# Device management through TR-069 # Configuring a CPE to become managed through CWMP/TR-069 ## Overview To configure a Customer Premises Equipment (CPE) device for management through the CWMP/TR-069 protocol, you must enable TR-069 management on your CPE device and configure it to communicate with the CONTROL platform. ## Required CPE Configuration Fields The following configuration fields are **required** for initial setup and should be available in your CPE device settings: - **CWMP/TR-069 Server URL**: The URL endpoint of the CWMP/TR-069 Server Platform - **Periodic Inform Interval**: The reporting frequency (in seconds) for status updates between the CPE and CWMP/TR-069 Server Platform - **Username**: The username credential used to authenticate the CPE to the CWMP/TR-069 Server Platform - **Password**: The password credential used to authenticate the CPE to the CWMP/TR-069 Server Platform ## Optional CPE Configuration Fields Some CPE devices may offer additional TR-069 configuration parameters: - **Connection Request URL**: The CPE's URL endpoint for receiving connection requests - **Connection Request Username**: The username for authenticating connection requests to the CPE - **Connection Request Password**: The password for authenticating connection requests to the CPE **Note:** These optional parameters are **not required** for initial CPE setup and can be configured later through the CONTROL platform itself. ## Example Configuration A typical initial TR-069 CPE configuration would look like: - **URL**: `https://control-dev.zequenze.com/cwmp/` - **Periodic Inform Interval**: `120` (seconds) - **Username**: `test-device` - **Password**: `c0mpl3xpazz` ### Important Authentication Requirements The **Username** and **Password** fields configured on the CPE must match the credentials defined in the CONTROL platform. These credentials can be configured either: - For a specific individual device, or - For a device TYPE (when using auto-onboarding functionality) ## Configuration on CONTROL Platform TBC # TR-069 Connection Request ## Overview TR-069 is a CPE-originated communication protocol, meaning that the CPE (Customer Premises Equipment) initiates connectivity toward the ACS (Auto Configuration Server) using a pre-agreed ACS URL, username, and password. [![acs-normal.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/T1jA9pgaEyXA5HsB-tmpc546qmbq.png)](https://docs.zequenze.com/uploads/images/gallery/2020-04/kaPkIzsR74Uw2tYg-acs-normal.png) In a standard TR-069 communication flow, the CPE connects to the ACS at regular intervals defined by the **Periodic Inform Interval**. However, there are scenarios where the ACS needs to update or modify CPE parameters within a shorter timeframe than the configured interval. For example, a customer support agent may need to change a WiFi password immediately rather than waiting for the next periodic connection. To address this requirement, the [TR-069 standard](https://www.broadband-forum.org/download/TR-069_Amendment-6.pdf) defines a **Connection Request** functionality. ## What is Connection Request? **Connection Request** is a mechanism that allows the ACS to proactively request (or "poke") a CPE to initiate a TR-069 session at any time, independent of the Periodic Inform Interval. ### How It Works 1. The ACS sends an HTTP request to the CPE using the **CPE Connection Request URL** with pre-agreed **Connection-Request Username** and **Connection-Request Password** 2. The CPE responds with either: - **Success**: `HTTP 200 OK` or `HTTP 204 No Content` - **Failure**: `HTTP 401 Unauthorized` 3. Upon successful acknowledgment, the CPE initiates a standard TR-069 session toward the ACS (beginning with the initial Inform message) [![acs-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/0z78FlibOe0hrgpQ-tmpj3yclhj3.png)](https://docs.zequenze.com/uploads/images/gallery/2020-04/cp6tRA8nYdEx7k9I-acs-connreq.png) ## Benefits of Connection Request By enabling **Connection Request** between ACS and CPE, service providers can: - **Reduce network overhead**: Use longer Periodic Inform Intervals to minimize network management traffic and CPE load - **Maintain flexibility**: Retain the ability to make configuration changes or perform tests on-demand whenever required - **Improve operational efficiency**: Enable immediate responses to customer support requests without waiting for the next periodic inform ## Implementation Challenges Implementing Connection Request presents challenges primarily related to enabling inbound HTTP connectivity from the ACS to the CPE. These challenges involve: - **IP Reachability**: CPE devices are often behind NAT or use private IP addressing, making them unreachable from the ACS - **Security Concerns**: Opening inbound connections to CPE devices requires careful security considerations [![conn-req.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/pZDjLOsuXrikdGxw-tmpkif35s5h.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/xnNrg7N1FN5TBrMX-conn-req.png) ## Connection Request Methods Several approaches exist to overcome these implementation challenges. The following are the most widely deployed methods: ### VPN-Based Connection Request A VPN tunnel can be established to provide direct reachability from the ACS to CPE devices located within the service provider's private IP address space. [![vpn-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/S4k1HvTnHS0zI0vn-tmpf5da51xv.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/ux6uwYtjrMn7igbP-vpn-connreq.png) ### XMPP-Based Connection Request This method uses an intermediate XMPP Broker that: - Can reach CPE devices - Is reachable by the ACS - Can be located inside or outside the service provider's network (e.g., in a DMZ) [![xmpp-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/CRqprkRFRI1gEgv0-tmpafe6w3a5.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/kVwSzpyDyK51FO4Y-xmpp-connreq.png) **Reference**: [TR-069 Issue 1 Amendment 6 Annex K](https://www.broadband-forum.org/download/TR-069_Amendment-6.pdf) provides detailed specifications for this architecture. ### STUN/UDP-Based Connection Request This approach uses an intermediate STUN server to enable inbound UDP-based connection requests: 1. The CPE creates a UDP connection (bind) to the STUN server 2. The ACS can reach the CPE through the STUN server using the **UDP Bind address** 3. The STUN server can be located inside or outside the service provider's network (e.g., in a DMZ) [![STUN-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/xaD8EyDX9gycDmKX-tmpm777sxd9.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/gWjsMKWvtRPhfnaI-STUN-connreq.png) **Reference**: [TR-069 Issue 1 Amendment 6 Annex G](https://www.broadband-forum.org/download/TR-069_Amendment-6.pdf) provides detailed specifications for this architecture. --- **Note**: CONTROL ACS supports all of the connection request schemes described above. # CPE Configuration for XMPP Connection Request ## Overview The [Connection Request](https://docs.zequenze.com/books/control/page/tr-069-connection-request) feature enables the ACS (Auto Configuration Server) platform to initiate communication with CPE devices to retrieve or modify parameter values and perform OAM (Operations, Administration, and Maintenance) operations. ## Prerequisites Before configuring XMPP Connection Request, ensure that an XMPP Connection instance has been created on the device at the following data model path: ``` InternetGatewayDevice.XMPP.Connection.1 ``` ## Configuration Parameters The following sections detail the required TR-069 parameters for XMPP Connection Request configuration in different environments. ### Development/Testing Environment Use these configuration values when connecting to the CONTROL development environment: | TR-069 Parameter | Value/Description | Type | Access | |:---|:---|:---:|:---:| | InternetGatewayDevice.XMPP.Connection.1.Enable | 1 | boolean | RW | | InternetGatewayDevice.XMPP.Connection.1.Domain | control-xmpp-dev.zequenze.com | string | RW | | InternetGatewayDevice.XMPP.Connection.1.Username | sample_username | string | RW | | InternetGatewayDevice.XMPP.Connection.1.Password | sample_password | string | RW | | InternetGatewayDevice.XMPP.Connection.1.Resource | ConnReq | string | RW | | InternetGatewayDevice.XMPP.Connection.1.UseTLS | 1 | boolean | RW | | InternetGatewayDevice.XMPP.Connection.1.TLSEstablished | 1 | boolean | RO | | Device.ManagementServer.ConnReqJabberID | sample_username@control-xmpp-dev.zequenze.com/ConnReq | string | RO | | Device.XMPP.Connection.1.ServerConnectAlgorithm | DNS-SRV | string | RW | | Device.XMPP.Connection.1.KeepAliveInterval | 300 | integer | RW | **Note:** Replace `sample_username` and `sample_password` with your actual credentials. ### Production Environment Use these configuration values when connecting to the CONTROL production environment: | TR-069 Parameter | Value/Description | Type | Access | |:---|:---|:---:|:---:| | InternetGatewayDevice.XMPP.Connection.1.Enable | 1 | boolean | RW | | InternetGatewayDevice.XMPP.Connection.1.Domain | control-xmpp.zequenze.com | string | RW | | InternetGatewayDevice.XMPP.Connection.1.Username | sample_username | string | RW | | InternetGatewayDevice.XMPP.Connection.1.Password | sample_password | string | RW | | InternetGatewayDevice.XMPP.Connection.1.Resource | ConnReq | string | RW | | InternetGatewayDevice.XMPP.Connection.1.UseTLS | 1 | boolean | RW | | InternetGatewayDevice.XMPP.Connection.1.TLSEstablished | 1 | boolean | RO | | Device.ManagementServer.ConnReqJabberID | sample_username@control-xmpp.zequenze.com/ConnReq | string | RO | | Device.XMPP.Connection.1.ServerConnectAlgorithm | DNS-SRV | string | RW | | Device.XMPP.Connection.1.KeepAliveInterval | 300 | integer | RW | **Note:** Replace `sample_username` and `sample_password` with your actual credentials. ## Parameter Descriptions - **Enable**: Activates the XMPP connection (set to `1` for enabled) - **Domain**: The XMPP server domain for the respective environment - **Username**: Authentication username for the XMPP connection - **Password**: Authentication password for the XMPP connection - **Resource**: XMPP resource identifier (typically `ConnReq` for Connection Request) - **UseTLS**: Enables TLS encryption for the connection (set to `1` for enabled) - **TLSEstablished**: Read-only status indicator showing whether TLS is successfully established - **ConnReqJabberID**: Read-only Jabber ID used for connection requests - **ServerConnectAlgorithm**: Connection method (DNS-SRV uses DNS service records) - **KeepAliveInterval**: Time in seconds between keep-alive messages (default: 300)