Skip to content

Integration Guide

Overview

This integration guide explains how to bring up and configure the current product revision of the miro EdgeCard mioty. All documentation is in a preliminary state.

Block Schematics

Theory of operation

The mioty BSM is implemented and running on the miro EdgeCard. It exposes a USB CDC ECM device to the host system.

To integrate the card with a host system, the following steps are needed

  • Configure the host system network to send traffic to and from the card using a NAT setup
  • Configure the mioty BSM on the card with necessary keys and service center URL

Integration

Host System Networking

The miro EdgeCard mioty is providing a USB CDC ECM network interface and is configured to use static IP 172.30.1.2/24. Configure host system IP address to be in the same network (e.g., 172.30.1.1).

Setup ip tables to look like this

?> cat /etc/iptables/iptables.rules

*nat
:PREROUTING ACCEPT [64:15947]
:INPUT ACCEPT [47:14726]
:OUTPUT ACCEPT [8:496]
:POSTROUTING ACCEPT [7:420]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT

*filter
:INPUT ACCEPT [1102989:1312630655]
:FORWARD ACCEPT [1634:182445]
:OUTPUT ACCEPT [419031:1280236444]
-A FORWARD -i eth2 -j ACCEPT
COMMIT

Use the following command sequence to set up configuration as mentioned above using the correct interface names

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth2 -j ACCEPT

Enable ip forwarding in kernel

echo 1 > /proc/sys/net/ipv4/ip_forward

Card Configuration

The card's linux system is accessible using SSH. Login as root with no password. On the card, there is a systemd service mioty_bs providing the mioty basestation service on the card. The filesystem on the card is mounted read-only and cannot be modified directly. If you need to modify the file system you can remount it using this command: 

mount -o rw,remount /

To configure the mioty base station you need to provide a xml file mioty_bs_config.xml and some certificates and keys. Configuration and certificates and keys are most likely provided by the mioty service center and needs to be individually configured for each card.

The config file will look like this

mioty_bs_config.xml
<module name="root">
  <module name="bsi">
    <parameter name="uniqueBaseStationId">9c-65-f9-ff-fe-61-07-c7</parameter>
    <parameter name="baseStationName">miro-edge-mioty-hybrid</parameter>
    <parameter name="baseStationInfo"/>
    <parameter name="baseStationVendor">Miromico</parameter>
    <parameter name="baseStationModel">edge-mt-868-lte</parameter>
    <parameter name="serviceCenterAddr">eu3.loriot.io</parameter>
    <parameter name="serviceCenterPort">727</parameter>
    <parameter name="tlsAuthRequired">true</parameter>
  </module>
  <module name="mps">
    <parameter name="profile">eu868</parameter>
  </module>
</module>

Where uniqueBaseStationId is the id of the base station. It needs to be unique and is normally derived from the host system's mac address by inserting ff-fe. E.g. if the host system's mac address is 9c-65-f9-61-07-c7 the gateway id will be 9c-65-f9-ff-fe-61-07-c7.

serviceCenterAddr is the URI or IP address of the service center and serviceCenterPort port is the respective port the service center is listening on.

If tlsAuthRequired is set to true, the connection is authenticated and secured and server certificats and keys have to be valid. If set to false, the connection is not secure.

Note

For productive system it is recommended to use a secure connection.

To establish a secured connection, the following certificates or keys have to be provided:

  • root_ca.cer: TLS CA certificate
  • bstation.cer: TLS certificate
  • bstation.key: TLS key

Important

For the certificates to be accepted, the system time on the card's linux system has to be valid. Set the time using timedatectl set-time command

Permanent Card Configuration

To apply the configuration on the card permanently in the read-only file system, perform the following steps on the card:

  1. Remount the file system as writeable
  2. Copy the configuration file to /root/mioty_bs_config.xml
  3. Copy certificates and keys to /root/mioty_bs/tls_certificates
  4. Make sure time on the card is correct

Dynamic Card Configuration

It's also possible to apply a dynamic or temporary configuration without modifying the read-only part of the filesystem. This allows for dynamic configuration by the end user. To apply a dynamic configuration to the card, perform the following steps:

  1. Copy the configuration file to /tmp/mioty_custom/mioty_bs_config.xml
  2. Copy certificates and keys to /tmp/mioty_custom/tls_certificates
  3. Make sure time on the card is correct
  4. Restart the mioty_bs service: systemctl restart mioty_bs

Note

Dynamic configuration needs to be applied every time the mioty card is restarted.

Note

First engineering samples of the card do not offer dynamic configuaration, use permanent configuration instead.