idnits 2.17.1 draft-ietf-core-groupcomm-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 23, 2013) is 3775 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) ** Obsolete normative reference: RFC 4601 (Obsoleted by RFC 7761) == Outdated reference: A later version (-21) exists of draft-ietf-core-block-14 == Outdated reference: A later version (-12) exists of draft-ietf-roll-trickle-mcast-05 == Outdated reference: A later version (-28) exists of draft-ietf-core-resource-directory-00 == Outdated reference: A later version (-05) exists of draft-ietf-appsawg-uri-get-off-my-lawn-00 Summary: 2 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 CoRE Working Group A. Rahman, Ed. 3 Internet-Draft InterDigital Communications, LLC 4 Intended status: Informational E. Dijk, Ed. 5 Expires: June 26, 2014 Philips Research 6 December 23, 2013 8 Group Communication for CoAP 9 draft-ietf-core-groupcomm-18 11 Abstract 13 CoAP is a specialized web transfer protocol for constrained devices 14 and constrained networks. It is anticipated that constrained devices 15 will often naturally operate in groups (e.g., in a building 16 automation scenario all lights in a given room may need to be 17 switched on/off as a group). This document provides guidance for how 18 the CoAP protocol should be used in a group communication context. 19 An approach for using CoAP on top of IP multicast is detailed. Also, 20 various use cases and corresponding protocol flows are provided to 21 illustrate important concepts. Finally, guidance is provided for 22 deployment in various network topologies. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on June 26, 2014. 41 Copyright Notice 43 Copyright (c) 2013 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 3 60 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 1.3. Conventions and Terminology . . . . . . . . . . . . . . . 4 62 2. Protocol Considerations . . . . . . . . . . . . . . . . . . . 5 63 2.1. IP Multicast Background . . . . . . . . . . . . . . . . . 5 64 2.2. Group Definition and Naming . . . . . . . . . . . . . . . 6 65 2.3. Port and URI Configuration . . . . . . . . . . . . . . . 7 66 2.4. RESTful Methods . . . . . . . . . . . . . . . . . . . . . 8 67 2.5. Request and Response Model . . . . . . . . . . . . . . . 8 68 2.6. Member Discovery . . . . . . . . . . . . . . . . . . . . 9 69 2.7. Membership Configuration . . . . . . . . . . . . . . . . 9 70 2.7.1. Background . . . . . . . . . . . . . . . . . . . . . 9 71 2.7.2. Membership Configuration RESTful Interface . . . . . 10 72 2.8. Request Acceptance and Response Suppression Rules . . . . 15 73 2.9. Congestion Control . . . . . . . . . . . . . . . . . . . 17 74 2.10. Proxy Operation . . . . . . . . . . . . . . . . . . . . . 18 75 2.11. Exceptions . . . . . . . . . . . . . . . . . . . . . . . 19 76 3. Use Cases and Corresponding Protocol Flows . . . . . . . . . 19 77 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 20 78 3.2. Network Configuration . . . . . . . . . . . . . . . . . . 20 79 3.3. Discovery of Resource Directory . . . . . . . . . . . . . 22 80 3.4. Lighting Control . . . . . . . . . . . . . . . . . . . . 23 81 3.5. Lighting Control in MLD Enabled Network . . . . . . . . . 27 82 3.6. Commissioning the Network Based On Resource Directory . . 28 83 4. Deployment Guidelines . . . . . . . . . . . . . . . . . . . . 29 84 4.1. Target Network Topologies . . . . . . . . . . . . . . . . 29 85 4.2. Networks Using the MLD Protocol . . . . . . . . . . . . . 30 86 4.3. Networks Using RPL Multicast Without MLD . . . . . . . . 30 87 4.4. Networks Using MPL Forwarding Without MLD . . . . . . . . 31 88 4.5. 6LoWPAN Specific Guidelines for the 6LBR . . . . . . . . 32 89 5. Security Considerations . . . . . . . . . . . . . . . . . . . 32 90 5.1. Security Configuration . . . . . . . . . . . . . . . . . 32 91 5.2. Threats . . . . . . . . . . . . . . . . . . . . . . . . . 33 92 5.3. Threat Mitigation . . . . . . . . . . . . . . . . . . . . 33 93 5.3.1. WiFi Scenario . . . . . . . . . . . . . . . . . . . . 33 94 5.3.2. 6LoWPAN Scenario . . . . . . . . . . . . . . . . . . 33 95 5.3.3. Future Evolution . . . . . . . . . . . . . . . . . . 34 96 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 97 6.1. New 'core.gp' Resource Type . . . . . . . . . . . . . . . 34 98 6.2. New 'coap-group+json' Internet Media Type . . . . . . . . 34 99 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35 100 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 101 8.1. Normative References . . . . . . . . . . . . . . . . . . 36 102 8.2. Informative References . . . . . . . . . . . . . . . . . 37 103 Appendix A. Multicast Listener Discovery (MLD) . . . . . . . . . 38 104 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 38 105 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47 107 1. Introduction 109 1.1. Background 111 Constrained Application Protocol (CoAP) is a Representational State 112 Transfer (REST) based web transfer protocol for resource constrained 113 devices operating in an IP network [I-D.ietf-core-coap]. CoAP has 114 many similarities to HTTP [RFC2616] but also has some key 115 differences. Constrained devices can be large in numbers, but are 116 often related to each other in function or by location. For example, 117 all the light switches in a building may belong to one group and all 118 the thermostats may belong to another group. Groups may be pre- 119 configured before deployment or dynamically formed during operation. 120 If information needs to be sent to or received from a group of 121 devices, group communication mechanisms can improve efficiency and 122 latency of communication and reduce bandwidth requirements for a 123 given application. HTTP does not support any equivalent 124 functionality to CoAP group communication. 126 1.2. Scope 128 Group communication involves a one-to-many relationship between CoAP 129 endpoints. Specifically, a single CoAP client can simultaneously get 130 (or set) resources from multiple CoAP servers using CoAP over IP 131 multicast. An example would be a CoAP light switch turning on/off 132 multiple lights in a room with a single CoAP group communication PUT 133 request, and handling the potential multitude of (unicast) responses. 135 The normative protocol aspects of sending CoAP requests on top of IP 136 multicast, and processing the (unicast IP) responses are given in 137 Section 8 of [I-D.ietf-core-coap]. The main contribution of this 138 document lies in providing additional guidance for key CoAP group 139 communication concepts. Among the topics covered are group 140 definition, group RESTful methods, and group request and response 141 processing (see Section 2). Also, proxy operation and minimizing 142 network congestion for group communication is discussed (see 143 Section 2). Finally, specific use cases (see Section 3) and 144 deployment guidelines (see Section 4) for group communication are 145 outlined. 147 1.3. Conventions and Terminology 149 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 150 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 151 "OPTIONAL" in this document are to be interpreted as described in 152 [RFC2119]. 154 The above key words are used to establish a set of guidelines for 155 CoAP group communication. An implementation of CoAP group 156 communication MAY implement these guidelines; an implementation 157 claiming compliance to this document MUST implement the set of 158 guidelines. 160 This document assumes readers are familiar with the terms and 161 concepts that are used in [I-D.ietf-core-coap]. In addition, this 162 document defines the following terminology: 164 Group Communication 165 A source node sends a single application layer (e.g. CoAP) message 166 which is delivered to multiple destination nodes, where all 167 destinations are identified to belong to a specific group. The 168 source node itself may be part of the group. The underlying 169 mechanisms for CoAP group communication are UDP/IP multicast for 170 the requests, and unicast UDP/IP for the responses. The network 171 involved may be a constrained network such as a low-power, lossy 172 network. 174 Reliable Group Communication 175 A special case of group communication where for each destination 176 node it is guaranteed that the node either 1) eventually receives 177 the message sent by the source node, or 2) does not receive the 178 message and the source node is notified of the non-reception 179 event. 181 Multicast 182 Sending a message to multiple destination nodes with one network 183 invocation. There are various options to implement multicast 184 including layer 2 (Media Access Control) and layer 3 (IP) 185 mechanisms. 187 IP Multicast 188 A specific multicast approach based on the use of IP multicast 189 addresses as defined in "IANA Guidelines for IPv4 Multicast 190 Address Assignments" [RFC5771] and "IP Version 6 Addressing 191 Architecture" [RFC4291]. A complete IP multicast solution may 192 include support for managing group memberships, and IP multicast 193 routing/forwarding (see Section 2.1). 195 Low power and Lossy Network (LLN) 196 A type of constrained IP network where devices are interconnected 197 by low-power and lossy links. The links may be may composed of 198 one or more technologies such as IEEE 802.15.4, Bluetooth Low 199 Energy (BLE), Digital Enhanced Cordless Telecommunication (DECT), 200 and IEEE P1901.2 power-line communication. 202 2. Protocol Considerations 204 2.1. IP Multicast Background 206 IP multicast protocols have been evolving for decades, resulting in 207 standards such as Protocol Independent Multicast - Sparse Mode (PIM- 208 SM) [RFC4601]. IP multicast is very popular in specific deployments 209 such as in enterprise networks (e.g., for video conferencing), smart 210 home networks (e.g., Universal Plug and Play (UPnP)) and carrier IPTV 211 deployments. The packet economy and minimal host complexity of IP 212 multicast make it attractive for group communication in constrained 213 environments. 215 To achieve IP multicast beyond link-local scope, an IP multicast 216 routing or forwarding protocol needs to be active on IP routers. An 217 example of a routing protocol specifically for LLNs is the IPv6 218 Routing Protocol for Low-Power and Lossy Networks (RPL) (Section 12 219 of [RFC6550]) and an example of a forwarding protocol for LLNs is 220 Multicast Protocol for Low power and Lossy Networks (MPL) 221 [I-D.ietf-roll-trickle-mcast]. RPL and MPL do not depend on each 222 other; each can be used in isolation and both can be used in 223 combination in a network. Finally, PIM-SM [RFC4601] is often used 224 for multicast routing in traditional IP networks (i.e. networks that 225 are not constrained). 227 IP multicast can also be run in a Link-Local (LL) scope. This means 228 that there is no routing involved and an IP multicast message is only 229 received over the link on which it was sent. 231 For a complete IP multicast solution, in addition to a routing/ 232 forwarding protocol, a "listener" protocol may be needed for the 233 devices to subscribe to groups (see Section 4.2). 235 IP multicast is generally classified as an unreliable service in that 236 packets are not guaranteed to be delivered to each and every member 237 of the group. In other words, it cannot be directly used as a basis 238 for "reliable group communication" as defined in Section 1.3. 239 However, the level of reliability can be increased by employing a 240 multicast protocol that performs periodic retransmissions as is done 241 for example in MPL. 243 2.2. Group Definition and Naming 245 A CoAP group is defined as a set of CoAP endpoints, where each 246 endpoint is configured to receive CoAP group communication requests 247 that are sent to the group's associated IP multicast address. The 248 individual response by each endpoint receiver to a CoAP group 249 communication request is always sent back as unicast. An endpoint 250 may be a member of multiple groups. Group membership of an endpoint 251 may dynamically change over time. 253 All CoAP server nodes SHOULD join the "All CoAP Nodes" multicast 254 group ([I-D.ietf-core-coap], Section 12.8) by default to enable CoAP 255 discovery. For IPv4, the address is 224.0.1.187 and for IPv6 a 256 server node joins at least both the link-local scoped address 257 FF02::FD and the site-local scoped address FF05::FD. IPv6 addresses 258 of other scopes MAY be enabled. 260 A CoAP group URI has the scheme 'coap' and includes in the authority 261 part either a group IP multicast address, or a hostname (e.g., Group 262 Fully Qualified Domain Name (FQDN)) that can be resolved to the group 263 IP multicast address. A group URI also contains an optional CoAP 264 port number in the authority part. Group URIs follow the regular 265 CoAP URI syntax [I-D.ietf-core-coap]. 267 Note: A group URI is needed to initiate CoAP group communications. 268 For CoAP implementations it is recommended to use the URI composition 269 method of Section 6.5 of [I-D.ietf-core-coap] in such way that a CoAP 270 group communication request is generated. 272 For sending nodes, it is recommended to use the IP multicast address 273 literal in a group URI. However, in case a group hostname is used, 274 it can be uniquely mapped to an IP multicast address via DNS 275 resolution (if supported). Some examples of hierarchical group FQDN 276 naming (and scoping) for a building control application are shown 277 below: 279 URI authority Targeted group of nodes 280 --------------------------------------- -------------------------- 281 all.bldg6.example.com "all nodes in building 6" 282 all.west.bldg6.example.com "all nodes in west wing, 283 building 6" 284 all.floor1.west.bldg6.example.com "all nodes in floor 1, 285 west wing, building 6" 286 all.bu036.floor1.west.bldg6.example.com "all nodes in office bu036, 287 floor1, west wing, 288 building 6" 290 Similarly, if supported, reverse mapping (from IP multicast address 291 to Group FQDN) is possible using the reverse DNS resolution technique 292 ([RFC1033]). Reverse mapping is important, for example, in trouble 293 shooting to translate IP multicast addresses back to human readable 294 hostnames to show in a diagnostics user interface. 296 2.3. Port and URI Configuration 298 A CoAP server that is a member of a group listens for CoAP messages 299 on the group's IP multicast address, on a specified UDP port. The 300 default UDP port is the CoAP default port 5683 but a non-default UDP 301 port MAY be specified for the group; in which case implementers MUST 302 ensure that all group members are configured to use this same port. 304 CoAP group communication will not work if there is diversity in the 305 authority port (e.g., different dynamic port addresses across the 306 group) or if other parts of the group URI such as the path, or the 307 query, differ on different endpoints. Therefore, some measures must 308 be present to ensure uniformity in port number and resource names/ 309 locations within a group. All CoAP group communication requests MUST 310 be sent using a port number according to one of below options: 312 1. A pre-configured port number. The pre-configuration mechanism 313 MUST ensure that the same port number is pre-configured across 314 all endpoints in a group and across all CoAP clients performing 315 the group requests. 317 2. If the client is configured to use service discovery including 318 port discovery, it uses a port number obtained via a service 319 discovery lookup operation for the targeted CoAP group. 321 3. Use the default CoAP UDP port (5683). 323 For a CoAP server node that supports resource discovery, the default 324 port 5683 MUST be supported (Section 7.1 of [I-D.ietf-core-coap]) for 325 the "All CoAP Nodes" group. 327 All CoAP group communication requests SHOULD operate on group URI 328 paths in one of the following ways: 330 1. Pre-configured group URI paths, if available. The pre- 331 configuration mechanism SHOULD ensure that these paths are pre- 332 configured across all CoAP servers in a group and all CoAP 333 clients performing the group requests. Note that 334 [I-D.ietf-appsawg-uri-get-off-my-lawn] prescribes that any 335 specification must not constrain, define structure or semantics 336 for any path component. 338 2. If the client is configured to use default CoRE resource 339 discovery, it uses URI paths retrieved from a "/.well-known/core" 340 lookup on a group member. The URI paths the client will use MUST 341 be known to be available also in all other endpoints in the 342 group. The URI path configuration mechanism on servers MUST 343 ensure that these URIs (identified as being supported by the 344 group) are configured on all group endpoints. 346 3. If the client is configured to use another form of service 347 discovery, it uses group URI paths from an equivalent service 348 discovery lookup which returns the resources supported by all 349 group members. 351 4. If the client has received a group URI through a previous RESTful 352 interaction with a trusted server it can use this URI in a CoAP 353 group communication request. For example, a commissioning tool 354 may instruct a sensor device in this way to which target group 355 (group URI) it should report sensor events. 357 2.4. RESTful Methods 359 Idempotent CoAP RESTful methods (i.e., GET, PUT, and DELETE) SHOULD 360 be used for group communication, with one exception as follows. A 361 non-idempotent CoAP method (i.e., POST) MAY be used for group 362 communication if the resource being POSTed to has been designed to 363 cope with the unreliable and lossy nature of IP multicast. Note that 364 not all group members are guaranteed to receive the IP multicast 365 request, and the sender cannot readily find out which group members 366 did not receive it. 368 2.5. Request and Response Model 370 All CoAP requests that are sent via IP multicast MUST be Non- 371 confirmable. The Message ID in an IP multicast CoAP message is used 372 for optional message deduplication as detailed in Section 4.5 of 373 [I-D.ietf-core-coap]. 375 A server MAY send back a unicast response to the CoAP group 376 communication request (e.g., response "2.05 Content" to a group GET 377 request). The unicast responses received by the CoAP client may be a 378 mixture of success (e.g., 2.05 Content) and failure (e.g., 4.04 Not 379 Found) codes depending on the individual server processing results. 380 Detailed processing rules for IP multicast request acceptance and 381 unicast response suppression are given in Section 2.8. 383 A CoAP request sent over IP multicast and any unicast response must 384 take into account the congestion control rules defined in 385 Section 2.9. 387 The CoAP client can distinguish the origin of multiple server 388 responses by source IP address of the UDP message containing the CoAP 389 response, or any other available unique identifier (e.g. contained in 390 the CoAP payload). In case a CoAP client sent multiple group 391 requests, the responses are as usual matched to a request using the 392 CoAP Token. 394 2.6. Member Discovery 396 CoAP Groups, and the membership of these groups, can be discovered 397 via the lookup interfaces in the Resource Directory (RD) defined in 398 [I-D.ietf-core-resource-directory]. An example of doing some of 399 these RD lookups is given in Section 3.6. 401 2.7. Membership Configuration 403 2.7.1. Background 405 The group membership of a CoAP endpoint may be configured in one of 406 the following ways. First, the group membership may be pre- 407 configured before node deployment. Second, a node may be programmed 408 to discover (query) its group membership using a specific service 409 discovery means. Third, it may be configured by another node (e.g., 410 a commissioning device). 412 In the first case, the pre-configured group information may be either 413 an IP multicast address or a hostname (FQDN) which is resolved later 414 (during operation) to an IP multicast address by the endpoint using 415 DNS (if supported). 417 For the second case, a CoAP endpoint may look up its group membership 418 using techniques such as DNS-SD and Resource Directory 419 [I-D.ietf-core-resource-directory]. The latter case is detailed more 420 in Section 3.6. 422 In the third case, typical in scenarios such as building control, a 423 dynamic commissioning tool determines to which group a sensor or 424 actuator node belongs, and writes this information to the node, which 425 can subsequently join the correct IP multicast group on its network 426 interface. The information written may again be an IP multicast 427 address or a hostname. 429 2.7.2. Membership Configuration RESTful Interface 431 To achieve better interoperability between endpoints from different 432 manufacturers, an OPTIONAL CoAP membership configuration RESTful 433 interface for configuring endpoints with relevant group information 434 is described here. This interface provides a solution for the third 435 case mentioned above. To access this interface a client MUST use 436 unicast CoAP methods (GET/PUT/POST/DELETE) only as it is a method of 437 configuring group information in individual endpoints. 439 Also, a form of authorization (making use of DTLS-secured CoAP 440 [I-D.ietf-core-coap]) SHOULD be used such that only authorized 441 controllers are allowed by an endpoint to configure its group 442 membership. 444 It is important to note that other approaches may be used to 445 configure CoAP endpoints with relevant group information. These 446 alternate approaches may support a subset or superset of the 447 membership configuration RESTful interface described in this 448 document. For example, a simple interface to just read the endpoint 449 group information may be implemented via a classical Management 450 Information Base (MIB) approach (e.g. following approach of 451 [RFC3433]). 453 2.7.2.1. CoAP-Group Resource Type and Media Type 455 CoAP endpoints implementing the membership configuration RESTful 456 interface MUST support the CoAP group configuration Internet Media 457 Type "application/coap-group+json" (Section 6.2). 459 A resource offering this representation can be annotated for direct 460 discovery [RFC6690] using the resource type (rt) "core.gp" where "gp" 461 is shorthand for "group" (Section 6.1). An authorized client uses 462 this media type to query/manage group membership of a CoAP endpoint 463 as defined in the following subsections. 465 The group configuration resource and its sub-resources have a JSON- 466 based content format (as indicated by the "application/coap- 467 group+json" media type). The resource includes zero or more group 468 membership JSON objects in a format as defined in Section 2.7.2.4. A 469 group membership JSON object contains one or more key/value pairs as 470 defined below. It represents a single IP multicast group membership 471 for the CoAP endpoint. 473 Examples of four different group membership objects are: 475 { "n": "All-Devices.floor1.west.bldg6.example.com", 476 "a": "[ff15::4200:f7fe:ed37:abcd]:4567" } 478 { "n": "sensors.floor2.east.bldg6.example.com" } 480 { "n": "coap-test", 481 "a": "224.0.1.187:56789" } 483 { "a": "[ff15::c0a7:15:c00l]" } 485 The OPTIONAL "n" key/value pair stands for "name" and identifies the 486 group with a hostname, for example a FQDN. The OPTIONAL "a" key/ 487 value pair specifies the IP multicast address (and optionally the 488 port number) of the group. It contains an IPv4 address (in dotted 489 decimal notation) or an IPv6 address. The following ABNF rule can be 490 used for parsing the address, referring to the definitions in 491 Section 6 of [I-D.ietf-core-coap] and [RFC3986]. 493 group-address = IPv4address [ ":" port ] 494 / "[" IPv6address "]" [":" port ] 496 If the port number is not provided then it is assumed to be the 497 default CoAP port (5683). In a response, the "a" key/value pair 498 SHOULD be included if the IP address is known at the time of 499 generating the response, and MUST NOT be included if unknown. If the 500 "a" value is not provided in a request, the "n" value in the same 501 group membership object SHOULD be a valid hostname with optional port 502 number that can be translated to an IP multicast address via DNS 503 resolution, as follows: 505 group-name = host [ ":" port ] 507 If the port number is not provided then it is assumed to be the 508 default CoAP port (5683). At least one of the "n"/"a" pairs MUST be 509 given per group object. 511 After any change on a Group configuration resource, the endpoint MUST 512 effect registration/de-registration from the corresponding IP 513 multicast group(s) as soon as possible. 515 2.7.2.2. Creating a new multicast group membership (POST) 517 Method: POST 518 URI Template: /{+gp} 519 Location-URI Template: /{+gp}/{index} 520 URI Template Variables: 521 gp - Group Configuration Function Set path (mandatory). 522 index - Group index, SHOULD be a string of 1 or 2 alphanumerical 523 characters. It MUST be generated as locally unique. 525 Example: 526 Req: POST /coap-group 527 Content-Format: application/coap-group+json 528 { "n": "All-Devices.floor1.west.bldg6.example.com", 529 "a": "[ff15::4200:f7fe:ed37:abcd]:4567" } 530 Res: 2.01 Created 531 Location-Path: /coap-group/12 533 For the 'gp' variable it is recommended to use the path "coap-group" 534 by default. If the "a" key/value pair is given, this takes priority 535 and the "n" pair becomes informational. If only the "n" pair is 536 given, the CoAP endpoint may perform DNS resolution (if supported) to 537 obtain the IP multicast address from the hostname. 539 After any change on a Group configuration resource, the endpoint MUST 540 effect registration/de-registration from the corresponding IP 541 multicast group(s) as soon as possible. When a POST payload contains 542 in "a" an IP multicast address to which the endpoint is already 543 subscribed, no change to that subscription is needed. 545 2.7.2.3. Deleting a single group membership (DELETE) 547 Method: DELETE 548 URI Template: {+location} 549 URI Template Variables: 550 location - The Location-Path returned by the CoAP server as a result 551 of a successful group creation. 553 Example: 554 Req: DELETE /coap-group/12 555 Res: 2.02 Deleted 557 2.7.2.4. Reading all group memberships at once (GET) 559 A (unicast) GET on the CoAP-group resource returns a JSON object 560 containing multiple keys and values, the keys being group indices and 561 the values the corresponding group objects. Each group object is a 562 group membership JSON object that indicates one IP multicast group 563 membership. So, the group index is used as a JSON key to point to 564 the group membership object, as shown below. 566 Method: GET 567 URI Template: /{+gp} 568 URI Template Variables: 569 gp - see earlier definition 571 Example: 572 Req: GET /coap-group 573 Res: 2.05 Content 574 Content-Format: application/coap-group+json 575 { "8" :{ "a": "[ff15::4200:f7fe:ed37:14ca]" }, 576 "11":{ "n": "sensors.floor1.west.bldg6.example.com", 577 "a": "[ff15::4200:f7fe:ed37:25cb]" }, 578 "12":{ "n": "All-Devices.floor1.west.bldg6.example.com", 579 "a": "[ff15::4200:f7fe:ed37:abcd]:4567" } 580 } 582 Note: the returned IPv6 address may be a different string from the 583 one originally submitted in group membership creation, due to 584 different choices in IPv6 string representation formatting that may 585 be allowed for the same address (see [RFC5952]). 587 2.7.2.5. Reading a single group membership (GET) 589 Method: GET 590 URI Template 1: {+location} 591 URI Template 2: /{+gp}/{index} 592 URI Template Variables: 593 location, gp, index - see earlier definitions 595 Example: 596 Req: GET /coap-group/12 597 Res: 2.05 Content 598 Content-Format: application/coap-group+json 599 {"n": "All-Devices.floor1.west.bldg6.example.com", 600 "a": "[ff15::4200:f7fe:ed37:abcd]:4567"} 602 2.7.2.6. Creating/updating all group memberships at once (PUT) 604 A (unicast) PUT with a group configuration media type as payload will 605 replace all current group memberships in the endpoint with the new 606 ones defined in the PUT request. This operation SHOULD only be used 607 to delete or update group membership objects for which the CoAP 608 client, invoking this operation, is responsible. The responsibility 609 is based on application level knowledge. For example, a 610 commissioning tool will be responsible for any group membership 611 objects that it created. 613 Method: PUT 614 URI Template: /{+gp} 615 URI Template Variables: 616 gp - see earlier definition 618 Example: (replacing all existing group memberships with two new groups) 619 Req: PUT /coap-group 620 Content-Format: application/coap-group+json 621 { "1":{ "a": "[ff15::4200:f7fe:ed37:1234]" }, 622 "2":{ "a": "[ff15::4200:f7fe:ed37:5678]" } 623 } 624 Res: 2.04 Changed 626 Example: (clearing all group memberships at once) 627 Req: PUT /coap-group 628 Content-Format: application/coap-group+json 629 {} 630 Res: 2.04 Changed 632 After a successful PUT on the Group configuration resource, the 633 endpoint MUST effect registration to any new IP multicast group(s) 634 and de-registration from any previous IP multicast group(s), i.e. not 635 anymore present in the new memberships, as soon as possible. Also it 636 MUST take into account the group indices present in the new resource 637 during the generation of any new unique group indices in the future. 639 2.7.2.7. Updating a single group membership (PUT) 641 A (unicast) PUT with a group membership JSON object will replace an 642 existing group membership in the endpoint with the new one defined in 643 the PUT request. This can be used to update the group membership. 645 Method: PUT 646 URI Template 1: {+location} 647 URI Template 2: /{+gp}/{index} 648 URI Template Variables: 649 location, gp, index - see earlier definitions 651 Example: (group name and IP multicast port change) 652 Req: PUT /coap-group/12 653 Content-Format: application/coap-group+json 654 {"n": "All-My-Devices.floor1.west.bldg6.example.com", 655 "a": "[ff15::4200:f7fe:ed37:abcd]"} 656 Res: 2.04 Changed 658 After a successful PUT on the Group configuration resource, the 659 endpoint MUST effect registration to any new IP multicast group(s) 660 and de-registration from any previous IP multicast group(s), i.e. not 661 anymore present in the new membership, as soon as possible. 663 2.8. Request Acceptance and Response Suppression Rules 665 CoAP [I-D.ietf-core-coap] and CoRE Link Format [RFC6690] define 666 normative behaviors for: 668 1. IP multicast request acceptance - in which cases a CoAP request 669 is accepted and executed, and when not. 671 2. IP multicast response suppression - in which cases the CoAP 672 response to an already-executed request is returned to the 673 requesting endpoint, and when not. 675 A CoAP response differs from a CoAP ACK; ACKs are never sent by 676 servers in response to an IP multicast CoAP request. This section 677 first summarizes these normative behaviors and then presents 678 additional guidelines for response suppression. Also a number of IP 679 multicast example applications are given to illustrate the overall 680 approach. 682 To apply any rules for request and/or response suppression, a CoAP 683 server must be aware that an incoming request arrived via IP 684 multicast by making use of APIs such as IPV6_RECVPKTINFO [RFC3542]. 686 For IP multicast request acceptance, the REQUIRED behaviors are: 688 o A server SHOULD NOT accept an IP multicast request that cannot be 689 "authenticated" in some way (cryptographically or by some 690 multicast boundary limiting the potential sources) 691 [I-D.ietf-core-coap]. See Section 5.3 for examples of multicast 692 boundary limiting methods. 694 o A server SHOULD NOT accept an IP multicast discovery request with 695 a query string (as defined in CoRE Link Format [RFC6690]) if 696 filtering ([RFC6690]) is not supported by the server. 698 o A server SHOULD NOT accept an IP multicast request that acts on a 699 specific resource for which IP multicast support is not required. 700 (Note that for the resource "/.well-known/core", IP multicast 701 support is required if "multicast resource discovery" is supported 702 as specified in section 1.2.1 of [RFC6690]). Implementers are 703 advised to disable IP multicast support by default on any other 704 resource, until explicitly enabled by an application or by 705 configuration.) 707 o Otherwise accept the IP multicast request. 709 For IP multicast response suppression, the REQUIRED behaviors are: 711 o A server SHOULD NOT respond to an IP multicast discovery request 712 if the filter specified by the request's query string does not 713 match. 715 o A server MAY choose not to respond to an IP multicast request, if 716 there's nothing useful to respond (e.g., error or empty response). 718 o Otherwise respond to the IP multicast request. 720 The above response suppression behaviors are complemented by the 721 following guidelines. CoAP servers SHOULD implement configurable 722 response suppression, enabling at least the following options per 723 resource that supports IP multicast requests: 725 o Suppression of all 2.xx success responses; 727 o Suppression of all 4.xx client errors; 729 o Suppression of all 5.xx server errors; 731 o Suppression of all 2.05 responses with empty payload. 733 A number of CoAP group communication example applications are given 734 below to illustrate how to make use of response suppression: 736 o CoAP resource discovery: Suppress 2.05 responses with empty 737 payload and all 4.xx and 5.xx errors. 739 o Lighting control: Suppress all 2.xx responses after a lighting 740 change command. 742 o Update configuration data in a group of devices using group 743 communication PUT: No suppression at all. The client uses 744 collected responses to identify which group members did not 745 receive the new configuration; then attempts using CoAP CON 746 unicast to update those specific group members. Note that in this 747 case the client implements a "reliable group communication" (as 748 defined in Section 1.3) function using additional, non- 749 standardized functions above the CoAP layer. 751 o IP multicast firmware update by sending blocks of data: Suppress 752 all 2.xx and 5.xx responses. After having sent all IP multicast 753 blocks, the client checks each endpoint by unicast to identify 754 which data blocks are still missing in each endpoint. 756 o Conditional reporting for a group (e.g., sensors) based on a group 757 URI query: Suppress all 2.05 responses with empty payload (i.e., 758 if a query produces no matching results). 760 2.9. Congestion Control 762 CoAP group communication requests may result in a multitude of 763 responses from different nodes, potentially causing congestion. 764 Therefore both the sending of IP multicast requests, and the sending 765 of the unicast CoAP responses to these multicast requests should be 766 conservatively controlled. 768 CoAP [I-D.ietf-core-coap] reduces IP multicast-specific congestion 769 risks through the following measures: 771 o A server MAY choose not to respond to an IP multicast request if 772 there's nothing useful to respond (e.g., error or empty response). 773 See Section 2.8 for more detailed guidelines on response 774 suppression. 776 o A server SHOULD limit the support for IP multicast requests to 777 specific resources where multicast operation is required. 779 o An IP multicast request MUST be Non-confirmable. 781 o A response to an IP multicast request SHOULD be Non-confirmable 782 (Section 5.2.3 of [I-D.ietf-core-coap]). 784 o A server does not respond immediately to an IP multicast request, 785 but SHOULD first wait for a time that is randomly picked within a 786 predetermined time interval called the Leisure. 788 Additional guidelines to reduce congestion risks defined in this 789 document are: 791 o A server in an LLN should only support group communication GET for 792 resources that are small. For example, the payload of the 793 response is limited to approximately 5% of the IP Maximum Transmit 794 Unit (MTU) size so it fits into a single link-layer frame in case 795 6LoWPAN [RFC4944] is used. 797 o A server can minimize the payload length in response to a group 798 communication GET on "/.well-known/core" by using hierarchy in 799 arranging link descriptions for the response. An example of this 800 is given in Section 5 of [RFC6690]. 802 o A server can also minimize the payload length of a response to a 803 group communication GET (e.g., on "/.well-known/core") using CoAP 804 blockwise transfers [I-D.ietf-core-block], returning only a first 805 block of the CoRE Link Format description. For this reason, a 806 CoAP client sending an IP multicast CoAP request to "/.well-known/ 807 core" SHOULD support core-block. 809 o A client should use CoAP group communication with the smallest 810 possible IP multicast scope that fulfills the application needs. 811 As an example, site-local scope is always preferred over global 812 scope IP multicast if this fulfills the application needs. 814 More guidelines specific to use of CoAP in 6LoWPAN networks [RFC4944] 815 are given in Section 4.5. 817 2.10. Proxy Operation 819 CoAP [I-D.ietf-core-coap] allows a client to request a forward-proxy 820 to process its CoAP request. For this purpose the client either 821 specifies the request group URI as a string in the Proxy-URI option, 822 or it specifies the Proxy-Scheme option with the group URI 823 constructed from the usual Uri-* options. This approach works well 824 for unicast requests. However, there are certain issues and 825 limitations of processing the (unicast) responses to a CoAP group 826 communication request made in this manner through a proxy. 828 A proxy may buffer all the individual (unicast) responses to a CoAP 829 group communication request and then send back only a single 830 (aggregated) response to the client. However there are some issues 831 with this aggregation approach: 833 o Aggregation of (unicast) responses to a CoAP group communication 834 request in a proxy is difficult. This is because the proxy does 835 not know how many members there are in the group, or how many 836 group members will actually respond. Also the proxy does not know 837 how long to wait before deciding to send back the aggregated 838 response to the client. 840 o There is no default format defined in CoAP for aggregation of 841 multiple responses into a single response. 843 Alternatively, if a proxy follows directly the specification for a 844 CoAP Proxy [I-D.ietf-core-coap], the proxy would simply forward all 845 the individual (unicast) responses to a CoAP group communication 846 request to the client (i.e., no aggregation). There are also issues 847 with this approach: 849 o The client may be confused as it may not have known that the 850 Proxy-URI contained a group URI target. That is, the client may 851 be expecting only one (unicast) response but instead receives 852 multiple (unicast) responses potentially leading to fault 853 conditions in the application. 855 o Each individual CoAP response will appear to originate (IP Source 856 address) from the CoAP Proxy, and not from the server that 857 produced the response. This makes it impossible for the client to 858 identify the server that produced each response. 860 Due to above issues, a guideline is defined here that a CoAP Proxy 861 SHOULD NOT support processing an IP multicast CoAP request but rather 862 return a 501 (Not Implemented) response in such case. The exception 863 case here (i.e., to process it) is allowed under following 864 conditions: 866 o The CoAP Proxy MUST be explicitly configured (whitelist) to allow 867 proxied IP multicast requests by specific client(s). 869 o The proxy SHOULD return individual (unicast) CoAP responses to the 870 client (i.e., not aggregated). The exception case here occurs 871 when a (future) standardized aggregation format is being used. 873 o It MUST be known to the person/entity doing the configuration of 874 the proxy, or otherwise verified in some way, that the client 875 configured in the whitelist supports receiving multiple responses 876 to a proxied unicast CoAP request. 878 2.11. Exceptions 880 CoAP group communication using IP multicast offers improved network 881 efficiency and latency amongst other benefits. However, group 882 communication may not always be implementable in a given network. 883 The primary reason for this will be that IP multicast is not (fully) 884 supported in the network. 886 For example, if only the RPL protocol [RFC6550] is used in a network 887 with its optional multicast support disabled, there will be no IP 888 multicast routing at all. The only multicast that works in this case 889 is link-local IPv6 multicast. This implies that any CoAP group 890 communication request will be delivered to nodes on the local link 891 only, regardless of the scope value used in the IPv6 destination 892 address. 894 3. Use Cases and Corresponding Protocol Flows 895 3.1. Introduction 897 The use of CoAP group communication is shown in the context of the 898 following two use cases and corresponding protocol flows: 900 o Discovery of RD [I-D.ietf-core-resource-directory]: discovering 901 the local CoAP RD which contains links to resources stored on 902 other CoAP servers [RFC6690]. 904 o Lighting Control: synchronous operation of a group of 905 IPv6-connected lights (e.g., 6LoWPAN [RFC4944] lights). 907 3.2. Network Configuration 909 To illustrate the use cases we define two IPv6 network 910 configurations. Both are based on the topology as shown in Figure 1. 911 The two configurations using this topology are: 913 1. Subnets are 6LoWPAN networks; the routers Rtr-1 and Rtr-2 are 914 6LoWPAN Border Routers (6LBRs, [RFC6775]). 916 2. Subnets are Ethernet links; the routers Rtr-1 and Rtr-2 are 917 multicast-capable Ethernet routers. 919 Both configurations are further specified by the following: 921 o A large room (Room-A) with three lights (Light-1, Light-2, 922 Light-3) controlled by a Light Switch. The devices are organized 923 into two subnets. In reality, there could be more lights (up to 924 several hundreds) but these are not shown for clarity. 926 o Light-1 and the Light Switch are connected to a router (Rtr-1). 928 o Light-2 and the Light-3 are connected to another router (Rtr-2). 930 o The routers are connected to an IPv6 network backbone which is 931 also multicast enabled. In the general case, this means the 932 network backbone and Rtr-1/Rtr-2 support a PIM based multicast 933 routing protocol, and Multicast Listener Discovery (MLD) for 934 forming groups. 936 o A CoAP RD is connected to the network backbone. 938 o The DNS server is optional. If the server is there (connected to 939 the network backbone) then certain DNS based features are 940 available (e.g., DNS resolution of hostname to IP multicast 941 address). If the DNS server is not there, then different 942 provisioning of the network is required (e.g., IP multicast 943 addresses are hard-coded into devices, or manually configured, or 944 obtained via a service discovery method). 946 o A Controller (CoAP client) is connected to the backbone, which is 947 able to control various building functions including lighting. 949 ################################################ 950 # ********************** Room-A # 951 # ** Subnet-1 ** # Network 952 # * ** # Backbone 953 # * +----------+ * # | 954 # * | Light |-------+ * # | 955 # * | Switch | | * # | 956 # * +----------+ +---------+ * # | 957 # * | Rtr-1 |-----------------------------+ 958 # * +---------+ * # | 959 # * +----------+ | * # | 960 # * | Light-1 |--------+ * # | 961 # * +----------+ * # | 962 # ** ** # | 963 # ************************** # | 964 # # | 965 # ********************** # +------------+ | 966 # ** Subnet-2 ** # | DNS Server | | 967 # * ** # | (Optional) |--+ 968 # * +----------+ * # +------------+ | 969 # * | Light-2 |-------+ * # | 970 # * | | | * # | 971 # * +----------+ +---------+ * # | 972 # * | Rtr-2 |-----------------------------+ 973 # * +---------+ * # | 974 # * +----------+ | * # | 975 # * | Light-3 |--------+ * # | 976 # * +----------+ * # +------------+ | 977 # ** ** # | Controller |--+ 978 # ************************** # | Client | | 979 ################################################ +------------+ | 980 +------------+ | 981 | CoAP | | 982 | Resource |-----------------+ 983 | Directory | 984 +------------+ 986 Figure 1: Network Topology of a Large Room (Room-A) 988 3.3. Discovery of Resource Directory 990 The protocol flow for discovery of the CoAP RD for the given network 991 (of Figure 1) is shown in Figure 2: 993 o Light-2 is installed and powered on for the first time. 995 o Light-2 will then search for the local CoAP RD by sending out a 996 group communication GET request (with the "/.well-known/ 997 core?rt=core.rd" request URI) to the site-local "All CoAP Nodes" 998 multicast address (FF05:::FD). 1000 o This multicast message will then go to each node in subnet-2. 1001 Rtr-2 will then forward it into to the Network Backbone where it 1002 will be received by the CoAP RD. All other nodes in subnet-2 will 1003 ignore the group communication GET request because it is qualified 1004 by the query string "?rt=core.rd" (which indicates it should only 1005 be processed by the endpoint if it contains a resource of type 1006 "core.rd"). 1008 o The CoAP RD will then send back a unicast response containing the 1009 requested content, which is a CoRE Link Format representation of a 1010 resource of type "core.rd". 1012 o Note that the flow is shown only for Light-2 for clarity. Similar 1013 flows will happen for Light-1, Light-3 and the Light Switch when 1014 they are first installed. 1016 The CoAP RD may also be discovered by other means such as by assuming 1017 a default location (e.g., on a 6LBR), using DHCP, anycast address, 1018 etc. However, these approaches do not invoke CoAP group 1019 communication so are not further discussed here. (See 1020 [I-D.ietf-core-resource-directory] for more details). 1022 For other discovery use cases such as discovering local CoAP servers, 1023 services or resources, CoAP group communication can be used in a 1024 similar fashion as in the above use case. For example, Link-Local 1025 (LL), admin-local or site-local scoped discovery can be done this 1026 way. 1028 Light CoAP 1029 Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 RD 1030 | | | | | | | 1031 | | | | | | | 1032 ********************************** | | | 1033 * Light-2 is installed * | | | 1034 * and powers on for first time * | | | 1035 ********************************** | | | 1036 | | | | | | | 1037 | | | | | | | 1038 | | COAP NON Mcast(GET | | 1039 | | /.well-known/core?rt=core.rd) | | 1040 | |--------->-------------------------------->| | 1041 | | | | | |--------->| 1042 | | | | | | | 1043 | | | | | | | 1044 | | COAP NON (2.05 Content | | 1045 | | ;rt="core.rd";ins="Primary") |<---------| 1046 | |<------------------------------------------| | 1047 | | | | | | | 1049 Figure 2: Resource Directory Discovery via Multicast Request 1051 3.4. Lighting Control 1053 The protocol flow for a building automation lighting control scenario 1054 for the network (Figure 1) is shown in Figure 3. The network is 1055 assumed to be in a 6LoWPAN configuration. Also, it is assumed that 1056 the CoAP servers in each Light are configured to suppress CoAP 1057 responses for any IP multicast CoAP requests related to lighting 1058 control. (See Section 2.8 for more details on response suppression 1059 by a server.) 1061 In addition, Figure 4 shows a protocol flow example for the case that 1062 servers do respond to a lighting control IP multicast request with 1063 (unicast) CoAP NON responses. There are two success responses and 1064 one 5.00 error response. In this particular case, the Light Switch 1065 does not check that all Lights in the group received the IP multicast 1066 request by examining the responses. This is because the Light Switch 1067 is not configured with an exhaustive list of the IP addresses of all 1068 Lights belonging to the group. However, based on received error 1069 responses it could take additional action such as logging a fault or 1070 alerting the user via its LCD display. In case a CoAP message is 1071 delivered multiple times to a Light, the subsequent CoAP messages can 1072 be filtered out as duplicates, based on the CoAP Message ID. 1074 Reliability of IP multicast is not guaranteed. Therefore, one or 1075 more lights in the group may not have received the CoAP control 1076 request due to packet loss. In this use case there is no detection 1077 nor correction of such situations: the application layer expects that 1078 the IP multicast forwarding/routing will be of sufficient quality to 1079 provide on average a very high probability of packet delivery to all 1080 CoAP endpoints in an IP multicast group. An example protocol to 1081 accomplish this using randomized retransmission is the MPL forwarding 1082 protocol for LLNs [I-D.ietf-roll-trickle-mcast]. 1084 We assume the following steps have already occurred before the 1085 illustrated flows: 1087 1. Startup phase: 6LoWPANs are formed. IPv6 addresses assigned to 1088 all devices. The CoAP network is formed. 1090 2. Network configuration (application-independent): 6LBRs are 1091 configured with IP multicast addresses, or address blocks, to 1092 filter out or to pass through to/from the 6LoWPAN. 1094 3. Commissioning phase (application-related): The IP multicast 1095 address of the group (Room-A-Lights) has been configured in all 1096 the Lights and in the Light Switch. 1098 4. As an alternative to the previous step, when a DNS server is 1099 available, the Light Switch and/or the Lights have been 1100 configured with a group hostname which each nodes resolves to the 1101 above IP multicast address of the group. 1103 Note for the Commissioning phase: the switch's 6LoWPAN/CoAP software 1104 stack supports sending unicast, multicast or proxied unicast CoAP 1105 requests, including processing of the multiple responses that may be 1106 generated by an IP multicast CoAP request. 1108 Light Network 1109 Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone 1110 | | | | | | | 1111 | | | | | | | 1112 | | *********************** | | 1113 | | * User flips on * | | 1114 | | * light switch to * | | 1115 | | * turn on all the * | | 1116 | | * lights in Room A * | | 1117 | | *********************** | | 1118 | | | | | | | 1119 | | | | | | | 1120 | | | COAP NON Mcast(PUT, | | 1121 | | | Payload=lights ON) | | 1122 |<-------------------------------+--------->| | | 1123 ON | | | |-------------------->| 1124 | | | | | |<---------| 1125 | |<---------|<-------------------------------| | 1126 | ON ON | | | | 1127 ^ ^ ^ | | | | 1128 *********************** | | | | 1129 * Lights in Room-A * | | | | 1130 * turn on (nearly * | | | | 1131 * simultaneously) * | | | | 1132 *********************** | | | | 1133 | | | | | | | 1135 Figure 3: Light Switch Sends Multicast Control Message 1136 Light Network 1137 Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone 1138 | | | | | | | 1139 | COAP NON (2.04 Changed) | | | | 1140 |------------------------------->| | | | 1141 | | | | | | | 1142 | | | | | | | 1143 | COAP NON (2.04 Changed) | | | 1144 | |------------------------------------------>| | 1145 | | | | | |--------->| 1146 | | | | |<--------------------| 1147 | | | |<---------| | | 1148 | | | | | | | 1149 | | COAP NON (5.00 Internal Server Error) | 1150 | | |------------------------------->| | 1151 | | | | | |--------->| 1152 | | | | |<--------------------| 1153 | | | |<---------| | | 1154 | | | | | | | 1156 Figure 4: Lights (Optionally) Respond to Multicast CoAP Request 1158 Another, but similar, lighting control use case is shown in Figure 5. 1159 In this case a controller connected to the Network Backbone sends a 1160 CoAP group communication request to turn on all lights in Room-A. 1161 Every Light sends back a CoAP response to the Controller after being 1162 turned on. 1164 Network 1165 Light-1 Light-2 Light-3 Rtr-1 Rtr-2 Backbone Controller 1166 | | | | | | | 1167 | | | | | COAP NON Mcast(PUT, 1168 | | | | | Payload=lights ON) 1169 | | | | | |<-------| 1170 | | | |<----------<---------| | 1171 |<--------------------------------| | | | 1172 ON | | | | | | 1173 | |<----------<---------------------| | | 1174 | ON ON | | | | 1175 ^ ^ ^ | | | | 1176 *********************** | | | | 1177 * Lights in Room-A * | | | | 1178 * turn on (nearly * | | | | 1179 * simultaneously) * | | | | 1180 *********************** | | | | 1181 | | | | | | | 1182 | | | | | | | 1183 | COAP NON (2.04 Changed) | | | | 1184 |-------------------------------->| | | | 1185 | | | |-------------------->| | 1186 | | COAP NON (2.04 Changed) | |------->| 1187 | |-------------------------------->| | | 1188 | | | | |--------->| | 1189 | | | COAP NON (2.04 Changed) |------->| 1190 | | |--------------------->| | | 1191 | | | | |--------->| | 1192 | | | | | |------->| 1193 | | | | | | | 1195 Figure 5: Controller On Backbone Sends Multicast Control Message 1197 3.5. Lighting Control in MLD Enabled Network 1199 The use case of previous section can also apply in networks where 1200 nodes support the MLD protocol [RFC3810]. The Lights then take on 1201 the role of MLDv2 listener and the routers (Rtr-1, Rtr-2) are MLDv2 1202 Routers. In the Ethernet based network configuration, MLD may be 1203 available on all involved network interfaces. Use of MLD in the 1204 6LoWPAN based configuration is also possible, but requires MLD 1205 support in all nodes in the 6LoWPAN. In current 6LoWPAN 1206 implementations, MLD is however not supported. 1208 The resulting protocol flow is shown in Figure 6. This flow is 1209 executed after the commissioning phase, as soon as Lights are 1210 configured with a group address to listen to. The (unicast) MLD 1211 Reports may require periodic refresh activity as specified by the MLD 1212 protocol. In the figure, LL denotes Link Local communication. 1214 After the shown sequence of MLD Report messages has been executed, 1215 both Rtr-1 and Rtr-2 are automatically configured to forward IP 1216 multicast traffic destined to Room-A-Lights onto their connected 1217 subnet. Hence, no manual Network Configuration of routers, as 1218 previously indicated in Section 3.4, is needed anymore. 1220 Light Network 1221 Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone 1222 | | | | | | | 1223 | | | | | | | 1224 | | | | | | | 1225 | MLD Report: Join | | | | | 1226 | Group (Room-A-Lights) | | | | 1227 |---LL------------------------------------->| | | 1228 | | | | |MLD Report: Join | 1229 | | | | |Group (Room-A-Lights)| 1230 | | | | |---LL---->----LL---->| 1231 | | | | | | | 1232 | | MLD Report: Join | | | | 1233 | | Group (Room-A-Lights) | | | 1234 | |---LL------------------------------------->| | 1235 | | | | | | | 1236 | | | MLD Report: Join | | | 1237 | | | Group (Room-A-Lights) | | 1238 | | |---LL-------------------------->| | 1239 | | | | | | | 1240 | | | | |MLD Report: Join | 1241 | | | | |Group (Room-A-Lights)| 1242 | | | | |<--LL-----+---LL---->| 1243 | | | | | | | 1244 | | | | | | | 1246 Figure 6: Joining Lighting Groups Using MLD 1248 3.6. Commissioning the Network Based On Resource Directory 1250 This section outlines how devices in the lighting use case (both 1251 Switches and Lights) can be commissioned, making use of Resource 1252 Directory [I-D.ietf-core-resource-directory] and its group 1253 configuration feature. 1255 Once the Resource Directory (RD) is discovered, the Switches and 1256 Lights need to be discovered and their groups need to be defined. 1258 For the commissioning of these devices, a commissioning tool can be 1259 used that defines the entries in the RD. The commissioning tool has 1260 the authority to change the contents of the RD and the Light/Switch 1261 nodes. DTLS based security is used by the commissioning tool to 1262 modify operational data in RD, Switches and Lights. 1264 In our particular use case, a group of three lights is defined with 1265 one IP multicast address and hostname 1266 "Room-A-Lights.floor1.west.bldg6.example.com". The commissioning 1267 tool has a list of the three lights and the associated IP multicast 1268 address. For each light in the list the tool learns the IP address 1269 of the light and instructs the RD with three (unicast) POST commands 1270 to store the endpoints associated with the three lights as prescribed 1271 by the RD specification [I-D.ietf-core-resource-directory]. Finally 1272 the commissioning tool defines the group in the RD to contain these 1273 three endpoints. Also the commissioning tool writes the IP multicast 1274 address in the Light endpoints with, for example, the (unicast) POST 1275 command discussed in Section 2.7.2.2. 1277 The light switch can discover the group in RD and thus learn the IP 1278 multicast address of the group. The light switch will use this 1279 address to send CoAP group communication requests to the members of 1280 the group. When the message arrives the Lights should recognize the 1281 IP multicast address and accept the message. 1283 4. Deployment Guidelines 1285 This section provides guidelines how IP multicast based CoAP group 1286 communication can be deployed in various network configurations. 1288 4.1. Target Network Topologies 1290 CoAP group communication can be deployed in various network 1291 topologies. First, the target network may be a traditional IP 1292 network, or a LLN such as a 6LoWPAN network, or consist of mixed 1293 traditional/constrained network segments. Second, it may be a single 1294 subnet only or multi-subnet; e.g., multiple 6LoWPAN networks joined 1295 by a single backbone LAN. Third, a wireless network segment may have 1296 all its nodes reachable in a single IP hop (fully connected), or it 1297 may require multiple IP hops for some pairs of nodes to reach each 1298 other. 1300 Each topology may pose different requirements on the configuration of 1301 routers and protocol(s), in order to enable efficient CoAP group 1302 communication. To enable all the above target network topologies, an 1303 implementation of CoAP group communication needs to allow: 1305 1. Routing/forwarding of IP multicast packets over multiple hops 1306 2. Routing/forwarding of IP multicast packets over subnet boundaries 1307 between traditional and constrained (e.g. LLN) networks. 1309 The remainder of this section discusses solutions to enable both 1310 features. 1312 4.2. Networks Using the MLD Protocol 1314 CoAP nodes that are IP hosts (i.e., not IP routers) are generally 1315 unaware of the specific IP multicast routing/forwarding protocol 1316 being used. When such a host needs to join a specific (CoAP) 1317 multicast group, it requires a way to signal to IP multicast routers 1318 which IP multicast traffic it wants to receive. 1320 The Multicast Listener Discovery (MLD) protocol [RFC3810] (see 1321 Appendix A) is the standard IPv6 method to achieve this; therefore 1322 this approach should be used on traditional IP networks. CoAP server 1323 nodes would then act in the role of MLD Multicast Address Listener. 1325 The guidelines from [RFC6636] on tuning of MLD for mobile and 1326 wireless networks may be useful when implementing MLD in LLNs. 1327 However, on LLNs and 6LoWPAN networks the use of MLD may not be 1328 feasible at all due to constraints on code size, memory, or network 1329 capacity. 1331 4.3. Networks Using RPL Multicast Without MLD 1333 It is assumed in this section that the MLD protocol is not 1334 implemented in a network, for example due to resource constraints. 1335 The RPL routing protocol (see Section 12 of [RFC6550]) defines the 1336 advertisement of IP multicast destinations using DAO messages and 1337 routing of multicast IPv6 packets based on this. It requires the RPL 1338 Mode of Operation (MOP) to be 3 (Storing Mode with multicast 1339 support). 1341 Hence, RPL DAO can be used by CoAP nodes that are RPL Routers, or are 1342 RPL Leaf Nodes, to advertise IP multicast group membership to parent 1343 routers. Then, the RPL protocol is used to route IP multicast CoAP 1344 requests over multiple hops to the correct CoAP servers. 1346 The same DAO mechanism can be used to convey IP multicast group 1347 membership information to an edge router (e.g., 6LBR), in case the 1348 edge router is also the root of the RPL DODAG. This is useful 1349 because the edge router then learns which IP multicast traffic it 1350 needs to pass through from the backbone network into the LLN subnet. 1351 In 6LoWPAN networks, such selective "filtering" helps to avoid 1352 congestion of a 6LoWPAN subnet by IP multicast traffic from the 1353 traditional backbone IP network. 1355 4.4. Networks Using MPL Forwarding Without MLD 1357 The MPL forwarding protocol [I-D.ietf-roll-trickle-mcast] can be used 1358 for propagation of IPv6 multicast packets to all MPL Forwarders 1359 within a predefined network domain, over multiple hops. MPL is 1360 designed to work in LLNs. In this section it is again assumed that 1361 Multicast Listener Discovery (MLD) is not implemented in the network, 1362 for example due to resource limitations in an LLN. 1364 The purpose of MPL is to let a predefined group of Forwarders 1365 collectively work towards the goal of distributing an IPv6 multicast 1366 packet throughout an MPL Domain. (A Forwarder node may be associated 1367 to multiple MPL Domains at the same time.) So it would appear there 1368 is no need for CoAP servers to advertise their multicast group 1369 membership, since any IP multicast packet that enters the MPL Domain 1370 is distributed to all MPL Forwarders without regard to what multicast 1371 addresses the individual nodes are listening to. 1373 However, if an IP multicast request originates just outside the MPL 1374 Domain, the request will not be propagated by MPL. An example of 1375 such a case is the network topology of Figure 1 where the Subnets are 1376 6LoWPAN subnets and per 6LoWPAN subnet one Realm-Local 1377 ([I-D.droms-6man-multicast-scopes]) MPL Domain is defined. The 1378 backbone network in this case is not part of any MPL Domain. 1380 This situation can become a problem in building control use cases. 1381 For example, when the Controller Client needs to send a single IP 1382 multicast request to the group Room-A-Lights. By default, the 1383 request would be blocked by Rtr-1 and by Rtr-2, and not enter the 1384 Realm-Local MPL Domains associated to Subnet-1 and Subnet-2. The 1385 reason is that Rtr-1 and Rtr-2 do not have the knowledge that devices 1386 in Subnet-1/2 want to listen for IP packets destined to IP multicast 1387 group Room-A-Lights. 1389 To solve the above issue, the following solutions could be applied: 1391 1. Extend the MPL Domain. E.g. in above example, include the 1392 Network Backbone to be part of each of the two MPL Domains. Or 1393 in above example, create just a single MPL Domain that includes 1394 both 6LoWPAN subnets plus the backbone link, which is possible 1395 since MPL is not tied to a single link-layer technology. 1397 2. Manual configuration of edge router(s) as MPL Seed(s) for 1398 specific IP multicast traffic. E.g. in above example, first 1399 configure Rtr-1 and Rtr-2 to act as MLD Address Listeners for the 1400 Room-A-Lights IP multicast group. This step allows any (other) 1401 routers on the backbone to learn that at least one node on the 1402 backbone link is interested to receive any IP multicast traffic 1403 to Room-A-Lights. Second, configure both routers to "inject" any 1404 IP multicast packets destined to group Room-A-Lights into the 1405 (Realm-Local) MPL Domain that is associated to that router. 1406 Third, configure both routers to propagate any IPv6 multicast 1407 packets originating from within their associated MPL Domain to 1408 the backbone, if at least one node on the backbone has indicated 1409 interest to receive such IPv6 packets (for which MLD is used on 1410 the backbone). 1412 3. Use an additional protocol/mechanism for injection of IP 1413 multicast traffic from outside an MPL Domain into that MPL 1414 Domain, based on IP multicast group subscriptions of Forwarders 1415 within the MPL Domain. Such protocol is currently not defined in 1416 [I-D.ietf-roll-trickle-mcast]. 1418 Concluding, MPL can be used directly in case all sources of IP 1419 multicast CoAP requests (CoAP clients) and also all the destinations 1420 (CoAP servers) are inside a single MPL Domain. Then, each source 1421 node acts as an MPL Seed. In all other cases, MPL can only be used 1422 with additional protocols and/or configuration on how IP multicast 1423 packets can be injected from outside into an MPL Domain. 1425 4.5. 6LoWPAN Specific Guidelines for the 6LBR 1427 To support multi-subnet scenarios for CoAP group communication, it is 1428 recommended that a 6LoWPAN Border Router (6LBR) will act in an MLD 1429 Router role on the backbone link. If this is not possible then the 1430 6LBR should be configured to act as an MLD Multicast Address Listener 1431 (see Appendix A) on the backbone link. 1433 5. Security Considerations 1435 This section describes the relevant security configuration for CoAP 1436 group communication using IP multicast. The threats to CoAP group 1437 communication are also identified and various approaches to mitigate 1438 these threats are summarized. 1440 5.1. Security Configuration 1442 As defined in [I-D.ietf-core-coap], CoAP group communication based on 1443 IP multicast: 1445 o Will operate in CoAP NoSec (No Security) mode, until a future 1446 group security solution is developed (see also Section 5.3.3). 1448 o MUST NOT use "coaps" scheme. That is, all group communication 1449 MUST use only "coap" scheme. 1451 5.2. Threats 1453 Essentially the above configuration means that there is no security 1454 at the CoAP layer for group communication. This is due to the fact 1455 that the current DTLS based approach for CoAP is exclusively unicast 1456 oriented and does not support group security features such as group 1457 key exchange and group authentication. As a direct consequence of 1458 this, CoAP group communication is vulnerable to all attacks mentioned 1459 in [I-D.ietf-core-coap] for IP multicast. 1461 5.3. Threat Mitigation 1463 The [I-D.ietf-core-coap] identifies various threat mitigation 1464 techniques for CoAP group communication. In addition to those 1465 guidelines, it is recommended that for sensitive data or safety- 1466 critical control, a combination of appropriate link-layer security 1467 and administrative control of IP multicast boundaries should be used. 1468 Some examples are given below. 1470 5.3.1. WiFi Scenario 1472 In a home automation scenario (using WiFi), the WiFi encryption 1473 should be enabled to prevent rogue nodes from joining. The Customer 1474 Premise Equipment (CPE) that enables access to the Internet should 1475 also have its IP multicast filters set so that it enforces multicast 1476 scope boundaries to isolate local multicast groups from the rest of 1477 the Internet (e.g., as per [RFC6092]). In addition, the scope of the 1478 IP multicast should be set to be site-local or smaller scope. For 1479 site-local scope, the CPE will be an appropriate multicast scope 1480 boundary point. 1482 5.3.2. 6LoWPAN Scenario 1484 In a building automation scenario, a particular room may have a 1485 single 6LoWPAN network with a single Edge Router (6LBR). Nodes on 1486 the subnet can use link-layer encryption to prevent rogue nodes from 1487 joining. The 6LBR can be configured so that it blocks any incoming 1488 (6LoWPAN-bound) IP multicast traffic. Another example topology could 1489 be a multi-subnet 6LoWPAN in a large conference room. In this case, 1490 the backbone can implement port authentication (IEEE 802.1X) to 1491 ensure only authorized devices can join the Ethernet backbone. The 1492 access router to this secured network segment can also be configured 1493 to block incoming IP multicast traffic. 1495 5.3.3. Future Evolution 1497 In the future, to further mitigate the threats, the developing 1498 approach for DTLS-based IP multicast security for CoAP networks (see 1499 [I-D.keoh-tls-multicast-security]) or similar approaches should be 1500 considered once they mature. 1502 6. IANA Considerations 1504 6.1. New 'core.gp' Resource Type 1506 This memo registers a new resource type (rt) from the CoRE Parameters 1507 Registry called 'core.gp'. 1509 (Note to IANA/RFC Editor: This registration follows the process 1510 described in section 7.4 of [RFC6690]). 1512 Attribute Value: core.gp 1514 Description: Group Configuration resource. This resource is used to 1515 query/manage the group membership of a CoAP server. 1517 Reference: See Section 2.7.2. 1519 6.2. New 'coap-group+json' Internet Media Type 1521 This memo registers a new Internet Media Type for CoAP group 1522 configuration resource called 'application/coap-group+json'. 1524 (Note to IANA/RFC Editor: This registration follows the guidance from 1525 [RFC6839], and (last paragraph) of section 12.3 of 1526 [I-D.ietf-core-coap]. 1528 Type name: application 1530 Subtype name: coap-group+json 1532 Required parameters: None 1534 Optional parameters: None 1536 Encoding considerations: 8bit UTF-8. 1538 JSON to be represented using UTF-8 which is 8bit compatible (and most 1539 efficient for resource constrained implementations). 1541 Security considerations: 1543 Denial of Service attacks could be performed by constantly 1544 (re-)setting the group configuration resource of a CoAP endpoint to 1545 different values. This will cause the endpoint to register (or de- 1546 register) from the related IP multicast group. To prevent this it is 1547 recommended that a form of authorization (making use of DTLS-secured 1548 CoAP) be used such that only authorized controllers are allowed by an 1549 endpoint to configure its group membership. 1551 Interoperability considerations: None 1553 Published specification: (This I-D when it becomes an RFC) 1555 Applications that use this media type: 1557 CoAP client and server implementations that wish to set/read the 1558 group configuration resource via 'application/coap-group+json' 1559 payload as described in Section 2.7.2. 1561 Additional Information: 1563 Magic number(s): None 1565 File extension(s): *.json 1567 Macintosh file type code(s): TEXT 1569 Intended usage: COMMON 1571 Restrictions on usage: None 1573 Author: CoRE WG 1575 Change controller: IETF 1577 7. Acknowledgements 1579 Thanks to Peter Bigot, Carsten Bormann, Anders Brandt, Angelo 1580 Castellani, Thomas Fossati, Bjoern Hoehrmann, Matthias Kovatsch, 1581 Guang Lu, Salvatore Loreto, Kerry Lynn, Andrew McGregor, Dale Seed, 1582 Zach Shelby, Peter van der Stok, Gengyu Wei, and Juan Carlos Zuniga 1583 for their helpful comments and discussions that have helped shape 1584 this document. 1586 8. References 1587 8.1. Normative References 1589 [RFC1033] Lottor, M., "Domain administrators operations guide", RFC 1590 1033, November 1987. 1592 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1593 Requirement Levels", BCP 14, RFC 2119, March 1997. 1595 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 1596 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 1597 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 1599 [RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A. 1600 Thyagarajan, "Internet Group Management Protocol, Version 1601 3", RFC 3376, October 2002. 1603 [RFC3433] Bierman, A., Romascanu, D., and K. Norseth, "Entity Sensor 1604 Management Information Base", RFC 3433, December 2002. 1606 [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei, 1607 "Advanced Sockets Application Program Interface (API) for 1608 IPv6", RFC 3542, May 2003. 1610 [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery 1611 Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. 1613 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 1614 Resource Identifier (URI): Generic Syntax", STD 66, RFC 1615 3986, January 2005. 1617 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1618 Architecture", RFC 4291, February 2006. 1620 [RFC4601] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, 1621 "Protocol Independent Multicast - Sparse Mode (PIM-SM): 1622 Protocol Specification (Revised)", RFC 4601, August 2006. 1624 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, 1625 "Transmission of IPv6 Packets over IEEE 802.15.4 1626 Networks", RFC 4944, September 2007. 1628 [RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for 1629 IPv4 Multicast Address Assignments", BCP 51, RFC 5771, 1630 March 2010. 1632 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 1633 Address Text Representation", RFC 5952, August 2010. 1635 [RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in 1636 Customer Premises Equipment (CPE) for Providing 1637 Residential IPv6 Internet Service", RFC 6092, January 1638 2011. 1640 [RFC6550] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., 1641 Levis, P., Pister, K., Struik, R., Vasseur, JP., and R. 1642 Alexander, "RPL: IPv6 Routing Protocol for Low-Power and 1643 Lossy Networks", RFC 6550, March 2012. 1645 [RFC6636] Asaeda, H., Liu, H., and Q. Wu, "Tuning the Behavior of 1646 the Internet Group Management Protocol (IGMP) and 1647 Multicast Listener Discovery (MLD) for Routers in Mobile 1648 and Wireless Networks", RFC 6636, May 2012. 1650 [RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link 1651 Format", RFC 6690, August 2012. 1653 [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann, 1654 "Neighbor Discovery Optimization for IPv6 over Low-Power 1655 Wireless Personal Area Networks (6LoWPANs)", RFC 6775, 1656 November 2012. 1658 [RFC6839] Hansen, T. and A. Melnikov, "Additional Media Type 1659 Structured Syntax Suffixes", RFC 6839, January 2013. 1661 [I-D.ietf-core-coap] 1662 Shelby, Z., Hartke, K., and C. Bormann, "Constrained 1663 Application Protocol (CoAP)", draft-ietf-core-coap-18 1664 (work in progress), June 2013. 1666 8.2. Informative References 1668 [I-D.ietf-core-block] 1669 Bormann, C. and Z. Shelby, "Blockwise transfers in CoAP", 1670 draft-ietf-core-block-14 (work in progress), October 2013. 1672 [I-D.ietf-roll-trickle-mcast] 1673 Hui, J. and R. Kelsey, "Multicast Protocol for Low power 1674 and Lossy Networks (MPL)", draft-ietf-roll-trickle- 1675 mcast-05 (work in progress), August 2013. 1677 [I-D.keoh-tls-multicast-security] 1678 Keoh, S., Kumar, S., and E. Dijk, "DTLS-based Multicast 1679 Security for Low-Power and Lossy Networks (LLNs)", draft- 1680 keoh-tls-multicast-security-00 (work in progress), October 1681 2012. 1683 [I-D.ietf-core-resource-directory] 1684 Shelby, Z., Krco, S., and C. Bormann, "CoRE Resource 1685 Directory", draft-ietf-core-resource-directory-00 (work in 1686 progress), June 2013. 1688 [I-D.ietf-appsawg-uri-get-off-my-lawn] 1689 Nottingham, M., "Standardising Structure in URIs", draft- 1690 ietf-appsawg-uri-get-off-my-lawn-00 (work in progress), 1691 September 2013. 1693 [I-D.droms-6man-multicast-scopes] 1694 Droms, R., "IPv6 Multicast Address Scopes", draft-droms- 1695 6man-multicast-scopes-02 (work in progress), July 2013. 1697 Appendix A. Multicast Listener Discovery (MLD) 1699 In order to extend the scope of IP multicast beyond link-local scope, 1700 an IP multicast routing or forwarding protocol has to be active in 1701 routers on an LLN. To achieve efficient IP multicast routing (i.e., 1702 avoid always flooding IP multicast packets), routers have to learn 1703 which hosts need to receive packets addressed to specific IP 1704 multicast destinations. 1706 The Multicast Listener Discovery (MLD) protocol [RFC3810] (or its 1707 IPv4 equivalent IGMP [RFC3376]) is today the method of choice used by 1708 an (IP multicast enabled) router to discover the presence of IP 1709 multicast listeners on directly attached links, and to discover which 1710 IP multicast addresses are of interest to those listening nodes. MLD 1711 was specifically designed to cope with fairly dynamic situations in 1712 which IP multicast listeners may join and leave at any time. 1714 [RFC6636] discusses optimal tuning of the parameters of MLD/IGMP for 1715 routers for mobile and wireless networks. These guidelines may be 1716 useful when implementing MLD in LLNs. 1718 Appendix B. Change Log 1720 [Note to RFC Editor: Please remove this section before publication.] 1722 Changes from ietf-17 to ietf-18: 1724 o Extensive editorial updates based on WGLC comments by Thomas 1725 Fossati and Gengyu Wei. 1727 o Addressed ticket #361: Added text for single membership PUT 1728 section 2.7.2.7 (Updating a single group membership (PUT)). 1730 o Addressed ticket #360: Added text for server duties upon all-at- 1731 once PUT section 2.7.2.6 (Creating/updating all group memberships 1732 at once (PUT)). 1734 o Addressed ticket #359: Fixed requirements text for Section 2.7.2.2 1735 (Creating a new multicast group membership (POST)). 1737 o Addressed ticket #358: Fixed requirements text for Section 2.7.2.1 1738 (CoAP-Group Resource Type and Media Type). 1740 o Addressed ticket #357: Added that "IPv6 addresses of other scopes 1741 MAY be enabled" in section 2.2 (Group Definition and Naming). 1743 o Various editorial updates for improved readability. 1745 Changes from ietf-16 to ietf-17: 1747 o Added guidelines on joining of IPv6/IPv4 "All CoAP Nodes" 1748 multicast addresses (#356). 1750 o Added MUST support default port in case multicast discovery is 1751 available. 1753 o In section 2.1 (IP Multicast Background), clarified that IP 1754 multicast is not guaranteed and referenced a definition of 1755 Reliable Group Communication (#355). 1757 o Added section 2.5 (Messages and Responses) to clarify how 1758 responses are identified and how Token/MID are used in multicast 1759 CoAP. 1761 o In section 2.6.2 (RESTful Interface for Configuring Group 1762 Memberships), clarified that group management interface is an 1763 optional approach for dynamic commissioning and that other 1764 approaches can also be used if desired. 1766 o Updated section 2.6.2 (RESTful Interface for Configuring Group 1767 Memberships) to allow deletion of individual group memberships 1768 (#354). 1770 o Various editorial updates based on comments by Peter van der Stok. 1771 Removed reference to expired draft-vanderstok-core-dna at request 1772 of its author. 1774 o Various editorial updates for improved readability. 1776 Changes from ietf-15 to ietf-16: 1778 o In section 2.6.2, changed DELETE in group management interface to 1779 a PUT with empty JSON array to clear the list (#345). 1781 o In section 2.6.2, aligned the syntax for IP addresses to follow 1782 RFC 3986 URI syntax, which is also used by coap-18. This allows 1783 re-use of the parsing code for CoAP URIs for this purpose (#342). 1785 o Addressed some more editorial comments provided by Carsten Bormann 1786 in preparation for WGLC. 1788 o Various editorial updates for improved readability. 1790 Changes from ietf-14 to ietf-15: 1792 o In section 2.2, provided guidance on how implementers should parse 1793 URIs for group communication (#339). 1795 o In section 2.6.2.1, specified that for group membership 1796 configuration interface the "ip" (i.e. "a" parameter) key/value is 1797 not required when it is unknown (#338). 1799 o In section 2.6.2.1, specified that for group membership 1800 configuration interface the port configuration be defaulted to 1801 standard CoAP port 5683, and if not default then should follow 1802 standard notation (#340). 1804 o In section 2.6.2.1, specified that notation of IP address in group 1805 membership configuration interface should follow standard notation 1806 (#342). 1808 o In section 6.2, "coap-group+json" Media Type encoding simplified 1809 to just support UTF-8 (and not UTF-16 and UTF-32) (#344). 1811 o Various editorial updates for improved readability. 1813 Changes from ietf-13 to ietf-14: 1815 o Update to address final editorial comments from the Chair's review 1816 (by Carsten Bormann) of the draft. This included restructuring of 1817 Section 2.6 (Configuring Group Memberships) and Section 4 1818 (Deployment Guidelines) to make it easier to read. Also various 1819 other editorial changes. 1821 o Changed "ip" field to "a" in Section 2.6 (#337) 1823 Changes from ietf-12 to ietf-13: 1825 o Extensive editorial updates due to comments from the Chair's 1826 review (by Carsten Bormann) of the draft. The best way to see the 1827 changes will be to do a -Diff with Rev. 12. 1829 o The technical comments from the Chair's review will be addressed 1830 in a future revision after tickets are generated and the solutions 1831 are agreed to on the WG E-mail list. 1833 Changes from ietf-11 to ietf-12: 1835 o Removed reference to "CoAP Ping" in Section 3.5 (Group Member 1836 Discovery) and replaced it with the more efficient support of 1837 discovery of groups and group members via the CORE RD as suggested 1838 by Zach Shelby. 1840 o Various editorial updates for improved readability. 1842 Changes from ietf-10 to ietf-11: 1844 o Added text to section 3.8 (Congestion Control) to clarify that a 1845 "CoAP client sending a multicast CoAP request to /.well-known/core 1846 SHOULD support core-block" (#332). 1848 o Various editorial updates for improved readability. 1850 Changes from ietf-09 to ietf-10: 1852 o Various editorial updates including: 1854 o Added a fourth option in section 3.3 on ways to obtain the URI 1855 path for a group request. 1857 o Clarified use of content format in GET/PUT requests for 1858 Configuring Group Membership in Endpoints (in section 3.6). 1860 o Changed reference "draft-shelby-core-resource-directory" to 1861 "draft-ietf-core-resource-directory". 1863 o Clarified (in section 3.7) that ACKs are never used for a 1864 multicast request (from #296). 1866 o Clarified (in section 5.2/5.2.3) that MPL does not support group 1867 membership advertisement. 1869 o Adding introductory paragraph to Scope (section 2.2). 1871 o Wrote out fully the URIs in table section 3.2. 1873 o Reworded security text in section 7.2 (New Internet Media Type) to 1874 make it consistent with section 3.6 (Configuring Group 1875 Membership). 1877 o Fixed formatting of hyperlinks in sections 6.3 and 7.2. 1879 Changes from ietf-08 to ietf-09: 1881 o Cleaned up requirements language in general. Also, requirements 1882 language are now only used in section 3 (Protocol Considerations) 1883 and section 6 (Security Considerations). Requirements language 1884 has been removed from other sections to keep them to a minimum 1885 (#271). 1887 o Addressed final comment from Peter van der Stok to define what "IP 1888 stack" meant (#296). Following the lead of CoAP-17, we know refer 1889 instead to "APIs such as IPV6_RECVPKTINFO [RFC 3542]". 1891 o Changed text in section 3.4 (Group Methods) to allow multicast 1892 POST under specific conditions and highlighting the risks with 1893 using it (#328). 1895 o Various editorial updates for improved readability. 1897 Changes from ietf-07 to ietf-08: 1899 o Updated text in section 3.6 (Configuring Group Membership in 1900 Endpoints) to make it more explicit that the Internet Media Type 1901 is used in the processing rules (#299). 1903 o Addressed various comments from Peter van der Stok (#296). 1905 o Various editorial updates for improved readability including 1906 defining all acronyms. 1908 Changes from ietf-06 to ietf-07: 1910 o Added an IANA request (in section 7.2) for a dedicated content- 1911 format (Internet Media type) for the group management JSON format 1912 called 'application/coap-group+json' (#299). 1914 o Clarified semantics (in section 3.6) of group management JSON 1915 format (#300). 1917 o Added details of IANA request (in section 7.1) for a new CORE 1918 Resource Type called 'core.gp'. 1920 o Clarified that DELETE method (in section 3.6) is also a valid 1921 group management operation. 1923 o Various editorial updates for improved readability. 1925 Changes from ietf-05 to ietf-06: 1927 o Added a new section on commissioning flow when using discovery 1928 services when end devices discover in which multicast group they 1929 are allocated (#295). 1931 o Added a new section on CoAP Proxy Operation (section 3.9) that 1932 outlines the potential issues and limitations of doing CoAP 1933 multicast requests via a CoAP Proxy (#274). 1935 o Added use case of multicasting controller on the backbone (#279). 1937 o Use cases were updated to show only a single CoAP RD (to replace 1938 the previous multiple RDs with one in each subnet). This is a 1939 more efficient deployment and also avoids RD specific issues such 1940 as synchronization of RD information between serves (#280). 1942 o Added text to section 3.6 (Configuring Group Membership in 1943 Endpoints) that clarified that any (unicast) operation to change 1944 an endpoint's group membership must use DTLS-secured CoAP. 1946 o Clarified relationship of this document to [I-D.ietf-core-coap] in 1947 section 2.2 (Scope). 1949 o Removed IPSec related requirement, as IPSec is not part of 1950 [I-D.ietf-core-coap] anymore. 1952 o Editorial reordering of subsections in section 3 to have a better 1953 flow of topics. Also renamed some of the (sub)sections to better 1954 reflect their content. Finally, moved the URI Configuration text 1955 to the same section as the Port Configuration section as it was a 1956 more natural grouping (now in section 3.3) . 1958 o Editorial rewording of section 3.7 (Multicast Request Acceptance 1959 and Response Suppression) to make the logic easier to comprehend 1960 (parse). 1962 o Various editorial updates for improved readability. 1964 Changes from ietf-04 to ietf-05: 1966 o Added a new section 3.9 (Exceptions) that highlights that IP 1967 multicast (and hence group communication) is not always available 1968 (#187). 1970 o Updated text on the use of [RFC2119] language (#271) in Section 1. 1972 o Included guidelines on when (not) to use CoAP responses to 1973 multicast requests and when (not) to accept multicast requests 1974 (#273). 1976 o Added guideline on use of core-block for minimizing response size 1977 (#275). 1979 o Restructured section 6 (Security Considerations) to more fully 1980 describe threats and threat mitigation (#277). 1982 o Clearly indicated that DNS resolution and reverse DNS lookup are 1983 optional. 1985 o Removed confusing text about a single group having multiple IP 1986 addresses. If multiple IP addresses are required then multiple 1987 groups (with the same members) should be created. 1989 o Removed repetitive text about the fact that group communication is 1990 not guaranteed. 1992 o Merged previous section 5.2 (Multicast Routing) into 3.1 (IP 1993 Multicast Routing Background) and added link to section 5.2 1994 (Advertising Membership of Multicast Groups). 1996 o Clarified text in section 3.8 (Congestion Control) regarding 1997 precedence of use of IP multicast domains (i.e. first try to use 1998 link-local scope, then site-local scope, and only use global IP 1999 multicast as a last resort). 2001 o Extended group resource manipulation guidelines with use of pre- 2002 configured ports/paths for the multicast group. 2004 o Consolidated all text relating to ports in a new section 3.3 (Port 2005 Configuration). 2007 o Clarified that all methods (GET/PUT/POST) for configuring group 2008 membership in endpoints should be unicast (and not multicast) in 2009 section 3.7 (Configuring Group Membership In Endpoints). 2011 o Various editorial updates for improved readability, including 2012 editorial comments by Peter van der Stok to WG list of December 2013 18th, 2012. 2015 Changes from ietf-03 to ietf-04: 2017 o Removed section 2.3 (Potential Solutions for Group Communication) 2018 as it is purely background information and moved section to draft- 2019 dijk-core-groupcomm-misc (#266). 2021 o Added reference to draft-keoh-tls-multicast-security to section 6 2022 (Security Considerations). 2024 o Removed Appendix B (CoAP-Observe Alternative to Group 2025 Communications) as it is as an alternative to IP Multicast that 2026 the WG has not adopted and moved section to draft-dijk-core- 2027 groupcomm-misc (#267). 2029 o Deleted section 8 (Conclusions) as it is redundant (#268). 2031 o Simplified light switch use case (#269) by splitting into basic 2032 operations and additional functions (#269). 2034 o Moved section 3.7 (CoAP Multicast and HTTP Unicast Interworking) 2035 to draft-dijk-core-groupcomm-misc (#270). 2037 o Moved section 3.3.1 (DNS-SD) and 3.3.2 (CoRE Resource Directory) 2038 to draft-dijk-core-groupcomm-misc as these sections essentially 2039 just repeated text from other drafts regarding DNS based features. 2040 Clarified remaining text in this draft relating to DNS based 2041 features to clearly indicate that these features are optional 2042 (#272). 2044 o Focus section 3.5 (Configuring Group Membership) on a single 2045 proposed solution. 2047 o Scope of section 5.3 (Use of MLD) widened to multicast destination 2048 advertisement methods in general. 2050 o Rewrote section 2.2 (Scope) for improved readability. 2052 o Moved use cases that are not addressed to draft-dijk-core- 2053 groupcomm-misc. 2055 o Various editorial updates for improved readability. 2057 Changes from ietf-02 to ietf-03: 2059 o Clarified that a group resource manipulation may return back a 2060 mixture of successful and unsuccessful responses (section 3.4 and 2061 Figure 6) (#251). 2063 o Clarified that security option for group communication must be 2064 NoSec mode (section 6) (#250). 2066 o Added mechanism for group membership configuration (#249). 2068 o Removed IANA request for multicast addresses (section 7) and 2069 replaced with a note indicating that the request is being made in 2070 [I-D.ietf-core-coap] (#248). 2072 o Made the definition of 'group' more specific to group of CoAP 2073 endpoints and included text on UDP port selection (#186). 2075 o Added explanatory text in section 3.4 regarding why not to use 2076 group communication for non-idempotent messages (i.e. CoAP POST) 2077 (#186). 2079 o Changed link-local RD discovery to site-local in RD discovery use 2080 case to make it more realistic. 2082 o Fixed lighting control use case CoAP proxying; now returns 2083 individual CoAP responses as in coap-12. 2085 o Replaced link format I-D with RFC6690 reference. 2087 o Various editorial updates for improved readability 2089 Changes from ietf-01 to ietf-02: 2091 o Rewrote congestion control section based on latest CoAP text 2092 including Leisure concept (#188) 2094 o Updated the CoAP/HTTP interworking section and example use case 2095 with more details and use of MLD for multicast group joining 2097 o Key use cases added (#185) 2099 o References to draft-vanderstok-core-dna and draft-castellani-core- 2100 advanced-http-mapping added 2102 o Moved background sections on "MLD" and "CoAP-Observe" to 2103 Appendices 2105 o Removed requirements section (and moved it to draft-dijk-core- 2106 groupcomm-misc) 2108 o Added details for IANA request for group communication multicast 2109 addresses 2111 o Clarified text to distinguish between "link local" and general 2112 multicast cases 2114 o Moved lengthy background section 5 to draft-dijk-core-groupcomm- 2115 misc and replaced with a summary 2117 o Various editorial updates for improved readability 2119 o Change log added 2121 Changes from ietf-00 to ietf-01: 2123 o Moved CoAP-observe solution section to section 2 2125 o Editorial changes 2127 o Moved security requirements into requirements section 2129 o Changed multicast POST to PUT in example use case 2131 o Added CoAP responses in example use case 2133 Changes from rahman-07 to ietf-00: 2135 o Editorial changes 2137 o Use cases section added 2139 o CoRE Resource Directory section added 2141 o Removed section 3.3.5. IP Multicast Transmission Methods 2143 o Removed section 3.4 Overlay Multicast 2145 o Removed section 3.5 CoAP Application Layer Group Management 2147 o Clarified section 4.3.1.3 RPL Routers with Non-RPL Hosts case 2149 o References added and some normative/informative status changes 2151 Authors' Addresses 2153 Akbar Rahman (editor) 2154 InterDigital Communications, LLC 2156 Email: Akbar.Rahman@InterDigital.com 2157 Esko Dijk (editor) 2158 Philips Research 2160 Email: esko.dijk@philips.com