5

Context: Each customer can have 100-1000 IoT-devices behind NAT. We have multiple customers. The aim is to manage these devices from outside. Devices use CoAP protocol, which uses by default udp.

There are few constraints.

  • It is not possible to activate Port-Forwarding.
  • It is not possible to open a VPN connection.
  • Any changes in local network of IoT devices are not possible.

Problem We'd like to open anytime a connection to device from outside. But there is the NAT which prevents it.

Options As I understand, the device has to open initial request in order to communicate.

Which of the following options is the best one regarding scalability and efficiency?

  1. Each node sends udp pings in order to keep NAT connection open.
  2. Each node uses TCP and sends keepalive to keep NAT connection open.
  3. Each node communicates with udp to local proxy behind NAT. The proxy does mapping from coap to http. The proxy establishes connection to server with TCP and it sends keepalive in order to keep NAT connection open.
  4. Same as option 3 but the local proxy uses WebSocket instead normal TCP.

Thank you very much

Sukar Lofer
  • 53
  • 4

2 Answers2

1

The official LWM2M answer to this is queuing mode, see slide 30 of https://www.slideshare.net/OpenMobileAlliance/oma-lwm2m-tutorial-by-arm-to-ietf-ace or slide 19 of https://mbed-media.mbed.com/filer_public/c1/c3/c1c35bec-5f0e-4a28-a422-115248c9a181/armmbed-lwm2m-webinar.pdf for more information. So the proposed solution is not listed under 1. to 4. above, but uses LWM2M protocol to send a "ping" in form of a registration update.

From a security viewpoint, if you deploy to public internet, I would suggest to:

a) you MUST use DTLS

b) you should support device firmware update and be able to deploy new firmware with patches very fast.

Personal view: LWM2M is broken by design by starting with the (wrong) idea that IoT devices are servers.

Stefan Vaillant
  • 511
  • 3
  • 6
  • Why do you say that "LWM2M is broken by design by starting with the (wrong) idea that IoT devices are servers"? The OMA specification says that a LwM2M Client is a logical component residing in the LwM2M Device. So the device has a LwM2M client and not a LwM2M server. OTOH, for CoAP is can be said so. CoAP assumes that the device is the server side. – yeniv Oct 31 '17 at 03:57
  • @yeniv All LWM2M projects I know (including OMA Test Fest) have a setup where the IoT device "listens" on a port to receive incoming data. From a pure technical viewpoint, I call this a "server". Note that this is also the root cause for the original question above. I assume the documents you are referring to use a different meaning of Server as in "Server is a big computer". – Stefan Vaillant Nov 05 '17 at 13:22
  • @StefanVaillant I agree to your point of considering any device that listens as a "server". My suggestion is not to try to fit LwM2M into Client-Server model. Consider it more of a peer to peer, where any device could be server and client. It would be a bottleneck, if we try to map devices as server and client in the IoT context. Just my thought. – Reji Sep 03 '18 at 13:11
  • Just to add: with coap a peer can be easily both, a server and a client. The message structure for requests and responses are the same, and so the implementation is no too hard. That is only indirect related to the more significant question, which peer is initiating the communication. The must also be considered for DTLS. LwM2M tokes care of that, the device initiates the communication and DTLS. Once that established, both peers act as coap-client and -server. The point of the original question is, that without exchanging messages, the NAT closes the route, and the device has to initiate again – Achim Kraus Apr 10 '22 at 20:34
0

You should try MQTT, more easy to use, no NAT/classic firewall problems, all recent materials are including it. MQTT + LoRaWAN or DASH7 are possible with a gateway.

user17730899
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 10 '22 at 17:17