#Speaking of thread going to open one

I think you're asking for this view

...if I can get a screenshot to stick here

You’ll probably have to use an imgur type service

Only mods and devs can post images

It should have a list of networks and under each network the Brs attached to that network

https://imgur.com/JIFYiOE

"Main Bedroom" calling itself a border router is suspect, since that's the one that isn't even thread-capable.

I suspect it is

That is driven by a zeroconf service that only BRs have

I have a pre thread 4k Apple TV and it doesn’t have that service

It’s probably the first model that had a crap thread radio, tho

Interesting. I'll have a closer look at the model #s. Maybe I'm lucky.

well

I used to tell people to turn it off and their mesh would magically work better

and the crap thread radio would make sense. it's not very near any of the other thread devices

So the thing is the Linux ipv6 stack can’t “see” behind the Brs

It sees each Br as an equal route into the mesh

So if Ha consistently uses the bedroom br and your home app uses the “good” apple tv, it will both be broken and working at the same time

Ok, so what does the "Other networks" mean? This is where my knowledge of Thread falls apart quickly...

So right now HA doesn’t know the secret keys for any thread network

That means you don’t have a preferred network

So every network is “other”

BTW, one of those 3 eeros is hardwired to the "great room" appletv via ethernet.

The 2 thread networks are entirely separate

preferred by HA?

Its like having 2 WiFi networks, one with 3 APs and one with 2

Yes

That's what I thought (separate). What is allowing HA to see either one of them?

Ipv6 and mdns

The brs send ipv6 route announcements

Every device on that lan can add that route and use that subnet

Mdns allows us to find the names of those networks and their brs

OK. How to determine which devices are on which mesh?

They are probably on the apple mesh

I’m not sure how to tell in the Ui

But if you want to be certain you need an mdns browser

You can find the ipv6 address of an eve device

And then try and match it to your route thread diagnostics

Hmm. If so, the range on those sleepy devices is better than I thought. Not impossible - lots of open space without walls in that general area of my house.

The easiest test is actually to unplug both Apple TVs

And see if everything breaks

If it doesn’t then it’s using the eeros

Then try it without the “old” one and see if that behaves differently

Then just the “newer” one

The devices don't have a solid pairing to the HA Matter add-on. Only to HK on the Apple TVs. So if I pull the plug, I already know that would break...

Again, if they are on the eero network they won’t because that network will be fine.

Ideally, I would merge the two networks. Pipe dream?

They are probably not on that network so probably will break

But if you want to check it’s a quick way

That doesn’t involve ipv6 subnets

But how would I know they're fine, given that the HK devices are the only ones that give me any kind of status? THey're sleepy door & window sensors, so if they aren't connected to anything what's the indicator?

You could use the identify feature in the eve app or in Ha

So I don’t know what happens in “new” homekit architecture

I’m stuck on the old model

It used to initiate sessions directly from your phone

So you’d have it work without your Apple TVs

New homekit architecture maintains persistent connections from your primary hub

I assumed it would fallback to direct connections from your phone

I'm definitely in the "new" architecture. That was a whole other saga. I was on an iOS beta that led to the upgrade before apple withdrew it in December. Stranded with my AppleTV and one phone on the new architecture and the rest of my family and other AppleTV on the old, for a couple of months. Fun times 😄

Ugh

Right

And we can’t turn the eero network off because you’d have to turn your WiFi and Ethernet off pretty much?

So we either assume it is using the apple network or we have to break out zeroconf tools

I’m 90% sure it’ll be using the apple network

Hmm. Interesting question. Now that you mention it, the eero app does allow me to turn off thread. Might have to reboot the network, but it's something I could try this evening.

Well the risk is it changes the secret key when you turn it back on

Then you’d have to redo everything

If I do that, I'd expect to see:

1. Everything still works
2. The Apple network disappears from the HA Thread configuration

And that risk applies only if it turns out there's something using the eero network, right?

Yes

Gawd. I wonder if it's possible that those Eve devices have split themselves across both.

It’s probably unlikely , it’s only very recently that apple has started enabling other Br vendors to play in their garden and I can’t imagine it’s the kind of thing that you’d be able to do without noticing

If it’s even supported for eeero

HA only just got blessed with the entitlement for it to play in the apple garden

Honestly I’d start by turning off the “old” Apple TV and then maybe bouncing the matter addon

I mean there are 6 Eve devices, and I don't have any solid evidence that they're all on the same mesh. All I really know is they all somehow can get network packets to HK on the AppleTV(s).

and since there's a direct ethernet connection from one of those eeros the the appletv, the network route is plausible either way.

So if I was writing a matter stack I’d actually circumvent Linux. I’d use raw sockets instead, so they I controlled the UDP packets L2 frame. That would let matter (rather than Linux) control the border router to use

Then I’d track which devices were using which BR for their packets to me and use that as a hint of “best” br to target

Over my head, though I would question how you'd "circumvent Linux" while also producing a stack that works in a Docker container.

Raw sockets instead of udp sockets

You need a privileged container (though you could drop them after opening the socket)

Lol, so you're the guy who keeps creating privileged containers? Safety tip: avoid meeting my company's security team in a dark alley 😄

Oh no I’m the security guy leaving presents on your security teams door mat

Thanks for the offer, but I already have a 12 week old puppy...

The point was more that apple has the engineering talent to not be limited by traditional routing

This is true.

They could be picking their BRs in their client instead of handing it off to their kernel

Anyway

I'm less sanguine about eero though. They seem to have lost some, um, edge since the AMZN acquisition. Lots of rough edges that don't go away.

What I'll try this evening is turning off the eero thread capbility and rebooting the routers. Worst case is re-pairing 10 devices.

Try with one Apple TV at a time too

(6 eve door/window, which are Matter-capable, an Eve weather that isn't, and 3 Nanoleaf Essentials that aren't)

Then you know the home app and Ha are using the same route

Can't do any of these tests for a while - kinda need a stable network for my day job.

AIUI the reason matter is an addon is because they are using the reference code from matter itself, so it shouldn’t fundamentally be garbage unless it’s having trouble with network or mesh

AIUI?

As i understand it

8pm here so will be gone when you can test

ah, thanks

UK?

Yep

Northern California, so Pacific Daylight time here. Noon.

Based on earlier conversations on this Discord, the theory on what is killing Matter add-on might be related to IPv6 stack + Python on HAOS. I'm relatively new to HA and not a deep networking guy, so don't consider myself qualified to have a strong opinion on it.

Well - one strong opinion - let's not throw a thread overlay into the data centers 😄

Yes

I think the oakland guys at work would come shit on my door mat if I tried that

So trouble with thread and matter rn is how many variables there are

Your network hardware can kill it

(Cue some poor guy in a 45C data center staring at a rack trying to figure out which BLE device he's pairing)

Your RF environment can kill it

Good god the debugging we did on the kernel and network manager

HAOS was fundamentally incompatible with multiple Brs until HAOS10

Upstream is still fundamentally incompatible with multiple BRs

My HAOS (and Raspbian, for that matter) begins June 10 of this year, so not exactly deep. Before that, I was running Homebridge + Ubuntu on Le Potato.

https://github.com/home-assistant/operating-system/discussions/2333 is a good read to see the moving parts in thread from a Linux network stack pov

Thanks!

At least get a sense of what we did when it didn’t work

Partial result: turning off thread on the eeros caused all references to that network to disappear from all UIs (HA Thread, Eve, Nano). Every single device appeared to continue working.

I’ll take that as a strong hint that you’re right about them all sitting on the Apple thread mesh

The two AppleTVs are an A2169 and A2843. Apple specs say you’re right about that too: both do have Thread. I assume the A2169 has the crappy Thread radio you mentioned?

I assume so

To be fair to it, all the incidents I remember were where that model of ATV was in an enclosed space surrounded by many a HDMI, USB and power cable.

So far, so good for mine, apparently. It's in an open spot with only its own HDMI and power. It's conceivably in range for anything that the main one can reach - slightly more central in my house, but a floor above. The "good" one is actually in a tougher spot w.r.t. enclosure and I wouldn't hazard guess of how many source of interference nearby.

Anyway I don't think that's the issue with my Matter server.

/usr/local/lib/python3.11/site-packages/matter_server/server/helpers/paa_certificates.py:46: CryptographyDeprecationWarning: The parsed certificate contains a NULL parameter value in its signature algorithm parameters. This is invalid and will be rejected in a future version of cryptography. If this certificate was created via Java, please upgrade to JDK16+ or the latest JDK11 once a fix is issued. If this certificate was created in some other fashion please report the issue to the cryptography issue tracker. See https://github.com/pyca/cryptography/issues/8996 for more details.
  pem_certificate = x509.load_pem_x509_certificate(certificate.encode())
2023-06-24 11:19:26 core-matter-server matter_server.server.helpers.paa_certificates[126] INFO Fetched 92 PAA root certificates from DCL.
2023-06-24 11:19:26 core-matter-server matter_server.server.helpers.paa_certificates[126] INFO Fetching the latest PAA root certificates from Git.
2023-06-24 11:24:27 core-matter-server asyncio[126] ERROR Task exception was never retrieved
future: <Task finished name='Task-1' coro=<run.<locals>.new_coro() done, defined at /usr/local/lib/python3.11/site-packages/aiorun.py:227> exception=TimeoutError()>

  File "/usr/local/lib/python3.11/site-packages/aiorun.py", line 237, in new_coro
    await coro
  File "/usr/local/lib/python3.11/site-packages/matter_server/server/server.py", line 94, in start
    await self.device_controller.initialize()
  File "/usr/local/lib/python3.11/site-packages/matter_server/server/device_controller.py", line 73, in initialize
    await fetch_certificates()
  File "/usr/local/lib/python3.11/site-packages/matter_server/server/helpers/paa_certificates.py", line 153, in fetch_certificates
    fetch_count += await fetch_git_certificates()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/matter_server/server/helpers/paa_certificates.py", line 126, in fetch_git_certificates
    async with http_session.get(f"{GIT_URL}/{cert}.pem") as response:
  File "/usr/local/lib/python3.11/site-packages/aiohttp/client.py", line 1141, in __aenter__
    self._resp = await self._coro
                 ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/aiohttp/client.py", line 467, in _request
    with timer:
  File "/usr/local/lib/python3.11/site-packages/aiohttp/helpers.py", line 721, in __exit__
    raise asyncio.TimeoutError from None
TimeoutError

Matter Server v4.6.1, and I bumped HA this morning too:

Home Assistant 2023.6.3
Supervisor 2023.06.2
Operating System 10.3
Frontend 20230608.0 - latest