CWMP Implementation
CWMP Process
The CWMP process is as follows:
- A CPE initiates a session.
If an ACS initiates a session, it sends a Connect request to the CPE (which functions as an HTTP server) to set up a session.
- The CPE and ACS use Security Socket Layer (SSL) protocol to set up a secure connection.
- The CPE invokes the Remote Procedure Call (RPC) method Inform to send an Inform request to the ACS, reporting device information and requesting a CWMP connection.
- After the CPE is authenticated, the ACS sends an Inform response. The Inform method is complete and the CWMP connection is set up.
- The CPE sends an empty HTTP post message to the ACS, indicating that the CPE does not invoke any more RPC methods supported by the ACS.
- The ACS invokes the GetParameterValues method to query CPE parameters.
- The CPE sends a GetParameterValues response containing the queried parameters to the ACS. The GetParameterValues method is complete.
- The ACS invokes the SetParameterValues method to set CPE parameters.
- The CPE sends a SetParameterValues response containing the parameter settings to the ACS. The SetParameterValues method is complete.
- The ACS sends an empty HTTP response to the CPE, indicating that the ACS does not invoke any more RPC methods supported by the CPE.
- The CPE terminates the connection.
As shown in Figure 5-2, the CWMP session goes through three phases.
Session initiation phase
A CPE initiates a session in the following scenarios:
After startup, the CPE searches for an ACS based on the local configuration or the ACS URL allocated by the Dynamic Host Configuration Protocol (DHCP) server, and then initiates a session.
The CPE is configured to send Inform messages at intervals. The CPE will automatically send an Inform message to initiate a session when the interval arrives (1 hour for example).
The CPE is configured to send Inform messages at a specified time. The CPE will automatically send an Inform message at the time to initiate a session.
If session setup is interrupted unexpectedly and the number of CPE auto-connection retries has not reached the upper limit, the CPE automatically sets up a new connection.
An ACS initiates a session.
An ACS can send a Connect request to a CPE at any time. After the CPE authenticates the request, a session between the CPE and the ACS is set up.
The prerequisite for this method is that the CPE and the ACS have communicated with each other before. During the first communication between the CPE and the ACS, the ACS saves the CPE IP address in the address list. Then it can initiate a session in subsequent communication with the CPE.
CPE and ACS authentication:
CPE authentication on the ACS side: A CPE sends an Inform request based on the ACS URL configured locally to communicate with an ACS. After the CPE is authenticated (the ACS user name and password in the Inform request are the same as those configured on the ACS), a session is set up between the CPE and the ACS.
ACS authentication on the CPE side: An ACS sends an Inform request containing a CPE IP address to communicate with a CPE. After the ACS is authenticated (the CPE user name and password in the HTTP request are the same as those configured on the CPE), a session is set up between the CPE and the ACS.
Security Socket Layer (SSL) authentication:
It ensures transaction confidentiality and data integrity and enables the CPE and ACS to authenticate each other using certificates.
SSL operates independently of application-layer protocols. Any types of application-layer protocols (including HTTP, FTP, and Telnet) can set up connections based on SSL. SSL finishes data encryption, key negotiation, and server authentication before the application-layer protocols set up connections. Therefore, all data transmitted by the application-layer protocols is encrypted.Certificate contains personal or an enterprise's information and public key:- Public key: The two ends share a public key to encrypt data and verify signatures.
- Private key: Each end has a private key to decrypt data and sign signature.
- Signature: Information containing a signature cannot be modified by anyone except the creator. It ensures data security and integrity.
Communication phase
After a session is initiated, a CPE or an ACS can send requests to each other to perform operations. For example, the ACS can query and set CPE parameters, and the CPE can upload files to or download files from the file server specified by the ACS.
Session termination phase
Only a CPE can terminate a session.
If the ACS and CPE have sent all necessary requests and received all responses, the CPE terminates the session.
CWMP Operation Methods
An ACS manages and monitors a CPE by performing a series of operations. These operations are called RPC methods in CWMP.
CWMP supports the following standard RPC methods:
Generic method: Both the CPE and the ACS must support this method. Table 5-1 describes a generic method, which can be invoked by both the CPE and the ACS.
- CPE methods: The CPE must support these methods. Table 5-2 lists the CPE
methods, which can be invoked only by the ACS.
Table 5-2 CPE methods
Method
Description
SetParameterValues Used by an ACS to set CPE parameters. GetParameterValues Used by an ACS to obtain CPE parameter values. GetParameterNames Used by an ACS to discover accessible parameters of a CPE. SetParameterAttributes Used by an ACS to set attributes of CPE parameters. GetParameterAttributes Used by an ACS to obtain CPE parameter attributes. AddObject Used by an ACS to create instances for a multi-instance object in the CPE data model. DeleteObject Used by an ACS to delete instances of a multi-instance object from the CPE data model. Download Used by an ACS to request a CPE to download a file from a specified URL and use the downloaded file to replace the local file on the CPE. Upload Used by an ACS to request a CPE to upload a file to a specified URL. Reboot Used by an ACS to remotely restart a CPE when the CPE is faulty or the CPE software is upgraded. FactoryReset Used by an ACS to restore the factory settings of a CPE. ScheduleInfrom Used by an ACS to set the delay after which the CPE sends an inform message. - ACS methods: The ACS must support these methods. Table 5-3 lists the ACS
methods, which can be invoked only by the CPE.
Table 5-3 ACS methods
Method
Description
Inform Used by a CPE to send an Inform message to an ACS when the CPE needs to initiate a session with the ACS or periodically send local information to the ACS, or when the CPE bottom-layer configuration changes. TransferComplete Used by a CPE to notify an ACS that requested file download or upload is complete no matter whether the file is successfully downloaded or uploaded.