Network configuration considerations
Your devices need to have access to the following domain hosts:
To reach these URLs, the devices need to resolve DNS queries. You therefore need to deploy a DNS server in the network or locally, and make it accessible to the devices (usually over port 53).
- Devices use port 5684 (UDP or TCP) to communicate with Device Management.
- The IPs of the Device Management hosts can change. Therefore, you need to make sure your DNS server does not cache records for longer than their time to live (TTL).
Connecting devices behind NAT
If your devices are behind a NAT, we recommend using either CoAP over TCP; or, if you require UDP, a dedicated tunnel between your device gateway and Device Management.
CoAP over TCP
If your devices are behind NAT or have IPv4 addresses, we recommend using CoAP over TCP because CoAP provides sustained connectivity between client and server, which helps overcome NAT firewall challenges.
You should also consider the power consumption tradeoffs between keeping the connection alive and requiring the device to re-establish the connection to communicate with Device Management when needed, which will also require it to go through the registration process.
There are two ways to keep the connection alive:
At the TCP level, it is typical for different network operators to have much shorter keepalive intervals than the devices have; if your device's default KEEPALIVE intervals are longer than the network timeouts, you can configure the device's intervals from Device Management Client. Device Management Client uses CoAP PING to provide uniform functionality for maintaining TCP connectivity. CoAP PING is implemented as periodic sending of a
Reset Message to maintain the TLS connection. By default, Device Management Client uses default values of 90 for keepalive.
You can change this on the application side via
For example, with Device Management Client reference example, there are two recommended ways to define these parameters:
Primarily via the
#define MBED_CLIENT_TCP_KEEPALIVE_INTERVAL 90
As secondary options (which only work for Mbed OS), you can specify these parameters in the application
Note: Parameters should not be defined in both
mbed_app.json as this will result in duplicate definitions.
Tunnels for UDP devices behind NAT
If your device uses UDP for the connectivity and connects through a NAT, we strongly recommend using a dedicated tunnel between your device gateway and Device Management. The reasoning is that UDP connections over different networks have a typical timeout of less than 30 seconds, so the device needs to ping Device Management just before the timeout (ideally every 25 seconds) to keep the connection alive. This is not an efficient solution for network usage and device energy. Having a dedicated VPN tunnel prevents this problem and provides uninterrupted connectivity from both ends.