MQ Telemetry Transport

MQTT (originally an initialism of MQ Telemetry Transport) is a lightweight, publish-subscribe, machine to machine network protocol for Message queue/ Message queuing service. It is designed for connections with remote locations that have devices with resource constraints or limited network bandwidth. It must run over a transport protocol that provides ordered, lossless, bi-directional connections—typically, TCP/IP. It is an open OASIS standard and an ISO recommendation (ISO/IEC 20922).

History

Andy Stanford-Clark ( IBM) and Arlen Nipper (then working for Eurotech, Inc.) authored the first version of the protocol in 1999. It was used to monitor oil pipelines within the SCADA industrial control system. The goal was to have a protocol that is bandwidth-efficient, lightweight and uses little battery power, because the devices were connected via satellite link which, at that time, was extremely expensive.

Historically, the "MQ" in "MQTT" came from the IBM MQ (then 'MQSeries') product line, where it stands for "Message Queue". However, the protocol provides publish-and-subscribe messaging (no queues, in spite of the name). In the specification opened by IBM as version 3.1 the protocol was referred to as "MQ Telemetry Transport". Subsequent versions released by OASIS strictly refers to the protocol as just "MQTT", although the technical committee itself is named "OASIS Message Queuing Telemetry Transport Technical Committee". Since 2013, "MQTT" does not stand for anything.

In 2013, IBM submitted MQTT v3.1 to the OASIS specification body with a charter that ensured only minor changes to the specification could be accepted. After taking over maintenance of the standard from IBM, OASIS released version 3.1.1 on October 29, 2014. A more substantial upgrade to MQTT version 5, adding several new features, was released on March 7, 2019.

MQTT-SN (MQTT for Sensor Networks) is a variation of the main protocol aimed at battery-powered embedded devices on non-TCP/IP networks, such as Zigbee.

Overview

The MQTT protocol defines two types of network entities: a message broker and a number of clients. An MQTT broker is a server that receives all messages from the clients and then routes the messages to the appropriate destination clients. An MQTT client is any device (from a micro controller up to a fully-fledged server) that runs an MQTT library and connects to an MQTT broker over a network.

Information is organized in a hierarchy of topics. When a publisher has a new item of data to distribute, it sends a control message with the data to the connected broker. The broker then distributes the information to any clients that have subscribed to that topic. The publisher does not need to have any data on the number or locations of subscribers, and subscribers, in turn, do not have to be configured with any data about the publishers.

If a broker receives a message on a topic for which there are no current subscribers, the broker discards the message unless the publisher of the message designated the message as a retained message. A retained message is a normal MQTT message with the retained flag set to true. The broker stores the last retained message and the corresponding QoS for the selected topic. Each client that subscribes to a topic pattern that matches the topic of the retained message receives the retained message immediately after they subscribe. The broker stores only one retained message per topic. This allows new subscribers to a topic to receive the most current value rather than waiting for the next update from a publisher.

When a publishing client first connects to the broker, it can set up a default message to be sent to subscribers if the broker detects that the publishing client has unexpectedly disconnected from the broker.

Clients only interact with a broker, but a system may contain several broker servers that exchange data based on their current subscribers' topics.

A minimal MQTT control message can be as little as two bytes of data. A control message can carry nearly 256 megabytes of data if needed. There are fourteen defined message types used to connect and disconnect a client from a broker, to publish data, to acknowledge receipt of data, and to supervise the connection between client and server.

MQTT relies on the TCP protocol for data transmission. A variant, MQTT-SN, is used over other transports such as UDP or Bluetooth.

MQTT sends connection credentials in plain text format and does not include any measures for security or authentication. This can be provided by using TLS to encrypt and protect the transferred information against interception, modification or forgery.

The default unencrypted MQTT port is 1883. The encrypted port is 8883.

MQTT broker

The MQTT broker is a piece of software running on a computer (running on-premises or in the cloud), and could be self-built or hosted by a third party. It is available in both open source and proprietary implementations.

The broker acts as a post office. MQTT clients don't use a direct connection address of the intended recipient, but use the subject line called "Topic". Anyone who subscribes receives a copy of all messages for that topic. Multiple clients can subscribe to a topic from a single broker (one to many capability), and a single client can register subscriptions to topics with multiple brokers (many to one).

Each client can both produce and receive data by both publishing and subscribing, i.e. the devices can publish sensor data and still be able to receive the configuration information or control commands (MQTT is a bi-directional communication protocol). This helps in both sharing data, managing and controlling devices. A client can not broadcast the same data to a range of topics, and must publish multiple messages to the broker, each with a single topic given.

With the MQTT broker architecture, the client devices and server application become decoupled. In this way, the clients are kept unaware of each other's information. MQTT, if configured to, can use TLS encryption with certificate, username and password protected connections. Optionally, the connection may require certification, in the form of a certificate file that a client provides and must match with the server's copy.

In case of failure, the broker software and clients can automatically hand over to a redundant/automatic backup broker. Backup brokers can also be set up to share the load of clients across multiple servers on site, in the cloud, or a combination of these.

The broker can support both standard MQTT and MQTT for compliant specifications such as Sparkplug. This can be done with same server, at the same time and with the same levels of security.

The broker keeps track of all the session's information as the device goes on and off, in a function called "persistent sessions". In this state, a broker will store both connection info for each client, topics each client has subscribed to, and any messages for a topic with a QoS of 1 or 2.

The main advantages of MQTT broker are:
# Eliminates vulnerable and insecure client connections, if configured to
# Can easily scale from a single device to thousands
# Manages and tracks all client connection states, including security credentials and certificates, if configured to
# Reduced network strain without compromising the security, if configured to (cellular or satellite network)

Message types

Connect

Waits for a connection to be established with the server and creates a link between the nodes.

Disconnect

Waits for the MQTT client to finish any work it must do, and for the TCP/IP session to disconnect.

Publish

Returns immediately to the application thread after passing the request to the MQTT client.

Version 5.0

In 2019, OASIS released the official MQTT 5.0 standard. Version 5.0 includes the following major new features:

* Reason codes: Acknowledgements now support return codes, which provide a reason for a failure.
* Shared subscriptions: Allow the load to be balanced across clients and thus reduce the risk of load problems
* Message expiry: Messages can include an expiry date and are deleted if they are not delivered within this time period.
* Topic alias: The name of a topic can be replaced with a single number

Quality of service

Each connection to the broker can specify a quality of service (QoS) measure. These are classified in increasing order of overhead:
* At most once – the message is sent only once and the client and broker take no additional steps to acknowledge delivery (fire and forget).
* At least once – the message is re-tried by the sender multiple times until acknowledgement is received (acknowledged delivery).
* Exactly once – the sender and receiver engage in a two-level handshake to ensure only one copy of the message is received (assured delivery).

This field does not affect handling of the underlying TCP data transmissions; it is only used between MQTT senders and receivers.

Applications

Several projects implement MQTT, for example:
* OpenHAB the Open-source software home automation platform embed an MQTT binding.
* The Open Geospatial Consortium SensorThings API standard specification has an MQTT extension in the standard as an additional message protocol binding. It was demonstrated in a US Department of Homeland Security IoT Pilot.
* Node-RED supports MQTT with TLS nodes as of version 0.14.
* Home Assistant the Open-source software home automation platform is MQTT enabled and offers a Mosquitto broker add-on.
* ejabberd supports MQTT as of version 19.02.
* Eclipse Foundation manages a Sparkplug protocol specification compatible with MQTT. It builds on top of MQTT adding requirements needed in real-time industrial applications.

Security

Security of the MQTT protocol was compromisedVaccari, I., Aiello, M., & Cambiaso, E. (2020). SlowITe, a novel denial of service attack affecting MQTT. Sensors, 20(10), 2932. in 2020 by Italian researchers, executing Slow DoS Attacks on such protocol (se
CVE-2020-13849
.

See also

* Comparison of MQTT implementations
* Advanced Message Queuing Protocol (AMQP)
* Streaming Text Oriented Messaging Protocol (STOMP)
* Constrained Application Protocol (CoAP)
*Extensible Messaging and Presence Protocol (XMPP)
* Apache ActiveMQ
*Solace PubSub+
* RabbitMQ

Notes

References

External links

*

Official website of Technical Committee
* MQTT Specifications
** Version 5.0, 2019-03-07
PDF edition
** Version 3.1.1 Plus Errata 01, 2015-12-10
PDF edition
** Version 3.1.1, 2014-10-29
PDF edition
** Version 3.1, 2010
PDF edition
* MQTT-SN Specifications
** Version 1.2, 2013-11-14
PDF edition

{{Authority control

Application layer protocols
Data transmission
MQ
Message-oriented middleware
Network protocols
Telemetry