Training

Features of the Device 2.12 data model for TR-069 and USP

6 min read

In alignment with the release of TR-069 Amendment 6 and the User Services Platform/TR-369, the Broadband Forum updated its comprehensive data model that describes CWMP endpoints or USP agents. There’s a number of new features, some of which are tied to updates to CWMP, as well as new interfaces and applications that are managed by CWMP or USP. Here’s a short overview of the changes in Device:2.12. How do data models work? Keep reading

Training

Managed IoT, security, and the User Services Platform

2 min read

The team here at QA Cafe is deeply involved in networking standards, especially the Broadband Forum and the TR-069 protocol. The Broadband Forum is expanding the reach of TR-069 with its User Services Platform, representing an evolution of TR-069 to managed a more varied and greater number of connected devices. As consumer electronics vendors enter the world of network connected devices, and networking vendors begin to enter the world of smart devices, there’s a lot of new challenges that management systems can solve. Keep reading

Training

Are your devices user interfaces vulnerable to common attack vectors?

7 min read

Security in home networking devices, particular home Wi-Fi routers, has come to the forefront in the last few years. While many of the discovered vulnerabilities are zero-day (meaning they are new vulnerabilities that can be exploited before they are known), some of the more recent attacks including VPNFilter, are exploiting common weaknesses in consumer router design that have been well known for some time. Security requirements vs. best practices Keep reading

Training

What is IR-181 and how does it apply to TR-069 testing?

4 min read

Critical to testing TR-069 implementations is the ability to demonstrate that the underlying code that configures settings on the device interacts correctly with the commands sent via CWMP. We discussed this in another training article on setting up Wi-Fi using TR-069, but there are many more valuable tests of this kind to consider. Consequently, TR-069 testing should include some manner of “real-world” testing that can be used to demonstrate the interoperability of the deployment of an ACS and TR-069 enabled CPE. Keep reading

Training

Cloudflare's 1.1.1.1 DNS service and the effect on broadband gateways

4 min read

In the world of the Internet, it’s vitally important that technologies keep evolving. Change is a rule of all technology, even if it comes slowly to fundamental systems like DNS (Domain Name Service). The company Cloudflare is an infrastructure provider for web applications and networks that has solutions for performance, security, and reliability - including DNS. In April of 2018, Cloudflare launched a new publicly facing DNS resolver at 1. Keep reading

Training

Using TR-143 performance diagnostics

5 min read

There’s many use cases for TR-069 from a service provider’s perspective. Beyond onboarding, firmware upgrades, and service configuration, however, is the ability to monitor various statistics on devices and network interfaces to help troubleshoot an end-user’s service. Nearly all of the interfaces in the TR-069 Data Models have statistics on the amount of data sent and received through them, which can be used for this kind of troubleshooting. This is particularly true for the data models that cover Set Top Boxes, which is comprised mostly of this kind of status information. Keep reading

Training

Does your device correctly configure Wi-Fi using TR-069?

4 min read

Testing a TR-069 Wi-Fi setup One of the most important use cases of TR-069 (and its evolution protocol, USP) is in the autoconfiguration, management, and troubleshooting of Wi-Fi networks. Often the source of the most customer service problems, being able to set up an end user’s Wi-Fi and make sure it’s working is critical for a satisfactory “carrier grade” home network. TR-069 testing often revolves around ensuring the conformance of a device’s CWMP stack to the protocol specification, including the tests that provide certification metrics as part of the Broadband Forum’s official TR-069 certification program. Keep reading

Training

How do you test TR-069 enabled devices?

3 min read

If you’re developing a device or deployment that uses the CPE WAN Management Protocol (TR-069), like managed Wifi or other services, what should you test for? What are the benefits of automating it with a dedicated test platform? What are the benefits of getting certified or asking your vendors to certify? Basic components of TR-069 If you’ve been through our TR-069 training series, you’ve seen an in-depth look at all of the pieces that make CWMP work. Keep reading

Testing tips

Automating your test environment with the CDRouter web API

3 min read

Though CDRouter contains thousands of test cases, much of its power comes from being a fully capable automation platform for your entire test process. In addition to automating CDRouter test cases, you can use the CDRouter API to connect with your continuous integration, external test tools, or other applications to make your testing even easier. How to interact with CDRouter CDRouter contains three methods for interacting with its automation engine, configuration, and test packages. Keep reading

Testing tips

Testing ARP issues in CDRouter

11 min read

Earlier we posted about new issues we’ve discovered with ARP implementations in the areas of security and robustness. In CDRouter 10.5 we added new tests to handle these discoveries. Here’s how they work: Testing These Issues with CDRouter Basic Tests The first three tests in the new ARP module, arp_1, arp_2, and arp_3, are basic tests that are designed to verify that the Device Under Test (DUT) responds to different types of ARP requests from clients on the LAN. Keep reading

Training

Revisiting ARP for security and robustness

3 min read

by Joe McEachern & Matt Langlois What is old is new again In today’s security-focused world, every protocol is a potential attack point, even a protocol as old and localized as ARP. ARP was originally defined in 1982 as RFC 826. Despite its age, Linux kernel code for ARP is still being actively developed. There have been more than 10 commits (11 as of October 2017) made to the net/ipv4/arp. Keep reading

Training

Automated home gateway security testing

1 min read

Test your devices before attackers do. It’s no question now - malicious attackers are targeting the home network, and the gateway in particular. Testing for security vulnerabilities can be tedious and ineffective if you don’t have a controlled, repeatable, and fully automated test environment. Join the CDRouter team as we show you: How to test the functional performance of your security tools like parental controls, firewalls, and the security of your user interfaces. Keep reading

Training

Verifying TR-069 real-world scenarios with a native ACS

3 min read

When it comes to testing TR-069, there are three main stages: Testing that your device handles CWMP and the underlying protocols Testing that your data model objects and parameters are valid Testing that your CPE will behave as expected in production CDRouter’s automation platform can make it very easy to do all of these, and do them repeatedly from firmware to firmware. However, this third point involves two things: verifying that your device makes the internal changes that were configured via CWMP, and testing in your actual production network. Keep reading

Testing tips

Test Setup for LTE Gateway or Mobile Hotspot

1 min read

Now that mobile data connections have reached speeds acceptable for broadband access, more and more devices are using LTE as either their primary or backup WAN connection. As more devices get pushed into the home, this number will likely increase by quite a bit. How do you test routers and gateways with LTE WAN connections, that have all of the same testing needs as other home and enterprise broadband gateways? Keep reading

Training

Best Practices for Securing TR-069

4 min read

For our article on the alleged TR-069 vulnerability during the Mirai bot scare, go here. As one of the most largely deployed broadband management protocols in the world, TR-069 has quite a footprint, and a compromised system could potentially affect many broadband subscribers adversely. Luckily, TR-069 is built to operate on secure transport protocols. While there is nothing inherently insecure to the protocol itself, improper implementation of TR-069 clients and servers may expose problems that can be exploited by malicious attackers, as is the case with any web service. Keep reading

Testing tips

Testing TR-069 Devices in CDRouter 10

1 min read

As the official test platform for TR-069 certification, CDRouter’s TR-069 add-on turns CDRouter into a scriptable ACS simulator with test cases for protocol functionality, data model validation, and security. Join the QA Cafe team as we show you: Building a configuration to run TR-069 testing The different TR-069 test cases CDRouter TR-069 vs. BBF.069 tests Testing the different TR-069 data models Setting up SSL certificates for testing

White papers

Testing Residential IPv6 with CDRouter

3 min read

While IPv6 has been in development for more than a decade, the availability of residential IPv6 is still in its infancy. Traditional CPE devices running IPv4 with NAT are now adding IPv6 capabilities and 6to4 transition techniques even before native IPv6 connections are commonly available. CDRouter is IPv6 capable and provides vendors, ISPs, and test labs with a set of functional test cases to verify the IPv6 readiness of CPE devices. Keep reading

Training

TR-069 Connection Request Timing

2 min read

In CWMP, the CPE is always the initiator of sessions. It begins each session with a call to the Inform RPC, which contains EVENT codes that specify to the ACS the reason for the session. One way the that ACS can entice a CPE to begin a session is with the Connection Request mechanism. In TR-069 Amendment 4 and earlier, this was done exclusively with HTTP, though an option for XMPP Connection Requests was added in Amendment 5. Keep reading

Training

Is your TR-069 implementation vulnerable to code injection attacks?

3 min read

Updates in CDRouter 10.3 The scenarios below are serious, and so we’ve added a series of tests to our tr69_conn_req.tcl module to cover your DUT’s TR-069 security and tests for code injection in TR-069 parameters. More on the Mirai worm attack in 2016 In 2016, a distributed denial of service (DDoS) attack dubbed the “Mirai worm” expanded its reach by exploiting a vulnerability in an exposed Broadband Forum TR-064 service (a deprecated service which we’ve written about here). Keep reading

Training

Experimenting with SIP and call timing on a gateway

4 min read

One of the fundamental functions of many home and business gateways is to act as a SIP ALG (Application Layer Gateway) for setting up, routing, and terminating VoIP telephone calls. This presents some difficulty with Network Address Translation (NAT) functionality that we’ve covered before. However, there’s other functional behavior when it comes to SIP call setup and the resulting RTP streams that can be missed without some rigorous experimentation. Keep reading

Training

Mirai attack on home routers and alleged TR-069 vulnerability

5 min read

Update: Learn more about how this attack could be used against TR-069 devices here. The week of November 28 2016 saw a massive attack on certain home routers deployed by several European service providers. The attack was based on the Mirai Malware attack several weeks previous that affected the dynamic DNS services provided by Dyn, Inc.. The attack focused on sending certain SOAP commands based on the Broadband Forum’s older TR-064 protocol, through port 7547. Keep reading

Training

Testing SIP Aware Routers

8 min read

Testing SIP aware CPE routers is a critical part of an over-all Voice over IP test strategy. CDRouter is perfect for testing SIP aware routers using a real world test setup. Using the CDRouter SIP test module, network and QA engineers can quickly verify the behavior of a SIP aware device and avoid costly interoperability problems. SIP and NAT SIP has become the leading signaling protocol for establishing Voice over IP calls between soft-phones and other VoIP applications. Keep reading

Training

DHCPv6 Prefix Delegation in Edge Routers

4 min read

In the course of developing the test suite for DHCPv6 prefix delegation, QA Cafe encountered a number of implementation issues that impact the functionality of IPv6 connectivity. Some of these potential implementation issues are discussed below. Implementation Issues with IPv6 Prefix Delegation in DHCP Now that IPv6 is moving out of the core and into residential networks, DHCPv6 prefix delegation has emerged as the leading technique to provision IPv6 CPE devices. Keep reading

Training

Webinar - Testing Wifi Guest Mode

5 min read

One of the most common use cases for Wifi is the ability to set up a guest network alongside another network that is used by the home user, business, or other organization. It’s also a source of a lot of problems: guaranteeing that the Wifi router or AP can handle the number of clients connecting; making sure that the security in place for the guest network and other networks works correctly; and ensuring the policies you’ve put in place for guest access vs. Keep reading

Training

Exploring scaling tests - Is your home gateway IoT ready?

4 min read

By now we’ve all heard of the coming flood of network aware devices collectively referred to as the “Internet of Things”. While the term encompasses a wide variety of use cases that are not all clearly defined, we can come up with some rudimentary expectations on how this influx of connections will affect networks. For the home gateway, the most significant impact is how to handle an order of magnitude more connections than most are traditionally designed for - how well does it scale? Keep reading

Training

Multi-service gateway testing with CDRouter

6 min read

Multi-service gateways are typically configured with two or more independent, logical WAN connections, or channels, for different services, such as voice, video, and data. These service channels are then aggregated onto a single physical WAN connection through the use of VLANs. This allows operators to easily manage, route, and prioritize traffic from a large number of subscribers. CDRouter can easily test gateways that are configured for multiple services, ensuring that your products can deliver them effectively to subscribers and businesses. Keep reading

Training

IP Multicast Testing with CDRouter

8 min read

This guide describes the IP multicast testing features in CDRouter and the role of IGMP (Internet Group Management Protocol) in CPE networks. CDRouter supports multicast testing using IGMP version 3. Although many CPE devices have support for IP multicast and IGMP, new functional requirements for set-top boxes and other IPTV multicast applications are pushing the adoption of IGMPv3 into the CPE networking space. IGMPv3 in CPE Networks Several different industry technology bodies including the Broadband Forum and CableLabs (DOCSIS) have defined the use of IGMPv3 for CPE devices. Keep reading

Training

Testing Wifi Scalability with Wireless Station Virtualization

3 min read

Nearly every home device has Wifi capability, and with the emergence of the Internet of Things, that number is likely to increase exponentially. It will be more important than ever to ensure that Wifi routers and access points can handle the load and the applications that are likely to be accessed by all of these Wifi enabled devices. CDRouter 9.2 introduced the ability to simulate many wireless stations from a single wlan interface. Keep reading

Training

Using XMPP for TR-069 Connection Requests

3 min read

Watch our training on connection request basics and XMPP connection requests in our TR-069 training series. Though one of the fundamental principles of CWMP (TR-069) is that the CPE endpoint is always the one to initiate a connection, Autoconfiguration Servers (ACS) can use the TR-069 Connection Request feature to stimulate a CPE to begin a session. This is often used when the ACS must contact the CPE immediately, such as when configuring the device for a new service after it has already been bootstrapped by the system. Keep reading

Training

Is your device using valid TR-069 data models?

3 min read

The CPE WAN Management Protocol described by Broadband Forum TR-069 is a remote procedure call (RPC) based protocol. That is, it consists of two applications that interact directly with each other through a set of defined methods - in the case of TR-069, this includes device functions like Reboot, Download, etc., as well as operations that affect the device’s data model - a set of objects and parameters and the metadata surrounding them. Keep reading

Testing tips

Using CDRouter in an FTTdp Deployment with G.fast

1 min read

Fiber-to-the-drop-point testing New broadband access topologies come along every day that are making it easier for service providers to provide fiber quality broadband services without running fiber all the way to the home. One of these topologies is referred to as “Fiber to the Drop Point (FTTP)”, and does precisely this: allowing fiber to be run to a Drop Point Unit, where it is broken out into VDSL2 or G. Keep reading

Training

Testing to reduce the big three broadband customer support problems

4 min read

The most well understood case for product testing is in quality assurance while a home networking product is in development, or testing its integrity between firmware revisions. But testing before, during, and after deployment can also ensure that service providers reduce costly support calls and truck rolls. We asked some of our customers, some in the service provider world and others who develop management and support services for service providers, what the most common causes of service calls are. Keep reading

Testing tips

Test Setup for Dual-Stack Router Providing IPv6 Connectivity via 6to4 Tunnels Over the IPv4 WAN

3 min read

What is dual-stack? Dual-stack CPE devices typically enable IPv6 connectivity via native IPv6 connections on the WAN or via tunneling protocols that transmit encapsulated IPv6 packets over the IPv4 WAN. Protocols such as DHCPv6 (with and without prefix delegation), PPPoE (running DHCPv6 or autoconf for address resolution), autoconf, or static IPv6 addressing can be used to provide native IPv6 connectivity on the WAN, whereas the most common tunneling protocols are 6to4 and 6rd. Keep reading

Testing tips

Testing TR-069 LAN side CPE with CDRouter

2 min read

The CDRouter TR-069 add-on module for CDRouter has the ability to test LAN-side devices, as defined in TR-181i1. TR-069 LAN-side devices are typically set-top boxes or VoIP endpoints that reside on the LAN side of the customer’s Internet Gateway Device (IGD) which may or may not support TR-069. The CDRouter TR-069 add-on supports automated testing for LAN-side devices. You can use this test setup to: Easily test TR-069 enabled LAN-side devices such as set-top boxes (STB) or voice-over-IP (VoIP) endpoints Can be used to test devices that are operating in both load-balancing mode or failover mode Automated PD-128 and data model profile testing for LAN-side devices CDRouter can test LAN devices that support Broadband Forum TR-104 (VoIPService data model), TR-135 (STBService data model), TR-196 (FAPService data model), TR-140 (StoargeService data model), and TR-181i1/i2 (Device root data models). Keep reading

Testing tips

Testing Setup for a Gateway with a MoCA Bridge WAN

1 min read

CDRouter can be used with routers that have a Multimedia over Coax Alliance (MoCA) interface through the use of an external MoCA bridge. the MoCA bridge is essentially a media converter with Ethernet on one side and MoCA on the other. It bridges packets from a MoCA network to Ethernet and vice-versa. ] In this setup CDRouter connects directly to DUT’s LAN interface and the MoCA bridge via Ethernet. The MoCA bridge is then connected to the DUT’s MoCA WAN interface. Keep reading

Testing tips

Testing 6to4 and 6rd IPv6 Islands with CDRouter

7 min read

The world has spent a long time on the road to native IPv6. Fortunately, protocol advancements have mitigated the arduous task of deploying the next generation Internet. Essentially the software counterpart to the last-mile problem, deploying IPv6 to the CPE is “the last 90%” of the work. The core Service Provider networks have always been easier, and thus earlier, to receive both hardware and software upgrades. One idea that has gained momentum is to use the IPv4 Internet as a point-to-point network connecting IPv6 “islands” through stateless, automatic tunnels. Keep reading

Testing tips

Testing IPv6 over PPPoE with CDRouter

9 min read

The IPv6 Over PPPoE Model There are two distinct phases required to establish a successful IPv6 connection over a PPPoE tunnel. The first phase involves establishment of the point-to-point link. The second phase deals with IPv6 addressing. In the IPv4 world, IP addresses are typically negotiated between the client and server using various IP Control Protocol (IPCP) options. IPCP is a PPP Network Control Protocol (NCP) formally defined in RFC 1332. Keep reading

Testing tips

Static NAT Testing with CDRouter

5 min read

The CDRouter Multiport add-on includes support for static NAT configurations. CPE devices that support this functionality will have two or more public IPv4 addresses. One public address is typically assigned to the primary WAN connection and one or more additional public IPv4 addresses are also assigned. These additional IPv4 addresses are used to allow a host on the LAN side of CPE to have its own public IPv4 address on the WAN. Keep reading

Testing tips

DSL CPE Testing with CDRouter

5 min read

CDRouter is the ideal tool for testing the higher layer functionality of DSL based CPE. With a few additions to the basic test setup, CDRouter can be used to test CPE utilizing any type of DSL or G.fast devices. Overview The test setup for DSL CPE devices is similar to the test setup for typical Ethernet-to-Ethernet routers, with one exception. Since CDRouter does not have the ability to terminate the CPE device’s DSL connection directly, a dedicated DSLAM must be included in the test setup. Keep reading

Testing tips

Bridge mode testing with CDRouter

7 min read

CDRouter includes support for testing basic Layer 2 bridging devices including wireless access points, broadband access devices, and Ethernet switches. CDRouter can be used to verify the following functionality of a DUT operating in bridge mode: IPv4 and IPv6 forwarding TR-069 client 802.1x port based authentication VLAN functionality Basic Configuration To enable bridge mode within CDRouter, set the testvar forwardingMode to bridge. This testvar supports two values, route for routing devices or bridge for Layer 2 bridging devices. Keep reading

Testing tips

Can I use CDRouter if my router has a built in xDSL interface?

1 min read

Yes, although CDRouter does not support the termination of DSL interfaces directly. If the WAN interface on your router is DSL-based (ADSL/2/2+, VDSL/2, SDSL, SHDSL/SHDSL.bis, G.fast, etc.) as opposed to Ethernet-based, you have two main options. Option 1: Use an Ethernet/IP DSLAM and connect the Ethernet uplink port of the DSLAM directly to CDRouter’s designated WAN interface. In this configuration the DSLAM must be configured to terminate the ATM connection on the DSL interface and bridge all network traffic from the DSL interface to the uplink port. Keep reading

Training

Common testing issues with TR-069 and SSL

3 min read

Here are solutions to a few common TR-069 SSL-related issues. The CPE does not have a time source Some CPE devices will not validate a SSL/TLS certificate from the ACS until a time source is established. TR-069 states that devices should skip date validation of certificates if a time source is not established. However, in practice some CPE devices simple end the SSL connection. A common symptom of this problem are DNS requests to an NTP server which is not configured. Keep reading

Training

DHCP Server Testing with CDRouter

8 min read

CDRouter’s pre-defined test modules make it easy to quickly test and evaluate a CPE implementation’s integrated DHCP server. In addition, CDRouter’s flexible configuration options allow a wide variety of DHCP server scenarios to be simulated and tested in a consistent and repeatable fashion. The base version of CDRouter includes two test modules designed specifically for verifying a CPE’s DHCP server functionality. The first module, dhcp-s.tcl, includes targeted functional test cases while the second module, scaling. Keep reading

Training

Port Scanning Test Configuration for IPv4 and IPv6

6 min read

CDRouter includes port scanning test cases in the firewall.tcl module which will probe the WAN interface of the DUT for open TCP and UDP ports over IPv4. These open ports provide services either by the DUT or forwarded to internal LAN clients. Users of the CDRouter IPv6 add-on will find they can also perform similar tests over IPv6. Although there are certainly legitimate uses of port scanning, the vast majority of it occurs on the public Internet and is directed toward the WAN ports of random CPEs. Keep reading

Training

Testing dual-stack lite (DS-Lite) B4 CPE devices

8 min read

CDRouter makes it easy to test dual-stack lite B4 CPE implementations on a functional level, and when combined with the many LAN modes of operation available, can help identify issues that are not visible by iterative conformance testing. Dealing with IPv6 transitioning Many IPv6 transition strategies have been provided. Some, such as 6to4, have been available to end users for years now, since ISPs have no prerequisite of IPv6 routing to support the 6to4 protocol. Keep reading