Frequently Asked Questions on TR-069 CWMP

This article provides a summary of everything you need to know about TR-069 CWMP protocol and next-generation CPE device management.

Updated on March 11, 2024

This TR-069 FAQ is designed to equip network professionals with the information they need to fully understand TR-069 CPE WAN Management Protocol (CWMP), and how they can leverage the standard and capabilities to enable remote device management of modems, routers, and gateways and boost customer experience. Incognito is pleased to provide a number of updates on next-generation device management, 5G, TR-181, Wi-Fi Data Elements, QoE parameters, the role of digital channels, the fit for User Services Platform, and how remote device management can be leveraged for new lines of business like enterprise IoT.

What is TR-069?

The CPE WAN (CWMP) Management Protocol, published by The Broadband Forum as TR-069, specifies a standard communication mechanism for the remote management of end-user devices. The standard defines a protocol for the secure automated configuration of a TR-069-capable device and incorporates other management functions into a common framework. This protocol simplifies device management by specifying the use of an Auto Configuration Server (ACS) to perform remote, centralized management of customer premises equipment (CPE).

Who created TR-069 and why?

In 2004, The Broadband Forum (formerly The DSL Forum) released the CPE WAN Management Protocol (CWMP), which is more commonly known as TR-069. This protocol standardizes the wide-area network (WAN) management of CWMP devices. TR-069 gives broadband service providers a framework and common language to remotely provision and manage these devices, which are usually in a home network, regardless of device type or manufacturer.

TR-069 supports a variety of functionalities to manage CPEs and has the following primary capabilities:

  • Auto-configuration and dynamic service provisioning
  • Software/firmware management
  • Status and performance monitoring
  • Diagnostics
  • Speed Tests with TR-143

TR-069 is a specific technical report from Broadband Forum; however, the term is commonly used to refer to associated reports and extensions, including TR-106, TR-098, TR-104, TR-135, TR-140, and TR-111. See the Broadband Forum for the most up-to-date information.

What is a TR-069 Auto Configuration Server and why is it necessary?

TR-069 CWMP enables remote and safe configuration of network devices called customer premises equipment (CPE). Configuration is managed by a central server called an Auto Configuration Server (ACS). TR-069 specifies the communication between a customer premises equipment (CPE) and Auto Configuration Server (ACS). The ACS acts as a remote management server for TR-069-enabled CPEs. It is essentially the secure link between the subscriber’s devices in the home and the service provider’s customer service representative (CSR), support staff, operational support systems and business support systems (OSS/BSS), and network operations and field technicians. An ACS enables you to automate remote provisioning and many management tasks for TR-069 devices such as firmware upgrades.

What is a remote procedure call (RPC)?

A remote procedure call (RPC) is an operation between an ACS and the CPE. It is used for bidirectional communication between CPE and an ACS. This includes methods initiated by an ACS and sent to a CPE, as well as methods initiated by a CPE and sent to an ACS. Some common RPCs (methods) are included below, consult Broadband Forum for a complete list

  • GetParameterValues: The ACS uses this RPC to get the value of one or more parameters of a CPE
  • SetParameterValues: The ACS sets the value of one or more parameters of a CPE
  • GetParameterNames: The ACS uses this RPC to discover the parameters accessible on a CPE
  • Inform: A CPE sends this message to an ACS to initiate a session and to periodically send local information
  • Download: When the ACS requires a CPE to download a specified file to upgrade firmware and download a configuration file
  • Upload: When the ACS requires a CPE to upload a specified file to a designated location.
  • AutonomousTransferComplete: informs the ACS of the completion (either successful or unsuccessful) of a file transfer that was not specifically requested by the ACS.
  • Reboot: An ACS reboots a CPE remotely when the CPE encounters a failure or needs a software upgrade
  • AddObject: This allows the ACS to create instances of objects available on the CPE, for example, port mapping entries. The ACS also creates the associated parameters and sub-objects.
  • DeleteObject: Enables the ACS to delete existing instances of objects available on the CPE. It also deletes the associated parameters and sub-objects.

How are tasks completed in a TR-069 environment?

In a TR-069 environment, tasks are completed through sessions. Each session consists of a series of remote procedure calls (RPC) between an ACS and the CPE. TR-069 uses HTTP or HTTPS and SOAP messaging, which allows messages to pass through firewalls and NAT gateways. TR-069 defines a generic mechanism by which an ACS can read or write parameters to configure a CPE and monitor CPE status and statistics.

The minimum TR-069 eco-system requires:

  • An Auto Configuration Server (ACS): The management server on the network.
  • Customer premises equipment (CPE): The device that is managed on the network
  • DNS server: Used to resolve the URL that is required for the ACS and CPE to interact
  • DHCP server: This can be used to assign an IP address to a device on the network. Well-known DHCP options can configure important parameters on the CPE, such as the ACS URL.

By specifying a variety of criteria, including provisioning parameters and vendor-specific information, an Auto Configuration Server provisions a CPE or collection of CPEs.

Is TR-069 widely used?

Yes. Broadband Forum reported in 2018 over 1 billion TR-069 installations, laying the foundation for mass adoption of broadband globally.

Who uses TR-069?

Broadband service providers use TR-069 to manage end-user devices and reduce operational costs. TR-069 and related standards have been deployed on Ethernet, 5G, 4G LTE, WiMAX, xPON, FTTx (fiber), DSL, and cable networks. Cable companies are increasingly looking to adopt TR-069 as home networks became too complicated for subscribers to configure and manage on their own, with DOCSIS PNM (proactive network maintenance) parameters recently being added to the TR-069 specification. Additionally, leveraging TR-069 in a cable network allows device management for entities not touched by DOCSIS provisioning, such as standalone home gateways that are not embedded in cable modems. This also provides access to additional device performance, fault, and Wi-Fi configuration.

What devices use TR-069?

TR-069 offers management capabilities for a wide range of devices including DSL and cable residential gateways, fiber optical network terminals (ONT embedded in a CPE for xPON access network), 4G fixed-wireless routers, 5G fixed-wireless routers, IPTV set-top boxes, network-attached storage, HomePlug adapters, IP phones, Wi-Fi routers, Wi-Fi extenders, and more. This extends to the cable industry and the multimedia residential gateways that utilize traditional DOCSIS provisioning along with TR-069 to manage value-added features such as gateway configuration, VoIP, Wi-Fi, and IPTV set-top box services.

Does this mean there is a CWMP agent in a modem or CWMP in a router?

If the device is TR-069 capable, then yes, there is a CWMP agent present on the device.

Why should I use TR-069?

There are many benefits associated with using TR-069 to provision and manage end-user devices. In addition to using an industry-standard approach for device integration, TR-069 and its extensions allow you to:

  • Enable remote provisioning of CPE
  • Better manage broadband networks with increased visibility and control of CPE
  • Collect data for analytics on network usage and activity, home network characteristics, and service utilization
  • Deliver new managed data services such as Wi-Fi, content filtering and other parental controls, online backup, and home surveillance
  • Offer subscribers a degree of self-service through web portals and mobile apps
  • Expand service offerings and manage the connected home and IoT offerings
  • Improve your customer service with improved diagnostics, monitoring, and firmware management
  • Reduce technical support calls, escalations, and field technician truck rolls
  • Remove the burden of subscriber manual CPE configuration
  • Roll-out services with an automated process

Can I use TR-069 with DOCSIS or other protocols?

Yes. There are many scenarios where TR-069 may be deployed in conjunction with another management protocol, such as DOCSIS, SNMP, and IoT (e.g. MQTT). For example, a cable operator may use DOCSIS to onboard a device to the network and then use TR-069 for device provisioning. TR-069 enabled DOCSIS gateway availability encouraged the cable industry to embrace TR-069 for CPE management.

TR-069 can extend beyond the residential gateway to provide carrier-class management of other networking devices and services within the customer premises such as a set-top box. Wireless extenders can be remotely managed via TR-069, to deliver trouble-free Wi-Fi to any location in a customer’s home with the benefits of shortened installation times.

Is TR-069 safe and secure?

Is TR-069 safe? The answer is yes. The Broadband Forum designed the CWMP model to provide a high degree of security while remaining scalable. The stated security goals of this protocol are below:

  • Prevent tampering with the management functions of a CPE or ACS, or the transactions that take place between CPE and an ACS
  • Provide confidentiality for the transactions that take place between CPE and ACS
  • Allow appropriate authentication for each type of transaction
  • Prevent theft of service

Secure Socket Layer/Transport Layer Security (SSL/TLS) should be used to encrypt traffic between CPE and an ACS ensuring all data passed between the CPE and ACS remains private and integral. It is possible to use the protocol directly over an HTTP connection; however, some aspects of security will be sacrificed. SSL is an industry standard and used by millions to protect online transactions between customers. When SSL/TLS is used, the CPE must authenticate the ACS using the ACS-provided certificate.

Can I configure ONTs using a TR-069 ACS?

Yes, there are a number of parameters to enable ONT (optical network terminal) for GPON (gigabit passive optical network) access technology available within the TR-181 data model, such as configuring the WAN IP Connection for data access using IPv4 and/or IPv6 addresses, and service-specific parameters for IPTV, IP static routes, VoIP lines, and SIP proxy server. Learn more about how Incognito's DX Activate solution enables zero-touch provisioning for FTTx services.

Can I use TR-069 retrieved device data to augment digital channels?

Yes. You can further extend digital channels by supplementing your customer care solutions with TR-069 ACS retrieved device data. Now you can rapidly deliver subscriber self-service functions and arm field technicians with operational tools, all while using your existing BSS assets such as existing self-care portals and mobile apps. A key challenge for internal development teams is how to integrate network-facing tools and functions within existing BSS systems.

Enter widgets! Widget technology provides a modular re-usable approach to unify your digital care channels (mobile apps, web portals, and chatbots), to expose ACS TR-069 device management with simple JavaScript, for shortened IT software development intervals. Subscribers will be enabled to perform self-service use cases such as changing a Wi-Fi password, running a speed test, performing a device diagnostic check, and changing the Wi-Fi channel. With self-service, you can reduce OPEX costs (number of CSR calls, increase FCR), decrease field technician truck rolls, all while improving customer satisfaction.

Can I deploy an ACS in the cloud?

Yes, deployment into a cloud for TR-069 is available such as with Incognito's DX SaaS offering.

Can I use TR-069 ACS to manage 5G FWA CPEs?

Certainly, 5G fixed wireless access devices can be managed using TR-069 if Device:2 TR-181 support is present to enable 5G WWC (wireline wireless convergence) for a 5G residential gateway.

Can TR-069 device management be used to support IoT applications?

TR-069 device management platform can be used to manage IoT devices, using the same data model to achieve zero-touch service activation and management. TR-069 provides a standardized approach to enable control of connected devices to be managed by CSPs who are looking to enter the IoT market.

The following key requirements need to be considered for rapid IoT device on-boarding:

  • Automated discovery - for ease of provisioning and management
  • Extreme scaling to deal with millions of devices
  • Zero-touch provisioning - truck rolls are not an option
  • Bulk operations - automated firmware updates become key
  • Ability to securely add device attributes
  • Neutrality becomes important given the plethora of devices, access technologies, and vendors - your device management platform needs to support it all
  • Closed-loop automation - helps detect, isolate, and mitigate threats to ensure IoT security and network efficiency
  • Reducing the need for manual intervention - increase the automation of IoT

What are the use cases of interest to CSPs for IoT?

Cisco’s VNI report estimates that 14.7 billion connections will be M2M by 2023. Incognito estimates that approximately 70% of these could be manageable by CSPs with a focus on industrial IoT applications like smart cities, smart meters, heavy machinery, and more. Learn more about Incognito's Unified Enterprise IoT Platform. Connected home applications will have nearly 48% of M2M share by 2023, and smart home services require always-on connectivity and flexible deployment approaches, which are possible with TR-369 User Services Platform support.

What is TR-369 User Services Platform (USP)?

The User Services Platform (USP) is an evolution of the TR-069 Broadband Forum specification detailed earlier in this FAQ. In January 2018 the Broadband Forum Connected Home Council ratified the USP 1.0 standard (TR-369).

USP provides the platform for standards-based next-generation services such as wireless meshes, smart-home automation, customer self-care, and IoT. This service enablement leverages TR-069, along with critical new functionality including:

  • Real-time monitoring, telemetry, and bulk statistics collections for big data processing, AI, and machine learning
  • Enhanced service provisioning, authentication, and configuration of TR-069 residential device lifecycle management
  • Upgradeability - firmware, security patches, etc.
  • Virtualization - "dockerized" containers for device management and lifecycle of 3rd party applications
  • TLS connections improving security
  • Device:2 data model (TR-181) unifying disparate IoT and vendor-proprietary protocols
  • Device proxy (translation) between non-USP IoT protocols such as ZigBee

Why should you care about USP TR-369?

CSPs face the risk of in-home network marginalization. So the race is on for new revenue streams beyond gigabit connectivity and IP services, while also reacting to competitive pressures. Operators need to control the connected home business model with management insight into a gateway, CPE, and visibility of connected devices, all while being vendor-neutral and network-agnostic.

A critical value-add for service providers is presenting a seamless, quality, user experience to the subscriber regardless of the IoT protocol, a device supporting TR-069, or a device supporting USP TR-369. This requires a new management platform approach where USP bridges that gap.

The USP Summit of 2024 highlighted how this standard is carving the path for the future of connected home technology, and how industry leaders are gearing up to harness its potential. With an increasing number of operators integrating USP into their roadmaps within the next 12 to 24 months, significant players like T-Mobile, AT&T, Orange, and Vodafone are already spearheading deployments.

The adoption of USP is not a single leap but rather a series of strategic steps that need to be taken, and fantastic industry collaboration is occurring within the broadband community between the prpl Foundation, the Broadband Forum, and RDK. Through the development of open APIs and standardization, leveraging USP as its backbone, these organizations are working towards enhancing home gateway architecture, enabling service providers to deploy, activate, and manage third-party applications and services with greater ease. This collaborative effort not only streamlines integration processes, reduces IT costs, and eliminates technology siloes but also facilitates the swift rollout of new features and high-value products to customers, ultimately benefitting all stakeholders in the broadband ecosystem.

Contrary to replacing TR-069 outright, consensus suggests a coexistence model where both TR-069 and TR-369 standards operate within devices, with TR-069 managing initial configurations and facilitating USP activation when needed. Migration to USP is catalyzed by specific use cases, notably telemetry, analytics, and containerized app scenarios, promising enhanced network monitoring, streamlined customer issue resolution, and potential revenue opportunities. Looking forward, integrating USP controllers within devices foresees improved app communication, underlining the technology's transformative potential in reshaping broadband ecosystems.

How does USP relate to TR-069?

USP represents a natural evolution of CWMP, a sort of “TR-069 2.0” intended to be faster, lighter-weight, and more secure. USP will be less ‘noisy’ than TR-069 in terms of message exchange, and more efficient in establishing a session between a device and a controller. USP's approach with service elements and controllers results in a simpler, lighter message set, reducing complexity and increasing performance, all while maintaining backward compatibility with TR-069.

TR-069 lacks the following capabilities, providing further drivers for USP adoption:

  • Multiple management server support
  • Use case-driven message transfer protocols
  • Efficient data encoding
  • Always-on communication
  • Application layer security
  • Distributed data model processing - crucial for big data and IoT applications

What are the use cases driving USP?

When it comes to offering new value-added services to customers, the top priorities for service providers are applications that deliver online protection and parental controls, while remote technical support and application prioritization controls follow closely behind. Given the recent shift where more users are adopting a remote lifestyle, it’s no surprise that service providers are focusing more on these types of applications to provide more control over the Wi-Fi network and appeal to end-users.

What are Wi-Fi Data Elements?

If you aren't ready to use TR-369 and are seeking to optimize Wi-Fi for your subscribers with TR-069, the TR-181 data model supports Wi-Fi Data Elements which provide hundreds of KPIs to leverage to improve service quality using a standards-based and agentless approach.

Why Choose Incognito?

Improve the broadband experience for subscribers and monetize the connected home with a new platform that’s changing the way in-home Wi-Fi networks and devices are monitored and managed. Incognito’s Digital Experience solution allows service providers to remotely manage in-home devices and applications, resolve subscriber connectivity issues, accelerate the rollout of value-added services, and reduce operational costs with a unified platform, featuring a robust Auto Configuration Service (ACS) with User Services Platform (USP) controller capabilities.

Learn more about Incognito's solution