Test Setup: Device-A: BACnet/SC Hub Device-B: BACnet/SC Node Scenario: Device-A (BACnet/SC hub) and Device-B (BACnet/SC node) are connected via BACnet/SC. When the IP address of Device-B (BACnet/SC node) is changed without a cold restart, the Secure Connect Stack in Device-B remains in the CONNECTION state with Device-A. Upon changing the IP address of Device-B, Device-A closes the WebSocket connection immediately. Device-B then sends an heartbeat request to Device-A, expecting an acknowledgment....
Test Setup: Device-A: BACnet/SC Hub Device-B: BACnet/SC Node Scenario: Device-A (BACnet/SC hub) and Device-B (BACnet/SC node) are connected via BACnet/SC. When the IP address of Device-B (BACnet/SC node) is changed without a cold restart, the Secure Connect Stack in Device-B remains in the CONNECTION state with Device-A. Upon changing the IP address of Device-B, Device-A closes the WebSocket connection immediately. Device-B then sends an heartbeat request to Device-A, expecting an acknowledgment....
Test Setup: Device-A: BACnet/SC Hub Device-B: BACnet/SC Node Scenario: Device-A (BACnet/SC hub) and Device-B (BACnet/SC node) are connected via BACnet/SC. When the IP address of Device-B (BACnet/SC node) is changed without a cold restart, the Secure Connect Stack in Device-B remains in the CONNECTION state with Device-A. Upon changing the IP address of Device-B, Device-A closes the WebSocket connection immediately. Device-B then sends an heartbeat request to Device-A, expecting an acknowledgment....
An interoperable purpose of a backup is to capture an image of the database so it can be restored to the same device at some point in the future. This is tested. A second interoperable purpose of a backup is to capture an image of the database so it can be restored to the same type of device because the first device failed. This is not tested. Scenario #1: A facilities manager uses Vendor A’s B-AWS to back up your device. A month later, the facilities manager updates the certs and changes the primary...
How should the Backup and Restore procedure for BACnet Secure Connect be handled? Our IUT does not back up the certificates/keys used for BACnet Secure Connect. The reason is that copying or moving private keys increases the risk of them being intercepted or accessed by unauthorized individuals. Would it be expected for the IUT to back up the BACnet files (in this case, the certificates/keys) and be able to restore them on another device? Additionally, there is a related issue where Network Port...
Hi, I'm running the TestRouter (on a Rapsberry Pi) and I have a strange behaviour with a Hubconnection and a DirectConnection. I don't get back the same list of devices on my IP segment (and MSTP throught a router), same with the four false connected SC devices (TestNodes). On the attached image one can see the result for the both connections (ws not wss for test). This is a part of the config file : sc.primaryHubURI = ws://${x-sc-host}:47808 sc.hubFunctionBindURI = ws://${x-sc-host}:47808 sc.hubFunctionEnable...
Hi, Yabe V1.3 is now working well with applications given here such as TestHub, TestNodes, ... with Hub connection and also Direct connection using plain and TLS1.3 websockets, with and without certificate validation. Bye.
Hi all, In this implementation it seems that : Concerning certificates Nodes and Hub dont' have their own list of accepted remote certificates like it is with some OPC UA implementations. Nodes and Hub must have signed certificate by the same CA to accept each other. So self signated certificate are not working when validation is activated. I'm right or not ? Thank's a lot for this very good job.
Hi, Thanks, works like a charm. Bye.
By default, all the behavior of the reference implementation complies with the standard. Since the use of "plain" WebSockets is not allowed by the standard, you have to specifically enable it with a configuration property: sc.allowPlain = true A note about this has been added to the README that will be pushed out with the 3.2 changes.
Hi all, I'm just start with BACnet/SC, so socket without TLS is required. For uncrypted Websocket I've change "wss" by "ws" but I have errors when trying to run TestHub TestHub.properties look like : sc.primaryHubURI = ws://${x-sc-host}:4443 sc.failoverHubURI = ws://${x-sc-host}:4444 sc.hubFunctionEnable = true sc.hubFunctionBindURI = ws://${x-sc-host}:4443 sc.directConnectEnable = false I get this loop message : SCConnection - CONFIGURATION: HCP#1 111111111111-(pending) in SC-1: Incorrect scheme...
Hi Dave, thanks for the quick reply. I will try and let you know, but what you wrote makes sense. I did not have a closer look what was unpacked. Regards Frank
Oh yes, it runs on a Raspberry Pi! Since I had one sitting on my desk, it was always an informal design target. I say "informal" because it is not specifically a "supported" platform along with Linux, Windows, and Mac, but it was certainly a personal design goal to make sure that it ran and performed reasonably well on a $30 device :-) I ran it under Version 9 "stretch" on a Model B Plus 1.3. As a hub, it accepted 100 simultaneous connections, and I called that a success. I didn't do much more testing...
Oh yes, it runs on a Raspberry Pi! Since I had one sitting on my desk, it was always an informal design target. I say "informal" because it is not specifically a "supported" platform along with Linux, Windows, and Mac, but it was certainly a personal design goal to make sure that it ran and performed reasonably well on a $30 device :-) I ran it under Version 9 "stretch" on a Model B Plus 1.3. As a hub, it accepted 100 simultaneous connections, and I called that a success. I didn't do much more testing...
Did somebody get the ref implementation to run on a Raspberry? I tried installing it today and after launching ./Application everything was unpacked and installed successfully. But then a format error message was shown and nothing was started. I tried a restart with no success either. I was able to run everything successfully on Windows 10/64bit though (using the same download). Not really urgent, but still interested in getting it up and running on the Raspberry Linux. Thanks in advance, regards...
Thank you for the detailed reply. That was very helpful. --Rick
Often, the primary goal of a “reference implementation” is to be correct in its behavior, and equally, to be easily understandable and fixable by a community if it is found to be not correct. It is a “known good” against which other implementations are to be measured. In many cases then, it is only a secondary goal that it be a “starting point” for vendors‘ implementations. This balance of priorities can be seen in the extensive and verbose logging that is done by this implementation. That large...
Often, the primary goal of a “reference implementation” is to be correct in its behavior, and equally, to be easily understandable and fixable by a community if it is found to be not correct. It is a “known good” against which other implementations are to be measured. In many cases then, it is only a secondary goal that it be a “starting point” for vendors‘ implementations. This balance of priorities can be seen in the extensive and verbose logging that is done by this implementation. That large...
Often, the primary goal of a “reference implementation” is to be correct in its behavior, and equally, to be easily understandable and fixable by a community if it is found to be not correct. It is a “known good” against which other implementations are to be measured. In many cases then, it is only a secondary goal that it be a “starting point” for vendors‘ implementations. This balance of priorities can be seen in the extensive and verbose logging that is done by this implementation. That large...
I don't know many embedded devices, that would be controlled by BACnet, that are even capable of running a 64-bit JAVA VM. So why make a reference implementation in JAVA? For our purposes this is impracticably non-useful. Sorry.
In BACnet/SC, only the signing certificate should be used for validation, not the complete chain. Clause AB.7.4 says "Validate that the peer's operational certificate is directly signed by one of the locally configured CA certificates" and "no additional checks beyond the above shall be performed by default" which means that there is no validation of the "locally configured CA certificates" themselves. The fact that they have been configured into the device is akin to the collection of root certs...
Add example Intermediate certificates
.DS_Store removed
Initial commit
