ESP32 OTA firmware update using MQTT over SSL

My recent IoT projects are capable of performing OTA firmware updates, I have previously blogged about the importance of this capability.

I normally use MQTT over SSL as a means of communication between the edge nodes and the cloud backend, and the devices are subscribed to a dedicated ‘firmware notifications’ topic that alerts them of the latest available firmware version. If a newer firmware version is available, the devices make an HTTPS GET request to a remote firmware provisioning server to fetch the OTA binary image.

These requests are sometimes blocked by restrictive firewalls, leaving the edge nodes incapable of performing an OTA firmware update. To solve this issue, I decided to try to deliver the firmware over MQTT. It is also a simplification of the process, as no additional memory-expensive HTTP SSL connection is opened, but rather the already open MQTT channel is used.

While this approach solves one problem, it may not scale well. Imagine pushing new firmware to 10K connected devices, that would put a lot of strain to the MQTT broker that will need to route the 1MB+ bin file to all these devices simultaneously. The old approach where a static firmware binary was available on a remote CDN over HTTPS is much less resource demanding. I’ll keep this option as ‘plan B‘ in case the ‘normal’ OTA over HTTPS fails.

A short video demonstration of ESP32 OTA firmware update over MQTTS using Node-RED as firmware provider: