Hi,
I have a question to all users of leshan server.
Are there anyone who uses the Leshan Server behind a firewall and / or using load balancers?
Thinking about these problems:
Stateful firewall, I assume that when there is no active traffic between client and server, the server could not sent messages back to the client immediately at any time,
because the firewall will keep open the used IP/Port only for a certain time.
I think when using "Queue Mode Operation" messages are kept until the client will notify and then sent to the client. Otherwise messages are lost.
One solution could be changing the stateful firewall in non stateful, so that LWM2M packets are always transmitted in both direction. But this can lead to security gaps.
Another point is IP Masquerading or "Port and Address Translation" (PAT) which is often used from Load Balancers. Similar problem.
In this case the original IP/Port is replaced by an internal IP/Port and the mapping for corresponding addresses are only valid for certain time. Yes, a solution could be to increase this time but
this will dependent on whether the network infrastructure permits.
What are your experience?
I am happy about every ideas.
Thanks and kind regards,
Ingo
