Remote Device Deployment (TR-069)

Introduction

TR-069 is a technical specification created by the Broadband Forum. The TR-069 protocol specifies client and server requirements to manage devices across the Internet by using a client server architecture to provide communication between the CPE (Customer Premises Equipment) and the ACS (Auto Configuration Server). A protocol helps to manage complex networks where many devices such as modems, routers, gateways, VoIP phones and mobile tablets compete for resources. TR-069 defines the CPE WAN Management Protocol (CWMP) protocol necessary to remotely manage end-user devices. ACS provides automatic configuration for these devices.


[NOTE: ]

NOTE: CWMP is automatically enabled. To conserve resources, reconfigure this setting using the cwmp disable command.


TR-069 defines an auto-configuration architecture which provides the following primary capabilities:

  • Auto-configuration and dynamic service provisioning

  • Software/firmware image management

  • Status and performance monitoring

  • Diagnostics

  • Bidirectional SOAP/HTTP based protocol

Advantages of TR-069

  • TR-069 can manage devices with dynamic IP addresses.

    • TR-069 use Organization Unique ID (OUI) and serial number rather than IP to identify a device.

  • TR-069 can manage devices in a private network.

    • The HPE ACS BIMS (an iMC module) uses HTTP to communicate with the device, and the session is initiated by the device, so BIMS can pass through NAT to manage the device.

  • TR-069 is secure.

    • TR-069 can use HTTPS to communicate with or transfer files to/from the device; it is more secure than TFTP, FTP or Telnet.

  • TR-069 is suitable for WAN management across internet.

  • TR-069 is suitable for zero-touch configuration.

    • The zero-configuration mechanism is defined in the TR-069 specification.

  • TR-069 is suitable for large-scale device management.

    • TR-069 support distributed architecture. The ACS can be distributed to multiple servers, each ACS can manage part of devices.

Zero-touch configuration process

Auto configuration or “zero-touch” deployment is a recurring customer requirement, especially for remote-office deployments. New devices introduced inside a private network require management tools be co-located to configure them or update firmware, or require manual intervention to do configuration. TR-069 allows managing devices that reside in a private network via HTTP(S), enabling a new set of deployment and management models today, not possible using SNMP.

The client side, when configured, will contact the server at a predefined URL, using HTTP or HTTPS as protocol. After authentication, the ACS is able to perform the following basic operations:

  • Update CPE Configuration.

  • Update CPE TR-069 parameters.

  • Update CPE firmware.

  • Reboot CPE (backup, startup, and running configurations)

  • Run CPE ping diagnostics.

  • Reset CPE to factory default.

  • Get periodic Status (several parameters can be retrieved depending on what is supported).

Since TR-069 uses HTTP, it can be used across a WAN. If the CPE can reach the URL, it can be managed. TR-069 is mostly a push protocol where the client periodically sends information without server requests. This allows for greater scalability over traditional SNMP based tools, which are also bounded to work within the LAN, while TR-069 can offer management to remote offices.

Zero-touch configuration for Campus networks

In this example, the following steps to configure CPEs for a Campus Network environment.

  1. Pre-configuration for all CPEs in BIMS.

  2. CPEs get BIMS parameters from DHCP server.

  3. CPEs initiate a connection to BIMS, then BIMS deploys the pre-configuration to CPEs.

Zero-touch configuration for Branch networks

In this example, the following steps to configure CPEs for a Branch network environment.

  1. Create the basic configuration for your spoke device manually, using the username/password from ISP and BIMS URL.

  2. The IPSec VPN configuration is generated by IVM and deployed by BIMS.

  3. The IPSec VPN tunnel is automatically created.

  4. The device in the branch private network can DHCP relay to HQ to continue the zero touch configuration.

Zero-touch configuration setup and execution

1. DHCP configuration

2. BIMS configuration

3. Execution