Router management: small joys of technical support

In Europe, the USA and many other countries, providers often use managed subscriber devices to which new firmware can be sent via a special interface, or on which settings can be viewed remotely.

I’ll tell you about our experience and the relief that second-line support staff experienced . Let's start with the fact that we have ended the dialogue in the spirit of: "And do you have the upper green light?".
')

Weekday support

Previously, the call to support began with questions about whether the lights were on the device, then trying to understand what the operating system was (“what color do you have internet access”) and not less interesting attempts to explain to the user where and how to view the device statuses and then dictate them.

Then, using these painfully “squeezed” data, a differential diagnosis was made (as a rule, not the most accurate), the problem began to be solved with a voice. The “phone sex” session continued: now it was necessary for the user to do the right things in the right order. If you are lucky - the diagnosis was correct, and everything will work. If not, for example, in the event of a physical damage to the router - we in vain tormented the user for 20 minutes, spent his time and his own - and nothing sensible at the output. "Perhaps you should contact the service center."

Now everything is a little different. If the device supports TR-069 (subscriber equipment control protocol) and has firmware ready to respond to our authorized server, the subscriber simply needs to say that he has a problem. Further, as a rule, the support employee simply calls the router and looks at its status and configuration.

For example, a very frequent case is when the user has a “brake” because of the noise in the 2.4 GHz band. In Moscow, it can easily be from 3 to 5 neighbors on the same channel - in the courtyard in each window there will be a router. It is often enough to simply change the channel - and the subscriber is happy again. Imagine now how it would look without the ability to control the device: go to settings, wi-fi section, then select a channel, then expect a miracle.

The second practical case is remote device diagnostics . If the piece of iron was killed or exotically buggy, then you can make a quick conclusion about it, look at the logs for a more detailed analysis and say exactly what to torment her further useless.

Often they call about the fact that no-name devices on Android do not connect. The problem is known, but, again, the user is worried about the last thing. He wants to lie on the sofa and watch a movie.

Since our server is, in fact, an additional authorization channel under the administrator, traditional everyday problems are solved. You will not believe it, but many users simply can not press the reset button on the router. It happens that the subscriber changed the admin password to 1234567, and his neighbor guessed - support will put a new one. Forgot your home network password - change. Now, for several reasons, we are opening Wi-Fi and telling us how to set a new password. Naturally, some users have already decided everything by this moment, and they think little about security. Considering the increasing number of requests for forgotten passwords, in the future, instead of opening, we will put a new cryptographically strong one, sending it by SMS so that only the final subscriber can see it.

Firmware upgrade

Previously, it was necessary to physically stick into the device in order to update its firmware. Or download the update and give it through the home network (by hand or with the help of auxiliary software on the subscriber’s computer). A centralized firmware update turned into a story that lasts at least a couple of years ... not always a success.

Today, ACS — an automatic configuration server — has the ability to “flush” the firmware onto the end device and update it at the right time without the participation of the subscriber. PROFIT!

As soon as the manufacturer releases a new version or we modify some settings, the software automatically passes through the entire base of the routers and puts them in the queue for updating. During the period of the smallest statistical activity (for the city as a whole, as a rule - around 4:00 am) the firmware is poured onto the end device. Even if the subscriber is currently on the network, he only gets a break for a few seconds when the device reboots. All the functionality configured by the client is not affected.

Previously, changing the MTU was quite a non-trivial task . Now all this is solved by one administrator - and the entire network uses new parameters in a few days. This approach is very useful, because, for example, soon we are going to transfer part of the network to IPoE - and the ability not to bypass every home is very good. Most of the clients will not notice anything at all (well, except that those who play online games will rejoice at a little diminishing ping).

This functionality is available for branded SmartBox routers. All subsequent branded routers will also support remote management.

In Russia, this functionality is going to be used by Rostelecom, according to my data, MGTS has long used some of the functionality in view of the historical ADSL heritage.

Solution Architecture

We chose a solution from the company Friendly Technologies. The core of the platform is an automatic configuration server. It communicates with subscriber equipment and configures it using the ACS API (in particular, exposes the interface for external applications — the Initialization Portal, Operational Support Software, Customer Relationship Management, and so on). The management console allows the administrator to manage the activity of the automatic configuration server, add new types of subscriber equipment, monitor and diagnose subscriber equipment using the TR-069 protocol, send warnings about possible errors and other signals, reports, etc. Next - support services of authorization, management, data transfer, database, authorization services and so on.

All this (devices and central servers) are located in a separate virtual network, the main equipment of which is installed at the Main Computer Center (main computing center) in Moscow.

The device manufacturer for the first time rolls the firmware at the factory, which allows the device to enter the network and connect to the management server. Then the device each time receives a new firmware, including modifying the connection parameters.

This means that, theoretically, you can alter our device with open-source firmware without connecting with our server (and do not allow to configure it remotely), or, conversely, alter your device with firmware compatible with our subnet. But so far there are no open source options.

Another important advantage of such virtualization and placement in the MCC is a close connection with cellular telephony services. In particular, the personal account of the subscriber. Soon it will be possible to log into your personal account from a cell phone, set up a router from there (more precisely, transfer the settings to the configuration server, which he, in turn, will transfer to the router), update the password right there, or block access to the child. For many subscribers, this is at times more convenient and understandable than standard embedded web-based administration interfaces for routers or device management using special software on a computer.