# TR-069 Connection Request

## Overview

TR-069 is a CPE-originated communication protocol, meaning that the CPE (Customer Premises Equipment) initiates connectivity toward the ACS (Auto Configuration Server) using a pre-agreed ACS URL, username, and password.

[![acs-normal.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/T1jA9pgaEyXA5HsB-tmpc546qmbq.png)](https://docs.zequenze.com/uploads/images/gallery/2020-04/kaPkIzsR74Uw2tYg-acs-normal.png)

In a standard TR-069 communication flow, the CPE connects to the ACS at regular intervals defined by the **Periodic Inform Interval**. However, there are scenarios where the ACS needs to update or modify CPE parameters within a shorter timeframe than the configured interval. For example, a customer support agent may need to change a WiFi password immediately rather than waiting for the next periodic connection.

To address this requirement, the [TR-069 standard](https://www.broadband-forum.org/download/TR-069_Amendment-6.pdf) defines a **Connection Request** functionality.

## What is Connection Request?

**Connection Request** is a mechanism that allows the ACS to proactively request (or "poke") a CPE to initiate a TR-069 session at any time, independent of the Periodic Inform Interval.

### How It Works

1. The ACS sends an HTTP request to the CPE using the **CPE Connection Request URL** with pre-agreed **Connection-Request Username** and **Connection-Request Password**
2. The CPE responds with either:
   - **Success**: `HTTP 200 OK` or `HTTP 204 No Content`
   - **Failure**: `HTTP 401 Unauthorized`
3. Upon successful acknowledgment, the CPE initiates a standard TR-069 session toward the ACS (beginning with the initial Inform message)

[![acs-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/0z78FlibOe0hrgpQ-tmpj3yclhj3.png)](https://docs.zequenze.com/uploads/images/gallery/2020-04/cp6tRA8nYdEx7k9I-acs-connreq.png)

## Benefits of Connection Request

By enabling **Connection Request** between ACS and CPE, service providers can:

- **Reduce network overhead**: Use longer Periodic Inform Intervals to minimize network management traffic and CPE load
- **Maintain flexibility**: Retain the ability to make configuration changes or perform tests on-demand whenever required
- **Improve operational efficiency**: Enable immediate responses to customer support requests without waiting for the next periodic inform

## Implementation Challenges

Implementing Connection Request presents challenges primarily related to enabling inbound HTTP connectivity from the ACS to the CPE. These challenges involve:

- **IP Reachability**: CPE devices are often behind NAT or use private IP addressing, making them unreachable from the ACS
- **Security Concerns**: Opening inbound connections to CPE devices requires careful security considerations

[![conn-req.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/pZDjLOsuXrikdGxw-tmpkif35s5h.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/xnNrg7N1FN5TBrMX-conn-req.png)

## Connection Request Methods

Several approaches exist to overcome these implementation challenges. The following are the most widely deployed methods:

### VPN-Based Connection Request

A VPN tunnel can be established to provide direct reachability from the ACS to CPE devices located within the service provider's private IP address space.

[![vpn-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/S4k1HvTnHS0zI0vn-tmpf5da51xv.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/ux6uwYtjrMn7igbP-vpn-connreq.png)

### XMPP-Based Connection Request

This method uses an intermediate XMPP Broker that:

- Can reach CPE devices
- Is reachable by the ACS
- Can be located inside or outside the service provider's network (e.g., in a DMZ)

[![xmpp-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/CRqprkRFRI1gEgv0-tmpafe6w3a5.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/kVwSzpyDyK51FO4Y-xmpp-connreq.png)

**Reference**: [TR-069 Issue 1 Amendment 6 Annex K](https://www.broadband-forum.org/download/TR-069_Amendment-6.pdf) provides detailed specifications for this architecture.

### STUN/UDP-Based Connection Request

This approach uses an intermediate STUN server to enable inbound UDP-based connection requests:

1. The CPE creates a UDP connection (bind) to the STUN server
2. The ACS can reach the CPE through the STUN server using the **UDP Bind address**
3. The STUN server can be located inside or outside the service provider's network (e.g., in a DMZ)

[![STUN-connreq.png](https://docs.zequenze.com/uploads/images/gallery/2026-02/xaD8EyDX9gycDmKX-tmpm777sxd9.png)](https://docs.zequenze.com/uploads/images/gallery/2020-07/gWjsMKWvtRPhfnaI-STUN-connreq.png)

**Reference**: [TR-069 Issue 1 Amendment 6 Annex G](https://www.broadband-forum.org/download/TR-069_Amendment-6.pdf) provides detailed specifications for this architecture.

---

**Note**: CONTROL ACS supports all of the connection request schemes described above.