Bluetooth mesh networking
Bluetooth Mesh is a computer mesh networking standard based on Bluetooth Low Energy that allows for many-to-many communication over Bluetooth radio. The Bluetooth Mesh specifications were defined in the Mesh Profile and Mesh Model specifications by the Bluetooth Special Interest Group. Bluetooth Mesh was conceived in 2014 and adopted on.
Overview
Bluetooth Mesh is a mesh networking standard that operates on a flood network principle. It's based on the nodes relaying the messages: every relay node that receives a network packet that authenticates against a known network key that is not in message cache, that has a TTL ≥ 2 can be retransmitted with TTL = TTL - 1. Message caching is used to prevent relaying messages recently seen.Communication is carried in the messages that may be up to 384 bytes long, when using Segmentation and Reassembly mechanism, but most of the messages fit in one segment, that is 11 bytes. Each message starts with an opcode, which may be a single byte, 2 bytes, or 3 bytes.
Every message has a source and a destination address, determining which devices process messages. Devices publish messages to destinations which can be single things / groups of things / everything.
Each message has a sequence number that protects the network against replay attacks.
Each message is encrypted and authenticated. Two keys are used to secure messages: network keys – allocated to a single mesh network, application keys – specific for a given application functionality, e.g. turning the light on vs reconfiguring the light.
Messages have a time to live. Each time message is received and retransmitted, TTL is decremented which limits the number of "hops", eliminating endless loops.
Bluetooth Mesh has a layered architecture, with multiple layers as below.
| Layer | Functionality |
| Model Layer | It defines a standard way to exchange application specific messages. For example, a Light Lightness Model defines an interoperable way to control lightness. There are mandatory models, called Foundation Models, defining states and messages needed to manage a mesh network. |
| Access Layer | It defines mechanism to ensure that data is transmitted and received in the right context of a model and its associated application keys. |
| Upper Transport Layer | It defines authenticated encryption of access layer packets using an application. It also defines some control messages to manage Friendship or to notify the behavior of node using Heartbeat messages. |
| Lower Transport Layer | This layer defines a reliable Segmented transmission upper layer packets, when a complete upper layer packet can't be carried in a single network layer packet. It also defines a mechanism to reassemble segments on the receiver. |
| Network Layer | This layer defines how transport packets are addressed over network to one or more nodes. It defines relay functionality for forwarding messages by a relay node to extended the range. It handles the network layer authenticated encryption using network key. |
| Bearer Layer | It defines how the network packets are exchanged between nodes. Mesh Profile Specification defines BLE advert bearer and BLE GATT bearer. Mesh Profile defines Proxy Protocol, through which mesh packets can be exchanged via other bearers like TCP/IP. |
Theoretical limits
The practical limits of Bluetooth Mesh technology are unknown. Some limits that are built into the specification include:| Limit for a network | Value | Remarks |
| Maximum number of nodes | 32 767 | The limit is 32768 addresses and while a node may occupy more than one address, the practical limit is most likely lower. |
| Maximum number of groups | 16 384 Number of virtual groups is 2128. | |
| Maximum number of scenes | 65 535 | |
| Maximum number of subnets | 4 096 | |
| Maximum TTL | 127 |
Mesh models
As of version 1.0 of Bluetooth Mesh specification, the following standard models and model groups have been defined:Foundation models
Foundation models have been defined in the core specification. Two of them are mandatory for all mesh nodes.- Configuration Server
- Configuration Client
- Health Server
- Health Client
Generic models
- Generic OnOff Server, used to represent devices that do not fit any of the model descriptions defined but support the generic properties of On/Off
- Generic Level Server, keeping the state of an element in a 16-bit signed integer
- Generic Default Transition Time Server, used to represent a default transition time for a variety of devices
- Generic Power OnOff Server & Generic Power OnOff Setup Server, used to represent devices that do not fit any of the model descriptions but support the generic properties of On/Off
- Generic Power Level Server & Generic Power Level Setup Server, including a Generic Power Actual state, a Generic Power Last state, a Generic Power Default state and a Generic Power Range state
- Generic Battery Server, representing a set of four values representing the state of a battery
- Generic Location Server & Generic Location Setup Server, representing location information of an element, either global or local
- Generic User/Admin/Manufacturer/Client Property Server, representing any value to be stored by an element
- Generic OnOff Client & Generic Level Client
- Generic Default Transition Time Client
- Generic Power OnOff Client & Generic Power Level Client
- Generic Battery Client
- Generic Location Client
- Generic Property Client
Sensors
- Sensor Server & Sensor Setup Server, representing a sensor device. Sensor device may be configured to return a measured value periodically or on request; measurement period may be configured to be fixed or to change, so that more important value range is being reported faster.
- Sensor Client
Time and scenes
- Time Server & Time Setup Server, allowing for time synchronization in mesh network
- Scene Server & Scene Setup Server, allowing for up to 65535 scenes to be configured and recalled when needed.
- Scheduler Server & Scheduler Setup Server
- Time Client, Scene Client & Scheduler Client
Lighting
- Light Lightness Server & Light Lightness Setup Server, representing a dimmable light source
- Light CTL Server, Light CTL Temperature Server & Light CTL Setup Server, representing a CCT or "tunable white" light source
- Light HSL Server, Light HSL Hue Server, Light HSL Saturation Server & Light HSL Setup Server, representing a light source based on Hue, Saturation, Lightness color representation
- Light xyL Server & Light xyL Setup Server, representing a light source based on modified CIE xyY color space.
- Light LC Server & Light LC Setup Server, representing a light control device, able to control Light Lightness model using an occupancy sensor and ambient light sensor. It may be used for light control scenarios like Auto-On, Auto-Off and/or Daylight Harvesting.
- Light Lightness Client, Light CTL Client, Light HSL Client, Light xyL Client & Light LC Client
Provisioning
In the provisioning process, a provisioner securely distributes a network key and a unique address space for a device. Provisioning protocol uses P256 Elliptic Curve Diffie-Hellman Key Exchange to create a temporary key to encrypt network key and other information. This provides security from a passive eavesdropper.
It also provides various authentication mechanisms to protect network information, from an active eavesdropper who uses man-in-the-middle attack, during provisioning process.
A key unique to a device known as "Device Key" is derived from elliptic curve shared secret on provisioner and device during the provisioning process. This device key is used by the provisioner to encrypt messages for that specific device.
Security of provisioning process has been analyzed in a paper presented during IEEE CNS 2018 conference.
The provisioning can be performed using a Bluetooth GATT connection or advertising using the specific bearer.
Terminology used in the Bluetooth Mesh Model and Mesh Profile specifications
- Destination: The address to which a message is sent.
- Element: An addressable entity within a device.
- Model: Standardized operation of typical user scenarios.
- Node: A provisioned device.
- Provisioner: A node that can add a device to a mesh network.
- Relay: A node able to retransmit messages.
- Source: The address from which a message is sent.
Implementations
Approved ("qualified") by Bluetooth SIG
Free and open-source software implementations
and open source software implementations include the following:- The official Linux Bluetooth protocol stack BlueZ, dual free-licensed under the GPL and the LGPL, supports Mesh Profile, from release version 5.47, by providing meshctl tool to configure mesh devices. BlueZ was approved as a "qualified" software package by Bluetooth SIG in 2005. BlueZ is not considered to be a qualified Bluetooth Mesh stack as Bluetooth Mesh is not listed as a supported profile.
- Apache Mynewt NimBLE, free-licensed under the Apache License 2.0, supports Bluetooth Mesh from release version 1.2.0. It was qualified on with QDID 131934.
- Zephyr OS Mesh, free-licensed under the Apache License 2.0, supports Bluetooth Mesh from release version 1.9.0. Zephyr OS Mesh 1.14.x was qualified on with QDID 139259.