tr069serveruser.docx
《tr069serveruser.docx》由会员分享,可在线阅读,更多相关《tr069serveruser.docx(15页珍藏版)》请在冰豆网上搜索。
tr069serveruser
FreeACSTR-069Server
UserManual
2014R1
TableofContents
1DocumentIntroduction
1.1DocumentPurpose
ThedocumentshouldteachanoperatortoconfigureandruntheTR-069Server.
1.2DocumentAudience
TheaudienceshouldunderstandthebasicconceptofprovisioningandhavesomegeneralknowledgeaboutFreeACS.Thereaderswillprobablybeoperatorsoftheserverandfuturedevelopersandtestersoftheserver.
1.3DocumentHistory
Version
Editor
Date
Changes
Simonsen
23-Mar-09
UpdatedtolatestversionofTR-069Server
Simonsen
03-Apr-09
Revisededition
Simonsen
30-Jun-09
Revisededition
Simonsen
12-Nov-09
Revisededition
Simonsen
28-Sep-10
Revisededition
Simonsen
07-Nov-10
HandlesrepeatingjobsandTR-statistics
Simonsen
17-Mar-11
Revisededition
Simonsen
13-Dec-11
Changedsomechapters
2013R1
M.Simonsen
25-Feb-13
Updatedtolatestversion
2014R1
M.Simonsen
05-Aug-14
Updatedtolatestversion
1.4References
Document
[1]FreeACSInstallation
2Introduction
Beforereadingthisintroduction,weexpectyoutounderstandthebasicconceptsofFreeACSandthatitissetupaccordinglyto[1].ThisdocumentwillfocusonhowtoconfiguretheTR-069Server.
TheTR-069ServerisresponsibleforthecommunicationwithCPEs,andcommunicatesoverTR-069protocol.ThereareotherserversinFreeACSthatalsocommunicateswithCPEs,butthroughotherprotocols(SPPServersupportsHTTP/TFTP).
TheCPEsmustbeconfiguredwithaURLwhichpointstothisserver.Whenthisisinplace,theTR-069Serverwillfulfilitsobligation:
ProvisionparameterstotheCPEs,readparametersfromtheCPEs,updatethedatabasewithdatafromtheCPEandupgradethefirmware/softwareandconfiguration.
Theservershouldbeabletohandlemillionsofdeviceseveryday.Theexactperformancevarieswithmanyfactors,butiftheconfigurationoftheserverandtheprovisioningfocusesonperformancealone,itshouldbepossibletoprovision10-15milliondevicesperday.Ifemphasisisonjobcontrolthefigurewillbesubstantiallylower,althoughstillinthemillions.
3Security
3.1Authentication
Theservercanberunwithnoauthentication,basicauthenticationanddigestauthentication,thelatterrecommendedforTR-069devices.Tochangethesettings,lookinthe“propertyfile”chapter.InadditiontochangingthepropertyfileyouneedtocreateasecretforeachoftheCPEs.ThatsecretisspecificforeachCPEandtheparameternameis:
valueissomethingthatispopulatedintheCPE(fromthefactory)andtheFreeACSwillneedtoknowthisvalue(inthedatabase)togetitworking.
YoucouldrunauthenticationwithoutusingSSL,butthatwouldopenupthepossibilityforaman-in-the-middleattack.
4Propertyfiles
4.1
Thelogpropertyfileisself-documentedandshouldbeeasytoedit.Themainpointsisthatthereisdefined6differentlogsinTR-069Server.
4.2
#***xAPSTR-069ServerConfigurationfile***
#---Variouscontrols---
#Allowedvaluesare"none","basic"and"digest".Digestauthentication
#isdefault,anditisthemostsecurewaytocommunicatewiththedevices.
#CombiningthiswithSSL-setup,willgiveyouaverysecureprovisioning.
=digest
#DiscoveryModecanbesettotrueifyouwanttoautomaticallyaddanew
#unittypeandunit.Thismodeisviolatingthesecurityofthesystem,
#becauseitallowsunknownunitstoconnectandthenchangeswillbeperformed
#inthedatabase.Sousethisoptionwithcaution,preferablywhenyouwantto
#addanewunittypetothesystem.Defaultisfalse.
=false
#Commaseparatedblack-list(ifistrue)-unitswith
#ACS-usernamecontainingthesestringswillbeblocked.
=
#concurrentdownloadlimitwilllimitthenumberofconcurrentdownloads
#allowedfromthisprovisioningserver.Thisisdonetoconservebandwidth.
#Thiswilloverridejobs/servicewindowsifnecessary,thuspostponingthe
#downloadtolater.Defaultis1000000(virtuallynolimit).
=1000000
#---Quirks---
#
#unitdiscovery(performfullunitdiscoveryforeveryunit)
#
#Ifthesupportedparametersforacertainunittypechangesalot,itwill
#makesensetodiscoverthecapabilitiesofeveryuniteverytime.Insteadof
#doinganelaborateandcomplexdiscoveryoftheunit,wesimplyaskforall
#parametersvaluesuponeveryTR-069sessioninitiated.Thisiscostlyforthe
#device,andsomedevicemaynothandlethisverywell.
#
#parameterkey(donotreturnparameterkey)
#
#TR-069specifiesaparameterkeywhichtheACScouldsettotheCPEand
#retrieveifandonlyifachange(SetParameterValue)wasexecuted
#successfully.Thisisimportanttoverifythatachangewasok.Howeversome
#devicesdonotreturnthisparameterkeyastheyshould,hencesomof
#theverificationofachangeiscompromised.
#
#termination
#
#Theterminationquirkwillrequiresthesessiontoterminateusing
#Empty(ACS)-Empty(CPE)-Empty(ACS)asthefinalmethods.Thisisaccording
#totheoriginalspecificationofTR-069.Fromamendment1itwasdecided
#thatafinalEmpty(ACS)wasenough,andthisisthedefaultbehavior.
#
#prettyprint
#
#ThedevicemaynotformattheXMLrequestsnicely.Thisquirkwillmake
#suretheconversationlogwillbeeasiertoread.Theformattingwill
#bedoneeveniftheXMLcontainsillegalcharacters.Thereasontoavoid
#thisquirkisperformanceandperhapsunnecessary.
#
#xmlcharfilter
#
#SometimesthedevicewilloutputXMLwhichcontainsinvalidXMLcharacters.
#ThisquirkfilterssuchcharactersbeforeXMLparserreceivesthestream.
#Thereasontoavoidthisquirkisperformanceandperhapsunnecessary.
#
#ignorevendorconfigfile
#
#Establishwhich"vendorconfigfiles"(couldbeanykindoffilereally,
#butTR-069terminologyis"config")areinstalledonthedevice
#andfurthermore,whetheranew"vendorconfigfile"shouldbeuploadedto
#thedevice.Tosupportthis,thefirmwareMUSTbeabletoanswerarequest
#for""objectina
#GetParameterValuerequest.Incasenovendorconfigfileexists,the
#deviceMUSTNOTreturnanerror,simplyreturnalistof0parameters.
#ThisbehaviorisreallystandardTR-069(sincemanyyearsback),but
#askingforanobjectisstillsomethingthatsomeunitsmayhavetrouble
#with,hencethepossibilitytoturnoffthisfeature.
#
#Specifyquirkslikethis:
#
#quirks.[@]=(,)*
#
#Ifyouspecifyquirksforaversion,thenquirksspecifiedfortheunittype
#onlyisignoredalltogether(forthatparticularversionofcourse).This
#wayyoucanmakedefaultquirksforaunittype,andthenonlyspecifyafew
#versionsthathavedifferentquirks.Examples:
780=parameterkey
=parameterkey,termination
=parameterkey
=xmlcharfilter,prettyprint,unitdiscovery
=prettyrprint,xmlcharfilter
#---Database---
#xAPSdatabaseconnection
=xaps/xaps@jdbc:
Maxconnections.Defaultis100.
=100
#Syslogdatabaseconnection
#Defaultistoplacesyslogonthesamedatabaseasxaps.However,youmay
#specifyadatabaseplacedelsewhere,torelievethexapsdatabaseof
#excessiveloadfromsyslogging.
=
#---DEBUGGINGONLY,NEVERSETTHESEINPRODUCTION----
#TestmodeissettotruetotestspecificXMLsfoundinthetests-folder.Run
#theURL/testtochoosewhichteststoberun.Defaultisfalse.
=false
4.2.1VariousControls
Decidewhetheryouwantauthenticationornot.Recommendedsettingis“digest”,butitisalsopossibletouse“basic”and“none”.Touseauthenticationyoumustalsoaddthe“secret”-parameterinthedatabase,asstatedinthepreviouschapter.
Discoverymodeshouldnormallybefalse(whichisdefault).Ifitistrue,thenyouviolatethesecuritymodel,sinceweaccepttheincomingtrafficevenwithoutthesecretparameterinthedatabase.ThepointwiththismodeistoallowyoutohookupaCPEtotheACSandthenauto-populatetheFreeACSdatabasewithallnecessaryinformation,tothenprovisionthedevice.Actually,bothunittype,unittypeparameters,profile,unitandthesecretunitparameterarecreatedonthefly.Note:
Ifthedevicedoesnotsupportbasicauthentication,discoverymodewillnotwork,sincewethenhavenowaytogetthesecretfromtheCPE.Thiswholeprocedurewillonlyrunonce;thenexttimetheCPEconnectsitwillperformastandardconversation,althoughalwaysusingbasicauthentication(neverusingdigestauthentication).
IfyouusethejobfunctionalityofFreeACSyoucansetacertainlimitofconcurrentdownloads.ThisisusefulwhenthenumberofCPEstoupgrademightbemorethanyournetworkcanhandle.
4.2.2Quirks
Aquirkisanadaptationoftheserverbehaviourtofitaviolationofthespecortosupportanoldversionofthespec.Nontheless,sometimesitcanbeusefultotinkerwiththesesettings,especiallyifyougetanupdatedsoftwareversionfortheCPEwhichhasaslightlychangedTR-069client.
4.2.3Database
ThedatabasesettingsarethesameforallFreeACSservers.Youmustspecifya“URL”toadatabasewiththeformat:
/@jdbc:
canchangethenumberofmaximumconnectionstothedatabase,butitshouldbesubstantial.
4.2.4Debug
Bysettingtheto“true”youcantestaCPE.YoumustthengototheURL:
registerthedeviceyouwanttotest.Furthermore,youmustcopythefolder“tests”thatyoufindwithintheintoyourworkingfolder(/var/lib/tomcat7/)andwithinthisfolderinturn,create“results”folderand“modified”folder.
5Firmware/configfiledownload
TheTR-069serverworkslikethis:
Checkwhetheradevicehasthecorrect(wanted)versionofsoftwareorconfigfiles.Ifnot,