The following is a partial interpretation of the DSL Forum TR-069 CPE WAN Management Protocol. For a complete copy of the TR-069 Specification and description, click here to download the complete TR-069 CPE WAN Management Protocol specification in PDF format.

Functional Components
The TR-069 CPE WAN Management Protocol is intended to support a variety of functionalities to manage a collection of CPE, including the following primary capabilities:

• Auto-Configuration
  The CPE WAN Management Protocol allows an ACS to provision a CPE or collection of CPE based on a variety of criteria. The provisioning mechanism allows CPE provisioning at the time of initial connection to the broadband access network, and the ability to re-provision at any subsequent time.
• Dynamic Service Provisioning
  The protocol also provides optional tools to manage the CPE-specific components of optional applications or services for which an additional level of security is required to control, such as those involving payments.
• Software/Firmware Image Management
  The CPE WAN Management Protocol provides tools to manage downloading of CPE software/firmware image files.
• Status and Performance Monitoring
  The CPE WAN Management Protocol provides support for a CPE to make available information that the ACS may use to monitor the CPE’s status and performance statistics. It also defines a set of conditions under which a CPE should actively notify the ACS of changes.
• Diagnostics
  The CPE WAN Management Protocol provides support for a CPE to make available information that the ACS may use to diagnose connectivity or service issues.

General Architecture
While the CPE WAN Management Protocol is targeted at management of B NTs (see below), this protocol may be used to manage other types of CPE as well, including stand-alone routers and LAN-side client devices, as also shown below. The corresponding parameter model for other specific device types is beyond the scope of this specification.

Click here to enlarge diagram

Architectural Goals
The protocol is intended to provide flexible support for various business models for distributing and managing CPE, including:

• CPE provided and managed by the network provider.
• CPE purchased in retail with pre-registration to associate the specific CPE with a service provider and customer account (a mobile-phone like model)
• CPE purchased in retail with post-installation user registration with a service provider.

Security Goals
The CPE WAN Management Protocol is designed to provide a high degree of security and is also designed to be scalable. It is intended to allow basic security to accommodate less robust CPE implementations, while allowing greater security for those that can support more advanced security mechanisms. In general terms, the security goals of the CPE WAN Management Protocol are as follows:

• Prevent tampering with the management functions of a CPE or ACS, or the transactions that take place between a CPE and ACS
• Provide confidentiality for the transactions that take place between a CPE and ACS
• Allow appropriate authentication for each type of transaction
• Prevent theft of service

TR-069 Terminology
The following terminology is used throughout the series of documents defining the TR-069 CPE WAN Management Protocol:

• ACS Auto-Configuration Server
  This is a component in the broadband network responsible for auto-configuration of the CPE for advanced services.
• B-NT
  A broadband access CPE device capable of being managed by an ACS.
• Customer Premise Equipment (CPE)
  A DSL B NT is one form of broadband CPE.
• Internet Gateway Device
  A CPE device that is either a B NT or a broadband router.
• Option
  An optional CPE capability that may only be enabled or disabled using a digitally signed Voucher.
• Remote Procedure Call (RPC)
  A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling program.
• Parameter
  A name-value pair representing a manageable CPE parameter made accessible to an ACS for reading and/or writing.
• Session
  A contiguous sequence of transactions between a CPE and an ACS.
• Voucher
  A digitally signed data structure that instructs a particular CPE to enable or disable Options, and characteristics that determine under what conditions the Options persist.