Zenoh is an open-source platform that manages data in transit and at rest across the entire edge-to-cloud continuum, as well as facilitates computations on edge devices. Targeted applications include robotics, automotive, and IoT. Its low overhead makes it compatible with low-power or bandwidth-limited networks like LPWAN, LoWPAN, and Bluetooth Low Energy (BLE).
Zenoh is primarily written in Rust. It’s a pub/sub/query protocol that includes a set of unified abstractions and supports a variety of network topologies like routed, mesh, peer-to-peer, clique, and brokered (Figure 1).
It’s designed for efficient operation on resource-constrained devices and features a minimal wire overhead of 5 bytes. It can support latency as low as 13 µs and throughput up to 50 Gbps.
How does Zenoh work?
Zenoh supports both pub/sub and query mechanisms. For example, publishers send data to a specific topic, and subscribers interested in that topic receive the data. Alternatively, users can issue queries to retrieve specific data or perform computations on data stored in Zenoh.
Zenoh can store and access data in distributed locations, enabling efficient and flexible data placement and replication. The routing protocol is designed to ensure that data is efficiently routed between publishers and subscribers, even in large and distributed networks.
Zenoh allows users to optimize the level of reliability to suit application needs. Options range from best effort to guaranteed delivery. It can be integrated with other technologies like the Robot Operating System (ROS 2), Message Queuing Telemetry Transport (MQTT), and Data Distribution Service (DDS), expanding its utility and interoperability in edge environments.
Application example
A proof of concept (PoC) of how Zenoh can be applied in an automotive architecture consisting of four zones has been developed as an application example and used to analyze Zenoh’s security capabilities. Elements in the PoC are shown in Figure 2.
- Tire Sensors (sensor_ws1 through sensor_ws4) publish real-time measurements for tire pressure, temperature, and wear.
- Traction Control Systems (zone1_tcs through zone4_tcs), that subscribe to the respective zone sensor, but can also subscribe to data from other zones to support traction-related decisions using vehicle-wide data.
- Zonal Routers that handle communication within the respective zone and connect the zone with the central router to allow information exchanges between zones.
- Central Router that acts as the vehicle’s central gateway.
Security
Security is an important consideration in the applications targeted for Zenoh. The protocol includes several security features, beginning with authentication. It supports pluggable authentication mechanisms, including mutual transport layer security (mTLS) authentication, ensuring that only authorized entities can participate in the network.
It also supports secure communication channels, such as those enabled by TLS, to protect data in transit. Zenoh requires the initiating entity to support state-tracking using encrypted cookies, reducing the protocol’s attack surface. It can enforce fine-grained access control using access control lists (ACLs), restricting unauthorized data access.
Maybe most importantly, Zenoh is implemented in Rust and leverages the language’s integrated memory-safe capabilities. For example, Rust’s strict ownership and borrowing system ensures memory safety at compile time, eliminating common programming errors and supporting robust and reliable distributed systems.
Very good, but not perfect security
Zenoh addresses many security concerns associated with edge devices, providing the efficiency, flexibility, and compatibility required for resource-constrained hardware. But Zenoh does not have integrated support for end-to-end encryption (E2EE). That can be a significant limitation. It’s also an area where creative developers can take advantage of Zenoh’s flexibility and pluggable architecture.
For example, data can be encrypted by clients before it’s published to Zenoh and decrypted upon receipt. Challenges for developers can include implementing secure key management, secure key distribution, and lifecycle control.
Security plugins can be used to implement E2EE, but developers have the responsibility to vet the performance and application suitability of the plugins and ensure ongoing updates and maintenance.
Summary
Zenoh provides device and network designers with a new option for edge-to-cloud connectivity. It supports a variety of network topologies with low latencies and high throughput. It’s written in Rust and benefits from Rust’s memory-safe capabilities, providing a good level of basic security. A significant limitation for applications requiring more secure operation is the lack of native support for E2EE.
References
A Performance Study on the Throughput and Latency of Zenoh, MQTT, Kafka, and DDS, Arxiv
Eclipse Zenoh 1.0.0 Debuts, Redefining Connectivity for Robotics and Automotive, Eclipse Foundation
Realizing Zenoh with programmable dataplanes, ResearchGate
Scalable and Bounded-time Decisions on Edge Device Network using Eclipse Zenoh, IEEE
Zenoh performance: a stroll in Rust async wonderland, Eclipse Foundation
Zenoh Protocol Security Analysis, Census Cybersecurity Engineering
Zenoh the Zero Overhead Network Protocol, Eclipse Foundation
Zenoh: Unifying Communication, Storage and Computation from the Cloud to the Microcontroller, ResearchGate
EEWorld related content
How is Zephyr used for edge AI and sensors?
How does 5G help secure edge connectivity?
How does mobile edge computing work?
What specifications are needed for card edge connectors in AI/ML systems?
What are the performance requirements for multidrop SPE connectivity?
Leave a Reply