《TR069协议简要介绍》由会员分享,可在线阅读,更多相关《TR069协议简要介绍(18页珍藏版)》请在金锄头文库上搜索。
1、TR069协议向导 1. 为什么需要TR069 随着VoIP、IPTV等越来越多IP终端设备的普及(尤其在家庭中的普及),大量设备的配置和维护变得越来越困难,大大提高了网络产品运营商的成本,传统的基于SNMP的网管系统面对众多的终端设备时显得力不从心,限制了宽带接入市场的发展速度和规模。TR069定义了一套全新的网管体系结构,包括“管理模型”,“交互接口”,“管理参数”,在很大程度上减少了网络产品的运为成本。2. 什么是TR069协议 TR069是数字用户线(DSL)论坛(已改名为Broadband Forum)制定的一个面向终端设备的网管协议,称为“用户终端设备广域网管理协议(CWMP)”,
2、DSL论坛的文档编号为TR069。3. TR069协议发展现状 自2004年5月DSL论坛推出该协议以来,各大运营商纷纷部署基于TR069的终端设备。但从协议的发展情况看,TR069仍然处于不断完善的过程中。 4. TR069协议网络架构 ACS为自动配置服务器,负责对终端设备CPE进行管理。ACS与CPE间的接口为南向接口,ACS与管理系统间的接口为北向接口。TR069协议主要定义了南向接口。5. TR069的实现(协议栈)1) TR069协议基于TCP/IP;2) 标准的Internet传输安全协议,SSL3.0 OR TLS1.0 ,使用SSL/TLS并不强制要求,确保CPE和ACS之间
3、基于证书的鉴权3) ACS与CPE间的消息传输使用HTTP1.14) 消息的具体内容使用SOAP包进行封装,SOAP包是一个包含SOAP Head(SOAP头)和 SOAP Body (SOAP体)组成的XML文档 5) ACS与CPE之间通过TR069协议特有的RPC方法进行互操作。ACS远程调用CPE上的RPC函数,用来对CPE进行管理如:设置CPE参数、获取CPE参数、硬件升级、重启设备等;因此需要向CPE传输要调用的函数名及参数,这些内容包含在SOAP体中。ACS并不直接对设备本身的接口进行调用 ,ACS所调用的函数为TR069的标准函数(称作TR-069 RPC Methods),C
4、PE需要通过一个设备上的中间层解析出RPC方法,再由这个中间层调用设备自身的接口,这个中间层就是TR069 Agent。CPE调用ACS的方法,用来向ACS上报状态信息,请求硬件镜像文件下载(用来升级硬件)等等。TR069协议的RPC函数(或称RPC方法),如下表: 6. CPE函数参数(TR069协议的数据模型) 网络架构上包含两种设备类型,因此包含两套数据模型:i. TR-106: Data Model Template for TR-069-Enabled Devices, 13ii. TR-098: Internet Gateway Device Data Model for TR-0
5、69, 24 iii. TR-104: Provisioning Parameters for VoIP CPE, 25Each Parameter consists of a name-value pair. The name identifies the particular Parameter, and has ahierarchical structure similar to files in a directory, with each level separated by a “.” (dot). The value of a Parameter may be one of se
6、veral defined data types (see 13). 参数名 :使用由类似树型的点分层关系组织起来。树干为需要配置的对象,树叶为具体的配置参数,所有配置参数都具有是否可读写属性。 如:InternetGatewayDevice.IPPingDiagnostics.Interface参数类型:基于SOAP的数据类型参数有只读、只写两种状态。且可扩展TR069协议就是一个基于TCP/IP,通过HTTP或者HTTPS发送SOAP消息来远程调用CPE或者ACS RPC方法,从而可以达到获取配置和业务信息,监控状态,故障诊断等目的的一种协议。7. 详解TR069规则:CPE和ACS都可以
7、发起会话,ACS发起的会话是异步的。A. 建立连接CPE发起的连接: CPE必需满足如下任何一个条件的情况下向ACS地址发起连接,并调用ACS的Inform方法。 The CPE首次入网first time the CPE establishes a connection to the access network on initial installation On CPE加电或重启power-up or reset Once 定时任务every PeriodicInformInterval (for example, every 24-hours) When the optional Sc
8、heduleInform method的指示so instructed by the optional ScheduleInform method Whenever CPE收到ACS的连接请求the CPE receives a valid Connection Request from an ACS (see section 3.2.2) Whenever ACS的URL发生改变the URL of the ACS changes Whenever 某些参数发生了变更a parameter is modified that is required to initiate an Inform
9、on change. Whenever VALUECHANGE事件,所以CPE必需发起连接the value of a parameter that the ACS has marked for “active notification” via theSetParameterAttributes method is modified by an external cause (a cause other than the ACSitself).Whenever 不正常的会话终结,导致会话重新发起时。an unsuccessfully terminated session is retried
10、 according to the session retry policyspecified in section 3.2.1.1.重建会话为了递交上次提交失败的事件。重试的次数必需通知ACS【Inform时已经提交】。.ACS发起的连接:满足如下条件 The必须使用HTTP1.1 GET。获取只读的CPE状态 Connection Request MUST use an HTTP 1.1 GET to a specific URL designated by the CPE. TheURL value is available as read-only Parameter on the C
11、PE. The path of this URL value SHOULD be randomly generated by the CPE so that it is unique per CPE. The 不能使用HTTPSConnection Request MUST make use of HTTP, not HTTPS. The associated URL MUST be anHTTP URL. No 不能带参数,CPE 应该忽略参数data is conveyed in the Connection Request HTTP GET. Any data that might be
12、 containedSHOULD be ignored by the CPE. The 摘要认证CPE MUST use digest-authentication to authenticate the ACS before proceedingthe CPEMUST NOT initiate a connection to the ACS due to an unsuccessfully authenticated request. The CPE接受任何正确鉴权的请求CPE MUST accept Connection Requests from any source that has
13、the correct authenticationparameters for the target CPE. The 鉴权成功后必选返回200或者204,且长度必须为0CPEs response to a successfully authenticated Connection Request MUST use either a “200(OK)” or a “204 (No Content)” HTTP status code. The CPE MUST send this response immediatelyupon successful authentication, prio
14、r to it initiating the resulting session. The length of the messagebody in the HTTP response MUST be zero. The CPE需限制周期内ACS请求的次数,如果超出这个次数返回503状态码,且忽略Header中带的Retry-AfterCPE SHOULD restrict the number of Connection Requests it accepts during a given period oftime in order to further reduce the possib
15、ility of a denial of service attack. If the CPE chooses to rejecta Connection Request for this reason, the CPE MUST respond to that Connection Request with anHTTP 503 status code (Service Unavailable). In this case, the CPE SHOULD NOT include the HTTPRetry-After header in the response. If 正确鉴权,并已经做出响应,但是会话超时,30s内发起响应,即Call ACS inform,EventCode=6 CONNECTION REQUESTthe CPE successfully authenticates and responds to a Connection Request as described above, and if it is not already in a session, then it MUST, within 30 seconds of se
