Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cf-dev] Simultaneous DTLS device registration performance

Hi list,

 

if we start to adjust the credentials management in scandium, we may also consider a requirement from LWM2M.

There it’s possible to setup a LWM2M client to use different certificates (RPK or x509) for different LWM2M servers.

Therefor extending the credentials mechanism to provide certificates also related the destination peer would allow

a more resource friendly implementation of that (currently several DTLSConnectors may be used).

 

Mit freundlichen Grüßen / Best regards

 

Achim Kraus

 

Bosch Software Innovations GmbH

Communications (INST/ESY1)

Stuttgarter Straße 130

71332 Waiblingen

GERMANY

www.bosch-si.de

www.blog.bosch-si.com

 

 

Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B

Executives: Dr.-Ing. Rainer Kallenbach; Michael Hahn

 

 

Von: cf-dev-bounces@xxxxxxxxxxx [mailto:cf-dev-bounces@xxxxxxxxxxx] Im Auftrag von Schmid Christian (INST/ECS4)
Gesendet: Montag, 16. Januar 2017 17:23
An: cf-dev@xxxxxxxxxxx
Betreff: [cf-dev] Simultaneous DTLS device registration performance

 

Hi list,

 

I have a question concerning concurrent device registration using DTLS with pre-shared-key in Scandium.

 

Scandium offers a neat interface called PskStore to let the implementor provide its own way to retrieve a pre-shared-keys for a certain device (by identity).

Sadly the ServerHandshaker invoking the PskStore is running in a single thread (altogether with the DTLSConnector).

This leads to an issue in case the time duration for the retrieval of the psk is quite long (e.g. more than a few milliseconds).

An example for such a situation would be, if the key first has to be requested by a rest call (from another service) or it is protected by a hardware dongle (with a delay for security reasons).

 

In a scenario in which lots of devices simultaneously try to register themselves, this will cause a “denial of service” state.

This is because the PskStore.getKey() method is blocking the whole thread until the key is returned.

That blocking will cause that the DTLSConnector  is no longer able to receive new datagrams from the socket.

Incoming messages then may time out or even be dropped by the operating system layer in case the OS buffer runs out of space.

 

Do you guys have any idea how we could make this part more efficient?

Possible solutions could be for example:

-          Increase number of threads. However, this would only soften the problem, but not really solve it.

-          Introduce reactive style pattern in PskStore.getKey() i.e. WorkerThread gets not blocked while retrieving the pre-shared-keys.

 

 

Thanks

Chris

 

--

Bosch Software Innovations GmbH

Cloud Services - LWM2M

INST/ECS4

Stuttgarter Straße 130

71332 Waiblingen

GERMANY

www.bosch-si.de

blog.bosch-si.com

 

Tel. +49 7545 202-300 (Zentrale)

Fax +49 711 811-58200

 

Christian.Schmid@xxxxxxxxxxxx

 

Registered office: Berlin, Register court: Amtsgericht Charlottenburg, HRB 148411 B

Executives: Dr.-Ing. Rainer Kallenbach, Michael Hahn

 

 

 

Back to the top