Mikko Savolainen, Henrik Snellman, Hannu Mallat, Jori Rintahaka, Paul Benford
Bluetooth mesh networking is a new topology available for Bluetooth LE devices that enables many-to-many communications. It is optimized for creating large scale device networks, and is ideally suited for connected lighting, building automation, indoor positioning, and asset tracking solutions.
Bluetooth BR/EDR technology was originally developed to fulfill the need for a short-range wireless point-to-point connectivity between mobile phones, tablets, PCs and accessories like Bluetooth headsets, keyboards and mice. Since its introduction this technology has been constantly improved and enhanced, but it has also become the de facto wireless technology for voice and audio streaming and use cases like wireless speakers, wireless headphones and in-car infotainment.
The Bluetooth BR/EDR technology was however not optimized for low power applications and use cases like sports and fitness sensors, wearable devices and low-power PC accessories. To address these markets Bluetooth SIG developed Bluetooth low energy technology, which enables short burst wireless connections and data broadcast. Since the introduction Bluetooth LE was quickly adopted by smart phones and tablets and it enabled new markets and applications like wearable devices, sports and fitness sensors and beacon applications.
Bluetooth LE technology is still based on point-to-point, star, or broadcast based network topologies, but Bluetooth mesh will change that as it allows Bluetooth devices to be used is a true mesh networking topology. This paradigm change for Bluetooth will fundamentally open up a ton of new use cases for Bluetooth developers, and that means great innovation happening in the industry. Bluetooth mesh allows us to move away from the typical personal area network which Bluetooth is known for and extend both the range and number of devices a Bluetooth network can have. A smart home is a great example and use case for Bluetooth mesh as a smart home can easily have 30-50 devices in it and they are not necessarily in the direct range of each other. With Bluetooth mesh you can network all these lights into a single Bluetooth network and have entire home coverage for your Bluetooth network. The really exciting thing about Bluetooth mesh is that Bluetooth mesh nodes can still support the existing Bluetooth LE topologies and use cases like point-to-point connectivity and Bluetooth beaconing, which allows smart phones to be connected to the Bluetooth mesh networks to control and monitor the Bluetooth mesh nodes as well some other really exciting uses cases like indoor positioning and asset tracking, just to name a few.
The Bluetooth SIG released the 1.0 version of the Bluetooth mesh specification that is available to everyone to start developing with. This white paper discusses the key features and capabilities of Bluetooth mesh technology and what new existing use cases it enables for Bluetooth developers.
For Continuous Streaming
Bluetooth Low Energy
For Bursts of Data
|Audio and Voice Streaming||Device to Device Data Transfer||Beacons and Advertising||Mesh Device Networks|
Figure 1: Bluetooth technology flavors and uses cases
This chapter contains a brief introduction to the Bluetooth mesh standard and introduces the layers of the Bluetooth mesh stack and the most important features and functionality of each layer. However the application layer as well Bluetooth mesh security are described separately later in this white paper as they deserve their own sections.
The figure below illustrates the architecture of both Bluetooth LE and Mesh technologies as well the supported network topologies. As it is obvious from the figure Bluetooth LE and Bluetooth mesh share the same RF and link layer but at the upper protocol stack layers differ significantly.
Figure 2: Bluetooth LE + mesh architecture
Bluetooth mesh uses the Bluetooth 4.0 1M LE GFSK PHY and link layer to communicate meaning Bluetooth mesh can be implemented on top of any Bluetooth 4.0 low energy compliant radio by adding the necessary software layers on top of it. Currently Bluetooth mesh does not make use of the Bluetooth 5 features such as the LE Coded PHY or advertisement enhancements, but this may change in the future versions of the Bluetooth mesh specification.
Bluetooth mesh can be used over one or two bearers: advertising bearer and GATT bearer. In a typical Bluetooth mesh network the nodes use the advertising bearer to communicate with each other. The advertising bearer simply uses the Bluetooth LE non-connectable advertisement messages to broadcast messages to all the nodes within the range. The advertising bearer can contain up to 27 octets of payload and uses its own advertisement data type. The GATT bearer on the other hand is used to send and receive Bluetooth mesh messages over point-to-point connections using Bluetooth LE GATT based services. The purpose of the GATT bearer is to enable non-native mesh devices like smart phones and tablets to communicate and participate in Bluetooth mesh communications. Bluetooth mesh 1.0 defines two GATT services that Bluetooth mesh devices can use:
A Bluetooth mesh network can consist of different types of nodes and not all nodes need to be equal. As discussed earlier some nodes relay message, while others do not, and some nodes can be battery operated low power nodes. This section provides a short overview of the different features Bluetooth mesh nodes can implement. First of all, all Bluetooth mesh nodes can receive and send messages and all Bluetooth mesh nodes must implement the Bluetooth mesh security and the essential mesh models needed for configuration. However outside these features rest of the node functionality is optional.
Figure 3: A Bluetooth mesh network
Nodes with relay feature are capable of relaying messages from other nodes and they are essential in increasing the scale and range of a Bluetooth mesh network.
Proxy node is capable of acting as a proxy between the Bluetooth mesh nodes and network and a device that only implements the GATT bearer, such as smart phones today. This means proxy nodes must implement both Bluetooth LE and Bluetooth mesh stacks, and are the only nodes in the mesh network that must do this.
Nodes with low power feature can spend most of their life time in a low power sleep mode and only need to wake up and participate in the Bluetooth mesh network communications once every four (4) days meaning their duty cycle can be almost zero. Node with low power feature however need a node with a friend feature, which cache any messages targeted to the low power nodes while they are sleeping. When low power nodes are provisioned to the mesh network they search for a nearby friend, agree a communication interval with the friend when they will poll for messages, and after that they can go to sleep.
Nodes with friend feature must implement an additional message cache they use to cache messages for the nodes with low power feature and store them until low power nodes wake up and fetch the messages. Nodes with friend feature can also acknowledge messages on behalf of low power nodes, while they are sleeping. Nodes with friend features also advertise their capabilities using special beacons, so low power nodes can select the most optimal friends to associate with. The table below summarizes the Bluetooth mesh node features, but it is possible to combine features, so a node can have multiple features like Relay, Proxy and Friend features.
|Battery operated||Typically no||Typically no
The Bluetooth mesh network layer is responsible for the basic network message transfer, node and group and broadcast addressing, as well as network level security.
The second responsibility of the network layer is addressing. Bluetooth mesh uses multiple address types which are explained in the table below. The addressing scheme is different from the Bluetooth device addresses used for Bluetooth LE communications.
Every Bluetooth mesh node is assigned with a unicast address for each of its elements during the provisioning process, which is discussed later in this white paper. The group and virtual addresses are on the other hand assigned during the configuration of Bluetooth mesh nodes and networks which also is discussed later.
|Address Format||Address Type||Explanation||Number of Addresses|
|0000000000000000||Unassigned||Mesh node has not been assigned an address||Single|
|0xxxxxxxxxxxxxxx||Unicast||Address of a single mesh node in a network||32767|
|10xxxxxxxxxxxxxx||Virtual||Virtual address of a single mesh node or a group||16384|
|11xxxxxxxxxxxxxx||Group||A group address of multiple mesh nodes||16384|
|1111111111111111||All nodes||Message will be broadcasted to all nodes||Single|
The figure below illustrates the different types of Bluetooth mesh messages from unicast, to multicast (or group) and broadcast messaging. Yellow color is used to indicate the nodes the message is targeted to.
Figure 4: Bluetooth mesh message types
The format of the Bluetooth mesh 1.0 network PDU is described below.
|1 bit||7 bits||1 bit||7 bits||24 bits||16 bits||16 bits||1 to 16 octets||32 or 64 bits|
|IVI||Least significant bit of IV index||Allows nodes to determine the correct IV Index to use when an IV Index Update is in progress|
|NID||Network Identifier||Identifies which mesh network this message belongs to|
|CTL||Control||Defines if the message contains a control or access data|
|TTL||Tile to Live||Defines how many times this message should be relayed|
|SEQ||Sequence Number||A unique number for each message|
|SRC||Source Address||Identifies the source of a message|
|DST||Destination Address||Identifies the destination of a message|
|PDU||Transport PDU||1 to 16 octets of payload|
|Net MIC||Network Message Integrity Check||32-bit or 64-bit MIC that authenticates the message|
The third responsibility of the network layer is relaying the mesh messages between the nodes in a network. Now, there are multiple ways how wireless mesh networks relay messages varying from IP based routing algorithms to simple flooding techniques. What Bluetooth mesh standard adopted as the message relaying algorithm is something called managed flooding technique.
There are multiple benefits using a flooding message relay in a wireless mesh network: it is simple to implement in a resource constrained device; it recovers from power outages fast as the routing tables do not need to re-built and flooding mesh can also be very reliable as it inherently provides a multipath message delivery not dependent on single routes or nodes. Finally it can also easily react to dynamic situations as the nodes do not need to maintain and update routing tables.
However, flooding mesh of course has drawbacks as well, and multiple issues can occur in a flooding mesh network. The typical issues in a flooding mesh network are message looping i.e. messages being relayed in the network forever, scalability and performance issues if the network spends most of its time relaying duplicate and finally power consumption that is needed to operate the relays.
Now to address the concerns mentioned above Bluetooth mesh uses managed flooding to relay messages and it is basically a hybrid implementation between a fully flooding and a routing network. The following mechanisms are implemented by the Bluetooth mesh standard to address the issues of pure flooding mesh networks.
Every Bluetooth mesh message carries a time-to-live (TTL) counter, which defines how many times the message can be relayed before it expires. TTL is decremented by one upon reception and the message is relayed if its TTL is still nonzero. The TTL counter is used to prevent the Bluetooth mesh messages from living forever in the network and improve the network performance. Messages can also be sent with TTL value 0, which means they are not relayed at all but effectively only live over a single hop.
All Bluetooth mesh nodes implement a message cache, which is used to store the recently seen or relayed messages. Now if a node with relay feature receives a message with large enough TTL it will check if this message has already been seen or relayed and in case it is, the message is dropped again to improve the network performance and reduce traffic.
Relaying feature is optional
Bluetooth mesh nodes can implement multiple features, but many of these features are optional, relaying being one of them. This means not every node in a Bluetooth mesh network needs to be a relay, but especially in very large Bluetooth mesh networks relaying can be disabled on most of the nodes. This of course has two benefits: first of all it reduces the network traffic and improves the performance and scalability of large Bluetooth mesh networks and it also reduces the power consumption on the non-relaying nodes as they do not need to retransmit the network messages. The next figure shows on example of a Bluetooth mesh network and how a message could travel from a source (S) through relays (R) to a destination node (D).
Figure 5: Bluetooth mesh relaying
Low power feature
Some of the Bluetooth mesh nodes can also implement a low-power feature enabling them to spend most of their life time in a low power sleep mode and keep the radio turned off. These devices typically are battery power devices like light switches or battery powered sensors. The low power nodes do not relay messages at all, but they only transmit messages when necessary and receive messages upon previously configured intervals. Low power nodes require a friend node to cache messages for them when they are sleeping and this is discussed in more details later.
As the mesh advertisement bearer is inherently unreliable and messages can be lost for example due to RF interference, the Bluetooth mesh network layer implements a network level retransmit feature. The network transmit count only affects messages originating from a node; there is a separate configuration option for relayed messages. The messages are sent using the same sequence number, so at the receiving end the duplicates are dropped because of the message cache.
The transmit count is configurable between 1 and 8 transmissions per network PDU. The network transmit interval defines the delay between the consecutive network PDU transmissions in steps on 10 milliseconds. In addition the Bluetooth mesh specification requires that every network transmit interval is perturbed by a random 0 to 10 millisecond delay, so the minimum transmit interval is in the range of 10-20ms.
Figure 6: Network level re-transmit
Relay Retransmit Count and Retransmit Interval
The network level relay retransmit allows the Bluetooth mesh nodes with relay feature relay the messages they receive multiple times instead of just sending them once. The retransmit count is configurable in a mesh node from 0 to 7 retransmissions. The interval parameter is defined the same way as in the network transmit case.
|Packet loss (%)||1||2||4||5|
|Transmit delay (ms)||1||2||3||4||5|
Note: The packet RX, processing and TX overhead is not take into account in the above calculations and the calculations assume an average 5ms random delay.
The network layer also implements the mandatory network level security, which is discussed more in the dedicated security chapter.
Due to the limited 31 byte payload of Bluetooth advertisement packets, Bluetooth mesh packets have a relatively small payload and a single network level PDU can only contain up to 16 octets of network layer payload. However some applications do require larger messages to be sent and therefore the Bluetooth mesh protocol implements a transport layer. The main task of the transport layer is the segmentation and re-assembly of larger application layer messages into multiple PDUs as well the acknowledgement and re-transmission of any lost messages. Any messages that fit into a single lower transport layer PDU are called un-segmented messages and they are sent from source to destination as a single message. These messages are sent using a best effort mechanism and no acknowledgement is provided to the source if the message has reached its destination or not. Note that it is also possible to “force segmentation” even for single-segment messages if an acknowledgement is required.
Figure 7: Un-segmented message
Any application message that does not fit into a single PDU must be fragmented and sent over in multiple PDUs and also re-assembled at the receiving end. These are called segmented messages and they can be up to 380 octets long. Segmented messages are acknowledged by the destination, so that the sender can re-transmit any lost segments and guarantee the message delivery. Bluetooth mesh uses a block acknowledgement scheme to acknowledge the segments which have been received, and only the un-acknowledged segments are re-transmitted.
Figure 8: Segmented message
When using segmented messages the transport layer has a re-transmit timeout after which any non-acknowledged Bluetooth mesh messages will be resent as they are considered lost. The formula to calculate the re-transmit timeout is:
TTL x 50ms + 200ms
For example when using TTL value of 5, the re-transmit timeout would be: 5 x 50ms + 200ms = 450ms.
The upper transport layer has few main uses in Bluetooth mesh:First of all the upper transport layer is responsible for the second level of security at Bluetooth mesh, which is the application level authentication and encryption.The upper transport layer is also responsible of control messaging which is used to establish and manage friendship between low power and friend nodes and manage network health and topology with heartbeat messages.
Access layer finally defines the format of the Bluetooth mesh application layer (Mesh Model) messages. The access layer messages contain the mesh model id, which is either 16-bits for Bluetooth SIG standardized models and 32-bits for vendor specific models. It also tells whether the message is a client or server message and also contains the opcodes of the message.
The mesh models at the access layer can use unreliable messages that do do not provide a response or reliable messages, which are always provided a response. When reliable messaging is used the messages must be idempotent meaning that the same message can be received multiple times without changing the result beyond the initial application.
This section gives a short overview of Bluetooth mesh security and most important security features in the Bluetooth mesh standard.
The use of security is mandatory with Bluetooth mesh and it cannot be disabled to prevent the use of unsecure network in real life applications. Every device added to the network must be given security keys for all network, application and device management operations and every packet sent in a Bluetooth mesh network must be authenticated, encrypted and obfuscated.
Bluetooth mesh uses a dual layer security model where two fully independent security levels are used first at the network level and then at the application level. The network level security is used to authenticate and encrypt all communications within a Bluetooth mesh network and all nodes participating that network.
The application layer security is on the other hand used to authenticate and encrypt all application level communications and there can be multiple applications used within a single Bluetooth mesh network. The benefit of this is for example that a Bluetooth mesh network can have a lighting application and a separate beaconing application and because they use a separate security domains the application controlling the lighting cannot control the beacons and vice versa.
The security setup and configuration starts with the provisioning process where a un-provisioned device is provisioned into a Bluetooth mesh network.
Authentication and establishing a secure session
The authentication of devices can be done multiple ways:
Once authentication is done both parties generate a session key from the shared ECDH secret and the authentication data and it’s used to protect the rest of the provisioning process.
Over the secure session the provisioner provides the device with a 128-bit AES key for the network the device is added to. The provisioner may later give additional keys to the device. The network key is actually never directly used, but the network level encryption and other security keys are derived from the network key using an AES-CMAC hash.At the network layer the PDU contains one byte in plain text format identifying to which network the message belongs to and which key should be used, but rest of the PDU is either obfuscated using AES-ECB or encrypted using AES-CCM as shown in the figure below.
Figure 9: Bluetooth mesh network PDU
Obfuscating the headers makes it harder to perform passive eavesdropping to understand the Bluetooth mesh network structure and messages being transmitted. Message integrity is protected with the 32- or 64-bit network MIC at the end of the PDU. Replay attack protection on the other hand is provided using a changing sequence number (SEQ) which the nodes keep track of and use to drop replayed messages.
The transport (or application) layer provides the second layer of security in Bluetooth mesh. A 128-bit AES key, derived from the application key, is used at the upper transport layer to authenticate and encrypt the access leyer PDUs as shown below.
Figure 10: Bluetooth mesh transport PDU
As mentioned different applications can use different keys to separate the applications from each other. The access layer key is bound to the Bluetooth mesh models used by the applications to communicate with each other.
Finally a third pair of keys is generated called a device key, which the provisioner uses for future device management operations such as changing device settings or handing it new network or application keys. The device keys are never transmitted over the air, but generated and stored locally both at the device and the provisioner.
The life cycle of a Bluetooth mesh node starts as an un-provisioned device meaning it has not been added as a part of any mesh network nor has it been configured to operate in a network. The process of adding such a device as part of a Bluetooth mesh network is called provisioning and the process can be done for example using a smart phone application or during production time when devices are manufactured and firmware gets installed. An un-provisioned Bluetooth mesh device may send Bluetooth LE advertisement packets which announce that it supports the GATT provisioning service. The GATT provisioning service allows a Bluetooth LE device with provisioning capabilities to establish a connection to the un-provisioned device and start the provisioning process.
In addition or alternatively the un-provisioned mesh device can start sending un-provisioned mesh beacons allowing another Bluetooth mesh node with provisioning capabilities to provision it over the mesh bearer. In Bluetooth mesh 1.0 specification the provisioning can only be done over a single hop, but future version of the specification may allow devices to be provisioned also over multiple hops making this feature much more versatile. The Bluetooth mesh device provisioning is a secure process in which the provisioner typically performs the following actions:
Figure 11: Life-cycle of a Bluetooth mesh node
The typical next step after device provisioning is device configuration. This again can be done by the provisioner such as a smart phone application. For the mesh node to be operational in a Bluetooth mesh network the following steps are typically made:
The configuration of a node can be changed at any time of its life time.
A Bluetooth mesh node may need to be removed from a Bluetooth mesh network at some point in time for example when a broken device is replaced, devices gets stolen and so on. Bluetooth mesh network management operations provide two ways of removing a Bluetooth mesh node from the network.
Bluetooth mesh nodes are typically grouped into logical groups like kitchen or bedroom and they are many times also controlled as groups. This grouping of nodes is typically done at the time of provisioning or configuration as explained in the previous chapter; during this process the groups are created and nodes are assigned into one or multiple groups.
The mechanism used to setup how the nodes communicate with each other is called publish and subscribe. Sending messages is called publishing and receiving messages is called subscribing. For example when a light switch wants to control the lights in a kitchen, it publishes a message to the kitchen group, to which all the kitchen lights have subscribed to.
Each publish and subscribe group have their own group or virtual addresses and the nodes either send messages to these addresses and receiving nodes listen to the messages send with these addresses. It is possible for a single node to publish or subscribe to multiple groups The figure below illustrates how publish and subscribe could be setup in a Bluetooth mesh network.
Figure 12: Publish and Subscribe
Using publish and subscribe has multiple benefits: first of all it’s easy to humans to understand the concept of groups and assign devices to them. Publish and subscribe also simplifies the initial configuration of devices and messaging in a Bluetooth mesh network and most importantly publish subscribe significantly simplifies the life cycle management of mesh nodes. What it means is that when a new Bluetooth mesh node added to a network or an existing node is replaced only that node needs to be configured with the publish and subscribe settings and rest of the network nodes can remain unchanged and unware of the change.
Figure 13: Adding new nodes or groups
Mesh Model - The Application Layer Bluetooth mesh specification also defines the application layer called the Mesh Model. The mesh model is defined to enable full interoperability between devices from multiple vendors and to provide a common language for the devices. The purpose of the mesh model is to enable the light switch from vendor A to be able to turn on or off the lights from vendor B without having to change the software on the light switch or bulb.
Bluetooth mesh models generally define three things:
Now, let’s give an example of this. As almost all devices can be turned On or Off, Bluetooth mesh model specification defines a generic On/Off model client and server. The general definition for the generic On/Off model definition looks like this:
The On/Off model has a client and server sides and the definition is different for the client and the server.
The On/Off server is defined as follows:
And the On/Off client on the other hand is defined as follows:
As most devices do more than one thing an important concept of mesh model is an element. An example of such a device is a power strip with more than one socket and each socket being controllable individually. Each controllable socket in the power strip is assigned with a unique element and each element can support a unique set of models, so they can be individually controlled.
Each element in a power strip has:
Another important property in the Bluetooth mesh model is state binding, which is used to map the state of one model to a state of another model.
For example the value ‘0’ of Generic Level sets the Generic OnOff to ‘0’ and vice versa the value a non-zero value of Generic Level sets the Generic OnOff to ‘1’.
Currently the Bluetooth mesh model specification defines the following models.
As mentioned in the introduction chapter Bluetooth mesh devices can, but do not have to, implement Bluetooth LE functionality.
A device like the figure below has both a full Bluetooth LE stack and a Bluetooth mesh stacks implemented and such a device can have full Bluetooth LE capabilities as well full Bluetooth mesh capabilities.
This has a few benefits, as the device can connect to smart phones, tablets and any other devices implementing the GATT layer while the device is a fully functional mash node. This enables new use cases and applications and non-Bluetooth mesh capable devices to interact with Bluetooth mesh nodes.
Figure 14: A Bluetooth device with LE and mesh functionality
The downside of the above implementation is that more memory (both RAM and non-volatile) is needed to implement both stacks and functionality and for some devices, especially when cost is a concern, it is possible to just implement LE or mesh functionality, which requires less memory, but of course also provides less functionality. The figure below shows an architecture of a device, which only implements Bluetooth mesh. Such a device can act as a fully functional mesh node with the exclusion of proxy feature and since it still supports Bluetooth link layer it can also transmit Bluetooth beacons or discover beacons for example for in-door positioning or asset tracking applications.
Figure 15: A Bluetooth device with only mesh functionality
At the time of writing this white paper although almost all smart phones and tablets in the market have Bluetooth 4 support they however do not implement the Bluetooth mesh advertisement bearer, but only support Bluetooth connections and GATT application layer.
This means that the phones are not able to directly communicate with the mesh network over the advertisement bearer, but need one or multiple nodes in a network with a proxy feature enabled to accomplish that. Also to provision and configure a Bluetooth mesh device to a node a phone needs to use the provisioning GATT service.
Now to enable the phones and tablets to provision and communicate with mesh nodes over proxies a partial Bluetooth mesh stack is still needed on the phone as it still needs to be able to encrypt and decrypt the mesh network and access layer messages, send and receive mesh model messages and understand and other features. This means the application on a phone needs to implement all the layers needs for mesh communications as shown below.
The operating systems on the phones provide the basic Bluetooth LE services like RF, Bluetooth LE stack and the GATT layer, but rest of the implementation needs to be implemented, at least today, outside the phone’s operating systems meaning it needs to be part of an application.
Writing a Bluetooth mesh stack for smart phones can be a significant effort, but Silicon Labs for example provides the Bluetooth mesh stack for Android OS and targets to provide it as well for iOS during 2018.
Figure 16: Bluetooth mesh architecture on a phone
Bluetooth mesh 1.0 is a new standard available from Bluetooth SIG since July’17 and it enables large device networks and many-to-many communications for Bluetooth LE technology, which is something that was not possible with the earlier versions of the specification.
Bluetooth mesh provides a full stack solution, with everything from the RF to application layer defined, which enables us to build truly inter operable devices. Bluetooth SIG has also a long track record of building certification processes, tools and interoperable standards and Bluetooth mesh should be no different.
One of the key differentiators of Bluetooth mesh is the dual-layer security architecture and the security architecture overall as it provides state-of-the art security using FIPS or NIST approved algorithms and authentication of devices with man-in-the-middle protection, authentication, encryption and privacy protection for each message sent as well secure provisioning and network management operations.
Bluetooth mesh inherently also supports Bluetooth LE functionality enabling Bluetooth mesh nodes to connect to other Bluetooth LE devices, transmit beacons for point-of-interest of indoor positioning applications and scan beacons (assets) for indoor positioning solutions. This features make Bluetooth mesh also unique compared to other similar technologies and enable new applications and use cases being deployed into mesh connected applications like connected lighting, home and industrial automation.
Bluetooth mesh is still a new standard and active development is ongoing at Bluetooth SIG’s mesh working group during late 2017 and 2018 to further enhance the capabilities, performance and usability of Bluetooth mesh so this is just a beginning.