TR-069

TR-069 is a protocol for data exchange between the server of a communication provider and a connected terminal at the customer's. A typical application is the remote configuration of DSL routers by a broadband provider. From a technical point of view, it is a bidirectional SOAP protocol for HTTP -based communication between customer premises equipment (CPE for short) and auto-configuration servers (ACS). It is therefore also known as the CPE WAN Management Protocol (CWMP).

Remote access to configuration

In the DSL broadband market, TR-069 is the dominant connection standard for access devices. The technical specifications (TR-069) are published by the Broadband Forum .

The protocol includes methods for auto-configuration as well as for controlling other CPE functions in a uniform framework. A distinction is made between different types of CPEs. The basic type is broadband / DSL equipment such as B. DSL router.

TR-069 in the TCP / IP protocol stack :
application	TR-069
	HTTP		HTTPS		...
transport	TCP
Internet	IP ( IPv4 , IPv6 )
Network access	Ethernet	Token bus	Token ring	FDDI	...

With the market success of broadband access to the Internet, the number of other access devices is increasing (e.g. in addition to modems and routers also residential gateways , set-top boxes , game consoles , IP telephones and IP TV streaming solutions).

As these devices become more complex, their configuration becomes overwhelming for many users. Therefore, with TR-069, a protocol was designed that enables an access provider to maintain these devices remotely. Terminal devices can contact the auto-configuration server (ACS) of the provider via TR-069 and be configured automatically.

In addition to the TR-069 core standard for DSL routers, there are secondary standards for other end devices behind the NAT / firewall of the DSL router - and with access to them. The Broadband Forum would like to extend the TR-069 standard to fiber optic technologies and Femtocell routers.

safety

TR-069 cuts the privacy and data protection of end users. It allows the provider to install automatic updates in the DSL router unnoticed and without the consent of the user. These can even be set up specifically for specific users or user groups. This can have serious consequences for the user, especially against the background of " online searches ", eavesdropping rights and the like.

In addition, the TR-069 also enables other devices to be configured that are located in the “safe area” behind the box or modem, i.e. behind the firewall. Remote access could also be used to modify or delete data on certain customer devices to which the network operator has access. Due to its functional principle, TR-069 therefore represents a backdoor , the existence of which is unknown to many end customers and of which they are not aware of the possibilities.

On the other hand, the protocol allows the provider z. B. Automatically upload security updates to a device and thus close security gaps even for technically inexperienced users, for whom a firmware upgrade carried out themselves would be too complicated.

The TR-069 specification provides SSL / TLS secured connections between provider and end device only as a recommendation.

Functions supported by TR-069

Auto configuration and dynamic service activation
- Initial CPE configuration
- Remote CPE configuration
Firmware management
- Version management
- Update management
Change / reset passwords of the device
Status and performance control
- Log file evaluation and dynamic messages
diagnosis
- Connectivity and service control
- 100% interoperability between management server and CPEs.

In the future, the TR-069 will control many additional functions of the CPEs beyond pure connection standards, such as:

Query the device functions
Information request, diagnosis, status and performance values
Automatic event-triggered alarm functions
Independent gateway data model; Can be expanded in conjunction with TR-064 to integrate additional devices and functions
The router front end (the user interface) is not absolutely necessary for configuration; all functions can be monitored and controlled by the management server.

There are also first approaches that combine the function of a TR-069 server with the possibilities of OSGi and / or OMA-DM (both are specific software standards ). OSGi can z. B. serve as SOA , which forms the client framework on the router, on the TR-069 itself, as well as other - possibly chargeable - (value-added) services can be dynamically installed and administered. This is particularly interesting if incremental updates of the router software should be possible or if the remote maintenance options of the TR-069 are not sufficient. Since OSGi is a Java- based framework , there is also a natural reference to the object-oriented SOAP protocol.

specification

The Broadband Forum publishes standards that have already been adopted, so-called TRs (Technical Reports) on its website.

The drafts are not public and are called Working Text (WT) or Proposed Draft (PD). Working texts are draft standards and usually become TRs. Proposed drafts are further documents of the working groups that are used internally (e.g. PD-128, interoperability test plan for TR-069 plug tests ), but they can also be a preliminary stage to working texts.

The numbering of the standards is three-digit and linear, i. i.e. it starts at 001 and is continuously incremented. If a WT becomes a TR, the numbering does not change. In some cases, amendments are given the same number with the addition "Amendment" and a further numbering (Amendment 1, ...), which replace the previous document. For example, in spite of the approved TR, WTs with the same number can exist (e.g. TR-106 Amendment 1 and WT-106 for an Amendment 2 (planned for November 2008)).