Hi list,
if we start to adjust the credentials management in scandium, we may also consider a requirement from LWM2M.
There it’s possible to setup a LWM2M client to use different certificates (RPK or x509) for different LWM2M servers.
Therefor extending the credentials mechanism to provide certificates also related the destination peer would allow
a more resource friendly implementation of that (currently several DTLSConnectors may be used).
Mit freundlichen Grüßen / Best regards
Achim Kraus
Bosch Software Innovations GmbH
Communications (INST/ESY1)
Stuttgarter Straße 130
71332 Waiblingen
GERMANY
www.bosch-si.de
www.blog.bosch-si.com
Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
Executives: Dr.-Ing.
Rainer Kallenbach; Michael Hahn
Von: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx]
Im Auftrag von Schmid Christian (INST/ECS4)
Gesendet: Montag, 16. Januar 2017 17:23
An: cf-dev@xxxxxxxxxxx
Betreff: [cf-dev] Simultaneous DTLS device registration performance
Hi list,
I have a question concerning concurrent device registration using DTLS with pre-shared-key in Scandium.
Scandium offers a neat interface called
PskStore
to let the implementor provide its own way to retrieve a pre-shared-keys for a certain device (by identity).
Sadly the ServerHandshaker invoking the
PskStore is running in a single thread (altogether with the
DTLSConnector).
This leads to an issue in case the time duration for the retrieval of the psk is quite long (e.g. more than a few milliseconds).
An example for such a situation would be, if the key first has to be requested by a rest call (from another service) or it is protected by a hardware dongle (with a delay for security reasons).
In a scenario in which lots of devices simultaneously try to register themselves, this will cause a “denial of service” state.
This is because the PskStore.getKey() method is blocking the whole thread until the key is returned.
That blocking will cause that the
DTLSConnector is no longer able to receive new datagrams from the socket.
Incoming messages then may time out or even be dropped by the operating system layer in case the OS buffer runs out of space.
Do you guys have any idea how we could make this part more efficient?
Possible solutions could be for example:
-
Increase number of threads. However, this would only soften the problem, but not really solve it.
-
Introduce reactive style pattern in
PskStore.getKey() i.e. WorkerThread gets not blocked while retrieving the pre-shared-keys.
Thanks
Chris
--
Bosch Software Innovations GmbH
Cloud Services - LWM2M
INST/ECS4
Stuttgarter Straße 130
71332 Waiblingen
GERMANY
www.bosch-si.de
blog.bosch-si.com
Tel. +49 7545 202-300 (Zentrale)
Fax +49 711 811-58200
Christian.Schmid@xxxxxxxxxxxx
Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B
Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn