What is MQTT? Roger Light, Senior Developer at Cedalo and inventor of Mosquitto, joins Ryan Chacon on the IoT For All Podcast to discuss the MQTT protocol in IoT. They talk about the best uses cases for MQTT, alternatives to MQTT, the differences between MQTT brokers, MQTT security, how MQTT fits in the IoT journey, and the future of MQTT.

About Roger Light

Roger Light is the inventor of open-source Mosquitto (the leading MQTT broker in the world with more than 500 million Docker pulls), and he is the Senior Developer of Pro Mosquitto at Cedalo GmbH. Additionally, Roger is an Assistant Professor, Faculty of Engineering at The University of Nottingham.

Interested in connecting with Roger? Reach out on LinkedIn!

About Cedalo

Since its founding in 2017, Cedalo has been a reliable partner for the global development community. They have stood behind the well-known Mosquitto and Streamsheets open source projects by delivering high-quality and industrial grade versions of them to market with premium support. Currently, they are committed to further developing their Pro Edition for Eclipse Mosquitto and Pro Edition for Streamsheets so that customers can build modern software solutions without breaking their budget.

Key Questions and Topics from this Episode:

(00:11) Roger Light and Cedalo

(00:39) What is MQTT?

(01:44) MQTT alternatives

(02:36) Best use cases for MQTT

(04:06) What differentiates MQTT brokers?

(06:12) MQTT security

(08:18) Who are the MQTT stakeholders?

(09:34) Challenges in MQTT and IoT

(11:07) Future of MQTT

(13:20) Learn more and follow up


– [Ryan] Welcome Roger to the IoT For All Podcast. Thanks for being here this week.

– [Roger] Thanks for having me on.

– [Ryan] Yeah, it’s great to have you. I’m excited about this chat. Prior to jumping in, I wanted to have you give an introduction about yourself and the company to our audience. 

– [Roger] Sure thing. So, I’m Roger Light. I’m a senior developer and co-founder at Cedalo, project lead, the inventor of the the Mosquitto MQTT broker, and at Cedalo, we are commercializing that, adding extra features on, such as high availability, and we’re offering support for people who are using the open source version of the broker as well.

– [Ryan] And for our audience who may not be as familiar with what MQTT is, what an MQTT broker is, can you explain that just so they can have a little bit of context and understand how that all works and kind of fits into the space? 

– [Roger] MQTT is a communication protocol. Much like HTTP is used to send web pages when you’re browsing the web, MQTT is often used by devices to communicate with one another. It’s a very lightweight protocol and works on a principle of publish and subscribe. So, clients will connect to a central broker, which is what Mosquitto does, and they will then subscribe to topics that are of interest to them. And then other clients will publish to those topics.

So, you can have a, for example, a wide range of devices like your sensors that are reporting back to the broker, and then maybe an application on the back end which subscribes to those topics that they’re being published to, and so can then aggregate that data and use it for whatever is needed.

– [Ryan] Are there alternatives to MQTT? I’ve heard of, I’ve heard just from a lot of people that MQTT is pretty dominant in the IoT space when it comes to being able to connect devices and the information, is that something that kind of really leads the way or are there other alternatives on how this kind of similar thing can be done?

– [Roger] I think MQTT is the dominant protocol in this area. All the big cloud providers offer support. There are alternatives though. So, I guess it depends on where you’re coming from really. But there’s a co op, which is one alternative. I said MQTT is lightweight, which is true. It’s much lighter weight than HTTP. But if you wanted to go even more lightweight, then there are things like LoRaWAN or things like that where you’re talking about really, really low battery requirements needed. 

– [Ryan] With MQTT, are there particular use cases or applications that it’s better suited for or that it’s usually used within?

– [Roger] I guess it’s easy to talk about the places where it does fit. There’s a lot of places use it for, monitoring, is a big thing. So like I said before, devices are sending data back to a back end, so one of the first places that started using Mosquitto was an electricity company in Iceland who were using it to monitor electricity usage.

We see in Cedalo, we see an awful lot of customers that are in the manufacturing space wanting to look at their production lines, keep quality control. It’s the sort of Industry 4.0 revolution looking at being able to really monitor your processes and get that information in and hence being able to improve manufacturing.

I’ll mention some of the things that I’ve been particularly excited about with Mosquitto. I guess about six years ago, there was a talk given by a guy who worked for a company in the UK called Resonate who were using MQTT and Mosquitto and the Eclipse project as well to use as part of the UK railway network. So looking at that, they were using that as part of the signaling and controlling of UK rail, which is just, I think that sort of stuff’s really nice when you find out about that.

– [Ryan] What makes a broker, one broker, different than another broker? I know there are other companies who are in the MQTT space. So just out of curiosity, if I’m listening to this and trying to understand how to evaluate different brokers or what’s the difference, like what could be the difference between one broker versus another, not necessarily like from a sales pitch standpoint, but just like what are their, what could potentially differentiate brokers between each other?

– [Roger] Yeah, no, it’s a good point. So, you would hope all of the brokers are going to be standards compliant, first off. So that’s, that shouldn’t be a differentiator. The kind of things where you start to see differences. A good place is when you talk about the offerings from Azure, for example.

They offer an MQTT service, but it is not a general purpose MQTT service. So you have to have, so there’s these topics that I mentioned that you subscribe or publish to. They have specific device related topics. You can’t just use whatever topic you want for that. So that’s a kind of a restriction. And maybe they aren’t going to offer full support for all of the protocol. Now if you’re looking at more of the broker, brokers that you might be running yourself, I guess the kind of thing that you might want to think about there is where it is that you want your broker to run. So Mosquitto, for example, is extremely efficient as run on very low power devices.

So, I think maybe like a 32 megabytes of RAM device with a single very low power Arm core is the lowest I’ve ever heard of it being used. And then, but it does also scale up really, really well to larger devices. But so if you’re on that constrained side of things, then something like Mosquitto might be good. If not, then maybe if you’ve got lots of infrastructure available, then you might want to look at a different broker, or at least you could do. 

– [Ryan] Anytime data is being transferred, we always like to talk about the security elements and aspects of things. So what are the core aspects when it comes to MQTT on the security side that people need to know about, think about, be considering, that kind of stuff?

– [Roger] You should be using encrypted connections wherever you can. That’s the first thing. That’s the same for pretty much everything these days. So, you would hope that it would go without saying, but certainly worth repeating. Authentication on MQTT can be done by a username and password or by more custom authentication mechanisms.

And I guess the other very important thing to talk about is like your authorization. So what devices have got access to which topics, so you can segregate devices based on what they’re allowed to, what topics they’re allowed to talk to and receive data from, so you clearly got a distinction between devices that are reporting data, for example, and ones that are receiving.

Those, in the examples that I’ve given where we’ve got these sensors sending data back to a backend, each of those sensors really should be only able to publish, I would guess, to a single topic. And there’s no reason for them to receive any data, so they shouldn’t be allowed to subscribe. So, you really got strict control of where that data is going. Something that’s quite nice on a security point of view, which is maybe used more commonly in MQTT than it might be in other places, is to build on that encrypted connection and actually make use of client certificates. So this is where the authentication, so normally when you do a TLS connection, getting a little bit technical, you are verifying that the server certificate matches one that you trust. And then your client will go and connect. That’s the same when you’re connecting to a secure website. But what we can also do is do the same thing the opposite way around. That the broker will only allow the client to connect if the client has a valid certificate. And so that’s more secure than using username and passwords, and it’s one of those things that I’m glad to see that there are more people starting to be interested in doing that way of things because it’s, really does have a, does have a lot of benefits.

– [Ryan] So when it comes to bringing in MQTT into a solution, who usually drives that kind of element of it. So, let’s say I’m looking to adopt a solution and or build a solution, let’s say, how do you play with the other components of an IoT solution? Like the hardware manufacturers, the software providers in the application layer, the connectivity companies, how do you partner with or play in with those companies? Or is it something that they reach out to you, bring you in and just curious what that dynamic is usually like? 

– [Roger] What we’ve been doing is working with individual customers rather than with those kinds of aspects that you were just talking about. So a customer will come to us and say, we’re interested in doing some MQTT integration, can you help us with this? And depending on what’s, their needs are, we will help them as required. MQTT has been around for a little while now, so we have the whole range of customers from people who have already made an implementation and are wishing to change their broker for whatever reason to hopefully get the benefits of moving to Mosquitto, or we’ve got people who are, have heard of MQTT, have heard they’ve been told they need it, but they don’t know anything about it, and can they advise us, can we advise them, so really have got not the knowledge and really need that help with the architecture and the whole setup really.

– [Ryan] And let me ask from everything that you all work on and different use cases you’re involved in, what are some of the challenges that you’re seeing in the space? Doesn’t have to be MQTT related per se, but just generally speaking, are there common challenges that you’ve seen organizations struggling with right now or things that people need to be thinking about in the IoT space in general?

– [Roger] I would say on this case, this can really vary. I think something that’s interesting about working in the MQTT space is that there’s such a variety of different requirements. So, some people will come to us, and they say they really got a huge amount of data to send through. And then they say they’re sending 100 messages a second with 20 clients.

You talk to other people, and they say we’ve got a million clients, and they have, but they’re only sending 10 messages per second total across all of those devices. So both of these, well, not the first case, but the second case certainly presents challenges. You’ve got to think about how best to deal with this huge number of clients in a way that’s appropriate for that customer.

And then if you went the other side of things where you’ve got something that just, a huge number of messages coming through in one second, then you say, okay, how are we going to scale that appropriately? What are the challenges resolved, involved in, which client needs to talk to which client.

There’s really all sorts of challenges we come across and it’s, and almost every single customer that comes in is different in some regard as to what they’re interested in doing. 

– [Ryan] Last thing I wanted to ask you before we wrap up here is around just the growth and the future of MQTT from your all’s perspective or just maybe even your own personal perspective, where is MQTT going?

What are the things that people should be looking out for as IoT continues to move forward? Just, are there different elements or things you’re excited about or looking forward to capabilities wise? I’m not sure exactly which angle you want to take this from, but just thinking about the growth and the future of it, what should people be on the lookout for?

– [Roger] There’s real a couple of interesting things to think about. One thing, I’m not too sure about how it’s going to take off, but there’s the, or how it’s going to get adopted, I should say, really, there is another initiative from Eclipse, which is the spark plug protocol, which then sits on top of MQTT and standardizes how devices can connect and indicate their presence and they can share data and data formats.

So, it’s giving a bit of a standardization on top of, further standardization, on top of MQTT, which should help to improve interoperability between systems and that sort of thing. So, that’s certainly something to watch out for and be interested in. The other side of things is not necessarily, not exactly MQTT, but it’s the next step, hopefully, from MQTT, which is MQTT-SN, which is an even lighter weight version of MQTT, which, I hope that things are going to start to become using less power, and we’re driving forward in a world where we can try and optimize power efficiency, so adopting something like MQTT-SN at the real edge of the network, where you’ve got very low power devices, I think it’s something to watch out for as well. 

– [Ryan] Oh, fantastic. I appreciate you coming on and shedding light on a lot of these MQTT topics. It’s something that we get asked about decent amount is people trying to understand what it is and how it’s playing a role in the space and what they need to understand about it and considerations that need to be made from their perspective.

So, I appreciate someone, an expert like yourself coming on and talking more about it. For our audience who wants to learn more, follow up, engage further potentially about what you all are doing or just anything related to this discussion, what’s the best way they can do that? 

– [Roger] So if you want to go to, find out about Cedalo and then cedalo.com, that’s, I guess you’re gonna put a link rather than me having to spell that out, and so you can find out all about our offerings there. Mosquitto is Mosquitto with two Ts and that’s mosquitto.org. You can get more things there. And I guess if people wanted to get in contact with me, I’m @ralight on Twitter.

– [Ryan] Roger, thank you so much again for taking the time. Really appreciate it and looking forward to getting this out to our audience. 

– [Roger] Lovely. Nice to talk to you.

Hosted By
IoT For All
IoT For All
IoT For All is creating resources to enable companies of all sizes to leverage IoT. From technical deep-dives, to IoT ecosystem overviews, to evergreen resources, IoT For All is the best place to keep up with what's going on in IoT.
IoT For All is creating resources to enable companies of all sizes to leverage IoT. From technical deep-dives, to IoT ecosystem overviews, to evergreen resources, IoT For All is the best place to keep up with what's going on in IoT.