This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Mesh Key refresh approach questions

Hi,

As per mesh SDK 2.1.1, if I removing the provisioned node through key refresh approach from provisioner then...

1. First should I required to update the all node's(except one, which is removing) network key by "config_client_netkey_update()", with the help of binding config client to each config server one by one and use this API? Is there any method so that all the provisioned node's network key can be updated in single cycle?

2. Then after in provisioner should I start the key refresh procedure for changing the network key? so that by receiving secured network beacons in NRF_MESH_BEACON_SECURE_NET_BCAST_INTERVAL_SECONDS interval all nodes start key refresh procedure by itself.

what if in this approach some of the nodes are powered off or out of network at that time? Is there any solution or workaround for such type of scenario?

Parents
  • Hi,

    Sorry for the delayed response. I would recommend reading the key refresh procedure in Chapter 3.10.4 of the Bluetooth Mesh profile spec if you have not already (it seems you have read this section already though). 

    1) You are correct that you can use the config_client_netkey_update() function to update the netkey via the config client on the provisioner & the config servers on the mesh nodes.

    By single cycle, are you referring to the different phases in the mesh profile spec in Figure 3.48 Key Refresh Diagram.

    2) Yes, as soon as the first phase is complete (i.e. new keys (network and/or application keys) are distributed to each node), the provisioner will transmit a secure network beacon to tell the other nodes that each node has received new keys.

    If one of the nodes is powered off before it has received the new keys or right after it has received the new keys, the provisioner will know this & either wait for the node to be powered back on or update the powered off device's network key once it is back up & running. Either way, the mesh sdk takes care of this. If I were you, I would test this out yourself.

    Kind Regards,

    Bjørn

  • Hi Bjørn,

    I'm referring that in single cycle update the multiple nodes key means if somehow config client can bind to multiple config server in network at a same time then by executing config_client_netkey_update() those nodes received new key at a same time in single cycle. so is it possible that config client can configure multiple config server at a same time?

Reply Children
  • Hi,

    Sorry for the delayed response. The way I understand it is that you need to provision & configure a node one at a time. Therefore, configuring multiple config servers via one config client is not possible.

    Also, the provisioner keeps a track of all of the provisioned & configured nodes, including all of the keys (appkey, netkey, device key) in a big database. The configuration client then fetches the relevant information it needs (like the device key) in order to configure the server device via the configuration server. Therefore, you can only configure one device at a time.

    Kind Regards,

    Bjørn

Related