I've been describing this method for a while so I thought it would be interesting to actually build a demo.
The "server" is tiny. It never needs to accept any connections, or listen on any ports. It can sit behind a completely closed inbound firewall. All it needs is to be able to send outbound UDP packets.
The server sends the file continuously on a loop, with size, offset and checksum data embedded in each packet. If no receivers are joined to the channel, all traffic is dropped by the first hop router (or switch with MLD), so no data is sent. At most only one stream of data is sending, regardless of how many nodes are listening.
The client can join the channel at any time, and will start writing the file immediately, even if halfway through the file. Once it has received enough data it will begin checksumming and will stop writing when the checksums match.
Multiple servers can run at once, starting at different offsets in the file. The client will receive from as many servers as are running.
Likewise, the server(s) can support as many clients as necessary with no additional load. The smallest of virtual servers can support any number of IoT nodes simultaenously downloading.
There is no flow control. PKT_DELAY can be set to tell the server to slow down sending of packets, but there is no dynamic control at this time. This is a simplistic demo.
There are various NACK solutions as described in PGM (RFC 3208) that we could employ here, at the cost of scalability.
We could instead run multiple streams at different rates, and let the client choose a channel with the appropriate receive rate.
If a packet is dropped, the client will need to get it on the next iteration. A form of FEC could be used to cope with minor packet loss.
This is just a simple demo, not intended for production. It could, however, be adapted fairly easily to different scenarios.
You can run multiple servers at the same time, sending the same file. A client joined via Any Source Multicast (ASM) can collect the packets from all servers at once.
Alternatively, with Single Source Multicast (SSM), we only have to turn on one setting on all intervening routers (
ipv6 multicast-routing) and we have functioning multicast with no requirement for Rendezvous Points (RP) to be configured. The IoT device could use plain ol' unicast DNS to look up which host(s) to do the SSM join to. Some SRV records would do the trick.
So in the case of an IoT provider who controls the whole network, they could implement this immediately with no transitional tunnelling needed.
2020-02-02 Update: I gave a talk at FOSDEM about this: