OTAA fCnt rollover action

Hi,

I’m using OTAA mode to activate my devices (SAMR34 custom board). I’m not sure what happens when there is a fCnt rollover, LoRaWAN sepcification don’t mention this. I found a comment here that says node should rejoin after there is a counter rollover.

I tried to test this by disabling the frame-counter validation (maybe this disables rejoin?), then transmitting uplink message with fCnt 65535 value. When I look up the values after the rollover I can see that app server counter is 65536, AppSKey and NwSKey are the same. Only sign that the counter has overflowed is that in Frame header fCnt value is back to 0 (well thats not suprising since FCnt size is only 16 bits)

Note that (according the latest specs) device must implement a 32bit frame-counter, so going from 65535 to 65536 is expected behavior. The device does however only use the 16 least significant bits as FCnt value in the LoRaWAN frames. The NS / LoRa Server will recover the full 32bit frame-counter from the FCnt (as it keeps track of the device state).

1 Like

@brocaar I forgot to mention that I’m using 1.0.3 LoRaWAN specs. Neither 1.0.3 nor 1.1 mentions what should happen after counter overflow.

655 The end-device SHALL NEVER reuse the same FCntUp value with the same application or
656 network session keys, except for retransmission of the same confirmed or unconfirmed
657 frame.

That means NS/Node should generate new session keys every 65535 uplinks?

1 Like