A Thread Border Router connects a Thread network to other IP-based networks, such as Wi-Fi or Ethernet. A Thread network requires a Border Router to connect to other networks.
A Thread Border Router minimally supports the following functions:
- Bidirectional IP connectivity between Thread and Wi-Fi/Ethernet networks.
- Bidirectional DNS-based service discovery via mDNS (on a Wi-Fi/Ethernet link) and SRP (on a Thread network).
- Thread-over-infrastructure that merges Thread partitions over IP-based links.
- External Thread Commissioning (for example, a mobile phone) to authenticate and join a Thread device to a Thread network.
OpenThread's implementation of a Border Router is called OpenThread Border Router (OTBR), supporting a Radio Co-Processor (RCP) design. When choosing your platform, consider the following benefits of using RCP:
- More resources: OpenThread can take advantage of the host processor's resources, which is typically much more than what an 802.15.4 SoC provides.
- More cost effective: minimize resource requirements on the 802.15.4 SoC, which can lead to a more cost-effective solution.
- Easier to debug: since most of the processing happens on the host processor, you can utilize more capable debugging tools on the host processor.
- More stable 802.15.4 SoC firmware: the RCP only implements the sub-MAC and PHY, reducing the frequency at which the 802.15.4 SoC needs firmware updates.
- Easier integration with host IPv6 network stack: having OpenThread run on the host allows for more direct integration with the host IPv6 stack.
Features and services
OTBR includes a number of features, including:
- NAT64 for connecting to IPv4 networks
- DHCPv6 Prefix Delegation to obtain IPv6 prefixes for a Thread network
- Thread Border Agent to support external commissioning
Border Router services
OTBR provides the following services:
- mDNS Publisher — Allows an External Commissioner to discover an OTBR and its associated Thread network
- PSKc Generator — For generation of PSKc keys
OTBR firewall
OTBR uses iptables and ipset to implement the following ingress
filtering rules:
- Block inbound packets initiated with On-Link address sources, for example Off-Mesh Routable (OMR) and Mesh-Local prefix based addresses.
- Block inbound unicast packets whose destination address is not an OMR address or a Domain Unicast Address (DUA).
- Block inbound unicast packets whose source address or destination address is Link-Local. Note that this rule is handled by the kernel and not explicitly set.