Loading...

Connecting to Azure IoT Hub using IPv6 devices

Connecting to Azure IoT Hub using IPv6 devices

Introduction

 

This article introduces an approach to connect IPv6 devices to Azure IoT Hub.

 

Azure IoT Hub

Azure IoT Hub is a crucial component in the Internet of Things (IoT) ecosystem, designed to facilitate seamless communication between IoT devices and the cloud. It plays an indispensable role in connecting, monitoring, and managing large networks of IoT devices, making it a cornerstone for businesses across various industries. Azure IoT Hub not only ensures secure and reliable device-to-cloud and cloud-to-device communication but also provides features like device provisioning, scalability, and integration with Azure services, making it a fundamental tool for harnessing the power of IoT. For more details, please follow – Azure - IoT Hub documentation

 

Emergence of IPv6 IoT Devices

With the rapid proliferation of IoT devices, the need for a larger address space and improved network capabilities has led to the emergence of IPv6-enabled IoT devices. IPv6 provides a vastly expanded address pool, which is essential for accommodating the growing number of devices in IoT ecosystems. As IoT continues to evolve and diversify, the adoption of IPv6 for IoT device connectivity is becoming increasingly prevalent, ensuring that devices can connect and communicate efficiently and securely in a connected world.

 

Challenges

At this moment, some of the Azure services including Azure IoT Hub does not natively support IPv6 device connectivity or communication. However, this can be achieved by deploying an IPv6-to-IPv4 gateway that can bridge the gap between IPv6-enabled devices and Azure IoT Hub, facilitating communication and data exchange.

In the architectural flow mentioned below, our Nginx act as a proxy stream server which translates the IPv6 address to IPv4 address.

 

Architectural overview

vidya_0-1699992105565.png

Please note: The entire communication from device to IoT Hub happens over port 8883.

As shown in the above diagram, this setup involves below major Azure services:

  1. Public Azure load balancer with IPv6 frontend IP.
  2. Dual stack (IPv4 & IPv6 enabled) virtual machines as a load balancer’s backend.
  3. Nginx running as a streaming server on the virtual machines.
  4. IoT Hub enabled with private endpoints.
  5. Azure storage account enabled with private endpoints.

 

Resource deployment and configuration

 

Dual stack NIC

 

az network nic create \ --resource-group <resource_group> \ --name <nic_name> \ --vnet-name <vnet_name> \ --subnet <subnet_name> \ --private-ip-address-version IPv4 az network nic ip-config create \ --resource-group <resource_group> \ --name <config_name> \ --nic-name <nic_name> \ --vnet-name <vnet_name> \ --subnet <subnet_name> \ --private-ip-address-version IPv6

 

Dual stack network virtual machine

 

az vm create --name <vm_name> \ --resource-group <resource_group > \ --admin-username '<username>' \ --admin-password '<password>' \ --nics <nic_name> \ --image Ubuntu2204

 

Standard SKU public IPv6 IP

 

az network public-ip create \ --name <public_ip_name> \ --resource-group <resource_group> \ --allocation-method Static \ --sku Standard \ --version IPv6

 

Public Azure load balancer

 

az network lb create \ --resource-group <resource_group> \ --name <lb_name> \ --sku Standard \ --frontend-ip-name <fip_name> \ --public-ip-address <public_ip_name> az network lb address-pool create \ --resource-group <resource_group> \ --lb-name <lb_name> \ --name <backend_pool_name> az network nic ip-config address-pool add \ --resource-group <resource_group> \ --nic-name <nic_name> \ --ip-config-name <config_name> \ --lb-name <lb_name> \ --address-pool <backend_pool_name> az network lb probe create \ --resource-group <resource_group> \ --lb-name <lb_name> \ --name <hp_name> \ --protocol Tcp --port 8883 az network lb rule create \ --resource-group <resource_group> \ --lb-name <lb_name> \ --name <rule_name> \ --protocol Tcp \ --frontend-port 8883 \ --backend-port 8883 \ --frontend-ip-name <fip_name> \ --backend-pool-name <backend_pool_name> \ --probe-name <hp_name>

 

For more details, please followAzure - Deploy an IPv6 dual stack application

 

Setting up Nginx stream server

 

Installing Nginx

 

Please note: We have used the Ubuntu, commands may be vary depending upon the OS flavour.

 

$ sudo apt update $ sudo apt install nginx $ systemctl status nginx

 

 

Configuring Nginx

 

Edit Nginx configuration:

 

$ vi /etc/nginx/nginx.conf

 

Paste the following block:

 

stream { log_format detailed '$time_iso8601 $remote_addr [$proxy_protocol_addr] [$server_addr:$server_port] $protocol $status $bytes_sent $bytes_received $session_time'; access_log /var/log/nginx/access.log detailed; server { listen [::]:8883; proxy_pass <IoT_Hub_Host_Name>:8883; } }

 

Test the Nginx configuration:

 

$ nginx –t

 

Nginx reload for the latest configuration:

 

$ nginx –s reload

 

Verify the listening ports:

 

$ netstat –tulpn | grep 8883

 

 

NSG configuration

 

Since the communication happens via Azure load balancer which is a layer 4 load balancer, the traffic initiated by IPv6 devices is forwarded as it is to VM by load balancer keeping the session intact.

Hence, we have to allow the traffic for devices on the NSG level. For more details, please follow – Azure - Create, change, or delete a network security group

 

Sample NSG rule

NSG rule parameter

NSG rule value

Source

IP Addresses

Source IP addresses/CIDR ranges

Device IPv6 Address

Source port range

*

Destination

IP Addresses

Destination IP addresses/CIDR ranges

Nginx VM IPv6 Address

Service

Custom

Destination port ranges

8883

Protocol

TCP

Action

Allow

 

Route device messages to Azure storage

 

You can also leverage message routing feature of IoT Hub to route the messages to Azure storage account. Follow the document for the same – Azure - IoT Hub message routing

 

Validating entire setup

 

  1. Setup an Azure virtual machine with Public IPv6 address.
  2. Map the custom host entry for IoT Hub hostname:
    • edit /etc/hosts
    • add custom entry as mentioned below:<lb_ipv6_fip> <iot_hub_hostname>
  3. Download the IoT Hub required certificates from – Azure Samples – IoT MQTT Sample - IoTHubRootCA
  4. Convert pem to crt file by using below command:$ openssl x509 -outform der -in IoTHubRootCA.crt.pem -out IoTHubRootCA.crt
  5. Trust the certificate:$ cp IoTHubRootCA.crt /usr/local/share/ca-certificates/ $ sudo update-ca-certificates
  6. Follow the guide to generate messages using sample code - Using MQTT to connect an IoT Hub with Python
  7. Install paho-mqtt client:$ pip install paho-mqtt
  8. Get the sample code from the same repo – Sample code
  9. Generate SAS token for your device by using following command:$ az iot hub generate-sas-token -d <device_id> -n <hub_name>
  10. Modify the sample code by adding below details:
    • IoT Hub name
    • Device ID
    • SAS token
  11. Run the code i.e. python file.
  12. Observe the traffic in following ways:$ tail –f /var/log/nginx/access.log $ tcpdump port 8883 Azure > IoT Hub > Metrics > Select metric as telemetry message sentvidya_0-1699993984895.png

Published on:

Learn more
Azure Networking Blog articles
Azure Networking Blog articles

Azure Networking Blog articles

Share post:

Related posts

Integrate Dataverse Azure solutions – Part 2

Dataverse that help streamline your integrations, such as Microsoft Azure Service Bus, Microsoft Azure Event Hubs, and Microsoft Azure Logic A...

2 days ago

Dynamics 365 CE Solution Import Failed in Azure DevOps Pipelines

Got the below error while importing Dynamics CRM Solution via Azure DevOps Pipeline. 2024-12-18T23:14:20.4630775Z ]2024-12-18T23:14:20.74...

3 days ago

Dedicated SQL Pool and Serverless SQL in Azure: Comparison and Use Cases

Table of Contents Introduction Azure Synapse Analytics provides two powerful SQL-based options for data processing: Dedicated SQL Pools and Se...

3 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy