Home » IoT Networking: MQTT, CoAP, LoRaWAN, NB-IoT, Edge Computing และ IoT Security Architecture
IoT Networking: MQTT, CoAP, LoRaWAN, NB-IoT, Edge Computing และ IoT Security Architecture
IoT Networking: MQTT, CoAP, LoRaWAN, NB-IoT, Edge Computing และ IoT Security Architecture
IoT Networking เชื่อมต่ออุปกรณ์ IoT หลายพันล้านตัวเข้ากับ network MQTT เป็น lightweight messaging protocol, CoAP เป็น RESTful protocol สำหรับ constrained devices, LoRaWAN ส่งข้อมูลระยะไกลด้วยพลังงานต่ำ, NB-IoT ใช้โครงข่ายมือถือสำหรับ IoT, Edge Computing ประมวลผลใกล้แหล่งข้อมูล และ IoT Security Architecture ป้องกันอุปกรณ์ที่มี resource จำกัด
IoT เป็น ตลาดที่เติบโตเร็วที่สุด: คาดว่าจะมี 30+ billion IoT devices ภายในปี 2568 แต่ปัญหาใหญ่คือ security — Mirai botnet (2016) ใช้ IoT devices 600,000+ ตัวโจมตี DDoS → ทำให้ internet ล่มบางส่วน IoT devices มี CPU/memory น้อย → ใช้ TLS/IPsec ปกติไม่ได้ → ต้อง lightweight protocols + proper security architecture
IoT Communication Protocols
| Protocol |
Type |
Transport |
Best For |
| MQTT |
Pub/Sub messaging |
TCP (port 1883/8883) |
Telemetry, monitoring, remote control — most popular IoT protocol |
| CoAP |
RESTful (GET/PUT/POST) |
UDP (port 5683) |
Constrained devices, resource discovery, low overhead |
| HTTP/HTTPS |
Request/Response |
TCP (port 80/443) |
Cloud APIs, web integration — heavy for constrained devices |
| AMQP |
Message queuing |
TCP (port 5672) |
Enterprise messaging, reliable delivery, complex routing |
| WebSocket |
Full-duplex |
TCP (port 80/443) |
Real-time bidirectional: dashboards, live monitoring |
MQTT Deep Dive
| Feature |
รายละเอียด |
| Architecture |
Publish/Subscribe: publishers send to topics → broker distributes to subscribers |
| Broker |
Central server: Mosquitto (open source), HiveMQ, EMQX, AWS IoT Core |
| Topics |
Hierarchical: home/livingroom/temperature, factory/line1/sensor/pressure |
| QoS Levels |
QoS 0: at most once (fire & forget) | QoS 1: at least once | QoS 2: exactly once |
| Retained Messages |
Broker stores last message per topic → new subscribers get latest value immediately |
| Last Will |
Client registers “will” message → broker publishes if client disconnects unexpectedly |
| Lightweight |
Minimum packet: 2 bytes header → runs on microcontrollers with 256KB RAM |
LPWAN Technologies
| Technology |
Range |
Data Rate |
Power |
Use Case |
| LoRaWAN |
2-15 km (urban/rural) |
0.3-50 kbps |
10+ years battery |
Smart agriculture, environmental monitoring, asset tracking |
| NB-IoT |
1-10 km (cellular coverage) |
Up to 250 kbps |
10+ years battery |
Smart metering, parking, infrastructure monitoring |
| Sigfox |
3-50 km |
100-600 bps |
10+ years battery |
Simple telemetry: temperature, humidity, open/close |
| LTE-M |
Cellular coverage |
Up to 1 Mbps |
5-10 years battery |
Asset tracking with mobility, wearables, voice support |
Edge Computing
| Feature |
Cloud Only |
Edge + Cloud |
| Latency |
50-200ms (round trip to cloud) |
1-10ms (local processing) |
| Bandwidth |
All data sent to cloud (expensive) |
Process locally → send only results/alerts (90%+ reduction) |
| Reliability |
Depends on internet connection |
Works offline → sync when connected |
| Privacy |
All data in cloud (compliance concern) |
Sensitive data stays local → only aggregated data to cloud |
| Use Case |
Analytics, ML training, long-term storage |
Real-time control, video analytics, anomaly detection |
| Platforms |
AWS IoT, Azure IoT Hub, GCP IoT Core |
AWS Greengrass, Azure IoT Edge, Google Edge TPU, K3s |
IoT Security Architecture
| Layer |
Threats |
Controls |
| Device |
Default credentials, firmware vulnerabilities, physical tampering |
Unique credentials, secure boot, firmware signing, hardware security (TPM) |
| Communication |
Eavesdropping, man-in-the-middle, replay attacks |
TLS/DTLS encryption, certificate-based auth, message signing |
| Network |
Unauthorized access, lateral movement, DDoS |
Network segmentation (separate IoT VLAN), NAC, firewall, IDS |
| Platform/Cloud |
API vulnerabilities, data breach, misconfiguration |
API security, encryption at rest, access controls, monitoring |
| Application |
Injection, broken authentication, insecure updates |
Input validation, OAuth 2.0, signed OTA updates, code review |
IoT Network Design
| Practice |
Detail |
| Segmentation |
Separate VLAN for IoT devices — never mix with corporate network |
| Gateway |
IoT gateway aggregates device data → protocol translation → secure upstream connection |
| Scalability |
Design for 10x growth — IoT deployments grow fast |
| IPv6 |
Use IPv6 for IoT (enough addresses) — 6LoWPAN for constrained networks |
| Monitoring |
Monitor IoT traffic patterns — detect anomalies (compromised devices) |
| OTA Updates |
Secure over-the-air firmware updates — signed, encrypted, rollback capable |
ทิ้งท้าย: IoT = Billions of Devices Need Proper Networking + Security
IoT Networking Protocols: MQTT (pub/sub, most popular), CoAP (RESTful/UDP), HTTP (heavy), AMQP (enterprise) MQTT: broker-based pub/sub, QoS 0/1/2, retained messages, last will, 2-byte minimum — runs on microcontrollers LPWAN: LoRaWAN (2-15km, 10yr battery), NB-IoT (cellular), Sigfox (simple telemetry), LTE-M (mobility) Edge Computing: local processing (1-10ms), 90% bandwidth reduction, offline capable, privacy — AWS Greengrass, Azure IoT Edge Security: device (secure boot, unique creds), communication (TLS/DTLS), network (segmentation), platform (API security) Design: separate VLAN, IoT gateway, IPv6/6LoWPAN, monitor anomalies, secure OTA updates, plan for 10x growth Key: 30B+ devices by 2568 — proper protocols + edge computing + security architecture = successful IoT deployment
อ่านเพิ่มเติมเกี่ยวกับ Network Programmability YANG NETCONF RESTCONF gNMI และ Wireless Enterprise WiFi 6 6E 7 Controller RF Design ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
