Setting up a Private Routing Environment

(Bouchezb) #64


I have recently installed a private TTN backend and I want to check everything is fine.
I have not gateway or device linked to my private network yet.
I’m looking for a simple procedure to send or receive data without hardware in order to validate the backend software installation.
I tried to send data with ttnctl devices simulate but this needs a registered device.

In the same way i’m looking for a way to monitor my backend in case of failure in one of the components.

Do you knwo some tools or a simple way to do that ?

(Yoikonomidis) #65

Hi all,

I would also be very interested in what bouchezb is asking above.
At the moment we have a private backend set up and we are trying to check it using real devices. However, we are facing some problems:
Using the Semtech packet forwarder in our gateway, I can see packets arriving at the Bridge server using the docker-compose logs. However, the Router server (I use mynetwork-router as ID) fails to forward the messages to the Broker. The DEBUG logs from the Router’s container are:

DEBUG rpc-client: call failed auth-type=token duration=1.048007ms error=rpc error: code = PermissionDenied desc = permission denied: unable to parse token: Auth server mynetwork-router not registered id=mynetwork-router method=/discovery.Discovery/AddMetadata service-name=router service-version=v2.9.0-dev-0c455d496d53c849bed3cac3b794ae51fa514e19 (2017-10-11T11:10:16Z)
DEBUG No brokers to forward message to ADR=true ADRAckReq=false Ack=false AppPayloadSize=12 Confirmed=false DataRate=SF7BW125 DevAddr=26010E32 DownlinkOptions=2 FCnt=13124 FPending=false FPort=1 Frequency=867300000 GatewayID=eui-b827ebfffe2fe441 Modulation=LORA PayloadSize=25 RSSI=-66 SNR=9.2

Is this an access token issue of the Router server? I mean, it seems the Router tries to access the AddMetadata function of the Discovery server but it fails because of a token error. I am confused as there is also a registration error mentioned in the same debug message regarding mynetwork-router. Where was the router supposed to be registered and isn’t? I am using ttn’s account server I have set up the backend using the instructions at

FYI, I have also tried the ttn packet forwarder but it just hangs at the point it tries to connect to the Router after it successfully retrieves the router id from the Discovery server. I have noticed the notification about ttn pcket forwarder so for now I will assume that it just doesn’t work and I shouldn’t be using it anyway.

I would appreciate any pointer or advice because we are really stuck at this point. We already have a couple of gateways and sensors and we cannot get the data through…


(Snschm) #66

Hey @Gig,
can you tell me, how you made the whole backend run on a RPi with gateway software?
I´m not sure, which tutorial i should use. Docker or localhost?

There are a few other questions i have.
Is Go Language needed?
How do i install the ttn master branch on Raspbian Jessie?
How can i configure the ttn.yml files for the different servers?

Thanks a lot.

(Gel) #68

I try to generate prefix with the command “broker register-prefix 26000000/20”.

But I get an error like this: error=permission denied: unable to parse token: Auth server mynetwork-networkserver not registered.

Also in the broker/ttn.yml they talk about the THE DISCOVERY ACCESS TOKEN THAT YOU GENERATED FOR THE **BROKER**. When is this generated?

(Debinaik) #69

I was trying to setup TTN private network locally , but while starting discovery server by using
ttn discovery --config ./discovery/ttn.yml, i got following error.

FATAL Error in gRPC proxy error=listen tcp bind: address already in use

My ttn.yml file follows …

id: mynetwork-discovery
tls: true
key-dir: discovery/
ttn-account-v2: ""
local: “file://discovery/”


  • ttn-account-v2
  • local

(Ti Mat1981) #70


I follow this guide to install my TTN private network.
I try to connect or server_ip:8080 with my browser. It display “Not Found” at the left upper corner.
I don’t understand why i don’t see the same page of TTN public network.



sure your server is running ?

(Ti Mat1981) #72

I suppose.
I run all
ttn discovery --config discovery/ttn.yml
ttn router --config router/ttn.yml
ttn networkserver --config networkserver/ttn.yml
ttn broker --config broker/ttn.yml
ttn handler --config handler/ttn.yml
gateway-connector-bridge --root-ca-file “bridge/ca.cert” --ttn-router “localhost:1900/mynetwork-router”

and i have no error.
How can i test if my server is running?

(Hylke Visser) #73

There is no webpage included in the backend, just an API. You can find the api methods in our api repository on Github ( for example) or in the Learn section of To interact with your private backend you can use ttnctl.

(Ti Mat1981) #74

Ok, thanks you. I didn’t understand this part.

(Petenorth) #75


I am running though

and trying to to get things to work within Openshift/Kubernetes .

Things seemed to have one reasonably OK but I am getting a message in the handler logs which looks like an error although categorized as DEBUG

DEBUG ccResolverWrapper: sending new addresses to cc: [{handler:1904 0 }]
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc4208a92b0, CONNECTING
DEBUG grpc: addrConn.createTransport failed to connect to {handler:1904 0 }. Err :connection error: desc = “transport: Error while dialing dial tcp i/o timeout”. Reconnecting…
DEBUG pickfirstBalancer: HandleSubConnStateChange: 0xc4208a92b0, TRANSIENT_FAILURE

I can do a curl etc from a different pod so I can’t see how how the network connectivity is a problem?

(Ianhaycox) #76

I have a similar problem that I believe is caused by our ISP messing with the TLS Handshaking traffic.

The same code works perfectly on an AWS EC2 instance, via a mobile hotspot and on my home ADSL connection, just the office connection fails (ISP - Virgin Business UK) with the same error as you.

Tests from the office bypassing all our firewalls etc (yes curl worked for me as well), always fail to get a response from the grpc calls, however other ISPs work fine.

I see it’s a private 172 address - but I suspect there may be some ports being blocked (?) on your network.

(Petenorth) #77

Thanks for the info.

I’ve created a deployment config for Openshift which puts all the containers into a single pod (this isn’t going into production so being able to individually scale different components isn’t an issue!) This basically mimics the first private network document of Hylke Visser.

This results in a successful deployment so far. Intend to verify with ttnctl shortly.