ACS Features

5/28/2018 ACS Features

1/53

Comtrend TR-069 Auto-

Configuration Server

Comtrend TR-069 Auto-

Configuration ServerComtrend 2007Comtrend 2007


2/53

TR-069 Specifications


3/53

What is TR-069

CPE WAN Management Protocol: A protocol forcommunication between a CPE and Auto-Configuration

Server (ACS) that encompasses secure auto-configurationas well as other CPE management functions within acommon framework.

TR-069 Amendment 1 http://www.dslforum.org/techwork/tr/TR-

069%20Amendment%201.pdf
http://www.dslforum.org/techwork/tr/TR-069%20Amendment%201.pdfhttp://www.dslforum.org/techwork/tr/TR-069%20Amendment%201.pdfhttp://www.dslforum.org/techwork/tr/TR-069%20Amendment%201.pdfhttp://www.dslforum.org/techwork/tr/TR-069%20Amendment%201.pdf


4/53

Diagram from DSL Forum specifications


5/53

Diagram from DSL Forum specifications


6/53

CPE Assumptions

All CPE regardless of type must obtain an IP address inorder to communicate with an ACS.

A CPE can interact with a single ACS at a time. At anytime, a CPE is aware of exactly one ACS with which it canconnect. A collection of ACS behind a load balancer is

considered a single ACS.


7/53

What is ACS

Auto-Configuration Server: This is a component in thebroadband network responsible for auto-configuration of

the CPE for advanced services.


8/53

ACS Capabilities

1. Auto-configuration provisioning: ACS can set CPEsparameter values. For example: WAN, LAN, DHCP, NAT,

Virtual Servers, IP Filtering, MAC Filtering, ParentalControl, Routing, Static Routes (Layer 3 forwarding), DNS,Print Server, Port Mapping (Layer 2 Bridging), Wireless,

VoIP, System Log, NTP, Access Control, etc.


9/53

ACS Capabilities

2. Firmware image management: ACS asks CPE todownload firmware image file and configuration file. CPE

will inform the ACS of the completion either successful orunsuccessful of the file transfer.


10/53

ACS Capabilities

3. Status and performance monitoring: ACS collectsCPEs information by getting CPEs parameter values. ISP

or ITSP can use the collected information to monitor theCPEs status and performance statistics.


11/53

ACS Capabilities

4. Diagnostics: ACS asks CPE to execute IP Ping test,WAN DSL Diagnostics, and WAN ATM F5 Loopback

Diagnostics. CPE will report the diagnostic results to theACS.


12/53

Security Mechanisms

1. HTTPS and Certificate Authentication: TR-069supports the use of SSL/TLS for communications transport

between CPE and ACS. This provides transactionconfidentiality, data integrity, and allows certificate-basedauthentication between the CPE and ACS.


13/53

Security Mechanisms

2. Digest Authentication: The HTTP layer provides analternative means of CPE and ACS authentication based on

shared secrets. CPE must pass the digest authenticationbefore establishing a connection to the ACS.


14/53

CPE Initiated Sessions

CPE establishes communication upon initial CPEinstallation in order to bootstrap initial customizedparameter values into the CPE.

CPE establishes periodic communication with the ACS onan ongoing basis.

CPE also connects to ACS when events occur that must bereported to the ACS (such as when the broadband IP addressof the CPE changes and certain parameters are modified bya non-ACS management entity).

The values of the CPE parameters, whose attributes are set

to Active/Passive Notifications by ACS, are changed.


15/53

Asynchronous ACS Initiated

Sessions Connection Request: ACS can issue a Connection

Request to the CPE at any time, instructing the CPE to

immediately establish a communication session with theACS.


16/53

Diagram from DSL Forum

specifications


17/53

OSS/BSS

ACS

Call

Center

CPE

Digital Home

Player / Server

IP STB

VoIP

TR-106: CommonData ModelTemplate

TR-106: CommonData ModelTemplate

PDA

Gaming Console

TR-064,UPnP IGD

TR-064,

UPnP IGD

TR-98: ServiceDifferentiation

Extensions

TR-98: ServiceDifferentiation

ExtensionsWT-131: ACS NBI

Requirements

WT-131: ACS NBI

Requirements

WT-121:TR-069

Implementation &Interoperability

WT-121:TR-069

Implementation &Interoperability

TR-104: VoIPObject Model

TR-104: VoIPObject Model

TR-111: Remote Mgmtof home devices

(TR-069 pass-through)

TR-111: Remote Mgmtof home devices

(TR-069 pass-through)TR-069: WAN-side

CPE Mgmt

TR-069: WAN-sideCPE Mgmt

WT-135: STB

Object model

WT-135: STBObject model

TR-68 v2:DSL

Modem

withRoutingspecs

TR-68 v2:DSL

Modem

withRoutingspecs

WT-142:TR-069 for PON andfiber access

WT-142:TR-069 for PON andfiber access WT-140: network

storageObject model

WT-140: networkstorage

Object model

DSL Forum HomeNetworking Standards


18/53

TR-069 Companion

Parameter Specifications TR-098: Internet Gateway Device Data Model for TR-069

TR-106: Data Model Template for TR-069-Enabled LANDevices

TR-104: Provisioning Parameters for VoIP CPE

WT-135: Data Model for a TR-069-Enabled Set-Top-Box

WT-140: TR-069 Data Model for Storage Service EnabledDevices


19/53

Comtrend ACS Introduction


20/53

CPE RPC Methods supported

by Comtrend ACS Comtrend ACS supports the following CPE RPC Methods:

GetRPCMethods, SetParameterValues,

GetParameterValues, GetParameterNames,SetParameterAttributes, GetParameterAttributes,AddObject, DeleteObject, Reboot, Download, Upload,

FactoryReset, GetQueuedTransfers, ScheduleInform, andGetOptions.


21/53

ACS RPC Methods supported

by Comtrend ACS Comtrend ACS supports the following ACS RPC Methods:

GetRPCMethods, Inform, and TransferComplete.


22/53

Comtrend TR-069 CPE

supported by Comtrend ACS ADSL2+ Router: CT-5071S, CT-5071T, CT-5611T, CT-

5621, CT-5621T, CT-5624

Wireless ADSL2+ Router: CT-536B+, CT-5361, CT-5361T ADSL2+ / VDSL2 Router: CT-5372, CT-5372E

ADSL2+ Wireless VoIP IAD: CT-6382, CT-6382T, CT-

6382D, CT-6383 ADSL2+ / VDSL2 Wireless VoIP IAD: CT-6373, CT-

6373E

VoIP Gateway: CT-820C


23/53

Comtrend ACS Software

Requirements OS: Red Hat Enterprise Linux 5 DVD or Scientific Linux

5 DVD

Required Linux RPMs: MySQL Database, Apache WebServer+mod_ssl, and PHP


24/53

Comtrend ACS Hardware

RequirementsBasically, one single server machine can run the ACSapplication software.

CPU: Intel Pentium Dual Core/Core 2 Duo/Core 2Quad/Xeon or compatible

Memory: 4 GB RAM or above

HD: Minimum 120 Gbytes free space. RAID-5 Support orSCSI hard disks are recommended.

Gigabit Ethernet Network Interface Card * 2

DVD-ROM * 1


25/53


Architecture 1. Single Server Architecture

All-in-one mode.

All required server services run on a single servermachine.

Limit to manage maximum 100,000 CPEs. Single ACS Server

ACS

+ Apache

+ MySQL

+ Firewall


26/53


Architecture 2. High Availability Architecture

Active - Standby mode.

Use the other ACS servermachine to backup and provideservice failover.

Limit to manage maximum100,000 CPEs.

Active

ACS

Server

Standby

(Backup)

ACS

Server

Network

Power

Switch

(Fence

Device)

Storage

(Disk Array)

SCSI/Fiber SCSI/Fiber

CPE


27/53


Architecture 3. Advanced Cluster Architecture

Active - Active mode.

Provide high availability and loadbalancing.

Require at least 3 server machines.

Can flexibly add additional ACSserver machines.

Can support unlimited number of

CPE.

ActiveACS

Server

Network

Power

Switch(Fence

Device)

Storage

(Disk Array)

Fiber

Channel

ActiveACS

Server

ActiveACS

Server

Load Balancing Machine

CPE

More

ActiveACS

Server(s)


28/53

Comtrend ACS Features


29/53


Manage and control TR-069 enabled CPEs: ComtrendACS complies 100% with the TR-069 specifications, and

is able to manage any TR069-enabled CPEs. ComtrendACS has perfect interoperability with the followingfamous DSL chip vendors and CPE manufacturers:

Broadcom, Conexant, 2Wire, Linksys, Westell, Netopia,Infineon, TrendChip, Alpha Networks, RealTek, etc.


30/53


Supports ACS-initiated Provisioning: At any timeComtrend ACS can request that the CPE initiates a

connection to Comtrend ACS using the ConnectionRequest notification mechanism. Also, by using theConnection Request, Comtrend ACS can ask the CPE to

reboot or to restore its settings to the factory defaults at anytime.


31/53


Provides high degree of security: Comtrend ACSsupports basic and digest authentication, SSL/TLS, and

certificate authentication. For security reasons, ComtrendACS can only allow HTTPS connections from the CPEs.Therefore, the CPEs that connect to Comtrend ACS must

support HTTPS.


32/53


Flexibly add new CPE Models of different

manufacturers: Comtrend ACS not only works perfectly

with Comtrend CPE models, but also allows ACSadministrators to flexibly add any new CPE Models ofdifferent manufacturers.


33/53


Easily and quickly control any unknown TR-069 CPEs:

Comtrend ACS can scan an untested CPE to discover

which TR-069 parameters the CPE supports, and then candirectly manage and control it.


34/53


Flexibly select which CPE functions must be managed:

By using the Model Profile, ACS administrators can

flexibly select which CPE parameters must be managedand controlled by Comtrend ACS, and which CPEparameters are allowed to be changed by end users or third

party tools.


35/53


Allows the adding of vendor-specific parameters: IfCPEs not only have TR-069 standard parameters, but also

vendor-specific parameters, these parameters can besubsequently added to Comtrend ACS database to allowComtrend ACS to control them. Most importantly,

Comtrend ACS can manage and control all parametersshown on the Comtrend CPE web UI, even though theseparameters are not defined in the TR-069 specifications.


36/53


Has CPE download firmware image file and vendor

configuration file: Comtrend ACS supports multiple

additional download URLs of the same firmware imagefile. The firmware image file or the vendor configurationfiles can be stored in extra different download servers to

distribute network flow. In addition, the allowed firmwaredownload time can also be configured and limited at off-hour.


37/53


Provides CPE Status and Performance Monitoring:

Comtrend ACS collects CPE information and statistics

generated by the TR-069 parameters to monitor the CPEsstatus and performance. Comtrend ACS web UI | Devices |Device List | Status page lists the read-only status

parameter values that the CPE reports to Comtrend ACSduring the most recent connection.


38/53


Implement CPE Diagnostics: Comtrend ACS uses thecollected CPE information generated by TR-069

parameters to diagnose connectivity or service issues.Comtrend ACS can ask the CPE to ping a certain IPaddress or hostname and to report the result of the ping test.


39/53


Has conspicuous LED indicators: The Green / Red statusLED indicator indicates whether or not the CPE keeps a

normal connection to Comtrend ACS within the regulatedperiodic Inform interval. The Red / Gray firmware LEDindicator indicates whether or not the CPE has upgraded its

firmware to the version specified by Comtrend ACS.


40/53


Provides detailed log tables of each connected CPE:

Every CPE connection record is logged in the Session Log

table. Moreover, Comtrend ACS also has: Notification Logtable, Download Log table, Bootstrap Log table, and ErrorLog table.


41/53


Allows use of different keywords to search a CPE data:

Comtrend ACS administrators can use the desired key

words (MAC address, CPE IP address, or SN) to searchthe configuration data of a specific CPE or theconfiguration data of multiple CPEs.


42/53


Automatically and manually backup ACS database:

Comtrend ACS database will be automatically backed-up

at the time specified by the ACS administrator. Also,Comtrend ACS database can be manually backed-up to besaved locally. The restore source can be the backup file

automatically stored in Comtrend ACS or the file manuallystored in the administrators local computer.


43/53


Has a build-in CWMP interoperability test system:Comtrend CWMP Interoperability Test System (ITS) isspecifically designed for DSL Forum PD-128 CWMP

interoperability tests. It provides convenience and accuracyfor stepping through the interoperability tests betweenComtrend ACS and multiple CPEs. It follows the testitems suggested in the PD-128 document and also addsother useful and important test items. ITS can simulate anyCWMP transaction session to flexibly reproduce anyproblems that may happen in the real world situation.


44/53


Has high availability and scalability: According to thedesign of our load-balance model, multiple ACSes are ableto support unlimited CPEs accounts, and can supportunlimited upgrade and configuration tasks runningsimultaneously by adding additional ACSes if necessary.The administrative web server used to operate a collection

of ACSes can be separate from the ACS groups. MultipleACSes that share the same FQDN can be used to dispersenetwork flows. Round-Robin DNS mechanism is able toevenly distribute all CPE connections among these ACSes.


45/53

Business Model Example


46/53


1. A subscriber applies for the Internet service from thecustomer service portal of an ISP.


47/53


2. The ISP adds a entry of data for the new subscriber in itsown OSS database, including the subscriber name, address,

telephone number, PPPoE username & password, SIPusername & password, CPE Model, CPE MAC address,etc. According to the design of the Comtrend ACS, the

ACS uses the base MAC address of the CPE to distinguisheach unique CPE.


48/53


3. After getting the subscriber information, the OSS addsan entry of the CPE configuration data in the ACS

database for the new subscriber through calling the ACSAPI. The ACS API provides convenience and flexibility tolet the OSS adds a collection of CPE accounts. The ACS

administrators can also login to the ACS administrativeweb user interface to add the new CPE accounts.


49/53


4. The CPE is shipped to the subscriber. Each CPE has thesame factory default settings: pre-configured ACS URL

and TR-069 related settings, PPPoE WAN connection, thesame PPPoE username and password, etc.


50/53


5. When the subscriber gets the CPE and powers it on, theCPE will automatically connect to the ACS on the Internetby using HTTPS connections. Whenever the CPE tries toconnect to the ACS, the CPE will tell the ACS the CPEsbase MAC address. The ACS will check if there is a MACaddress entry for the CPE in the ACS database. The ACS

will also ask the CPE to provide a set of username andpassword for the digest authentication. If CPE can pass theauthentication, the ACS will allow the CPE to establish asuccessful connection to the ACS.


51/53


6. The ACS will then reset the CPEs configuration. TheACS will replace the original factory default settings with

the subscribers unique PPPoE username & password,unique SIP username and password, etc.


52/53


7. The CPE will reboot automatically to make the newsettings applied.


53/53

Thank youThank you

Your Best Strategic PartnerYour Best Strategic Partner

Documents

ACS Features