Kerlink Basic Station Packet Forwarder

Similarly to legacy (GWMP) packet forwarder, the Basic Station Packet Forwarder is a program running on a LoRa gateway. It forwards the LoRa packets emitted by end-devices and received by the gateway to a LoRa Network Server (LNS) and vice-versa, hence its name.

The Kerlink Basic Station Packet Forwarder (BSPF) is based on “lorad” daemon from Common Packet Forwarder.

Once installed and configured, it is able to connect to a “LNS” or a “CUPS” server and handle all associated services (Radio configuration, Forward uplink packets, schedule downlink packets, etc.).

It implements the same protocols and authentication methods than Semtech LoRa Basics™ Station reference implementation.

The Semtech LoRa Basics™ Station is a nice reference implementation. But, as the original packet forwarder, it has the same drawbacks: It's a monolithic approach, designed to be hardly linked to the gateway radio architecture and to be used on one Network Server.

In other words, Kerlink Basic Station Packet Forwarder is the same package for all Kerlink iSeries gateways and can be configured while another previously-configured LNS is still functional.

Main features of reference implementation are implemented in Kerlink Basic Station Packet Forwarder, including:

• CUPS and LNS protocols support
• TLS and Token-based Authentication
• Support for Class A and C on all gateways
• Support for main radio regions: EU868, US915, AS923, AU915 and IN865

The features not supported are listed below:

• timesync message: A ntpd daemon is embedded in all kerlink gateways and is much more precise than this time synchronization.
• Remote shell / remote command

The additional features:

• Packet buffering: Kerlink Basic Station Forwarder embeds a database to store uplink packets in case of LNS/Network disconnections.
• Multiple LNS connection: Kerlink Basic Station Forwarder can be used in same time than legacy (GWMP) forwarder allowing multiple LNS connections (see multiforwarder for further details)

1. Download last version of Kerlink Basic Station Packet Forwarder from the Basic Station resources page.
2. Install the basicstation_X.Y.Z_klkgw.ipk file using the instructions of the software updates page.

The installation of the “basicstation” package adds the following content on the file system:

Content

/
├── etc
│   ├── default
│   │   └── station
│   ├── init.d
│   │   └── station
│   ├── logrotate.d
│   │   └── station
│   ├── monit.d
│   │   └── station
│   ├── profile.d
│   │   └── station
│   ├── rcK.d
│   │   └── K52station -> ../init.d/station
│   ├── rcU.d
│   │   └── S51station -> ../init.d/station
│   ├── rsyslog.d
│   │   └── station
│   └── sysupgrade.d
│       └── basic_station.conf
└── user
    └── basic_station
        ├── bin
        │   ├── klk_bs_config
        │   ├── klk_loriot_config
        │   ├── klk_ttn_config
        │   └── station
        ├── etc
        │   └── station.conf.example
        └── lib
            └── python3.10
                └── site-packages
                    ├── basicstation
                    │   └── [...]
                    └── basicstation-X.Y.Z-py3.10.egg-info
                        └── [...]

Once installed, Kerlink Basic Station Packet Forwarder is disabled by default. It should first be configured for the wanted server (CUPS and/or LNS).

As explained by Semtech documentation, the procedure to connect to server may differ depending on authentication mode used by server.

1. URI of LNS server should be written in /user/basic_station/etc/tc.uri config file.
2. Activate basicstation forwarder.

A tool named klk_bs_config is used to handle these steps.

Example:

klk_bs_config --enable --lns-uri "ws://lns.local:3001"

Additionally to previous mode, a *.trust file should be provided to check server authenticity. (excepting for “Publicly known”/“Globally signed” certificates like “let's encrypt”, AWS, etc…)

Examples:

cp ca_cert /user/basic_station/etc/tc.trust
klk_bs_config --enable --lns-uri "wss://lns.local:3001"

cp ca_cert /user/basic_station/etc/cups.trust
klk_bs_config --enable --cups-uri "https://cups.local"

Additionally to previous mode, *.key and *.crt files should be provided to authenticate client (gateway) on server.

Example with an AWS CUPS server:

klk_bs_config --disable
rm -f /user/basic_station/etc/*.key /user/basic_station/etc/*.trust /user/basic_station/etc/*.crt
# Then, follow procedure depending on your LNS type

Since version 2.5.0, the backhaul LEDs (Wirnet iFemtocell/iZeptocell) indicate the status of the LNS connection :

• a green LED indicates that connection to the LNS has been established
• a red LED indicates that connection has been either lost or not yet established

For LNS which doesn't embed AS923-1 with LBT, it needs to be activated manually by using following commands:

# Disable current config
klk_bs_config --disable
 
# Use "Japan" lorad configuration explicitly and prevent from reconfiguration from LNS 
klk_bs_config --enable --loradconf AS923-1-JP.json --ignore-reconf

By default, Kerlink Basic Station Packet Forwarder doesn't need any configuration files excepting those described above.

However, for advanced configuration, default settings can be modified by creating a configuration file named /user/basic_station/etc/station.conf.

It allows to:

• Change log level (for whole application or component by component)
• Set router EUI
• Change CUPS request interval
• Activate packet buffering (database)
• Activate or disable websockets ping functionality (and set the ping interval)

An example of this configuration file is provided in /user/basic_station/etc/station.conf.example.

Default Router EUI is the gateway EUI64 (printed on box and available in /tmp/board_info.json).

However, it can be overridden by setting it in this configuration file:

1. Copy /user/basic_station/etc/station.conf.example to /user/basic_station/etc/station.conf
2. Edit /user/basic_station/etc/station.conf and locate [router] section
3. In this section, enter the line id = <WANTED_EUI>
4. Save file
5. Restart application /etc/init.d/station restart

Packet buffering allows to store uplink packets not transmitted to the LNS server when the link between gateway and server is broken.

The application will then retry periodically to re-connect to the LNS Server and as soon as the connection is back, all stored packets will be pushed in FIFO mode (First In, First Out) to respect packets chronology.

In order to activate it:

1. Copy /user/basic_station/etc/station.conf.example to /user/basic_station/etc/station.conf
2. Edit /user/basic_station/etc/station.conf and locate the [database] section
3. Un-comment enable = True line
4. Save file
5. Restart application /etc/init.d/station restart

In the case the LNS does not provide any NetID filter in the router_config message, it is possible to set local filters in order to only forward LoRa uplinks provided by a subset of devices.

To configure this feature, use the '-f' option of the klk_bs_config tool, and provide inclusive and/or exclusive filters to indicate the sets of DevAddr to be kept and/or rejected.

( see https://wikikerlink.fr/wirnet-productline/doku.php?id=wiki:lora:advanced_features#lorawan_frame_filtering for more details about filters values )

Example:

klk_bs_config -e -f "24abcdef/7" -f "!24abcdef/12"

To ease declaration of a gateway on the TTN (thethings.network), TTI (thethings.industries) or TTS (The Things Stack Enterprise / Open Source) LNS, use the klk_ttn_config tool.
This tool adds the gateway on the server and creates its associated CUPS and LNS keys.

To use this tool, you need:

• an API token
• the API server URL
• the chose frequency plan

Example:

# Use TTN configuration tool for TTN LNS
klk_ttn_config -u https://eu1.cloud.thethings.network -t NNSXS.R6D3ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI.ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIABCDEFGHIJKLMNOPQ -f EU_863_870
 
# Use TTN configuration tool for TTI LNS where tenant is your Tenant ID
klk_ttn_config -u https://tenant.eu1.cloud.thethings.industries -t NNSXS.R6D3ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI.ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIABCDEFGHIJKLMNOPQ -f EU_863_870

How to generate an TTI API key?

To ease declaration of a gateway on the Loriot LNS, use the klk_loriot_config tool. This tool creates the gateway on the server and installs the resulting LNS credentials on the gateway.

To use this tool, you need:

• an API key
• the API server URL
• a network ID
• LoRaWAN region
  • region list:
    • AU915-928
    • AS923
    • CN470-510
    • CN779-787
    • EU433
    • EU863-870
    • IN865-867
    • KR920-923
    • RU864-870
    • US902-928
• Channel plans (1 to 8) comma separated (optional)

Example:

# Use Loriot configuration tool in region US902 with 3 channel plans (US915_CH16_23, US915_CH40_47 and US915_CH56_63)
klk_loriot_config -k ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJK-321abcdefgh -u https://eu1.loriot.io/1/nwk -n ABCD1234 -r US902-928 -p 3,6,8

How to generate an LORIOT API key?

To ease declaration of a gateway on the AWS LNS, use the klk_aws_config tool.
This tool creates the gateway on the server and installs the resulting LNS credentials on the gateway.

To use this tool, you need:

• an API user ID
• an API key ID
• an API key secret
• the region of the AWS server the gateway will be declared on
• the LoRaWan region of the gateway
• the Frequency Sub Band(s) to use (required for US915 and AU915)

Example:

# Use AWS configuration tool
klk_aws_config -u some_user -k ABCDEFGHIJKLMNOPQRST-s ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN-r eu-west-1 -l US915 -f 1 -b

How to generate an AWS API key?

Prerequisite: You have to create a AWS account

To automatically connect Kerlink Gateways to AWS LNS, you have to delegate some rights to Kerlink thanks to an “API key”. Please follow those steps:

Step 1 - Connect to your AWS server

Step 2 - Go to Console > Services > IAM then hitting the Add users button to create a new AWS user

  Step 3 - Name the user (= user ID) and set the access type to Programmatic Access

DO NOT check “AWS Management Console access”

Step 4 - DO NOT add user to any group. Also SKIP other steps until creation

  Step 5 - Select the new user

Step 6 - In Security Credentials section:

• Select Application running outside AWS
• Give a tag value (optional)
• Copy Access Key ID and Secret

  Step 7 - Add a new inline policy

Step 8 - Switch to the JSON view and add the following content

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iotwireless:GetWirelessGatewayCertificate",
                "iotwireless:GetWirelessGateway",
                "iotwireless:DeleteWirelessGateway",
                "iotwireless:UpdateWirelessGateway",
                "iotwireless:AssociateWirelessGatewayWithCertificate",
                "iotwireless:GetServiceEndpoint",
                "iotwireless:CreateWirelessGateway",
                "iotwireless:TagResource",
                "iot:CreateKeysAndCertificate",
                "iot:UpdateCertificate",
                "iot:DescribeThing",
                "iot:DeleteCertificate"
            ],
            "Resource": "*"
        }
    ]
}

  Step 9 - Review policy
This API user now has the minimum rights required

To ease declaration of a gateway on the Actility LNS, use the klk_actility_config tool. This tool creates the gateway on the server and installs the resulting LNS credentials on the gateway.

To use this tool, you need:

• an API Client ID and its secret
• the API server URL
• the actility LoRaWAN region ID ( see https://oss-api.thingpark.com/tpe/7.3/Things-Management/network-manager/documentation-network-manager.html#/rf-regions )

Example:

# Use Actility configuration tool in region EU868 on 8 channels
klk_actility_config -i sub-123456789/test -s Abcdef1234567890Ghijklm987654321 -u https://community.thingpark.io -r EU868_8channels.448

How to generate an ACTILITY API key?

This option can be used to customize the gateway name displayed on LNS.

Optional parameters:
--naming         Set gateway naming strategy
                 prefix[/scheme]
                   schemes:
                     "knet"   : prefix-EUI[:-6] (default)
                     "eui"    : prefix-EUI
                     "serial" : prefix-board serial
                     "model"  : model-EUI[:-6]

Examples:

# Use TTN configuration tool
klk_ttn_config -u https://eu1.cloud.thethings.network -t NNSXS.R6D3ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI.ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIABCDEFGHIJKLMNOPQ -f EU_863_870 --naming ttn-test/eui

# Use Loriot configuration tool
klk_loriot_config -k ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJK-321abcdefgh -u https://eu1.loriot.io/1/nwk -n ABCD1234 -r US902-928 -p 3,6,8 --naming loriot-test/serial

# Use AWS configuration tool
klk_aws_config -u some_user -k ABCDEFGHIJKLMNOPQRST-s ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMN-r eu-west-1 -l US915 -f 1 -b --naming aws-test/knet