====== Kerlink Basic Station Packet Forwarder ======
===== What is the Kerlink Basic Station Packet Forwarder ? =====
Similarly to legacy (GWMP) packet forwarder, the Basic Station Packet Forwarder is a program running on a LoRa gateway. It forwards the LoRa packets emitted by end-devices and received by the gateway to a LoRa Network Server (LNS) and vice-versa, hence its name.
The Kerlink Basic Station Packet Forwarder (BSPF) is based on //"lorad"// daemon from [[wiki:lora:cpf|Common Packet Forwarder]].
Once installed and configured, it is able to connect to a //"LNS"// or a //"CUPS"// server and handle all associated services (Radio configuration, Forward uplink packets, schedule downlink packets, etc.).
It implements the same protocols and authentication methods than [[https://lora-developers.semtech.com/build/software/lora-basics/lora-basics-for-gateways/|Semtech LoRa Basics™ Station]] reference implementation.
{{:wiki:lora:basicstation_overview.png?800|}}
===== What are the differences with Semtech LoRa Basics™ Station ? =====
The [[https://lora-developers.semtech.com/build/software/lora-basics/lora-basics-for-gateways/|Semtech LoRa Basics™ Station]] is a nice reference implementation. But, as the original packet forwarder, it has the same drawbacks: It's a monolithic approach, designed to be hardly linked to the gateway radio architecture and to be used on one Network Server.
In other words, Kerlink Basic Station Packet Forwarder is the same package for all Kerlink iSeries gateways and can be configured while another previously-configured LNS is still functional.
Main features of reference implementation are implemented in Kerlink Basic Station Packet Forwarder, including:
* CUPS and LNS protocols support
* TLS and Token-based Authentication
* Support for Class A and C on all gateways
* Support for main radio regions: EU868, US915, AS923, AU915 and IN865
The features **not** supported are listed below:
* timesync message: A ntpd daemon is embedded in all kerlink gateways and is much more precise than this time synchronization.
* Remote shell / remote command
The additional features:
* Packet buffering: Kerlink Basic Station Forwarder embeds a database to store uplink packets in case of LNS/Network disconnections.
* Multiple LNS connection: Kerlink Basic Station Forwarder can be used in same time than legacy (GWMP) forwarder allowing multiple LNS connections (see [[wiki:lora:multiforwarder]] for further details)
===== Installation and configuration =====
Kerlink Basic Station Packet Forwarder application requires KerOS version 5.x.
If [[wiki:support:faq#how_to_read_software_version|the software version of your gateway]] is not compatible, refer
to [[wiki:resources:resources|resources section]] to upgrade to 5.x
For gateways configured with version 4.4.1 for AWS, it's necessary to install [[https://wikikerlink.fr/wirnet-productline/doku.php?id=wiki:firmware:lastversion#download|Liveburner IPK 5.X]] and [[https://wikikerlink.fr/wirnet-productline/doku.php?id=wiki:lora:bspf_ressources#download|Basic Station Packet Forwarder]]. \\
Please see on [[wiki:lora:aws|AWS IoT Core for LoRaWAN - Kerlink documentation]] for more information
==== Installation ====
- Download last version of Kerlink Basic Station Packet Forwarder from the [[bspf_ressources|Basic Station resources page]].
- Install the ''basicstation_X.Y.Z_klkgw.ipk'' file using the instructions of the [[wiki:keros_custo:sw_updates|software updates page]].
The installation of the //"basicstation"// package adds the following content on the file system:
++++Content|
/
├── etc
│ ├── default
│ │ └── station
│ ├── init.d
│ │ └── station
│ ├── logrotate.d
│ │ └── station
│ ├── monit.d
│ │ └── station
│ ├── profile.d
│ │ └── station
│ ├── rcK.d
│ │ └── K52station -> ../init.d/station
│ ├── rcU.d
│ │ └── S51station -> ../init.d/station
│ ├── rsyslog.d
│ │ └── station
│ └── sysupgrade.d
│ └── basic_station.conf
└── user
└── basic_station
├── bin
│ ├── klk_bs_config
│ ├── klk_loriot_config
│ ├── klk_ttn_config
│ └── station
├── etc
│ └── station.conf.example
└── lib
└── python3.10
└── site-packages
├── basicstation
│ └── [...]
└── basicstation-X.Y.Z-py3.10.egg-info
└── [...]
++++
==== Configuration ====
Once installed, Kerlink Basic Station Packet Forwarder is disabled by default. It should first be configured for the wanted server (CUPS and/or LNS).
As explained by [[https://lora-developers.semtech.com/build/software/lora-basics/lora-basics-for-gateways/?url=authmodes.html|Semtech documentation]], the procedure to connect to server may differ depending on authentication mode used by server.
=== No authentication on LNS server ===
- URI of LNS server should be written in ''/user/basic_station/etc/tc.uri'' config file.
- Activate basicstation forwarder.
A tool named ''klk_bs_config'' is used to handle these steps.
++++Example:|
With a Chirpstack-based LNS server named ''lns.local''
klk_bs_config --enable --lns-uri "ws://lns.local:3001"
Please note that "simple" websocket is used in this case. URI MUST start with "ws://" (and not "wss://")
++++
=== TLS Server Authentication ===
Additionally to previous mode, a ''*.trust'' file should be provided to check server authenticity. (excepting for "Publicly known"/"Globally signed" certificates like "let's encrypt", AWS, etc...)
++++Examples:|
1 - With a Chirpstack-based LNS server named ''lns.local'' with a reference certificate named ''ca_cert''
cp ca_cert /user/basic_station/etc/tc.trust
klk_bs_config --enable --lns-uri "wss://lns.local:3001"
2 - With a CUPS server named ''cups.local'' with a reference certificate named ''ca_cert'':
cp ca_cert /user/basic_station/etc/cups.trust
klk_bs_config --enable --cups-uri "https://cups.local"
++++
=== TLS Server and Client Authentication ===
Additionally to previous mode, ''*.key'' and ''*.crt'' files should be provided to authenticate client (gateway) on server.
++++Example with an AWS CUPS server:|
After having registered your gateway on AWS IOT core, the following files should be available:
* ''xxx.cert.pem'': the (public) certificate of the gateway.
* ''xxx.private.key'': private key of gateway.
Additionally, the **CUPS endpoint** should be known. In this example ''https://XXX.cups.lorawan.eu-west-1.amazonaws.com'' will be used. The certificate of this server is globally signed so ''.trust'' file is not needed.
- Push key ''xxx.private.key'' and certificate ''xxx.cert.pem'' on gateway
- Rename them as cups credentials: cp xxx.private.key /user/basic_station/etc/cups.key
cp xxx.cert.pem /user/basic_station/etc/cups.crt
- Activate basicStation forwarder:
klk_bs_config --enable --cups-uri "https://XXX.cups.lorawan.eu-west-1.amazonaws.com"
++++
If the main server needs to be modified, all credentials must be removed first to avoid confusion (like using key and certificate on a non-TLS connection):
klk_bs_config --disable
rm -f /user/basic_station/etc/*.key /user/basic_station/etc/*.trust /user/basic_station/etc/*.crt
# Then, follow procedure depending on your LNS type
=== LNS Connection Status ===
Since version 2.5.0, the [[wiki:systeme_mana:peripherals#other_leds|backhaul LEDs]] (Wirnet iFemtocell/iZeptocell) indicate the status of the LNS connection :
* a green LED indicates that connection to the LNS has been established
* a red LED indicates that connection has been either lost or not yet established
When WMC is used at the same time than Basic Station Packet Forwarder, the backhaul LED's behavior is unreliable.
===== Advanced configuration =====
==== LBT/CCA specific case ====
Only available since [[bspf_v2.4.1|version 2.4]] ( for "Land Mobile Station" use cases, please contact Kerlink support)
For LNS which doesn't embed AS923-1 with LBT, it needs to be activated manually by using following commands:
# Disable current config
klk_bs_config --disable
# Use "Japan" lorad configuration explicitly and prevent from reconfiguration from LNS
klk_bs_config --enable --loradconf AS923-1-JP.json --ignore-reconf
==== Kerlink Basic Station Packet Forwarder configuration ====
By default, Kerlink Basic Station Packet Forwarder doesn't need any configuration files excepting those described above.
However, for advanced configuration, default settings can be modified by creating a configuration file named ''/user/basic_station/etc/station.conf''.
It allows to:
* Change log level (for whole application or component by component)
* Set router EUI
* Change CUPS request interval
* Activate packet buffering (database)
* Activate or disable websockets ping functionality (and set the ping interval)
An example of this configuration file is provided in ''/user/basic_station/etc/station.conf.example''.
==== Router EUI (for debug/test purpose) ====
Default **Router EUI** is the gateway EUI64 (printed on box and available in ''/tmp/board_info.json'').
However, it can be overridden by setting it in this configuration file:
- Copy ''/user/basic_station/etc/station.conf.example'' to ''/user/basic_station/etc/station.conf''
- Edit ''/user/basic_station/etc/station.conf'' and locate ''[router]'' section
- In this section, enter the line ''id = ''
- Save file
- Restart application ''/etc/init.d/station restart''
==== Packet buffering ====
Packet buffering allows to store uplink packets not transmitted to the LNS server when the link between gateway and server is broken.
The application will then retry periodically to re-connect to the LNS Server and as soon as the connection is back, all stored packets will be pushed in FIFO mode (First In, First Out) to respect packets chronology.
In order to activate it:
- Copy ''/user/basic_station/etc/station.conf.example'' to ''/user/basic_station/etc/station.conf''
- Edit ''/user/basic_station/etc/station.conf'' and locate the ''[database]'' section
- Un-comment ''enable = True'' line
- Save file
- Restart application ''/etc/init.d/station restart''
==== Local DevAddr Filtering ====
In the case the LNS does not provide any NetID filter in the router_config message, it is possible to set local filters in order to only forward LoRa uplinks provided by a subset of devices.
To configure this feature, use the '-f' option of the klk_bs_config tool, and provide inclusive and/or exclusive filters to indicate the sets of DevAddr to be kept and/or rejected.
( see https://wikikerlink.fr/wirnet-productline/doku.php?id=wiki:lora:advanced_features#lorawan_frame_filtering for more details about filters values )
++++Example:|
klk_bs_config -e -f "24abcdef/7" -f "!24abcdef/12"
Will configure basic station to forward messages provided by devices with DevAddr between 0x24000000 and 0x249fffff , or between 0x24b00000 and 0x25ffffff .
++++
The lead "0x" is not required before the base address of the filter.
==== TTN LNS configuration tool ====
To ease declaration of a gateway on the TTN (thethings.network), TTI (thethings.industries) or TTS (The Things Stack Enterprise / Open Source) LNS, use the ''klk_ttn_config'' tool.\\
This tool adds the gateway on the server and creates its associated CUPS and LNS keys.\\
\\
To use this tool, you need:
* an API token
* the API server URL
* the chose frequency plan
''klk_bs_config'' is still required after this to complete the Basic Station configuration.
* On TTN ''klk_ttn_config'' can only be used one time per gateway due to certain TTN restrictions (even after removing the gateway from TTN)\\
* On TTI the gateway needs to be remove and purged in order to reuse ''klk_ttn_config''
++++Example:|
Take care to the URL format, it will not work if there is a trailing slash at the end.
# Use TTN configuration tool for TTN LNS
klk_ttn_config -u https://eu1.cloud.thethings.network -t NNSXS.R6D3ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI.ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIABCDEFGHIJKLMNOPQ -f EU_863_870
# Use TTN configuration tool for TTI LNS where tenant is your Tenant ID
klk_ttn_config -u https://tenant.eu1.cloud.thethings.industries -t NNSXS.R6D3ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI.ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIABCDEFGHIJKLMNOPQ -f EU_863_870
++++
The ''klk_ttn_config'' tool has been designed to be called from a [[wiki:systeme_mana:ztp|Zero Touch Provisioning]] job.
++++How to generate an TTI API key?|
**Prerequisite:** You have to create a TTI account \\
To automatically connect Kerlink Gateways to TTI LNS, you have to delegate some rights to Kerlink thanks to an “API key”. Please follow those steps: \\ \\
Step 1 - Connect to your TTI user account \\
{{:images:1_tti_user_account.jpg?250|}} \\
Step 2 - Go to Personal API keys OR TTI organization API key \\
{{:images:2_personal_api_keys.jpg?300|}} \\
Step 3 - Add a new API key \\
{{:images:3_add_api_key.jpg?900|}} \\
Step 4 - Create the API key with rights limited to GW creation and edition \\
{{:images:4_rights_limited.jpg?450|}} \\
Step 5 - Save API key \\
{{:images:5_save_api_key.jpg?450|}} \\
++++
==== Loriot LNS configuration tool ====
To ease declaration of a gateway on the Loriot LNS, use the ''klk_loriot_config'' tool.
This tool creates the gateway on the server and installs the resulting LNS credentials on the gateway.
To use this tool, you need:
* an API key
* the API server URL
* a network ID
* LoRaWAN region
* Channel plans (1 to 8) comma separated (optional)
''klk_bs_config'' is still required after this to complete the Basic Station configuration.
++++Example:|
# Use Loriot configuration tool in region US902 with 3 channel plans (US915_CH16_23, US915_CH40_47 and US915_CH56_63)
klk_loriot_config -k ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJK-321abcdefgh -u https://eu1.loriot.io/1/nwk -n ABCD1234 -r US902-928 -p 3,6,8
++++
The ''klk_loriot_config'' tool has been designed to be called from a [[wiki:systeme_mana:ztp|Zero Touch Provisioning]] job.
++++How to generate an LORIOT API key?|
**Prerequisite:** LORIOT account \\
[[https://docs.loriot.io/display/NMS/Create+an+API+key|LORIOT - Create an API key]]
++++
==== AWS LNS configuration tool ====
To ease declaration of a gateway on the AWS LNS, use the ''klk_aws_config'' tool.
This tool creates the gateway on the server and installs the resulting LNS credentials on the gateway.
To use this tool, you need:
* an API user ID
* an API key ID
* an API key secret
* the region of the AWS server the gateway will be declared on
* the LoRaWan region of the gateway
* the Frequency Sub Band(s) to use (required for US915 and AU915)
''klk_bs_config'' is still required after this to complete the Basic Station configuration.
++++Example:|
# Use AWS configuration tool
klk_aws_config -u some_user -k ABCDEFGHIJKLMNOPQRST-s ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN-r eu-west-1 -l US915 -f 1 -b
++++
The ''klk_aws_config'' tool has been designed to be called from a [[wiki:systeme_mana:ztp|Zero Touch Provisioning]] job.
++++How to generate an AWS API key?|
**Prerequisite:** You have to create a AWS account \\
To automatically connect Kerlink Gateways to AWS LNS, you have to delegate some rights to Kerlink thanks to an “API key”. Please follow those steps: \\ \\
Step 1 - Connect to your AWS server \\
Step 2 - Go to Console > Services > IAM then hitting the Add users button to create a new AWS user \\
{{:images:1_aws_user_account.png?800|}} \\
Step 3 - Name the user (= user ID) and set the access type to Programmatic Access \\
DO NOT check “AWS Management Console access”
{{:images:2_aws_access_type.png?500|}} \\
Step 4 - DO NOT add user to any group. Also SKIP other steps until creation \\
{{:images:3_aws_no_group.png?500|}} \\
Step 5 - Select the new user \\
{{:images:4_aws_select_user.png?500|}} \\
Step 6 - In Security Credentials section:
* Select Application running outside AWS
* Give a tag value (optional)
* Copy Access Key ID and Secret
\\
{{:images:5_aws_security.png?500|}} \\
Step 7 - Add a new inline policy \\
{{:images:6_aws_inline_policy.png?500|}} \\
Step 8 - Switch to the JSON view and add the following content \\
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iot:DeleteCertificate",
"iot:UpdateCertificate",
"iotwireless:GetWirelessGatewayCertificate",
"iotwireless:GetWirelessGateway",
"iotwireless:UpdateWirelessGateway",
"iotwireless:AssociateWirelessGatewayWithCertificate",
"iotwireless:ListWirelessGateways",
"iotwireless:GetServiceEndpoint",
"iot:CreateKeysAndCertificate",
"iotwireless:CreateWirelessGateway"
],
"Resource": "*"
}
]
}
\\
Step 9 - Review policy \\
This API user now has the minimum rights required
\\
++++
==== Actility LNS configuration tool ====
To ease declaration of a gateway on the Actility LNS, use the ''klk_actility_config'' tool.
This tool creates the gateway on the server and installs the resulting LNS credentials on the gateway.
To use this tool, you need:
* an API Client ID and its secret
* the API server URL
* the actility LoRaWAN region ID ( see https://oss-api.thingpark.com/tpe/7.3/Things-Management/network-manager/documentation-network-manager.html#/rf-regions )
''klk_bs_config'' is still required after this to complete the Basic Station configuration.
++++Example:|
# Use Actility configuration tool in region EU868 on 8 channels
klk_actility_config -i sub-123456789/test -s Abcdef1234567890Ghijklm987654321 -u https://community.thingpark.io -r EU868_8channels.448
++++
The ''klk_actility_config'' tool has been designed to be called from a [[wiki:systeme_mana:ztp|Zero Touch Provisioning]] job.
++++How to generate an ACTILITY API key?|
[[https://community.thingpark.org/index.php/build-your-first-end-to-end-use-case/|ACTILITY- Access ThingPark Community Platform]]
++++
==== Gateway name customization option ====
This option can be used to customize the gateway name displayed on LNS.
Optional parameters:
--naming Set gateway naming strategy
prefix[/scheme]
schemes:
"knet" : prefix-EUI[:-6] (default)
"eui" : prefix-EUI
"serial" : prefix-board serial
"model" : model-EUI[:-6]
++++Examples:|
# Use TTN configuration tool
klk_ttn_config -u https://eu1.cloud.thethings.network -t NNSXS.R6D3ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI.ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIABCDEFGHIJKLMNOPQ -f EU_863_870 --naming ttn-test/eui
{{:images:ttn.png?nolink&1000|}}
# Use Loriot configuration tool
klk_loriot_config -k ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJK-321abcdefgh -u https://eu1.loriot.io/1/nwk -n ABCD1234 -r US902-928 -p 3,6,8 --naming loriot-test/serial
{{:images:loriot.png?nolink&1000|}}
# Use AWS configuration tool
klk_aws_config -u some_user -k ABCDEFGHIJKLMNOPQRST-s ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN-r eu-west-1 -l US915 -f 1 -b --naming aws-test/knet
{{:images:aws.png?nolink&1000|}}
++++