Multipeer P2P Replicator
The Multipeer Replicator enables lightweight, self-organizing mesh networks over Wi-Fi and Bluetooth Low Energy. This approach requires minimal setup and automates peer discovery and connectivity management, making it simpler than active-passive P2P configurations.
Introduction
Couchbase Lite’s Peer-to-Peer synchronization solution offers secure storage and bidirectional data synchronization between mobile and IoT devices without needing a centralized cloud-based control point.
For small mesh topologies, Multipeer Replicator offers autodiscovery over Wi-Fi and Bluetooth Low Energy, with secure communication via TLS and certificate-based authentication. The dynamic mesh topology gives optimal peer connectivity and the lightweight and low-maintenance configuration requires less management and less code than using active-passive peer-to-peer sync.
Overview
To maintain optimal connectivity, efficient data transport, and balanced workloads, the Multipeer Replicator forms a dynamic mesh network among peers in the same group. The mesh network provides resilience through multiple communication pathways. If one connection fails, data can flow through alternative routes. It avoids redundant direct connections, evenly distributes connections across peers, and optimizes communication paths through intelligent routing.
The mesh network continuously adapts as peers join or leave, automatically healing itself by establishing new connections and rerouting data flow to maintain network integrity.
This self-organizing approach ensures reliable data synchronization even in challenging network conditions, where individual peer connections may be intermittent or unreliable.
Prerequisites
The Multipeer Replicator supports two transports for peer discovery and replication: Wi-Fi and Bluetooth Low Energy (BLE). Wi-Fi is enabled by default. The enabled transports are configured through the replicator configuration. See Transports.
Transport Support
| Transport | Available from | Discovery | Notes |
|---|---|---|---|
Wi-Fi |
CBL 3.3 |
DNS-SD (mDNS) |
Peers must connect to the same Wi-Fi network. |
Bluetooth Low Energy |
CBL 3.4 |
BLE advertising and scanning |
Requires additional manifest permissions and runtime permission requests. See Bluetooth Platform Configuration. |
| When you configure both transports, the Multipeer Replicator automatically selects the best available transport for each peer and switches between them as reachability changes, preferring Wi-Fi over Bluetooth. See Automatic Transport Switching. |
Supported Platforms
| Feature | Minimum Android API |
|---|---|
Couchbase Lite core |
22 |
Multipeer Replicator: Wi-Fi transport |
24 |
Multipeer Replicator: Bluetooth Low Energy transport |
29 |
See Supported Platforms for the full platform support matrix.
Bluetooth Platform Configuration
This section applies only if your application enables Bluetooth transport. Applications that use Wi-Fi only do not require these changes.
AndroidManifest.xml Permissions
Declare the required Bluetooth permissions in your application’s AndroidManifest.xml.
The required permissions differ by API level.
<uses-permission android:name="android.permission.BLUETOOTH" />
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.BLUETOOTH_SCAN" />
<uses-permission android:name="android.permission.BLUETOOTH_ADVERTISE" />
<uses-permission android:name="android.permission.BLUETOOTH_CONNECT" />
<uses-permission
android:name="android.permission.NEARBY_WIFI_DEVICES"
android:usesPermissionFlags="neverForLocation"
tools:targetApi="33" />
Runtime Permission Requests
Android requires runtime permission requests for Bluetooth operations. Request the permissions listed above at runtime before starting the Multipeer Replicator with Bluetooth enabled. See Android Bluetooth permissions for details.
private val requestPermissions =
registerForActivityResult(ActivityResultContracts.RequestMultiplePermissions()) {}
private fun requestMissingPermissions() {
val needed = buildList {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
add(Manifest.permission.BLUETOOTH_SCAN)
add(Manifest.permission.BLUETOOTH_ADVERTISE)
add(Manifest.permission.BLUETOOTH_CONNECT)
} else {
add(Manifest.permission.ACCESS_FINE_LOCATION)
}
// On Android 13 (API 33) and higher, also request Wi-Fi peer discovery.
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
add(Manifest.permission.NEARBY_WIFI_DEVICES)
}
}.filter {
ContextCompat.checkSelfPermission(this, it) != PackageManager.PERMISSION_GRANTED
}
if (needed.isNotEmpty()) {
requestPermissions.launch(needed.toTypedArray())
}
}
If you have already created a MultipeerReplicator, you can call getNecessaryPermissions() on it to get the exact set of runtime permissions required for its configured transports, rather than listing them manually.
|
Configuration
The MultipeerReplicator requires several configuration components to establish secure peer-to-peer replication between devices.
This section covers the key configurations you need to set up:
Collection Configurations
You can specify one or more collections available for replication when creating a MultipeerReplicatorConfiguration.
For each collection, you’ll create MultipeerCollectionConfiguration with the collection object and optionally configure a custom conflict resolver or any replication filters you want to use for the collection.
val collections = mutableSetOf<MultipeerCollectionConfiguration>()
for(col in listOf(collection1, collection2, collection3)) {
val builder = MultipeerCollectionConfiguration.Builder(col)
collections.add(builder.build())
}
// Config with custom conflict resolver
val config1 = MultipeerCollectionConfiguration.Builder(collection1)
.setConflictResolver { peerId, conflict -> conflict.remoteDocument }
.build()
// Config with document IDs filter
val config2 = MultipeerCollectionConfiguration.Builder(collection2)
.setDocumentIDs(setOf("doc1", "doc2"))
.build()
// Config with push replication filter
val config3 = MultipeerCollectionConfiguration.Builder(collection3)
.setPushFilter { peerId, document, flags -> document.getInt("access-level") == 2 }
.build()
val collections = setOf(config1, config2, config3)
Peer Identity
Each peer in the Multipeer replication is uniquely identified and authenticated by using a peer’s certificate.
Multipeer Replicator which uses TLS communication by default requires to specify a TLSIdentity object for specifying the identity.
You can use either a self-signed certificate for the identity or have an authority or issuer sign the identity’s certificate. The choice depends on your specific security requirements and deployment environment.
As each peer could be either a client or a server to the other peer in the Multipeer replication environment, you must create the identity’s certificate with the extension key usages for both client and server authentication to allow either direction to authenticate the certificate.
CA-Signed Identity
When using a certificate authority (CA) signed identity, the issuer’s certificate authenticates the connecting peer.
// NOTE: Error handling omitted
val persistentLabel = "com.myapp.identity"
// Retrieve the TLS identity from the key store using the persistent label.
var identity = TLSIdentity.getIdentity(persistentLabel)
// If the identity exists but is expired, delete it.
if(identity != null && identity.expiration.before(Date())) {
// NOTE: Important to delete identity this way for CA signed identities
// since they extend beyond the Android key store
TLSIdentity.deleteIdentity(persistentLabel)
}
if(identity == null) {
// Define certificate attributes and expiration date.
val certAttributes = mapOf(
TLSIdentity.CERT_ATTRIBUTE_COMMON_NAME to "Couchbase Demo",
TLSIdentity.CERT_ATTRIBUTE_ORGANIZATION to "Couchbase",
TLSIdentity.CERT_ATTRIBUTE_ORGANIZATION_UNIT to "Mobile",
TLSIdentity.CERT_ATTRIBUTE_EMAIL_ADDRESS to "noreply@couchbase.com"
)
val calendar = Calendar.getInstance()
calendar.add(Calendar.YEAR, 2)
val expiration = calendar.time
val caKey = getCAPrivateKeyData()
val caCert = getCACertificateData()
// As the function name indicates, this is not a secure way of doing things
// and should either be done for testing only, or in an environment that you
// assure to be secure against unknown actors, because otherwise anyone who
// can install the app can probably easily extract the CA key.
identity = TLSIdentity.createdSignedIdentityInsecure(
setOf(KeyUsage.SERVER_AUTH, KeyUsage.CLIENT_AUTH),
certAttributes,
caKey,
caCert,
expiration,
persistentLabel
)
}
Self-Signed Identity
For environments where certificate authority management is not feasible, you can implement peer identity using self-signed certificates. This approach is commonly used in closed network environments where devices need to authenticate with each other without external certificate authorities.
// NOTE: Error handling omitted
val persistentLabel = "com.myapp.identity"
// Retrieve the TLS identity from the key store using the persistent label.
var identity = TLSIdentity.getIdentity(persistentLabel)
// If the identity exists but is expired, delete it.
if(identity != null && identity.expiration.before(Date())) {
TLSIdentity.deleteIdentity(persistentLabel)
}
if(identity == null) {
// Define certificate attributes and expiration date.
val certAttributes = mapOf(
TLSIdentity.CERT_ATTRIBUTE_COMMON_NAME to "Couchbase Demo",
TLSIdentity.CERT_ATTRIBUTE_ORGANIZATION to "Couchbase",
TLSIdentity.CERT_ATTRIBUTE_ORGANIZATION_UNIT to "Mobile",
TLSIdentity.CERT_ATTRIBUTE_EMAIL_ADDRESS to "noreply@couchbase.com"
)
val calendar = Calendar.getInstance()
calendar.add(Calendar.YEAR, 2)
val expiration = calendar.time
identity = TLSIdentity.createIdentity(
setOf(KeyUsage.CLIENT_AUTH, KeyUsage.SERVER_AUTH),
certAttributes,
expiration,
persistentLabel
)
}
When using self-signed certificates, implement your own certificate validation logic in the authenticator callback to make sure only trusted peers can join your mesh network.
Peer Authenticator
MultipeerReplicator only supports certificate based authentication.
You can specify the authenticator in two ways:
-
certificate authentication callback
-
root certificates.
When specifying the certificate authentication callback, the callback calls the remote peer’s identity certificate.
When specifying the root certificates, the Multipeer replicator automatically authenticates the remote peer’s identity certificate by verifying whether one of the specified root certificates signed the certificate.
// Use peer and certs to decide whether or not to allow (true) this peer
// or reject (false)
val authenticator = MultipeerCertificateAuthenticator { peer, certs -> true }
val caCert = getCACertificateData()
val certificateFactory = CertificateFactory.getInstance("X.509")
val inputStream = ByteArrayInputStream(caCert)
val certObject = certificateFactory.generateCertificate(inputStream) as X509Certificate
val authenticator = MultipeerCertificateAuthenticator(listOf(certObject))
Transports
The transports property on MultipeerReplicatorConfiguration controls which transports the replicator uses for peer discovery and replication.
Use EnumSet<MultipeerTransport> to specify one or more transports.
Wi-Fi Only
Wi-Fi is the default transport. Existing applications continue to operate on Wi-Fi only after upgrading to CBL 3.4 with no code changes required.
// Wi-Fi is the default transport. No additional configuration is required.
val config = MultipeerReplicatorConfiguration.Builder()
.setPeerGroupID("com.myapp")
.setIdentity(identity)
.setAuthenticator(authenticator)
.setCollections(collections)
.build()
// transports defaults to EnumSet.of(MultipeerTransport.WIFI)
Bluetooth Only
To use Bluetooth as the sole transport, set transports to EnumSet.of(MultipeerTransport.BLUETOOTH). Peers discover each other using BLE advertising and scanning rather than DNS-SD.
val config = MultipeerReplicatorConfiguration.Builder()
.setPeerGroupID("com.myapp")
.setIdentity(identity)
.setAuthenticator(authenticator)
.setCollections(collections)
.setTransports(EnumSet.of(MultipeerTransport.BLUETOOTH))
.build()
Wi-Fi and Bluetooth with Automatic Switching
To enable both transports, set transports to include both MultipeerTransport.WIFI and MultipeerTransport.BLUETOOTH. The replicator prefers Wi-Fi and falls back to Bluetooth automatically when Wi-Fi is unavailable. See Automatic Transport Switching.
val config = MultipeerReplicatorConfiguration.Builder()
.setPeerGroupID("com.myapp")
.setIdentity(identity)
.setAuthenticator(authenticator)
.setCollections(collections)
.setTransports(EnumSet.of(MultipeerTransport.WIFI, MultipeerTransport.BLUETOOTH))
.build()
| Bluetooth has lower throughput and higher latency than Wi-Fi, and its reliability can decrease as more peers join the Bluetooth network. We recommend using Wi-Fi as the primary transport for multipeer sync, with Bluetooth as a fallback, rather than relying on Bluetooth alone. |
Create MultipeerReplicatorConfiguration
The MultipeerReplicatorConfiguration can be created with a peerGroupID which is an identifier that identifies the peer-to-peer network used by the app, collection configurations, peer identity, and authenticator.
val config = MultipeerReplicatorConfiguration.Builder()
.setPeerGroupID("com.myapp")
.setIdentity(identity)
.setAuthenticator(authenticator)
.setCollections(collections)
.build()
| Performance may vary in mesh networks depending on your specific environment and number of peers. We recommend running tests with your network configuration to assess any effects on packet loss or latency. |
Automatic Transport Switching
When MultipeerReplicator is configured with both Wi-Fi and Bluetooth transports, it automatically selects the best available transport for each peer and switches transports as reachability changes.
Transport Preference
The replicator prefers Wi-Fi over Bluetooth when both transports can reach a peer. Bluetooth acts as a fallback when Wi-Fi cannot reach a peer.
Fallback to Bluetooth
For an individual peer, MultipeerReplicator falls back to Bluetooth when the peer is no longer reachable over Wi-Fi.
This can occur if the peer disables Wi-Fi, becomes unreachable on the local network, or if replication over Wi-Fi fails because of a network-related error.
In cases of connection or replication failure over Wi-Fi, MultipeerReplicator performs a small number of retries before falling back to Bluetooth.
Return to Wi-Fi
If a peer becomes reachable over Wi-Fi while replication is active over Bluetooth, MultipeerReplicator establishes a Wi-Fi connection in parallel with the existing Bluetooth connection.
The Bluetooth connection remains active until the Wi-Fi connection is fully established and replication has resumed over Wi-Fi.
This prevents any interruption in synchronization during the transition.
Life Cycle
Create MultipeerReplicator with Configuration
val replicator = MultipeerReplicator(config)
Background Behavior
The MultipeerReplicator supports continuous mode, which allows it to operate in the background.
When the application is put into the background, the MultipeerReplicator will continue to operate in the background.
You should make sure that the application has the necessary permissions to run in the background and configure the MultipeerReplicator to support background operations.
Events
In general, the connection should just work, and most of these optional listen events give status you may only want to use during development and testing.
Status events include a transport property that identifies which transport the event applies to. MultipeerReplicatorStatus events are delivered per enabled transport and also as an aggregated status (where transport is null) representing the overall replicator state.
Event types include the following:
Multipeer Replicator Status
val token = replicator.addStatusListener { status ->
val state = if(status.isActive) "active" else "inactive"
val error = status.error?.message ?: "none"
Log.i(TAG, "Multipeer replicator: $state, Error: $error")
}
Peer Discovery Status
val token = replicator.addPeerDiscoveryStatusListener { status ->
val online = if(status.isOnline) "online" else "offline"
Log.i(TAG, "Peer Discovery Status - Peer ID: ${status.peer}, Status: $online")
}
Peer’s Replicator Status
//val activities = ["stopped", "offline", "connecting", "idle", "busy"]
val token = replicator.addPeerReplicatorStatusListener { status ->
val direction = if(status.isOutgoing) "outgoing" else "incoming"
val activity = status.status.activityLevel.name.lowercase()
val error = status.status.error?.message ?: "none"
Log.i(TAG, "Peer Replicator Status - Peer ID: $status, " +
"Direction: $direction, " +
"Activity: $activity" +
"Error: $error")
}
Peer’s Document Replication
val token = replicator.addPeerDocumentReplicationListener { status ->
val direction = if(status.isPush) "push" else "pull"
Log.i(TAG, "Peer Document Replication - Peer ID: ${status.peer}, Direction: $direction")
for(doc in status.documents) {
val error = doc.error?.message ?: "none"
val collection = "${doc.scope}.${doc.collection}"
Log.i(TAG, " Collection: $collection, Document ID: ${doc.id}, " +
"Flags: ${doc.flags}, Error: $error")
}
}
Peer Info
Peer Identifier
A unique peerID, which is a digest of the peer’s identity certificate, identifies each peer.
You can get your peerID from the peerID property of the MultipeerReplicator.
val peerID = replicator.peerId
Log.i(TAG, "Peer ID: $peerID")
Neighbor Peers
You can get a list of current online peers' identifiers from the MultipeerReplicator from the neighborPeers property.
Log.i(TAG, "Neighbor Peers:")
replicator.neighborPeers.forEach { peer -> Log.i(TAG, " $peer") }
Peer Info
The PeerInfo object provides information about a peer, including its identifier, certificate, online status, replicator status, neighbor peers, the transports on which the peer was discovered, and the transport currently used for replication.
fun printPeerInfo(info: PeerInfo) {
Log.i(TAG, "Peer ID: ${info.peerId}")
Log.i(TAG, " Status: ${if(info.isOnline) "online" else "offline"}")
Log.i(TAG, " Neighbor Peers:")
info.neighbors.forEach { peer -> Log.i(TAG, " $peer") }
val replStatus = info.replicatorStatus
val activity = replStatus.activityLevel.name.lowercase()
val error = replStatus.error?.message ?: "none"
Log.i(TAG, " Replicator Status: $activity, Error: $error")
}
for(peer in replicator.neighborPeers) {
replicator.getPeerInfo(peer)?.let { printPeerInfo(it) }
}
Logging
LogDomain sets up the logging of:
-
Peer discovery log messages
-
Multipeer replication and mesh network management log messages
// Enable verbose console logging for multipeer replicator-related domains only.
LogSinks.get().console = ConsoleLogSink(LogLevel.VERBOSE, LogDomain.PEER_DISCOVERY,
LogDomain.MULTIPEER)
API Reference
You can find Kotlin API References here.