Zigbee is a low‑power, low‑data‑rate wireless protocol for building sensor/actuator networks (home automation, smart energy, lighting, industrial monitoring). It sits on top of IEEE 802.15.4 radios and adds networking, security, and application profiles.

• Design priorities: low power, low cost, small payloads, robust mesh.
• Typical uses: lights, switches, sensors, meters, door locks.
• Standards: PHY/MAC by IEEE 802.15.4, upper layers by Zigbee Alliance (now Connectivity Standards Alliance, CSA). Zigbee 3.0 unified previous application profiles.

• IEEE 802.15.4 (PHY/MAC): radio operation, channel access (CSMA‑CA), ACKs, link‑level security.
• NWK (Network): addressing, routing (mesh), network formation/joining, many‑to‑one routes, source routing.
• APS (Application Support): binding, groups, fragmentation, security at APS layer.
• ZDO (Device Object): discovery, service/role descriptors, management.
• Application Layer: endpoints, clusters, attributes, commands defined by the Zigbee Cluster Library (ZCL).

• PAN ID: 16‑bit Personal Area Network identifier (like an SSID).
• Extended PAN ID: 64‑bit unique network ID (helps avoid confusion across PANs).
• Device addresses: 64‑bit IEEE (EUI‑64) and dynamically assigned 16‑bit short address after joining.
• Endpoints: Each device can host multiple logical applications (endpoint numbers 1–240).
• Clusters: Standardized interfaces (e.g., On/Off, Level Control, Temperature Measurement). Each cluster defines attributes and commands.
• Binding: Links a client cluster on one device to a server cluster on another (unicast or via groups).

Zigbee supports several types of network topologies, including star, tree, and mesh. Among these, mesh networks are the most notable. In a mesh topology, devices can relay messages through one another, greatly extending the range and reliability of communication without relying solely on a central hub.

Star networks are simpler and center around a single coordinator, which communicates directly with end devices. Tree networks provide a hierarchical structure, where routers can also act as intermediaries between devices and the coordinator, offering a balance between coverage and efficiency.

• Star: Coordinator at center; end devices connect directly. Simple, low hop count.
• Tree: Hierarchical routing based on address allocation. Low overhead, but less resilient.
• Mesh: Ad hoc multi‑hop routing using variants of AODV; resilient against single‑node failures.

topology_sketches

Star                     Mesh
    [C]                    [R]--[R]--[R]
    /|\                     | \  |   |
  [E][E][E]                [E] [E]  [E]
(C=Coordinator, R=Router, E=End Device)

Zigbee networks consist of three primary device roles:

• Coordinator (ZC): Forms and secures the network. There is one per PAN. Often also acts as Trust Center (key distribution).
• Router (ZR): Forwards traffic, keeps routes, may host applications. Can permit joining of new nodes.
• End Device (ZED): Lowest power; does not route. Sleepy ZEDs poll their parent (a router/coordinator) for messages.

The combination of these roles allows for flexible network configurations that can adapt to various deployment scenarios, from simple home automation systems to large-scale industrial sensor grids.

Formation (Coordinator):

1. Choose channel(s) with minimal interference (avoid busy Wi‑Fi channels if possible).
2. Set Extended PAN ID, PAN ID, security policy, and network key.
3. Optionally open a permit‑join window to allow devices to join.

Joining (Routers/End Devices):

1. Scan for beacons; choose a PAN (match channels/Extended PAN ID if preconfigured).
2. Association request → parent assigns a 16‑bit short address.
3. Secure key establishment (Trust Center link key / install code / default fallback depending on policy).

Zigbee applies security at two key protocol layers: the MAC (Medium Access Control) layer and the APS (Application Support) layer. At the MAC layer, security relies on a Network Key (NK), which is shared by all devices within the Personal Area Network (PAN) and is used to encrypt and authenticate network-level communications. For more fine-grained and secure interactions, the APS layer uses Link Keys (LK), which are unique to each pair of devices. These keys help secure application-level messages and are also used in communication with the Trust Center—a central authority, typically the coordinator, that manages authentication and key distribution across the network.

To establish secure links, Zigbee supports install codes, which are unique per-device secrets used to derive initial link keys. These are strongly preferred over using global default keys, which are vulnerable to compromise. For improved security, best practices include disabling the use of known default keys, using install codes or other out-of-band commissioning methods, limiting the duration that the network allows new device joins (known as the permit-join window), and scheduling regular updates to the Network Key. These measures help mitigate risks from eavesdropping, spoofing, and unauthorized device access.

• Sleepy ZEDs: Turn off radio to save power; periodically poll parent (configurable interval).
• Traffic to sleepy devices: Buffered by parent until the device polls.
• Trade‑offs: Longer poll intervals → lower power, higher latency and risk of missing messages.

• Clusters define device capabilities. Example:
  1. On/Off (0x0006) with commands On, Off, Toggle.
  2. Level Control (0x0008) with attribute CurrentLevel and commands Move/Step.
• Attributes are readable/writable values (with reporting support).
• Endpoints group related clusters on a device. Device types are collections of required/optional clusters.

• Groups: Multicast to many devices (e.g., all lights in a room).
• Scenes: Snapshot of attribute values to recall later (e.g., brightness/color settings).
• Binding: Maps client clusters to server clusters; can target unicast or a group address.

# Coordinator
radio set channel 20
nwk set extpanid 0x1122334455667788
nwk set panid 0x1A2B
sec set tc install_codes on
nwk start
nwk permit-join 120   # seconds

# Router or End Device
scan active
join 0x1122334455667788
tcbinding establish    # using install code or pre-shared link key