DTLS based security

DTLS connections are identified by 5-tuple; source IP, source port, destination IP, destination port, and protocol in use.

With Connection ID support, DTLS connections are instead identified by unique number generated during DTLS handshake. So even if client address (IP and/or port) changes, the DTLS session can continue with the help of Connection ID.

This feature will come into play when constrained devices go into extended sleep to conserve battery power, and their UDP binding times out. When NAT re-binding occurs and the IP Address/Port changes to avoid DTLS handshake, the Connection ID established earlier will be used by the client and re-establish the DTLS session.

This feature requires support from client and server. If client (device) advertise connection-id extension support in DTLS handshake and the server too support connection-id extension, then this feature will be enabled.