NetReach Reference AP v1.2.0 for NCCoE

Release notes for the Micronets Gateway Service + NetReach Reference Agent for NCCoE

This release enables DPP/Easy Connect support in NetReach agent. This allows the onboarding of devices using a QR code.

This release also adjusts the cache retention for PSK lookups from 60 seconds to 30 seconds. This will help devices connect more quickly when the user corrects a mis-entered password.

Installation

If you have prior versions of the NetReach/Micronets agent and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.

The following would cleanup all the project directories prior to installing this release:

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS 10 and Ubuntu 18.04 or 20.04 LTS, most dependencies are provided by the distribution.
This distribution has been tested on Raspberry Pi OS 10. Raspbian 10 can be found here:

https://downloads.raspberrypi.org/raspios_full_armhf/images/raspios_full_armhf-2021-03-25/

To install the required distribution-provided packages, perform the following steps:

sudo apt update

If prompted to confirm a change in repository Suites from "stable" to "oldoldstable", select "Y". When complete, run the following:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper python3-pip

Configuring system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Disabling the built-in wifi adapter

If you're using an external WiFi adapter (micronets requires a wifi adapter that support VLAN tagging and DPP, if doing DPP/EasyConnect-based onboarding), you will probably want to disable the built-in one - since which adapter gets setup as wlan0 and wlan1 can be unpredictable. To do this, add the following line to /boot/config.txt:

dtoverlay=disable-wifi

After a reboot, the built-in adapter should not appear as a network device.

Reducing dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reducing avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines:

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing the micronets/netreach hostapd

In addition to the PSK delegate support needed for NetReach, this version of hostapd adds support for the track_sta_list
hostapd_cli command.

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.2.0-dev/micronets-hostapd-1.0.31.deb
sudo dpkg -i micronets-hostapd-1.0.31.deb

To start the micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in a future release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the NetReach Agent

The Micronets Gateway Service contains the NetReach agent as an "adapter" and is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.2.0-dev/micronets-gw-1.2.0-U18.04+.deb
sudo dpkg -i micronets-gw-1.2.0-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start the micronets-gw service:

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh
sudo systemctl start micronets-gw.service

Note: The setup-vlan-bridges.sh script only needs to be run once per reboot (see below).

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First-time Configuration

Set a unique serial number for the NetReach Agent/AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free-form text for now but may be restricted in a later release.

echo "BART-AP-0001" > /opt/micronets-gw/lib/netreach-serialnum.txt

Register the AP with the NetReach Controller

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed to register the NetReach Agent/AP with the Netreach Controller. These steps only need to be done once after the agent installation.

There are two ways to have the AP registered with the controller:

• The AP is provisioned with a "registration token". The AP generates it's own public/private keypair and uses the one-time-use registration token to register the AP with the Controller.
• A public/private keypair is generated on (or for) the AP and the public key is registered with the controller (using user/operator credentials).

Both of these methods are detailed below.

Registering the NetReach Agent/AP with the NetReach Controller using a Registration Token

This is the simpler of the two methods and is recommended for most cases.

Creating the AP Entry with Registration Token

Before the NetReach agent can authenticate with the Controller, we can create a registration token to allow the NetReach agent to create and register its public/private ECC key-pair with the Controller the first time it starts up. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    }
}'

This will return the registrationToken used below to register the NetReach Agent's public key.

Configure the NetReach agent with the registration token

Save the registrationToken returned above into the file /opt/micronets-gw/lib/netreach-reg-token.txt and restart the agent using sudo systemctl restart micronets-gw.service.

When the agent starts up, it will generate an ECC public/private keypair and register the public key using the registration token. Once used the netreach-reg-token.txt file will be deleted, since it's no longer valid. This can be verified by examining the Micronets/NetReach Agent log at /opt/micronets-gw/micronets-gw.log.

Registering the NetReach Agent/AP with the NetReach Controller using a pre-defined Public Key

The steps below are for registering the AP using a pre-defined public/private keypair. This should be skipped if the AP is being registered using a registration token.

Manually create a public/private ECC key-pair for the NetReach agent

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-*key.pem /opt/micronets-gw/lib/

Register the AP and associated public key with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info:

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that the newlines in the key.pem file need to be replaced with "\n" and make the entire public key a single string (including the first and the last header lines)

Once the key has been registered with the Controller, the NetReach adapter wil...

NetReach Reference AP v1.2.0-dev

Release notes for the Micronets Gateway Service + NetReach Reference Agent

This release adds the following features to the NetReach agent:

• Added Trust Domain support. This new construct allows for the grouping of devices according to trust and policy.
• Three Trust Domain types are supported:
  • PER_DEVICE_CRED_DOMAIN: Each device has its own credential
  • SHARED_CRED_CONFIRMED_DOMAIN: The domain has a credential which all devices can attempt to join with - but they are not included in the domain until confirmed by the customer/delegated user.
  • SHARED_CRED_TIMED_DOMAIN: The domain has a credential which all devices can use to connect to the domain, but their connection is time-limited based on the lease period set in the domain.

Note that the cloud implementation must also support Trust Domains. The NetReach agent included in this release is not backwards-compatible with previous NetReach controller APIs.

Installation

If you have prior versions of the NetReach/Micronets agent and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.

The following would cleanup all the project directories prior to installing this release:

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS 10 and Ubuntu 18.04 or 20.04 LTS, most dependencies are provided by the distribution.
This distribution has been tested on Raspberry Pi OS 10.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reducing dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reducing avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines:

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing the micronets/netreach hostapd

In addition to the PSK delegate support needed for NetReach, this version of hostapd adds support for the track_sta_list
hostapd_cli command.

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.2.0-dev/micronets-hostapd-1.0.29.deb
sudo dpkg -i micronets-hostapd-1.0.29.deb

To start the micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in a future release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the NetReach Agent

The Micronets Gateway Service contains the NetReach agent as an "adapter" and is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.2.0-dev/micronets-gw-1.2.0-U18.04+.deb
sudo dpkg -i micronets-gw-1.2.0-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start the micronets-gw service:

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh
sudo systemctl start micronets-gw.service

Note: The setup-vlan-bridges.sh script only needs to be run once per reboot (see below).

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First-time Configuration

Set a unique serial number for the NetReach Agent/AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free-form text for now but may be restricted in a later release.

echo "BART-AP-0001" > /opt/micronets-gw/lib/netreach-serialnum.txt

Register the AP with the NetReach Controller

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed to register the NetReach Agent/AP with the Netreach Controller. These steps only need to be done once after the agent installation.

There are two ways to have the AP registered with the controller:

• The AP is provisioned with a "registration token". The AP generates it's own public/private keypair and uses the one-time-use registration token to register the AP with the Controller.
• A public/private keypair is generated on (or for) the AP and the public key is registered with the controller (using user/operator credentials).

Both of these methods are detailed below.

Registering the NetReach Agent/AP with the NetReach Controller using a Registration Token

This is the simpler of the two methods and is recommended for most cases.

Creating the AP Entry with Registration Token

Before the NetReach agent can authenticate with the Controller, we can create a registration token to allow the NetReach agent to create and register its public/private ECC key-pair with the Controller the first time it starts up. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    }
}'

This will return the registrationToken used below to register the NetReach Agent's public key.

Configure the NetReach agent with the registration token

Save the registrationToken returned above into the file /opt/micronets-gw/lib/netreach-reg-token.txt and restart the agent using sudo systemctl restart micronets-gw.service.

When the agent starts up, it will generate an ECC public/private keypair and register the public key using the registration token. Once used the netreach-reg-token.txt file will be deleted, since it's no longer valid. This can be verified by examining the Micronets/NetReach Agent log at /opt/micronets-gw/micronets-gw.log.

Registering the NetReach Agent/AP with the NetReach Controller using a pre-defined Public Key

The steps below are for registering the AP using a pre-defined public/private keypair. This should be skipped if the AP is being registered using a registration token.

Manually create a public/private ECC key-pair for the NetReach agent

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-*key.pem /opt/micronets-gw/lib/

Register the AP and associated public key with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info:

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that the newlines in the key.pem file need to be replaced with "\n" and make the entire public key a single string (including the first and the last header lines)

Once the key has been registered with the Controller, the NetReach adapter will be able to authenticate and retrieve an api-token to authenticate with the mqtt broker and invoke the other API endpoints on the Controller.

Follow the steps below prior to starting the micronets-gw service.

Configuration after each reboot

A...

NetReach Reference AP v1.1.7-dev

Release notes for the Micronets Gateway Service + NetReach Reference Agent

This release adds the following features to the NetReach agent:

• Improved some of the logic around the setting of the Device "associated"/"connected" flags.

Installation

If you have prior versions of the NetReach/Micronets agent and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.

The following would cleanup all the project directories prior to installing this release:

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS 10 and Ubuntu 18.04 or 20.04 LTS, most dependencies are provided by the distribution.
This distribution has been tested on Raspberry Pi OS 10.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reducing dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reducing avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines:

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing the micronets/netreach hostapd

In addition to the PSK delegate support needed for NetReach, this version of hostapd adds support for the track_sta_list
hostapd_cli command.

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.7-dev/micronets-hostapd-1.0.29.deb
sudo dpkg -i micronets-hostapd-1.0.29.deb

To start the micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in a future release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the NetReach Agent

The Micronets Gateway Service contains the NetReach agent as an "adapter" and is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.7-dev/micronets-gw-1.1.7-U18.04+.deb
sudo dpkg -i micronets-gw-1.1.7-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start the micronets-gw service:

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh
sudo systemctl start micronets-gw.service

Note: The setup-vlan-bridges.sh script only needs to be run once per reboot (see below).

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First-time Configuration

Set a unique serial number for the NetReach Agent/AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free-form text for now but may be restricted in a later release.

echo "BART-AP-0001" > /opt/micronets-gw/lib/netreach-serialnum.txt

Register the AP with the NetReach Controller

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed to register the NetReach Agent/AP with the Netreach Controller. These steps only need to be done once after the agent installation.

There are two ways to have the AP registered with the controller:

• The AP is provisioned with a "registration token". The AP generates it's own public/private keypair and uses the one-time-use registration token to register the AP with the Controller.
• A public/private keypair is generated on (or for) the AP and the public key is registered with the controller (using user/operator credentials).

Both of these methods are detailed below.

Registering the NetReach Agent/AP with the NetReach Controller using a Registration Token

This is the simpler of the two methods and is recommended for most cases.

Creating the AP Entry with Registration Token

Before the NetReach agent can authenticate with the Controller, we can create a registration token to allow the NetReach agent to create and register its public/private ECC key-pair with the Controller the first time it starts up. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    }
}'

This will return the registrationToken used below to register the NetReach Agent's public key.

Configure the NetReach agent with the registration token

Save the registrationToken returned above into the file /opt/micronets-gw/lib/netreach-reg-token.txt. When the agent
starts up, it will generate an ECC public/private keypair and register the public key using the registration token. Once used
the netreach-reg-token.txt file will be deleted, since it's no longer valid. This can be verified by examining the Micronets/NetReach Agent log at /opt/micronets-gw/micronets-gw.log.

Registering the NetReach Agent/AP with the NetReach Controller using a pre-defined Public Key

The steps below are for registering the AP using a pre-defined public/private keypair. This should be skipped if the AP is being registered using a registration token.

Manually create a public/private ECC key-pair for the NetReach agent

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-*key.pem /opt/micronets-gw/lib/

Register the AP and associated public key with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info:

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that the newlines in the key.pem file need to be replaced with "\n" and make the entire public key a single string (including the first and the last header lines)

Once the key has been registered with the Controller, the NetReach adapter will be able to authenticate and retrieve an api-token to authenticate with the mqtt broker and invoke the other API endpoints on the Controller.

Follow the steps below prior to starting the micronets-gw service.

Configuration after each reboot

All the core gateway configuration has now been automated through the /opt/micronets-gw/bin/setup-vlan-bridges.sh script. After each reboot of the AP, run the script as follows (or incorporate these steps into your system startup)

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh

This will create the necessary OVS bridges and interfaces. Specifically:

• It creates a veth pair "haport/haport-sw". The "haport" is the means to hook up hostapd's vlan tagged traffic to the OVS switch.
• Ensure that the vlan-tagged-interface setting in /opt/micronets-hostapd/lib/hostapd.conf file has the value "haport" (this should be the default)
• Ensure that the bridge parameter in the hostap.conf file is commented out
• Ensure that you only have one IP address o...

NetReach Reference AP v1.1.6-dev

Release notes for the Micronets Gateway Service + NetReach Reference Agent

This release adds the following features to the NetReach agent:

• Support for inter-AP vxlan tunnels. The NetReach agent will now:
  • Establish per-Service vxlan tunnels with other agents/APs hosting stations in the same Service.
  • Perform layer 2 packet routing using an inter-AP OVS bridge with OpenFlow rules to route packets to remote devices over the appropriate vxlan(s).
  • Provide DHCP responses with the "Interface MTU Option" set to a reduced size to account for VXLAN packet overhead.

Installation

If you have prior versions of the NetReach/Micronets agent and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.

The following would cleanup all the project directories prior to installing this release:

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS 10 and Ubuntu 18.04 or 20.04 LTS, the dependencies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reducing dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reducing avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines:

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing the micronets/netreach hostapd

In addition to the PSK delegate support needed for NetReach, this version of hostapd adds support for the track_sta_list
hostapd_cli command.

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.6-dev/micronets-hostapd-1.0.29.deb
sudo dpkg -i micronets-hostapd-1.0.29.deb

To start the micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in a future release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the NetReach Agent

The Micronets Gateway Service contains the NetReach agent as an "adapter" and is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.6-dev/micronets-gw-1.1.6-U18.04+.deb
sudo dpkg -i micronets-gw-1.1.6-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start the micronets-gw service:

sudo systemctl start micronets-gw.service

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First-time Configuration

Set a unique serial number for the NetReach Agent/AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free-form text for now but may be restricted in a later release.

echo "BART-AP-0001" > /opt/micronets-gw/lib/netreach-serialnum.txt

Register the AP with the NetReach Controller

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed to register the NetReach Agent/AP with the Netreach Controller. These steps only need to be done once after the agent installation.

There are two ways to have the AP registered with the controller:

• The AP is provisioned with a "registration token". The AP generates it's own public/private keypair and uses the one-time-use registration token to register the AP with the Controller.
• A public/private keypair is generated on (or for) the AP and the public key is registered with the controller (using user/operator credentials).

Both of these methods are detailed below.

Registering the NetReach Agent/AP with the NetReach Controller using a Registration Token

This is the simpler of the two methods and is recommended for most cases.

Creating the AP Entry with Registration Token

Before the NetReach agent can authenticate with the Controller, we can create a registration token to allow the NetReach agent to create and register its public/private ECC key-pair with the Controller the first time it starts up. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    }
}'

This will return the registrationToken used below to register the NetReach Agent's public key.

Configure the NetReach agent with the registration token

Save the registrationToken returned above into the file /opt/micronets-gw/lib/netreach-reg-token.txt. When the agent
starts up, it will generate an ECC public/private keypair and register the public key using the registration token. Once used
the netreach-reg-token.txt file will be deleted, since it's no longer valid. This can be verified by examining the Micronets/NetReach Agent log at /opt/micronets-gw/micronets-gw.log.

Registering the NetReach Agent/AP with the NetReach Controller using a pre-defined Public Key

The steps below are for registering the AP using a pre-defined public/private keypair. This should be skipped if the AP is being registered using a registration token.

Manually create a public/private ECC key-pair for the NetReach agent

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-*key.pem /opt/micronets-gw/lib/

Register the AP and associated public key with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info:

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that the newlines in the key.pem file need to be replaced with "\n" and make the entire public key a single string (including the first and the last header lines)

Once the key has been registered with the Controller, the NetReach adapter will be able to authenticate and retrieve an api-token to authenticate with the mqtt broker and invoke the other API endpoints on the Controller.

Follow the steps below prior to starting the micronets-gw service.

Configuration after each reboot

All the core gateway configuration has now been automated through the /opt/micronets-gw/bin/setup-vlan-bridges.sh script. After each reboot of the AP, run the script as follows (or incorporate these steps into your system startup)

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh

This will create the necessary OVS bridges and interfaces. Specifically:

• It creates a veth pair "haport/haport-sw". The "haport" is the means to hook up hostapd's vlan tagged traffic to the OVS switch.
• Ensure that the vlan-tagged-interface setting in /opt/micronets-hostapd/lib/hostapd.conf file has the value "haport" (this...

NetReach Reference AP v1.1.4-dev

Notes on this release

This release adds the following features to the NetReach PoC agent:

• Fix for hostapd PSK lookups. The PSK lookup delegate is no longer invoked when a station MAC is present in the WPA PSK file but the PSK doesn't match the entry.
• The NetReach Agent now updates the AP cloud entry with its geolocation and management address at startup. This can be configured to provide the address of a particular interface (via NETREACH_ADAPTER_MAN_INTERFACE) or specified explicitly (via NETREACH_ADAPTER_MAN_ADDRESS)

Installation

If you have prior versions of the micronets-gw and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.

The following would cleanup all the project directories prior to installing this release:

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS and Ubuntu 18.04+, the dependencies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring some system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reduce dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reduce avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing micronets hostapd

In addition to the PSK delegate support, this version of hostapd adds support for the track_sta_list
hostapd_cli command.

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.4-dev/micronets-hostapd-1.0.28.deb
sudo dpkg -i micronets-hostapd-1.0.28.deb

To start micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in the next release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the NetReach Agent:

The Micronets Gateway Service contains the NetReach agent as an "adapter" and is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.4-dev/micronets-gw-1.1.4-U18.04+.deb
sudo dpkg -i micronets-gw-1.1.4-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start micronets-gw service:

sudo systemctl start micronets-gw.service

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First-time Configuration

Set a unique serial number for the AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free form text for now but later may be restricted.

Register the AP With The NetReach Controller

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed. These steps only needs to be done once after the agent installation

Manually generate a public/private ECC key-pair for the agent and register it with the NetReach Controller

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-*key.pem /opt/micronets-gw/lib/

Register the AP with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that the newlines in the pem file need to be replaced with "\n" and make the entire public key a single string (including the first and the last header lines)

Once the key has been registered with the Controller, the NetReach adapter will be able to authenticate and retrieve an api-token to authenticate with the mqtt broker and invoke the other API endpoints on the Controller.

Automatically generate a public/private ECC key-pair for the agent and register it using a registration token

Register the AP with the Controller

Before the NetReach agent can authenticate with the Controller, we can create a registration token to allow the NetReach agent to create and register its public/private ECC key-pair with the Controller the first time it starts up. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    }
}'

This will return a registrationToken which can be used one time by a NetReach agent to register its public ECC key.

Configure the NetReach agent with the registration token

Save the registrationToken returned above into the file /opt/micronets-gw/bin/netreach-reg-token.txt. When the agent
starts up, it will generate an ECC public/private keypair and register the public key using the registration token. Once used
the netreach-reg-token.txt file will be deleted, since it's no longer valid.

Follow the steps below prior to starting the micronets-gw service.

Configuration after each reboot

All the core gateway configuration has now been automated through the /opt/micronets-gw/bin/setup-vlan-bridges.sh script. After each reboot, simply run the script as follows

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh

And it will create the necessary OVS bridges and interfaces. As part of the creation,

• It creates a veth pair "haport/haport-sw". The "haport" is the means to hook up hostapd's vlan tagged traffic to the OVS switch.
• Ensure that the vlan-tagged-interface setting in /opt/micronets-hostapd/lib/hostapd.conf file has the value haport (this should be the default
• Ensure that the bridge parameter in the hostap.conf file is commented out
• Ensure that you only have one IP address on your WAN port (typically eth0)

NetReach Reference AP v1.1.3-dev

Notes on this release

This release adds the following features to the NetReach PoC agent:

• PSK lookup caching. PSK lookups are now run through the NetReach agent and cached to prevent unnecessary load on the server (especially important for devices with miskeyed passphrases)
• AP registration tokens. An AP can be provisioned with a token generated by creating an AP object with a serial number but without a pubkey. The registration token can then be written to the AP and used to register the pubkey when the keypair is generated (via files lib/netreach-reg-token.txt and lib/netreach-serialnum.txt)
• Service/Device disable support. If/when a Service or individual Device is disabled (the “enabled” flag is set to “false”) the affected devices will be disconnected and have their PSKs disabled.
• Device status indicators are implemented. The AP will set the “associated” and “connected” flags on the NetReach Device entries as stations/devices are associated and obtain DHCP leases. The flags are reset when stations/devices disassociate with the AP.
• The AP managementAddress and geolocation are now set.
• Better support for compromised connectivity to the NetReach controller. The NetReach agent will attempt to retry the initial connection with the controller until it successfully downloads its initial configuration.
• Runtime SSID assignment. The hostapd SSID is now set accd to the AP's AP Group assignment.

Installation

If you have prior versions of the micronets-gw and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.

The following would be a good cleanup prior to installing this release:

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS and Ubuntu 18.04+, the dependencies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring some system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reduce dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reduce avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing micronets hostapd

In addition to the PSK delegate support, this version of hostapd adds support for the track_sta_list
hostapd_cli command.

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.3-dev/micronets-hostapd-1.0.27.deb
sudo dpkg -i micronets-hostapd-1.0.27.deb

To start micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in the next release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the Micronets Gateway Service:

The Micronets Gateway Service is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.3-dev/micronets-gw-1.1.3-U18.04+.deb
sudo dpkg -i micronets-gw-1.1.3-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start micronets-gw service:

sudo systemctl start micronets-gw.service

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First-time Configuration

Set a unique serial number for the AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free form text for now but later may be restricted.

Register the AP With The NetReach Controller

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed. These steps only needs to be done once after the agent installation

Manually generate a public/private ECC key-pair for the agent and register it with the NetReach Controller

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-*key.pem /opt/micronets-gw/lib/

Register the AP with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that the newlines in the pem file need to be replaced with "\n" and make the entire public key a single string (including the first and the last header lines)

Once the key has been registered with the Controller, the NetReach adapter will be able to authenticate and retrieve an api-token to authenticate with the mqtt broker and invoke the other API endpoints on the Controller.

Automatically generate a public/private ECC key-pair for the agent and register it using a registration token

Register the AP with the Controller

Before the NetReach agent can authenticate with the Controller, we can create a registration token to allow the NetReach agent to create and register its public/private ECC key-pair with the Controller the first time it starts up. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    }
}'

This will return a registrationToken which can be used one time by a NetReach agent to register its public ECC key.

Configure the NetReach agent with the registration token

Save the registrationToken returned above into the file /opt/micronets-gw/bin/netreach-reg-token.txt. When the agent
starts up, it will generate an ECC public/private keypair and register the public key using the registration token. Once used
the netreach-reg-token.txt file will be deleted, since it's no longer valid.

Follow the steps below prior to starting the micronets-gw service.

Configuration after each reboot

All the core gateway configuration has now been automated through the /opt/micronets-gw/bin/setup-vlan-bridges.sh script. After each reboot, simply run the script as follows

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh

And it will create the necessary OVS bridges and interfaces. As part of the creation,

• It creates a veth pair "haport/haport-sw". The "haport" is the means to hook up hostapd's vlan tagged traffic to the OVS switch.
• Ensure that the vlan-tagged-interface setting in /opt/micronets-hostapd/lib/hostapd.conf file has the value haport (this should be the default
• Ensure that the bridge parameter in the hostap.conf file is commented out
• Ensure that you only have one IP address on your WAN port (typically eth0)

NetReach Controller Integration

Notes on this release

This release includes the NetReach adapter to communicate with the NetReach controller and receive configuration from the controller.

Installation

If you have prior versions of the micronets-gw and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.
The following would be a good cleanup prior to installing this release

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS and Ubuntu 18.04+, the dependencies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring some system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reduce dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reduce avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing micronets hostapd

This release includes support for native vlan-tagged interface (removes the previous dependency on ovs integration) and also incorporates delegating the psk lookup to a python delegate that will communicate with the psk-lookup on the Controller

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.1-dev/micronets-hostapd-1.0.22.deb
sudo dpkg -i micronets-hostapd-1.0.22.deb

To start micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in the next release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the Micronets Gateway Service:

The Micronets Gateway Service is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.1.1-dev/micronets-gw-1.1.1-U18.04+.deb
sudo dpkg -i micronets-gw-1.1.1-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start micronets-gw service:

sudo systemctl start micronets-gw.service

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

First time Configuration

In order for the NetReach Agent adapter to login to the mqtt broker as well as the Controller, the following steps are needed. These steps only needs to be done once after the agent installation

Generate a public/private ECC key-pair for the agent.

openssl  ecparam -name prime256v1 -genkey -noout -out netreach-privkey.pem
openssl ec -in netreach-privkey.pem -pubout -out netreach-pubkey.pem
sudo cp netreach-privkey.pem /opt/micronets-gw/lib/
sudo cp netreach-pubkey.pem /opt/micronets-gw/lib/

Set a unique serial number for the AP

Create a file named /opt/micronets-gw/lib/netreach-serialnum.txt and enter a unique serial number for the AP. This is free form text for now but later we may enforce a UUID to be here.

Registering the AP with the Controller

Before the NetReach agent can authenticate with the Controller, we need to enroll its public key (generated above) with the Controller. This needs to be done by invoking the REST API with the Controller using an api-token that is generated with a user credential. The following is a template curl command that will need to be filled in with the relevant info

curl --location --request POST 'https://staging.api.controller.netreach.in/v1/access-points/' \
--header 'x-api-token: <api-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<unique name for ap>",
    "serial": "<same-as-serialnum-file-above>",
    "enabled": true,
    "geolocation": {
        "latitude": "<XX>",
        "longitude": "<YY>"
    },
    "publicKey": "<public-key-from-above>"
}'

Note that json does't always handle newlines correctly and the pem file generated above ususally has newlines in it. Prior to putting it inside the json body above, you will need to remove the newlines and replace it with "\n" and make the entire public key a single string (including the first and the last header lines)
Once the key has been registered with the Controller, the NetReach adapter will be able to authenticate and retrieve an api-token to authenticate with the mqtt broker and invoke the other API endpoints on the Controller.
Follow the steps below prior to starting the micronets-gw service.

Configuration after each reboot

All the core gateway configuration has now been automated through the /opt/micronets-gw/bin/setup-vlan-bridges.sh script. After each reboot, simply run the script as follows

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh

And it will create the necessary OVS bridges and interfaces. As part of the creation,

• It creates a veth pair "haport/haport-sw". The "haport" is the means to hook up hostapd's vlan tagged traffic to the OVS switch.
• Ensure that the vlan-tagged-interface setting in /opt/micronets-hostapd/lib/hostapd.conf file has the value haport (this should be the default
• Ensure that the bridge parameter in the hostap.conf file is commented out
• Ensure that you only have one IP address on your WAN port (typically eth0)

NetReach-AP-Group

Notes on this release

This is a dev release that includes the AP-Group functionality but is not automated with the Controller. The instructions below are required to get an operational ap group

Installation

If you have prior versions of the micronets-gw and/or micronets-hostap installed, please stop and uninstall them prior to installing this release. There are a number of changes in this release that makes configuration easier. However they can conflict with the configuration that was used in prior releases.
The following would be a good cleanup prior to installing this release

• Take a backup of your /opt/micronets-hostapd/lib folder - this contains the hostap.conf, hostap.vlan and hostap.wpa_psk files
• Remove the /opt/micronets-gw and /opt/micronets-hostapd directory
• Remove the /etc/network/interfaces.d/micronets file (not needed anymore)
• You might also want to save the /opt/micronets-gw/config.py file if you have made any changes to it

Installing dependent packages

On Raspberry Pi OS and Ubuntu 18.04+, the dependencies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Configuring some system settings

The following settings are not strictly necessary for the gateway and hostap functionality to work but following them will ensure that you have a more optimal system to work with. The following settings disables certain spurious services that are activated by default on all new interfaces

Reduce dhcpcd chatter

Edit the /etc/dhcpcd.conf file and at the end of the file add the following

allowinterfaces eth0 #(Replace eth0 with whatever your wan port is)

This will ensure that dhcpcd does not get invoked on the other interfaces that we will be creating later

Reduce avahi chatter

Edit the /etc/avahi/avahi-daemon.conf file and change the following lines

use-ipv4=no
use-ipv6=no
allow-interfaces=eth0

This ensures that avahi and mDNS traffic is suppressed from the router (we will still allow this traffic from clients, just not the router itself)

Installing micronets hostapd

This release includes support for native vlan-tagged interface (removes the previous dependency on ovs integration) and also incorporates delegating the psk lookup to a service

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.0.66-dev/micronets-hostapd-1.0.18.deb
sudo dpkg -i micronets-hostapd-1.0.18.deb

To start micronets-hostapd service

sudo systemctl start micronets-hostapd.service

We suggest that you do not set the hostap to autostart as there is some manual scripts that need to be run after each reboot (this will be automated in the next release).

You can check to see if the hostap service is running with:

sudo systemctl status micronets-hostapd.service

Installing the Micronets Gateway Service:

The Micronets Gateway Service is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Rapberry Pi OS and Ubuntu 18.04+. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/v1.0.66-dev/micronets-gw-1.1.0-U18.04+.deb
sudo dpkg -i micronets-gw-1.1.0-U18.04+.deb

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the helper scripts in the /opt/micronets-gw/bin directory
3. install a systemd micronets-gw-service service control file

To start micronets-gw service:

sudo systemctl start micronets-gw.service

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

Configuration

All the core gateway configuration has now been automated through the /opt/micronets-gw/bin/setup-vlan-bridges.sh script. After each reboot, simply run the script as follows

sudo /opt/micronets-gw/bin/setup-vlan-bridges.sh

And it will create the necessary OVS bridges and interfaces. As part of the creation,

• It creates a veth pair "haport/haport-sw". The "haport" is the means to hook up hostapd's vlan tagged traffic to the OVS switch.
• Ensure that the vlan-tagged-interface setting in /opt/micronets-hostapd/lib/hostapd.conf file has the value haport (this should be the default
• Ensure that the bridge parameter in the hostap.conf file is commented out
• Ensure that you only have one IP address on your WAN port (typically eth0)

Start the GW and HostAP services as explained above. If they are already started, stop and restart them after running the script above.
Now your gateway will be operational in standalone mode. All you need to do is start creating the micronets and adding devices to it.

If you want to setup an AP group, follow the additional instructions below

Setting up an AP group

The AP group setup will typically be done by the controller but that is still WIP. In the meantime to do a manual setup of the AP group, follow the steps below

• Using the instructions above, create/setup multiple gateways. Make sure all your gateways are on the same subnet and/or that they can connect to each other over their WAN port
• The only additional thing required to form an AP group is to setup the VXLAN links between the AP's
• There is a helper script /opt/micronets-gw/bin/vxlan_link.sh that allows you to setup the VXLAN links
• In order to avoid looping issues, we suggest you form a linear or star topology with the AP's (assuming more than 2).
• A simple linear topology could simply be done by looking at the WAN IP addresses and connecting them in ascending order, i.e the lowest IP address and highest IP address will only have one VXLAN link, while the intermediate gateway's will have a link to the lower IP and the higher IP (all of this will be automated by the GW Agent code in the next release)
• One you have the list of links to be created, creating the links is simply a matter of invoking the vxlan_link.sh script as follows (assuming the intermediate bridge is called brhapd (the default) and vxlan being created for AP Group is 5000

sudo /opt/micronets-gw/bin/vxlan_lin.sh add -b brhapd -x 5000 -i X.X.X.X 
# X.X.X.X refers to the IP address of the other gateway to which you want to setup the link

Repeat the above command on each gateway as needed.
Now you have an operational AP group.

Release 1.0.65 (for Raspbian 10/Ubuntu 18.04 LTS)

Notes on this release

This release contains the following changes:

• Initial DPP2 provisioning/reprovisioning support (includes a new version
  of hostapd and wpa_supplicant binaries)
• The Micronet/device data model is now persisted to json files instead
  of the dnsmasq config file - which simplifies things and makes it easier
  to change the model.

Installation

If Micronets is already installed and running, you should stop the services first using:

sudo systemctl stop micronets-gw.service 
sudo systemctl stop micronets-hostapd.service 

You might also want to save /opt/micronets-gw/config.py if you've made changes to this file.

Installing Dependent Packages

On Ubuntu 18.04, most of the dependancies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get install dnsmasq openvswitch-switch python3 virtualenvwrapper

Installing micronets hostapd (to support wireless micronets)

This release includes a version of hostapd for Raspian 10 that includes openvswitch and DPP Reconfigure support. It can be downloaded and installed using:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/1.0.65/micronets-hostapd-1.0.25.arm.deb
sudo dpkg -i micronets-hostapd-1.0.25.arm.deb 

To start micronets-hostapd service, and set it for autostart:

sudo systemctl enable micronets-hostapd.service
sudo systemctl start micronets-hostapd.service

You can check to see if the gateway service is running with:

sudo systemctl status micronets-hostapd.service

A Station client (wpa_supplicant) supporting a prototype implementation of DPP reconfigure can be downloaded using:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/1.0.65/micronets-wpa_supplicant.1.0.25.tar.gz

Note that you should only install this client if you're interested in testing DPP reconfigure on a Raspberry Pi.

The hostapd source and other releases can be found at the Micronets hostapd guthub repo.

Installing the Micronets Gateway Service on Ubuntu 18.04:

The Micronets Gateway Service is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Ubuntu 18.04. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/1.0.65/micronets-gw-1.0.65-U18.04.deb
sudo dpkg -i micronets-gw-1.0.65-U18.04.deb 

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the ifup/down and dnsmasq extension scripts for the configuration of openvswitch and the micronets-gw service via /etc/network/interfaces,
3. install a sample ifupdown "interfaces" file in /opt/micronets-gw/doc/interfaces.sample, and
4. install a systemd micronets-gw-service service control file

To start micronets-gw service, and set it for autostart:

sudo systemctl enable micronets-gw.service
sudo systemctl start micronets-gw.service

You can check to see if the gateway service is running using:

sudo systemctl status micronets-gw.service

Configuration

If this is the first install of the Micronets gateway, copy /opt/micronets-gw/doc/micronets.sample to /etc/network/interfaces.d/micronets and modify to suit your system.

If you have one wired and one wireless interface you want to enable for micronets, this should just be a matter of replacing interface names. e.g. If you want to enable interface eth1 as a wired micronet, and wlan0 for wireless micronets, lines in the interfaces file would appear respectively as:

#
# A wired interface managed by the Micronets gateway
#
allow-brmn001 eth1 
iface eth1inet manual
  ovs_type OVSPort
  ovs_bridge brmn001
  ovs_port_req 4
  ovs_port_initial_state blocked

#
# A wireless interface managed by the Micronets gateway
#
allow-brmn001 wlan0
iface wlan0 inet manual
  ovs_type OVSPort
  ovs_bridge brmn001
  ovs_port_req 3
  ovs_port_initial_state blocked

and ensure the bridge entry contains a ovs_ports line referring to the micronet interfaces. e.g.

and the bridge defintion would include the line:

auto brmn001
allow-ovs brmn001
iface brmn001 inet manual
  ovs_type OVSBridge
  ...
  # the ovs_ports should list all wired and wireless interfaces under Micronets management
  ovs_ports diagout1 eth1 wlan0
  ...

Note that more than one wired interface can be setup for micronets. Each needs to have a discreet "ovs_port_req" number and needs to be included in the bridge entry's "ovs_ports" line.

To setup the uplink interface (the interface used to connect to the internet), ensure the entry in the interfaces file for that interface is setup correctly for the network. e.g. if the uplink interface is eth0 and get its address via DHCP, the definition would be:

#
# The uplink port
#
auto eth0
iface eth0inet dhcp

and ensure the bridge entry contains a ovs_bridge_uplink_port line referring to the uplink interface. e.g.

auto brmn001
allow-ovs brmn001
iface brmn001 inet manual
  ovs_type OVSBridge
  ...
  # This is the port that's connected to the Internet
  ovs_bridge_uplink_port eth0
  ...

The default configuration of the Micronets Gateway Service presumes the Micronets hostapd will be installed and running. If you're only running Micronets for wired networks, remove any wireless interface definitions from the /etc/network/interfaces.d/micronets file and change the following setting at the end of /opt/micronets-gw/config.py:

class DefaultConfig (LocalWirelessTestingConfig):
    pass

and change it to:

class DefaultConfig (LocalWiredTestingConfig):
    pass

Finally, to enable the Micronets gateway service to be started using systemctl, run the following bash commands:

sudo systemctl enable micronets-gw.service 
sudo systemctl start micronets-gw.service 

Ensure that the file /etc/network/interfaces contains the line:

source-directory interfaces.d

And reboot the gateway to apply the changes to the /etc/network/interfaces.d/micronets file

Operation

Micronets can be defined on the local gateway using the local Micronets Gateway REST API.

Initially the list of micronets should be empty. This can be verified by running:

curl -X GET  http://localhost:5000/micronets/v1/gateway/micronets

which should return:

{
  "micronets": []
}

if the service is configured and operating.

Defining Wireless Micronets

To create a micronet on the wireless interface (e.g. wlan0), you can use:

curl -X POST -H "Content-Type: application/json" -d '{
        "micronet": {
            "micronetId": "micronet-1",
            "vlan": 1001,
            "ipv4Network": {
                "network": "10.135.1.0",
                "mask": "255.255.255.0",
                "gateway":"10.135.1.1"
            },
            "interface": "wlan0"
        }
    }' http://localhost:5000/micronets/v1/gateway/micronets

Multiple micronets can be defined on a wireless interface. The networkAddress elements needs to be compatible with the addresses defined for the micronets bridge in the /etc/network/interfaces.d/micronets file. e.g. This definition would allow for 5 micronets to be defined:

iface brmn001 inet static
  address 10.135.1.1/24

iface brmn001 inet static
  address 10.135.2.1/24

iface brmn001 inet static
  address 10.135.3.1/24

iface brmn001 inet static
  address 10.135.4.1/24

iface brmn001 inet static
  address 10.135.5.1/24

And to provision a device in the new wireless micronet defined above (using a PSK):

curl -X POST -H "Content-Type: application/json" -d '{
       "device": {
           "deviceId": "mydevice-001",
           "macAddress": {
               "eui48": "00:00:11:11:22:22"
           },
           "networkAddress": {
               "ipv4": "10.135.1.100"
           },
           "psk": "abcd1234"
       }
}' http://localhost:5000/micronets/v1/gateway/micronets/micronet-1/devices

Devices can also be provisioned for wireless Micronets using DPP. This isn't covered in this brief introduction.

Defining Wired Micronets

A wired micronet can be defined similar to a wireless micronets. But only one wired micronet can be defined on a wired interface. e.g.

curl -X POST -H "Content-Type: application/json" -d '{
        "micronet": {
            "micronetId": "micronet-5",
            "ipv4Network": {
                "network": "10.135.5.0",
                "mask": "255.255.255.0",
                "gateway":"10.135.5.1"
            },
            "interface": "eth1"
        }
    }' http://localhost:5000/micronets/v1/gateway/micronets

Adding a device to this wired Micronet is similar to adding a device to a wireless micronet. e.g.

curl -X POST -H "Content-Type: application/json" -d '{
       "device": {
           "deviceId": "mydevice-002",
           "macAddress": {
               "eui48": "00:00:11:11:22:33"
           },
           "networkAddress": {
               "ipv4": "10.135.5.100"
           }
       }
}' http://localhost:5000/micronets/v1/gateway/micronets/micronet-5/devices

Retrieving Micronet and device definitions

The list of currently defined Micronets can be retrieved using:

curl http://localhost:5000/micronets/v1/gateway/micronets

and the list of devices provisioned for a Micronet (e.g. "micronet-1") can be retrieved using:

Release 1.0.63 (for Raspbian 10/Ubuntu 18.04 LTS)

Notes on this release

This release contains the following changes:

• A couple fixes for DPP onboarding to handle eventing when a websocket connection isn't enabled

Installation

If Micronets is already installed and running, you should stop the services first using:

sudo systemctl stop micronets-gw.service 
sudo systemctl stop micronets-hostapd.service 

You might also want to save /opt/micronets-gw/config.py if you've made changes to this file.

Installing Dependent Packages

On Ubuntu 18.04, most of the dependancies are provided by the distribution.

To install the required distribution-provided packages, perform the following steps:

sudo apt-get update
sudo apt-get -y install dnsmasq openvswitch openvswitch-switch libopenvswitch python3.6 python3-virtualenv python3.6-pip

Installing micronets hostapd (to support wireless micronets)

This release includes a version of hostapd for Raspian 10 that includes a prototype implementation of DPP Reconfigure support. It can be downloaded and installed using:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/1.0.63-u18.04/micronets-hostapd-armhf-1.0.22.deb
sudo dpkg -i micronets-gw-1.0.63-U18.04.deb 

A Station client (wpa_supplicant) supporting a prototype implementation of DPP reconfigure can be downloaded using:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/1.0.63-u18.04/micronets-wpasupplicant-armhf-1.0.22.tar.gz

The hostapd source and other releases can be found at the Micronets hostapd guthub repo.

Installing the Micronets Gateway Service on Ubuntu 18.04:

The Micronets Gateway Service is architecture-neutral. But the Debian package dependancies vary by release. The Debian installer included in this release is authored for Ubuntu 18.04. To install it run the following bash commands:

curl -L -O https://github.com/cablelabs/micronets-gw/releases/download/1.0.63-u18.04/micronets-gw-1.0.63-U18.04.deb
sudo dpkg -i micronets-gw-1.0.63-U18.04.deb 

Installing the micronets-gw package will:

1. install the micronets gateway service in the /opt/micronets-gw directory,
2. install the ifup/down and dnsmasq extension scripts for the configuration of openvswitch and the micronets-gw service via /etc/network/interfaces,
3. install a sample ifupdown "interfaces" file in /opt/micronets-gw/doc/interfaces.sample, and
4. install a systemd micronets-gw-service service control file

Configuration

If this is the first install of the Micronets gateway, copy /opt/micronets-gw/doc/micronets.sample to /etc/network/interfaces.d/micronets and modify to suit your system.

If you have one wired and one wireless interface you want to enable for micronets, this should just be a matter of replacing interface names. e.g. If you want to enable interface eth1 as a wired micronet, and wlan0 for wireless micronets, lines in the interfaces file would appear respectively as:

#
# A wired interface managed by the Micronets gateway
#
allow-brmn001 eth1 
iface eth1inet manual
  ovs_type OVSPort
  ovs_bridge brmn001
  ovs_port_req 4
  ovs_port_initial_state blocked

#
# A wireless interface managed by the Micronets gateway
#
allow-brmn001 wlan0
iface wlan0 inet manual
  ovs_type OVSPort
  ovs_bridge brmn001
  ovs_port_req 3
  ovs_port_initial_state blocked

and ensure the bridge entry contains a ovs_ports line referring to the micronet interfaces. e.g.

and the bridge defintion would include the line:

auto brmn001
allow-ovs brmn001
iface brmn001 inet manual
  ovs_type OVSBridge
  ...
  # the ovs_ports should list all wired and wireless interfaces under Micronets management
  ovs_ports diagout1 eth1 wlan0
  ...

Note that more than one wired interface can be setup for micronets. Each needs to have a discreet "ovs_port_req" number and needs to be included in the bridge entry's "ovs_ports" line.

To setup the uplink interface (the interface used to connect to the internet), ensure the entry in the interfaces file for that interface is setup correctly for the network. e.g. if the uplink interface is eth0 and get its address via DHCP, the definition would be:

#
# The uplink port
#
auto eth0
iface eth0inet dhcp

and ensure the bridge entry contains a ovs_bridge_uplink_port line referring to the uplink interface. e.g.

auto brmn001
allow-ovs brmn001
iface brmn001 inet manual
  ovs_type OVSBridge
  ...
  # This is the port that's connected to the Internet
  ovs_bridge_uplink_port eth0
  ...

The default configuration of the Micronets Gateway Service presumes the Micronets hostapd will be installed and running. If you're only running Micronets for wired networks, remove any wireless interface definitions from the /etc/network/interfaces.d/micronets file and change the following setting at the end of /opt/micronets-gw/config.py:

class DefaultConfig (LocalWirelessTestingConfig):
    pass

and change it to:

class DefaultConfig (LocalWiredTestingConfig):
    pass

Finally, to enable the Micronets gateway service to be started using systemctl, run the following bash commands:

sudo systemctl enable micronets-gw.service 
sudo systemctl start micronets-gw.service 

Ensure that the file /etc/network/interfaces contains the line:

source-directory interfaces.d

And reboot the gateway to apply the changes to the /etc/network/interfaces.d/micronets file

Operation

Micronets can be defined on the local gateway using the local Micronets Gateway REST API.

Defining Wireless Micronets

To create a micronet on the wireless interface (e.g. wlan0), you can use:

curl -X POST -H "Content-Type: application/json" -d '{
        "micronet": {
            "micronetId": "micronet-1",
            "vlan": 1001,
            "ipv4Network": {
                "network": "10.135.1.0",
                "mask": "255.255.255.0",
                "gateway":"10.135.1.1"
            },
            "interface": "wlan0"
        }
    }' http://localhost:5000/micronets/v1/gateway/micronets

Multiple micronets can be defined on a wireless interface. The networkAddress elements needs to be compatible with the addresses defined for the micronets bridge in the /etc/network/interfaces.d/micronets file. e.g. This definition would allow for 5 micronets to be defined:

iface brmn001 inet static
  address 10.135.1.1/24

iface brmn001 inet static
  address 10.135.2.1/24

iface brmn001 inet static
  address 10.135.3.1/24

iface brmn001 inet static
  address 10.135.4.1/24

iface brmn001 inet static
  address 10.135.5.1/24

And to provision a device in the new wireless micronet defined above (using a PSK):

curl -X POST -H "Content-Type: application/json" -d '{
       "device": {
           "deviceId": "mydevice-001",
           "macAddress": {
               "eui48": "00:00:11:11:22:22"
           },
           "networkAddress": {
               "ipv4": "10.135.1.100"
           },
           "psk": "abcd1234"
       }
}' http://localhost:5000/micronets/v1/gateway/micronets/micronet-1/devices

Devices can also be provisioned for wireless Micronets using DPP. This isn't covered in this brief introduction.

Defining Wired Micronets

A wired micronet can be defined similar to a wireless micronets. But only one wired micronet can be defined on a wired interface. e.g.

curl -X POST -H "Content-Type: application/json" -d '{
        "micronet": {
            "micronetId": "micronet-5",
            "ipv4Network": {
                "network": "10.135.5.0",
                "mask": "255.255.255.0",
                "gateway":"10.135.5.1"
            },
            "interface": "eth1"
        }
    }' http://localhost:5000/micronets/v1/gateway/micronets

Adding a device to this wired Micronet is similar to adding a device to a wireless micronet. e.g.

curl -X POST -H "Content-Type: application/json" -d '{
       "device": {
           "deviceId": "mydevice-002",
           "macAddress": {
               "eui48": "00:00:11:11:22:33"
           },
           "networkAddress": {
               "ipv4": "10.135.5.100"
           }
       }
}' http://localhost:5000/micronets/v1/gateway/micronets/micronet-5/devices

Retrieving Micronet and device definitions

The list of currently defined Micronets can be retrieved using:

curl http://localhost:5000/micronets/v1/gateway/micronets

and the list of devices provisioned for a Micronet (e.g. "micronet-1") can be retrieved using:

curl http://localhost:5000/micronets/v1/gateway/micronets/micronet-1/devices

Checking the operation of the Micronets Gateway:

The status of the Micronets bridge and various settings can be checked by running:

sudo /opt/micronets-gw/bin/status 

and to examine the flow of packets through the micronets bridge:

sudo /opt/micronets-gw/bin/watch-ovsrules