Network Connection Description
Last updated:2026-01-30 14:55:28
TDMQ for MQTT supports two connection methods: VPC Private Network Access and public network access.
Use VPC private network: If your business applications (such as microservices, backend applications) are deployed in cloud services like Cloud Virtual Machine (CVM), container (TKE), or serverless function (SCF), and need to act as an MQTT Client to publish or subscribe to messages, you can use VPC Private Network Access to connect to TDMQ for MQTT. VPC offers lower network delay and usually higher bandwidth, avoiding public network jitter and public network traffic fees.
Use the public network: When your client is unable to access the VPC network, public network connection provides unmatched flexibility, such as in the following scenarios: clients are sensors, vehicle-mounted terminals, or smart home appliances with a large number and wide distribution; clients are mobile devices; hybrid cloud and cross-cloud environments with no high-speed channel or dedicated line.
Connection Instructions
Connection method | Connection Instructions | Applicable Scenarios | Reference Documentation |
VPC private network connection | If the client and MQTT cluster are deployed in the same VPC, network interconnectivity is enabled by default with no additional configuration required. | cloud-based service program | / |
| If the client and MQTT cluster are deployed in different VPCs, they cannot communicate directly due to VPC logical isolation. If cross-network communication is needed, you can use CCN to implement VPC Intercommunication between different regions under the same account. | | |
public network connection | To establish a public network connection to the MQTT cluster, a dedicated public network route must be provisioned. As public networks are accessible from any environment, security policies must be configured to restrict access IP addresses for connection security. When the public network policy is left empty, it indicates that all IP ranges are denied. | Device | |
Access Point Description
MQTT offers multiple endpoint types, allowing you to select combinations based on transport layer protocols (TCP/WebSocket/QUIC) and security requirements (plaintext/TLS encryption), ensuring both security and high performance for communication.
Basic Concept
TCP (Transmission Control Protocol)
TCP is a basic protocol of the Internet, located above the network layer (IP). It provides a connection-oriented, reliable, byte stream-based communication channel.
TLS (Transport Layer Security)
TLS is a security protocol that runs on TCP, establishing an encrypted and authenticated secure channel between client and server.
WebSocket
WebSocket is a communication protocol that provides a two-way communication channel over a single TCP connection, enabling efficient, real-time two-way communication between browsers and servers.
WebSocket over TLS (WebSocket Secure, WSS)
WebSocket over TLS is a secure communication protocol that adds a TLS encryption layer on top of the WebSocket protocol. It combines the full-duplex communication capability of WebSocket with the encryption security of TLS, establishing a secure WebSocket channel via HTTPS connections. This provides encrypted, real-time two-way communication between browsers and servers, widely used in Web real-time application scenarios requiring security guarantees.
QUIC
QUIC is a modern transport layer protocol and the sole underlying transport protocol for HTTP/3. Built on UDP, it features built-in encryption and multiplexing capabilities. Designed to address TCP's head-of-line blocking issue, it offers faster connection establishment, lower latency, and improved network adaptability. The QUIC protocol integrates TLS 1.3-level security, supports connection migration and 0-RTT connection resumption, making it particularly suitable for mobile networks and high-performance Web applications.
Access Point Description
Access Point Type | Default Port | Level | Description |
mqtt-tcp | 1883 | TCP | Standard non-encrypted connection. Data is transmitted in plaintext. |
mqtt-tls | 8883 | TCP + TLS | Standard encrypted connection, add TLS encryption on the basis of TCP. |
mqtt-ws | 8888 | WebSocket, WebSocket+ TLS | WebSocket plaintext connection. Used for browser (Web) clients; (for backward compatibility with beta versions, not recommended) |
mqtt-ws-80 | 80 | WebSocket | WebSocket plaintext connection. Used for browser (Web) clients, with unencrypted data transmission. Port 80 is specified. |
mqtt-wss-443 | 443 | WebSocket + TLS | WebSocket encrypted connection, provides the same level of security as mqtt-tls while simultaneously possessing the penetration capability of WebSocket. |
mqtt-quic | 14567 | QUIC | MQTT connection over QUIC protocol provides a modern transport method with low latency, multiplexing, and built-in encryption, suitable for mobile networks and high-performance scenarios. |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback