-
Revision: v1.1
-
Revision Date: 2023-09-12
-
Prepared By: Mesh Working Group
Revision History
Revision Number |
Date |
Comments |
---|---|---|
v1.0 |
2017-07-13 |
Adopted by the Bluetooth SIG Board of Directors |
v1.0.1 |
2019-01-21 |
Adopted by the Bluetooth SIG Board of Directors |
v1.1 |
2023-09-12 |
Adopted by the Bluetooth SIG Board of Directors. |
Version History
Versions |
Changes |
---|---|
v1.0.0 to v1.0.1 |
Incorporated errata E9618, E9634, E9639, E9693, E9743, E9748, E9752, E9761, E9788, E9796, E9805, E9807, E9808, E9811, E9812, E9819, E9882, E9883, E9894, E9939, E9957, E9959,E9964, E9969, E9981, E9982, E9983, E10015, E10024, E10025, E10026, E10027, E10028, E10054, E10066, E10081, E10082, E10084, E10086, E10087, E10100, E10101, E10148, E10157, E10168, E10247, E10296, E10310, E10317, E10321, E10322, E10332, E10344, E10395, E10426, E10514, E10515, E10520, E10569, E10575, E10578, E10636, E10664, E10670, E10746, E10748, E10777, E10863, E10864, E11306 |
v1.0.1 to v1.1 |
Changed the specification name from “Mesh Profile” to “Mesh Protocol”. Incorporated the Mesh Certificate-Based Provisioning CR, Mesh Remote Provisioning CR, Mesh Directed Forwarding CR, Mesh Private Beacons CR, Mesh Subnet Bridge CR, Mesh Profile Minor Enhancements CR, and the Mesh Profile Enhanced Provisioning Authentication CR. Incorporated errata E10635, E10950, E10974, E11128, E11173, E11176, E11206, E11207, E11213, E11249, E11256, E11271, E11272, E11273, E11275, E11276, E11301, E11302, E11309, E11310, E11322, E11329, E11341, E11345, E11358, E11359, E11384, E11392, E11394, E11414, E11415, E11416, E11627, E11700, E11712, E11737, E11799, E11802, E11836, E11850, E11901, E11922, E11936, E11940, E11976, E11977, E11978, E11991, E12006, E12013, E12046, E12079, E12092, E12111, E12154, E12226, E12277, E12390, E12403, E12426, E12439, E12543, E12556, E12579, E12581, E12582, E12586, E12587, E12781, E12825, E12834, E12871, E12975, E13008, E13010, E13030, E13084, E13101, E13124, E13171, E13217, E13331, E13430, E13433, E13443, E13446, E13506, E14731, E14734, E14743, E14745, E14804, E14814, E14815, E14885, E14921, E15011, E15080, E15106, E15155, E15210, E15335, E15456, E15457, E15458, E15499, E15696, E15755, E15875, E15889, E16334, E16350, E16386, E16391, E16402, E16408, E16436, E16462, E16701, E16827, E16847, E16870, E16871, E17029, E17059, E17093, E17158, E17203, E17215, E17341, E17345, E17348, E17364, E17369, E17376, E17624, E17955, E18051, E18071, E18117, E18131, E18137, E18181, E18316, E18469, E18487, E18491, E18741, E18932, E19041, E19118, E19250, E20514, E20541, E20554, E20568, E20574, E20586, E20596, E22321, E22354, E22468, E22717, E22761, E22766, E22942, E22979, E23258, E23406 |
Acknowledgments
Name |
Company |
---|---|
Robin Heydon |
Qualcomm Technologies International, Ltd. |
Jonathan Tanner |
Qualcomm Technologies International, Ltd. |
Victor Zhodzishsky |
Broadcom Corporation |
Victor Zhodzishsky |
Cypress Semiconductor Corporation |
Wei Shen |
Ericsson AB |
Christoffer Jerkeby |
Ericsson AB |
Bogdan Alexandru |
NXP Semiconductors |
Martin Turon |
Google Inc. |
Robert D. Hughes |
Intel Corporation |
Marcel Holtmann |
Intel Corporation |
Brian Gix |
Intel Corporation |
Simon Slupik |
Silvair, Inc. |
Piotr Winiarczyk |
Silvair, Inc. |
Danilo Blasi |
STMicroelectronics |
Yao Wang |
Barrot Technology Co., Ltd. |
Rustam Kovyazin |
Motorola Solutions |
Uday Agarwal |
Cypress Semiconductor Corporation |
Vasilii Aleksandrov |
Motorola Solutions |
LC Ko |
MediaTek, Inc. |
Omkar Kulkarni |
Cypress Semiconductor Corporation |
Omkar Kulkarni |
Nordic Semiconductor ASA |
Pontus Arvidson |
Ericsson AB |
Ravi Kiran Bamidi |
Silvair, Inc. |
Robert Cragie |
ARM Ltd |
Piergiuseppe Di Marco |
Ericsson AB |
Piergiuseppe Di Marco |
Silvair, Inc. |
Per Elmdahl |
Ericsson AB |
Arvind Kandhalu |
Texas Instruments Incorporated |
Yiting Liao |
Intel Corporation |
Jingcheng Zhang |
Ericsson AB |
Thomas Stenersen |
Nordic Semiconductor ASA |
Hannu Mallat |
Silicon Laboratories |
Max Palumbo |
Silicon Laboratories |
Max Palumbo |
Katerra Inc. |
Jori Rintahaka |
Silicon Laboratories |
Kim Schulz |
Samsung Electronics Co., Ltd. |
Michał Budzoń |
Silvair, Inc. |
Luca Zappaterra |
Signify Netherlands B.V. |
Erik Anderlind |
KiteSpring Inc. |
Use of this specification is your acknowledgement that you agree to and will comply with the following notices and disclaimers. You are advised to seek appropriate legal, engineering, and other professional advice regarding the use, interpretation, and effect of this specification.
Use of Bluetooth specifications by members of Bluetooth SIG is governed by the membership and other related agreements between Bluetooth SIG and its members, including those agreements posted on Bluetooth SIG’s website located at www.bluetooth.com. Any use of this specification by a member that is not in compliance with the applicable membership and other related agreements is prohibited and, among other things, may result in (i) termination of the applicable agreements and (ii) liability for infringement of the intellectual property rights of Bluetooth SIG and its members. This specification may provide options, because, for example, some products do not implement every portion of the specification. All content within the specification, including notes, appendices, figures, tables, message sequence charts, examples, sample data, and each option identified is intended to be within the bounds of the Scope as defined in the Bluetooth Patent/Copyright License Agreement (“PCLA”). Also, the identification of options for implementing a portion of the specification is intended to provide design flexibility without establishing, for purposes of the PCLA, that any of these options is a “technically reasonable non-infringing alternative.”
Use of this specification by anyone who is not a member of Bluetooth SIG is prohibited and is an infringement of the intellectual property rights of Bluetooth SIG and its members. The furnishing of this specification does not grant any license to any intellectual property of Bluetooth SIG or its members. THIS SPECIFICATION IS PROVIDED “AS IS” AND BLUETOOTH SIG, ITS MEMBERS AND THEIR AFFILIATES MAKE NO REPRESENTATIONS OR WARRANTIES AND DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, TITLE, NON-INFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR THAT THE CONTENT OF THIS SPECIFICATION IS FREE OF ERRORS. For the avoidance of doubt, Bluetooth SIG has not made any search or investigation as to third parties that may claim rights in or to any specifications or any intellectual property that may be required to implement any specifications and it disclaims any obligation or duty to do so.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, BLUETOOTH SIG, ITS MEMBERS AND THEIR AFFILIATES DISCLAIM ALL LIABILITY ARISING OUT OF OR RELATING TO USE OF THIS SPECIFICATION AND ANY INFORMATION CONTAINED IN THIS SPECIFICATION, INCLUDING LOST REVENUE, PROFITS, DATA OR PROGRAMS, OR BUSINESS INTERRUPTION, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, AND EVEN IF BLUETOOTH SIG, ITS MEMBERS OR THEIR AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF THE DAMAGES.
Products equipped with Bluetooth wireless technology ("Bluetooth Products") and their combination, operation, use, implementation, and distribution may be subject to regulatory controls under the laws and regulations of numerous countries that regulate products that use wireless non-licensed spectrum. Examples include airline regulations, telecommunications regulations, technology transfer controls, and health and safety regulations. You are solely responsible for complying with all applicable laws and regulations and for obtaining any and all required authorizations, permits, or licenses in connection with your use of this specification and development, manufacture, and distribution of Bluetooth Products. Nothing in this specification provides any information or assistance in connection with complying with applicable laws or regulations or obtaining required authorizations, permits, or licenses.
Bluetooth SIG is not required to adopt any specification or portion thereof. If this specification is not the final version adopted by Bluetooth SIG’s Board of Directors, it may not be adopted. Any specification adopted by Bluetooth SIG’s Board of Directors may be withdrawn, replaced, or modified at any time. Bluetooth SIG reserves the right to change or alter final specifications in accordance with its membership and operating agreements.
Copyright © 2015–2023. All copyrights in the Bluetooth Specifications themselves are owned by Apple Inc., Ericsson AB, Intel Corporation, Lenovo (Singapore) Pte. Ltd., Microsoft Corporation, Nokia Corporation, and Toshiba Corporation. The Bluetooth word mark and logos are owned by Bluetooth SIG, Inc. Other third-party brands and names are the property of their respective owners.
1. Introduction
The Mesh Protocol specification (previously named Mesh Profile, as noted in the Version History) defines fundamental requirements to enable an interoperable mesh networking solution for Bluetooth low energy wireless technology.
Terms, acronyms, and abbreviations that have a specific meaning in the context of this specification or the Bluetooth environment in general are defined or expanded upon on their first use. Defined terms that are used in this specification are listed in Section 1.5.
1.1. Conformance
Each capability of this specification shall be supported in the specified manner. This specification may provide options for design flexibility, because, for example, some products do not implement every portion of the specification. For each implementation option that is supported, it shall be supported as specified.
1.2. Bluetooth specification release compatibility
This specification shall be used with:
The Generic Attribute Profile (GATT) is required if the GATT provisioning bearer defined in Section 5.2.2 is supported or if the GATT bearer defined in Section 3.3.2 is supported.
1.3. Language
1.3.1. Language conventions
In the development of a specification, the Bluetooth SIG has established the following conventions for use of the terms “shall”, “shall not”, “should”, “should not”, “may”, “must”, and “can”. In this Bluetooth specification, the terms in Table 1.1 have the specific meanings given in that table, irrespective of other meanings that exist.
Term |
Definition |
---|---|
shall |
—used to express what is required by the specification and is to be implemented exactly as written without deviation |
shall not |
—used to express what is forbidden by the specification |
should |
—used to express what is recommended by the specification without forbidding anything |
should not |
—used to indicate that something is discouraged but not forbidden by the specification |
may |
—used to indicate something that is permissible within the limits of the specification |
must |
—used to indicate either:
|
can |
—used to express a statement of possibility or capability |
Certain terms used in this specification have been updated and are no longer used by Bluetooth SIG. For a list of terms that have been updated and their replacement terms, see the Appropriate Language Mapping Tables [25].
1.3.1.1. Implementation alternatives
When specification content indicates that there are multiple alternatives to satisfy specification requirements, if one alternative is explained or illustrated in an example it is not intended to limit other alternatives that the specification requirements permit.
1.3.1.2. Discrepancies
It is the goal of Bluetooth SIG that specifications are clear, unambiguous, and do not contain discrepancies. However, members can report any perceived discrepancy by filing an erratum and can request a test case waiver as appropriate.
1.3.2. Reserved for Future Use
Where a field in a packet, Protocol Data Unit (PDU), or other data structure is described as "Reserved for Future Use" (irrespective of whether in uppercase or lowercase), the device creating the structure shall set its value to zero unless otherwise specified in this specification. Any device receiving or interpreting the structure shall ignore that field unless otherwise specified in this specification; in particular, it shall not reject the structure because of the value of the field.
Where a field, parameter, or other variable object can take a range of values and some values are described as "Reserved for Future Use," a device sending the object shall not set the object to those values. A device receiving an object with such a value should reject it, and any data structure containing it, as being erroneous; however, this does not apply in a context where the object is described as being ignored or it is specified to ignore unrecognized values.
When a field value is a bit field, unassigned bits can be marked as Reserved for Future Use and shall be set to 0. Implementations that receive a message that contains a Reserved for Future Use bit that is set to 1 shall process the message as if that bit was set to 0, except where specified otherwise in this specification.
The acronym RFU is equivalent to "Reserved for Future Use."
1.3.3. Prohibited
When a field value is an enumeration, unassigned values can be marked as “Prohibited.” These values shall never be used by an implementation, and any message received that includes a Prohibited value shall be ignored and shall not be processed and shall not be responded to, unless otherwise specified in this specification.
Where a field, parameter, or other variable object can take a range of values, and some values are described as “Prohibited,” devices shall not set the object to any of those Prohibited values. A device receiving an object with such a value should reject it, and any data structure containing it, as being erroneous, unless otherwise specified in this specification.
“Prohibited” is never abbreviated.
1.4. Table conventions
This section describes conventions regarding the following:
-
Requirements that are in a table
-
Indicating a cell that has no value or content
1.4.1. Requirements that are in a table
Unless otherwise stated, requirements that are in a table in this specification can be defined as "Mandatory" (M), "Optional" (O), "Excluded" (X), or "Conditional" (C.n). Conditional statements (C.n) are listed directly below the table in which they appear.
1.4.2. Indicating a cell that has no value or content
Where a cell in a table indicates an intended absence of a value or other content, the cell will contain “none” or a hyphen (i.e., a “minus” sign). Examples of this are:
-
In the “condition” column of the description of a finite state machine where a rule is unconditional
-
In the “action” column of the description of a finite state machine where a rule has no action
-
In a “restrictions” column where there are no applicable restrictions
-
In an interface description where there are no parameters of a specific type
An empty cell in a table indicates that there is no useful information that can be placed in that cell. Examples of this are:
-
In a “comments” column when there is no comment to make in a particular row
-
In a column specifying properties when the relevant item is reserved for future use (and therefore does not have any properties)
-
In a “units” column when the relevant item is unitless
1.5. Terminology
Table 1.2 lists all of the defined terms used in this specification.
Term |
Definition Location |
---|---|
accept list |
|
Access message |
|
address |
|
application key (AppKey) |
|
beacon |
|
bound states |
|
composite state |
|
Configuration Manager |
|
device |
|
device key (DevKey) |
|
directed forwarding |
|
directed relay |
|
element |
|
foundation models |
|
friendship |
|
IV Index |
|
key identifier |
|
low power |
|
managed flooding |
|
mesh gateway |
|
Mesh Manager |
|
mesh network |
|
mesh profile |
|
model |
|
multilane path |
|
neighboring node |
|
network key (NetKey) |
|
Network Message Cache |
|
node |
|
obfuscation |
|
path |
|
primary element |
|
primary subnet |
|
Provisionee |
|
Provisioner |
|
provisioning |
|
Proxy feature |
|
Proxy node |
|
Proxy Server |
|
reject list |
|
Relay feature |
|
Relay node |
|
remote provisioning |
|
replay protection |
|
secondary element |
|
state |
|
subnet |
|
tagging |
|
term |
|
Transport Control message |
|
unprovisioned device |
|
unsolicited message |
2. Mesh system architecture
This section provides an overview of the mesh network operation and layered system architecture.
2.1. Layered architecture
The Mesh Protocol specification is defined as a layered architecture as shown in Figure 2.1. The architecture includes two stacks – the mesh networking stack used by mesh nodes to communicate with each other (see Sections 3, 4, and [9]), and the mesh provisioning stack (see Section 5) used to provision devices on the network.
Both stacks are built on top of the LE Physical Transport defined in the Bluetooth Core Specification (see Vol 1, Part A, Section 3.2 in [24]). Mesh profiles are optional specifications that define use cases and implementation patterns to help improve interoperability and performance of systems based on Bluetooth mesh, such as networked lighting control systems or sensor networks.
Each layer of a stack processes the given messages and may deliver the processed messages to the next layer for further processing. The processing may involve, for example, encryption, decryption, the packing or unpacking of fields, or the execution of certain behaviors as indicated by data fields in the message.
During the course of processing, a layer can attach certain metadata, called tags, to a message in order to inform subsequent layers to customize the processing of the message for specific functionality. This process of attaching metadata to a message is called tagging.
The architecture is illustrated in Figure 2.1. The layers shown in blue are defined in this specification. The layers and profiles shown in green are defined in other specifications.
2.1.1. Model layer
Models are used to standardize the operation of typical user scenarios.
The model layer specifies the rules for allocating models on elements within a node.
The model layer also includes models which are defined in the Mesh Model specification [9] or in other higher-layer specifications.
2.1.2. Foundation Model layer
The foundation model layer defines the states, messages, and models required to configure and manage a mesh network.
2.1.3. Access layer
The access layer defines how higher layer applications can use the upper transport layer. It defines the format of the application data; it defines and controls the application data encryption and decryption performed in the upper transport layer; and it checks whether the incoming application data has been received in the context of the right network and application keys before forwarding it to the higher layer.
2.1.4. Upper transport layer
The upper transport layer encrypts, decrypts, and authenticates application data and is designed to provide confidentiality of Access messages. It also defines how Transport Control messages are used to manage the upper transport layer between nodes, including when used by the Friend feature and by directed forwarding functionality.
2.1.5. Lower transport layer
The lower transport layer defines how upper transport layer messages are segmented and reassembled into multiple Lower Transport PDUs to deliver large upper transport layer messages to other nodes. It also defines a single message to manage segmentation and reassembly (SAR).
2.1.6. Network layer
The network layer defines how transport messages are addressed towards one or more elements. It defines the Network PDU format that allows Transport PDUs to be transported by the bearer layer. The network layer decides whether to relay/forward Network PDUs, accept them for further processing, or reject them. It also defines how a Network PDU is encrypted and authenticated.
2.1.7. Bearer layer
The bearer layer defines how Network PDUs are transported between nodes. There are two bearers defined, the connectionless advertising bearer and the connection-oriented GATT bearer (for connections established between nodes known as a Proxy Server and a Proxy Client). Additional bearers may be defined in the future.
2.2. Overview of mesh operation
The mesh network operation defined by this specification is designed to:
-
enable messages to be sent from one element to one or more elements;
-
allow messages to be relayed via other nodes to extend the range of communication;
-
secure messages against known security attacks, including eavesdropping attacks, man-in-the-middle attacks, replay attacks, trash-can attacks, brute-force key attacks, and possible additional security attacks not documented here;
-
work on existing devices in the market today;
-
deliver messages in a timely manner;
-
continue to work when one or more devices are moved or stop operating; and
-
have built-in forward compatibility to support future versions of the Mesh Protocol specification.
Message relaying may use managed flooding, in which potentially every relay node relays the message further out, so the message is propagated in all directions. Messages are delivered over multiple hops by re-broadcasting the message at each hop to all neighboring nodes (i.e., nodes within direct radio range of each other), thus extending the range of the original message.
Alternatively, relaying may use directed forwarding (see Section 2.3.11), in which only relay nodes along a path toward the destination will relay the message until the message reaches the destination.
The node that originates the message decides whether to use managed flooding or directed forwarding.
A network message caching mechanism, also specified, is designed to prevent nodes from reprocessing Network PDUs that have already been processed. Entries corresponding to recently processed Network PDUs are added to a cached list. When a Network PDU is received, it is checked against the list and is ignored if a corresponding entry is already present. If an entry is not present, then it is added to the list so that the corresponding Network PDU can be ignored in the future. This helps prevent escalation of traffic in managed flooding as well as in directed forwarding when relays overhear repeated message transmissions. To keep the list from getting too long, an implementation limits the number of messages that are cached.
Each message includes a time to live (TTL) value that limits the number of times a message can be relayed (up to a maximum of 126 times). Each time a message is received and then relayed by a node, the TTL value is decremented by 1. This allows an originator to decide how far into the network the message is propagated.
2.2.1. Network and subnets
A mesh network consists of nodes sharing four common resources:
-
network addresses used to identify source and destination of messages (see Section 3.4.2);
-
network keys used to secure and authenticate messages at the network layer (see Section 3.9.6.3);
-
application keys used to secure and authenticate messages at the access layer (see Section 3.9.6.2); and
-
an IV Index used to extend the lifetime of the network (see Section 3.9.4).
A network can have one or more subnets that facilitate ”area” isolation (e.g., isolated hotel room subnets within a hotel network). A subnet is a group of nodes that can communicate with each other at a network layer because they share a network key. A node may belong to one or more subnets by knowing one or more network keys. At the time of provisioning, a device is provisioned to one subnet and may be added to more subnets using the Configuration Model.
A node that belongs to multiple subnets may support subnet bridge functionality. A node supporting subnet bridge functionality may be configured to retransmit messages from nodes in a subnet to nodes in other subnets, while attempts to reach unauthorized addresses are blocked. The second subnet, the one on which the messages are retransmitted, is referred to as a bridged subnet.
There is one special subnet called the primary subnet, which is based on the primary NetKey (see Section 3.9.6.4). Nodes on the primary subnet participate in the IV Update procedure (see Section 3.11.5), and propagate IV updates to other subnets, while nodes on other subnets only propagate the IV Index updates to those subnets.
The network resources are managed by a node, known as the Configuration Manager (typically a smart phone or other mobile computing device), which implements the Configuration Client model and optionally implements any of the Remote Provisioning Client and Directed Forwarding Configuration Client models. The network resources are allocated to nodes at the time of configuration. In particular, a Provisioner manages allocation of addresses to make sure no duplicate unicast addresses are allocated, whereas a Configuration Manager generates and distributes network and application keys and makes sure that devices that need to communicate with each other share proper keys for both network and access layers. The Configuration Manager also knows device keys (see Section 3.9.6.1), which are used to secure communication with each individual node, including distributing updated network and application keys.
2.2.2. Devices
In the context of this specification, a device is a Bluetooth end product. A device that is not a member of a mesh network is known as an unprovisioned device. A device that is a member of a mesh network is known as a node. A device that is used to manage the transitions between an unprovisioned device and a node is known as a Provisioner.
An unprovisioned device cannot send or receive mesh messages; however, it advertises its presence to Provisioners. The process of authenticating and providing basic information, including unicast addresses (see Section 3.4.2.2) and a network key (see Section 3.9.6.3) to an unprovisioned device is known as provisioning (see Section 2.2.3). A Provisioner will provision an unprovisioned device into a mesh network, converting the unprovisioned device into a node.
A node that implements the Configuration Client model (see Section 4.4.2) can start acting as a Configuration Manager when the Provisioner provides the node with the device keys of the nodes on the network. The Configuration Manager can then configure the nodes by providing them application keys (see Section 3.9.6.2) and setting publish and subscribe addresses (see Section 2.3.9) so that the nodes can communicate with each other.
A Configuration Manager, which is the same physical device as the Provisioner, is known as a Mesh Manager. A Configuration Manager can remove a node from a mesh network, which reverts it back to an unprovisioned device.
A device may support multiple instances of a node by offering itself to be provisioned to another mesh network after already being provisioned to a mesh network. Each instance of a mesh network is determined by addresses and a device key obtained by the device during provisioning.
2.2.3. Adding devices to a mesh network
Devices are added to a mesh network by a Provisioner, at which point they become nodes. The provisioning of devices into a mesh network differs from the point-to-point bonding and pairing that is typically used in Bluetooth wireless technology. Provisioning of devices is enabled using either a simple advertising bearer or a point-to-point GATT-based bearer. A single provisioning protocol is used over both bearers. Provisioning over an advertising-based bearer is implemented by all devices. Provisioning over a GATT-based bearer allows devices such as legacy phones (i.e., devices that do not support provisioning over an advertising bearer natively) to be Provisioners.
To assist with provisioning of multiple devices, a device has an attention timer that can be set by a Provisioner. When set to a non-zero value, the device identifies itself using any means it can. For example, the device may flash a light, make a sound, or vibrate. When the attention timer expires, the device stops identifying itself. This allows a Provisioner to send a single message to a device to cause it to identify itself and the device automatically stops identifying itself after a given time.
The protocol to run over these two bearers is a derivative of the Security Manager protocol of v4.2 of the Bluetooth Core Specification to introduce the ability to authenticate devices that have a very limited user interface, such as a light or a switch. The Security Manager protocol requires a reliable bearer, something that cannot be guaranteed by the advertising provisioning bearer; therefore the protocol used in this specification is designed to enable reliable delivery of messages independent of the bearer. The similarity to the Security Manager protocol enables significant reuse of existing code on devices that have implemented such functionality.
2.2.4. Communications support
Many current devices are unable to advertise or comprehend mesh messages without being updated. To enable these devices to communicate with a node in a mesh network without the need for an operating system update or similar hardware/software update, the specification enables the use of GATT connectivity for all existing devices.
2.2.5. Low power support
The features within this specification enable many devices in the mesh network to be battery-powered or to use techniques such as energy harvesting. Such devices may be constrained in how they can function as a part of a mesh network (e.g., devices that only send data when interacted with). This specification does not require devices to coordinate transmissions, make connections, or restart security on every connection; thus facilitating low power operation. Devices needing low power support can associate themselves with an always-on device that stores and relays messages on their behalf, using the concept known as friendship (see Section 3.6.6). However, devices that relay messages will receive messages as well as forward messages a majority of the time and are likely to use significantly more power than could be provided by typical small batteries or capacitors.
2.3. Architectural concepts
The mesh networking architecture uses several different concepts: states, messages, bindings, elements, addressing, models, publish-subscribe, mesh keys, and associations.
2.3.1. States
A state is a value representing a condition of an element or a node. A state may be valid in the context of a subnet or of one or more models.
An element exposing a state is referred to as a server. For example, the simplest server is a Generic OnOff Server, representing that it is either on or off.
An element accessing a state is referred to as a client. For example, the simplest client is a Generic OnOff Client (a binary switch) that is able to control a Generic OnOff Server via messages defined by the Generic OnOff Model.
A state that is made of two or more states is known as a composite state. For example, a color-changing lamp can control color hue separately from color saturation and brightness.
2.3.2. Bound states
When a state is bound to another state, a change in one results in a change in the other. Bound states may be from different models in one or more elements. For example, a common type of binding is between a Level state and an OnOff state: changing the Level to 0 changes the bound OnOff state to Off and changing the Level to a non-zero value changes the bound OnOff state to On.
2.3.3. Messages
All communication within a mesh network is accomplished by sending messages. There are two types of messages: Access messages and Transport Control messages.
Access messages operate on states. For each state, there is a defined set of Access messages that a server supports and a client may use to request a value of a state or to change a state. A server may also transmit unsolicited Access messages carrying information about states and/or changing states.
An Access message is defined as having an opcode, associated parameters, and behavior. An opcode may be a single octet (for special Access messages that require the maximum possible payload for parameters), 2 octets (for standard Access messages), or 3 octets (for vendor-specific Access messages).
A total Access message size, including an opcode, is determined by the underlying transport layer, which may use a SAR mechanism. To maximize performance and avoid the overhead of SAR, a design goal is to fit Access messages in a single segment. The lower transport layer provides up to 11 octets for a non-segmented message, leaving up to 10 octets that are available for parameters when using a 1-octet opcode, up to 9 octets available for parameters when using a 2-octet opcode, and up to 8 octets available for parameters when using a vendor-specific 3-octet opcode.
The lower transport layer provides a SAR mechanism capable of transporting up to 32 Access or Transport Control message segments. The maximum Upper Transport Access PDU size when using a SAR is 384 octets. This means that (excluding a TransMIC, see Section 3.9.7.1) up to 379 octets are available for parameters when using a 1-octet opcode, up to 378 octets are available for parameters when using a 2-octet opcode, and up to 377 octets are available for parameters when using a vendor-specific 3-octet opcode. The maximum Transport Control message size when using a SAR is 257 octets (including an opcode).
SAR effectively does not impose any extra overhead on the Access message per segment: a 10-octet Access message is transported as an unsegmented message, and a 20-octet message is transported as a segmented message that uses two segments.
Access message definitions contain tables of parameters. In a message payload, parameters follow an opcode, and parameter offsets are in octets unless otherwise specified.
Access messages are defined as acknowledged or unacknowledged. An acknowledged message requires a response whereas an unacknowledged message does not require a response.
Transport Control messages are associated with functionalities supported by the node. The Transport Control messages are transmitted and received by the upper transport layer. A Transport Control message is defined as having an opcode, associated parameters, and behavior. Transport Control messages use single-octet opcodes.
The lower transport layer provides a mechanism of SAR that is capable of transporting up to 32 segments of a Transport Control message.
Transport Control message definitions contain tables of parameters. In a message payload, parameters follow an opcode, and parameter offsets are in octets unless otherwise specified.
2.3.3.1. Aggregation of Access messages
The number of Access messages that need to be sent to set up complicated nodes can easily be more than 100. Each response that acknowledges an Access message is delayed by a random value from 20 to 50 milliseconds (see Section 3.7.3). For 100 Access messages, this recommendation introduces an average delay of 3.5 seconds. Additional delay is introduced by round-trip time for each request and response message.
To speed up the configuration of a node on a mesh network, aggregation of Access messages is introduced in this specification. The aggregation of messages mechanism can significantly lower configuration time for a newly provisioned device, by reducing the number of Access messages that need to be acknowledged and the round-trip time for each request and response message.
2.3.4. Elements
An element is an addressable entity on a node. Each node has at least one element, the primary element, and may have up to 254 additional secondary elements. The number and structure of elements is static and does not change throughout a term of a node (see Section 2.3.7).
The primary element is addressed using the first unicast address assigned to the node. Each additional secondary element is addressed using the subsequent addresses assigned to the node. The unicast element addresses allow nodes to identify which element on a node is transmitting or receiving a message.
If the number and structure of elements changes, for example due to a firmware update or a functionality being added by attaching a new physical component to the device, the current term of the node must end and a new term for the node must start, as required by Section 4.2.2.1.
Messages are dispatched within models based on opcodes and element addresses.
An element is not allowed to contain multiple instances of models that use the same message in the same way (for example, receive an “On” message). When multiple models within the same element use the same message, the models are said to “overlap.” To implement multiple instances of overlapping models within a single node (for example, to control multiple light fixtures that can be turned on and off), the node is required to contain multiple elements.
For example, a light fixture may have two lamps, each implementing an instance of the Light Lightness Server model and an instance of the Generic Power OnOff Server model. This requires that the node contain two elements, one for each lamp. When it receives an "On" message, the node uses the unicast address of the element to identify which instance of the Generic Power OnOff Server model the message is addressed to.
In another example, a dual-socket power strip contains two independent energy measurement sensors that can measure power consumed by an appliance connected to a socket. This would require that the node have two Sensor Data states, each in a separate element. The first element, the primary element, would be identified using the unicast address for the node and would include a state for the first energy sensor as well as states representing the configuration of the node. The second element, a secondary element, would be identified using a unicast element address and would include the state for the second energy sensor.
Each element has a GATT Bluetooth Namespace Descriptor [4] value that helps identify which part of the node this element represents. These namespace descriptor values use the same definitions as GATT. For example, the elements of the temperature sensor would use the values “inside” and “outside.”
2.3.5. Addresses
An address may be a unicast address, a virtual address, or a group address. There is also a special value to represent an unassigned address that is not used in messages.
A unicast address is allocated to an element and always represents a single element of a node during a term. There are 32767 unicast addresses per mesh network.
A virtual address is a multicast address and can represent multiple elements on one or more nodes. Each virtual address logically represents a Label UUID, which is a 128-bit value that does not have to be managed centrally. Each message sent to a Label UUID includes the full Label UUID in the message integrity check value that is used to authenticate the message. To reduce the overhead of checking every known Label UUID, a hash of the Label UUID is used. There are 16384 hash values, each of which codifies a set of virtual addresses. While there are only 16384 hash values used in a virtual address, each hash value can represent millions of possible Label UUIDs; therefore, the number of virtual addresses is considered very large.
A group address is a multicast address and can represent multiple elements on one or more nodes. There are 16384 group addresses per mesh network. There are a set of fixed group addresses that are used to address a subset of all primary elements of nodes based on the functionality of those nodes. All other group addresses are known as dynamically assigned group addresses. There are 256 fixed group addresses and 16128 dynamically assigned group addresses.
2.3.6. Models
A model defines the basic functionality of a node. A node may include multiple models. A model defines the required states (as described in Section 2.3.1), the messages that act upon those states (as described in Section 2.3.3), and any associated behavior.
A mesh application is specified using a client-server architecture communicating with a publish-subscribe paradigm. Due to the nature of mesh networks and the recognition that the configuration of behavior is performed by a Configuration Manager, an application is not defined in a single end-to-end specification such as a profile. Instead, an application is defined in a client model and a server model.
This specification defines two types of model: server models and client models:
-
Server model: A server model is composed of one or more states spanning one or more elements. The server model defines a set of mandatory messages that it can transmit or receive, the behavior required of the element when it transmits and receives such messages, and any additional behavior that occurs after messages are transmitted or received.
-
Client model: A client model defines a set of messages (both mandatory and optional) that a client uses to request, change, or consume corresponding server states, as defined by a server model. The client model does not have states.
A single device may include server models and/or client models. In addition, some models may contain both client and server functionality as described below.
This specification defines the following relationships among models:
-
Extend. When a first model inherits all states, messages and procedures of a second model, and the first model optionally contains additional states and supports additional messages and procedures not defined in the second model, the two models have an extend relationship (i.e., the first model extends the second model). The extend relationship may be hierarchical (e.g., the first model may extend a second model that extends a third model).
-
Correspond. When models share state/procedure instances and work together to achieve some functionality, they have a correspond relationship. Models that have a correspond relationship may share either state instances or state bindings; however, they may have different messages and uninherited procedures interacting with the states.
This specification defines the following types of models:
-
Base. A model that is extended by another model is called a base model.
-
Root. A model is defined as a root model if it does not extend any other models. A root model may serve as a base model for other models.
-
Extending. A model that is extending another model is called an extending model.
-
Corresponding. A model that has a correspond relationship with another model is called a corresponding model.
-
Main. A main model is a model at the end of an extension hierarchy that indicates an instance of a functionality on a node. A main model is not extended by other models within the scope of the functionality. A main model can be an extending model or a corresponding model.
For example, Figure 2.2 shows the element-model structure for a device that implements a server model (Device C) with a state and supporting messages R, S, T, X, Y, Z; and two devices that implement a client model, with Device A supporting messages X, Y, and Z and Device B supporting messages R, S, T, and Z.
In another example, Figure 2.3 shows the element-model structure of a device that implements a model that is itself a server model and also a client of some other server models. Device C can communicate with server models as a client (supporting messages X, Y, and Z and messages R, S, and T respectively) and can communicate with client models as a server (supporting messages A, B, and C).
A lighting control model is an example of a model that includes server functionality, client functionality, and control logic. A typical lighting control model needs to function as a client to sensors (e.g., to determine occupancy and/or the ambient light level by receiving relevant sensor status messages) and to function as a server to a settings client (such as a smartphone application that configures its parameters). Control logic in such a model may then control the lighting via defined state bindings if the model is included within a light source such as a lamp or other luminaire. In addition, if the lighting controller also acts as a client for one or more light sources, the lighting controller can be implemented in a separate node rather than necessarily being included within a light source.
Models can define functions of a device as a network node, such as key management, address assignment, and relaying of messages. Models also define physical behaviors of a device built around a network node, such as power control, lighting control, and sensor data collection. There may be nodes implementing only network-related functions, such as Relay nodes or Proxy nodes, while the majority of nodes are able to interact with the physical world by means of controlling electrical power, controlling light emissions, or sensing environmental data.
A message can be used by multiple different models. Message behavior is the same in each model, enabling a common understanding among client and server models because the behavior is consistent regardless of the models that send and process the message.
Model specifications are designed to be very small and self-contained. A model may, at the specification definition time, require other models to be instantiated within the same node. This is called extending, which means a model can extend other models.
Models that do not extend other models are referred to as root models.
Model specifications are immutable: it is not possible to remove or add behavior to a model, whether the desired behavior is optional behavior or mandatory. Models are not versioned and have no feature bits. If additional behavior is required in a model, then a new extended model is defined that exposes the required behavior and can be implemented alongside the original model.
Therefore, knowledge of the models supported by an element determines the exact behavior exposed by that element.
Additionally, models may support metadata that provide additional information about a specific instance of the model. For example, the lighting control model may expose information about the purpose of the light source in the physical device.
Models may be defined and adopted by Bluetooth SIG and may be defined by vendors. Models defined by Bluetooth SIG are known as SIG adopted models, and models defined by vendors are known as vendor models. Models are identified by unique identifiers, which can be either 16 bits, for SIG adopted models, or 32 bits, for vendor models.
For example, Figure 2.4 shows the element-model structure of a device that implements a root model with two bound states and a set of messages operating on each state. The root model is within the primary element and is extended by the extended model that adds another state on a secondary element. Messages are not capable of differentiating among multiple instances of the same state on the same element. Therefore, when more than one instance of a given state is present on a device, each instance is required to be in a separate element. In this example, the second instance of State X is required to be located on the second element because it is the same type of a state and thus has the same types of messages serving it.
This example structure can be multiplied for a composite device. For example, a composite device can have multiple instances of the same root model (or extended models), each on a separate element (or set of elements). Also, if a model (root or extended) needs more than one instance of a particular state, the states are distributed across several elements so that, at most, a single instance of any given state is on an element.
Figure 2.5 illustrates how the element-model structure of the device in Figure 2.4 might be implemented in a composite device. The element-model structure of the device is described by the Composition Data (see Section 4.2.1) that is read by a Configuration Manager after provisioning (see Section 5), using the Configuration Server model and the Configuration Client model (see Sections 4.4.1 and 4.4.2).
2.3.7. Terms
A term is a period in the lifetime of a node during which the structure of the node (i.e., the features, the elements and models) and the unicast addresses of the node’s elements do not change.
Starting a new term may be necessary to support a change in the hardware configuration of a physical device, such as the attachment of an auxiliary sensor, or to support a change in subsystem configuration on the node, such as the attachment of a new gear to an intra-luminaire network. The changes are indicated by the node by populating Composition Data Page 128 (see Section 4.2.2.4) and take effect when a new term starts.
The initial term of a node on a network starts when the node is provisioned on the network.
A term ends and a new term starts when a Node Address Refresh procedure or a Node Composition Refresh procedure is executed (see Section 3.11.8).
The last term of a node on a network ends when the node is removed from the network.
2.3.8. Example device
To help explain how the arrangement of models within elements determines the state and behavior of a device, we will use a dual-socket smart power strip device (shown in Figure 2.6) as an example. This device has a single radio that has the low energy feature of Bluetooth and two independent power sockets, each capable of controlling the power output. This example includes states, messages, and models defined in the Mesh Model specification [9].
The device has two elements (see Section 2.3.4) that represent each of the two power sockets. Each element has a unicast address assigned to it.
The functionality of each element is defined by the Generic Power Level Server model. The model defines a set of states on a server, as well as a set of messages that operate on the states.
A Generic Power Level Set message may be sent to the device to control the output power. The message is addressed to an element and carries the element’s address in the DST field (see Section 2.3.9).
The sockets can also be controlled by generic devices (such as a dimmer) that implement the Generic Level Client model (and do not know anything about power control). This model simply sets a desired level to zero, a maximum value, or a value in between. Power to the sockets is controlled through state binding. In each power socket, the Generic Power Actual state is bound to the Generic Level state. A Generic Level Client sends Generic Level messages to the Generic Level Server. The Generic Level state is changed, which in turn (via the defined binding) changes the Generic Power Actual state that controls the power output.
Elements can report states. In our example, each socket may report power level as well as the energy consumption of a device plugged into the socket. Energy consumption is reported using messages defined by the Sensor Server model. Each message has the element’s address, which identifies the socket, in its SRC field (see Section 3.4.4.6).
Figure 2.7 illustrates the element-model structure for the dual-socket device. Functionally, both elements of the device have identical features. The only difference is that the primary element handles the Configuration Server model, which is used for network management, in addition to the other models. Each element may have other models defined such as the Health Server model (see Section 4.4.4) or models defined in the Mesh Model specification [9].
2.3.9. Publish-subscribe and message exchange
Publication and subscription of data within the mesh network is described as using a publish-subscribe paradigm. Nodes that generate messages publish the messages to a unicast address, group address, or virtual address. Nodes that are interested in receiving the messages will subscribe to these addresses.
Generated messages are sent to destination mesh addresses that can be unicast, pre-configured group addresses, or virtual addresses. Messages can be sent as replies to other messages or can be unsolicited messages. When an instance of a model is sending a reply message, it uses the incoming message originator’s source address as the destination address. When an instance of a model is sending unsolicited messages, it uses a model publish address as the destination address. Each instance of a model within a node has a single publish address.
On the receiving side, each instance of a model within a node can subscribe to one or more group addresses or virtual addresses. Whenever a message that is addressed to a group address or a virtual address on one of the model’s subscription lists arrives, it is processed by the node. A message is also processed when its destination address is the unicast address of a receiving element or when its destination address is a fixed group address that this device is a member of. If a node has multiple elements, then the message is processed once on each of the addressed elements.
Publish addresses and subscription lists for models defined by higher layer specifications use the Model Publication and Subscription List states that are managed by the Configuration Server Model.
A node can have multiple subscriptions per instance of a model’s element, although nodes may limit the number of subscriptions that are supported. Using multiple subscription addresses allows a node to respond to messages that are published to different groups. For example, a light may be subscribed to messages sent to the bedside light group, the bedroom group, the upstairs group, and the house group.
Each message is sent from a single unicast address (an element address) and sequenced using a unique sequence number to facilitate detection of and protection against replay attacks.
2.3.10. Security
All messages are encrypted and authenticated using two types of keys. One key type is for the network layer communication, such that all communication within a mesh network would use the same network key. The other key type is for application data. Separating the keys for networking and applications allows different application keys for different purposes. This allows the creation of separate security domains for separate applications (e.g., one domain for access control to a building and another domain for ambient temperature sensing).
2.3.10.1. Application and network security
Encrypting and authenticating messages at the upper transport layer and network layer is designed to secure communications within the mesh network against eavesdroppers and malicious attacks. Each layer maintains distinct keys to allow separation between application and network entities.
Splitting application keys from network keys enables secure relay transmission of messages: Relay nodes can authenticate messages at network level without accessing the application data. For example, a light bulb acting as a Relay node should not be able to unlock doors.
The application key is used directly along with an associated application key identifier (AID) that is used in certain contexts to identify the application used. However, the network key is always used through a key derivation function to generate other keys that are used directly. Examples of such keys include EncryptionKey and PrivacyKey. This allows a single network key to be changed and all the associated values that are derived from that key to be quickly derived. As with the application key, the network key is also used to derive a network key identifier (see Section 3.9.6).
The security model defines three separate keys (the device key (DevKey), the application key (AppKey), and the network key (NetKey)) to secure the messages. When a node is given a key, it is authorized to use that key. A key that is shared between multiple nodes enables any node with that key to transmit and receive messages using that key.
The device key facilitates confidentiality and authentication of key material between a Configuration Manager and a single node. The application key facilitates confidentiality and authentication of application data sent between intended nodes. The network key facilitates privacy, confidentiality, and authenticity of network messages. A node may have knowledge of a single device key, multiple application keys, and multiple network keys.
A device key is similar to an application key in that it is designed to secure information sent by an application in the upper transport layer. However, a device key is known only by the Provisioner, the Configuration Manager, and the single node. The Configuration Manager knows the device keys for all nodes, which allows the Configuration Manager to securely distribute keys to a set of nodes by sending these keys secured with the device key for each individual node, allowing a key distribution to be targeted at only those nodes that need to know. Use of a device key is designed to protect against the “trash-can” attack (a technique to retrieve information from a disposed device that can be used to carry out an attack on a network) by allowing the distribution of new network and application keys to selected devices only.
The network key and the device keys for the nodes on the network constitute the ownership of the network. Ownership of the network may be changed by executing any of the Node Provisioning Protocol Interface procedures for every node on the network (see Section 3.11.8) and executing the Key Refresh procedure (see Section 3.11.4).
An application key can only be used with a single network key. This implies that a network key has one or more application keys associated with it. This association is known as the key binding.
The granularity of access layer security is on a per-model basis. Each server model has a set of application keys bound to it, defining the possible keys that should be used to encrypt and authenticate a message to be processed by the model. This allows multiple entities to operate certain node functions. Up to 251 application keys can be bound to a model. For example, a Light Lightness Server Model has three keys bound to it because the admin, user, and guest can all switch on a light. However, only the admin can configure the lamp, so the Configuration Server Model has only the admin application key bound to it.
2.3.10.2. Obfuscation
The network security model utilizes a privacy mechanism called obfuscation that utilizes the Advanced Encryption Standard (AES) to encrypt the source address, sequence numbers, and other header information using a PrivacyKey. The intent for obfuscation is to make tracking nodes more difficult.
2.3.10.3. Network and application key identifiers
A node may have multiple network or application keys.
By using a key identifier, it is possible to identify which subset of keys are used to secure the message. For example, instead of checking 20 keys, a node may only need to check two keys that have the same least significant bits of the key identifier. If a message is received with a key identifier that is not known, then the node can immediately discard it.
The key identifier is generated from the network or application key using a key derivation function.
This specification defines a separate identifier for the network key and application key. A network key identifier is transmitted in each Network PDU using a 7-bit value, while the AID is transmitted in each Lower Transport PDU using a 6-bit value.
2.3.10.4. Initialization vector index
A Network PDU contains a 24-bit sequence number that allows an element to transmit 16,777,216 Network PDUs. The sequence number is used in the security nonce to provide uniqueness; therefore, the sequence number cannot wrap. If an element is transmitting a new message at 2 Hz, then these sequence numbers would be exhausted after 97 days. To enable a mesh network to operate for longer periods of time than the sequence number space allows, an additional 4-octet value called the IV Index is defined that is included in the security nonce. For example, using the same 2 Hz message frequency would measure the lifetime of the network using the IV Index in billions of years.
To enable a gradual transition from one IV Index to the next, each Network PDU includes the least significant bit of the IV Index that was used to transmit the message. A node can also use an IV Update procedure to signal to peer nodes that it is updating the IV Index. This procedure takes a minimum of eight days to transition from the old IV Index to the new IV Index, thereby limiting the frequency that a node can transmit messages to 24 Hz. However, a node should not send more than 100 Network PDUs in any 10 second window, so this would typically take approximately 19 days to exhaust.
2.3.11. Directed forwarding
Directed forwarding is designed to help improve performance of a multi-hop network by selecting only a subset of nodes to relay a message from a source to a destination. This subset, including the source node and the destination node(s), constitutes a path, as defined by directed forwarding. A path is identified by a pair of addresses: a source address and a destination address. The destination address may be a unicast address, a group address, or a virtual address.
The source node of a path is the Path Origin, and each destination node of a path is a Path Target (see Section 3.6.8.1).
The Path Origin is configured to use managed flooding or directed forwarding when originating a message (see Section 3.7.3.1). Managed flooding and directed forwarding use different security materials, respectively the managed flooding security material and the directed security material, which are obtained from the same network key (see Section 3.9.6.3.1).
A directed forwarding node uses a forwarding table to store pairs of source and destination addresses for each path it is part of. There is a separate forwarding table for each subnet. When a message is received by a node that is configured to relay messages using directed forwarding, the node compares the source and destination addresses of the message against the entries in the table and retransmits the message only if there is a match. That restricts message forwarding only to nodes along an established path.
Nodes forming a path may be explicitly configured by a Configuration Manager or a path may be discovered and maintained following the request of a node that is originating messages. To help improve reliability and resilience, a path may have multiple lanes between source node and destination node(s) that take advantage of several relays overhearing a message relayed on each hop. Lanes of a path are discovered sequentially. The path discovery and maintenance policy of an originator is configured by the Configuration Manager and controls aspects such as path lifetime, verification and rediscovery cadence, the number of redundant lanes, and whether the paths are unidirectional or bidirectional.
Directed forwarding nodes, known as supporting nodes, may act on behalf of Low Power nodes or Proxy Client nodes, known as dependent nodes, to discover paths, to establish paths, and to provide path updates when the network topology changes. For more information on node dependence, see Section 3.6.8.3.
There is no limitation on the number of directed forwarding relays in a network (other than the total number of nodes). When using directed forwarding, the message forwarding load may be distributed among several nodes. Each node may function as a directed forwarding relay: the node will only relay a portion of overall traffic.
2.3.12. Friendship
Friendship is used by Low Power nodes to limit the amount of time that they need to listen. If a node cannot receive continuously, then it is possible that it will not receive mesh messages that it should be processing. This includes security updates required for maintaining the security of the network as well as the normal mesh messages.
If the Low Power node does not receive such messages, then it may not operate as desired and it may also fail to keep up-to-date with the latest security state of the network and eventually drop off the network if this security is changed without its knowledge.
Friendship is a special relationship between a Low Power node and one neighboring Friend node. These nodes must be within a single hop of each other and in the same subnet, as required by Section 3.6.6.3.1.
Friendship is first established and initiated by the Low Power node; once established, the Friend node performs a number of actions that help reduce the power consumption on the Low Power node. The Friend node maintains a Friend Queue for the Low Power node, which stores all incoming messages addressed to the Low Power node. The Friend node delivers those messages to the Low Power node when requested by the Low Power node. Also, the Friend node delivers security updates to the Low Power node.
When friendship is established between a Low Power node and one Friend node, the two nodes are considered to be “friends”.
An example topology of a mesh network illustrating Friend nodes and Low Power nodes is shown and described in Section 2.3.14.
2.3.13. Features and functionality
The capabilities of a node are determined by the features and functionality that the node supports. All nodes have the ability to transmit and receive mesh messages. Nodes can also optionally support one or more additional features, as defined by the Configuration Server model:
-
Relay feature – the ability to receive and retransmit mesh messages over the advertising bearer to enable larger networks.
-
Proxy feature – the ability to receive and retransmit mesh messages between GATT and advertising bearers.
-
Low Power feature – the ability to operate within a mesh network at significantly reduced receiver duty cycles only in conjunction with a node supporting the Friend feature.
-
Friend feature – the ability to help a node supporting the Low Power feature to operate by storing messages destined for those nodes.
A node that supports a feature may have that feature enabled or disabled, and the feature, when enabled, may be or may not be in use.
A node supporting the Relay feature may have this feature disabled, but it would still support the Relay feature, it is just that it is not performing the functionality required by that feature. A node that supports the Relay feature and has the Relay feature enabled is known as a Relay node.
Proxy functionality is supported by nodes that support relaying/forwarding of Network PDUs received by a node between GATT and advertising bearers. A node supporting the Proxy feature may have this feature disabled, but it would still support the Proxy feature, it is just that it is not performing the functionality required by that feature. A node that supports the Proxy feature and has the Proxy feature enabled is known as a Proxy node.
A node supporting the Low Power feature cannot have this feature disabled and, as required by Section 3.6.6.3, must establish a friendship with another node supporting the Friend feature before it can use the Low Power feature to reduce receiver duty cycles. A node that supports the Low Power feature and has a friendship with a node that supports the Friend feature is known as a Low Power node.
A node supporting the Friend feature may have this feature disabled, but it would still support the Friend feature, it is just that it is not performing the functionality required by that feature. A node that supports the Friend feature, has the Friend feature enabled, and has a friendship with a node that supports the Low Power feature is known as a Friend node.
Other Foundation models support additional functionality. For example, the Directed Forwarding Configuration Server model (see Section 4.4.7) supports directed forwarding functionality. Directed forwarding can be performed only among nodes in a subnet that have directed forwarding functionality enabled. A node with directed forwarding functionality enabled in a subnet is known as a Directed Forwarding node in that subnet.
Additional functionalities can be enabled or disabled in Directed Forwarding nodes:
-
directed relay functionality – the ability to participate in finding paths and relaying messages along paths
-
directed proxy functionality – the ability to establish paths on behalf of a Proxy Client
-
directed friend functionality – the ability to establish paths on behalf of a Low Power node
Directed relay functionality can be enabled or disabled in nodes that support directed forwarding. A Directed Forwarding node with directed relay functionality enabled in a subnet is known as a Directed Relay node in that subnet (see Section 3.6.8.1).
Directed proxy functionality is supported by nodes that support both the Proxy feature and directed forwarding functionality; otherwise, it is not supported. When directed proxy functionality is supported, it can be enabled or disabled. A Directed Forwarding node with directed proxy functionality enabled in a subnet is known as a Directed Proxy node in that subnet (see Section 3.6.8.1).
Directed friend functionality is supported by nodes that support both the Friend feature and directed forwarding functionality. When directed friend functionality is supported, it can be enabled or disabled. A Directed Forwarding node with directed friend functionality enabled in a subnet is known as a Directed Friend node in that subnet (see Section 3.6.8.1).
A Directed Forwarding node that supports the Low Power feature in a subnet can perform directed forwarding in that subnet if the node is not in a friendship in the same subnet, because the node behaves like a regular node while not in a friendship. If the node is in a friendship with a Directed Friend node, then directed forwarding can be performed by the Directed Friend node. If the node is in a friendship with a Friend node that does not have directed friend functionality supported and enabled, then directed forwarding cannot be performed.
Subnet bridging can be performed only by a node that has subnet bridge functionality enabled. A node with subnet bridge functionality enabled is known as a Subnet Bridge.
Private Proxy functionality is supported by nodes that support the Proxy feature, Private Network Identity advertising (see Section 7.2.2.2.4), and Mesh Private beacons (see Section 3.10.4); otherwise, Private Proxy functionality is not supported. When Private Proxy functionality is supported, it can be enabled or disabled.
On-Demand Private Proxy functionality is supported by nodes that support On-Demand Private Proxy Server model (see Section 4.4.13) and Solicitation PDU with Identification Type equal to 0x00 (see Section 6.9.1); otherwise, On-Demand Private Proxy functionality is not supported.
Node Identity functionality is supported by nodes that support exchange of Network PDUs between two nodes connected via GATT; otherwise, Node Identity functionality is not supported.
Private Node Identity functionality is supported by nodes that support Node Identity functionality and Advertising with Private Node Identity (see Section 7.2.2.2.5); otherwise, Private Node Identity functionality is not supported.
2.3.14. Topology
Nodes that support the various features described above can be formed into a mesh network. An illustration of a mesh network is shown in Figure 2.8 below.
Figure 2.8 shows three Relay nodes: Q, R, and S. Although three nodes N, O, and P support the Friend feature, node N does not have any friendships, and therefore, only O and P are Friend nodes. There are five Low Power nodes: I, J, K, L, and M. Nodes I, J, and K have node P as their friend, while nodes L and M have node O as their friend. Node T is connected to the mesh network using a GATT bearer; therefore, node S retransmits all messages to and from node T.
For example, if a message is to be sent from T to L, then T will send the message to node S using the GATT bearer. Node S will retransmit this message using the advertising bearer. Nodes H, R, N, and O are within radio range of node S; therefore, they will receive this message. Node O, being the friend of node L will store the message, and if the message was a segmented message, node O will respond with an acknowledgment at the lower transport layer. Sometime later, L will poll node O to check for new messages, such that O will forward the message originally sent by T to L.
Figure 2.9 shows the same topology in Figure 2.8, used in the context of directed forwarding between a source node M and a destination node H. Node M is a Low Power node and is in friendship with node O. Node O implements directed friend functionality and establishes a 2-lane path on behalf of node M toward the destination node H. Nodes A, C, E, G, N, Q, R, and S support directed relay functionality, but only node R and node S are in the path between node M and node H. Therefore, regardless of the number of Directed Relay nodes, traffic is confined within the established paths. In this example, nodes E, G, N, and Q do not relay messages from node M to node H, even if they overhear them.
2.4. Mesh gateway
A mesh gateway is a node that is able to translate messages between the mesh network and a non-Bluetooth technology. A node may be able to send and receive mesh messages through a mesh gateway while not in the range of any of the Relay nodes. This translation is out of scope for this specification.
2.5. Concurrency limitations and restrictions
There are no concurrency limitations or restrictions for nodes imposed by this specification.
2.6. Topology limitations and restrictions
There are no topology limitations or restrictions imposed by this specification when used with the LE Physical Transport (see Vol 1, Part A, Section 3.2 in [24]).
3. Mesh networking
This section is structured as in the layered architecture that is described in Section 2.1. In addition, there are sections on mesh security and mesh network management.
3.1. Conventions
The following conventions apply to this specification.
3.1.1. Endianness and field ordering
For the network layer, lower transport layer, upper transport layer, mesh beacons, and Provisioning, all multiple-octet numeric values shall be sent in big-endian, as described in Section 3.1.1.1.
For the access layer and Foundation Models, all multiple-octet numeric values shall be little-endian as described in Section 3.1.1.2.
Where network data structures are made of multiple fields, the fields are listed in the tables from top to bottom and they appear in the corresponding figures from left to right (i.e., the top row of the table corresponds to the left of the figure). Table 3.1 shows an example data structure made up of multiple fields.
Field |
Size |
Field Content Description |
---|---|---|
Field 0 |
4 |
The start of this field is in Octet 0 (left most octet in corresponding figure) |
Field 1 |
12 |
The start of this field is in Octet 0 and ends in Octet 1 |
Field 2 |
16 |
The start of this field is in Octet 2 and ends in Octet 3 |
In order to convert the data structure defined in a table into a series of octets in the layer that uses big-endian the following procedure is used. The binary number with N unassigned bits is created. The number of bits N in the number is equal to the sum of the number of bits of every field in the table. The most significant bits (MSbs) of the number are set to the value of Field 0 (first row of the table), then the number’s unassigned MSbs are set to the value of Field 1. This procedure is continued for consecutive fields of the table and ends when least significant bits (LSbs) of the number are set to value of last field of the table. As a final step the number is transmitted in big-endian format (i.e., most significant octet first). This is illustrated in Figure 3.1.
For example, the field 0 is 4 bits wide and has value of 0x6, field 1 is 12 bits wide and has value 0x987, and field 2 is 16 bits wide and has value of 0x1234. The value of the binary number is 0x69871234 and shall be transmitted as 0x69, 0x87, 0x12, 0x34.
In order to convert the data structure defined in a table into a series of octets in the layer that uses little-endian the following procedure is used. The binary number with N unassigned bits is created. The number of bits N in the number is equal to the sum of the number of bits of every field in the table. The LSbs of the number are set to the value of Field 0 (first row of the table), then the number’s unassigned LSbs are set to the value of Field 1. This procedure is continued for consecutive fields of the table and ends when MSbs of the number are set to the value of last field of the table. As a final step the number is transmitted in little-endian format (i.e., least significant octet first). This is illustrated in Figure 3.2.
For example, the field 0 is 4 bits wide and has a value of 0x6, field 1 is 12 bits wide and has a value of 0x987, and field 2 is 16 bits wide and has a value of 0x1234. The value of the binary number is 0x12349876 and shall be transmitted as 0x76, 0x98, 0x34, 0x12.
3.1.1.1. Big-endian
When multiple-octet values are defined as sent in big-endian (also known as “network byte order”), the conventions in this section apply. For example, the value 0x123456 shall be transmitted as 0x12, 0x34, and 0x56 (most significant octet first).
3.1.1.2. Little-endian
When multiple-octet values are defined as sent in little-endian, the conventions in this section apply. For example, the value 0x123456 shall be transmitted as 0x56, 0x34, and 0x12 (least significant octet first).
3.1.2. One-shot timers
This specification establishes definitions for terminology related to one-shot timers. A one-shot timer counts down from an initial value and when the counter reaches zero, the timer expires. The timer value is defined as the current value of the counter.
Table 3.2 establishes the definitions for actions that can be performed on a timer.
Action |
Description |
---|---|
Start from the initial value |
The timer value is set to the initial value and the timer countdown is immediately started. |
Start from the current value |
The timer value is not changed and the timer countdown is immediately started. |
Stop |
The timer countdown is immediately stopped and the timer value is stored. |
When the timer value reaches zero, the timer countdown stops and the timer expires. The timer expiration is an event that may have a behavior defined in this specification.
Table 3.3 establishes the definitions for checking timer status.
Timer Status |
Description |
---|---|
Is running |
The status beginning when the countdown timer starts until it stops. |
Is not running |
The status when the timer countdown is stopped. |
3.2. Features
This specification defines four optional features:
-
Relay feature (see Section 3.4.6.1)
-
Proxy feature (see Section 3.4.6.2)
-
Friend feature (see Section 3.6.6.3)
-
Low Power feature (see Section 3.6.6.4)
3.3. Bearers
This specification defines two mesh bearers over which mesh messages may be transported:
-
An advertising bearer (see Section 3.3.1)
-
A GATT bearer (see Section 3.3.2)
A node shall support the advertising bearer or the GATT bearer or both.
Bearers are identified by 2-octet indexes as described in Section 4.3.1.4.
3.3.1. Advertising bearer
When using the advertising bearer, a mesh packet shall be sent in the ADV_NONCONN_IND PDU (see [1]) using the Mesh Message AD type identified by «Mesh Message» as defined in [4].
The format of the Mesh Message AD type is defined in Table 3.4.
Field |
Size |
Description |
Req. |
---|---|---|---|
Length |
1 |
Length of the AD Type and Network PDU fields |
M |
AD Type |
1 |
«Mesh Message» |
M |
Network PDU |
variable |
Network PDU |
M |
ADV_NONCONN_IND PDUs are used because there is no need to include the Flags AD Type in the advertising packets, thereby enabling two additional octets to be allocated to the Network PDU (see [5]).
To lower the probability of packet collisions on all advertising channels, the gap between consecutive packets within an Advertising Event (see [1]) and the sequence of the used primary advertising channels within an Advertising Event (see [24]) should be randomized.
A device supporting only the advertising bearer should perform passive scanning with a duty cycle as close to 100 percent as possible in order to avoid missing any incoming mesh messages or Provisioning PDUs.
All devices shall support both the Observer and Broadcaster roles, which are defined in the Generic Access Profile (GAP) [1].
3.3.2. GATT bearer
The GATT bearer is provided to enable devices that are not capable of supporting the advertising bearer to participate in a mesh network. The GATT bearer uses the Proxy protocol (see Section 6) to transmit and receive Proxy PDUs between two devices over a GATT connection.
The GATT bearer uses a characteristic to write to and receive notifications of mesh messages using the attribute protocol.
The GATT bearer defines two roles: a GATT Bearer Client and a GATT Bearer Server.
The GATT Bearer Client shall be a GATT Client and shall support the Proxy Client role (see Section 6.2.1). The GATT Bearer Server shall be a GATT Server and shall support the Proxy Server role (see Section 6.2.1).
The GATT Bearer Server shall instantiate one and only one Mesh Proxy Service, as defined in Section 7.2.
The GATT Bearer Client shall support the Mesh Proxy Service.
The GATT Bearer Client shall perform primary service discovery using either the GATT Discover All Primary Services sub-procedure or the GATT Discover Primary Services by Service UUID sub-procedure to discover the Mesh Proxy Service.
As required by the GATT profile defined in Volume 3, Part G of the Core Specification [1], the GATT Bearer Client must be tolerant of additional optional characteristics in the service records of services used with the GATT profile.
The GATT Bearer Client shall use either the GATT Discover All Characteristics of a Service sub-procedure or the GATT Discover Characteristics by UUID sub-procedure to discover the characteristics of the service.
The GATT Bearer Client shall use the GATT Discover All Characteristic Descriptors sub-procedure to discover the characteristic descriptors, which are described in the following sections.
The GATT Bearer Client shall discover the Mesh Proxy Data In characteristic, Mesh Proxy Data Out characteristic and its Client Characteristic Configuration descriptor. Once the Client Characteristic Configuration descriptor has been discovered, it shall enable notifications using this characteristic.
To send a Proxy PDU (see Section 6.3), the GATT Bearer Client shall use the Write Without Response sub-procedure to write the Proxy PDU to the GATT Bearer Server by writing to the Mesh Proxy Data In characteristic.
To receive a Proxy PDU, the GATT Bearer Client shall be able to receive multiple notifications of the Mesh Proxy Data Out characteristic. Each notification contains a single Proxy PDU.
Figure 3.3 illustrates the GATT Bearer Server and network layer (see Section 3.4) interactions.
3.4. Network layer
The network layer defines the Network PDU format that allows Lower Transport PDUs to be transported by the bearer layer. It decrypts and authenticates and forwards incoming Network PDUs received on input interfaces to upper layers and/or output interfaces and encrypts and authenticates and forwards outgoing Network PDUs delivering them to output network interfaces.
3.4.1. Endianness
All multiple-octet numeric values in this layer shall be sent in big-endian, as described in Section 3.1.1.1.
3.4.2. Addresses
The network layer defines four basic types of addresses: unassigned, unicast, virtual, and group.
Addresses are 16 bits in length and are encoded as defined in Table 3.5 below.
Values |
Address Type |
---|---|
0b0000000000000000 |
Unassigned Address |
0b0xxxxxxxxxxxxxxx (excluding 0b0000000000000000) |
Unicast Address |
0b10xxxxxxxxxxxxxx |
Virtual Address |
0b11xxxxxxxxxxxxxx |
Group Address |
3.4.2.1. Unassigned address
An unassigned address is an address in which the element of a node has not been configured yet or no address has been allocated. The unassigned address shall have the value 0x0000 as shown in Figure 3.4 below. This may be used, for example, to disable message publishing of a model by setting the publish address of a model to the unassigned address.
An unassigned address shall not be used in the SRC field or the DST field of a Network PDU.
3.4.2.2. Unicast address
A unicast address is a unique address allocated to each element. A unicast address has bit 15 set to 0. The unicast address shall not have the value 0x0000, and therefore can have any value from 0x0001 to 0x7FFF inclusive as shown in Figure 3.5 below.
A unicast address is allocated to each element of a node for a term of the node on the network. The address allocation for the initial term is performed by a Provisioner during provisioning as described in Section 5.4.2.5. The address may be changed by executing the Node Address Refresh procedure (see Section 3.11.8.5) or the Node Composition Refresh procedure (see Section 3.11.8.6). The address may be unallocated by a Provisioner to allow the address to be reused using the procedure defined in Section 3.11.7.
A unicast address shall be used in the SRC field of a Network PDU and may be used in the DST field of a Network PDU. A Network PDU sent to a unicast address shall be processed by at most one element.
3.4.2.2.1. Unicast address range format
A range of unicast addresses may be used in a message, for example, to communicate all the unicast addresses used by a node. In this case, the unicast address range format can be used to efficiently pack the range of unicast addresses. In the unicast address range format, the 15 least significant bits of the starting unicast address of the range and the number of addresses in the range are formatted as in Table 3.6.
Field Name |
Bits |
Description |
Req. |
---|---|---|---|
LengthPresent |
1 |
Indicates the presence or absence of the RangeLength field. |
M |
RangeStart |
15 |
15 least significant bits of the starting unicast address |
M |
RangeLength |
8 |
Number of addresses in the range (0x02 – 0xFF) |
C.1 |
- C.1:
-
If the LengthPresent field value is 1, the RangeLength field shall be present; otherwise, the RangeLength field shall not be present.
The LengthPresent field indicates whether the address range contains a single address or multiple addresses. The LengthPresent field value shall be set to 1 when the number of addresses in the range of unicast addresses is greater than 1; otherwise, the LengthPresent field value shall be set to 0.
The RangeStart field shall contain the 15 least significant bits of the starting unicast address of the range of unicast addresses. The RangeStart field value shall not be 0.
If present, the RangeLength field shall contain the number of addresses in the range of unicast addresses. The valid values for the RangeLength field are 0x02 to 0xFF. The values of 0x00 and 0x01 are prohibited.
The sum of the RangeStart field value and the RangeLength field value shall not exceed 0x8000.
3.4.2.2.2. Unicast address range list
A message may contain multiple unicast address range values. For example, a unicast address range list can be used to communicate all the element addresses of Low Power nodes of a Friend node.
The values shall be serialized as shown in Figure 3.6. The length of each unicast address range value is either 2 or 3 octets depending on the LengthPresent field value within each unicast address range value.
3.4.2.2.3. Matching an address to the unicast address range format
To check for the presence of a specific unicast address within the unicast address range format, the node shall convert the RangeStart field to the range start address by setting the 15 least significant bits of the range start address to the RangeStart field value and setting the most significant bit of the range start address to 0. If the LengthPresent field value is 1, the node shall compute the range end address by adding the RangeLength field value to the range start address; otherwise, the node shall increment the range start address by 1 to derive the range end address. A unicast address is matched to the unicast address range format if it is greater than or equal to the range start address and less than the range end address.
3.4.2.2.4. Converting to and from the unicast address range format
This section specifies the derivation of the primary element address and the number of secondary elements (i.e., the secondary elements count of a node) from the unicast address range format and, conversely, the derivation of the unicast address range format from the primary element address and secondary elements count.
Conversion to the unicast address range format
To derive the unicast address range format from the primary element address and the number of secondary elements, the node shall use the following procedure:
-
If the node has secondary elements, the LengthPresent field value shall be 1; otherwise, the LengthPresent field value shall be 0.
-
The RangeStart field shall be the 15 least significant bits of the primary element address of the node.
-
If the node has secondary elements, the RangeLength field value shall be the number of secondary elements plus 1; otherwise, the RangeLength field shall not be present.
For example, if a node has 5 secondary elements and the primary element address is 0x1234, then the value of the binary number of the unicast address range of the elements of the node and the sequence of octets for its transmission depend on the used endianness as follows:
-
If big-endian is used (e.g., when sending a Transport Control message), the value of the binary number is 0x923406 and is transmitted as 0x92, 0x34, 0x06.
-
If little-endian is used (e.g., when sending an Access message), the value of the binary number is 0x062469 and is transmitted as 0x69, 0x24, 0x06.
Conversion from the unicast address range format
To derive the primary element address and the number of secondary elements from the unicast address range format, the node shall use the following procedure:
-
If the LengthPresent field value is 0, the number of secondary elements is 0; otherwise, the number of secondary elements is equal to RangeLength – 1.
-
The 15 least significant bits of the primary element address of the node are equal to the RangeStart field. The most significant bit of the unicast address is always 0.
For example, if the unicast address range of a node is 0x1234, the node’s primary element address is 0x1234 and there are no secondary elements on the node.
3.4.2.3. Virtual address
A virtual address represents a set of destination addresses. Each virtual address logically represents a Label UUID, which is a 128-bit value that does not have to be managed centrally. One or more elements may be programmed to publish or subscribe to a Label UUID. The Label UUID is not transmitted and shall be used as the Additional Data field of the message integrity check value in the upper transport layer (see Section 3.9.7.1).
The virtual address is a 16-bit value that has bit 15 set to 1, bit 14 set to 0, and bits 13 to 0 set to the value of a hash. This hash is a derivation of the Label UUID such that each hash represents many Label UUIDs.
SALT=s1("vtad") |
hash=AES-CMACSALT (Label UUID) mod 214 |
When an Access message is received to a virtual address that has a matching hash, each corresponding Label UUID is used by the upper transport layer as additional data as part of the authentication of the message until a match is found.
Transport Control messages cannot use virtual addresses.
Label UUIDs may be generated randomly as defined in [6]. A Configuration Manager may assign and track virtual addresses; however, two devices can also create a virtual address using some out-of-band (OOB) mechanism. Unlike group addresses, these could be agreed upon by the devices involved and would not need to be registered in the centralized provisioning database, as they are unlikely to be duplicated.
A disadvantage of virtual addresses is that a multi-segment message is required to transfer a Label UUID to a publishing or subscribing node during configuration.
A virtual address can have any value from 0x8000 to 0xBFFF as shown in Figure 3.7 below.
Note
Note: When factoring in a 32-bit MIC and the size of the hash, there is only a 1/246=1.42×10-14 likelihood that two matching virtual addresses using the same application key but different Label UUIDs will collide.
3.4.2.4. Group address
A group address is an address that is programmed into zero or more elements. A group address has bit 15 set to 1 and bit 14 set to 1, as shown in Figure 3.8 below. Group addresses in the range 0xFF00 through 0xFFFF are reserved for Fixed Group addresses (see Table 3.7), and addresses in the range 0xC000 through 0xFEFF are generally available for other usage.
A group address shall only be used in the DST field of a Network PDU. A Network PDU sent to a group address shall be delivered to all the instances of models that subscribe to this group address.
There are two types of group addresses; those that can be assigned dynamically and those that are fixed. The fixed group addresses are defined in Table 3.7 below.
Values |
Fixed Group Address Name |
---|---|
0xFFF9 |
all-ipt-border-routers |
0xFFFA |
all-ipt-nodes |
0xFFFB |
all-directed-forwarding-nodes |
0xFFFC |
all-proxies |
0xFFFD |
all-friends |
0xFFFE |
all-relays |
0xFFFF |
all-nodes |
This specification does not define any special behaviors related to values from 0xFF00 to 0xFFF8, all-ipt-border-routers, and all-ipt-nodes fixed group addresses.
3.4.3. Address validity
Table 3.8 shows which address types are valid for use in the SRC field and the DST field.
Address Type |
Valid in SRC Field |
Valid in DST Field |
|
---|---|---|---|
Segmented and Unsegmented Control Messages (see Section 3.5.2) |
Segmented and Unsegmented Access Messages (see Section 3.5.2) |
||
Unassigned Address |
No |
No |
No |
Unicast Address |
Yes |
Yes |
Yes |
Virtual Address |
No |
No |
Yes |
Group Address |
No |
Yes |
Yes |
A fixed group address defined as Reserved for Future Use in Section 3.4.2.4 is a valid group address for the purposes of Table 3.8.
Table 3.9 shows which address types are valid for use with device keys and application keys.
Address Type |
Valid with Device Key |
Valid with Application Key |
---|---|---|
Unassigned Address |
No |
No |
Unicast Address |
Yes |
Yes |
Virtual Address |
No |
Yes |
Group Address |
No |
Yes |
3.4.4. Network PDU
The mesh Network PDU format is defined in Table 3.10 and illustrated in Figure 3.9 below:
Field Name |
Bits |
Description |
Req. |
---|---|---|---|
IVI |
1 |
Least significant bit of IV Index |
M |
NID |
7 |
Value derived from the NetKey used to identify the EncryptionKey and PrivacyKey used to secure this PDU |
M |
CTL |
1 |
Network Control |
M |
TTL |
7 |
Time To Live |
M |
SEQ |
24 |
Sequence number |
M |
SRC |
16 |
Source address |
M |
DST |
16 |
Destination address |
M |
TransportPDU |
8 to 128 |
Transport Protocol Data Unit |
M |
NetMIC |
32 or 64 |
Message Integrity Check for Network |
M |
Network PDUs are secured using keys derived from a single network key, as identified by the NID field.
Certain functionalities defined in this specification may require that a Network PDU be tagged with additional metadata. For example, tagging a Network PDU as relay is used to control the number of retransmissions of the Network PDU by the Advertising Bearer Network Interface (see Section 3.4.5.4).
3.4.4.1. IVI
The IVI field contains the least significant bit of the IV Index used in the nonce to authenticate and encrypt this Network PDU (see Section 3.9.2.11).
3.4.4.2. NID
The NID field contains a 7-bit network identifier that allows for an easier lookup of the EncryptionKey and PrivacyKey used to authenticate and encrypt this Network PDU (see Section 3.9.6.3.1).
The NID value is derived from the network key in conjunction with the EncryptionKey and PrivacyKey. It is derived differently for Network PDUs using managed flooding security material, Network PDUs using directed security material, and Network PDUs using friendship security material (see Section 3.9.6.3.1).
3.4.4.3. CTL
The CTL field is a 1-bit value that is used to determine if the Network PDU is part of a Transport Control message or an Access message, as illustrated in Table 3.11.
If the CTL field is set to 0, the NetMIC is a 32-bit field and the Lower Transport PDU contains an Access message.
If the CTL field is set to 1, the NetMIC is a 64-bit field and the Lower Transport PDU contains a Transport Control message.
CTL Field |
Message Type |
NetMIC Size (bits) |
---|---|---|
0 |
Access message |
32 |
1 |
Transport Control message |
64 |
3.4.4.4. TTL
The TTL field is a 7-bit field. The TTL field values are defined in Table 3.12.
Value |
Description |
---|---|
0 |
Network PDU has not been relayed and will not be relayed. |
1 |
Network PDU has been relayed and will not be relayed. |
2 - 126 |
Network PDU has been relayed or Network PDU has not been relayed. Network PDU can be relayed. |
127 |
Network PDU has not been relayed and can be relayed. |
The initial value of this field is set by the transmitting layer (lower transport layer, upper transport layer, access, foundation model, model) or an application and used by the network layer when operating as a Relay node or as a Directed Relay node.
The use of the TTL value of zero allows a node to transmit a Network PDU that it knows will not be relayed, and therefore the receiving node can determine that the sending node is a single radio link away. The use of a TTL value of one or larger cannot be used for such a determination.
3.4.4.5. SEQ
The SEQ field is a 24-bit integer. The combined SEQ field, IV Index field, and SRC field (see Section 3.4.4.6) shall be a unique value for each new Network PDU that this element originates.
3.4.4.6. SRC
The SRC field is a 16-bit value that identifies the element that originated this Network PDU. This address shall be a unicast address.
The SRC field is set by the originating element and untouched by nodes operating as a Relay node or as a Directed Relay node.
3.4.4.7. DST
The DST field is a 16-bit value that identifies the element or elements that this Network PDU is directed towards. This address shall be a unicast address, a group address, or a virtual address.
The DST field is set by the originating node and is untouched by the network layer in nodes operating as a Relay node or as a Directed Relay node.
3.4.4.8. TransportPDU
The TransportPDU field, from a network layer point of view, is a sequence of octets of data. When the CTL field value is 0, the TransportPDU field shall be a maximum of 128 bits. When the CTL field value is 1, the TransportPDU field shall be a maximum of 96 bits.
The TransportPDU field is set by the originating lower transport layer and shall not be changed by the network layer.
3.4.4.9. NetMIC
The NetMIC field is a 32-bit or 64-bit field (depending on the value of the CTL field) that authenticates that the DST and TransportPDU fields have not been changed.
When the CTL field value is 0, the size of the NetMIC field shall be 32 bits. When the CTL field value is 1, the size of the NetMIC field shall be 64 bits.
The NetMIC field value is set by the network layer at each node that transmits or relays this Network PDU.
3.4.5. Network interfaces
The network layer supports sending and receiving Network PDUs via multiple bearers. Multiple instances of a bearer may be present. Each instance of a bearer is connected to the network layer via a network interface. To allow sending Network PDUs between elements within the same node the local interface is used.
For example, a node may have three interfaces: one used to send and receive Network PDUs via an advertising bearer and two interfaces to a GATT bearer, one for each client connected via a GATT connection.
Interfaces provide input and output filters. Filters may be configured using bearer-specific PDUs or internally by services exposed on a node, such as the Mesh Proxy Service (see Section 7.2).
3.4.5.1. Interface input filter
The interface input filter determines whether an incoming Network PDU is delivered to the network layer for further processing or it is dropped.
A feature or a protocol in this specification may define an input filter. For example, the Proxy Protocol defines filters (see Section 6.4).
The input filter of the interface connected to the GATT bearer shall drop all Network PDUs that have been secured using the friendship security credentials.
3.4.5.2. Interface output filter
The interface output filter determines whether an outgoing Network PDU is delivered to a bearer or it is dropped.
A feature or a protocol in this specification may define an output filter. For example, the Proxy Protocol defines filters (see Section 6.4).
The output filter of the interface connected to advertising or GATT bearers shall drop all Network PDUs with the TTL field value set to 1 unless they contain a Network PDU that is tagged as relay.
The output filter of the interface connected to the GATT bearer shall drop all Network PDUs secured using the friendship security credentials.
3.4.5.3. Local Network Interface
A Local Network Interface allows sending Network PDUs between elements within the same node.
A node shall implement a Local Network Interface.
Upon receiving a Network PDU by a Local Network Interface, the Network PDU shall be delivered to all elements of the node.
3.4.5.4. Advertising Bearer Network Interface
When transmitting a Network PDU that is tagged as friendship, the Advertising Bearer Network Interface shall transmit the Network PDU over the advertising bearer only once.
When transmitting a Network PDU that is not tagged as friendship, the Advertising Bearer Network Interface shall transmit the Network PDU over the advertising bearer using the following configuration:
-
If the Network PDU is not using directed security material, then the relay tag is checked:
-
If the Network PDU is not tagged as relay, the number and timing of the transmissions shall be as indicated by the Network Transmit state (see Section 4.2.20).
-
If the Network PDU is tagged as relay, the number and timing of the transmissions shall be as indicated by the Relay Retransmit state (see Section 4.2.21).
-
-
If the Network PDU is using the directed security material, then the combination of relay tag and CTL field is checked:
-
If the Network PDU is not tagged as relay, and the CTL field value is equal to 0, then the number and timing of the transmissions shall be as indicated by the Directed Network Transmit state (see Section 4.2.32.2).
-
If the Network PDU is not tagged as relay, and the CTL field value is equal to 1, then the number and timing of the transmissions shall be as indicated by the Directed Control Network Transmit state (see Section 4.2.39).
-
If the Network PDU is tagged as relay, and the CTL field value is equal to 0, then the number and timing of the transmissions shall be as indicated by the Directed Relay Retransmit state (see Section 4.2.34).
-
If the Network PDU is tagged as relay, and the CTL field value is equal to 1, then the number and timing of the transmissions shall be as indicated by the Directed Control Relay Retransmit state (see Section 4.2.40).
-
When transmitting a Network PDU that is tagged as relay, the start time of the transmission should be randomized by a small interval to avoid collisions between multiple relays that have received the Network PDU at the same time. If the DST field value of the Network PDU is the all-directed-forwarding-nodes fixed group address (see Section 3.4.2.4), the start time of the transmission should be additionally randomized by an interval from 0 to 100 milliseconds.
3.4.6. Network layer behavior
3.4.6.1. Relay feature
The Relay feature is used to relay/forward Network PDUs received by a node over the advertising bearer. This feature is optional and if supported can be enabled and disabled. If the Proxy feature is supported, then both GATT and advertising bearers shall be supported.
3.4.6.2. Proxy feature
The Proxy feature is used to relay/forward Network PDUs received by a node between GATT and advertising bearers. This feature is optional and if supported can be enabled and disabled. When this feature is supported, the Advertising with Network ID (see Section 7.2.2.2.2) shall be supported and the Mesh Proxy Service (see Section 7.2) shall be contained in the GATT Server on a node; otherwise, the Mesh Proxy service may be contained in the GATT Server.
3.4.6.3. Receiving a Network PDU
A Network PDU is delivered from a bearer to the network layer via a network interface. The interface shall apply filtering rules defined by its input filter (see Section 3.4.5.1). If the Network PDU passes through the input filter, it is delivered to the network layer for further processing.
Upon receiving a Network PDU, the node shall check whether the NID field value matches one or more known NIDs. If the NID field value does not match a known NID, then the Network PDU shall be ignored. If the NID field value matches a known NID, the node shall attempt to authenticate the Network PDU using the security credentials derived from each known network key that matched. If the Network PDU does not authenticate against any known network key, then the Network PDU shall be ignored. If the Network PDU does authenticate against a network key, and the SRC and DST fields are considered valid (see Section 3.4.3), and an entry corresponding to the Network PDU is not in the Network Message Cache (see Section 3.4.6.5), then the Network PDU shall be processed by the lower transport layer.
When the Network PDU is processed by the lower transport layer, and the TTL field has a value of 2 or greater, and the destination is not a unicast address of an element on this node, then the Network PDU shall be evaluated against retransmission conditions for incoming Network PDUs as defined in Table 3.13. For a Network PDU, there may be more than one matching row in Table 3.13. If there is no row that matches the retransmission conditions, then the Network PDU shall not be retransmitted.
For each row in Table 3.13, if the Network PDU is delivered from the bearer identified in the Inbound Bearer column, and is secured using the security material identified in the Inbound Security Material column, and all conditions in the Conditions column are met, then the actions in the Additional Actions column, if present, shall be executed, and the Network PDU shall be retransmitted to network interface(s) identified by the Outbound Bearers column using the security material identified in the Outbound Security Material column. The IV Index used when retransmitting the Network PDU shall be the same IV Index as in the received Network PDU. The TTL field value of the retransmitted Network PDU shall be equal to the TTL field value of the received Network PDU decremented by 1. The network key used when retransmitting the Network PDU depends on whether the node is a Subnet Bridge node.
If the node is not a Subnet Bridge node, the network key used when retransmitting the Network PDU shall be the same network key used to secure the received Network PDU.
If the node is a Subnet Bridge node, the node shall check all the Bridging Table state entries to determine whether the Network PDU is to be bridged to different subnets.
For a given Bridging Table state entry (see Section 4.2.42), the Network PDU shall be retransmitted using the NetKey identified by NetKeyIndex2 of the entry if all the following conditions are met:
-
The SRC field value in the Network PDU matches the address of the node in the first subnet that is indicated in the Address1 field.
-
The DST field value in the Network PDU matches the address of the node in the second subnet that is indicated in the Address2 field.
-
The received Network PDU was encrypted using the NetKey identified by NetKeyIndex1 of the entry.
The Network PDU shall be retransmitted using the NetKey identified by NetKeyIndex1 of the Bridging Table state entry if all the following conditions are met:
-
The SRC field value in the Network PDU matches the address of the node in the second subnet that is indicated in the Address2 field.
-
The DST field value in the Network PDU matches the address of the node in the first subnet that is indicated in the Address1 field.
-
The received Network PDU was encrypted using the NetKey identified by NetKeyIndex2 of the entry.
-
The Directions value of the entry is 0x02.
Inbound Bearer |
Inbound Security Material |
Conditions |
Additional Actions |
Outbound Bearers |
Outbound Security Material |
---|---|---|---|---|---|
ADV |
flooding |
Relay is enabled. |
Tag as relay |
ADV |
flooding |
ADV |
flooding |
Proxy is enabled. |
– |
GATT |
flooding |
ADV |
flooding |
Traffic is to be bridged. AND Directed forwarding is enabled. AND DST is a valid path destination. AND Path from supporting node does not exist. |
Create Path Origin State Machine AND Update replay protection list |
all bearers |
flooding |
ADV |
flooding |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path from supporting node exists. AND Dependent node is not listed. |
Start Directed Forwarding Dependents Update AND Update replay protection list |
all bearers |
flooding |
ADV |
flooding |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path from supporting node exists. AND Dependent node is listed. |
Update replay protection list |
path bearers |
directed |
ADV |
friendship |
Friend is enabled. AND Directed friend is disabled. |
– |
all bearers |
flooding |
ADV |
friendship |
Directed friend is enabled. AND DST is a valid path destination. AND Path from supporting node does not exist. |
Create Path Origin State Machine |
all bearers |
flooding |
ADV |
friendship |
Directed friend is enabled. AND Path from supporting node exists. AND Dependent node is not listed. |
Start Directed Forwarding Dependents Update |
all bearers |
flooding |
ADV |
friendship |
Directed friend is enabled. AND Path from supporting node exists. AND Dependent node is listed. |
– |
path bearers |
directed |
ADV |
directed |
Directed relay is enabled. AND Path exists. |
Tag as relay |
path bearers |
directed |
ADV |
directed |
Directed proxy is enabled. AND Path to supporting node exists. AND Dependent node is listed. |
– |
GATT |
flooding |
ADV |
directed |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path from supporting node does not exist. |
Create Path Origin State Machine AND Update replay protection list |
all bearers |
flooding |
ADV |
directed |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path from supporting node exists. AND Dependent node is not listed. |
Start Directed Forwarding Dependents Update AND Update replay protection list |
all bearers |
flooding |
ADV |
directed |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path exists. |
Update replay protection list |
path bearers |
directed |
GATT |
flooding |
Proxy is enabled. AND Directed proxy is disabled. |
– |
all bearers |
flooding |
GATT |
flooding |
Directed proxy is enabled. AND Directed forwarding is not selected. |
– |
all bearers |
flooding |
GATT |
flooding |
Directed forwarding is selected. AND DST is a valid path destination. AND Path from supporting node does not exist. |
Create Path Origin State Machine |
all bearers |
flooding |
GATT |
flooding |
Directed forwarding is selected. AND Path from supporting node exists. AND Dependent node is not listed. |
Start Directed Forwarding Dependents Update |
all bearers |
flooding |
GATT |
flooding |
Directed forwarding is selected. AND Path from supporting node exists. AND Dependent node is listed. |
– |
path bearers |
directed |
GATT |
directed |
Directed relay is enabled. AND Path exists. |
– |
path bearers |
directed |
GATT |
directed |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path from supporting node does not exist. |
Create Path Origin State Machine AND Update replay protection list |
all bearers |
flooding |
GATT |
directed |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path from supporting node exists. AND Dependent node is not listed. |
Start Directed Forwarding Dependents Update AND Update replay protection list |
all bearers |
flooding |
GATT |
directed |
Traffic is to be bridged. AND Directed forwarding is enabled. AND Path exists. |
Update replay protection list |
path bearers |
directed |
The following paragraphs define the requirements associated with each column of Table 3.13.
Inbound Bearer. The entries in the Inbound Bearer column of Table 3.13 identify the type of bearer from which the Network PDU was delivered:
-
ADV: The inbound Network PDU is delivered from the advertising bearer.
-
GATT: The inbound Network PDU is delivered from the GATT bearer.
Inbound Security Material. The entries in the Inbound Security Material column of Table 3.13 identify the type of security material used to secure the incoming Network PDU (see Section 3.9.6.3.1):
-
flooding: The inbound Network PDU is secured using managed flooding security material.
-
friendship: The inbound Network PDU is secured using friendship security material.
-
directed: The inbound Network PDU is secured using directed security material.
Conditions.Table 3.14 defines the requirements for the conditions in the Conditions column of Table 3.13.
Condition |
Requirements |
---|---|
Proxy is enabled |
The Proxy feature is supported and enabled, or the Private Proxy functionality is supported and enabled or the On-Demand Private GATT Proxy state has a value in the range 0x01 to 0xFF (see Section 4.2.47). |
Relay is enabled |
The Relay feature is supported and enabled. |
Directed proxy is enabled |
Directed proxy functionality is enabled in the subnet from which the Network PDU is received. |
Directed proxy is disabled |
Directed proxy functionality is not supported or is disabled for the subnet from which the Network PDU is received. |
Directed forwarding is selected |
The Use_Directed connection parameter is Enabled in the subnet from which the Network PDU is received and the received Network PDU is not tagged with immutable-credentials tag. |
Directed forwarding is not selected |
The Use_Directed connection parameter is Disabled in the subnet from which the Network PDU is received; or the Use_Directed connection parameter is Enabled in the subnet from which the Network PDU is received and the received Network PDU is tagged with immutable-credentials tag. |
Traffic is to be bridged |
Subnet bridge functionality is enabled, and the Network PDU is checked for replay protection (see Section 3.9.8), and the conditions for retransmitting the Network PDU in bridged subnets are met. |
Path from supporting node does not exist |
The path for the Network PDU does not exist in the subnet where the Network PDU is to be retransmitted as defined in Section 3.6.8.5.1, using the primary element address of the node processing the Network PDU as the source address, and using the DST field value of the Network PDU as the destination address. |
Path from supporting node exists |
The path for the Network PDU exists in the subnet where the Network PDU is to be retransmitted, as defined in Section 3.6.8.5.1, by using the primary element address of the node processing the Network PDU as the source address and by using the DST field value of the Network PDU as the destination address. |
Path to supporting node exists |
The path for the Network PDU exists in the subnet where the Network PDU is to be retransmitted, as defined in Section 3.6.8.5.1, by using the primary element address of the node processing the Network PDU as the destination address and by using the SRC field value of the Network PDU as the source address. |
Path exists |
The path for the Network PDU exists in the subnet where the Network PDU is to be retransmitted as defined in Section 3.6.8.5.1, using the SRC field value of the Network PDU as the source address and the DST field value of the Network PDU as the destination address. |
Directed forwarding is enabled |
Directed forwarding functionality is enabled in the subnet where the Network PDU is to be retransmitted. |
Directed friend is enabled |
Directed friend functionality is enabled in the subnet from which the Network PDU is received. |
Directed friend is disabled |
Directed friend functionality is not supported or is disabled in the subnet from which the Network PDU is received. |
Directed relay is enabled |
Directed relay functionality is enabled in the subnet from which the Network PDU is received. |
Dependent node is listed |
The node is the Path Origin of the path for the Network PDU, and the SRC field value of the Network PDU is present in the Dependent_Origin_List field of the Forwarding Table entry that corresponds to the path; or the node is the Path Target of the path for the Network PDU, and the path is a two-way path, and the SRC field value of the Network PDU is present in the Dependent_Target_List field of the Forwarding Table entry that corresponds to the path; or the DST field value of the Network PDU is the all-directed-forwarding-nodes fixed group address. |
Dependent node is not listed |
The SRC field value of the Network PDU is absent from the Dependent_Origin_List of the Forwarding Table entry that corresponds to the path for the Network PDU. |
DST is a valid path destination |
The DST field value of the Network PDU is different from the all-nodes and all-relays fixed group addresses. |
Additional Actions. The entries in the Additional Actions column of Table 3.13 define actions, if any, to be taken in addition to retransmitting the inbound Network PDU:
-
Create Path Origin State Machine: If a Path Origin State Machine for the DST field value of the Network PDU does not exist, and the DST field value of the Network PDU is not the all-directed-forwarding-nodes fixed group address, the node shall instantiate a Path Origin State Machine in the Initial state for that destination (see Section 4.4.7.2).
-
Start Directed Forwarding Dependents Update: The node shall start a Directed Forwarding Dependents Update (see Section 3.6.8.2.5).
-
Tag as Relay: The retransmitted Network PDU shall be tagged as relay.
-
Update replay protection list: The node shall update the replay protection list for the subnet where the Network PDU is to be retransmitted as defined in Section 3.9.8.
Outbound Bearers. The entries in the Outbound Bearers column of Table 3.13 define the network interfaces to which the Network PDU will be retransmitted:
-
GATT: The Network PDU shall be retransmitted to all network interfaces connected to the GATT bearer.
-
ADV: The Network PDU shall be retransmitted to all network interfaces connected to the advertising bearer.
-
all bearers: The Network PDU shall be retransmitted to all network interfaces.
-
path bearers: The Network PDU shall be retransmitted to all network interfaces connected to the bearers indicated in all the Forwarding Table entries corresponding to the path (see Section 3.6.8.5.1).
Outbound Security Material. The entries in the Outbound Security Material column of Table 3.13 identify the type of security material used to secure the retransmitted Network PDU:
-
flooding: The retransmitted Network PDU shall be secured using managed flooding security material.
-
directed: The retransmitted Network PDU shall be secured using directed security material.
Figure 3.10 illustrates an example of processing steps for an incoming Network PDU.
3.4.6.4. Transmitting a Network PDU
Network PDUs are transmitted by an element in the context of a mesh subnet, which is identified by a unique network key.
The IVI field shall be set to the least significant bit of the IV Index value being used to transmit for the mesh subnet.
The NID field shall be set to the NID value associated with the EncryptionKey and PrivacyKey used for encryption and obfuscation.
The CTL field shall be set by a higher layer.
The TTL field shall be set by a higher layer.
The SEQ field shall be set by the network layer to the sequence number of the element. The sequence number shall then be incremented by one for every new Network PDU.
The SRC field shall be set by the network layer to the unicast address of the element that is sending this Network PDU.
The DST field shall be set to a unicast address, a group address, or a virtual address to identify the destination element or elements and shall be set by the lower transport, upper transport, or access layer.
The TransportPDU field shall be set by a higher layer.
The NetMIC field shall be set as defined in Section 3.9.7.2.
If the Network PDU security material is not set by the network layer or any higher layer, the Network PDU shall be secured using the managed flooding security credentials.
If the Network PDU is tagged with the immutable-credentials tag (see Section 3.7.3.1), and the Network PDU is secured using the friendship security credentials, the Network PDU shall be delivered to the advertising bearer network interface.
If the Network PDU is tagged with the immutable-credentials tag (see Section 3.7.3.1), and the Network PDU is not secured using the friendship security credentials, the Network PDU shall be delivered to all network interfaces.
If the Network PDU is not tagged with the immutable-credentials tag, and directed forwarding functionality is supported and enabled in the subnet over which the Network PDU is transmitted, and the DST field is set to a unicast address, and a path from the SRC field value to the DST field value exists (see Section 3.6.8.5.1), then the Network PDU shall use the directed security credentials (see Section 3.9.6.3.1) and shall be delivered to all network interfaces connected to the bearers indicated in all the Forwarding Table entries corresponding to the path (see Section 3.6.8.5.1).
If the Network PDU is not tagged with the immutable-credentials tag, and directed forwarding functionality is supported and enabled in the subnet over which the Network PDU is transmitted, and the DST field is set to a group address or a virtual address, and a path from the SRC field value to the DST field value exists (see Section 3.6.8.5.1), and the Path_Not_Ready field (see Section 4.2.29.2) in the Forwarding Table entry for the path is set to 0, then the Network PDU shall use the directed security credentials (see Section 3.9.6.3.1) and shall be delivered to all network interfaces connected to the bearers indicated in all the Forwarding Table entries corresponding to the path (see Section 3.6.8.5.1).
Each network interface shall apply filtering rules defined by its output filter (see Section 3.4.5.2). If the Network PDU passes through the output filter, it shall be transmitted on a bearer.
3.4.6.5. Network Message Cache
In order to reduce unnecessary security checks and excessive relaying, a node shall include a Network Message Cache that stores details of all recently seen Network PDUs. If a Network PDU is received that corresponds to an entry already in the Network Message Cache, then the Network PDU shall not be processed (i.e., it shall be immediately discarded). If a Network PDU is received and that Network PDU has no corresponding entry in the Network Message Cache, then the Network PDU can be processed (e.g., checked against network security), and if it is a valid Network PDU, a corresponding entry for it shall be added in the Network Message Cache.
The node is not required to store the entire Network PDU contents in a cache entry and may store only a part of it for tracking, such as values for the SRC and SEQ fields, or others. However, this is left to the implementation as long as the condition of not processing the same Network PDU more than once is achieved within the limits of the device capabilities.
Because the TTL field value is decremented when a Network PDU is relayed, a node shall not consider the TTL field value when determining whether the Network PDU already has a corresponding cache entry. Also, because the NetMIC field value is derived using the TTL field value, a node shall not consider the NetMIC field value when determining whether the Network PDU already has a corresponding cache entry.
When the Network Message Cache is full and an entry for an incoming new Network PDU needs to be cached, an entry for the incoming new Network PDU shall replace the entry for the oldest Network PDU that is already in the Network Message Cache.
The Network Message Cache shall be able to store entries for at least two Network PDUs, although it is highly recommended to have a Network Message Cache size appropriate to the anticipated network density. The details of the incoming Network PDU processing procedure are left to the implementation.
3.4.6.6. Private Proxy functionality
The Private Proxy functionality is used to relay/forward Network PDUs received by a node between GATT and advertising bearers. This functionality is optional and if supported can be enabled and disabled. When this functionality is supported, the Proxy feature (see Section 3.4.6.2), the Private Network Identity advertising (see Section 7.2.2.2.4), the Mesh Private Beacon Server model (see Section 4.4.11), and Mesh Private beacons (see Section 3.10.4) shall be supported.
3.4.6.7. Node Identity functionality
The Node Identity functionality is used to exchange Network PDUs between two nodes connected via GATT. This functionality is optional. When this functionality is supported, the Mesh Proxy Service (see Section 7.2) shall be exposed and the Advertising with Node Identity (see Section 7.2.2.2.3) shall be supported.
3.4.6.8. Private Node Identity functionality
The Private Node Identity functionality is used to exchange Network PDUs between two nodes connected via GATT. This functionality is optional. When this functionality is supported, the Node Identity functionality (see Section 3.4.6.7), the Mesh Private Beacon Server model (see Section 4.4.11), and the Advertising with Private Node Identity (see Section 7.2.2.2.5) shall be supported.
3.4.6.9. On-Demand Private Proxy functionality
The On-Demand Private Proxy functionality is used to start Advertising with Private Network Identity (see Section 7.2.2.2.4) using the Solicitation PDU (see Section 6.9.1). This functionality is optional. When this functionality is supported, the Private Proxy functionality (see Section 3.4.6.6), On-Demand Private Proxy Server model (see Section 4.4.13), Solicitation PDU RPL Configuration Server model (see Section 4.4.17), and Solicitation PDU with Identification Type set to Proxy Solicitation with Replay Protection (see Section 6.9.1) shall be supported.
3.5. Lower transport layer
The lower transport layer takes an Upper Transport PDU from the upper transport layer and transmits those messages to a peer lower transport layer. These Upper Transport PDUs may fit into a single Lower Transport PDU or they may be segmented into multiple Lower Transport PDUs. Upon receiving messages, the lower transport layer processes Lower Transport PDUs, reassembling Upper Transport PDUs from possibly multiple PDUs and sending these up to the upper transport layer once reassembly is complete.
3.5.1. Endianness
All multiple-octet numeric values in this layer shall be sent in big-endian, as described in Section 3.1.1.1.
3.5.2. Lower Transport PDU
The Lower Transport PDU is used to transmit Upper Transport PDUs to another node.
The most significant bit of the first octet of the Lower Transport PDU is the SEG field, which is used to determine if the Lower Transport PDU is formatted as a segmented or unsegmented message.
There are four formats used, depending on the value of the CTL field in the Network PDU and the SEG field in the Lower Transport PDU as defined in Table 3.15 below.
CTL Field |
SEG Field |
Lower Transport PDU Format |
---|---|---|
0 |
0 |
Unsegmented Access message |
0 |
1 |
Segmented Access message |
1 |
0 |
Unsegmented Control message |
1 |
1 |
Segmented Control message |
The SEG field values are defined in the Table 3.16.
Value |
Description |
---|---|
0 |
Unsegmented Message |
1 |
Segmented Message |
3.5.2.1. Unsegmented Access message
The Unsegmented Access message is used to transport an Upper Transport Access PDU that fits into a single Network PDU. Figure 3.11 shows an illustration of an Unsegmented Access message, and Table 3.17 shows the fields for this message.
Field |
Size |
Description |
Req. |
---|---|---|---|
SEG |
1 |
Set to Unsegmented Message |
M |
AKF |
1 |
Application Key Flag |
M |
AID |
6 |
Application key identifier |
M |
Upper Transport Access PDU |
40 to 120 |
The Upper Transport Access PDU |
M |
The SEG field shall be set to Unsegmented Message.
The AKF and AID fields shall be set by the upper transport layer according to the application key or device key used to encrypt the Access message (see Section 3.6.4.1).
The Upper Transport Access PDU is supplied by the upper transport layer.
This message does not have a SZMIC field. The TransMIC field in the upper transport layer shall be a 32-bit field, as if the SZMIC field has the value 0.
3.5.2.2. Segmented Access message
The Segmented Access message is used to transport a complete Upper Transport Access PDU or a segment of an Upper Transport Access PDU. Figure 3.12 shows an illustration of a Segmented Access message, and Table 3.18 shows the fields for this message.
Field |
Size |
Description |
Req. |
---|---|---|---|
SEG |
1 |
Set to Segmented Message |
M |
AKF |
1 |
Application Key Flag |
M |
AID |
6 |
Application key identifier |
M |
SZMIC |
1 |
Size of the TransMIC field |
M |
SeqZero |
13 |
Least significant bits of SeqAuth |
M |
SegO |
5 |
Segment Offset number |
M |
SegN |
5 |
Last Segment number |
M |
Segment m |
8 to 96 |
Segment m of the Upper Transport Access PDU |
M |
The SEG field shall be set to Segmented Message.
The SZMIC field indicates the size of the TransMIC field in the Upper Transport Access PDU. If the SZMIC field is set to 0, the TransMIC is a 32-bit field. If the SZMIC field is set to 1, the TransMIC is a 64-bit field.
The AKF and AID fields shall be set by the upper transport layer according to the application key or device key used to encrypt the Access message (see Section 3.6.4.1).
The SeqZero field shall be set by the upper transport layer.
The SegO field shall be set to the segment number (zero-based) of the segment m of this Upper Transport PDU.
The SegN field shall be set to the last segment number (zero-based) of this Upper Transport PDU.
The Segment m field, with the segment number m, shall be set to the subset of octets from the Upper Transport Access PDU. For all segments except the last segment, Segment m is octet 12*m to 12*m+11. In the last segment, Segment m is octet 12*m through the end of the message.
Every Segmented Access message for the same Upper Transport Access PDU shall have the same values for AKF, AID, SZMIC, SeqZero, and SegN fields.
3.5.2.3. Unsegmented Control message
The Unsegmented Control message is used to transport either a Segment Acknowledgment message or an Upper Transport Control PDU. Figure 3.13 shows an illustration of an Unsegmented Control message, and Table 3.19 shows the fields for this message.
Field |
Size |
Description |
Req. |
---|---|---|---|
SEG |
1 |
Set to Unsegmented Message |
M |
Opcode |
7 |
Set to Opcode of the Upper Transport Control PDU |
M |
Parameters |
0 to 88 |
Parameters for the Upper Transport Control PDU |
M |
The SEG field shall be set to Unsegmented Message.
The Opcode field values are defined in Table 3.20 and shall be set to the appropriate opcode defined in the Assigned Numbers document [4].
Values |
Description |
---|---|
0x00 |
Reserved |
0x01 - 0x7F |
Opcode of the Upper Transport Control PDU |
The Parameters field is set according to the requirements of the opcode.
3.5.2.3.1. Segment Acknowledgment message
The Segment Acknowledgment message is used by the lower transport layer to acknowledge segments received by a peer lower transport layer. The Segment Acknowledgment message is illustrated in Figure 3.14 and defined in Table 3.21.
Field |
Size |
Description |
Req. |
---|---|---|---|
SEG |
1 |
Set to Unsegmented Message |
M |
Opcode |
7 |
Set to 0x00 |
M |
OBO |
1 |
Friend on behalf of a Low Power node |
M |
SeqZero |
13 |
SeqZero of the Upper Transport PDU |
M |
RFU |
2 |
Reserved for Future Use |
M |
AckedSegments |
32 |
Acknowledgment for segments |
M |
The SEG field shall be set to Unsegmented Message.
The Opcode field shall be set to 0x00.
The OBO field shall be set to 0 by a node that is directly addressed by the received message and shall be set to 1 by a Friend node that is acknowledging this message on behalf of a Low Power node.
The SeqZero field shall be set to the value of the SeqZero field of the upper transport layer message being acknowledged.
The AckedSegments field shall be set to indicate the segments received. The least significant bit, bit 0, shall represent segment 0; and the most significant bit, bit 31, shall represent segment 31. If bit n is set to 1, then segment n is being acknowledged. If bit n is set to 0, then segment n is not being acknowledged. Any bits for segments larger than the SegN field value of the upper transport layer message being acknowledged shall be set to 0 and ignored upon receipt.
If the received segments were sent with the TTL field set to 0, it is recommended that the corresponding Segment Acknowledgment message is sent with the TTL field set to 0.
3.5.2.4. Segmented Control message
The Segmented Control message is used to transport a complete Upper Transport Control PDU or a segment of an Upper Transport Control PDU when the Upper Transport Control PDU will not fit into a single Network PDU. Figure 3.15 shows an illustration of a Segmented Control message, and Table 3.22 shows the fields for this message.
Field |
Size |
Description |
Req. |
---|---|---|---|
SEG |
1 |
Set to Segmented Message |
M |
Opcode |
7 |
Opcode of the Upper Transport Control PDU |
M |
RFU |
1 |
Reserved for Future Use |
M |
SeqZero |
13 |
Least significant bits of SeqAuth |
M |
SegO |
5 |
Segment Offset number |
M |
SegN |
5 |
Last Segment number |
M |
Segment m |
8 to 64 |
Segment m of the Upper Transport Control PDU |
M |
The SEG field shall be set to Segmented Message.
The Opcode field shall be set by the upper transport layer as defined in Table 3.20 to indicate the format of the Parameters field. The value 0x00 is Reserved and shall not be transmitted and ignored upon receipt.
The SeqZero field shall be set by the upper transport layer.
The SegO field shall be set to the segment number (zero-based) of the Upper Transport PDU contained within this message.
The SegN field shall be set to the last segment number (zero-based) of this Upper Transport PDU.
The Segment m field shall be set to the subset of octets from the Upper Transport Control PDU. Segment m is octet 8*m to 8*m+7, except for the last segment where it is octet 8*m to the end of the message.
Every Segmented Control message for the same Upper Transport Control PDU shall have the same values for the Opcode, SeqZero, and SegN fields.
3.5.3. Segmentation and reassembly
To transmit Upper Transport Access PDUs larger than 15 octets, or shorter Upper Transport Access PDUs to be sent as single segment, or Upper Transport Control PDUs larger than 11 octets, or shorter Upper Transport Control PDUs to be sent as single segment, the lower transport layer segments and reassembles Upper Transport PDUs. These segments are delivered to the peer lower transport layer using a block acknowledgment scheme to minimize the number of messages that need to be transmitted by the lower transport layer.
Figure 3.16 illustrates an Access message being sent that has a single-octet opcode, 3 octets for the NetKeyIndexAndAppKeyIndex field, and 16 octets for the AppKey. This means that when encrypted and authenticated with an application key, the Upper Transport Access PDU is 24 octets. This is segmented by the lower transport layer into two segments, Segment 0 and Segment 1. Each segment has a header that identifies the segment number and is then passed to the network layer, where the complete Network PDU is computed. The network layer then encrypts the Network PDU using the sequence number for that Network PDU and then obfuscates those messages so that only the NID and IVI fields are visible in clear text. Therefore, the single Access message can be delivered securely using two Network PDUs.
The process of segmentation for Upper Transport Access PDUs and Upper Transport Control PDUs is identical, and the description below considers these two PDU types to be identical except where explicitly stated.
Note
Note: The segment sizes are different for Upper Transport Access PDUs and Upper Transport Control PDUs.
3.5.3.1. Segmentation
Segmentation is performed by the lower transport layer of the transmitting node. The lower transport layer checks if an Upper Transport PDU fits into a single Lower Transport PDU. If the Upper Transport PDU fits, it is sent in a single Lower Transport PDU. If the Upper Transport PDU doesn’t fit, the lower transport layer divides the Upper Transport PDU into two or more Lower Transport PDUs.
Delivery of a segmented message is acknowledged by the lower transport layer of the receiving node. Delivery of an unsegmented message is not acknowledged. An Upper Transport PDU that fits into one Lower Transport PDU can be sent as a single-segment segmented message when acknowledgment by the lower transport layer is required.
Example: Using a single-segment segmented message can decrease the air traffic, for example, in a situation when a long multi-segment message (e.g., an Upper Transport PDU which was divided into many Lower Transport PDUs) has been transmitted, but the application acknowledgment message sent as a response to this multi-segment message was lost. Sending the application acknowledged message as a single segmented message can improve the reliability of delivery and can remove the risk associated with retransmitting the whole, long multi-segment message.
Each segment of an Upper Transport Access PDU shall be 12 octets long with the exception of the last segment, which may be shorter.
Each segment of an Upper Transport Control PDU shall be 8 octets long with the exception of the last segment, which may be shorter.
Example: When using a 32-bit TransMIC field, if an Upper Transport Access PDU is 42 octets long, then the first 12 octets, octets 0 to 11, are in segment 0; the second set of 12 octets, octets 12 to 23, are in segment 1; the third set of 12 octets, octets 24 to 35, are in segment 2; and the remaining 6 octets, octets 36 to 41, are in segment 3.
Example: If an Upper Transport Control PDU is 42 octets long, then the first 8 octets, octets 0 to 7, are in segment 0; the second set of 8 octets, octets 8 to 15, are in segment 1; the third set of 8 octets, octets 16 to 23, are in segment 2; the fourth set of 8 octets, octets 24 to 31, are in segment 3; the fifth set of 8 octets, octets 32 to 39, are in segment 4; and the remaining 2 octets, octets 40 to 41, are in segment 5.
Each segment of an Upper Transport PDU is identified by the SegO field value. The total number of segments is identified by the SegN field value. The SegO field value of the first segment equals 0. The SegO field value of the last segment equals the SegN field value.
Lower Transport PDUs derived from the same Upper Transport PDU are linked together by the common SeqAuth value. The SeqAuth value is composed of the IV Index and the sequence number of the first segment. The size of the SeqAuth value is 7 octets, where the IV Index is the four most significant octets and the sequence number is the three least significant octets. All Lower Transport PDUs from the same Upper Transport PDU shall be sent using the same IV Index from the common SeqAuth.
The least significant 13 bits of the SeqAuth value constitute the SeqZero field value. The SeqZero field is included in the segmented message and Segment Acknowledgment message to identify the Upper Transport PDU. Upon reassembling a complete Upper Transport PDU from the segments, the SeqAuth value can be retrieved from the IV Index, SeqZero, and SEQ fields included in any of the segments. The common SeqAuth value is the largest SeqAuth value for which the SeqZero field value is between SEQ – 8191 and SEQ inclusive, and the IV Index is the same.
Example: If the SEQ field value of a received message was 0x647262, the IV Index was 0x58437AF2, and the received SeqZero field value was 0x1849, then the SeqAuth value is 0x58437AF2645849.
Example: If the SEQ field value of a received message was 0x647262 and the received SeqZero field value was 0x1263, then the SeqAuth value is 0x58437AF2645263. For an Upper Transport PDU, the SeqAuth value is used to identify it.
Because of the limited size of the SeqZero field, it is not possible to send a segmented message when the SEQ field value is 8192 greater than the SeqAuth value. If a segmented message has not been acknowledged by the time that the SEQ field value is 8192 greater than the SeqAuth value, then the transmission of the Upper Transport PDU shall be canceled. Lower Transport PDUs are delivered to the network layer.
3.5.3.2. Reassembly
Reassembly is performed by the lower layer of the receiving node. When the Low Power node feature is in use, reassembly is performed by a Friend node and the Low Power node does not send any Segment Acknowledgment messages.
Upon receiving a segment from a Segmented message, the lower transport layer retrieves the SeqAuth value from the IV Index, SeqZero, and SEQ fields of this segment to check if the Upper Transport PDU has already been received.
The lower transport layer stores upcoming segments to complete the whole Upper Transport PDU. The value of the SegO field is used to determine the offset of the Lower Transport PDU within the Upper Transport PDU. The maximum size of the complete Upper Transport PDU is determined by the value of the SegN field and the size of the segment.
The lower transport layer sends Segment Acknowledgment messages to either report missing segments or report complete delivery of the Upper Transport PDU.
When all segments of the Upper Transport PDU for a given SeqAuth have been received, the Upper Transport PDU is delivered to the upper transport layer.
3.5.3.3. Segmentation behavior
3.5.3.3.1. Transmission of segments
The lower transport layer shall not transmit segmented messages for more than one Upper Transport PDU to the same destination at the same time. The lower transport layer should start to transmit segmented messages for a new Upper Transport PDU for the same destination when the transaction for the last Upper Transport PDU is completed or the message transmission has been canceled.
If the Upper Transport PDU can fit into a single Lower Transport PDU using an Unsegmented Message format and has not been tagged with the send-segmented tag, then the lower transport layer should use an unsegmented message to transmit this Upper Transport PDU.
If the Upper Transport PDU can fit into a single Lower Transport PDU using a Segmented Message format and has not been tagged with the send-segmented tag, then the lower transport layer may use a single segmented message to transmit this Upper Transport PDU.
If the Upper Transport PDU can fit into a single Lower Transport PDU using a Segmented Message format and has been tagged with the send-segmented tag, then the lower transport layer shall use a single segmented message to transmit this Upper Transport PDU.
Otherwise, two or more segmented messages shall be used.
For each transmission to a unicast address, the lower transport layer stores the destination address, the derived SeqAuth of the segmented message, the remaining number of retransmissions value, and the remaining number of retransmissions without progress value. The initial value of the retransmissions for a unicast address is the value indicated by the SAR Unicast Retransmissions Count state (see Section 4.2.48.2). The initial value of the retransmissions without progress is the value indicated by the SAR Unicast Retransmissions Without Progress Count state (see Section 4.2.48.3).
For each transmission to a group address or a virtual address, the lower transport layer stores the destination address, the derived SeqAuth of the segmented message, and the remaining number of retransmissions value. The initial value of the number of retransmissions for a group or a virtual address is the value indicated by the SAR Multicast Retransmissions Count state (see Section 4.2.48.6).
When the lower transport layer starts a new transfer of an Upper Transport PDU, it shall divide the Upper Transport PDU into segments, shall mark all of the segments as unacknowledged, and shall start transmitting the segments. Segments shall be sent in order of SegO field value, starting with the segment with the lowest value in the SegO field.
Transmission of segments shall be separated by the segment transmission interval indicated by the value of the SAR Segment Interval Step state (see Section 4.2.48.1).
When the lower transport layer starts a new transfer of an Upper Transport PDU that is destined to a unicast address, the lower transport layer shall set the remaining number of retransmissions to the initial value and shall set the remaining number of retransmissions without progress to the initial value. The lower transport layer expects a Segment Acknowledgment message from the destination, or from a Friend node on behalf of the destination.
When the lower transport layer starts a new transfer of an Upper Transport PDU that is destined to a group address or a virtual address, the lower transport layer shall set the remaining number of retransmissions to the initial value. Segment Acknowledgment messages are not sent by the destination.
When the last segment marked as unacknowledged is transmitted and the destination is a unicast address, the lower transport layer shall start a SAR Unicast Retransmissions timer. If the value of the TTL field of the message is greater than 0, the initial value of the timer shall be set according to the following formula:
[unicast retransmissions interval step + unicast retransmissions interval increment * (TTL − 1)] |
If the value of the TTL field of the message is 0, the initial value of the timer shall be set to the unicast retransmissions interval step.
The values of the unicast retransmissions interval step and the unicast retransmissions interval increment are indicated by the SAR Unicast Retransmissions Interval Step state (see Section 4.2.48.4) and the SAR Unicast Retransmissions Interval Increment state (see Section 4.2.48.5), respectively.
When the last segment marked as unacknowledged is transmitted, and the destination is a group address or a virtual address, the lower transport layer shall start a SAR Multicast Retransmissions timer with the initial value set to the multicast retransmissions interval. The multicast retransmissions interval is indicated by the SAR Multicast Retransmissions Interval Step state (see Section 4.2.48.7).
3.5.3.3.2. Reception of Segment Acknowledgment messages
When a Segment Acknowledgment message that is a valid acknowledgment (i.e., it meets all conditions in the Table 3.23) for the segmented message is received, then the lower transport layer shall mark as acknowledged the segments that are reported as delivered in the AckedSegments field of the Segment Acknowledgment message (see Section 3.5.2.3.1).
When a valid Segment Acknowledgment message for the segmented message is received (i.e., it meets all conditions in Table 3.23), and the SAR Unicast Retransmissions timer is running, and the Segment Acknowledgment message does not acknowledge all segments of the segmented message, and both the remaining number of retransmissions and the remaining number of retransmissions without progress are greater than 0, then the lower transport layer shall stop the SAR Unicast Retransmissions timer, shall repeat the transmission of all segments that are marked as unacknowledged, shall decrement the remaining number of retransmissions by 1, and shall start the SAR Unicast Retransmissions timer. If at least one segment is newly marked as acknowledged as a result of receiving the Segment Acknowledgment message, the lower transport layer shall set the remaining number of retransmissions without progress to the initial value. If no segment is newly marked as acknowledged, the lower transport layer shall decrement the remaining number of retransmissions without progress by 1.
When a valid Segment Acknowledgment message for the segmented message is received (i.e., it meets all conditions in Table 3.23), and the SAR Unicast Retransmissions timer is running, and the Segment Acknowledgment message acknowledges all segments of the segmented message, the transmission of the Upper Transport PDU is complete. Then the SAR Unicast Retransmissions timer shall be stopped, the number of retransmissions shall be deleted, and the number of retransmissions without progress shall be deleted. The lower transport layer shall remove the destination address and the SeqAuth stored for this segmented message and shall notify the higher layer that the transmission of the Upper Transport PDU has been completed.
When a Segment Acknowledgment message that is a valid acknowledgment for a segmented message with the AckedSegments field set to 0x00000000 is received, then the transmission of the Upper Transport PDU shall be immediately canceled, and the upper transport layer shall be notified that the transmission of the Upper Transport PDU has been canceled. The lower transport layer shall remove the destination address and the SeqAuth stored for this segmented message.
Condition |
---|
SeqAuth derived from the SeqZero field of the Segment Acknowledgment message matches the value stored by the lower transport layer |
Either the source address of the Segment Acknowledgment message matches the destination address value stored by the lower transport layer, or the value of the OBO field of the Segment Acknowledgment message is 1. |
For the SeqAuth derived from the SeqZero field of the message, there is at least one unacknowledged segment that the AckedSegments field of the message reports as delivered |
The message was secured using the same NetKey that was used to secure the segmented message |
Note
Note: The reception of a Segment Acknowledgment message with the OBO field set to 1 does not mean that the segmented message has been delivered to the final destination, but only that the segmented message has been delivered to the Friend of that Low Power node. The message is stored in the Friend Queue, but the message can be discarded if other messages are received for that Low Power node or the Friendship is terminated.
3.5.3.3.3. Retransmission of segments
When the SAR Unicast Retransmissions timer expires, if both the remaining number of retransmissions and the remaining number of retransmissions without progress are greater than 0, then the lower transport layer shall repeat the transmission of all segments marked as unacknowledged and shall decrement both the remaining number of retransmissions and the remaining number of retransmissions without progress by 1.
When the last segment marked as unacknowledged is transmitted and the destination is a unicast address, the lower transport layer shall start a SAR Unicast Retransmissions timer. If the value of the TTL field of the message is greater than 0, the initial value of the timer shall be set according to the following formula:
[unicast retransmissions interval step + unicast retransmissions interval increment * (TTL − 1)] |
If the value of the TTL field of the message is 0, the initial value of the timer shall be set to the unicast retransmissions interval step.
The unicast retransmissions interval step value and the unicast retransmissions interval increment value are indicated by the SAR Unicast Retransmissions Interval Step state (see Section 4.2.48.4) and the SAR Unicast Retransmissions Interval Increment state (see Section 4.2.48.5), respectively.
When the SAR Unicast Retransmissions timer expires and either the remaining number of retransmissions or the remaining number of retransmissions without progress is 0, the lower transport layer shall cancel the transmission of the Upper Transport PDU, shall delete the number of retransmissions value and the number of retransmissions without progress value, shall remove the destination address and the SeqAuth stored for this segmented message, and shall notify the upper transport layer that the transmission of the Upper Transport PDU has timed out.
When the SAR Multicast Retransmissions timer expires and the remaining number of retransmissions value is greater than 0, then the lower transport layer shall repeat the transmission of all the segments of the of the Upper Transport PDU. The lower transport layer shall decrement the remaining number of retransmissions value by 1.
When the last segment marked as unacknowledged is transmitted, and the destination is a multicast address, the lower transport layer shall start a SAR Multicast Retransmissions timer with the initial value set to the multicast retransmissions interval. The multicast retransmissions interval is indicated by the SAR Multicast Retransmissions Interval Step state (see Section 4.2.48.7).
When the SAR Multicast Retransmissions timer expires and the remaining number of retransmissions value is 0, the lower transport layer shall cancel the transmission of the Upper Transport PDU, shall delete the number of retransmissions value and the number of retransmissions without progress value, shall remove the destination address stored for this segmented message, and shall notify the higher layer that the transmission of the Upper Transport PDU has been completed.
If an Upper Transport PDU is tagged with additional metadata (see Sections 3.6.5, 3.6.8.2, and 3.7.3.1) and is segmented, each Lower Transport PDU of the segmented Upper Transport PDU shall be tagged with the same metadata.
3.5.3.4. Reassembly behavior
This section only applies when the Low Power feature is not in use.
The lower transport layer stores one or more pairs of values, consisting of an AckedSegments value, which indicates segments that have already been received for a particular SeqAuth, and a Sequence Authentication value. Each such pair is associated with a source address and a destination address. The initial value for the AckedSegments is a value that indicates that no segments have been received. The initial value for the Sequence Authentication value is 0.
When the lower transport layer receives a segment of a segmented message, it shall process the segment message against the conditions in Table 3.24. Conditions are evaluated one by one starting from the first line in the table. When the condition is met, the processing ends with the Processing Result corresponding to the value in the Condition column.
When the Processing Result is Message Rejected and the message is destined to a unicast address, the lower transport layer shall respond with a Segment Acknowledgment message with the AckedSegments field set to 0x00000000.
When the Processing Result is First Segment and the destination is a group address or a virtual address, the reassembly of a new segmented message is initiated. If another reassembly is pending for the same source address and for the same destination address, the pending reassembly shall be discarded and the SAR Discard timer shall be stopped. The lower transport layer shall set the Sequence Authentication value to the SeqAuth derived from this message. Then, the lower transport layer shall set the AckedSegments value for this SeqAuth to indicate that only this segment has been received and shall start the SAR Discard timer for this SeqAuth from the initial value. The initial value of the SAR Discard timer is the discard timeout value indicated by the SAR Discard Timeout state (see Section 4.2.49.4).
When the Processing Result is First Segment and the destination is a unicast address, the reception of a new segmented message is initiated. If another reassembly is already pending for the same source address and for the same destination address, the pending reassembly shall be discarded and the SAR Discard timer and SAR Acknowledgment timer shall be stopped. The lower transport layer shall set the Sequence Authentication value to the SeqAuth derived from this message. The lower transport layer shall set the AckedSegments value for this SeqAuth to indicate that only this segment has been received and shall start the SAR Discard timer and SAR Acknowledgment timer for this SeqAuth from the initial values. The initial value of the SAR Discard timer is the discard timeout value indicated by the SAR Discard Timeout state (see Section 4.2.49.4). The initial value of the SAR Acknowledgment timer is calculated using the following formula:
[min(SegN + 0.5, acknowledgment delay increment) * segment reception interval] |
The acknowledgment delay increment value and the segment reception interval value are indicated by the SAR Acknowledgment Delay Increment state (see Section 4.2.49.2) and the SAR Receiver Segment Interval Step state (see Section 4.2.49.5), respectively.
When the Processing Result is Next Segment and the destination is a group address or a virtual address, the lower transport layer shall store the received segment, shall start the SAR Discard timer from the initial value, and shall set the AckedSegments value for the SeqAuth derived from this message to indicate that the segment identified by the SegO field has been received.
When the Processing Result is Next Segment and the destination is a unicast address, the lower transport layer shall store the received segment, shall start the SAR Acknowledgment timer and the SAR Discard timer from the initial values, and shall set the AckedSegments value for the SeqAuth derived from this message to indicate that the segment identified by the SegO field has been received.
When the Processing Status is SeqAuth Error or Repeated Segment, the lower transport layer shall ignore the message.
When the Processing Result is Most Recent SeqAuth, the lower transport layer shall send a Segment Acknowledgment message with the AckedSegments field set to indicate that all segments have already been delivered for that SeqAuth. The lower transport layer shall not send more than one Segment Acknowledgment message for the same SeqAuth in a period of:
[acknowledgment delay increment * segment reception interval] milliseconds |
The acknowledgment delay increment and the segment reception interval are indicated by the SAR Acknowledgment Retransmissions Interval state and the SAR Receiver Segment Interval Step state (see Section 4.2.49.5), respectively.
When the Processing Result is Last Segment, the transfer of the segmented message is complete. The lower transport layer shall send a Segment Acknowledgment message with the AckedSegments field set to indicate that all segments have been delivered for the Sequence Authentication value. The Segment Acknowledgment message shall use the same NetKey as the first received segment of the segmented message, and the DST field shall have the same value as the SRC field of the first received segment of the segmented message. The lower transport layer shall stop the SAR Discard timer and the SAR Acknowledgment timer and shall send the reassembled message to the upper transport layer. The lower transport layer shall store the SeqAuth and the AckedSegments value for complete transactions to be able to acknowledge a transaction when repeated segments are received. The values for the most recent transaction shall be stored, and an implementation may store the values for other recent transactions. The number of additional transactions for which values are stored is an implementation detail.
If the segments are Segmented Access messages, then the reassembled message shall be processed as defined in Section 3.6.4.2.
If the segments are Segmented Control messages, then the reassembled message shall be processed as defined in Section 3.6.5.
Condition |
Processing Result |
---|---|
The SeqAuth calculated for the message is less than the Sequence Authentication value and the segmented message has not been received |
SeqAuth Error |
The SeqAuth calculated for the message is less than the Sequence Authentication value and the whole message has already been received |
Repeated Segment |
The SeqAuth calculated for the message is equal to the Sequence Authentication value and the whole message has already been received |
Most Recent SeqAuth |
The lower transport layer cannot accept the segment message because it is currently out of resources |
Message Rejected |
The SeqAuth value calculated for the segment message is greater than Sequence Authentication value |
First Segment |
The AckedSegments value for the SeqAuth calculated for the message indicates that the segment has already been received |
Repeated Segment |
The SAR Discard timer is expired and the reassembly for this SeqAuth is considered failed |
Late Segment |
The received segment message is not the first, nor the last missing segment for the SeqAuth |
Next Segment |
The received segment message is the last missing segment for the SeqAuth |
Last Segment |
When the SAR Acknowledgment timer expires, the lower transport layer shall send a Segment Acknowledgment message with the AckedSegments field set to the AckedSegments value for the identified SeqAuth to indicate the segments have been delivered (see Section 3.5.2.3.1). The Segment Acknowledgment message shall use the same NetKey as the first received segment of the segmented message, and the DST field shall have the same value as the SRC field of the first received segment of the segmented message.
If the number of segments in the transmission indicated by the value of SegN field is greater than the value of the SAR Segments Threshold state (see Section 4.2.49.1), the lower transport layer shall retransmit Segment Acknowledgment messages using the value of the SAR Acknowledgment Retransmissions Count state (see Section 4.2.49.3). Each retransmitted message shall include a new value for the SEQ field. Between retransmissions, the lower transport layer shall introduce a delay indicated by the value of the SAR Receiver Segment Interval Step state (see Section 4.2.49.5).
When the SAR Discard timer expires, the reassembly of the Upper Transport PDU being received is considered failed. For the SeqAuth derived from this message, the lower transport layer shall stop the SAR Acknowledgment timer, stop the SAR Discard timer, remove the AckedSegments value and discard all stored segments.
The Segment Acknowledgment message shall use the same NetKey as the first received segment of a multi-segment message, and the DST field shall have the same value as the SRC field of the first received segment of a multi-segment message.
If the device is acting as a Friend node for a Low Power node, then it shall reassemble segmented messages destined for the Low Power node and act as described, except that it shall set the OBO field to 1 in the Segment Acknowledgment message. Otherwise, the OBO field shall be set to 0.
3.5.3.5. Low Power feature reassembly behavior
This section only applies when the Low Power feature is in use.
For each source address, the lower transport layer stores an AckedSegments value which indicates segments that have already been received for a particular SeqAuth and a Sequence Authentication value. The initial value for the AckedSegments is a value that shall indicate that no segments have been received. The initial value for the Sequence Authentication is 0.
When the lower transport layer receives a segment of a segmented message, it shall process the segment against the conditions in Table 3.24. Conditions are evaluated one by one starting from the first line in the table. When the condition is met, the processing ends with the Processing Result corresponding to the value in the Condition column.
When the Processing Result is First Segment, the reassembly of a new segmented message is initiated. If another reassembly is already pending for the same source address, the pending reassembly shall be discarded. Then, the lower transport layer shall set the Sequence Authentication value to the SeqAuth derived from this message and for this SeqAuth shall set the AckedSegments value to indicate that only this segment has been received.
When the Processing Result is Next Segment, the lower transport layer shall store the received segment and set the AckedSegments value for the SeqAuth derived from this message to indicate that this segment has been received.
When the Processing Status is SeqAuth Error, Repeated Segment, or Most Recent SeqAuth, the lower transport layer shall ignore the message.
When the Processing Result is Last Segment, the transfer of the segmented message is complete. The lower transport layer shall discard the AckedSegments value and shall send the reassembled message to the upper transport layer.
If the segments are Segmented Access messages, then the reassembled message shall be processed as defined in Section 3.6.4.2.
If the segments are Segmented Control messages, then the reassembled message shall be processed as defined in Section 3.6.5.
If the friendship is terminated (see Section 3.6.6.4.2), then any previous partially received multi-segment message shall be cancelled.
3.5.4. Lower transport layer behavior
3.5.4.1. Transmitting a Lower Transport PDU
The Lower Transport PDU shall be delivered to the network layer for processing (see Section 3.4.6.4). TransportPDU field of the Network PDU shall be set to the Lower Transport PDU value.
3.5.4.2. Receiving a Lower Transport PDU
If the Lower Transport PDU is a Segmented Access message, a Segmented Control message or a Segment Acknowledgment message, then it shall be processed as defined in Section 3.5.3.2.
If the Lower Transport PDU is an Unsegmented Access message or an Unsegmented Control message, then the Upper Transport PDU shall be processed as defined in Section 3.6.4.2.
3.5.4.3. Message error procedure
When the lower transport layer receives a Segment Acknowledgment message that is not understood, then the Segment Acknowledgment message shall be ignored. A Segment Acknowledgment message that is not understood includes messages that have incorrect size.
3.5.5. Friend Queue
The Friend node shall have a Friend Queue for each friend Low Power node. The Friend Queue stores Lower Transport PDUs for a Low Power node. No field of the Lower Transport PDU shall be changed due to the message being in the Friend Queue. The CTL, TTL, SEQ, SRC, and DST fields shall be stored with the associated Lower Transport PDU.
When a Friend node receives a message on a subnet that was used for friendship establishment and that is destined for a Low Power node (i.e., the destination of the message is a unicast address of an element of the Low Power node or in the Friend Subscription List), and the TTL field has a value of 2 or greater, then the message shall be processed as follows: If the Friend Queue already contains a message with the same SEQ and SRC field values as in the received message, or if the SRC field of the received message is a unicast address of an element of the Low Power node, then the message shall not be stored in the Friend Queue. Otherwise, the TTL field value shall be decremented by 1, and the message shall be stored in the Friend Queue.
If the message is a Segmented Access message or a Segmented Control message, then the message shall only be stored into the Friend Queue after the complete Upper Transport PDU has been successfully reassembled and the Friend node has acknowledged the reception of all segments.
If the Friend Queue is full and a new message needs to be stored that is not a Friend Update message, the oldest entries other than a Friend Update message shall be discarded to make room for the new message.
Note
Note: An implementation may have to discard multiple messages to fit the new message into the Friend Queue.
If the message that is being stored is a Segment Acknowledgment message and the Friend Queue contains another Segment Acknowledgment message that has the same source and destination addresses, and the same SeqAuth value, but a lower IV Index or sequence number, then the older Segment Acknowledgment message shall be discarded.
When a Friend node becomes aware of a security update, for example by receiving a valid Secure Network beacon or a Mesh Private beacon, or as a result of a change in the Key Refresh Phase state, the Friend node shall add a Friend Update message to the Friend Queue.
When the Low Power node requests a message from the Friend Queue, the oldest entry shall be sent. Once that message has been acknowledged by the Low Power node, that entry shall be discarded.
If the Friend node is polled for a message from a Low Power node using a Friend Poll, and the Friend Queue for that node is empty, then the Friend node shall generate a new Friend Update message and add that message to the Friend Queue before sending the response, so that this Friend Update message can be sent in response to the Friend Poll message.
3.6. Upper transport layer
The upper transport layer takes an Access message from the access layer or an internally generated Transport Control message and transmits the message to a peer upper transport layer.
The Upper Transport Access PDU contains a message from the access layer. The encryption and authentication of the message is performed using an application key or device key. This allows the receiving upper transport layer to authenticate received messages.
The Upper Transport Control PDU contains a message that is internally generated by the upper transport layer. The message is only encrypted and authenticated at the network layer.
The Upper Transport Access PDU and the Upper Transport Control PDU are collectively known as Upper Transport PDUs.
3.6.1. Endianness
All multiple-octet numeric values in this layer shall be sent in big-endian, as described in Section 3.1.1.1.
3.6.2. Upper Transport Access PDU
The Upper Transport PDU is called the Upper Transport Access PDU, when the CTL field in the Network PDU is 0. The Upper Transport Access PDU contains an Access message.
The Access message is encrypted using an application key or device key, and the encrypted Access message and associated message integrity check value are combined into an Upper Transport Access PDU. The Upper Transport Access PDU fields are shown in Table 3.25 and illustrated in Figure 3.17.
Field Name |
Octets |
Description |
Req. |
---|---|---|---|
EncAccessMessage |
1 to 380 |
The encrypted Access message |
M |
TransMIC |
4 or 8 |
The message integrity check value for the Access message |
M |
3.6.2.1. EncAccessMessage
The Access message is supplied by the access layer. The EncAccessMessage is an Access message encrypted and authenticated as defined in Section 3.9.7.1. If the TransMIC is a 32-bit field, the Access message can be from a single octet to 380 octets in length. If the TransMIC is a 64-bit field, the Access message can be from a single octet to 376 octets in length. At the upper transport layer, this field is opaque and no information within this field may be used.
3.6.2.2. TransMIC
The Message Integrity Check for Transport (TransMIC) is a 32-bit or 64-bit field that authenticates that the Access message has not been changed. For a Segmented Access message, where the SEG field is set to 1, the size of the TransMIC field is determined by the value of the SZMIC field in the Lower Transport PDU. For Unsegmented Access messages, the TransMIC field is a 32-bit field.
Note
Note: Transport Control messages do not have a TransMIC field.
3.6.3. Upper Transport Control PDU
The Upper Transport PDU is called the Upper Transport Control PDU when the CTL field in the Network PDU is 1. The Upper Transport Control PDU contains a Transport Control message (see Section 3.6.5). A Transport Control message has a 7-bit opcode that determines the format of the parameters. This Opcode field is not included in the parameters field, but is included in the Unsegmented Control message or in each Segmented Control message.
The Upper Transport Control PDU is not authenticated at the upper transport layer and instead relies upon the authentication performed by the network layer. All Upper Transport Control PDUs use a 64-bit NetMIC field.
The lower transport layer may segment messages into smaller PDUs for delivery over the network layer. It is therefore recommended to keep Transport Control PDU payload size as reflected in Table 3.26, where the values represent the maximum useful parameter field sizes depending on the number of packets.
Number of Packets |
Transport Control PDU Payload Size |
---|---|
1 |
11 (Unsegmented) |
1 |
8 (Segmented) |
2 |
16 |
3 |
24 |
n |
n*8 |
32 |
256 |
The maximum size of an Upper Transport Control PDU is 256 octets.
3.6.4. Upper transport layer behavior
3.6.4.1. Transmitting an Upper Transport PDU
All Access messages are sent in the context of an application key or a device key. The Access message shall be encrypted using this application key or device key, and the TransMIC field shall be set to the message integrity check value, as defined in Section 3.9.6. The Upper Transport Access PDU shall then be delivered to the lower transport layer for processing as defined in Section 3.5.3.3
A sequence number shall be allocated to this message. In the context of a message segmented in the lower transport layer, this sequence number corresponds to the 24 lowest bits of SeqAuth, the sequence number used for authenticating and decrypting the Access message by the receiver, as defined in Section 3.5.3.1.
The AKF and AID fields of the Lower Transport PDU shall be set according to the application key or device key used to encrypt and authenticate the Upper Transport Access PDU. If an application key is used, then the AKF field shall be set to 1 and the AID field shall be set to the AID. If the device key is used, then the AKF field shall be set to 0 and the AID field shall be set to 0b000000.
An Upper Transport Control PDU shall be delivered to the lower transport layer for processing as defined in Section 3.5.3.3.
The upper transport layer shall not transmit a new segmented Upper Transport PDU to a given destination until the previous Upper Transport PDU to that destination has been either completed or cancelled.
3.6.4.2. Receiving an Upper Transport PDU
Upon receiving an Upper Transport Access PDU, the Access message shall be decrypted, and the TransMIC field shall be authenticated against the device key or the Device Key Candidate (see Section 3.11.8.1) or the known application keys for which the AKF and AID fields match. If the Upper Transport Access PDU authenticates and it has been checked for replay attacks (see Section 3.9.8) then it is delivered to the access layer with the contextual information of this message such as the source address, destination addresses, and the keys used for decryption and authentication.
When the Device Key Candidate is available, and an Access message is decrypted using the Device Key Candidate that was delivered to the access layer, then the node shall revoke the device key, the Device Key Candidate shall become the device key, and the Device Key Candidate shall become unavailable.
Upon receiving an Upper Transport Access PDU, this PDU shall be delivered to the Access layer for processing (see Section 3.7.3.2).
Upon receiving an Upper Transport Control PDU, the destination address of the PDU shall be checked. The PDU shall be processed according to the Transport Control opcode (as defined in Sections 3.6.6, 3.6.7, and 3.6.8) if one of the following conditions is met:
-
The destination address matches a unicast address of an element of the node
-
The destination address matches a fixed group destination address specified in Table 3.27 and the corresponding condition (if any) is satisfied
Destination Address |
Condition |
---|---|
all-directed-forwarding-nodes |
Directed forwarding functionality is enabled |
all-proxies |
Proxy functionality is enabled |
all-friends |
Friend functionality is enabled |
all-relays |
Relay functionality is enabled |
all-nodes |
– |
3.6.4.3. Message error procedure
When the upper transport layer receives a message that is not understood, then the message shall be ignored. A message that is not understood includes messages that met one or more conditions listed below:
-
The Transport Control message opcode is unknown by the receiving node.
-
The Transport Control message size for the Transport Control opcode is incorrect.
-
The Transport Control message parameters contain values that are Prohibited.
Messages that are not following segmentation requirements (see Section 3.5.3.1) are also not understood and are ignored.
3.6.5. Transport Control messages
Transport Control messages are transmitted using Upper Transport Control PDUs that can be transmitted either as a single Unsegmented Control message or as a sequence of Segmented Control messages. Unsegmented Control messages or Segmented Control messages have a 7-bit opcode field that determines the format of the parameters field. Each Transport Control message shall be sent using the smallest number of Lower Transport PDUs possible.
Opcode 0x00 is terminated at the lower transport layer as defined in Section 3.5.3 and shall not be sent by the upper transport layer. All other Transport Control messages are terminated at the upper transport layer.
When transmitting a Friend Poll, Friend Update, Friend Request, Friend Offer, Friend Subscription List Add, Friend Subscription List Remove, or Friend Subscription List Confirm message, the message shall be tagged as a friendship PDU.
The list of Transport Control messages, and their opcodes are defined in the Assigned Numbers document [4].
3.6.5.1. Friend Poll
A Friend Poll message is sent by a Low Power node to ask the Friend node to send a message that it has stored for the Low Power node.
The Friend Poll message parameters are defined in Table 3.28.
Field |
Size (bits) |
Description |
Req. |
---|---|---|---|
Padding |
7 |
0b0000000. All other values are Prohibited. |
M |
FSN |
1 |
Friend Sequence Number, used to acknowledge receipt of previous messages from the Friend node to the Low Power node |
M |
The FSN field indicates the Friend Sequence Number that is used as defined in Section 3.6.6.4.2.
3.6.5.2. Friend Update
A Friend Update message is sent by a Friend node to a Low Power node to inform the Low Power node that the security parameters (see Section 3.6.6.1) for the network have changed or are changing, or that the Friend Queue is empty.
The Friend Update message parameters are defined in Table 3.29.
Field |
Size |
Description |
Req. |
---|---|---|---|
Flags |
1 |
Contains the IV Update Flag and the Key Refresh Flag |
M |
IV Index |
4 |
The current IV Index value known by the Friend node |
M |
MD |
1 |
Indicates whether the Friend Queue is empty or not. |
M |
The Flags field format is defined in Table 3.30.
Bit |
Definition |
---|---|
0 |
Key Refresh Flag 0: Not-In-Phase2 1: In-Phase2 |
1 |
IV Update Flag 0: Normal Operation 1: IV Update in Progress |
2–7 |
Reserved for Future Use |
The Key Refresh Flag indicates whether the Key Refresh procedure is in progress (see Section 3.11.4).
The IV Update Flag indicates whether the IV Update procedure is in progress (see Section 3.11.5).
The IV Index field contains the current IV Index.
The MD field indicates whether the Friend Queue is empty or not, as defined in Table 3.31.
Value |
Description |
---|---|
0 |
Friend Queue is empty |
1 |
Friend Queue is not empty |
2–255 |
Prohibited |
3.6.5.3. Friend Request
A Friend Request message is sent to the all-friends group address by a Low Power node to start to find a friend.
The Friend Request message parameters are defined in Table 3.32.
Field |
Size |
Description |
Req. |
---|---|---|---|
Criteria |
1 |
The criteria that a Friend node should support in order to participate in friendship negotiation |
M |
ReceiveDelay |
1 |
Receive Delay requested by the Low Power node |
M |
PollTimeout |
3 |
The initial value of the PollTimeout timer set by the Low Power node |
M |
PreviousAddress |
2 |
Unicast address of the primary element of the previous friend |
M |
NumElements |
1 |
Number of elements in the Low Power node |
M |
LPNCounter |
2 |
Number of Friend Request messages that the Low Power node has sent |
M |
The Criteria field format is defined in Table 3.33 and in Figure 3.18.
Field |
Size |
Description |
Req. |
---|---|---|---|
RFU |
1 |
Reserved for Future Use |
M |
RSSIFactor |
2 |
The contribution of the received signal strength indicator (RSSI) measured by the Friend node used in the Friend Offer Delay calculation |
M |
ReceiveWindowFactor |
2 |
The contribution of the supported Receive Window used in the Friend Offer Delay calculation |
M |
MinQueueSizeLog |
3 |
The minimum number of messages that the Friend node can store in its Friend Queue |
M |
The RSSIFactor field indicates the contribution of the RSSI measured by the Friend node in the Friend Offer Delay calculation (see Section 3.6.6.3.1).
The RSSIFactor field values are defined in Table 3.34.
Value |
RSSI Factor |
---|---|
0b00 |
1 |
0b01 |
1.5 |
0b10 |
2 |
0b11 |
2.5 |
The ReceiveWindowFactor field indicates the contribution of the supported Receive Window used in the Friend Offer Delay calculation (see Section 3.6.6.3.1).
The ReceiveWindowFactor field values are defined in Table 3.35.
Value |
Receive Window Factor |
---|---|
0b00 |
1 |
0b01 |
1.5 |
0b10 |
2 |
0b11 |
2.5 |
The MinQueueSizeLog field is defined as log2(N), where N is the minimum number of maximum size Lower Transport PDUs that the Friend node can store in its Friend Queue.
The MinQueueSizeLog field values are defined in Table 3.36.
Value |
Description |
---|---|
0b000 |
Prohibited |
0b001 |
N=2 |
0b010 |
N=4 |
0b011 |
N=8 |
0b100 |
N=16 |
0b101 |
N=32 |
0b110 |
N=64 |
0b111 |
N=128 |
The ReceiveDelay field indicates the Receive Delay requested by the Low Power node.
The ReceiveDelay field values are defined in Table 3.37.
Value |
Description |
---|---|
0x00–0x09 |
Prohibited |
0x0A–0xFF |
Receive Delay in units of 1 millisecond |
The PollTimeout field indicates the initial value of the Poll Timeout timer set by the Low Power node.
The PollTimeout field values are defined in Table 3.38.
Value |
Description |
---|---|
0x000000–0x000009 |
Prohibited |
0x00000A–0x34BBFF |
PollTimeout in units of 100 milliseconds |
0x34BC00–0xFFFFFF |
Prohibited |
The PreviousAddress field indicates the previous Friend’s unicast address or the unassigned address if no previous friendship was established.
The NumElements field indicates the number of elements of the Low Power node. The value is used by the Friend node to calculate the range of unicast addresses assigned to the Low Power node using the SRC field value of the Network PDU of this message.
The NumElements field values are defined in Table 3.39.
Value |
Description |
---|---|
0x00 |
Prohibited |
0x01–0xFF |
Number of elements |
The LPNCounter field indicates the number of Friend Request messages that the Low Power node has sent to date.
3.6.5.4. Friend Offer
A Friend Offer message is sent by a Friend node to a Low Power node to offer a friendship.
The Friend Offer message parameters are defined in Table 3.40.
Field |
Size |
Description |
Req. |
---|---|---|---|
ReceiveWindow |
1 |
Receive Window value supported by the Friend node |
M |
QueueSize |
1 |
Size of the Friend Queue available on the Friend node |
M |
SubscriptionListSize |
1 |
Size of the Subscription List that can be supported by a Friend node for a Low Power node |
M |
RSSI |
1 |
RSSI measured by the Friend node |
M |
FriendCounter |
2 |
Number of Friend Offer messages that the Friend node has sent |
M |
The ReceiveWindow field indicates the Receive Window value supported by the Friend node.
The ReceiveWindow field values are defined in Table 3.41.
Value |
Description |
---|---|
0x00 |
Prohibited |
0x01–0xFF |
Receive Window in units of 1 millisecond |
The QueueSize field indicates the number of messages that the Friend node can store for the Low Power node.
The SubscriptionListSize field indicates the number of entries in the Subscription List that the Friend node can support for the Low Power node.
The RSSI field contains a signed 8-bit value, and is interpreted as an indication of received signal strength measured in decibels above 1 milliwatt (dBm). This is measured by the Friend node upon receiving the Friend Request message. The value shall be 0x7F (127 dBm) if the received signal strength indication is not available.
The FriendCounter field represents the number of Friend Offer messages that the Friend node has sent.
3.6.5.5. Friend Clear
A Friend Clear message is an acknowledged message sent to the previous Friend node of a Low Power node to inform the Friend node of the removal of a friendship. This message is sent by the current Friend node of the Low Power node.
The Friend Clear message parameters are defined in Table 3.42.
Field |
Size |
Description |
Req. |
---|---|---|---|
LPNAddress |
2 |
The unicast address of the Low Power node being removed |
M |
LPNCounter |
2 |
Value of the LPNCounter of the new friendship |
M |
The LPNAddress field contains the unicast address of the Low Power node that is being removed.
The LPNCounter field contains the LPNCounter value of the latest Friend Request used to establish the relationship.
3.6.5.6. Friend Clear Confirm
A Friend Clear Confirm message is sent by the previous Friend node in response to the Friend Clear message to confirm that the friendship has been terminated.
The Friend Clear Confirm message parameters are defined in Table 3.43.
Field |
Size |
Description |
Req. |
---|---|---|---|
LPNAddress |
2 |
The unicast address of the Low Power node being removed |
M |
LPNCounter |
2 |
The value of the LPNCounter of the corresponding Friend Clear message |
M |
The LPNAddress field contains the unicast address of the Low Power node that was removed.
The LPNCounter field contains the LPNCounter value of the corresponding Friend Clear message.
3.6.5.7. Friend Subscription List Add
A Friend Subscription List Add message is sent by a Low Power node to a Friend node to add group addresses and virtual addresses to the Friend Subscription list (see Section 3.6.6).
The Friend Subscription List Add message parameter is defined in Table 3.44.
Field |
Size (octets) |
Description |
Req. |
---|---|---|---|
TransactionNumber |
1 |
The number for identifying a transaction |
M |
AddressList |
2 * N |
List of group addresses and virtual addresses where N is the number of group addresses and virtual addresses in this message |
M |
The TransactionNumber field is used to distinguish each individual transaction (see Section 3.6.6.4.3).
The AddressList field contains a list of group addresses and virtual addresses to add to the Friend Subscription List.
3.6.5.8. Friend Subscription List Remove
A Friend Subscription List Remove message is sent by a Low Power node to a Friend node to remove group addresses and virtual addresses from the Friend Subscription List (see Section 3.6.6).
The Friend Subscription List Remove message parameters are defined in Table 3.45.
Field |
Size |
Description |
Req. |
---|---|---|---|
TransactionNumber |
1 |
The number for identifying a transaction |
M |
AddressList |
2 * N |
List of group addresses and virtual addresses where N is the number of group addresses and virtual addresses in this message |
M |
The TransactionNumber field is used to distinguish each individual transaction (see Section 3.6.6.4.3).
The AddressList field contains a list of group addresses and virtual addresses to remove from the Friend Subscription List.
3.6.5.9. Friend Subscription List Confirm
A Friend Subscription List Confirm message is sent by a Friend node to a Low Power node in response to a Friend Subscription List Add message or a Friend Subscription List Remove message.
The Friend Subscription List Confirm message parameters are defined in Table 3.46.
Field |
Size |
Description |
Req. |
---|---|---|---|
TransactionNumber |
1 |
The number for identifying a transaction |
M |
The TransactionNumber field is used to distinguish each individual transaction (see Section 3.6.6.4.3).
3.6.5.10. Heartbeat
A Heartbeat message is sent by a node to let other nodes determine topology of a subnet.
The Heartbeat message parameters are defined in Table 3.47.
Field |
Size |
Description |
Req. |
---|---|---|---|
RFU |
1 |
Reserved for Future Use |
M |
InitTTL |
7 |
Initial TTL used when sending the message |
M |
Features |
16 |
Bit field of currently active features of the node |
M |
The InitTTL field contains the initial TTL field value used when sending the message.
The InitTTL field values are defined in Table 3.48.
Value |
Description |
---|---|
0x00–0x7F |
Initial TTL when sending a message |
The Features field contains a bit field indicating the features the node currently uses, as defined in Section 3.1.
The Features field format is defined in Table 3.49.