TR-069 CPE WAN Management Protocol (CWMP). Adam Rozumek InterOperability Lab University of New Hampshire 2007. What is TR-069?. From the TR-069 Amendment 1 document:
CPE WAN Management Protocol
University of New Hampshire
From the TR-069 Amendment 1 document:
A protocol for communication between Customer Premise Equipment (CPE) and Auto-Configuration Server (ACS) that encompasses secure auto-configuration as well as other CPE management functions within a common framework.
Figure 3 of DSL Forum’s TR-069 Amendment 1
Service Providers can, through TR-069, use one common platform to manage, through the Internet, all of their Customer Premise Devices, no matter the device nor the manufacturer.
This common application has never been achieved before due to CPE vendors creating proprietary mechanisms for management, and not wanting to expose those mechanisms to their competitors.
Image source: DSL Forum’s PD-128
-No matter how well the specification is written, there is room for interpretation and error during implementation.
Example: There is a typo in the specification where a common word, used to define a field, is misspelled. Does the vendor take the specification at its literal meaning, or does the vendor correct the spelling error?
-SOAP implementation: TR-069 requires that all communications between the CPE (client) and ACS (server) be done via a persistent, bi-directional connection. However SOAP was designed for transitory, one-way communications where the roles of client and server are clearly defined. By requiring a persistent connection, TR-069 is switching these roles during communications, something SOAP wasn't designed to do and introducing complexity to a "simple" protocol.
-In the current specification it is necessary for the SOAP to be generated manually, a process highly prone to errors and interpretation.
From fine point technologies website: http://www.finepoint.com/services/certification.htm
The application uses the CPE WAN Management Protocol on the CPE and ACS, respectively. The application is locally defined and not specified as part of the CPE WAN Management Protocol.
The specific RPC methods that are defined by the CPE WAN Management Protocol.
A standard XML-based syntax used here to encode remote procedure calls. Specifically SOAP 1.1
The standard Internet transport layer security protocols. Specifically, either SSL 3.0 (Secure Socket Layer), or TLS 1.0 (Transport Layer Security)
Difficulties with TR-069 (cont.)
Has to cross several layers of protocols and methods that must interoperate:
Table 1 of TR-069 Amendment 1
SNMP (Simple Network Management Protocol) is used by network management systems to monitor network-attached devices for conditions that warrant administrative attention. It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.
SNMP is a technology that is tried and true, but each company has it's own MIB (management information base), and SNMP has been known to have security flaws. TR-069 was created to be device agnostic, meaning that all CPE devices can be managed by one TR-069 Auto Configuration Server (ACS) no matter the manufacturer etc.
Although it may seem invasive and insecure to have devices able to be accessed without active consent, there are many security protocols included in the TR-069 documents.
From the TR-069 Amendment 1 document:
The CPE WAN Management Protocol is designed to provide a high degree of security. The security model is also designed to be scalable. It is intended to allow basic security to accommodate less robust CPE implementations, while allowing greater security for those that can support more advanced security mechanisms. In general terms, the security goals of the CPE WAN Management Protocol are as follows:
Prevent tampering with the management functions of a CPE or ACS, or the transactions
that take place between the CPE and ACS.
Provide confidentiality for the transactions that take place between a CPE and ACS.
Allow appropriate authentication for each type of transaction.
Prevent theft of service.
Any and all CPE, such as VoIP Analog Telephone Adapters, DSL Modems, and Residential Gateways.
These capabilities are provisioned by TR-069 and its extensions (TR-098, TR-104, TR-106, TR-110, TR-111)
TR-098 - data model for internet gateway devices (DSL modems with built in routers)
TR-104 - data model and any specific items for VoIP devices
TR-106 - a base object structure for TR-069 enabled devices
TR-110 - a reference model for VoIP configurations
TR-111 - covers applying TR-069 to remote management of home networking devices
Since TR-069’s ratification, changing market dynamics continue to impact the way service providers conduct business. A single high-speed data service is no longer a viable, long-term path to retain market share or grow revenue. Prices of core data services—and the associated margins—are declining steeply, and market saturation of basic broadband is on the horizon. To remain competitive, carriers are expanding into new video and content services, going after video franchises, bundling entertainment packages, and competing head-to-head with traditional cable operators to attract and retain new customers.
From “TR-069 and beyond,” by Heather Kirksey(http://telephonyonline.com/access/commentary/dsl_tr069_standards_071406/index.html)
- TR-069 has to keep expanding to incorporate the many new technologies being developed for in-home use