TDMQ for MQTT supports both Virtual Private Cloud (VPC) and public network access.
VPC access: If your business applications (such as microservices or backend applications) are deployed using cloud services like Cloud Virtual Machine (CVM), Kubernetes Engine (TKE), or Serverless Cloud Function (SCF) and need to act as MQTT clients to publish or subscribe to messages, you can access the TDMQ for MQTT server through a VPC. A VPC offers lower latency and higher bandwidth, avoiding public network jitter and traffic fees.
Public network access: When your client is unable to access the VPC network, public network connection provides unmatched flexibility in the following scenarios: the client is a sensor, in-vehicle terminal, or smart home appliance typically deployed in large numbers and widely distributed; the client is a mobile device; or the client is deployed in a hybrid-cloud or cross-cloud environment without high-speed channels or dedicated network links.
Connection Instructions
|
VPC Connection | If the client and the MQTT cluster are deployed in the same VPC network, they can interconnect with each other by default, and no additional configuration is required. | Cloud-based service program | / |
| If the client and the MQTT cluster are deployed in different VPC networks, since VPC networks are logically isolated from each other, they cannot communicate directly. To enable cross-network communication, you can use Cloud Connect Network (CCN) to achieve VPC interconnection across different regions under the same account. |
| |
Public Network Connection | A dedicated public network route needs to be enabled, allowing clients to connect to the MQTT cluster via the public network. Since public networks are accessible from any environment, security policies need to be configured to restrict access by IP addresses, ensuring connection security. If the public network policy is left empty, all IP ranges are denied by default. | Device | |
Access Point Description
MQTT offers multiple types of access points, allowing you to use them in combination based on the transport protocol (TCP, WebSocket, or QUIC) and security requirements (plain text or TLS encryption), ensuring both security and high performance for communication.
Basic Concepts
TCP (Transmission Control Protocol)
TCP is a foundational Internet protocol that runs on top of the network layer (IP), offering a connection-oriented, reliable, and byte stream-based communication channel.
TLS (Transport Layer Security)
TLS is a security protocol that runs on top of TCP, establishing an encrypted and authenticated secure channel between clients and servers.
WebSocket
WebSocket is a communication protocol that provides a two-way communication channel over a single TCP connection, enabling efficient and real-time two-way communication between browsers and servers.
WebSocket over TLS (WebSocket Secure, WSS)
WebSocket over TLS is a secure communication protocol that adds a TLS encryption layer on top of the WebSocket protocol. It combines the full-duplex communication capability of WebSocket with the encryption-based security of TLS, establishing a secure WebSocket channel over HTTPS. This provides encrypted and real-time two-way communication between browsers and servers, widely used in real-time Web application scenarios requiring security guarantees.
QUIC
QUIC is a modern transport layer protocol and the sole underlying transport protocol for HTTP/3. Built on UDP, it features built-in encryption and multiplexing capabilities. Designed to address TCP's head-of-line (HOL) blocking, it offers faster connection establishment, lower latency, and improved network adaptability. The QUIC protocol integrates TLS 1.3-level security and supports connection migration and 0-RTT connection resumption, making it particularly suitable for mobile networks and high-performance Web applications.
Access Point Description
|
mqtt-tcp | 1883 | TCP | Standard non-encrypted connection with data transmitted in plain text. |
mqtt-tls | 8883 | TCP + TLS | Standard encrypted connection with a TLS encryption layer on the basis of TCP. |
mqtt-ws | 8888 | WebSocket, WebSocket + TLS | WebSocket plain-text connection for browser (Web) clients. (Used for compatibility with open beta versions and not recommended for use.) |
mqtt-ws-80 | 80 | WebSocket | WebSocket plain-text connection for browser (Web) clients, with unencrypted data transmission. Port 80 is specified. |
mqtt-wss-443 | 443 | WebSocket + TLS | WebSocket encrypted connection, which provides the same level of security as MQTT over TLS and the traversal capabilities of WebSocket. |
mqtt-quic | 14567 | QUIC | MQTT connection over QUIC protocol, which provides a modern transport method with low latency, multiplexing, and built-in encryption, and is suitable for mobile networks and high-performance scenarios. |