How to use Bluetooth Mesh GATT provisioning with regular BLE stack?

Hi,

You will need to use the proxy functionality to provision the device via the nrf mesh iOS/Android app. It might be easiest to try out the light switch proxy client & proxy server examples first & then add the uart functionality to those examples, like explained here. It could also be useful to take a look at this Youtube video on provisioning with the nrf mesh app.

Kind Regards,

Bjørn

I got an update Mesh 2.2.0. Seems your team forget to add ticker.c/ticker.h source files or forget to remove them from the included files in the project.

I did the same steps, now it seems working but not fully.

1. sd_ble_gap_adv_set_configure returns NRF_ERROR_NO_MEM. I had to comment all advertising calls in main.c, so in this case only mesh uses it.
2. An error occurs when calling sd_ble_gatts_exchange_mtu_reply at mesh_gatt.c.517. I had to commect all m_gatt calls in main.c to let only mesh have access to sd_ble_gatts_*
3. This configuration runs without BLE services (because I had to comment adv and gatt), but all other code do not provide conflicts, so I can do a provision.
4. I will try to figure out the way to start BLE services. I hope you can advice me

Hi,

I read the documentation provided for old and new Mesh stack. There is basic steps to run this example and I already did it and run it successfully. The problem is that there is no working example with Mesh GATT proxy AND regular BLE stack at the same time. Previously I tried to describe my steps to reproduce the problem.

Sorry for the delayed response. Is it correct that you want to first provision the device via the proxy functionality & then communicate via BLE UART between the smartphone & the mesh device? I think I made a mistake previously. What if you just use the proxy functionality & communicate to the device via the nRF mesh application? The source code is out so you could probably update the app to your liking & add some extra functionality.

I have tested the proxy client with nrf connect for iOS, but as soon as I connect to the device & try to send data, the device disconnects. I believe this is because nRF Connect does not send the messages with the correct format.

If I were you, I would take a look at the nRF Mesh source code (Android, iOS).

Sorry for the delayed response =) 

Yes, you are correct — I want to do first provision with proxy and then communicate with regular BLE services. The reason why is that the network is configured by a provisioner and after all network configuration is done — I want to take new smartphone and somehow connect to a device and do communication with regular BLE, and at the same time this device can communicate with mesh network. As I understand, new smartphone can't access device with proxy only because it had not been provisioned (is not a part of network). And this device is not a provisioner, so it can't do provisioning to the new smarphone. So the only way it to keep regular BLE stack to make possible communication and bonding new devices without mesh reconfiguration.

Am I right or wrong?

That is not correct. The whole point of the proxy node is to let regular BLE devices communicate with the mesh network, which means that the ble device does not need to be a part of the mesh network.

I am confused. Imagine that we have mesh network. When this network is not configured, I can use smartphone and do a provision of all devices via proxy feature, right? After all nodes configred I need to be able to communicate (control) with devices via different (another) smartphone, this new smartphone does not have any mesh network keys, so how it can use proxy feature without "be provisioned"? How node can can be controlled by proxy feature? For the BLE there is whitelist and bonding process, but how node can accept or decline smartphone with proxy? 

I am confused. Imagine that we have mesh network. When this network is not configured, I can use smartphone and do a provision of all devices via proxy feature, right? After all nodes configred I need to be able to communicate (control) with devices via different (another) smartphone, this new smartphone does not have any mesh network keys, so how it can use proxy feature without "be provisioned"? How node can can be controlled by proxy feature? For the BLE there is whitelist and bonding process, but how node can accept or decline smartphone with proxy? 

What do you mean by "how node can be controlled by proxy feature?" Do you want to change configuration parameters with the second smartphone (the one that was not used during provisioning) or do you just want to talk to the mesh network with the second smartphone?

This means that I want to control (on/off/etc) the specific device, without access to whole network. For example, I have a configured light switch and hundred of devices in a single network, and I have a guest that want to control this lightswitch, but this guest is not an owner of this network and there can be a lot of different people who want to control light switch when they are inside a room. 

Thanks for the detailed explanation. There is something called temporary guest access in the mesh specification. The guest node still needs to be provisioned & then it will be provided a temporary network & application key. The light bulb needs to be controlled by the guest would also have a subnet network key, as well as a temporary application key. You will still need to provision this guest node unfortunately.

Take a look at this excerpt from the profile spec in section 3.10.2

"It is possible to provide a node with temporary guest access to a mesh network. This is done by creating a separate guest subnet by providing a separate network key to the guest and to the nodes the guest will have access to.
Separate application keys are also provided to the guest to restrict the models that the guest has access to at the access layer.
The guest never obtains application keys or network keys used by nodes and models that are excluded from guest access. Only nodes that belong to the guest subnet will communicate with the guest node; within these nodes, only models bound to the guest application keys can be used by the guest. This allows guest access to be very finely controlled down to specific nodes and functionalities.
Guests cannot initiate IV Index updates on the primary subnet. This protects the IV Index, which is a network shared resource, from a potentially malicious behavior.
Guest access is configured by a Configuration Client using the Configuration Server model that is secured by device keys. Multiple guests may be provided with guest access, each within their own guest subnet and model domain.
Guest access is revoked by refreshing application and network keys through the Key Refresh procedure (see Section 3.10.4)."

The main reason for making it this "complicated" is increased security.

Do you want the guest node to be another mesh device or a smartphone connected via the proxy node?

If so, it is possible to do the inverse of what we are doing with the nrf mesh app, where the phone can be provisioned via the proxy node. The phone would run the PB-GATT provisionee attribute table on the app (could be a modified nrf mesh app). Another node in the network that allows provisioning will then connect to this guest phone & then do the provisioning process. The main purpose of this exercise is to distribute the network & application keys to the guest so that it can participate as a guest in the mesh network.

You may be able to do this via a proprietary way by distributing a temporary network & app key to the guest smartphone, but it is most likely better to follow the spec like described above.

Kind Regards,

Bjørn

Thanks for response,

Bjørn Kvaale said:

Another node in the network that allows provisioning will then connect to this guest phone

As I know there can be only one provisioner node in the network? And in my case the provisioner can be different smartphone that can't be used for guest. Is it possible to make "virtual" provisioner and use smartphone's BLE as relay (PB-GATT connection) between remote server (as provisioner) and real node?

And if there is a lot of guests, what provisoner will do with unique indexes that should be assigned to every new connected device (smartphone)?

gsegment said:

As I know there can be only one provisioner node in the network?

 Essentially yes. Although you could theoretically have multiple provisioners that make different mesh networks & find a way of communicating within the different mesh networks. I am not sure I would recommend this.

gsegment said:

Is it possible to make "virtual" provisioner and use smartphone's BLE as relay (PB-GATT connection) between remote server (as provisioner) and real node?

 Do you want to use the remote provisioning functionality from our mesh sdk & provision nodes out of reach of the smartphone via relaying the information through intermediary nodes? Could you explain what you mean by virtual provisioner?

gsegment said:

And if there is a lot of guests, what provisoner will do with unique indexes that should be assigned to every new connected device (smartphone)?

The provisioner will store these unique application & network keys in the device state manager.