MQTT Features

IP Device Provisioning

Operator need to provision devices in MQTT broker before the device connects to broker.

1. Broker provides a REST based interface for single/batch IP device provisioning/deletion.

   Refer to the Sample json Body for more details.

   Below device data must be provisioned in broker:

   • Device External Id/MSISDN (either one can be present, if both are present, the ExternalId takes precedence)
   • Device Type (MQTT or CoAP) (MQTT-2, CoAP-1)
   • IMSI
   • APN (device that is used to connect to operator's network)
2. Provisioned devices can be updated with details of IMSI, APN and IP address of current device using the PATCH operation for the matching External Id or MSISDN.

   If both External Id and MSISDN are provided, then the External Id is given priority and the devices matching the External Id is updated. Only in the absence of External Id, the MSISDN is considered. Refer to the Sample json Body for more details.

3. Provisioned devices can be deleted using the POST operation of rest interface for the matching External Id or MSISDN. If both External Id and MSISDN are provided, then External Id is given priority and the devices matching External Id are deleted. In the absence of External Id, MSISDN is considered.

Topic prefixes

Topic prefixes are predetermined prefixes for a given application, which do not contain any wild cards (# or +). The topic names used in subscription and publish message (from application or device) should have a valid prefix.

• The topic prefixes must be configured (mandatory) per application using custom SLA. Topic prefixes must not overlap.

  For example: a/b/c and a/b/c/1 are not allowed.

• When a topic prefix section is deleted from Custom SLA XML then the corresponding topic subscriptions are removed from the DB.
• When SUBSCRIBE/PUBLISH message is received from application, the MQTT broker will check if the topic name in request contains a valid topic prefix and then the topic prefix is configured for the application.
• When SUBSCRIBE/PUBLISH message is received from the device, the MQTT broker checks if the topic name in request contains a valid topic prefix from the configured list of prefixes (across applications). If broker cannot find a valid prefix, the request is rejected.

Note:

Topic prefixes are different from Topic name mentioned for rate control.

For example:

Topic prefix: /oracle/india

Topic name in Rate control section:

/oracle/india/bangalore/*

AAA Server Integration

• AAA server integration feature enables identifying MQTT devices with device IP. When device connect to operator network, P-GW (AAA server) will send Diameter ACR Start (Account creation request-271 Command Code) message to AAA interface. The following information from the request will be collected and updated in the device profile.
  • Called-Station-Id (APN)
  • User-Name (IMSI)
  • PDP-Address (IP)
• When MQTT device sends CONNECT to broker, device details are retrieved using the device IP and device is identified with corresponding External Id or MSISDN. External Id or MSISDN is used to communicate MO or MT delivery notifications to SCEF application.
• Diameter ACR Stop - When Diameter ACR Stop (Terminate) message is sent then mapping between IMSI and IP will be removed from the device profile and the device will be disconnected if connected.

Figure 2-23 SCEF MQTT Broker - AAA Server Integration

Figure 2-24 SCEF MQTT Broker device provisioning

APN Rate Control, ACL Check for MQTT traffic

APN and ACL checks are applied on the North bound T8 traffic (NIDD Downlink data delivery, ME subscription). These checks are applied only when device id (ExternalId or MSISDN) is present in the T8 the request.

Note:

Device Id is not mandatory in case of NIDD Downlink Data Delivery (DLD) broadcast to all devices subscribed to the topic and ME subscription POST message.

Configuration of APN and ACL per application performed as part of Custom SLA configuration.

APN Check

Input: Configured APN names allowed per application. Device APN is checked against configured APN list per application.

Checkpoint:

1. Delivering MO message from device to application.
2. NIDD DLD message from an application to a device (Single device or broadcast).
3. ME subscription POST to a single device.

Rule: Check if the device APN is allowed for the application.

Result:

1. If APN of device is allowed for the application, proceed further.
2. If APN of device is not allowed for the application, reject or drop the request.

ACL Check

Input: Configured Domain names or MSISDN ranges allowed per application

Checkpoint:

1. Delivering MO message from device to application.
2. NIDD DLD message from an application to a device (Single device or broadcast).
3. ME subscription POST to a single device.

Rule: If message has the device External Id, check the domain name against the configured list per application. If the message has MSISDN then check against the configured MSISDN ranges for the application.

Note: If both the ExternalId and MSISDN are present, then ExternalId is checked and MSISDN is ignored.

Result:

1. If the configured domain names and MSISDN range of application matches the device then proceed further.
2. If the configured domain names and MSISDN range of application does not matches the device then reject or drop the request.

APN Rate control

APN Rate control is applied per device. Rate control is configurable at MQTT MBean GUI at OCSG Admin portal.

APN rate control check is performed for MQTT CONNECT, SUBSCRIBE, PUBLISH to or from devices.

DB Auditor

MQTT broker has the DB auditor functionality enabled to clear old records after configurable period. The tables that needs to be audited are configured in MBean operation.