MTA provisioning 的方式有三種:Secure、Hybrid、Basic
欲按怎控制 MTA 用佗一種方式 provisioning? CableLabs 設計的方法是利用 DHCP 來做。
DHCP option 122 內底有真濟項目會使設定,
佇 CM provisioning 的時陣,咱已經用著 122.1 來通知 MTA 將來愛按怎處理 DHCP, option 122 其他的項目就是用來控制 MTA provisioning 的方式。
Option 122 有3个一定愛用著的項目
- 122.1:Service Provider's Primary DHCP Server Address
- 122.3:Service Provider's Provisioning Entity Address
- 122.6:Kerberos Realm of SNMP Entity
122.1 進前已經講過啊,這个項目干焦 CM 有需要, MTA 的 DHCP 無需要。
122.3 就是 Provisioning Entity 的位置,一定愛用 FQDN 來表示。若是共這个項目設做 0.0.0.0,按呢就代表無欲予 MTA 繼續 provisioning。
這个時陣 MTA 應該愛關起來,無閣繼續行落去,愛等到 CM 重開機才有機會重新開始。
另外,Provisioning Entity 需要會使接收 SNMP traps。
122.6 Realm,咱需要用 FQDN 的格式共 realm name 設佇遮,若是 MTA 欲走 secure provisioning,伊愛利用這个數值送 DNS SRV 揣出 KDC 佇佗位。
這个就是咱用來控制 MTA provisioning 方式的項目,這个項目有下面幾種數值
BASIC.1、BASIC.2、HYBRID.1、HYBRID.2
若是 BASIC.1 抑是 BASIC.2 按呢 MTA 著行 basic provisioning;
若是 HYBRID.1 抑是 HYBRID.2 按呢 MTA 著行 basic provisioning。
其中 XXXX.1 佮 XXXX.2 的差別是 XXXX.2 provisioning 完成了後愛送 SNMP INFORM,XXXX.1 毋免。
除了頂面4種以外,MTA 著愛行 secure provisioning
下面的圖是完整的 provisioning flow,遮先簡單寫一下,後擺才共 3 種 provisioning 分開寫
participant CM MTA as A
participant PKT DHCP as E
participant PKT DNS as F
participant MSO KDC as G
participant Prov Server as H
participant PKT TFTP as I
participant SYSLOGP as J
Note over A,J: CM provisioning 完成了後,包佇 CM 內底的 MTA 才有法度送資料
A-E: MTA1: DHCP Broadcast Discover (Includes Option code 60 w/ MTA device identifier, Option code 43, & requests Option code 122)
E-A: MTA2: DHCP Offer (option code 122w/ name of provisioning realm)
A-E: MTA3: DHCP Request
E-A: MTA4: DHCP Ack
Note over A,J: 根據 option122,MTA 選擇 provisioning 的方式
Note over A,J: 若是 secure provisioning,愛先揣出 KDC 佇佗位
A-F: MTA5: DNS Request
F-A: MTA6: DNS Srv (KDC host name associated with the provisioning REALM)
A-F: MTA7: DNS Request
F-A: MTA8: DNS Response (KDC IP Address)
A-G: MTA9: AS Request
G-A: MTA10: AS Reply
A--G: MTA11: TGS Request
G--A: MTA12: TGS Reply
A-H: MTA13: AP Request (Key Mgmt Prot Vers. , Protocol ID, KRB_AP_REQ,, Ciphersuites, SHA-1 HMAC )
H-A: MTA14: AP Reply (KeyMgmtProtVers, Protocol ID, KRB_AP_REP, ciphersuite selected, key lifetime, Ack req , HMAC)
Note over A,J: 若是 secure provisioning,著需要頂懸遐的li-li-khok-khok 的程序
Note over A,J: secure/hybrid provisioning 愛用 snmp 參 Prov Server 交流才有法度知影 MTA config file 佇佗位
A-H: MTA15: SNMP Inform
H--A: MTA16: SNMP Get Request(s) for MTA device capabilities (optional/iterative)
A--H: MTA17: SNMP Get Response(s) containing MTA device capabilities (optional/iterative)
H-I: MTA18: MTA config file
H-A: MTA19: SNMP Set with URL encoded file download access method (TFTP or HTTP), filename, hash, and encryption key( if required)
A-F: MTA20: Resolve TFTP server FQDN
F-A: MTA21: TFTP server IP address
A-I: MTA22: Telephony config file request
I-A: MTA23: Telephony config file
A--J: MTA24: MTA send telephony service provider SYSLOG a notification of provisioning completed
A-H: MTA25: SNMP Notify completion of telephony provisioning (MTA MAC address, ESN, pass/fail)
participant PKT DHCP as E
participant PKT DNS as F
participant MSO KDC as G
participant Prov Server as H
participant PKT TFTP as I
participant SYSLOGP as J
Note over A,J: CM provisioning 完成了後,包佇 CM 內底的 MTA 才有法度送資料
A-E: MTA1: DHCP Broadcast Discover (Includes Option code 60 w/ MTA device identifier, Option code 43, & requests Option code 122)
E-A: MTA2: DHCP Offer (option code 122w/ name of provisioning realm)
A-E: MTA3: DHCP Request
E-A: MTA4: DHCP Ack
Note over A,J: 根據 option122,MTA 選擇 provisioning 的方式
Note over A,J: 若是 secure provisioning,愛先揣出 KDC 佇佗位
A-F: MTA5: DNS Request
F-A: MTA6: DNS Srv (KDC host name associated with the provisioning REALM)
A-F: MTA7: DNS Request
F-A: MTA8: DNS Response (KDC IP Address)
A-G: MTA9: AS Request
G-A: MTA10: AS Reply
A--G: MTA11: TGS Request
G--A: MTA12: TGS Reply
A-H: MTA13: AP Request (Key Mgmt Prot Vers. , Protocol ID, KRB_AP_REQ,, Ciphersuites, SHA-1 HMAC )
H-A: MTA14: AP Reply (KeyMgmtProtVers, Protocol ID, KRB_AP_REP, ciphersuite selected, key lifetime, Ack req , HMAC)
Note over A,J: 若是 secure provisioning,著需要頂懸遐的li-li-khok-khok 的程序
Note over A,J: secure/hybrid provisioning 愛用 snmp 參 Prov Server 交流才有法度知影 MTA config file 佇佗位
A-H: MTA15: SNMP Inform
H--A: MTA16: SNMP Get Request(s) for MTA device capabilities (optional/iterative)
A--H: MTA17: SNMP Get Response(s) containing MTA device capabilities (optional/iterative)
H-I: MTA18: MTA config file
H-A: MTA19: SNMP Set with URL encoded file download access method (TFTP or HTTP), filename, hash, and encryption key( if required)
A-F: MTA20: Resolve TFTP server FQDN
F-A: MTA21: TFTP server IP address
A-I: MTA22: Telephony config file request
I-A: MTA23: Telephony config file
A--J: MTA24: MTA send telephony service provider SYSLOG a notification of provisioning completed
A-H: MTA25: SNMP Notify completion of telephony provisioning (MTA MAC address, ESN, pass/fail)
沒有留言:
張貼留言