TR-069: Network HERO Or Aggressive Driver?
by Chris AdamsAs I began to research TR-069 to create an implementation for the BreakingPoint Application Simulator component, I quickly found some angry forum posts by home broadband “power users.” It seems there was a lot of confusion about what the protocol is and how it is used. And it is no wonder. While home networks have grown in complexity, surpassing the typical consumer's manageability threshold, service providers started managing certain devices directly on a customer's network. The service providers feel this is necessary to ensure that their customer's DVR is operating and that telephone service continues to work, among other benefits. This, however, has been met by some resistance by these "power users," and TR-069 is sitting in the middle of the debate.
The resistance stems from the fact that home network administrators often suffer from illusory superiority. This is the same phenomenon that makes the vast majority of drivers think that they are better drivers than those around them. In my hometown of Atlanta, they have Highway Emergency Response Operators or HEROs, which are a fleet of service vehicles operated by Department of Transportation employees. These HEROs keep traffic running smoothly by clearing disabled vehicles from the roadway, directing traffic around wrecks, and helping motorists fix minor problems like flat tires and dead batteries. HERO drivers can tell you a great deal about illusory superiority and its impact on motorists. Rather than consider TR-069 an annoyance or intrusion into a customer's network, it is more helpful to consider it as a network HERO. I'm going to look at why.
OK, What Is TR-069?
TR-069 is an XML SOAP protocol for managing equipment deployed on a customer's premise over a WAN (CWMP v1.1). It was initially created to allow a DSL provider to remotely manage devices which might otherwise be too complex for customers to manage. Examples include modems, home routers, IP phones, and set-top boxes. This has evolved from purely DSL to overall broadband and now cable ISPs are looking into using TR-069. This seems like an obvious choice since TR-069 is just an application protocol and does not rely on any specific physical medium. TR-069 is also much more limited than SNMP or other remote management protocols, so it is not a gross invasion of privacy as some of the "tinfoil hats" might lead you to believe.
What Devices Are Used in TR-069?
There are two primary pieces of equipment used in TR-069 deployments:
- CPE: Customer-Premises Equipment. This can be any of the devices mentioned earlier or new device types which implement the TR-069 protocol in the future. Just to clear up any lingering confusion, your computers, printers, game consoles, phones, etc. are not managed via TR-069. If your ISP provided you the device, it is a candidate for management via TR-069, but is not guaranteed to be.
- ACS: Automatic Configuration Server. This system is on the service provider network and can receive status updates (reboots, configuration changes, etc.), initiate a status update, or change configuration parameters if necessary. A remote firmware update may be performed as well. Although this may sound alarming to some customers, it makes a lot of sense when you consider emerging security threats and the need to keep systems fully patched. Imagine the botnet opportunities presented by an ISP having thousands of remotely exploitable identical gateway devices, let alone the individual dangers presented by having a vulnerable device.
Let TR-069 Become Your HERO
HEROs are beneficial to both the Department of Transportation and drivers on the road. Likewise, TR-069 has mutual benefits for ISPs and subscribers. TR-069 is not specifically an active management protocol. Although a service provider could trigger an interaction, the protocol specifically requires the CPE to begin all of the connections. So if a customer sees TR-069/CWMP activity in their devices’ logs, they do not need to worry about it any more than they would any of the software on their computers checking for updates or game consoles calling home to the manufacturer. Call-home is a standard feature of just about everything today. Add to that other chatter on a home network, and you quickly realize that the ship sailed long ago on knowing everything that comes and goes on a home network. So the TR-069 traffic flowing on your network is similar to the HERO patrolling the highways: just one more traffic flow, but one that helps to ensure that all other flows operate normally.
The fact is, networks have grown far more complex than a typical consumer can handle. We have a greater diversity of devices carrying out complex interactions, including game consoles, set top boxes, VoIP phones, and the PC that handles your kid's BitTorrent traffic. These must be managed to increase the overall quality of service and eliminate the frustrations caused by choppy phone calls or missed DVR recordings. Now factor in the daily barrage of new security vulnerabilities and applications affecting traffic flows on a home network, and it's easy to see that this is something best left to professionals.
In order for this to happen, customers need to let service providers do their job, which includes passively managing certain devices and actively intervening when necessary. Would you rather physically invite a stranger into your home in the form of a service call from a technician, not to mention the time spent waiting for the technician to arrive, or would you rather have a remote operator troubleshoot your device? Again, we have a comparison with the HEROs. If trouble arises on the road, a HERO can be dispatched to help resolve the problem. This provides a DOT-sanctioned service that again provides a mutual benefit: drivers receive trustworthy roadside assistance, while the DOT resolves incidents quickly to get traffic moving again.
Service Providers Ensuring Performance, Security, And Stability of TR-069 Implementations
We implemented TR-069 for BreakingPoint Application Simulator, with the Inform, InformResponse, SetParameterValues, SetParameterValuesResponse, Download, DownloadResponse, Reboot, and RebootResponse messages, along with their necessary supporting messages. In addition to simulating CPE and ACS devices, our Super Flows use two extra hosts. The first connects to the CPE and causes it to call out to the ACS in order to request a firmware upgrade. The second is an HTTP server on which the actual firmware upgrade image is hosted. The Super Flows we created are based on the customer provided data and use the actions created for the TR-069 protocol and a couple of vanilla HTTP actions. In plain English, the Super Flows we created cover device initialization, firmware upgrade, and device rebooting.
Both consumers and service providers will reap the benefits from TR-069, and this is why the carriers have asked BreakingPoint to support the protocol. They are now using the BreakingPoint Storm CTM to simulate TR-069 traffic and evaluate the devices in their own labs. Doing it with the TR-069 protocol (among others, of course) ensures that they can provide reliable service and effectively manage the devices they provide to customers. So while it's no secret that broadband providers don't have a stellar customer service record, effectively managing TR-069 devices and explaining the value in doing so will be a great step toward improving customer relations. In contrast to HEROs, which are prominently marked, and whose services are widely advertised, TR-069 is virtually unknown to home users because ISPs have not explained it to their customers. If the HERO units were unmarked and their services not advertised, then drivers could rightly complain about another vehicle on the road — one that makes frequent stops on already congested highways. Rather than quietly letting customers rant on message boards, ISPs can assure their customers of exactly what they are doing with TR-069 and explain how it can improve the security and resiliency of their home networks.
So you decide: HERO or aggressive driver?
