Resource Library

Access Incognito's library of Guides, Tips / Tutorials and more.

FAQ: TR-069

Updated on 05 July 2019

Originally published in August 2013, this TR-069 FAQ is designed to equip network professionals with the information they need to fully understand TR-069, and how they can leverage the standard and capabilities to enable remote device management and a better customer experience.

Fast forward to 2019! Incognito is pleased to provide a number of updates on next-generation device management, the role of digital channels, the fit for User Services Platform, and how remote device management can be leveraged for new lines of business like IoT.


Sonya Goodanetz
Solutions Marketing - Incognito Software

What is TR-069?


The CPE WAN (CWMP) Management Protocol, published by The Broadband Forum as TR-069, specifies a standard communication mechanism for the remote management of end-user devices. The standard defines a protocol for the secure automated configuration of a TR-069-capable device and incorporates other management functions into a common framework. This protocol simplifies device management by specifying the use of an auto configuration server (ACS) to perform remote, centralized management of customer premises equipment (CPE).

Who created TR-069 and why?

In 2004, The Broadband Forum (formerly The DSL Forum) released the CPE WAN Management Protocol (CWMP), which is more commonly known as TR-069. This protocol standardizes the wide area network (WAN) management of CWMP devices. TR-069 gives broadband service providers a framework and common language to remotely provision and manage these devices, which are usually in a home network, regardless of device type or manufacturer.

TR-069 supports a variety of functionalities to manage CPEs and has the following primary capabilities:

  • Auto-configuration and dynamic service provisioning
  • Software/firmware management
  • Status and performance monitoring
  • Diagnostics
  • Speed Tests with TR-143

TR-069 is a specific technical report from Broadband Forum; however, the term is commonly used to refer to associated reports and extensions, including TR-106, TR-098, TR-104, TR-135, TR-140, and TR-111. See the Broadband Forum for the most up-to-date information.

What is a remote procedure call (RPC)?

A remote procedure call (RPC) is an operation between an ACS and the CPE. It is used for bidirectional communication between CPE and an ACS. This includes methods initiated by an ACS and sent to a CPE, as well as methods initiated by a CPE and sent to an ACS. Some common RPCs (methods) are included below, consult Broadband Forum for a complete list

  • GetParameterValues: The ACS uses this RPC to get the value of one or more parameters of a CPE
  • SetParameterValues: The ACS sets the value of one or more parameters of a CPE
  • GetParameterNames: The ACS uses this RPC to discover the parameters accessible on a CPE
  • Inform: A CPE sends this message to an ACS to initiate a session and to periodically send local information
  • Download: When the ACS requires a CPE to download a specified file to upgrade firmware and download a configuration file
  • Upload: When the ACS requires a CPE to upload a specified file to a designated location.
  • AutonomousTransferComplete: informs the ACS of the completion (either successful or unsuccessful) of a file transfer that was not specifically requested by the ACS.
  • Reboot: An ACS reboots a CPE remotely when the CPE encounters a failure or needs a software upgrade
  • AddObject: Allows the ACS to create instances of objects available on the CPE, for example, port mapping entries. The ACS also creates the associated parameters and sub-objects.
  • DeleteObject: Enables the ACS to delete existing instances of objects available on the CPE. It also deletes the associated parameters and sub-objects.

How are tasks completed in a TR-069 environment?

In a TR-069 environment, tasks are completed through sessions. Each session consists of a series of remote procedure calls (RPC) between an ACS and the CPE. TR-069 uses HTTP or HTTPS and SOAP messaging, which allows messages to pass through firewalls and NAT gateways. TR-069 defines a generic mechanism by which an ACS can read or write parameters to configure a CPE and monitor CPE status and statistics.

The minimum TR-069 eco-system requires:

  • An auto configuration server (ACS): The management server on the network.
  • Customer premises equipment (CPE): The device that is managed on the network
  • DNS server: Used to resolve the URL that is required for the ACS and CPE to interact
  • DHCP server: Can be used to assign an IP address to a device on the network. Well-known DHCP options can configure important parameters on the CPE, such as the ACS URL.

By specifying a variety of criteria, including provisioning parameters and vendor-specific information, an Auto Configuration Server provisions a CPE or collection of CPEs.

Is TR-069 widely used?

Yes. Broadband Forum reported in 2018 over 1 billion TR-069 installations, laying the foundation for mass adoption of broadband globally.

Who uses TR-069?

Broadband service providers use TR-069 to manage end-user devices and reduce operational costs. TR-069 and related standards have been deployed on Ethernet, 4G LTE, WiMAX, xPON, FTTx (fiber), DSL and cable networks. Cable companies are increasingly looking to adopt TR-069 as home networks became too complicated for subscribers to configure and manage on their own. Additionally, leveraging TR-069 in a cable network allows device management for entities not touched by DOCSIS provisioning, such as standalone home gateways who are not embedded in cable modems. This also provides access to additional device performance, fault and Wi-Fi configuration.

What devices use TR-069?

TR-069 offers management capabilities for a wide range of devices including DSL and cable residential gateways, fiber optical network terminals (ONT embedded in a CPE for xPON access network), 4G fixed-wireless routers, IPTV set-top boxes, network attached storage, HomePlug adapters, IP phones, and more. This extends to the cable industry and the multimedia residential gateways that utilize traditional DOCSIS provisioning along with TR-069 to manage value-added features such as gateway configuration, VoIP, Wi-Fi, and IPTV set-top box services.

What is an Auto Configuration Server and why is it necessary?

TR-069 specifies communication between a customer-premises equipment (CPE) and Auto Configuration Server (ACS). The ACS acts as a remote management server for TR-069 enabled CPEs. It is essentially the secure link between the subscriber’s devices in the home and the service provider’s customer service representative (CSR), support staff, operational support systems and business support systems (OSS/BSS), and network operations and field technicians. An ACS enables you to automate remote provisioning and many management tasks for TR-069 devices such as firmware upgrades.

Why should I use TR-069?

There are many benefits associated with using TR-069 to provision and manage end-user devices. In addition to using an industry standard approach for device integration, TR-069 and its extensions allow you to:

  • Enable remote provisioning of CPE
  • Better manage broadband networks with increased visibility and control of CPE
  • Collect data for analytics on network usage and activity, home network characteristics, and service utilization
  • Deliver new managed data services such as Wi-Fi, content filtering and other parental controls, online backup, and home surveillance
  • Offer subscribers a degree of self-service through web portals and mobile apps
  • Expand service offerings and manage the connected home and IoT offerings
  • Improve your customer service with improved diagnostics, monitoring, and firmware management
  • Reduce technical support calls, escalations and field technician truck rolls
  • Remove the burden of subscriber manual CPE configuration
  • Roll-out services with an automated process

Can I use TR-069 with DOCSIS or other protocols?

Yes. There are many scenarios where TR-069 may be deployed in conjunction with another management protocol, such as DOCSIS, SNMP and IoT (e.g. MQTT). For example, a cable operator may use DOCSIS onboard a device to the network and then use TR-069 for device provisioning. TR-069 enabled DOCSIS gateway availability encouraged the cable industry to embrace TR-069 for CPE management.

TR-069 can extend beyond the residential gateway to provide carrier class management of other networking devices and services within the customer premises such as a set-top box. Wireless extenders can be remotely managed via TR-069, to deliver trouble-free Wi-Fi to any location in a customer’s home with the benefits of shortened installation times.

Is TR-069 secure?

Yes. The Broadband Forum designed CWMP model to provide a high degree of security while remaining scalable. The stated security goals of this protocol are below:

  • Prevent tampering with the management functions of a CPE or ACS, or the transactions that take place between CPE and an ACS
  • Provide confidentiality for the transactions that take place between CPE and ACS
  • Allow appropriate authentication for each type of transaction
  • Prevent theft of service

Secure Socket Layer/Transport Layer Security (SSL/TLS) should be used to encrypt traffic between CPE and an ACS ensuring all data passed between the CPE and ACS remains private and integral. It is possible to use the protocol directly over a HTTP connection; however, some aspects of security will be sacrificed. SSL is an industry standard, and used by millions to protect online transactions between customers. When SSL/TLS is used, the CPE must authenticate the ACS using the ACS-provided certificate.

Can I use TR-069 retrieved device data to augment digital channels?

Yes. You can further extend digital channels by supplementing your customer care solutions with TR-069 ACS retrieved device data. Now you can rapidly deliver subscriber self-service functions and arm field technician with operational tools, all while using your existing BSS assets such as existing self-care portals and mobile apps. A key challenge for internal development teams is how to integrate network-facing tools and functions within existing BSS systems.

Enter widgets! Widget technology provides a modular re-usable approach to unify your digital care channels (mobile apps, web portals and chatbots), to expose ACS TR-069 device management with simple JavaScript, for shortened IT software development intervals. Subscribers will be enabled to perform self-service use cases such as changing a Wi-Fi password, running a speed test, performing a device diagnostic check and changing the Wi-Fi channel. With self-service, you can reduce OPEX costs (number of CSR calls, increase FCR), decrease field technician truck rolls, all while improving customer satisfaction.

Can TR-069 device management be used to support IoT applications?

TR-069 device management platform can be used to manage IoT devices, using the same data model to achieve zero-touch service activation and management. TR-069 provides a standardized approach to enable control of connected devices to be managed by CSPs who are looking to enter the IoT market.

The following key requirements need to be considered for rapid IoT device on-boarding:

  • Automated discovery - for ease of provisioning and management
  • Extreme scaling to deal with millions of devices
  • Zero touch provisioning - truck rolls are not an option
  • Bulk operations - automated firmware updates become key
  • Ability to securely add device attributes
  • Neutrality becomes important given the plethora of devices, access technologies and vendors - your device management platform needs to support it all
  • Closed-loop automation - helps detect, isolate, and mitigate threats to ensure IoT security and network efficiency
  • Reducing the need for manual intervention - increase the automation of IoT

What are the use cases of interest to CSPs for IoT?

Cisco’s VNI report estimates that 14.6 billion connections will be M2M by 2022. Incognito estimates that approximately 70% of these could be manageable by CSPs with a focus on industrial IoT applications like smart cities, smart meters, heavy machinery, and more.

Learn more about Incognito's Enterprise IoT Solution.

What is User Services Platform (USP)?

The User Services Platform (USP) is an evolution of the TR-069 Broadband Forum specification detailed earlier in this FAQ. In January 2018 the Broadband Forum Connected Home Council ratified the USP 1.0 standard (TR-369).

USP provides the platform for standards-based next-generation services such as wireless meshes, smart-home automation, customer self-care and IoT. This service enablement leverages TR-069, along with critical new functionality including:

  • real-time monitoring, telemetry, and bulk statistics collections for big data processing, AI and machine learning
  • enhanced service provisioning, authentication, configuration of TR-069 residential device lifecycle management
  • upgradeability - firmware, security patches, etc.
  • virtualization - “dockerized” containers for device management and lifecycle of 3rd party applications
  • TLS connections improving security
  • Device:2 data model (TR-181) unifying disparate IoT and vendor proprietary protocols
  • Device proxy (translation) between non-USP IoT protocols such as ZigBee

Why should you care about USP?

CSPs face the risk of in-home network marginalization. So the race is on for new revenue streams beyond GB connectivity and IP services, while also reacting to competitive pressures. Operators need to control the Connected Home business model, with management insight into a gateway, CPE and visibility of connected devices, all while being vendor neutral and network agnostic.

A critical value-add for service providers is presenting a seamless, quality, user experience to the subscriber regardless of the IoT protocol, device supporting TR-069 or a device supporting USP. This requires a new management platform approach where USP bridges that gap.

How does USP relate to TR-069?

USP represents a natural evolution of CWMP, a sort of “TR-069 2.0” intended to be faster, lighter weight, and more secure. USP will be less ‘noisy’ than TR-069 in terms of message exchange, and more efficient in establishing a session between a device and a controller. USPs approach of service elements and controllers, results in a simpler, lighter message set reducing complexity and increasing performance, all while maintaining backwards compatibility with TR-069.

TR-069 lacks the following capabilities, providing further drivers for USP adoption:

  • multiple management server support
  • use case driven message transfer protocols
  • efficient data encoding
  • always on communication
  • application layer security
  • distributed data model processing - crucial for big data and IoT applications

What are the use cases driving USP?

  • IoT on-boarding and device management
  • Mass telemetry
    • deliver personalized services using real-time deep edge intelligence and improving customer care applications
  • Managed Wi-Fi
    • commercial and standards-based Wi-Fi optimization like wireless mesh, improving the home (or business) network experience

Interested in learning more about User Services Platform (USP) and what's in it for global service providers? Check out Incognito's USP insights page or read our latest blog series on the next-gen device management and data collection protocol.