Version: 4.2
MQTT
Description
The MQTT service enables message passing over a Data Diode. It connects to a broker on the source network and copies messages, for the configured topics, to a broker on the destination network. Messages received from the source broker will be sent with the same retain-flag to the destination broker.
Supported versions
The following versions of respective protocols are supported by the MQTT service:
| Protocol | Supported version(s) |
|---|---|
| MQTT | 3.1.1 |
Configuration
In this section, the MQTT service parameters are described in detail. Parameters are divided into sections, MQTT Client Upstream and MQTT Client Downstream, in the same way as they are displayed when configuring the service using the DD Manager.
note
In DD Manager, as well as in the parameter descriptions below, mandatory parameters are indicated by asterisks (*).
MQTT Client Upstream
General parameters
| Parameter | Description | Format |
|---|---|---|
| Topics * | A list of topics for the service to subscribe to. | Array of strings |
| Quality of Service * | The Quality of Service level for all subscriptions set up by the service. | Available options: At Most Once (0), At Least Once (1) and Exactly Once (2) |
Connection parameters
| Parameter | Description | Format |
|---|---|---|
| Address * | Address of the remote host, either an IP address or a hostname. | Internet host name, see RFC 1123, section 2.1 |
| Port * | TCP port that the service use to connect to the remote host. | Integer within range 1 - 65535 |
| Client ID * | A unique ID for the client to connect with. | String |
| Keepalive interval * | The interval between keepalive packets. If interval is 0, sending of keepalives is disabled. | Integer (seconds) |
TLS
| Parameter | Description | Format |
|---|---|---|
| TLS * | A selection of TLS modes is available. If set to TLS With Defaults the service will use built-in default certificates. | Available options: Off, TLS With Defaults, TLS With CA and TLS With Client Certificate |
| CA * | File containing the CA certificate in PEM format. This option is available when TLS With CA is selected, and allows you to upload your own trusted Certificate Authority that the service will use to validate the MQTT broker. | File |
| Client certificate * | File containing the client certificate in PEM format. This option is available when TLS With Client Certificate is selected. | File |
| Client key * | File containing the client key in PEM format. This option is available when TLS With Client Certificate is selected. | File |
Authentication parameters
| Parameter | Description | Format |
|---|---|---|
| Authentication type * | A selection for which type of authentication the service will use with the MQTT broker. | Available options: Anonymous, Password. |
| Username * | Username to be used when authenticating towards the remote server. | String |
| Password * | Password to be used when authenticating towards the remote server. | String |
MQTT Client Downstream
General parameters
| Parameter | Description | Format |
|---|---|---|
| Topic prefix * | A string to add onto the start of topics before publishing them to the destination broker. This parameter is optional. | String |
| Quality of Service * | The Quality of Service level for all messages published by the service. | Available options: At Most Once (0), At Least Once (1) and Exactly Once (2) |
Connection parameters
| Parameter | Description | Format |
|---|---|---|
| Address * | Address of the remote host, either an IP address or a hostname. | Internet host name, see RFC 1123, section 2.1 |
| Port * | TCP port that the service use to connect to the remote host. | Integer within range 1 - 65535 |
| Client ID * | A unique ID for the client to connect with. | String |
| Keepalive interval * | The interval between keepalive packets. If interval is 0, sending of keepalives is disabled. | Integer (seconds) |
TLS
| Parameter | Description | Format |
|---|---|---|
| TLS * | A selection of TLS modes is available. If set to TLS With Defaults the service will use built-in default certificates. | Available options: Off, TLS With Defaults, TLS With CA and TLS With Client Certificate |
| CA * | File containing the CA certificate in PEM format. This option is available when TLS With CA is selected, and allows you to upload your own trusted Certificate Authority that the service will use to validate the MQTT broker. | File |
| Client certificate * | File containing the client certificate in PEM format. This option is available when TLS With Client Certificate is selected. | File |
| Client key * | File containing the client key in PEM format. This option is available when TLS With Client Certificate is selected. | File |
Authentication parameters
| Parameter | Description | Format |
|---|---|---|
| Authentication type * | A selection for which type of authentication the service will use with the MQTT broker. | Available options: Anonymous, Password. |
| Username * | Username to be used when authenticating towards the remote server. | String |
| Password * | Password to be used when authenticating towards the remote server. | String |