What is TR-069?
From the TR-069 Amendment 1 document:
A protocol for communication between Customer Premise Equipment (CPE) and
Auto-Configuration Server (ACS) that encompasses secure auto-configuration as well
as other CPE management functions within a common framework.
TR-069 CPE/ACS Interaction Model:
Figure 3 of DSL Forum’s TR-069 Amendment 1
Service Providers can, through TR-069, use one common platform to manage,
through the Internet, all of their Customer Premise Devices, no matter the device
nor the manufacturer.
This common application has never been achieved before due to CPE vendors
creating proprietary mechanisms for management, and not wanting to expose those
mechanisms to their competitors.
Image source: DSL Forum’s PD-128
Benefits of TR-069:
•CWMP device configuration, troubleshooting, firmware upgrades, user management,
and reporting for TR-069 enabled devices to reduce truck rolls
• Enables service providers to offer dynamic services such as home networking, security,
Voice over IP, centrally managed by a TR-069 ACS
• Reduces support calls by automated/proactive monitoring and managing of TR-069
Difficulties with TR-069:
-No matter how well the specification is written, there is room for interpretation and
error during implementation.
Example: There is a typo in the specification where a common word, used
to define a field, is misspelled. Does the vendor take the specification at its
literal meaning, or does the vendor correct the spelling error?
-SOAP implementation: TR-069 requires that all communications between the CPE (client) and ACS
(server) be done via a persistent, bi-directional connection. However SOAP was designed for
transitory, one-way communications where the roles of client and server are clearly defined. By
requiring a persistent connection, TR-069 is switching these roles during communications,
something SOAP wasn't designed to do and introducing complexity to a "simple" protocol.
-In the current specification it is necessary for the SOAP to be generated
manually, a process highly prone to errors and interpretation.
From fine point technologies website: http://www.finepoint.com/services/certification.htm
Difficulties with TR-069 (cont.)
Has to cross several layers of protocols and methods that must interoperate:
CPE/ACS Application The application uses the CPE WAN Management Protocol on the CPE and ACS, respectively.
The application is locally defined and not specified as part of the CPE WAN Management
RPC Methods The specific RPC methods that are defined by the CPE WAN Management Protocol.
SOAP A standard XML-based syntax used here to encode remote procedure calls. Specifically
HTTP HTTP 1.1
SSL/TLS The standard Internet transport layer security protocols. Specifically, either SSL 3.0 (Secure
Socket Layer), or TLS 1.0 (Transport Layer Security)
TCP/IP Standard TCP/IP.
Table 1 of TR-069 Amendment 1
TR-069 vs. SNMP
SNMP is a technology that is tried and true, but each company has it's own MIB
(management information base), and SNMP has been known to have security flaws. TR-069
was created to be device agnostic, meaning that all CPE devices can be managed by one TR-
069 Auto Configuration Server (ACS) no matter the manufacturer etc.
SNMP (Simple Network Management Protocol) is used by network management systems to
monitor network-attached devices for conditions that warrant administrative attention. It
consists of a set of standards for network management, including an application layer protocol,
a database schema, and a set of data objects.
Although it may seem invasive and insecure to have devices able to be accessed
without active consent, there are many security protocols included in the TR-069
From the TR-069 Amendment 1 document:
1.1 Security Goals:
The CPE WAN Management Protocol is designed to provide a high degree of security. The
security model is also designed to be scalable. It is intended to allow basic security to
accommodate less robust CPE implementations, while allowing greater security for those that
can support more advanced security mechanisms. In general terms, the security goals of the
CPE WAN Management Protocol are as follows:
Prevent tampering with the management functions of a CPE or ACS, or the transactions
that take place between the CPE and ACS.
Provide confidentiality for the transactions that take place between a CPE and ACS.
Allow appropriate authentication for each type of transaction.
Prevent theft of service.
What can TR-069 be used for so far?
Any and all CPE, such as VoIP Analog Telephone Adapters, DSL Modems, and
These capabilities are provisioned by TR-069 and its extensions (TR-098, TR-
104, TR-106, TR-110, TR-111)
TR-098 - data model for internet gateway devices (DSL modems with built in routers)
TR-104 - data model and any specific items for VoIP devices
TR-106 - a base object structure for TR-069 enabled devices
TR-110 - a reference model for VoIP configurations
TR-111 - covers applying TR-069 to remote management of home networking devices
Reality of TR-069:
Since TR-069’s ratification, changing market dynamics continue to impact the way service
providers conduct business. A single high-speed data service is no longer a viable, long-term
path to retain market share or grow revenue. Prices of core data services—and the associated
margins—are declining steeply, and market saturation of basic broadband is on the horizon. To
remain competitive, carriers are expanding into new video and content services, going after
video franchises, bundling entertainment packages, and competing head-to-head with
traditional cable operators to attract and retain new customers.
From “TR-069 and beyond,” by Heather Kirksey (http://telephonyonline.com/access/commentary/dsl_tr069_standards_071406/index.html)
- TR-069 has to keep expanding to incorporate the many new technologies
being developed for in-home use