TR-069, also known as the CPE WAN Management Protocol (CWMP), defines a protocol for remote management of customer-premises equipment connected to an IP network. It allows broadband service providers to remotely configure, install, diagnose, and maintain home and business networking devices. Key aspects of TR-069 include periodic connectivity checks, remote device management via RPC calls, and the ability to initiate sessions through connection requests from the Auto-Configuration Server to the customer-premises equipment.

1. TR 069
CPE WAN Management Protocol (CWMP)

2. What it is
• TR-069 refers to the Technical Report
• published by the Broadband Forum
• defines the CPE WAN Management Protocol, or CWMP

3. Beginning
• In the beginning, TR-069 was targeted towards the home router or
business gateway.
•

4. Evolution
• Now it covers
• all manner of home network devices, including enterprise VoIP
products, video set top boxes, network attached storage.
• an unlimited number of network aware products through TR-069’s
proxy function.

5. Why it was developed
• to allow providers of broadband services to deploy and manage
customer premises equipment in home and business networks.

6. • protocol for remote management of customer-premises equipment
(CPE) connected to an Internet Protocol (IP) network.

7. The abilities it provide to the user
• to cover a wide range of use cases.
• This includes so-called “zero touch” installation
• configuration and activation of new services
• CPE firmware maintenance
• diagnostics for customer troubleshooting.

8. Architecture overview
• TR-069 describes the interaction between an Auto-Configuration
Server(ACS) and one or more CWMP endpoints.
• These endpoints usually reside on a devices in a broadband user’s
home network.
• This interaction happens with a series of Remote Procedure Calls, or
RPCs.

10. How the session starts
• All CWMP sessions begin with the CPE making the Inform RPC on the
ACS. This is also referred to as “sending an Inform” or “an Inform
message”.
• An Inform RPC, and consequently, a CWMP session, is always made
for a specific reason, called an Event

11. A fundamental TR-069 session

12. • First, the CPE initiates a TCP session with ACS and negotiates a secure
connection.
• The CPE begins every session by sending an Inform RPC to the ACS,
with arguments that include the Event that caused the session. This is
done over an HTTP Post

13. • In the HTTP Response, the the ACS sends an InformResponse. Once
processed by the CPE, this means that the Inform RPC is complete.
• There’s probably no other RPCs that CPE wishes to make on the ACS,
so it sends an empty HTTP Post to indicate that it is finished. This may
happen at any time during the session.

14. • The ACS begins to send remote procedure calls to the CPE, such as
the GetParamterValues RPC.
• The CPE sends its GetParameterResponse in an HTTP Post, with the
information the ACS was looking for. This ends the
GetParameterValues RPC.
• The ACS makes any other RPCs it needs during this session, such as
SetParameterValues to change the state of the CPE.

15. • When the ACS has no more RPCs to make, it sends an empty HTTP
Response, just like the CPE did earlier.
• When both the CPE and the ACS have done this, the session is over
and it’s time to tear down the connection.

16. CWMP Event Basics
• Every TR-069 session is initiated by a CPE.
• These sessions always occur for a specific reason, called an “Event”.
• All of the Events that have yet to be delivered to the ACS are
contained as arguments in the Inform RPC at the start of every TR-069
session.

17. • the Inform sent by the CPE contains an array of type “EventStruct”.
• This array contains one or more event codes that tell the ACS why the
CPE is making contact.

18. Some Events
• BOOTSTRAP
• BOOT
• PERIODIC
• SCHEDULED
• VALUE CHANGE
• CONNECTION REQUEST
• TRANSFER COMPLETE AND ANONYMOUS TRANSFER COMPLETE
• DIAGNOSTICS COMPLETE

19. • REQUEST DOWNLOAD
• STATE CHANGE COMPLETE
• AUTONOMOUS STATE CHANGE COMPLETE

20. ACS Discovery
• In TR-069, the CPE is always initiates a session.
• When making first contact with an ACS, how does it know the ACS
URL it is supposed to contact?

21. • There are 3 mechanisms suggested in TR-069 to do this.
• The first is that the CPE has its bootstrap ACS pre-configured by
factory default.

22. • The second mechanism involves the ACS URL being configured
through a local protocol that has access to the CWMP data
model, such as UPnP.
• Lastly, TR-069 defines a mechanism for using DHCP options to
configure the ACS URL.

23. • When a CPE comes online, the DHCP server that assigns its IP address
can provide the ACS URL in certain DHCP options.

25. How CPE tells ACS about its capability.
• A CPE can announce that it supports this capability in its DHCP
DISCOVER message by including a special string anywhere in the
DHCP Vendor Class Identifier Option 60, or in Vendor Class Option
124.

26. • The DHCP server then responds with the URL of the ACS specified in
DHCP option 43, 125, or both in its DHCP OFFER message.

27. Connection Request Basics
• Though every TR-069 session is initiated by the CPE endpoint,
sometimes it’s necessary for the ACS to request that the CPE contact
it immediately.

28. • TR-069 defines a Connection Request mechanism which allows the
ACS to stimulate the CPE to begin a session.

29. • The most basic Connection Request is a simple HTTP GET on a URL
defined by the CPE.
• ConnectionRequestURL parameter is used.

30. • This HTTP GET is authenticated by the CPE using a username and
password specific to the ACS.
• Usually, the ACS will set this username and password after a CPE
contacts it for the first time.

31. • Once the HTTP GET is authenticated, the CPE sends an HTTP
Response with a 200 OK or 204 “No Content” status code.
• This tells the ACS that the CPE received and understood the request.

32. • If the CPE receives more than one ConnectionRequest before the first
session occurs, it must still respond to them, but only begin one
Session as a result.

33. • If CPE is already in a Session with the ACS when it receives a
ConnectionRequest, it can’t terminate that Session prematurely.
• Instead, it can send a 503 “Service Unavailable” status code, or wait
for the current session to finish before starting the requested Session.
• When it’s ready, CPE starts the new session within 30 seconds of
receiving the Connection Request.