables are populated.

Figure 37: Internal Relationships of IPv6 Addresses and Prefixes

V.3 Enabling IPv6

The IP IPv6Capable parameter indicates whether the device supports IPv6. IP.IPv6Enable controls enabling IPv6 is on the device. IPv6 can only be enabled on a device with IPv6Capable=true. IPv6Status indicates whether IPv6 has been enabled on the device.

Per TR-124 Issue 2 [61], the upstream interface can be configured to establish an IPv6 connection either over PPP (PPPoA or PPPoE) or directly over Ethernet. Both mechanisms require an IP.Interface instance with IPv6Enable set to true. When using PPP, a PPP.Interface instance must have IPv6CPEnable set to true (which can only occur if PPP.SupportedNCPs includes IPv6CP in its list of Network Control Protocols (NCPs)).

Enabling IPv6 on specific downstream or upstream interfaces requires that IP.Interface instances have IPv6Enable set to true.

V.4 Configuring Upstream IP Interfaces

An upstream IP Interface is an IP.Interface that is associated with an Upstream=true physical interface, via the InterfaceStack. Every Upstream=true physical interface that will be used to support routed IPv6 traffic will have an upstream IP Interface for each distinct upstream IPv6 connection that is established over that physical interface.

Upstream IPv6 connections can be established on an upstream IP Interface either through internal logic (for well-known addresses and the link-local address), static configuration, or dynamically through received Router Advertisement (RA) messages or DHCPv6 client behaviors. Received RA and DHCPv6 messages can contain configuration information for more than just establishing the upstream IP interface. The data model allows for the storage of additional configuration information sent by one of these protocols.

V.4.1 Configuration Messages Sent Out the Upstream IP Interface

The device can be configured to send Router Solicitation and DHCPv6 client messages out an upstream IP interface.

V.4.2 IPv6 Prefixes

IP.Interface.IPv6Prefix instances on upstream IP interfaces are used to store all prefixes received in RA messages on the interface (with Origin of RouterAdvertisement), prefixes delegated by DHCPv6 IA_PD (with Origin of PrefixDelegation), statically configured IPv6 prefixes (but only the ones that are intended to be sub-divided for use on downstream interfaces with sent RA messages or DHCPv6 server functions), and WellKnown prefixes, as appropriate (such as certain well-known multicast prefixes, where the device joins the multicast group for that prefix on that interface).

RouterAdvertisement prefixes with Autonomous=true are used to create an IPv6Address instance on the interface, and can be used to create routes in Routing.Router.IPv6Forwarding. RouterAdvertisement prefixes with OnLink=true can also be used to create routes in Routing.Router.IPv6Forwarding. Prefixes received in a RA RouteInformation option are not stored with the interface, but rather in an instance of Routing.RouteInformation.InterfaceSetting.

PrefixDelegation prefixes and Static prefixes are not directly used on the upstream IP interface. They are prefixes that are intended to be sub-divided for use on the device’s downstream interfaces, either by the DHCPv6 server for IA_NA or IA_PD, sent in RA messages (as on-link and/or autonomous prefixes), or used to self-assign addresses to other interfaces on the device. Non IA_PD prefixes received in DHCPv6 options are not stored with the upstream IP interface. Prefixes for static routes are entered directly into Routing.Router.IPv6Forwarding and do not need to also have upstream IP interface IPv6Prefix entries.

It is often desirable to configure information about delegated prefixes before they have been delegated (for example, that a particular /64 of that prefix is to be used on the downstream interface for address assignment). In order to allow for the referencing of not-yet-existing-but-expected delegated prefixes, an Origin=Static IPv6Prefix entry is created of Type=PrefixDelegation. When a device receives a delegated prefix, it is expected to first look for such Static entries and populate them with the delegated prefix information, instead of creating a new IPv6Prefix instance of Origin=PrefixDelegation. How these references are configured on downstream interfaces is discussed in IPv6 Prefixes.

V.4.3 IPv6 Addresses

IPv6 link-local addresses on an upstream IP Interface are generally internally generated, although they can be configured statically, when necessary (when the internal default link-local address fails Duplicate Address Detection (DAD)). A properly configured upstream IP.Interface instance will have a IP.Interface.IPv6Address instance for its link-local address. This will have Origin of AutoConfigured (if internally generated per RFC 4862 [37]) or Static (if statically configured by some management entity).

IPv6 addresses that are created via stateless address autoconfiguration (SLAAC), as defined in RFC 4862 (from received RA messages that contain prefix(es) with Autonomous=true) cause the device to create a IP.Interface.IPv6Address instance with Origin of AutoConfigured. IPv6 addresses assigned via DHCPv6 IA_NA cause the device to create a IP.Interface.IPv6Address instance with Origin of DHCPv6. Statically created IPv6 addresses will have Origin of Static. If any of these addresses are Global Unicast Addresses (GUA), they can be used to originate and terminate traffic to/from either the downstream or the upstream, independent of which physical interface they are associated with.

V.5 Configuring Downstream IP Interfaces

A downstream IP Interface is a IP.Interface that is associated with an Upstream=false physical interface, via the InterfaceStack. As noted in the definition of the Upstream parameter, “For an End Device, Upstream will be true for all interfaces.” This means that only RGs or (possibly) other Network Infrastructure Devices will have downstream IP Interfaces.

V.5.1 IPv6 Prefixes

IP.Interface.IPv6Prefix instances on downstream IP interfaces are used to store all prefixes that are either on-link for that downstream IP interface, or can be delegated to or used by routers connected to that downstream IP interface. On-link prefixes include prefixes that are included in Router Advertisement (RA) messages for SLAAC (Autonomous prefixes), those used as DHCPv6 address pools, and those used for static addressing by End Devices that connect to that downstream IP interface.

The device can have a Unique Local Address (ULA) /48 prefix defined in IP.ULAPrefix. In general, the device will generate its own ULA /48 prefix, although this value could be configured directly by the user or through TR-069 [58] or USP [67]. If ULA addressing is to be supported on a downstream interface, then IP.Interface.ULAEnable must be true. The ULA /48 prefix can be associated with any downstream IP interface, and can be sub-divided to provide ULA prefixes on multiple downstream IP interfaces (by assigning longer prefixes from the ULA /48 prefix to these downstream IP interfaces). When the device creates a ULA prefix on a downstream interface, it creates an IPv6Prefix instance with Origin=AutoConfigured.

RGs that are configured to act as routers need to know which prefixes to include in their sent Router Advertisement (RA) messages and to be used in DHCPv6 server pools. These prefixes need to be associated with the downstream IP interface for those RouterAdvertisement.InterfaceSetting and DHCPv6.Server.Pool instances. These prefixes can be statically configured on the downstream IP interface, or they can be automatically generated from prefixes on an upstream IP interface with Origin of PrefixDelegation or Static, or they can be generated from the ULA /48 prefix (as described in the previous paragraph). Prefixes that are automatically (by internal code) derived from prefixes on an upstream IP interface with Origin of PrefixDelegation or Static, will point to that upstream IP interface in ParentPrefix and have Origin of Child.

It is often desirable to pre-configure information about prefixes on a downstream IP interface that are to be derived from delegated (on the upstream interface) prefixes. This will need to be done before that prefix has been delegated and without knowledge of what that prefix will be. A derived-from-not-yet-existing-but-expected-delegated-prefix downstream IP interface IPv6Prefix entry will have Origin=Static and Type=Child, and will have ParentPrefix pointing to an upstream IP interface IPv6Prefix instance (that is Origin=Static and Type= PrefixDelegation). When a device receives a delegated prefix and populates the upstream IP interface IPv6Prefix instance, and needs to generate downstream IP interface prefixes from that delegated prefix, it is expected to first look for such Static Child entries and populate them with the derived prefix information, instead of creating a new IPv6Prefix instance of Origin=Child. How the referenced parent prefixes are configured on upstream IP interfaces is discussed in IPv6 Prefixes.

If the device receives RA messages on downstream IP interfaces, autonomous and on-link prefixes in such received RA message Prefix Information options can also be recorded in IP.Interface.IPv6Prefix. At this time, there is no additional guidance for using the information in these RA messages received on downstream interfaces. They are simply stored, to provide information about other devices in the home network.

V.5.2 IPv6 Addresses

As with the upstream IP interfaces, IPv6 link-local addresses on a downstream IP interface are generally internally generated, although they can be configured statically, when necessary (when the internal default link-local address fails Duplicate Address Detection (DAD)). A properly configured downstream IPv6 connection will have a IP.Interface instance with a IP.Interface.IPv6Address instance for its link-local address. This will have Origin of AutoConfigured (if internally generated per RFC 4862 [37]) or Static (if statically configured by some management entity).

If the device has a Unique Local Address (ULA) prefix that it is advertising and/or sub-delegating to devices on the LAN, then it needs to have at least one address from this prefix assigned to downstream IP interfaces that expect to support usage of the ULA.

If the device did not receive an address on its upstream IP interface (from DHCPv6 or SLAAC), but it was delegated a prefix (DHCPv6 IA_PD), then it is expected to assign an address from a prefix (Origin=Child or Type=Child) derived from that delegated prefix to one of its non-upstream interfaces. This IPv6Address instance will have Origin of AutoConfigured. This address can be used for originating and terminating messages to and from either the downstream or the upstream interfaces.

V.6 Device Interactions

The RG can interact with other devices on the LAN both by actively sending messages with or without configuration information, and by passively listening to messages received from other devices. End Devices can interact with other devices on the LAN by passively listening to messages received from other devices and by actively performing Neighbor Unreachability Detection (NUD) to determine if previously detected devices are still reachable.

V.6.1 Active Configuration

To assist in the automated configuration of other devices on the LAN, an RG sends Router Advertisement (RA) messages and DHCPv6 server messages. This function is associated with downstream IP interfaces, and thus does not apply to End Devices. As noted in the above section on downstream IP interfaces, only RGs or other infrastructure devices will have downstream IP interfaces.

As noted above, both RouterAdvertisement.InterfaceSetting and DHCPv6.Server.Pool have references to IPv6Prefix entries. The ManualPrefixes, IANAManualPrefixes and IAPDManualPrefixes parameters allow for configuration (through TR-069 [58], USP [67], user interface, or other means) of prefixes that are to be included in RA messages, and to be used in deriving DHCPv6 IA_NA and IA_PD offers, respectively. The Prefixes, IANAPrefixes, and IAPDPrefixes parameters list all of the prefixes that the devices actually does include in these messages. Since the *ManualPrefixes entries may point to IPv6Prefix entries that are not enabled, it is possible that not all of those will be included in these parameters’ lists. In addition to the *ManualPrefix entries, these lists may also include references to prefixes that the device creates or uses automatically in RA messages or for deriving DHCPv6 IA_NA or IA_PD offers.

There is some flexibility in the modeling of ULA IA_PD prefixes. It is not required to model the ULA /48 prefix in an IPv6Prefix instance. If the ULA /48 is not represented in an IPv6Prefix instance and ULAEnable is true for a downstream interface and IAPDEnable is true for a DHCPv6.Server.Pool instance, then it can be assumed that the device will sub-delegate prefixes from the ULA /48 prefix. Alternately, the ULA /48 can be included as an AutoConfigured prefix in a downstream interface, and that IPv6Prefix instance can be referenced in IAPDPrefixes in the DHCPv6.Server.Pool instance. It is also possible to manually create a Static longer-than-/48 prefix from the ULA prefix in a downstream interface. This Static prefix can then be referenced in IAPDManualPrefix for a DHCPv6.Server.Pool instance for that interface.

For IA_PD, there is one additional parameter: IAPDAddLength. This parameter is configured to recommend how many bits should be added to an IAPDPrefixes prefix to create a delegated prefix offer.

V.6.2 Monitoring

All devices can monitor and record information from messages sent by other devices.

V.7 Configuring IPv6 Routing and Forwarding

IPv6 routing information is stored in instances of Routing.Router.IPv6Forwarding. This information can in part be derived from Router Advertisement (RA) messages, either directly from the address of the router sending the RA, or from RA RouteInformation (RFC 4191 [29]) options that may be included in the message. Routing.RouteInformation.InterfaceSetting instances record received RA RouteInformation options.

Following is an example of how a typical RG (one upstream and one downstream interface, with delegated prefix and IA_NA address, and ULA enabled) might be configured. The corresponding data model is shown below the figure. Not all parameters are shown, and objects and parameters that the Controller is likely to have explicitly created or written are shown in bold face (some of these settings might alternatively be present in the factory default configuration).

Figure 38: Example IPv6 RG Configuration
# IP
IP.
    IPv6Capable = true
    IPv6Enable = true
    IPv6Status = “Enabled”
    ULAPrefix = fd01:2345:6789::/48 # typically generated by CPE

# Router Solicitation (Upstream IP interface)
NeighborDiscovery.
    Enable = true
    InterfaceSetting.1.
    Enable = true
    Interface = IP.Interface.1
    RSEnable = true

# DHCPv6 Client (Upstream IP interface)
DHCPv6.Client.1
    Enable = true
    Interface = IP.Interface.1
    RequestAddresses = true
    RequestPrefixes = true

# Upstream IP interface
# - Assumes DHCPv6 IA_PD will be 1080:0:0:800::/56 (this is NOT known at
# configuration time).
# - Assumes RA(PI) will be 2001:0DB8::/64 (this is NOT known at configuration
# time)
# - Assumes link-layer address is 55:44:33:22:11:00
# [Section 4/RFC 2464[15]], [Section 4.1/RFC 5072[38]]
IP.Interface.1
    Enable = true
    IPv6Enable = true

    # Upstream IP interface IPv6 prefixes
    # - Assumes that the WellKnown Link Local fe80::/10 prefix not modeled
    IPv6Prefix.1
        Enable = true
        Prefix = 1080:0:0:800::/56 # DHCPv6(IA_PD) [RFC 3633[25]]
        Origin = “Static”
        StaticType =PrefixDelegation

    # Upstream IP interface IPv6 addresses (LL, GUA)
    IPv6Address.1
        Enable = true
        IPAddress = fe80::5544:33ff:fe22:1100
        Origin = “AutoConfigured” # LL
        Prefix = “”
    IPv6Address.2
        Enable = true
        IPAddress = 1080:0:0:700::
        Origin = “DHCPv6” # GUA (from IA_NA [RFC 3315[23]])
        Prefix = “”

# Downstream IP interface
# - Assumes link-layer address is 00:11:22:33:44:55 [Section 4/RFC 2464[15]]
IP.Interface.2
    Enable = true
    IPv6Enable = true
    ULAEnable = true

    # Downstream IP interface IPv6 prefixes
    IPv6Prefix.1
        Enable = true
        Prefix = 1080:0:0:800::/64
        Origin = “Static”
        StaticType = “Child” # IA_PD /64 (for lcl, RA and IA_NA)
        ParentPrefix = IP.Interface.1.IPv6Prefix.1
        ChildPrefixBits = 0:0:0:00::/64
    IPv6Prefix.2
        Enable = true
        Prefix = 1080:0:0:810::/60
        Origin = “Static”
        StaticType = “Child” # IA_PD /60 (for IA_PD)
        ParentPrefix = IP.Interface.1.IPv6Prefix.1
        ChildPrefixBits = 0:0:0:10::/60
    IPv6Prefix.3
        Enable = true
        Prefix = fd01:2345:6789::/48
        Origin = “AutoConfigured” # ULA /48
    IPv6Prefix.4
        Enable = true
        Prefix = fd01:2345:6789:0::/64
        Origin = “AutoConfigured” # ULA /64 (for lcl, RA and IA_NA)
    IPv6Prefix.5
        Enable = true
        Prefix = 2001:0db9::/60 # RA(PI) [RFC 4861[36]]
        Origin = “RouterAdvertisement” # from peer router
        Autonomous = true
        OnLink = true

    # Downstream IP interface IPv6 addresses (LL, GUA?, ULA)
    IPv6Address.1
        Enable = true
        IPAddress = fe80::0011:22ff:fe33:4455
        Origin = “AutoConfigured” # LL
        Prefix = “”
    IPv6Address.2
        Enable = false # have upstream GUA so disabled
        IPAddress = 1080:0:0:800::
        Origin = “AutoConfigured” # GUA (from IA_PD /64)
        Prefix = IP.Interface.2.IPv6Prefix.1
    IPv6Address.3
        Enable = true
        IPAddress = fd01:2345:6789::0011:22ff:fe33:4455
        Origin = “AutoConfigured” # ULA (from ULA /64)
        Prefix = IP.Interface.2.IPv6Prefix.4

# Router Advertisement (Downstream IP interface)
RouterAdvertisement.
    Enable = true
    InterfaceSetting.1
        Enable = true
        Interface = IP.Interface.2
        ManualPrefixes = IP.Interface.2.IPv6Prefix.2

# DHCPv6 server (Downstream IP interface)
DHCPv6.Server.
    Enable = true
    Pool.1
        Enable = true
        Interface = IP.Interface.2
        <filter criteria>
        IANAManualPrefixes = IP.Interface.2.IPv6Prefix.1
        IAPDManualPrefixes = IP.Interface.1.IPv6Prefix.1,
                             IP.Interface.2.IPv6Prefix.2
        IAPDADDLength = 4

Appendix VI: 6rd Theory of Operation

See Tunneling for general information on how tunneling is modeled.

VI.1 RFC 5969 Configuration Parameters

RFC 5969 [41] describes the general operation of the 6rd protocol and configuration of external parameters needed to do the protocol. Table 13 shows the 6rd configuration parameters defined in RFC 5969 and their mapping into the Device:2 data model. Refer to RFC 5969 for further description on use of these parameters.

Note that while RFC 5969 allows for multiple Border Relay (BR) IPv4 addresses, it does not describe how a device selects from among these. The device will need to have internal logic to handle this case, but service providers might wish to ensure that they know what the behavior will be, if they intend to supply multiple BR addresses.

Table 13: RFC 5969 Configuration Parameter Mapping
RFC 5969 (Section 7) Configuration Parameter Device:2 (IPv6rd.InterfaceSetting.{i}) Parameter
IPv4MaskLen IPv4MaskLength
6rdPrefix, 6rdPrefixLen SPIPv6Prefix (expressed with prefix length)
6rdBRIPv4Address BorderRelayIPv4Addresses

VI.2 Internal Configuration Parameters

AddressSource, TunnelInterface, TunneledInterface, and AllTrafficToBorderRelay parameters are used to define internal device operation. AddressSource allows the desired source IPv4 address to be selected (to be embedded in the 6rd IPv6 address, after removing IPv4MaskLength bits from the beginning of the address, and as the source IPv4 address of the encapsulating IPv4 header). TunnelInterface and TunneledInterface allow for internal forwarding, routing, encapsulation, classification and marking of IPv6 packets. AllTrafficToBorderRelay impacts determination of the IPv4 destination address of the encapsulating IPv4 header.

VI.3 IPv4 Address Source

In general, it is expected that the device will use the IPv4 address obtained on the upstream interface as the address that is embedded in the 6rd IPv6 address, and used as the encapsulating source IPv4 address. However, there could be cases where the device has other public IPv4 addresses assigned to it, and it would be preferable to use one of these. For example, if the device has a public static IP address assigned to a different interface, it could be desired to use that address instead of the address assigned to the upstream interface.

If this parameter is not present, or if it is an empty string, the device will use internal logic to determine the source IPv4 address. In cases where there is a single upstream interface with an assigned (e.g., DHCPv4, IPCP, static) IPv4 address, that is the address that will be used.

Note that service providers need to be careful when using alternate addresses. If the alternate address does not have the same higher order IPv4 bits as other devices that will be supported by the same 6rd prefix, then the IPv4 mask will need to be zero. Masked IPv4 bits will be the same for all IPv4 addresses within a 6rd domain, per RFC 5969 [41].

VI.4 Sending All Traffic to the Border Relay Server

The default behavior of a 6rd client device is that all IPv6 packets are encapsulated in IPv4 packets with destination address of a 6rd border relay server, except when the IPv6 destination address begins with SPIPv6Prefix. When the destination IPv6 address begins with SPIPv6Prefix, then the encapsulating IPv4 destination address is derived from the IPv6 destination address by taking the next 32 - IPv4MaskLength bits, pre-pending the bits that are masked (as determined by its own WAN IPv4 address), and using the resulting IPv4 address as the encapsulating destination IPv4 address.

For example, if

…then the encapsulation destination IPv4 address becomes the first 8 bits of the device’s WAN IPv4 address (10 for an address of 10.100.200.2), plus the next 24 bits (32-8=24) after the SPIPv6Prefix (next 24 bits are 64c802 hex = 100.200.2 binary). The source encapsulating IPv4 address is 10.100.100.1. The source IPv6 address begins with the prefix 2001:db8:6464:100::/64.

However, if AllTrafficToBorderRelay is True, then all external-bound IPv6 traffic is sent to the border relay.

This Boolean field is reflected in the routing table. If the value is False (default behavior), then the IPv6 routing table for this example (with a border relay IPv4 address of 10.0.0.1) would include the following entries:

::/0 -> 6rd-tunnel-interface-int0 via 2001:db8:0:100::
    (default route to border relay)
2001:db8::/32 -> 6rd-tunnel-interface-int0
    (direct connect to 6rd tunnel interface if the first 32 bits of destination address match SPIPv6Prefix)
2001:db8:6464:100::/64 -> Ethernet0 (downstream interface)

If the AllTrafficToBorderRelay field is true, then the 2nd entry above does not exist.

VI.5 Internal Treatment of IPv6 Packets

Since a device can have multiple upstream and multiple downstream interfaces, the model supports a logical representation of the internal virtual 6rd IPv6 interface according to the general pattern described in Tunneling.

The internal virtual 6rd IPv6 interface is modeled as (TunnelInterface,TunneledInterface).

The IPv6Forwarding entries (which correspond to the routing table entries mentioned above) will route traffic between the downstream IPv6 interfaces and the 6rd IPv6 interface. IPv4Forwarding entries are unaffected.

Figure 39 shows the flow of tunneled 6rd traffic through the downstream, upstream, and the logical tunnel interfaces. Noted in the figure are sample values for the various IP.Interface entries that would be needed.

Figure 39: Sample 6rd Routing and Forwarding

Appendix VII: Dual-Stack Lite Theory of Operation

See Tunneling for general information on how tunneling is modeled.

RFC 6333 [44] describes the general operation of the dual-stack lite (DS-Lite) technology and configuration of external parameters needed to do the protocol. RFC 6334 [45] defines an AFTR (Address Family Transition Router) name DHCPv6 option that maps to an EndpointName parameter in the Device:2 data model (introduced in Amendment 2).

EndpointName is a variable length field, containing a Fully Qualified Domain Name that refers to the AFTR the client is requested to establish a connection with. EndpointName can be assigned statically (e.g., present in the factory default configuration or set by the Controller) or dynamically (via DHCPv6). If both statically and dynamically assigned, then the EndpointAssignmentPrecedence parameter indicates whether it is the static configuration or the DHCPv6 configuration that is actually applied to EndpointName.

EndpointAddress is a 128 bit field, containing one IPv6 address. The tunnel EndpointAddress specifies the location of the remote tunnel endpoint, expected to be located at an AFTR. EndpointAddress can be assigned statically (e.g., present in the factory default configuration or set by the Controller) or dynamically (via DNS lookup when EndpointName is set). If both statically and dynamically assigned, then the EndpointAssignmentPrecedence parameter indicates whether it is the static configuration or the DHCPv6-derived configuration that is actually applied to EndpointAddress.

When EndpointName is assigned, the name is looked up (resolved) and the corresponding IPv6 address is set in EndpointAddress.

When DS-Lite is running in the CPE, the NAT function is disabled between the LAN and DSLite interface.

VII.1 Internal Treatment of IPv4 Packets

Since a device can have multiple upstream and multiple downstream interfaces, the model supports a logical representation of the internal virtual DS-Lite IPv4 interface according to the general pattern described in Tunneling.

The internal virtual DS-Lite IPv4 interface is modeled as (TunnelInterface,TunneledInterface).

The IPv4Forwarding entries will route traffic between the downstream IPv4 interfaces and the DS-Lite IPv4 interface. IPv6Forwarding entries are unaffected.

Figure 40 shows the flow of tunneled DS-Lite traffic through the downstream, upstream, and logical tunnel interfaces. Noted in the figure are sample values for the various IP.Interface entries that would be needed.

Figure 40: Sample DS-Lite Routing and Forwarding

Appendix VIII: Advanced Firewall Example Configuration

This Appendix presents an advanced firewall example that illustrates settings corresponding to the following predefined Firewall.Config levels:

Firewall.
    Enable = true
    Config = "Advanced"
    AdvancedLevel = Firewall.Level.1
    Type = "Stateful"
Firewall.Level.1.
    Name = "High"
    Description = "Deny Inbound and minimally permit Outbound"
    Order = 1
    Chain = Firewall.Chain.1
    DefaultPolicy = "Drop"
Firewall.Level.2.
    Name = "Low"
    Description = "Allow all Outbound and pinhole-defined Inbound"
    Order = 2
    Chain = Firewall.Chain.2
    DefaultPolicy = "Drop"
Firewall.Chain.1.
    Name = "High (Deny Inbound and minimally permit Outbound)"
    Creator = "Defaults"
    Rule.1.
        Order = 1
        Description = "Telnet"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 23
    Rule.2.
        Order = 2
        Description = "FTP"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 21
    Rule.3.
        Order = 3
        Description = "HTTP"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 80
    Rule.4.
        Order = 4
        Description = "HTTPS"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 443
    Rule.5.
        Order = 5
        Description= "SMTP"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 25
    Rule.6.
        Order = 6
        Description = "DNS"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 17                    # UDP
        DestPort = 53
    Rule.7.
        Order = 7
        Description = "POP3"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 110
    Rule.8.
        Order = 8
        Description = "IMAP"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
        Protocol = 6                     # TCP
        DestPort = 143
Firewall.Chain.2.
    Name = "Low (Allow all Outbound and pinhole-defined Inbound)"
    Creator = "Defaults"
    Rule.1.
        Order = 1
        Description = "Outbound"
        Target = "Accept"
        DestInterface = IP.Interface.1   # upstream facing IP interface
    Rule.2.
        Order = 2
        Description = "Allow IPsec AH"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 6                    # IPv6
        Protocol = 51                    # AH
    Rule.3.
        Order = 3
        Description = "Allow IPsec ESP"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 6                    # IPv6
        Protocol = 50                    # ESP
    Rule.4.
        Order = 4
        Description = "Allow IPsec key exchange"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 6                    # IPv6
        Protocol = 17                    # UDP
        DestPort = 500
    Rule.5.
        Order = 5
        Description = "UPnP Port Mapping"
        Target = "TargetChain"
        TargetChain = Firewall.Chain.3
        SourceInterface = IP.Interface.1 # upstream facing IP interface
    Rule.6.
        Order = 6
        Description = "UPnP IPv6 Firewall"
        Target = "TargetChain"
        TargetChain = Firewall.Chain.4
        SourceInterface = IP.Interface.1 # upstream facing IP interface
    Rule.7.
        Order = 7
        Description = "User Interface"
        Target = "TargetChain"
        TargetChain = Firewall.Chain.5
        SourceInterface = IP.Interface.1 # upstream facing IP interface
Firewall.Chain.3.
    Name = "UPnP Port Mapping (dynamic rules)"
    Creator = "PortMapping"
    Rule.1.
        Order = 1
        Description = "SSH"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 4                    # IPv4
        Protocol = 6                     # TCP
        DestPort = 22
Firewall.Chain.4.
    Name = "UPnP IPv6 Firewall (dynamic rules)"
    Creator = "WANIPv6FirewallControl"
    Rule.1.
        Order = 1
        Description = "HTTP"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 6                    # IPv6
        Protocol = 6                     # TCP
        DestIP = 1080:0:0:800::1
        DestPort = 80
Firewall.Chain.5.
    Name = "User Interface"
    Creator = "UserInterface"
    Rule.1.
        Order = 1
        Description = "SMTP server"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 4                    # IPv4
        Protocol = 6                     # TCP
        DestIP = 192.168.1.4
        DestPort = 25
    Rule.2.
        Order = 2
        Description = "DMZ"
        Target = "Accept"
        SourceInterface = IP.Interface.1 # upstream facing IP interface
        IPVersion = 4                    # IPv4
        DestIP = "192.168.1.5"           # IPv4 address of LAN device that recvs
                                         # all unsolicited inbound IPv4 traffic

Appendix IX: IPsec Theory of Operation

See Tunneling for general information on how tunneling is modeled.

The Device:2 data model includes an IPsec (RFC 4301 [31]) object that supports the configuration of Encapsulating Security Payload (ESP; RFC 4303 [33]) and Authentication Header (AH; RFC 4302 [32]) in tunnel mode (Section 3.2/RFC 4301). Use of IKEv2 (RFC 5996 [42]) is assumed. The IPsec object does not currently support static configuration of tunnels and child Security Associations (SAs).

Figure 41 illustrates the main IPsec objects and their relationships.

Figure 41: IPsec Data Model Objects

In the Figure, instances of the colored objects (Filter.{i} and Profile.{i}) are created and populated by the Controller. Instances of all other objects are handled by the CPE as IPsec tunnels are created and deleted. References between objects are shown:

Typical usage is as follows:

The remainder of this Appendix consists of a brief summary of the various IPsec data model objects.

IX.1 IPsec

The top-level object has an Enable parameter that enables and disables the IPsec sub-system, various capability parameters, e.g., supported encryption algorithms, and global IPsec statistics.

IX.2 IPsec.Filter

The Filter table models IPsec Security Policy Database (SPD) selection criteria. Refer to Section 4.4.1/RFC 4301 [31] for further details.

SPD filtering is performed for all packets that might need to cross the IPsec boundary. Refer to Section 3.1/RFC4301 for further details. Given that IPsec operates at the IP level, this means that SPD filtering conceptually occurs after bridging and before routing.

This table is conceptually quite similar to the QoS Classification table in that entries are ordered, associated with an ingress interface, include selection criteria, and specify the action to be taken for matching packets.

Instances of the Filter table can be created statically by the CPE, or can be created and deleted by the Controller as needed. Each instance includes the following (this is not a complete list):

IX.3 IPsec.Profile

The Profile table models IPsec Security Policy Database (SPD) processing info. Refer to Section 4.4.1/RFC 4301 [31] for further details. Each Filter instance references a Profile instance. It would be possible to include the processing info directly in each Filter instance, but use of a separate table allows Profile entries to be shared between Filter instances.

Instances of the Profile table can be created statically by the CPE, or can be created and deleted by the Controller as needed. Each instance includes the following (this is not a complete list):

IX.4 IPsec.Tunnel

The Tunnel table that models IPsec tunnels. Instances are created and deleted by the CPE as needed. A (Tunnel,Tunneled) IP Interface pair is always created at the same time as an IPsec Tunnel instance and has the same lifetime; the Tunnel IP Interface contains generic IP interface settings, e.g., Enable, Status and generic Stats, and the IPSec Tunnel instance contains IPsec-specific settings, e.g., additional Stats.

A (Tunnel,Tunneled) IP Interface pair consists of an IP Interface instance with Type = “Tunnel”, and another IP Interface instance with Type = “Tunneled”.

IX.5 IPsec.IKEv2SA

Each entry in the IKEv2SA table models a single IKEv2 SA pair and uniquely references a Tunnel instance. Unlike Tunnel instances, which exist regardless of whether the tunnel is active, IKEv2SA instances exist only when the IKEv2 SA pair exists, i.e., they exist only when the tunnel is active.

IX.6 IPsec.IKEv2SA.ChildSA

The ChildSA table models child SA pairs. It is a child of the corresponding IKEv2SA instance and so exists only when the IKEv2SA instance exists.

Appendix X: ETSI M2M Remote Entity Management Theory of Operation

ETSI currently only endorses TR-069 [58] for management of M2M devices, but the principles would also apply for USP, even if the protocol is not mentioned in this appendix.

Figure 42 below depicts the high level ETSI M2M functional architecture defined in section 4 of ETSI TS 102 690 [5]. The Data Models defined [6] are used within CWMP enabled Devices and Gateways within the Device and Gateway domain.

Figure 42: ETSI High Level Functional Architecture

Within the Device and Gateway Domain, the M2M Device and Gateway contains 2 functional components as defined in the ETSI M2M Functional Architecture [5]:

Interactions between components within the ETSI architecture are defined using reference points. Figure 43 below illustrates the Service Capability Layer (SCL) mId reference point that is of interest. A full explanation of the SCL reference points is provided in section 5 of the ETSI M2M Functional Architecture [5].

Figure 43: M2M SCL Functional Architecture Framework

The M2M Device or Gateway SCL provides capabilities (functionality) for the following areas:

The « x » designates a capability is used in the context of the Device (D) or Gateway (G).

The Data Model in [6] reflects the device management objects and parameters necessary to implement xREM functionality across the mId reference point as defined in Annex E of the ETSI Functional Architecture [5] is depicted in Figure 44. In this instance, the Device Mgmt Client is considered a CWMP endpoint interface and the Device Mgmt Server is considered the ACS interface. In most situations, these endpoints and servers have an interface between the native Device, Gateway or Server environment and the SCL. In addition, the dIa reference point, using RESTful procedures, is used to discover M2M D’ Devices and M2M Applications as well as proxy selected xREM management functions.

Figure 44: M2M REM Service Capability

The mId reference point in this scenario would support CWMP for the exchange of “mgmtObjs” using the xREM procedures between SCLs while continuing to support the ETSI RESTful procedures (e.g., container management) for the exchange of other resources across the mId reference point.

Within the ESTI M2M Functional Architecture, the xREM is responsible for the following management functions:

Within the customer premises, equipment is categorized within the ETSI M2M framework as a:

Figure 45: ETSI M2M Devices and Gateways

X.1 ETSI M2M Area Networks

In the ETSI framework D’ and d Devices that connect to a SCL within a M2M Device or Gateway are said to be “attached devices” and are organized by M2M Area Networks within the SCL. The mechanism that a M2M Gateway uses to identify M2M Area Networks and their associated devices is implementation specific.

X.2 Device:2 Data Model and Functionality for ETSI M2M REM

Annex B of the ETSI M2M Functional Architecture [5] provides a cross reference between the xREM management functions and the object instances and RPCs required to implement the management functionality. The following is a summary of the objects, services, components, RPCs and optional TR-069 functionality required by the ETSI M2M xREM solution.

The ETSI M2M xREM solution in Annex E of the ETSI M2M Managed Objects [[6] defines a cross reference of the following ETSI resources to the existing Device:2 Data Model objects. These ETSI resources are:

The implementation of these resources the use of the following objects from the data model:

X.2.1 TR-069 Functionality for ETSI M2M REM

In addition to the mandatory RPCs defined in TR-069 [58], the ETSI M2M xREM solution requires that a M2M Device or Gateway implement the following optional RPCs according to Section 9.2.1.11 of [5]:

X.3 Device:2 Data Model and Functionality for ETSI M2M REM

In addition to reusing objects and parameters, the ETSI M2M xREM solution defines extensions to the resource model for the following ETSI resources by defining extensions to the data model for the following ETSI resources:

These resources provide administration of the SCL in order for the SCL in the Device or Gateway to communicate with SCLs in the network. In addition, these resources provide administration of the SCL for M2M Devices within the local M2M area network attached to a Device or Gateway in order to communicate with associated network SCLs.

The ETSI M2M Services Device model defines the ETSIM2M service in support of the xREM functionality.

X.3.1 M2M Service SCL Execution Environment

CPEs that provide software execution capabilities have the option to implement the Gateway Service Capabilities Layer and Gateway Applications as software modules. When a SCL is implemented as a software module, each instance of the GSCL and GA would be represented as individual Deployment Units with the associated software and configuration files. For the GSCL the vendor configuration file could contain configuration elements (e.g., M2M Node Id, NSCL List) that would be returned from or necessary to perform the M2M Service Bootstrap and Service Connection Procedures.

X.3.2 ETSIM2M Object

The ETSIM2M objects provide administration of the SCL instantiated within a Device or Gateway.

The primary administration functions of the service are to:

As a SCL instance within a M2M Device or Gateway is associated with one M2M service provider, the M2M Device or Gateway is capable of maintaining multiple SCL instances.

X.3.2.1 M2M Service Bootstrap and Service Connection Procedures

In the ETSI M2M system, the M2M (Device or Gateway) Node must establish the capability to connect with a M2M Network Node before the SCLs are permitted to be registered using M2M Service Bootstrap and Service Connection procedures.

The M2M Service Bootstrap and Service Connection procedures are defined in section 8.2 of the ETSI M2M Functional Architecture [5] and describe how some of the credentials are shared and obtained in order to establish a connections (e.g, HTTP TLS-PSK) during the exchange of RESTFul information over the mId reference point.

X.3.2.2 Rules for Instantiating a SCL Instance

A M2M Node is not modeled as a device management entity but is considered a logical representation of the M2M components in the M2M Device, M2M Gateway or the M2M Core. Such components include:

A M2M Node is identified by a globally unique identifier, the M2M-Node-ID.

In addition to the logical representation of a M2M Node, the following are constraints of a M2M Node that reflect on why a M2M Device or Gateway would instantiate multiple SCL instances:

X.3.2.3 SCL Addressing

When a SCL is instantiated the SCL is provided a SCL-ID using the M2M Service Bootstrap procedure or through an out-of-band mechanism. Table 7.1 of the ETSI M2M Functional Architecture [5] describes the characteristics of the SCL-ID.

When a M2M Device or Gateway SCL registers with a NSCL, the NSCL maintains the following information in its resource tree for the SCL that allows the NSCL to identify and contact the M2M Device or Gateway SCL:

X.3.2.4 SCL Registration

In order to communicate requests between the M2M Device or Gateway SCL and the NSCL, the M2M Device or Gateway SCL registers with the NSCL. Section 9.3.2.6.2 of the ETSI M2M Functional Architecture [5] describes the registration process including how attributes such as the SCLID, search strings and expiration times are provisioned. In order for a M2M Device or Gateway SCL to register with the NSCL, the M2M Device or Gateway SCL must be provisioned with a list of potential NSCLs that the M2M Device or Gateway SCL is registered. In addition to the list of NSCLs, the M2M Device or Gateway SCL also has parameters to manage when a M2M Device or Gateway SCL re-registers with the NSCL. The M2M Device or Gateway SCL also has the capability to be requested to re-register with the NSCL through its TR-069 interface.

X.3.2.5 Discovery of M2M Devices through the SCL

Using the control plane, the M2M Device or Gateway SCL provides the capability to return a list of resources that the M2M Device or Gateway has discovered. Filtering MUST be performed on a subset of the offered resources’ attributes using a query string. A match, that MAY include ranges, is performed on the query string, and a successful response is returned with a URI(s) list for resources that contains the matching attributes. Section 9.3.2.27 of the ETSI M2M Functional Architecture [5] describes this procedure. The M2M Device or Gateway MAY be provisioned through the TR-069 interface to either limit the number of URIs discovered by the device or define the maximum size allowed for a discovery result.

X.3.2.6 De/Announcing M2M Devices through the SCL

One capability of the M2M Device or Gateway SCL control plane is to announce or de-announce M2M resources (e.g., access rights, applications) to NSCL(s) to which the M2M Device or Gateway SCL has registered if the SCL is contained within the “AnnounceToSCLList”. Section 9.3.2.28 of the ETSI M2M Functional Architecture [5] describes this procedure. The “AnnouncedToSCLList” is maintained through the TR-069 interface.

X.3.2.7 SCL Store and Forward Policies

The M2M Device or Gateway SCL is responsible for handling requests from an attached M2M Device or itself and the NSCL. The handling of the requests is based on criteria within the request (e.g., Request category [RCAT], Tolerable Request Processing Delay [TRPDT]) as well as conditions within the M2M Device or Gateway SCL (e.g., pending requests, access network availability).

There are two types of SCL store and forward (SAF) policies:

The SAF policies are organized into instances of Policy sets. The selection of which Policy sets are used by the M2M Device or Gateway SCL is determined by the PolicyScope attribute of the Policy set.

Section 9.3.1.5 of the ETSI M2M Functional Architecture [5] describes this procedure. These policies are maintained through the TR-069 interface.

X.3.2.7.1 Access Network Provider SAF Policies

Access Network Provider SAF policies are used by M2M Device or Gateway SCLs to determine if an Access Network is to be used when forwarding requests from the M2M Device or Gateway SCL to the NSCL. The determination of which Access network to use is based on:

An Access Network Provider SAF is identified from the Access Network Provider name parameter.

X.3.2.7.2 M2M Service Provider SAF Policies

M2M Service Provider Store and Forward (SAF) policies are used by M2M Device or Gateway SCLs to determine to forward a request to NSCL. The determination if the request is forwarded is based on the:

X.3.2.8 Area Network Discovery and Maintenance

The M2M Device or Gateway SCL discovers properties of instances of M2M Area Networks as well as the Devices (D’, d) associated with a M2M Area Network. A M2M Area Network is a logical entity in that an instance of an Area Network can span one or more physical interfaces of the M2M Device or Gateway. In addition, a M2M Gateway can provide connectivity to more than one instance of the same type of M2M Area Network. Examples of M2M Area Networks include: Personal Area Network technologies such as IEEE 802.15.x, Zigbee, Bluetooth, IETF ROLL, ISA100.11a or local networks such as PLC, M-BUS, Wireless M-BUS and KNX.

A M2M Area Network is maintained as instances of an AreaNwkInstance. Each AreaNwkInstance maintains opaque properties of the Area Network using Property instances of name/value pairs. In addition, the AreaNwkInstance also maintains a list of references to instances of AreaNwkDeviceInfoInstance table that are associated with the Area Network.

X.3.2.9 M2M Device Discovery and Maintenance

The M2M Device or Gateway maintains a list of discovered M2M Devices (D’, d) that are attached to the SCL. A discovered M2M Device that is associated with more than one AreaNwkInstance is represented as multiple instances of AreaNwkDeviceInfoInstance objects.

Figure 46: Example M2M Network

In Figure 46, an M2M Gateway has two (2) SCL instances that manage three (3) M2M Devices. Each M2M Device is represented in the Root Data Model’s Hosts.Host table. The M2M Devices are represented by the AreaNwkDeviceInfoInstance object that was discovered within a context of an AreaNwkInstance of a SCL. As a M2M Device is capable of being discovered through multiple M2M Area Networks, different instances of the AreaNwkDeviceInfoInstance could reference the same or different Host table entry.

Each AreaNwkDeviceInfoInstance maintains a reference to an AreaNwkInstance object as well as properties specific to the device and area network association (e.g., SleepInterval). In addition, each AreaNwkDeviceInfoInstance maintains opaque properties of the device using Property instances of name/value pairs.

X.3.2.9.1 M2M Device Discovery and Maintenance

M2M Devices are able to be managed through the TR-069 Embedded Object and Virtual Device Proxy management capabilities. In these scenarios the AreaNwkDeviceInfoInstances are known as Discovered Devices.

In the scenario where a M2M Device (D’, d) is discovered as part of an Embedded or Virtual Device, the AreaNwkDeviceInfoInstance is maintained as an item in the DiscoveryProtocolReference parameter of the Embedded or Virtual Device using one or more of the protocols listed in the DiscoveryProtocol parameter. Figure 47 describes the scenario where the M2M Devices are discovered using the ETSI-M2M protocols.

Figure 47: M2M Device Discovery for Proxy Management

X.3.2.10 SCL Configuration

The ETSI M2M Data Model includes the capability to provision the SCL with objects and parameters necessary for the SCL to host resources and transfer messages between M2M Devices and Gateway Applications and the NSCL. This section describes the minimal configuration necessary for an SCL to:

Figure 48: ETSI M2M Data Model Structure

Figure 48 depicts the objects within an ETSI SCL instance.

For deployments where the SCL will only host resources, the following resources must be provisioned:

SCL.{1}.
    Enable = true

However for deployments where the SCL will transfer messages between M2M Applications and the NSCL, each SCL must have:

As such the following resources must be provisioned:

SCL.{1}.
    Enable = true
SCL.{1}.SAFPolicySet.{1}.
    Enable = true
    PolicyScope= default
SCL.{1}.SAFPolicySet.{1}.ANPPolicy.{1}.
    Enable = true
    ANName = *AccessNetworkProviderName*
SCL.{1}.SAFPolicySet.{1}.ANPPolicy.{1}.RequestCategory.{1}.
    Enable = true
    RCAT = *RCAT1*
SCL.{1}.SAFPolicySet.{1}.ANPPolicy.{1}.RequestCategory.{1}.Schedule.{1}.
    Enable = true
    Schedules = * * * * *
.
.
SCL.{1}.SAFPolicySet.{1}.ANPPolicy.{1}.RequestCategory.{7}.
    Enable = true
    RCAT = *RCAT7*
SCL.{1}.SAFPolicySet.{1}.ANPPolicy.{1}.RequestCategory.{7}.Schedule.{1}.
    Enable = true
    Schedules = * * * * *
SCL.{1}.SAFPolicySet.{1}.M2MSPPolicy.RequestCategory.{1}.
    Enable = true
    RCAT = *RCAT7*
*    *RankedANList = *AccessNetworkProviderName*
.
.
SCL.{1}.SAFPolicySet.{1}.M2MSPPolicy.RequestCategory.{7}.
    Enable = true
    RCAT = *RCAT7*
    RankedANList = *AccessNetworkProviderName*

Appendix XI: Provider Bridge Theory of Operation

A Provider Bridge is defined in 802.1Q-2011 [11] as either a Provider Edge Bridge (PEP) or an S-VLAN Bridge. A PEP provides the capability to stack VLAN tags with the inner tag being the C-TAG and the outer tag being the S-TAG. An S-VLAN Bridge provides a mechanism to process a S-TAG but does not utilize the mechanism to stack C-VLAN tags. The Provider Bridge model supports both of these types of Provider Bridges through the use of the ProviderBridge and VLANTermination objects.

Regarding different traffic bridging rules for Provider Bridges, the possible cases are characterized as follows:

These scenarios are portrayed in Figure 49, where:

Figure 49: Provider Bridge Scenarios

In order to model the traffic scenarios in Figure 49, the use of the VLANTermination and Bridging Objects are used.

Figure 50: Provider Bridge Components

XI.1 Residential Domain Scenario

In the Residential Domain scenario untagged traffic is routed from the Ethernet and SSIDa interfaces and tagged with a customer VLAN tag (C-TAG) of VLANa and then double tagged with a Service Provider VLAN tag (S-TAG) of VLANx. This requires the use of:

XI.2 Device Traffic Scenario

In the Device Traffic scenario untagged traffic is routed from the Device and tagged with a Service Provider VLAN tag (S-TAG) of VLANu. This requires the use of:

XI.3 Public and Roaming Domain Scenarios

In the Public and Roaming Domain scenarios untagged traffic is bridged from the SSIDb and SSIDc interfaces and tagged with a customer VLAN tag (C-TAG) of VLANa and then double tagged with a Service Provider VLAN tag (S-TAG) of VLANy and VLANz respectively. This requires the use of:

XI.4 Provisioning Provider Bridges

A Provider Bridge provides support for Provider Bridges and Provider Edge Bridges as defined in 802.1Q-2011. The difference between a Provider Bridge and a Provider Edge Bridge is that a Provider Edge Bridge incorporates a C-TAG and S-TAG while a Provider Bridge has a S-TAG. The data model differentiates which type of provider using the Type parameter of the ProviderBridge.{i} object.

When configuring the components of a Provider Bridge, the Bridge instance associated with the SVLAN component will have its Device.Bridging.Bridge.{i}.Port.{i}. objects provisioned as either ProviderNetworkPort or a CustomerNetworkPort. Likewise, the CVLAN component(s) will have its Device.Bridging.Bridge.{i}.Port.{i}. objects provisioned as CustomerEdgePorts.

XI.4.1 Associating Customer Edge Ports with Customer Network Ports

Ports of type CustomerEdgePort are associated with ports of type CustomerNetworkPort by assigning the ports of type CustomerNetworkPort and ports of type CustomerEdgePort to the port membership (Bridging.Bridge.{i}.VLANPort.{i}.) of the S-VLAN for the Bridge instance of the S-VLAN component.

Appendix XII: ZigBee Theory of Operation

This section explains how the ZigBee Device:2 data model can be used for the management of ZigBee devices.

This Theory of Operation is explained using CWMP but the same principles also apply for USP.

XII.1 CWMP management using the ZigBee data model

Figure 51 and Figure 52 present the principle and an example basic sequence for the management of ZigBee devices using the Device:2 ZigBee data model. The ZigBee protocol is specified in [70].

The ZigBee devices reside behind a CPE proxy and communicate with the ACS via this CPE proxy. The CPE proxy normally resides in a device such as a broadband router, i.e., a home gateway or an enterprise gateway, and it has a proxy function to translate CWMP messages to ZDO (ZigBee Device Object) function invocations based on the ZigBee data model. The proxy function translates the messages by using a mapping of ZigBee data model objects and CWMP methods to ZDO functions and their parameters. A ZigBee device management example using CWMP is shown in Figure 51.

Figure 51: Usage of the data model to manage ZigBee devices with TR-069
Figure 52: Example sequence diagram of ZigBee management with TR-069

This example shows how the ACS gets the network address of a ZigBee device by using TR-069 communication based on the ZigBee data model. The ACS performs a “GetParameterValues” CWMP method call containing the parameter “Device.ZigBee.ZDO.{i}.NetworkAddress” of the ZigBee data model, which refers to the ZigBee network address. The proxy function in the CPE proxy changes the received message to a ZDO message that calls some ZDO function on the ZigBee Coordinator. The ZigBee Coordinator manages the ZigBee devices according to the called ZDO function and sends the result (the searched network address, in this case) to the proxy. The proxy function changes the ZDO management result to a CWMP message which is denoted in Figure 52 as “GetParameterValuesResponse”. The parameter name inside the parameter list is “Device.ZigBee.ZDO.{i}.NetworkAddress” and the corresponding value is “0x0fE3” (network address instance).

XII.2 CWMP proxying mechanisms and the ZigBee data model

The following two issues related to the proxying of ZigBee devices with the standard TR-069 proxying mechanisms are out of scope of this document:

However, the following example explains how the main needs of the proxying mechanisms have been taken into account and are covered by the designed data model.

Imagine, for example, a ZigBee coordinator that controls a network which contains, among others, a ZigBee device that is used in a home automation system, i.e., implements the Home Automation Application Profile (0104). Then, the instantiation of the data model for the CPE contains, among others, the following two parameter values (note that “ZC” stands for ZigBee coordinator):

Device.ZigBee.ZDO.1.NodeDescriptor.LogicalType = "ZC"
Device.ZigBee.ZDO.2.ApplicationEndpoint.1.ApplicationProfileId = "0104"

In order to reference and manage these devices with the EmbeddedDevice mechanism, the CPE instance would simply also include, among others, the following entries:

Device.ManagementServer.EmbeddedDevice.1.Reference

Device.ManagementServer.EmbeddedDevice.1.ProtocolReference

Device.ManagementServer.EmbeddedDevice.2.DiscoveryReference

For setting the temperature for TemperatureSensor.2, for example, the TR-069 proxy would send a request through the ZigBee coordinator to the Application endpoint referenced by the ProxyReference parameter on the EmbeddedDevice instance. As indicated by the value of Device.ManagementServer.EmbeddedDevice.1.Reference in the above example, multiple sensors integrated in the same ZigBee device (i.e., same ZDO instance) can be modeled as different Embedded or Virtual devices while referring to the same ZDO object.

According to the ZigBee protocol, the discovery of ZigBee devices is the responsibility of the ZigBee coordinator. Thus, a ZDO instance that has a LogicalType=“ZC” can be made a DiscoveryReference of the various EmbeddedDevice and VirtualDevice instances.

Appendix XIII: Port Control Protocol Theory of Operation

The Port Control Protocol (PCP) allows an IPv6 or IPv4 host to control how incoming IPv6 or IPv4 packets are translated and forwarded by a Network Address Translator (NAT) or simple firewall (generically referred to as the “PCP-controlled device”), and also allows a host to optimize its outgoing NAT keepalive messages.

When a PCP client is embedded in a device, the PCP client can be invoked by:

Figure 53: Example of a PCP Client embedded in the RG using CWMP
Figure 54: Example of a PCP Client embedded in a device using CWMP, with PCP Proxy in the RG

Defining a PCP data model allows the Controller to remotely manage the PCP client including:

Whereas the description of objects themselves is enough to understand how to proceed, some operations need further explanation about the way to manage the objects.

This theory of operation relies on IETF RFCs and drafts:

The data model allows for more than one PCP client, but those clients operate independently. Therefore, the text below considers only one PCP client.

XIII.1 Configuration and monitoring of the PCP Server

Prior to sending its first PCP message, the PCP client determines which server to use as described in [49]. To do so the PCP client of the CPE can be configured statically (GUI or CWMP) or via DHCP (v4 or v6).

Based on these server definitions, the PCP client follows the procedures specified in [49] to determine the IP Address to be used for each configured PCP server.

No conflict or doubt can arise between DHCP and static configurations, because they are represented in separate PCP.Client.{i}.Server instances, with Origin to record the origin of the configuration. ServerNameOrAddress is writable by the Controller only if Origin is “Static”.

XIII.2 Monitoring and setting rules set by the PCP client

Once a PCP server has been successfully contacted, the PCP client is ready to set rules in the corresponding PCP-controlled device. Depending on the use case, the PCP client selects the appropriate PCP server based on its Capabilities, as described in Section 10 of [46]. It is possible to define the following mappings:

Inbound Mapping without filters
An inbound mapping is defined by an instance of the PCP.Client.{i}.Server.{i}.InboundMapping table. It is created by a PCP request with the MAP OpCode, as described in Section 11 of [46]. This is allowed only if PCP.Client.{i}.MAPEnable is “true”.

Inbound Mapping with filters
As above, but additional filters are defined by instances of the PCP.Client.{i}.Server.{i}.InboundMapping.{i}.Filter table. Filters are specified in the PCP request using the FILTER option, as described in Section 13.3 of [46]. This is allowed only if PCP.Client.{i}.FILTEREnable is “true”.

Outbound Mapping
An outbound mapping is defined by an instance of the PCP.Client.{i}.Server.{i}.OutboundMapping table. It is created by a PCP request with the PEER OpCode, as described in Section 12 of [46]. This is allowed only if PCP.Client.{i}.PEEREnable is “true”.

It is possible to define a mapping on behalf of another device. The PCP request uses the THIRD_PARTY option to create the mapping, as described in Section 13.1 of [46]. This is allowed only if PCP.Client.{i}.THIRDPARTYStatus is “Enabled”.

These operations can be requested by the device itself (embedded applications, GUI, CWMP…) or by another device through the UPnP IGD interworking function [47] (if PCP.Client.{i}.UPnPIWF.Status is “Enabled”) or the PCP Proxy [54] (if PCP.Client.{i}.PCPProxy.Status is “Enabled”).

[4] provides a set of examples to illustrate PCP operations. These operations can be monitored by getting PCP.Client.{i}.Server.{i}.InboundMapping and PCP.Client.{i}.Server.{i}.OutboundMapping objects. The parameters sent by the PCP client in MAP or PEER requests are represented in corresponding parameters (Lifetime, SuggestedExternalIPAddress, SuggestedExternalPort, SuggestedExternalPortEndRange, ProtocolNumber, InternalPort…) of PCP.Client.Server.{i}.InboundMapping and PCP.Client.Server.{i}.OutboundMapping. The Origin parameter denotes which mechanism triggered the request:

The parameters received when the PCP-controlled device has processed the request are represented in corresponding parameters (Lifetime, AssignedExternalIPAddress, AssignedExternalPort, AssignedExternalPortEndRange…) of PCP.Client.{i}.Server.{i}.InboundMapping and PCP.Client.{i}.Server.{i}.OutboundMapping.

To remotely create rules using CWMP or USP, the Controller configures the request to be sent by the PCP Client. To do so the Controller creates the necessary objects and sets, depending on the operation, the Lifetime, SuggestedExternalIPAddress, SuggestedExternalPort, SuggestedExternalPortEndRange, ProtocolNumber, InternalPort parameters of PCP.Client.{i}.Server.{i}.InboundMapping or of PCP.Client.{i}.Server.{i}.OutboundMapping. To monitor the result, the Controller will get PCP.Client.{i}.Server.{i}.InboundMapping and PCP.Client.{i}.Server.{i}.OutboundMapping objects to retrieve the parameters received from the PCP-controlled device.

XIII.3 Rapid recovery

A recovery mechanism for situations where the PCP server loses its state is described in Section 14 of [46]. This is usable only if PCP.Client.{i}.ANNOUNCEEnable is “true”.

Appendix XIV: GRE Tunnel Theory of Operation

See Tunneling for general information on how tunneling is modeled.

RFC 2784 [18] defines a generic mechanism to encapsulate a packet of protocol A (known as the payload protocol) in a GRE packet. The resulting GRE packet is then encapsulated into a protocol B (known as the delivery protocol). The result of this operation is a payload packet that is encapsulated in a GRE tunnel delivered via protocol B. RFC 2890 [20] extends the GRE header with two optional fields. The Key field provides an identifier to identify flows within the GRE tunnel. The Sequence Number field is used to maintain the sequence of packets within the GRE tunnel.

Device:2 models a GRE tunnel using the GRE.Tunnel object. Multiple GRE flows to the same remote endpoint are possible by defining multiple GRE.Tunnel.{i}.Interface instances within the same GRE.Tunnel instance.

This Appendix describes the usage of GRE for two scenarios: L2 payload over GRE and L3 payload over GRE.

XIV.1 L2 Payload over GRE

For this example consider a Provider Edge Bridge that discriminates 2 separate VLANs as shown in Figure 55. In this case the service provider does not support a VLAN infrastructure at the access node, but does at the core network.

A GRE tunnel is used to preserve the VLAN tagging at the edge to further interconnect the other VLAN segments. In this scenario, as the remote endpoint is the same in both cases, the VLANs are modeled as two flows within a single instance of the GRE.Tunnel.{i} object.

In addition, the DSCPMarkPolicy parameter can be used to assign DSCP values to each GRE.Tunnel.{i}.Interface instance for QoS treatment in the access network and towards the GRE concentrator.

Figure 55: VLAN Traffic over GRE

The GRE Tunnel interface layout is shown in Figure 56.

Figure 56: L2 over GRE Tunnel

The configuration for this scenario assumes that the WAN Ethernet interface, Ethernet Link and IP interface objects have been previously configured; likewise the LAN Ethernet and Bridging objects have been previously configured. This section focuses on the association and configuration of the GRE tunnel with the WAN IP interface and the Bridge Ports.

The example configuration uses the RFC 2890 [20] Key field to determine the GRE tunnel interface to which the GRE tunnel will forward packets.

GRE Tunnel
Device.GRE.Tunnel.1.Enable = True
Device.GRE.Tunnel.1.RemoteEndPoints = GRE-IPAddress
Device.GRE.Tunnel.1.DeliveryHeaderProtocol = IPv4

GRE Tunnel Interface 1
Device.GRE.Tunnel.1.Interface.1
Device.GRE.Tunnel.1.Interface.1.Enable = True
Device.GRE.Tunnel.1.Interface.1.KeyIdentifierGenerationPolicy = Provisioned
Device.GRE.Tunnel.1.Interface.1.KeyIdentifier = 1

GRE Tunnel Interface 2
Device.GRE.Tunnel.1.Interface.2
Device.GRE.Tunnel.1.Interface.2.Enable = True
Device.GRE.Tunnel.1.Interface.2.KeyIdentifierGenerationPolicy = Provisioned
Device.GRE.Tunnel.1.Interface.2.KeyIdentifier = 2

Associate Bridge Ports with GRE Tunnel Interfaces
Device.Bridging.Bridge.1.Port.1.LowerLayers = Device.GRE.Tunnel.1.Interface.1
Device.Bridging.Bridge.1.Port.2.LowerLayers = Device.GRE.Tunnel.1.Interface.2

Assign the DSCP value to each GRE Tunnel Interface using the GRE.Filter
Device.GRE.Filter.1
Device.GRE.Filter.1.Enable = True
Device.GRE.Filter.1.Order = 1
Device.GRE.Filter.1.Interface = Device.GRE.Tunnel.1.Interface.1
Device.GRE.Filter.1.DSCPMarkPolicy = DSCP1
Device.GRE.Filter.2
Device.GRE.Filter.2.Enable = True
Device.GRE.Filter.2.Order = 2
Device.GRE.Filter.2.Interface = Device.GRE.Tunnel.1.Interface.2
Device.GRE.Filter.2.DSCPMarkPolicy = DSCP2

XIV.2 L3 Payload over GRE

This example describes an IP in IP encapsulation where a GRE tunnel takes IPv4 payload and encapsulates over IPv6.

Figure 57 shows the scenario where an IPv4 LAN network is tunneled in an IPv6 GRE tunnel that uses IPv6 global addresses.

The GRE tunnels use the default IPv6 WAN interface of the CPE.

Figure 57: IP over IP GRE Encapsulation

Figure 58 shows the configuration of a GRE tunnel for an IPv4 Private network attached to a LAN interface that is encapsulated in the IPv6 packet.

Figure 58: L3 over GRE Tunnel

The configuration for this scenario assumes that the WAN and LAN Ethernet interface, Ethernet Link and IP interface objects have been previously configured. This section focuses on the association and configuration of the GRE tunnel with the WAN and Tunnel IP interfaces.

GRE Tunnel
Device.GRE.Tunnel.1.Enable = True
Device.GRE.Tunnel.1.RemoteEndPoints = GRE-IPAddress
Device.GRE.Tunnel.1.DeliveryHeaderProtocol = IPv6

GRE Tunnel Interface 1
Device.GRE.Tunnel.1.Interface.1
Device.GRE.Tunnel.1.Interface.1.Enable = True

Associate Tunnel IPv4 Interface with GRE Tunnel Interface
Device.IP.Interface.3.LowerLayers = Device.GRE.Tunnel.1.Interface.1

Appendix XV: MAP Theory of Operation

See Tunneling for general information on how tunneling is modeled.

MAP (Mapping of Address and Port) is a mechanism for transporting IPv4 packets across an IPv6 network, and a generic mechanism for mapping between IPv6 addresses and IPv4 addresses and ports. There are two mutually exclusive MAP transport modes, both of which use NAPT44 (modified to use a restricted port range):

Many aspects of the MAP configuration are the same for both MAP-E and MAP-T. [52] defines DHCPv6 options for configuring MAP parameters, and the Device:2 data model parameters correspond closely to these parameters.

XV.1 MAP Configuration Parameters

The MAP-T architecture is illustrated in Figure 59. The MAP-E architecture diagram looks very similar, but differs as follows:

Figure 59: MAP-T Architecture

The Device:2 data model models each MAP domain as an instance of the corresponding MAP.Domain table. The most important domain parameters are:

Each domain has a set of mapping rules ([51] Section 5) with each rule having the following parameters:

The mapping rule with the longest match between its IPv6Prefix and the end-user IPv6 prefix is the BMR (Basic Mapping Rule). This is used to determine the MAP IPv6 address, which is one of Interface’s addresses and is used for all MAP traffic.

XV.2 Internal Treatment of IPv4 Packets

Since a device can have multiple upstream and multiple downstream interfaces, the model supports a logical representation of the internal virtual MAP IPv4 interface according to the general pattern described in Tunneling. The IPv4Forwarding entries will route traffic between the LAN IPv4 interface and the MAP IPv4 interface.

Figure 60 shows the flow of MAP traffic through the various interfaces. Noted in the figure are sample values for the various IP.Interface entries that would be needed.

Figure 60: Sample MAP Routing and Forwarding

Figure 61 shows the corresponding MAP interface stack.

Figure 61: Sample MAP Routing and Forwarding (Interface Stack)

Appendix XVI: G.fast Theory of Operation

G.fast (hereafter referred to as FAST) is a DSL communications technology defined by ITU-T G.9700, G.9701, and G.997.2.

Devices that support both DSL and FAST (both interfaces’ objects are administratively Enabled) have the capability to switch from one mode to another. If the device is connected in xDSL mode (DSL.Line.{i}.status is “Up”), FAST interface is down (FAST.Line.{i}.status is “Not Present” or “Down”). The InterfaceStack Table needs to reflect the relationship between the PTM interface and DSL interface as seen in Figure 62. The PTM’s LowerLayers points to DSL.Channel instance whose status is “Up”.

Figure 62: PTM Link for DSL mode Line

In the case when the device is connected in FAST mode, the DSL line is down. The InterfaceStack Table needs to show that the PTM’s LowerLayers points to the FAST.Line interface as below:

Figure 63: PTM Link for FAST mode Line

The same fall back mechanism applies to the bonding of FAST and DSL interfaces. PTM’s interface is to be stacked on two bonding groups as they are both administrative “Enable”. However, in the InterfaceStack Table, the PTM interface’s LowerLayers points to the bonding group that has Operational Status “Up”. In the diagram below, PTM’s LowerLayers points to the bonding group of FAST.Line, which is currently “Up”. The DSL bonding group instance corresponding to DSL channels is “Down”.

Figure 64: PTM Link Bonding Groups for FAST mode Lines

In the case where DSL Bonding group is “Up” for non-FAST mode lines, the diagram below shows PTM’s LowerLayers pointing to the bonding group of DSL.Channel, which is currently “Up”. The DSL bonding group instance corresponding to FAST Lines is “Down” here.

Figure 65: PTM Link Bonding Groups for DSL mode Lines

Appendix XVII: USB Host Theory of Operation

XVII.1 Overview

An increasing number of devices are equipped with a USB Host controller and USB host interface(s) / connector(s).

There are a number of use cases for adding a USB Host and connected devices to a CWMP data model. One example is retrieving the exact product identity of the connected device in the event of service issues such as printer or file sharing problems. Another example is notifying the user that a newly-connected device is not supported, e.g., due to a missing driver. Or the detection of the connection of a particular USB device could mean additional services for this device could be offered to the subscriber.

The data model contains the number of devices connected to each host controller. For each device, the main properties of the USB device descriptors as well as interface descriptors are represented. The latter is to support devices that only indicate class/subclass (and therefore device type) at the interface level.

Example USB topology of connected devices:

Figure 66: Example USB Host Connections

All USB devices attach to a USB Host through a port on a USB entity known as a hub. Hubs have status bits that are used to report the attachment or removal of a USB device on one of its ports. The USB Host queries the hub to retrieve these status bits. In the case of an attachment, the USB Host enables the port and addresses the USB device through the device’s control pipe at the default address. Figure 66 depicts both a Root Hub and an External Hub that provide this service.

The USB Host assigns a unique USB address to the device and then determines if the newly attached USB device is a hub or function. The USB Host establishes its end of the control pipe for the USB using the assigned USB address and endpoint number zero. This is reflected in the data model by adding a new USBHosts.Host.{i}.Device.{i}. instance.

If the attached USB device is a hub and USB devices are attached to its ports, then the above procedure is followed for each of the attached USB devices.

If the attached USB device is a function, then attachment notifications will be handled by the USB Host software that is appropriate for the function.

Appendix XVIII: Location Management

This section discusses the Theory of Operation for Location Management using CWMP [58] or USP [67] and the Location object defined in the <rootobject>.DeviceInfo data model.

XVIII.1 Overview

The Location object defined in this document is a multi-instance object that can be used by any device that needs to be able to acquire and/or express its “location.”

This Location object is a multi instance object to account for the fact that a Device can acquire location information in more than one way. Location info can be acquired by:

Location objects can be created autonomously by the device, based on the location information it receives by CWMP or USP. When the Location object is created autonomously by the device, the device itself will fill the DataObject parameter with location data coming from GPS/AGPS, local GUI or an external protocol (not CWMP). When created by CWMP or USP, it is up to the CWMP or USP protocol to configure the DataObject parameter. Regardless of how a Location object is created, the device is responsible for populating the values of all of the location metadata (i.e., all parameters except the DataObject that contains the location information and the AcquiredTime) not writable by any external mechanism.

When a Location object is updated, the object can only be updated through the same mechanism that created it. The device will update the AcquiredTime as necessary and place the updated location data in the DataObject.

When a Location object is deleted, the object can only be deleted through the same mechanism that created it.

XVIII.2 Multiple Instances of Location Data

Devices that need to make use of location data will need to have rules around how to deal with multiple instances of location data. These rules are out of scope for CWMP or USP and the Device:2 data model. These rules may need to be specific to a particular application. For example, if a VoIP device chooses to send location data in a SIP message, the device can include all of the instances of DataObject in that message, order the Locations Objects according to the acquisition date and time (parameter AcquiredDateTime, most recent is first) or order the Location objects according to some sort of protocol preference, such as GPS, A-GPS, DHCP, HELD, CWMP, USP, and then all others according to acquisition date and time.

A Femtocell Access Point (FAP) with multiple sources of location can also need rules for use of the Location object. If it must make decisions locally based on location, the FAP will need rules to determine the preferred location. If the FAP must send its location elsewhere, the FAP will need rules to determine whether the FAP sends all of its location data, or selects certain locations based on specific criteria.

XVIII.3 CWMP, USP, Manual, GPS, and AGPS Configured Location

As noted in the description of the Device:2 data model parameter <rootObject>.Location.{i}.DataObject., Manual, GPS, and AGPS mechanisms are formatted by the device according to the following formats specified by the IETF. A Controller that is creating an External:CWMP or an External:USP location will use one of these formats:

  1. Geographical coordinates formatted according to the XML syntax specified in IETF RFC 5491 [40] (update of RFC 4119 [27])

  2. Civic addresses according to the XML syntax specified in IETF RFC 5139 [39] (update of RFC 4119 [27])

Location information in these IETF RFCs is specified within the IETF framework of presence information. While these IETF RFCs specify presence information different from the Location component model assumed in the TR-069 framework, the IETF data format is adopted by BBF independent of these higher level differences.

IETF defines its XML syntax for geographical information as a subset of presence information (<presence> object in the XML example below), generally related to a device (<device> object) or a user (<user> object). IETF location information is represented using a Presence Information Data Format Location Object (PIDF-LO). This is represented as the <geopriv> object in the XML example below.

XVIII.3.1 Example: Manual, GPS, AGPS, and External:CWMP <rootObject>.Location.{i}.DataObject. Format

This example, modified from an example in RFC5491, explains how to format location information in a <rootObject>.Location.{i}.DataObject. parameter with both geographical coordinates and civic location information according to the above-referenced IETF RFCs. The schema associated with the civic location namespace “urn:ietf:params:xml:ns:pidf:geopriv10:civicAddr” is specified in RFC 5139 [39].

<presence xmlns="urn:ietf:params:xml:ns:pidf"
          xmlns:dm="urn:ietf:params:xml:ns:pidf:data-model"
          xmlns:gp="urn:ietf:params:xml:ns:pidf:geopriv10"
          xmlns:gml="http://www.opengis.net/gml"
          xmlns:cl="urn:ietf:params:xml:ns:pidf:geopriv10:civicAddr"
          entity=" ">
    <dm:device id=" FFFFFF-FAP-123456789 ">
        <gp:geopriv>
            <gp:location-info>
                <gml:Point srsName="urn:ogc:def:crs:EPSG::4326">
                    <gml:pos>-43.5723 153.21760</gml:pos>
                </gml:Point>
                <cl:civicAddress>
                    <cl:FLR>2</cl:FLR>
                </cl:civicAddress>
            </gp:location-info>
            <gp:usage-rules/>
            <gp:method>Wiremap</gp:method>
        </gp:geopriv>
        <dm:deviceID>mac:8asd7d7d70</dm:deviceID>
        <dm:timestamp>2007-06-22T20:57:29Z</dm:timestamp>
    </dm:device>
</presence>

XVIII.3.2 RFC 5491 and RFC 5139 Location Element Definitions

The XML elements are defined as follows by the IETF in RFC 5491 [40] and related documents:

  1. <presence> (RFC 5491 [40])

    The <presence> element MUST have an ‘entity’ attribute. The value of the ‘entity’ attribute is the ‘pres’ URL of the presentity publishing this presence document.

    The <presence> element MUST contain a namespace declaration (‘xmlns’) to indicate the namespace on which the presence document is based. The presence document compliant to this specification MUST have the namespace ‘urn:ietf:params:xml:ns:pidf:’. It MAY contain other namespace declarations for the extensions used in the presence XML document.

  2. <device> (RFC 5491 [40])

    The <device> element […] can appear as a child to <presence>. There can be zero or more occurrences of this element per document. Each <device> element has a mandatory “id” attribute, which contains the occurrence identifier for the device. In the TR-069 framework the id attribute will contain the CWMP Identifier of the device, in the form OUI-ProductClass-SerialNumber.

  3. <geopriv> (RFC 5491 [40], RFC 5139 [39])

    Location information in a PIDF-LO can be described in a geospatial manner based on a subset of Geography Markup Language (GML) 3.1.1 or as civic location information specified in RFC 5139 [39]. The PIDF-LO Geodetic Shapes specification provides a specific GML profile for expressing commonly used shapes using simple GML representations. This profile defines eight shape types, the simplest ones being a 2-D and a 3-D Point. The PIDF-LO Geodetic Shapes specification also mandates the use of the World Geodetic System 1984 (WGS84) coordinate reference system and the usage of European Petroleum Survey Group (EPSG) code 4326 (as identified by the URN urn:ogc:def:crs:EPSG::4326) for two-dimensional (2d) shape representations and EPSG 4979 (as identified by the URN urn:ogc:def:crs:EPSG::4979) for three-dimensional (3d) volume representations.

    Each <geopriv> element must contain at least the following two child elements: <location-info> element and <usage-rules> element. One or more elements containing location information are contained inside a <location-info> element.

    1. <location-info> element can contain one or more elements bearing location information.
      1. <Point> element contains geographical data in the coordinate system specified by its srsName attribute. In the example above (WGS84/EPSG 4326), the syntax is latitude, longitude expressed in degrees
      2. Civic information elements are specified by IETF and can be added to the geographical data, though mixing information is not recommended.
      3. <relative-location> element is being proposed by IETF
    2. <usage-rules> can contain the following optional elements:
      1. <retransmission-allowed>: When the value of this element is ‘no’, the recipient of this Location Object is not permitted to share the enclosed Location Information, or the object as a whole, with other parties. RFC 4119 [27] specifies that “by default, the value MUST be assumed to be ‘no’”.
      2. <retention expires>: This field specifies an absolute date at which time the Recipient is no longer permitted to possess the location information
      3. <external ruleset>: This field contains a URI that indicates where a fuller ruleset of policies, related to this object, can be found
      4. <notewell>: This field contains a block of text containing further generic privacy directives.
    3. <method> is an optional element that describes the way that the location information was derived or discovered. Values allowed by RFC 4119 [27] are stored in the IANA registry as “Method Tokens” [7]. The “Wiremap” value listed in the example is described as “Location determined using wiremap correlations to circuit identifiers”

  4. <deviceID> element is mandatory. It contains a globally unique identifier, in the form of a URN, for each of the presentity devices (RFC 4479 [34])

  5. <timestamp> is optional (RFC 4479 [34])

XVIII.3.3 Use of RFC 5491 and RFC 5139 Location XML Elements in CWMP or USP

  1. <presence>
    The entity attribute conveys no useful information and its value should be conventionally set to an empty string.

  2. <device>
    In RFC 5491 [40] this is one of the devices associated to the presentity. Devices are identified in the presence document by means of an instance identifier specified in the id attribute.

  3. <geopriv>

    1. <location-info>
      2-D geographical coordinates with no additional civic information are sufficient in the simplest case.
      • <Point>
        For 2-D applications the value of the srsName attribute should be set to the specified value “urn:ogc:def:crs:EPSG::4326”
    2. <usage-rules>
      • <retransmission-allowed>
        Note that this field is not intended as instruction to the device whose location this is. Rather, it is intended to provide instruction to other systems that the device sends its location to (via SIP or other mechanisms). Therefore, the device will need to maintain its own policy (no standardized TR-069 data model is provided for this) as to when and where to send its location to others, and how to set this parameter when transmitting this location information. The device can choose to set this parameter to “yes” or to “no” when sending its location to others. RFC 4119 [27] specifies that this element’s default value is “no”.
    3. <method>
      If this location object is being created by the device as a result of GPS, A-GPS, or Manual mechanisms, the <method> parameter will be populated with “GPS”, “A-GPS”, or “Manual”, respectively. If the location object is being created by External:CWMP, then this parameter will not be used or populated by the Controller.

  4. <deviceID> It contains a globally unique identifier, in the form of a URN, for each of the presentity devices (RFC 4479 [34]).

  5. <timestamp> is optional. The device (GPS, A-GPS, Manual), ACS (External:CWMP) or USP-Controller (External:USP) can set this to the time the location was set or acquired.

Appendix XIX: Fault Management

This section discusses the Theory of Operation for Fault Management using CWMP [58] or USP [67] and the FaultMgmt object defined in the Root data model.

XIX.1 Overview

There are four types of alarm event handling:

Expedited Event Alarm event is immediately notified to the Controller with the use of Active Notification mechanism
Queued Event Alarm event is notified to the Controller at the next opportunity with the use of Passive Notification mechanism
Logged Event The CPE stores the alarm event locally but does not notify the Controller
Disabled Event The CPE ignores the alarm event and takes no action

Note that all Fault Management tables are cleared when the device reboots.

Table 14 shows the multi-instance objects for FM to manage the alarm events.

Table 14: FM Object Definition
Object name (<rootobject>.FaultMgmt.) Table size Content Purpose and usage
SupportedAlarm.{i}. Fixed Static & fixed content Defines all alarms that the CPE supports. ReportedMechanism defines how the alarm is to be handled within the CPE: 0 – Expedited, 1 – Queued, 2 – Logged, 3 – Disabled

The table size is fixed and its content is static in order to drive the alarm handling behavior in the CPE.
ExpeditedEvent.{i}. Fixed Dynamically updated Contains all “Expedited” type alarm events since the last device initialization. This includes events that are already reported or not yet reported to the Controller. One entry exists for each event. In other words, raising and clearing of the same alarm are two separate entries. As the table size is fixed (vendor defined), new alarm event overwrites the oldest entry in FIFO fashion after the table becomes full.
QueuedEvent.{i}. Fixed Dynamically updated Contains all “Queued” type alarm events since the last device initialization. This includes events that are already reported or not yet reported to the Controller. One entry exists for each event. In other words, raising and clearing of the same alarm are two separate entries.

As the table size is fixed (vendor defined), new alarm event overwrites the oldest entry in FIFO fashion after the table becomes full.
CurrentAlarm.{i}. Variable Dynamically updated Contains all the currently active alarms (i.e., outstanding alarms that are not yet cleared) since the last device initialization. When an outstanding alarm is cleared, that entry is deleted from this table. Therefore, only 1 entry exists for a given unique alarm.

A Controller can retrieve the content of this table to get the entire view of the currently outstanding alarms.

As this is a variable size table, the size changes as alarm event is raised and cleared.

If maximum entries for this table are reached, the next event overrides the object with instance number 1. Subsequent entries override objects at sequentially increasing instance numbers. This logic provides for automatic “rolling” of records.

When a new alarm replaces an existing alarm, then all parameter values for that instance are considered as changed for the purposes of value change notifications to the Controller (even if their new values are identical to those of the prior alarm).
HistoryEvent.{i}. Fixed Dynamically updated Contains all alarm events as a historical record keeping purpose. One entry exists for each event. In other words, raising and clearing of the same alarm are two separate entries.

The Controller can retrieve the content of this table to get the entire chronological history of the alarm events on the CPE.

As the table size is fixed (vendor defined), new alarm event overwrites the oldest entry in FIFO fashion after the table becomes full.

Appendix XX: BASAPM and LMAP Theory of Operation

Broadband Access Service Attributes and Performance Metrics (BASAPM) and Large-Scale Measurement of Broadband Performance (LMAP) data model components are derived from TR-304 [66] and the IETF LMAP information model [55], respectively.

XX.1 TR-069 Family of Specifications in the Context of TR-304

This section describes possible deployment scenarios where the CWMP and IPDR protocols are used for the respective TR-304 protocols.

XX.1.1 TR-304 and IETF LMAP Frameworks

The IETF (LMAP) and BBF (TR-304) use a similar framework for diagnostics where each framework consists of a Measurement Controller, Data Collector and Measurement Agent. While there are differences between TR-304 and LMAP elements in various deployment scenarios, in residential scenarios the behavior of Measurement Agent in the home is consistent between the IETF LMAP and BBF TR-304 frameworks.

XX.1.1.1 TR-304 Framework

The TR-304 framework consists of a Management Server that is used to manage and configure the Measurement Agent. This would also include receiving logging and status information as well as the capability to schedule the Measurement Agent for tests. The TR-304 framework also has a Measurement Controller with the responsibility to schedule the Measurement Agent for tests to be performed provide test admin control. TR-304 framework also has multiple channels where a Measurement Agent can send reports to the different Data Collectors.

Figure 67: TR-304 Framework

XX.1.1.2 IETF LMAP Framework

The IETF LMAP framework, like the BBF TR-304 framework, consists of a Management Server that is used to pre-configure the Measurement Agent. Note that this also could be done at the manufacturing stage of the device. The LMAP framework also has a Measurement Controller with the responsibility to configure the Measurement Agent for tests to be performed; provide instructions about the test and receive status and logging information the Measurement agents. In the IETF LMAP framework these functions are treated as individual channels that can be assigned to different Measurement Controllers. Likewise the Reporting interface also has multiple channels where a Measurement Agent can send reports to the different Data Collectors.

Figure 68: LMAP Framework

XX.1.2 CWMP for Pre-configuration

In the IETF LMAP and TR-304 frameworks, CWMP can be used to pre-configure the Measurement Agent; where the Controller and Data Collector could use other protocols (e.g., IETF LMAP protocol).

Figure 69: CWMP for Pre-configuration

Note that in the TR-304 framework the Status and Logging functions have not been explicitly identified as capabilities of the Controller.

XX.1.3 CWMP for Control and Pre-configuration, IPDR for Reporting

In the IETF LMAP and TR-304 frameworks, CWMP can be used to pre-configure the Measurement Agent and manage/schedule the tests. Likewise the IPDR protocol can be used to report the test results. In this scenario, the ACS would act as the Management Server and Measurement Controller. This scenario would place a constraint on the IETF LMAP framework in that there would be allowed only 1 Measurement Controller per Measurement Agent. See Bulk Data Collection in the Context of LMAP for additional information on use of the BulkData.Profile object in the context of LMAP.

Figure 70: CWMP for Control and Pre-configuration, IPDR for Reporting

XX.1.4 CWMP as a Proxier, IPDR for Reporting

In scenarios where Measurement Agent does not have connectivity with the Measurement Controller, CWMP can be used to act as a proxy between the Measurement Controller and Measurement Agent. In this scenario, if the CWMP Proxy is an Embedded Device then both Measurement Agents are associated with the same ACS. If the Measurement Agents need to be associated with different Measurement Controllers then the CWMP Virtual Device mechanism is to be used.

Figure 71: CWMP Proxy Device Deployment

XX.1.5 Multi-ACS Deployment

In the IETF LMAP framework, the Measurement Agent could interact with different elements that implement the functionality of the Management Server and Measurement Controller. In addition, the IETF LMAP framework also permits the functionality of the Measurement Controller to be implemented in multiple elements.

For a CWMP framework, this would require a different CWMP Agent for each application. As such this type of scenario is not realistically supported by CWMP.

Figure 72: CWMP Multi-ACS Deployment

XX.2 Derivation of Data Model Elements

XX.2.1 Device.BASAPM

Device.BASAPM provides a TR-304 [66] wrapper for a Device.LMAP. MeasurementAgent instance. Device.BASAPM provides parameters related to the operational domain, device ownership, device identification, geographic location, and measurement reference point of a referenced Device.LMAP.MeasurementAgent instance.

XX.2.2 Device.LMAP.MeasurementAgent

The Device.LMAP objects and parameters are mostly described in the IETF LMAP information model [55]. That document serves as the primary vehicle for describing theory of operations for Device.LMAP.MeasurementAgent.

The base Device.LMAP.MeasurementAgent.{i} object contains parameters defined in LMAP information model ma-config-obj, ma-status-obj, and ma-capability-obj. The ma-preconfig-obj parameters are not modeled in Device:2 data model , because there is no need for pre-configuration values in a CWMP/USP-managed Measurement Agent. The information model parameters map to Device:2 data model parameters as shown in Table 15:

Table 15: Mapping LMAP Information Model Parameters to Data Model Parameters
IETF LMAP Information Model
Parameter		 Device:2 data model parameter
(in Device.LMAP.MeasurementAgent.{i})
ma-config-agent-id Identifier
ma-config-credentials PublicCredential, PrivateCredential
ma-config-group-id GroupIdentifier
ma-config-measurement-point MeasurementPoint
ma-config-report-agent-id UseAgentIdentifierInReports
ma-config-report-group-id UseGroupIdentifierInReports
ma-config-report-measurement-point UseMeasurementPointInReports
ma-config-controller-timeout Controller. ControllerTimeout
ma-status-last-started LastStarted
ma-capability-hardware not included in Device.LMAP because it duplicates Device.DeviceInfo.HardwareVersion
ma-capability-firmware not included in Device.LMAP because it duplicates Device.DeviceInfo.SoftwareVersion
ma-capability-version Version
ma-capability-tags CapabilityTags

All of the other IETF LMAP information model parameters can be readily mapped to objects and parameters in Device.LMAP.MeasurementAgent.{i}.

XX.3 Bulk Data Collection in the Context of LMAP

The TR-069 family of specifications has defined protocols that can be used for the collection of bulk data between a CWMP Agent and an ACS. These protocols are defined for IPDR [65] and HTTP [58]. The Device:2 data model described in Derivation of Data Model Elements includes the ability to use these protocols for transferring test results between a Measurement Agent and a Data Collector.

When integrating the test results of the Device:2 data model (i.e., LMAP.Report object instance) into the bulk data objects and parameters provided by the Device:2 data model, the LMAP.Report object instance becomes the referenced parameter of the Bulk Data Profile (BulkData.Profile object instance). In addition, there is a linkage needed within the LMAP data model to identify the BulkData.Profile object instance. This is done through the reference of the BulkData.Profile object instance from the LMAP data model’s Communication Channel for a Scheduled Action.

Figure 73: Integration of Bulk Data Profiles with LMAP

XX.4 TR-143 Diagnostics in LMAP

TR-143 [62] describes a set of tests that can be used within the context of TR-304 based on the IETF LMAP framework [50] and Information Model [55] and implemented using the Device:2 data model in Derivation of Data Model Elements. These tests could be defined using the following procedure:

  1. The TR-143 diagnostic needs to be identified as a URI in the registry entry (Device.LMAP.MeasurementAgent.{i}.TaskCapability.{i}.Registry.{i}.RegistryEntry):
    • The URI is in the form of: urn:bbf:lmap:<BBF TR>:<DiagnosticProfileName>
    • For example a TR-143 upload diagnostic could be: “urn:bbf:lmap:tr-181-2-11-0:UploadDiagnostics-1”
  2. The TR-143 diagnostic’s parameters and objects that are modifiable by the Controller/Measurement Controller are encoded in the Device.LMAP.MeasurementAgent.{i}.Task.{i}.Option.{i}. or Device.LMAP.MeasurementAgent.{i}.Schedule.{i}.Action.{i}.Option.{i} objects.
    • For example: Device.IP.Diagnostics.UploadDiagnostics.DiagnosticsState=requested
  3. The TR-143 diagnostic’s parameters and objects that are read-only are encoded in the Device.LMAP.Report.{i}.Task.{i}.Result.{i}.Values where each parameter name is encoded in the Device.LMAP.Report.{i}.Task.{i}.ColumnLabels parameter.
    • For example:
      ColumnLabels:
      Device.IP.Diagnostics.UploadDiagnostics.PerConnectionResult.{1}.TotalBytesSent
    • Value: 30

These fully qualified names could be shortened or even specified as a different name based on the specification behind the RegistryEntry URN.

Appendix XXI: 5G Theory of Operation

This section discusses the Theory of Operation for 5G Wireline Wireless Convergence using CWMP or USP and the supporting Device.WWC, Device.PDU and Device.FWE objects.

XXI.1 Overview

A 5G-RG brings with it a completely different way of operation. This is a direct consequence of features such as:

The above features are supported by the TR-181 data model using new data model elements comprising:

XXI.2 Architecture

The 5G converged core represents a significant departure from the TR-101 [59] based architecture currently used to support residential gateway access. Most noteworthy is the alignment with 3GPP architectural principles. It is important to understand the two deployment scenarios for the 5G core—Integration and Interworking.

Integration – All wireline traffic transits the AGF (Access Gateway Function) before entering the 3GPP-defined 5G core. Both 5G-RGs and FN-RGs may use the AGF natively. In the case of a 5G-RG, the AGF will support 5G NAS and PDU (multiple IP sessions) transport. Whilst a FN-RG is limited to TR-101 and the NAS and PDU (single IP session) is emulated by the AGF on behalf of the FN-RG, RGs may use wireline, wireless or both access networks. However, in the case of multiple access networks, all must use 5G NAS + PDU if ATSSS is to be supported.

Interworking – All wireline traffic uses the current TR-101-based solutions (BNG + AAA). The FMIF emulates all the TR-101 control plane functions needed by the BNG and converts to 5G NAS. Current thinking is that user plane traffic will continue to be handled by the BNG. Note: A 5G-RG reverts to FN-RG mode when connected to a BNG. The interworking scenario is based around a standard FN-RG and has zero impact on the TR-181 data model

In the diagram below the elements in green, namely 5G-RG, AGF and FMIF, are BBF-defined.

Figure 74: 5G Converged Core Network

The complete 5G architecture is documented in the 3GPP 23.501 [1] standard. BBF has produced TR-470 [68] documenting the Wireline Wireless Convergence architecture. Shown below is a simplified architecture with the network functions and interfaces relevant to supporting a 5G-RG.

Figure 75: 5G Architecture

XXI.2.1 Network Functions

Network Function Plane Description
W-5GAN: Wireline
5G Access Network		 Both Functionally equivalent to a 3GPP RAN. It incorporates both an AGF and one or more TR-101-based access networks. These networks may be owned by the service provider or provided by a third party.
AUSF: Authentication Server Function Control Support the AMF authentication function by making the actual authentication decisions.
AMF: Access and
Mobility Management Function		 Control Can be considered to be the entry point to the control plane. From the perspective of a 5G-RG, the AMF processes all N1 traffic and thus is the frontend for authentication and the establishment of PDU sessions.
NSSF: Network
Slice Selection Function		 Control Selects the network slice instance servicing the 5G-RG. The AGF will use the NSSF to choose an AMF at the time of registration.
PCF: Policy
Control Function		 Control Responsible for control plane policy rules. In particular, supports the AMF to provide policy rules as part of registration.
SMF: Session
Management Function		 Control The SMF acts as a controller for the UPF. Major responsibilities include DHCP (server or relay), QoS handling and user plane policy enforcement (downstream traffic shaping).
UDM: Unified Data
Management		 Control Responsible for subscription data used by other network functions to authenticate and provide subscription-based policy.
UPF: User Plane
Function		 User Provides the packet routing and forwarding to the data network. Other necessary functions include usage, QoS management, user plane policy and being the anchor point for multipath traffic.

XXI.3 Concepts

XXI.3.1 Control User Plane Separation (CUPS)

CUPS is integral to the entire 5G architecture. It starts with the segregation of control and user plane traffic at the 5G-RG and continues through to the physical separation of control and user plane network functions. The main driver for separation is to centralize control plane functions whilst distributing user plane functions deeper into the network. CUPS is documented in TR-470 Section 5.2 [68] whilst TS 23.501 [1] details the architectural elements. From the perspective of a 5G-RG, CUPS has the following impacts:

XXI.3.2 Policy

One of the new design principles brought by 5G to the residential gateway is that of policy. Previous generations of mobile devices have been users of policy but 5G takes it to a new level. Policy and the role of the PCF are documented in TS 23.503 [2].

So, what is policy?
The simplest way to think of policy is as a set of per-service rules sent to the 5G-RG by the network operator. This allows the operator to dynamically control how a 5G-RG connects to a 5G network in terms of network slices, data networks and QoS with application level granularity.

How is it delivered?
Policy is managed by the Policy Control Function (PCF), which provides policy in two distinct phases. At the time of registration, a routing policy table (URSP) is provided upon successful authentication. When a PDU session is created, URSP provides the necessary network slice and data network information. The second phase of policy is learnt upon successful PDU creation, where a set of QoS rules is provided.

XXI.3.3 Multiple PDU sessions

One of the more significant features of a 5G-RG is the support of multiple PDU sessions. Each PDU can be considered to be a virtual circuit between a 5G-RG and a UPF instance. A PDU instance can be assigned IP addresses, QoS rules and even guaranteed bit rates. This leads to applications requiring:

TR-470 Section 6.2 [68] provides examples of multiple PDU scenarios for a 5G-RG.

XXI.3.4 5G QoS

Unlike the more familiar QoS markings such as DSCP or Ethernet priority, 5G QoS marking is merely a label called a QoS Flow Indicator (QFI). End-to-end QoS as documented in TR-470 Section 5.1 [68] is a key outcome of policy. As part of PDU establishment, a set of QoS rules is supplied specific to that PDU. Consequently, the access network specifies not only the supported QFI labels but also the properties of the QoS profile. A QoS profile consists of the following properties:

XXI.3.5 Data Network Name (DNN)

One of the benefits of multiple PDU sessions is the ability to have preferred data paths within the network. A 5G core achieves this using DNNs mapped to dedicated UPFs. A DNN is always specified when establishing a PDU and the 5G-RG learns the preferred DNN through URSP policy.

XXI.3.6 Multiple Access Networks

Whilst FN-RGs are perfectly capable of supporting multiple access networks, each access network operates independently with separate IP addresses and an inability to seamlessly switch traffic between them. A 5G-RG can modify a PDU and switch traffic to another supported access network and maintain all the PDU properties including IP addresses. An operator can optimize its network usage by sending policy rules to a 5G-RG, indicating the preferred access and data networks. TR-470 Section 4.4 [68] provides a more in-depth description of hybrid access.

XXI.3.7 Network Slicing

An operator may choose to partition their network infrastructure for the purposes of resiliency or merely to optimize for a particular function such as IoT. Each instance of the partitioned network is called a network slice. Operators will provide slice information as part of URSP policy rules. Every PDU at the time of establishment must specify a network slice. Slicing is further documented in TS 23.501 Clause 5.15 [1].

XXI.4 Data Model Elements

XXI.4.1 Interface Stack

User plane traffic on a 5G-RG is carried as part of a PDU session carrying L3 traffic (usually IPv4 or IPv6). Whilst cellular networks have native methods for separating PDU traffic, fixed access networks do not. Operators have a choice of two multiplexing strategies, both of which require co-ordination between the 5G-RG and AGF:

The OSI layer model (see Figure 10) now has 5WE (Device.FWE.Link in the model) at ‘L2---’ and the previous ‘L2--’ pushed down to ‘L2---’.

XXI.4.1.1 Scenario #1 - Fixed access network only

This example shows two PDU sessions using a VDSL access network. As this is a fixed service, the 5WE protocol is used to multiplex the PDU traffic over the VDSL service. NAS traffic is separate from the PDU traffic and is carried as PPPoE over the VDSL service. All LAN traffic remains unchanged on a 5G-RG.

Figure 76: Fixed access only example

XXI.4.1.2 Scenario #2 - Cellular access network only

This example shows two PDU sessions using a cellular access network. In this case the 5G-RG does not to need to multiplex the PDU traffic as the cellular module handles that internally. NAS traffic does not appear in this diagram as the requests are made directly to the cellular module. Depending on the cellular module, each PDU may need to be carried over a VLAN (this has been omitted for the moment). All LAN traffic remains unchanged on a 5G-RG.

Figure 77: Cellular access only example

XXI.4.1.3 Scenario #3 - Hybrid (Fixed and Cellular) access

This example shows two PDU sessions using both VDSL and cellular access networks. Either access network is capable for carrying either PDU or both. A PDU in this situation can only be carried on a single access network at a time. Fixed traffic is multiplexed using 5WE (even if only one PDU is present) whilst PDU traffic to the cellular network is multiplexed by the cellular module. NAS traffic using the PPP interface is for the fixed component only as cellular requests are made directly to the cellular module. Depending on the cellular module, each PDU may need to be carried over a VLAN (this has been omitted for the moment). All LAN traffic remains unchanged on a 5G-RG.

Figure 78: Hybrid access example

XXI.4.2 Data Model

XXI.4.2.1 Device.WWC

The relationship between a 5G-RG and the available access networks is represented by the Device.WWC object tree. All objects are read only and are intended for service assurance purposes.

Table 16: Device.WWC objects
Object Description
Device.WWC Base object for Wireline Wireless Convergence. The controller can use this object to learn the supported 5G features and whether the 5G-RG is operating in 5G mode
Device.WWC.AccessNetwork Each table entry describes a single access network. The entire table is built by the 5G-RG upon startup. The primary purpose is to show the registration and connectivity status of each access network. Typically, a 5G-RG would register on each available access network. A minimum of one access network must be in the CM-CONNECTED state in order to support N1 messaging
Device.WWC.AccessNetwork.GUTI A 5G Globally Unique Temporary Identity (GUTI) securely identifies an CPE by keeping the permanent User Equipment (UE identifier (IMSI) hidden. This identity is globally unique and assigned by the AMF at the time of registration.
Device.WWC.URSP User equipment Route Selection Policy (URSP) is a table of rules used to determine which network slice and data network to route a PDU over. Typically, a 5G-RG would search the URSP table in precedence order matching the traffic descriptor types against the service it was setting up. For example, a 5G-RG would search for ‘connection capabilities’ matching ‘ims’ in order to establish a dedicated PDU session for telephony
Device.WWC.URSP.{i}.TrafficDescriptor A set of rules for a given precedence that must be matched in order to select a router in the form of data network and slice. Selection criteria range from destination IP addresses to connection capabilities
Device.WWC.URSP.{i}.TrafficDescriptor.{i}.RouteSelectionDescriptor Provides a table of data networks and network slices used in PDU establishment. Table entries are used in precedence order until a successful PDU session is established. See TS 23.503 Annex A [2] for an example URSP rule traversal
Device.WWC.URSP.{i}.TrafficDescriptor.{i}.RouteSelectionDescriptor.{i}.NetworkSlice Describes all the components of a Single-Network Slice Selection Assistance Information (S-NSSAI). A S-NSSAI identifies the network slice a PDU session will be established on
Figure 79: Device.WWC objects

XXI.4.2.2 Device.PDU

The logical connection between the 5G-RG and data network is the Protocol Data Unit (PDU). The Device.PDU subtree describes each PDU session’s properties together with the QoS rules specific to that PDU session.

Table 17: Device.PDU objects
Object Description
Device.PDU Base object for PDU sessions.
Device.PDU.Session.{i} Contains all the properties of a PDU session instance, ranging from maximum bitrate through to assigned network slice.
Device.PDU.Session.{i}.PCO Policy Configuration Options (PCO) is an optional set of configuration parameters supplied by the network at the request of the 5G-RG.
Device.PDU.Session.{i}.NetworkSlice Describes all the components of a Single -Network Slice Selection Assistance Information (S-NSSAI). The S-NSSAI identifies the network slice a PDU session has been established on.
Device.PDU.Session.{i}.QoSFlow.{i} Table of all QoS Flow Indicators (QFI) and their properties supported by the access network for this particular PDU.
Device.PDU.Session.{i}.QoSRule.{i} Set of rules used to select the QFI label for a given packet.
Device.PDU.Session.{i}.QoSRule.{i}.QoSRuleFilter.{i} Table of filters to select a QoS rule. Typical filters include destination IP and ports.
Figure 80: Device.PDU objects

XXI.4.2.3 Device.FWE

5G Wireless Wireline Convergence User Plane Encapsulation [56] is used to separate each PDU session when multiplexed over a PHY. A Device.FWE.Link object is inserted into the interface stack, providing PDU session id as well as 5G QoS markings (QFI, RQI). This is also the level at which fixed QoS rules are applied in order to traverse access networks that do not natively support 5G QoS (QFI) markings. An instance of this object will be created by a 5G-RG whenever a PDU is established.

Table 18: Device.FWE objects
Object Description
Device.FWE Base object for 5WE.
Device.FWE.Link.{i} 5WE link layer table describing the link layer supporting the 5WE protocol.
Device.FWE.Link.{i}.Stats Throughput statistics for this link layer
Figure 81: Device.FWE objects

XXI.4.3 Examples

Each example shows a 5G-RG with two PDU sessions. The first is for general purpose internet traffic and the second for IMS VoIP. Each PDU session has a default QoS rule matching the intended use. The general internet PDU also has rule to mark VoWiFi traffic with the same QFI as IMS traffic.

XXI.4.3.1 Scenario #1 - Fixed access network only 

Device.WWC.
    Capabilities = "FN-RG,5G-RG,W-5GAN"
    Mode = "5G-RG"
    Status = "5G-RG"
    AccessNetworkNumberOfEntries = 1
    URSPNumberOfEntries = 2
Device.WWC.AccessNetwork.1.
    Alias = "cpe-fixed"
    Name = "fixed"
    Interface = Device.Ethernet.5
    RegistrationStatus = "RM-REGISTERED"
    ConnectionStatus = "CM_CONNECTED"
    AccessNetworkType = "W-5GAN"
Device.WWC.AccessNetwork.1.GUTI
    PLMN = 50501
    AMFid = 65601
    TMSI = 60340039
Device.WWC.URSP.1.          # Default traffic rule
    Alias = "cpe-ursp1"
    Precedence = 100
    TrafficDescriptorNumberOfEntries = 1
Device.WWC.URSP.1.TrafficDescriptor.1.
    Alias = "cpe-ursp11"
    Type = 1                # Match all traffic
    Value = ""
    RouteSelectionDescriptorNumberOfEntries = 1
Device.WWC.URSP.1.TrafficDescriptor.1.RouteSelectionDescriptor.1.
    Alias = "cpe-ursp111"
    Precedence = 100
    SSC = 1
    DNN = "provider.internet"
    PDUSessionType = "IPv4v6"
    AccessType = "Non-3GPP access"
Device.WWC.URSP.1.TrafficDescriptor.1.RouteSelectionDescriptor.1.NetworkSlice
    SliceServiceType = "eMBB"
Device.WWC.URSP.2.           # VoUP traffic rule
    Alias = "cpe-ursp2"
    Precedence = 10
    TrafficDescriptorNumberOfEntries = 1
Device.WWC.URSP.2.TrafficDescriptor.1.
    Alias = "cpe-ursp21"
    Type = 144               # Connection Capability Type
    Value = "1"              # IMS
    RouteSelectionDescriptorNumberOfEntries = 1
Device.WWC.URSP.2.TrafficDescriptor.1.RouteSelectionDescriptor.1.
    Alias = "cpe-ursp211"
    Precedence = 100
    SSC = 1
    DNN = "provider.ims"
    PDUSessionType = "IPv6"
    AccessType = "Non-3GPP access"
Device.WWC.URSP.2.TrafficDescriptor.1.RouteSelectionDescriptor.1.NetworkSlice
    SliceServiceType = "eMBB"
Device.PDU.
    SessionNumberOfEntries = 2
Device.PDU.Session.1.
    Alias = "cpe-pdu1"
    Interface = Device.IP.Interface.1
    SessionId = 1
    PTI = 63
    SSC = 1
    SessionAMBRDownlink = 100000000
    SessionAMBRUplink = 40000000
    DNN = "provider.internet"
    QoSRuleNumberOfEntries = 2
    QoSFlowNumberOfEntries = 2
Device.PDU.Session.1.PCO
    IPv6DNS = "2001:db8::1,2001:db8::2"
IPv4DNS = "203.0.113.1,203.0.113.2"
Device.PDU.Session.1.NetworkSlice
    SliceServiceType = "eMBB"
    SliceDifferentiator = 4
Device.PDU.Session.1.QoSRule.1.
    Alias = "cpe-pdu11"
    Identifier = 1
    Precedence = 100
    Segregation = false
    QFI = 1
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.1.QoSRule.1.Filter.1.
    Alias = "cpe-pdu111"
    Direction = "bidirectional"
    Type = 1                  # Match all
Device.PDU.Session.1.QoSRule.2.
    Alias = "cpe-pdu12"
    Identifier = 2
    Precedence = 10
    Segregation = false
    QFI = 32
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.1.QoSRule.2.Filter.1.
    Alias = "cpe-pdu121"
    Direction = "bidirectional"
    Type = 33                  # Destination IPv6
    Value = "2001:db8::2:1"    # VoWiFi ePDG
Device.PDU.Session.1.QoSFlow.1.
    Alias = "cpe-pdu11"
    QFI = 1
    FiveQI = 8
Device.PDU.Session.1.QoSFlow.2.
    Alias = "cpe-pdu11"
    QFI = 32
    FiveQI = 1
    GFBRUplink = 150000
    GFBRDownlink = 150000
Device.PDU.Session.2.
    Alias = "cpe-pdu2"
    Interface = Device.IP.Interface.2
    SessionId = 6
    PTI = 34
    SSC = 1
    SessionAMBRDownlink = 150000
    SessionAMBRUplink = 150000
    DNN = "provider.ims"
    QoSRuleNumberOfEntries = 2
    QoSFlowNumberOfEntries = 1
Device.PDU.Session.2.PCO
    IPv6PCSCF = "2001:db8::1:1"
    IPv6DNS = "2001:db8::1,2001:db8::2"
    IPv4DNS = "203.0.113.1,203.0.113.2"
    IPv4PCSCF = "203.0.113.100"
Device.PDU.Session.2.NetworkSlice
    SliceServiceType = "eMBB"
    SliceDifferentiator = 4
Device.PDU.Session.2.QoSRule.1.
    Alias = "cpe-pdu21"
    Identifier = 1
    Precedence = 100
    Segregation = false
    QFI = 32
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.2.QoSRule.1.Filter.1.
    Alias = "cpe-pdu211"
    Direction = "bidirectional"
    Type = 1            # Match all
Device.PDU.Session.2.QoSFlow.1.
    Alias = "cpe-pdu21"
    QFI = 32
    FiveQI = 1
    GFBRUplink = 150000
    GFBRDownlink = 150000
Device.FWE.
    LinkNumberOfEntries
Device.FWE.Link.1.
    Alias = "cpe-fwe1"
    Name = "cpe-fwe1"
    Status = "Up"
    LowerLayers = "Device.Ethernet.5"
Device.FWE.Link,1,Stats
    BytesSent = 478945789
    BytesReceived = 589545478

XXI.4.3.2 Scenario #2 - Cellular access network only 

Device.WWC.
    Capabilities = "FN-RG,5G-RG,NG-RAN,E-UTRAN"
    Mode = "5G-RG"
    Status = "5G-RG"
    AccessNetworkNumberOfEntries = 1
    URSPNumberOfEntries = 2
Device.WWC.AccessNetwork.1.
    Alias = "cpe-cellular"
    Name = "cellular"
    Interface = Device.Cellular.Interface.1
    RegistrationStatus = "RM-REGISTERED"
    ConnectionStatus = "CM_CONNECTED"
    AccessNetworkType = "NG-RAN"
Device.WWC.AccessNetwork.1.GUTI
    PLMN = 50501
    AMFid = 131137
    TMSI = 54678959
Device.WWC.URSP.1.             # Default traffic rule
    Alias = "cpe-ursp1"
    Precedence = 100
    TrafficDescriptorNumberOfEntries = 1
Device.WWC.URSP.1.TrafficDescriptor.1.
    Alias = "cpe-ursp11"
    Type = 1                   # Match all traffic
    Value = ""
    RouteSelectionDescriptorNumberOfEntries = 1
Device.WWC.URSP.1.TrafficDescriptor.1.RouteSelectionDescriptor.1.
    Alias = "cpe-ursp111"
    Precedence = 100
    SSC = 1
    DNN = "provider.internet"
    PDUSessionType = "IPv4v6"
    AccessType = "3GPP access"
Device.WWC.URSP.1.TrafficDescriptor.1.RouteSelectionDescriptor.1.NetworkSlice
    SliceServiceType = "eMBB"
Device.WWC.URSP.2.             # VoUP traffic rule
    Alias = "cpe-ursp2"
    Precedence = 10
    TrafficDescriptorNumberOfEntries = 1
Device.WWC.URSP.2.TrafficDescriptor.1.
    Alias = "cpe-ursp21"
    Type = 144                 # Connection Capability Type
    Value = "1"                # IMS
    RouteSelectionDescriptorNumberOfEntries = 1
Device.WWC.URSP.2.TrafficDescriptor.1.RouteSelectionDescriptor.1.
    Alias = "cpe-ursp211"
    Precedence = 100
    SSC = 1
    DNN = "provider.ims"
    PDUSessionType = "IPv6"
    AccessType = "3GPP access"
Device.WWC.URSP.2.TrafficDescriptor.1.RouteSelectionDescriptor.1.NetworkSlice
    SliceServiceType = "eMBB"
Device.PDU.
    SessionNumberOfEntries = 2
Device.PDU.Session.1.
    Alias = "cpe-pdu1"
    Interface = Device.IP.Interface.1
    SessionId = 1
    PTI = 63
    SSC = 1
    SessionAMBRDownlink = 100000000
    SessionAMBRUplink = 40000000
    DNN = "provider.internet"
    QoSRuleNumberOfEntries = 2
    QoSFlowNumberOfEntries = 2
Device.PDU.Session.1.PCO
    IPv6DNS = "2001:db8::1,2001:db8::2"
    IPv4DNS = "203.0.113.1,203.0.113.2"
Device.PDU.Session.1.NetworkSlice
    SliceServiceType = "eMBB"
    SliceDifferentiator = 4
Device.PDU.Session.1.QoSRule.1.
    Alias = "cpe-pdu11"
    Identifier = 1
    Precedence = 100
    Segregation = false
    QFI = 1
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.1.QoSRule.1.Filter.1.
    Alias = "cpe-pdu111"
    Direction = "bidirectional"
    Type = 1                   # Match all
Device.PDU.Session.1.QoSRule.2.
    Alias = "cpe-pdu12"
    Identifier = 2
    Precedence = 10
    Segregation = false
    QFI = 32
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.1.QoSRule.2.Filter.1.
    Alias = "cpe-pdu121"
    Direction = "bidirectional"
    Type = 33                  # Destination IPv6
    Value = "2001:db8::2:1"    # VoWiFi ePDG
Device.PDU.Session.1.QoSFlow.1.
    Alias = "cpe-pdu11"
    QFI = 1
    FiveQI = 8
Device.PDU.Session.1.QoSFlow.2.
    Alias = "cpe-pdu11"
    QFI = 32
    FiveQI = 1
    GFBRUplink = 150000
    GFBRDownlink = 150000
Device.PDU.Session.2.
    Alias = "cpe-pdu2"
    Interface = Device.IP.Interface.2
    SessionId = 6
    PTI = 34
    SSC = 1
    SessionAMBRDownlink = 150000
    SessionAMBRUplink = 150000
    DNN = "provider.ims"
    QoSRuleNumberOfEntries = 2
    QoSFlowNumberOfEntries = 1
Device.PDU.Session.2.PCO
    IPv6PCSCF = "2001:db8::1:1"
    IPv6DNS = "2001:db8::1,2001:db8::2"
    IPv4DNS = "203.0.113.1,203.0.113.2"
    IPv4PCSCF = "203.0.113.100"
Device.PDU.Session.2.NetworkSlice
    SliceServiceType = "eMBB"
    SliceDifferentiator = 4
Device.PDU.Session.2.QoSRule.1.
    Alias = "cpe-pdu21"
    Identifier = 1
    Precedence = 100
    Segregation = false
    QFI = 32
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.2.QoSRule.1.Filter.1.
    Alias = "cpe-pdu211"
    Direction = "bidirectional"
    Type = 1            # Match all
Device.PDU.Session.2.QoSFlow.1.
    Alias = "cpe-pdu21"
    QFI = 32
    FiveQI = 1
    GFBRUplink = 150000
    GFBRDownlink = 150000

XXI.4.3.3 Scenario #3 - Hybrid (Fixed and Cellular) access 

Device.WWC.
    Capabilities = "FN-RG,5G-RG,W-5GAN"
    Mode = "5G-RG"
    Status = "5G-RG"
    AccessNetworkNumberOfEntries = 2
    URSPNumberOfEntries = 2
Device.WWC.AccessNetwork.1.
    Alias = "cpe-fixed"
    Name = "fixed"
    Interface = Device.Ethernet.5
    RegistrationStatus = "RM-REGISTERED"
    ConnectionStatus = "CM_CONNECTED"
    AccessNetworkType = "W-5GAN"
Device.WWC.AccessNetwork.1.GUTI
    PLMN = 50501
    AMFid = 65601
    TMSI = 60340039
Device.WWC.AccessNetwork.2.
    Alias = "cpe-cellular"
    Name = "cellular"
    Interface = Device.Cellular.Interface.1
    RegistrationStatus = "RM-REGISTERED"
    ConnectionStatus = "CM_CONNECTED"
    AccessNetworkType = "NG-RAN"
Device.WWC.AccessNetwork.2.GUTI
    PLMN = 50501
    AMFid = 131137
    TMSI = 54678959
Device.WWC.URSP.1.             # Default traffic rule
    Alias = "cpe-ursp1"
    Precedence = 100
    TrafficDescriptorNumberOfEntries = 1
Device.WWC.URSP.1.TrafficDescriptor.1.
    Alias = "cpe-ursp11"
    Type = 1                   # Match all traffic
    Value = ""
    RouteSelectionDescriptorNumberOfEntries = 1
Device.WWC.URSP.1.TrafficDescriptor.1.RouteSelectionDescriptor.1.
    Alias = "cpe-ursp111"
    Precedence = 100
    SSC = 1
    DNN = "provider.internet"
    PDUSessionType = "IPv4v6"
    AccessType = "Non-3GPP access"
Device.WWC.URSP.1.TrafficDescriptor.1.RouteSelectionDescriptor.1.NetworkSlice
    SliceServiceType = "eMBB"
Device.WWC.URSP.2.             # VoUP traffic rule
    Alias = "cpe-ursp2"
    Precedence = 10
    TrafficDescriptorNumberOfEntries = 1
Device.WWC.URSP.2.TrafficDescriptor.1.
    Alias = "cpe-ursp21"
    Type = 144                 # Connection Capability Type
    Value = "1"                # IMS
    RouteSelectionDescriptorNumberOfEntries = 1
Device.WWC.URSP.2.TrafficDescriptor.1.RouteSelectionDescriptor.1.
    Alias = "cpe-ursp211"
    Precedence = 100
    SSC = 1
    DNN = "provider.ims"
    PDUSessionType = "IPv6"
    AccessType = "Non-3GPP access"
Device.WWC.URSP.2.TrafficDescriptor.1.RouteSelectionDescriptor.1.NetworkSlice
    SliceServiceType = "eMBB"
Device.PDU.
    SessionNumberOfEntries = 2
Device.PDU.Session.1.
    Alias = "cpe-pdu1"
    Interface = Device.IP.Interface.1
    SessionId = 1
    PTI = 63
    SSC = 1
    SessionAMBRDownlink = 100000000
    SessionAMBRUplink = 40000000
    DNN = "provider.internet"
    QoSRuleNumberOfEntries = 2
    QoSFlowNumberOfEntries = 2
Device.PDU.Session.1.PCO
    IPv6DNS = "2001:db8::1,2001:db8::2"
    IPv4DNS = "203.0.113.1,203.0.113.2"
Device.PDU.Session.1.NetworkSlice
    SliceServiceType = "eMBB"
    SliceDifferentiator = 4
Device.PDU.Session.1.QoSRule.1.
    Alias = "cpe-pdu11"
    Identifier = 1
    Precedence = 100
    Segregation = false
    QFI = 1
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.1.QoSRule.1.Filter.1.
    Alias = "cpe-pdu111"
    Direction = "bidirectional"
    Type = 1                   # Match all
Device.PDU.Session.1.QoSRule.2.
    Alias = "cpe-pdu12"
    Identifier = 2
    Precedence = 10
    Segregation = false
    QFI = 32
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.1.QoSRule.2.Filter.1.
    Alias = "cpe-pdu121"
    Direction = "bidirectional"
    Type = 33                  # Destination IPv6
    Value = "2001:db8::2:1"    # VoWiFi ePDG
Device.PDU.Session.1.QoSFlow.1.
    Alias = "cpe-pdu11"
    QFI = 1
    FiveQI = 8
Device.PDU.Session.1.QoSFlow.2.
    Alias = "cpe-pdu11"
    QFI = 32
    FiveQI = 1
    GFBRUplink = 150000
    GFBRDownlink = 150000
Device.PDU.Session.2.
    Alias = "cpe-pdu2"
    Interface = Device.IP.Interface.2
    SessionId = 6
    PTI = 34
    SSC = 1
    SessionAMBRDownlink = 150000
    SessionAMBRUplink = 150000
    DNN = "provider.ims"
    QoSRuleNumberOfEntries = 2
    QoSFlowNumberOfEntries = 1
Device.PDU.Session.2.PCO
    IPv6PCSCF = "2001:db8::1:1"
    IPv6DNS = "2001:db8::1,2001:db8::2"
    IPv4DNS = "203.0.113.1,203.0.113.2"
    IPv4PCSCF = "203.0.113.100"
Device.PDU.Session.2.NetworkSlice
    SliceServiceType = "eMBB"
    SliceDifferentiator = 4
Device.PDU.Session.2.QoSRule.1.
    Alias = "cpe-pdu21"
    Identifier = 1
    Precedence = 100
    Segregation = false
    QFI = 32
    DQR = true
    FilterNumberOfEntries = 1
Device.PDU.Session.2.QoSRule.1.Filter.1.
    Alias = "cpe-pdu211"
    Direction = "bidirectional"
    Type = 1            # Match all
Device.PDU.Session.2.QoSFlow.1.
    Alias = "cpe-pdu21"
    QFI = 32
    FiveQI = 1
    GFBRUplink = 150000
    GFBRDownlink = 150000
Device.FWE.
    LinkNumberOfEntries
Device.FWE.Link.1.
    Alias = "cpe-fwe1"
    Name = "cpe-fwe1"
    Status = "Up"
    LowerLayers = Device.Ethernet.5
Device.FWE.Link,1,Stats
    BytesSent = 478945789
    BytesReceived = 589545478

Appendix XXII: Data Elements Theory of Operations

This section discusses the Theory of Operation for representing the Wi-Fi Alliance (WFA) Data Elements (DE) data model [3] using the Device.WiFi.DataElements object. The WFA DE specification provides a data model that can be used to represent a single access point or a multi access point network.

XXII.1 Data Sources

The DataElements object may be populated by data from any of the following sources:

Whatever source is used to acquire the data, the data will be represented according to the DE specification [3].

XXII.2 Mapping new Data Elements objects and parameters

The YANG representation of WFA DE is considered the normative reference to use for mapping purposes.

For the initial mapping (included in Release 13), the names of YANG grouping nodes were used for the TR-181 object names, instead of the names of the lists and containers that used these groupings. This was done because the names of the groupings were consistent with TR-181 naming conventions and there was a one-to-one mapping of grouping to a list or a container. For subsequent mapping, the names of containers and lists will be used, and not groupings.

Data Elements objects and parameters will be added according to the following rules when WFA defines new nodes:

End of Broadband Forum Technical Report TR-181