MikroTik –TR069 · TR069 vs SNMP Feature SNMP TR-069 The concept Protocol to communicate with specific CPE The TR-069 is a standard to communicate with all CPEs. TR-069 is not only

MikroTik– TR069

HannesWillemse

MikroTikCertifiedTrainerMTCNA– MTCWE– MTCRE– MTCTCE

WhatisTR069

TheCPEWANManagementProtocol(CWMP),publishedbyTheBroadbandForumas TR-069,specifiesastandard

communicationmechanismfortheremotemanagementofend-userdevices.Itdefinesaprotocolforthesecureauto-configurationofa TR-069 deviceandincorporatesothermanagementfunctionsintoacommonframework.

www.friendly-tech.com

WhatisTR069designedfor?

TR-069enablesremoteandsafeconfigurationofnetworkdevicescalledCPE.Configurationismanagedbyacentral

servercalledanACS.

https://www.avsystem.com

Whatisan ACS

AutoConfigurationServer- softwarethatmanagesdevicesremotely.

AVSystem UMPisanexampleoftheACS.


Whatisan CPE

CustomerPremisesEquipment- anyequipmentusedbycustomerswhichcanbemanagedbytheACS.CPEis

commonlycalledadevice.


HowtoconnectadevicetotheACS?

• ACSURL- anInternetaddressoftheACS,whichisaccessiblefromthis device.

• PeriodicInformInterval- definesafrequencyofcommunicationwiththeACS.

• Usernameandpassword- verificationdataisoptional.ItdependsontheACSrequirementsandanexpectedsecuritylevel.


WhatdoesthecommunicationbetweenthedeviceandtheACSlooklike?

• TheconnectionbetweenthedeviceandtheACSisnotpermanent.

• ThedeviceestablishestheconnectionwiththeACSonlyatspecificpointsintime.Itusuallylastsseveralseconds,justenoughtoexchangeallnecessarymessagesbetweenCPEandtheACS.Thisshortexchangeofmessagesiscalledaprovisioningsession.


Theprovisioningsession

• Sessioninitialization• Authentication• Deviceidentification• Tasksexecutiononthedevice• Sessionclosure


WhendoesthedevicestartasessionwiththeACS?

• TheACSURLissavedorchangedonthedeviceorthedeviceisresettofactorysettings(thedevicecommunicatesitasBOOTSTRAP).

• AnewperiodicvisitistobeginaccordingtothevaluesetinPeriodicInformInterval(thedevicecommunicatesitasPERIODIC).



• ThedevicerespondstotheACSrequestforimmediateconnection(thedevicecommunicatesitasCONNECTIONREQUEST).

• Avalueofaparameterforwhichactivenotificationisenabledchanges(thedevicecommunicatesitasVALUECHANGE).

• Thedeviceisresetorisreconnectedtothepowersupply(thedevicecommunicatesitasBOOT).



• DuringoneoftheprevioussessionstheACSorderedthedevicetoinitiatethecontactwithScheduleInformcommand(thedevicecommunicatesitasSCHEDULED).

• Thedevicewantstoreportexecutionofpreviouslyordereddownloadoruploadmethods(thedevicecommunicatesitasTRANSFERCOMPLETE).

• Thedevicewantstoconfirmapreviouslyordereddiagnostic(thedevicecommunicatesitasDIAGNOSTICCOMPLETE).


• ThemanufacturerofthedevicecanaddcustomeventsthatwillalsomakethedeviceconnecttotheACS.


WhyshouldIbeawareofreasonsforsessioninitialization?

• Youcanorderthedevicetoperformvarioustasksdependingonaparticularcontext,forexample,whenthedeviceconnectsforthefirsttime.

• Youcananalyzereasonsforlastvisitsandfindoutabnormalitiesregardingdevice’sactivities.


CantheACSinitializeasessionwiththedevice?

No,itcannot.Thesessioncanbestartedonlybythedevice.However,theACScansendarequesttoestablishconnection,thatisConnectionRequest,whichmakesthedevicecontacttheACSifitisproperlyimplemented.


IsTR-069secure?

Yes,itis.TR-069providesseveralmechanismsthatguaranteerobustsecurity.AuthenticationUsernameandpassword,SSL/TLScertificatesCommunicationHTTPSOtherFirewall- IPaddresseslimitedtoasafepool

WhatarethebenefitsofmanagingdevicesviaTR-069?

• Itoffersagreatercontroloverdevices’settingsincomparisontomanagingthemusingconfigurationfiles.

• Itshortenstimeneededforinstallingthedevicesatthecustomers’premisesthankstosendingtheinitialconfigurationautomatically.

• Itreducesanumberofengineers’visitsthankstoapossibilityofperformingcrucialoperationsremotely.



• Changingconfiguration,turningservicesoff/onandperformingdiagnosis.

• Itfacilitatesmaintenanceworksuchasupgradingdevice'sfirmwareandbackingupitsconfiguration.Whatismore,theselonglastingoperationscanbescheduledtotakeplaceoff-peakhours.

• Itreducesfailuresthankstonetworkoptimizationsettingsfordevices,forexamplebysettingthebestWi-Fichannels.


• Itautomatesthecontrolofthenetworkstatethroughmonitoring.

• Itcollectsdatathatcanbeusedinbusinessanalysis,forexample,detectingactiveuserstowhomadditionalofferscanbemade.


TR069vsSNMPFeature SNMP TR-069

The concept Protocol to communicate with specific CPE

The TR-069 is a standard to communicate with all CPEs. TR-069 is not only a protocol but includes business rules.

Supported commands from server side

SNMP includes only: Get/Set and traps.

TR-069 includes : Set /Get, traps, create object, Delete object, File download, File upload, Reboot, reset, diagnostics commands (Ping, loopback, etc) + support of additional RPCs

TR069vsSNMPFeature SNMP TR-069 Zero Touch provisioning Per CPE type (if available) Yes, part of the standard Diagnostics and monitoring Per CPE type (if available) Yes, part of the standard Data Monitoring No Yes Enforcing Carrier’s policy on CPE & Access Control No Yes

Firmware upgrade Not part of the protocol Yes Security Not part of the protocol Full security More adopted by the main carriers No Yes

Built-in ability to manage multiple types of CPEs

No. Each CPE type requires customizations

In-dependant of CPE vendor or CPE type.

WhatisaRPC

RemoteProcedureCall(RPC)isaprotocolthatoneprogramcanusetorequestaservicefromaprogramlocatedin

anothercomputeronanetworkwithouthavingtounderstandthenetwork'sdetails.Aprocedurecallisalsosometimes

knownasafunctioncallorasubroutinecall.

searchmicroservices.techtarget.com

WhatdoIneedtoimplementTR069onaMikroTik




https://wiki.mikrotik.com/wiki/Manual:Flashfig

Documents

MikroTik –TR069 · TR069 vs SNMP Feature SNMP TR-069 The concept Protocol to communicate with specific CPE The TR-069 is a standard to communicate with all CPEs. TR-069 is not only