6lo P. Thubert, Ed. Internet-Draft Cisco Systems Updates: 4861, 6550, 6553, 8505, 9010 (if 3 January 2023 approved) Intended status: Standards Track Expires: 7 July 2023 IPv6 Neighbor Discovery Prefix Registration draft-thubert-6lo-prefix-registration-02 Abstract This document updates the 6LoWPAN extensions to IPv6 Neighbor Discovery (RFC 8505) to enable a node that owns or is directly connected to a prefix to register that prefix to neighbor routers. The registration indicates that the registered prefix can be reached via the advertising node without a loop. The prefix registration also provides a protocol-independent interface for the node to request neighbor router(s) to redistribute the prefix to the larger routing domain using their specific routing protocols. As an example, this document extends RFC 9010 to enable the 6LR to inject the registered prefix in RPL. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 7 July 2023. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. Thubert Expires 7 July 2023 [Page 1] Internet-Draft Prefix Registration January 2023 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2.2. References . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Glossary . . . . . . . . . . . . . . . . . . . . . . . . 5 2.4. New terms . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. LLN Mesh Network . . . . . . . . . . . . . . . . . . . . 6 3.2. Shared Link . . . . . . . . . . . . . . . . . . . . . . . 8 3.3. Hub Link . . . . . . . . . . . . . . . . . . . . . . . . 8 4. Updating RFC 4861 . . . . . . . . . . . . . . . . . . . . . . 10 5. Extending RFC 7400 . . . . . . . . . . . . . . . . . . . . . 10 6. Updating RFC 6550 . . . . . . . . . . . . . . . . . . . . . . 11 7. Updating RFC 8505 . . . . . . . . . . . . . . . . . . . . . . 12 7.1. New P field value . . . . . . . . . . . . . . . . . . . . 12 7.2. New EARO Prefix Length Field . . . . . . . . . . . . . . 12 7.3. New EDAR Prefix Length Field . . . . . . . . . . . . . . 13 7.4. Registering Extensions . . . . . . . . . . . . . . . . . 14 8. Updating RFC 9010 . . . . . . . . . . . . . . . . . . . . . . 16 9. Leveraging RFC 8928 . . . . . . . . . . . . . . . . . . . . . 17 10. Security Considerations . . . . . . . . . . . . . . . . . . . 17 11. Backward Compatibility . . . . . . . . . . . . . . . . . . . 18 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 12.1. Updated P-Field Registry . . . . . . . . . . . . . . . . 18 12.2. New 6LoWPAN Capability Bit . . . . . . . . . . . . . . . 19 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 14. Normative References . . . . . . . . . . . . . . . . . . . . 19 15. Informative References . . . . . . . . . . . . . . . . . . . 21 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 Thubert Expires 7 July 2023 [Page 2] Internet-Draft Prefix Registration January 2023 1. Introduction The design of Low Power and Lossy Networks (LLNs) is generally focused on saving energy, which is the most constrained resource of all. Other design constraints, such as a limited memory capacity, duty cycling of the LLN devices and low-power lossy transmissions, derive from that primary concern. The radio (both transmitting or simply listening) is a major energy drain and the LLN protocols must be adapted to allow the nodes to remain sleeping with the radio turned off at most times. The "Routing Protocol for Low Power and Lossy Networks" [RFC6550] (RPL) provides IPv6 [RFC8200] routing services within such constraints. To save signaling and routing state in constrained networks, the RPL routing is only performed along a Destination- Oriented Directed Acyclic Graph (DODAG) that is optimized to reach a Root node, as opposed to along the shortest path between 2 peers, whatever that would mean in each LLN. This trades the quality of peer-to-peer (P2P) paths for a vastly reduced amount of control traffic and routing state that would be required to operate an any-to-any shortest path protocol. Additionally, broken routes may be fixed lazily and on-demand, based on dataplane inconsistency discovery, which avoids wasting energy in the proactive repair of unused paths. The classical "IPv6 Neighbor Discovery (IPv6 ND) Protocol" [RFC4861] [RFC4862] was defined for serial links and shared transit media such as Ethernet at a time when broadcast was cheap on those media while memory for neighbor cache was expensive. It was thus designed as a reactive protocol that relies on caching and multicast operations for the Address Discovery (aka Lookup) and Duplicate Address Detection (DAD) of IPv6 unicast addresses. Those multicast operations typically impact every node on-link when at most one is really targeted, which is a waste of energy, and imply that all nodes are awake to hear the request, which is inconsistent with power saving (sleeping) modes. The original 6LoWPAN ND, "Neighbor Discovery Optimizations for 6LoWPAN networks" [RFC6775], was introduced to avoid the excessive use of multicast messages and enable IPv6 ND for operations over energy-constrained nodes. [RFC6775] changes the classical IPv6 ND model to proactively establish the Neighbor Cache Entry (NCE) associated to the unicast address of a 6LoWPAN Node (6LN) in the a 6LoWPAN Router(s) (6LR) that serves it. To that effect, [RFC6775] defines a new Address Registration Option (ARO) that is placed in unicast Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages between the 6LN and the 6LR. Thubert Expires 7 July 2023 [Page 3] Internet-Draft Prefix Registration January 2023 "Registration Extensions for 6LoWPAN Neighbor Discovery" [RFC8505] updates [RFC6775] into a generic Address Registration mechanism that can be used to access services such as routing and ND proxy and introduces the Extended Address Registration Option (EARO) for that purpose. This provides a routing-agnostic interface for a host to request that the router injects a unicast IPv6 address in the local routing protocol and provide return reachability for that address. "IPv6 Neighbor Discovery Multicast Address Listener Subscription" [I-D.ietf-6lo-multicast-registration] updates [RFC8505] to enable a listener to subscribe an IPv6 anycast or multicast address; the draft also extends [RFC9010] to enable the 6LR to inject the anycast and multicast addresses in RPL. Similarly, this specification extends [RFC8505] and [RFC9010] to add the capability for the 6LN to register prefixes as opposed to addresses, and to signal in a protocol- independant fashion to the 6LR that it is expected to redistribute the prefixes in their specific routing protocols. 2. Terminology 2.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. In addition, the terms "Extends" and "Amends" are used as per [I-D.kuehlewind-update-tag] section 3. 2.2. References This document uses terms and concepts that are discussed in: * "Neighbor Discovery for IP version 6" [RFC4861] and "IPv6 Stateless address Autoconfiguration" [RFC4862], * Neighbor Discovery Optimization for Low-Power and Lossy Networks [RFC6775], as well as * "Registration Extensions for 6LoWPAN Neighbor Discovery" [RFC8505] and * "Using RPI Option Type, Routing Header for Source Routes, and IPv6-in-IPv6 Encapsulation in the RPL Data Plane" [RFC9008]. Thubert Expires 7 July 2023 [Page 4] Internet-Draft Prefix Registration January 2023 2.3. Glossary This document uses the following acronyms: 6BBR 6LoWPAN Backbone Router 6BBR 6LoWPAN Border Router 6LN 6LoWPAN Node 6LR 6LoWPAN Router 6CIO Capability Indication Option AMC Address Mapping Confirmation AMR Address Mapping Request ARO Address Registration Option DAC Duplicate Address Confirmation DAD Duplicate Address Detection DAR Duplicate Address Request EARO Extended Address Registration Option EDAC Extended Duplicate Address Confirmation EDAR Extended Duplicate Address Request DODAG Destination-Oriented Directed Acyclic Graph IR Ingress Replication LLN Low-Power and Lossy Network NA Neighbor Advertisement NCE Neighbor Cache Entry ND Neighbor Discovery NS Neighbor Solicitation ROVR Registration Ownership Verifier RTO RPL Target Option RA Router Advertisement RS Router Solicitation TID Transaction ID TIO Transit Information Option 2.4. New terms This document introduces the following terms: Origin The node that issued the prefix advertisement, either in the form of a NS(EARO) or as a DAO(TIO, RTO) Merge/merging The action of receiving multiple anycast or multicast advertisements, either internally from self, in the form of a NS(EARO), or as a DAO(TIO, RTO), and generating a single DAO(TIO, RTO). The 6RPL router maintains a state per origin for each advertised address, and merges the advertisements for all subsriptions for the same address in a single advertisement. A RPL router that merges becomes the origin of the merged advertisement and uses its own values for the Path Sequence and ROVR fields. Thubert Expires 7 July 2023 [Page 5] Internet-Draft Prefix Registration January 2023 3. Overview This specification inherits from [RFC6550], [RFC8505], and [RFC9010] to register prefixes as opposed to addresses. Unless specified otherwise therein, the behavior of the 6LBR that acts as RPL Root, of the intermediate routers down the RPL graph, of the 6LR that act as access routers and of the 6LNs that are the RPL-unaware destinations, is the same as for unicast addresses. In particular, forwarding a packet happens as specified in section 11 of [RFC6550], including loop avoidance and detection, though in the case of multicast multiple copies might be generated. [RFC8505] is a pre-requisite to this specification. A node that implements this MUST also implement [RFC8505]. This specification does not introduce a new option; it modifies existing options and updates the associated behaviors to enable the Registration for Multicast Addresses as an extension to [RFC8505]. This specification updates the P field introduced in [I-D.ietf-6lo-multicast-registration] for use in EARO, DAR, and RTO, with the new value of 3 to indicate the registration of a prefix, as detailed in Section 7.2. With this extension the 6LNs can now attract the traffic for a full prefix, using the P field value of 3 in the EARO to signal that the registration is for a prefix. Multiple 6LN may register the same prefix to the same 6LR or to different 6LRs. If the R flag is set in the registration of one or more 6LNs for the same prefix, the 6LR is requested to redistributes the prefix in other routing protocol (e.g., RPL), based on the longest registration lifetime across the active registrations for the prefix. This specification extends 6LoWPAN work, and it is certainly possible to leverage it between the 6LN and the 6LR where the 6LR is a RPL router, as discussed in Section 3.1. But as for [RFC8505] in general, this specification applies, beyond IoT use cases, to networks that are not necessarily LLNs, and/or where the routing protocol between the 6LR and above is not necessarily RPL. Examples of shared links and hub links are provided in Section 3.2 and Section 3.3, respectively. 3.1. LLN Mesh Network This specification also extends [RFC6550] and [RFC9010] in the case of a route-over multilink subnet based on the RPL routing protocol, to add multicast ingress replication in Non-Storing Mode and anycast support in both Storing and Non-Storing modes. A 6LR that implements the RPL extensions specified therein MUST also implement [RFC9010]. Thubert Expires 7 July 2023 [Page 6] Internet-Draft Prefix Registration January 2023 Figure 1 illustrates the classical situation of an LLN as a single IPv6 Subnet, with a 6LoWPAN Border Router (6LBR) that acts as Root for RPL operations and maintains a registry of the active registrations as an abstract data structure called an Address Registrar for 6LoWPAN ND. The LLN may be a hub-and-spoke access link such as (Low-Power) Wi-Fi [IEEE80211] and Bluetooth (Low Energy) [IEEE802151], or a Route-Over LLN such as the Wi-SUN and 6TiSCH meshes [I-D.heile-lpwan-wisun-overview] that leverages 6LoWPAN [RFC4919][RFC6282] and RPL [RFC6550] over [IEEE802154]. | ----+-------+------------ | Wire side +------+ | 6LBR | |(Root)| +------+ o o o Wireless side o o o o o o o o o o o o o o o o LLN o +---+ o o o o o |6LR| o o o o o +---+ o o o o o o z o o oo o o +---+ o |6LN| +---+ Figure 1: Wireless Mesh A leaf acting as a 6LN registers its unicast, multicast, and anycast addresses a RPL router acting as a 6LR, using a layer-2 unicast NS message with an EARO as specified in [RFC8505] and [I-D.ietf-6lo-multicast-registration]. The registration state is periodically renewed by the Registering Node, before the lifetime indicated in the EARO expires. As for unicast IPv6 addresses, the 6LR uses an EDAR/EDAC exchange with the 6LBR to notify the 6LBR of the presence of the listeners. With this specification, a router that own a prefix of provides reachability to an external prefix but is not a RPL router may also register those prefixes with the R flag set, to enable reachability via the RPL domain. As usual Thubert Expires 7 July 2023 [Page 7] Internet-Draft Prefix Registration January 2023 3.2. Shared Link A shared link is a situation where more than one Prefix is deployed over a L2 link (say a switched Ethernet + Wi-Fi ESS), and not necessarily all nodes are aware of all prefixes. Figure 2 depicts such a situation, with 2 routers 6LR1 and 6LR2 that own respective prefixes P1:: and P2::, and expose those in their RA messages over the same link. +-----+ +-----+ +-----+ +-----+ +-----+ |P1::c| |P2::d| |P2::e| |P1::f| |P1::g| +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ | | | | | ----+--+------+---------+--+------+---------+---+-- | | | +---+---+ +---+---+ | P1::a | | P2::b | | 6LR1 | | 6LR2 | +----+--+ +-------+ | .... . . .. ... Figure 2: Shared Link Say that 6LR1 is the router providing access to the outside, and 6LR2 is aware of 6LR1 as its default gateway. With this specification, 6LR2 registers P2:: to 6LR1 and 6LR1 installs a route to P2:: via 6LR2. This way, addresses that derive from P2:: can still be reached via 6LR1 and then 6LR2. 6LR2 may then leverage ICMP Redirect messages [RFC4861] to shorten the path between 6LR1 and the nodes that own those addresses. If P2 was delegated by 6LR1, then the expectation is that 6LR1 aggregates P1:: and P2:: in its advertisements to the outside, and the is no need to set the R flag. But unless 6LR2 knows about such a situation, e.g., through configuration, it is probably safer for 6LR2 to set the R flag requesting 6LR1 to advertise P2:: to the outside. 3.3. Hub Link A hub link is a situation where stub links are deployed around a hub like and interconnected by routers. Figure 3 depicts such a situation, with one router 6LR1 serving the hub link and at least one router like 6LR3 and 6LR3 providing connectivity from the stub links to the hub link. In this example, say that the there is one prefix on each link, P1:: on the hub link and P2::, P3::, etc. on the stub Thubert Expires 7 July 2023 [Page 8] Internet-Draft Prefix Registration January 2023 links. +-----+ +-----+ +-----+ +-----+ +-----+ |P2::s| |P2::d| |P2::e| |P2::f| |P2::g| +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ | | | | | ----+----+----+---------+----STUB-+-LINK----+----- | +---+---+ +-------+ . | P2::r | | | .. . . | 6LR2 | | 6LR1 +--- . . .. | P1::b | | P1::a | . ... +---+---+ +---+---+ . ... | | -------+-+---------+--HUB-LINK--+-----+-- | | | +---+---+ +--+--+ +--+--+ | P1::c | |P1::n| |P1::q| | 6LR3 | +-----+ +-----+ | P3::m | +---+---+ | ----+--+------+---------+----STUB-+-LINK----+----- | | | | | +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ |P3::h| |P3::i| |P3::j| |P3::k| |P3::a| +-----+ +-----+ +-----+ +-----+ +-----+ Figure 3: Hub and Stubs As before, say that 6LR1 is the router providing access to the outside, and 6LR2 is aware of 6LR1 as its default gateway. With this specification, 6LR2 registers P2:: to 6LR1 and 6LR1 installs a route to P2:: via 6LR2. This way, nodes on the stub link behind 6LR2 that derive their addresses from P2:: can still be reached via 6LR1 and then 6LR2. The same goes for 6LR3 and all other routers serving stub links. If P2 was delegated by 6LR1, then the expectation is that 6LR1 aggregates P1:: and P2:: in its advertisements to the outside, and the is no need to set the R flag. But unless 6LR2 knows about such a situation, e.g., through configuration, it is probably safer for 6LR2 to set the R flag requesting 6LR1 to advertise P2:: to the outside. Thubert Expires 7 July 2023 [Page 9] Internet-Draft Prefix Registration January 2023 4. Updating RFC 4861 [RFC4861] expects that the NS/NA exchange is for a unicast address, which is indicated in the Target Address field of the ND message. This specification Amends [RFC4861] by allowing to advertise a prefix in the Target Address field when the NS or NA message is used for a registration, per section 5.5 of [RFC8505]; in that case, the prefix length is indicated in the EARO of the NS message, overloading the field that is used in the NA response for the Status. 5. Extending RFC 7400 This specification Extends "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)" [RFC7400] by defining a new capability bit for use in the 6CIO. [RFC7400] was already extended by [RFC8505] for use in IPv6 ND messages. The new "Registration for prefixes Supported" (F) flag indicates to the 6LN that the 6LR accepts IPv6 prefix registrations as specified in this document and will ensure that packets for the addresses that match this prefix will be routed to the 6LNs that registered the prefix, and the route to the prefix will be redistributed if the R flag is set to 1. Figure 4 illustrates the X flag in its suggested position (7, counting 0 to 15 in network order in the 16-bit array), to be confirmed by IANA. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length = 1 | Reserved |F|X|A|D|L|B|P|E|G| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: New Capability Bit in the 6CIO New Option Field: X 1-bit flag: "Registration for prefixes Supported" Thubert Expires 7 July 2023 [Page 10] Internet-Draft Prefix Registration January 2023 6. Updating RFC 6550 [RFC6550] uses the Path Sequence in the Transit Information Option (TIO) to retain only the freshest unicast route and remove stale ones, e.g., in the case of mobility. [RFC9010] copies the TID from the EARO into the Path Sequence, and the ROVR field into the associated RPL Target Option (RTO). This way, it is possible to identify both the registering node and the order of registration in RPL for each individual advertisement, so the most recent path and lifetime values are used. [I-D.ietf-6lo-multicast-registration] requires the use of the ROVR field as the indication of the origin of a Target advertisement in the RPL DAO messages, as specified in section 6.1 of [RFC9010]. For anycast and multicast advertisements (in NS or DAO messages), multiple origins may subscribe to the same address, in which case the multiple advertisements from the different or unknown origins are merged by the common parent; in that case, the common parent becomes the origin of the merged advertisements and uses its own ROVR value. On the other hand, a parent that propagates an advertisement from a single origin uses the original ROVR in the propagated RTO, as it does for unicast address advertisements, so the origin is recognised across multiple hops. This specification Extends [RFC6550] to require that, for prefix routes, the Path Sequence is used between and only between advertisements for the same Target and from the same origin (i.e, with the same ROVR value); in that case, only the freshest advertisement is retained. But the freshness comparison cannot apply if the origin is not determined (i.e., the origin did not support this specification). [RFC6550] uses the Path Lifetime in the TIO to indicate the remaining time for which the advertisement is valid for unicast route determination, and a Path Lifetime value of 0 invalidates that route. [RFC9010] maps the Address Registration lifetime in the EARO and the Path Lifetime in the TIO so they are comparable when both forms of advertisements are received. The RPL router that merges multiple advertisement for the same prefix must use and advertise the longest remaining lifetime across all the origins of the advertisements for that prefix. When the lifetime expires, the router sends a no-path DAO (i.e. the lifetime is 0) using the same value for ROVR value as for the previous advertisements, that is either self or the single descendant that advertised the Target. Thubert Expires 7 July 2023 [Page 11] Internet-Draft Prefix Registration January 2023 Note that the Registration Lifetime, TID and ROVR fields are also placed in the EDAR message so the state created by EDAR is also comparable with that created upon an NS(EARO) or a DAO message. For simplicity the text below mentions only NS(EARO) but applies also to EDAR. 7. Updating RFC 8505 7.1. New P field value [I-D.ietf-6lo-multicast-registration] defines a P-field of 2 bits and defines the values 0 to 2, leaving the value of 3 reserved. This specification assigns the value of 3, resulting in the complete tabel as follows: +-------+--------------------------------------+ | Value | Meaning | +-------+--------------------------------------+ | 0 | Registration for a Unicast Address | +-------+--------------------------------------+ | 1 | Registration for a Multicast Address | +-------+--------------------------------------+ | 2 | Registration for an Anycast Address | +-------+--------------------------------------+ | 3 | Registration for a prefix | +-------+--------------------------------------+ Table 1: P-field Values 7.2. New EARO Prefix Length Field Section 4.1 of [RFC8505] defines the EARO as an extension to the ARO option defined in [RFC6775]. This specification adds a new value to the P field to signal that the Registered Address is a prefix. This means that the sender owns the prefix and will deliver packets to the destination if the destination address derives from the prefix. The receiver should install a route to the prefix via the sender's address used as source address in the NS(EARO) registration message. Thubert Expires 7 July 2023 [Page 12] Internet-Draft Prefix Registration January 2023 This specification also adds a new F flag to signal that the Registered Prefix is externally reachable through the Registering Node. This means that the Registering Node can relay packets that are sourced in the Registered Prefix to the outside, and the packets will be topologically correct with regard to [BCP38]. The receiver should forward packets to the sender's address when the source address of the packets derives from the prefix, and the sender. Note that to avoid loops, the receiver must be inside so packets sent by the sender towards the outside may never reach the receiver. The Status Field that is used only when the EARO is placed in an NA message is repurposed to carry the prefix length when the EARO is placed in an NS message. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | plen/Status | Opaque | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |F| P | I |R|T| TID | Registration Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ... Registration Ownership Verifier ... | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: EARO Option Format New and updated Option Fields: plen/Status 8-bit field: This field contains a prefix Length expressed in bits if the P field is set to 3 and the EARO is placed in an NS message. The field contains a Status if the EARO is placed in an NA message regardless of the setting of the P flag. In all other cases it is reserved, so it MUST be set to 0 by the sender and ignored by the receiver. F: 1-bit flag; set to 1 to indicate that the sender expects other routers to forward packets to self when the packets are sourced with the registered prefix. 7.3. New EDAR Prefix Length Field This specification adds the new value of 3 to the P field to signal that the Registered Address is a prefix. When that is the case, the prefix length is assumed to be less than 112 bits and the last 8 bits are dedicated to the prefix length. Thubert Expires 7 July 2023 [Page 13] Internet-Draft Prefix Registration January 2023 Figure 6 illustrates the EDAR message when the value of the P field is 3. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type |CodePfx|CodeSfx| Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |P=3| Reserved | TID | Registration Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ... Registration Ownership Verifier (ROVR) ... | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Prefix + | | + (up to 112 bits, padded with 0s) + | | + +-+-+-+-+-+-+-+-+ | | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: EDAR Message Format with P == 3 New and updated Option Fields: Reserved 6-bit field: reserved, MUST be set to 0 and ignored by the receiver Prefix 15 bytes: up to 112 bits of prefix, padded with 0s Prefix Length 1-bit flag: length of the prefix, in bits 7.4. Registering Extensions With [RFC8505]: * A router that expects to reboot may send a final RA message, upon which nodes should register elsewhere or redo the registration to the same router upon reboot. In all other cases, a node reboot is silent. When the node comes back to life, existing registration state might be lost if it was not persisted, e.g., in persistent memory. * Only unicast addresses can be registered. * The 6LN must register all its ULA and GUA with a NS(EARO). Thubert Expires 7 July 2023 [Page 14] Internet-Draft Prefix Registration January 2023 * The 6LN may set the R flag in the EARO to obtain return reachability services by the 6LR, e.g., through ND proxy operations, or by injecting the route in a route-over subnet. * the 6LR maintains a registration state per Registered Address, including an NCE with the Link Layer Address (LLA) of the Registered Node (the 6LN here). This specification adds the following behavior, similar to that introduced by [I-D.ietf-6lo-multicast-registration] for multicast addresses: * The operation for registering prefixes is similar as for addresses from the perspective of the 6LN, but show important differences on the router side, which maintains a separate state for each origin and merges them in its own advertisements. * The ARO Status indicating a "Registration Refresh Request" applies to prefixes as well. This status is used in asynchronous NA(EARO) messages to indicate to peer 6LNs that they are requested to reregister all addresses and prefixes that were previously registered to the originating node. The NA message may be sent to a unicast or a multicast link-scope address and should be contained within the L2 range where nodes may effectively have registered/subscribed to this router, e.g., a radio broadcast domain. A device that wishes to refresh its state, e.g., upon reboot if it may have lost some registration state, SHOULD send an asynchronous NA(EARO) with this new status value. That asynchronous NA(ARO) SHOULD be sent to the all-nodes link scope multicast address (FF02::1) and Target MUST be set to the link local address that was exposed previously by this node to accept registrations, and the TID MUST be set to 0. In an unreliable environment, the multicast NA(EARO) message may be resent in a fast sequence, in which case the TID must be incremented each time. A 6LN that has recently processed the NA(ARO) ignores the NA(EARO) with a newer TID received within the duration of the fast sequence. That duration depends on the environent and has to be configured. By default, it is of 10 seconds. * Registration for prefixes is now supported. The value of 3 in the P field of the EARO and the EDAR message signals when the registration is for a prefix as opposed to an address. Thubert Expires 7 July 2023 [Page 15] Internet-Draft Prefix Registration January 2023 * If the 6LR acts as a router to prefixes or owns the prefixes entirely, it SHOULD register all those prefixes on all interface from which it might be needed to relay traffic to that prefix, and it MUST set the P field in the EARO to 3 for those prefixes. * The 6LN MAY set the R flag in the EARO to request the 6LR to redistribute the prefix on other links using a routing protocol. The 6LR MUST NOT reregister that prefix to yet another router as it may create a loop. * The 6LR and the 6LBR are extended to accept more than one registration for the same prefix, since multiple 6LNs may register it. The Registration Ownership Verifier (ROVR) in the EARO identifies uniquely a registration within the namespace of the Registered Prefix. * The 6LR MUST maintain a registration state per tuple (IPv6 prefix/ length, ROVR) for all registered prefix. It SHOULD notify the 6LBR with an EDAR message, unless it determined that the 6LBR is legacy and does not support this specification. In turn, the 6LBR MUST maintain a registration state per tuple (IPv6 prefix, ROVR) for all prefixes. 8. Updating RFC 9010 With [RFC9010]: * The 6LR injects only unicast routes in RPL * Upon a registration with the R flag set to 1 in the EARO, the 6LR injects the address in the RPL unicast support. * Upon receiving a packet directed to a unicast address for which it has an active registration, the 6LR delivers the packet as a unicast layer-2 frame to the LLA the nodes that registered the unicast address. This specification adds the following behavior: * Upon a registration with the R flag set to 1 and the P field set to 3 in the EARO, the 6LR injects the prefix in RPL using a prefix RTO. The P field in the RTP MUST be set to 3. Thubert Expires 7 July 2023 [Page 16] Internet-Draft Prefix Registration January 2023 * Upon receiving a packet directed to an address that derives from a prefix for which it has at least one registration, the 6LR delivers a copy of the packet as a unicast layer-2 frame to the LLA of exactly one of the nodes that registered to that prefix, using the longest match derivation to find the best 6LN. 9. Leveraging RFC 8928 Address-Protected Neighbor Discovery for Low-Power and Lossy Networks [RFC8928] was defined to protect the ownership of unicast IPv6 addresses that are registered with [RFC8505]. With [RFC8928], it is possible for a node to autoconfigure a pair of public and private keys and use them to sign the registration of addresses that are either autoconfigured or obtained through other methods. The first hop router (the 6LR) may then validate a registration and perform source address validation on packets coming from the sender node (the 6LN). Prefixes are not always owned by one node. Multiple nodes may register the same prefix. In that context, the method specified in [RFC8928] cannot be used with autoconfigured keypairs to protect a single ownership. For a prefix, as for an anycast or a multicast address, it is still possible to leverage [RFC8928] to enforce the right to register. If [RFC8928] is used, a keypair MUST be associated with the prefix before it is deployed, and a ROVR MUST be generated from that keypair as specified in [RFC8928]. The prefix and the ROVR MUST then be installed in the 6LBR so it can recognize the prefix and compare the ROVR on the first registration to validate the right to register. The keypair MUST then be provisioned in each node that needs to register the prefix or a prefix within, so the node can follow the steps in [RFC8928] to register the prefix. 10. Security Considerations This specification extends [RFC8505], and the security section of that document also applies to this document. In particular, the link layer SHOULD be sufficiently protected to prevent rogue access. Section 9 leverages [RFC8928] to prevent an rogue node to register a unicast address that it does not own. The mechanism could be extended to anycast and multicast addresses if the values of the ROVR they use is known in advance, but how this is done is not in scope Thubert Expires 7 July 2023 [Page 17] Internet-Draft Prefix Registration January 2023 for this specification. One way would be to authorize in a advance the ROVR of the valid users. A less preferred way could be to synchronize the ROVR and TID values across the valid registering nodes as a preshared key material. In the latter case, it could be possible to update the keys associated to a prefix in all the 6LNs, but the flow is not clearly documented and may not complete in due time for all nodes in LLN use cases. It may be simpler to install a all-new address with new keys over a period of time, and switch the traffic to that address when the migration is complete. 11. Backward Compatibility A legacy 6LN will not register prefixess and the service will be the same when the network is upgraded. A legacy 6LR will not set the F flag in the 6CIO and an upgraded 6LN will not register prefixes. Upon an EDAR message, a legacy 6LBR may not realize that the address being registered is anycast or multicast, and return that it is duplicate in the EDAC status. The 6LR MUST ignore a duplicate status in the EDAR for anycast and multicast addresses. 12. IANA Considerations Note to RFC Editor, to be removed: please replace "This RFC" throughout this document by the RFC number for this specification once it is allocated. Also, the I Field is defined in [RFC9010] but is missing from the registry, so the bit positions must be added for completeness. IANA is requested to make changes under the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" [IANA.ICMP] and the "Routing Protocol for Low Power and Lossy Networks (RPL)" [IANA.RPL] registry groupings, as follows: 12.1. Updated P-Field Registry This specification updates the P field introduced in [I-D.ietf-6lo-multicast-registration] to assign the value of 3, which is the only remaining unasssigned value for the 2-bits field. To that effect, IANA is requested to update the "P-field values" registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 2: Thubert Expires 7 July 2023 [Page 18] Internet-Draft Prefix Registration January 2023 +-------+---------------------------+-----------+ | Value | Meaning | Reference | +-------+---------------------------+-----------+ | 3 | Registration for a prefix | This RFC | +-------+---------------------------+-----------+ Table 2: New P-field value 12.2. New 6LoWPAN Capability Bit IANA is requested to make an addition to the "6LoWPAN Capability Bits" [IANA.ICMP.6CIO] registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 3: +----------------+--------------------------+-----------+ | Capability Bit | Meaning | Reference | +----------------+--------------------------+-----------+ | 7 (suggested) | F flag: Registration for | This RFC | | | prefixes Supported (F) | | +----------------+--------------------------+-----------+ Table 3: New 6LoWPAN Capability Bits 13. Acknowledgments 14. Normative References [RFC2119] Bradner, S. and RFC Publisher, "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4861] Narten, T., Nordmark, E., Simpson, W., Soliman, H., and RFC Publisher, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, DOI 10.17487/RFC4861, September 2007, . [RFC4862] Thomson, S., Narten, T., Jinmei, T., and RFC Publisher, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007, . Thubert Expires 7 July 2023 [Page 19] Internet-Draft Prefix Registration January 2023 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, JP., Alexander, R., and RFC Publisher, "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks", RFC 6550, DOI 10.17487/RFC6550, March 2012, . [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., Bormann, C., and RFC Publisher, "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 6775, DOI 10.17487/RFC6775, November 2012, . [RFC7400] Bormann, C. and RFC Publisher, "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 2014, . [RFC8174] Leiba, B. and RFC Publisher, "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8200] Deering, S., Hinden, R., and RFC Publisher, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, . [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., Perkins, C., and RFC Publisher, "Registration Extensions for IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, . [RFC8928] Thubert, P., Ed., Sarikaya, B., Sethi, M., Struik, R., and RFC Publisher, "Address-Protected Neighbor Discovery for Low-Power and Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November 2020, . [RFC9010] Thubert, P., Ed., Richardson, M., and RFC Publisher, "Routing for RPL (Routing Protocol for Low-Power and Lossy Networks) Leaves", RFC 9010, DOI 10.17487/RFC9010, April 2021, . Thubert Expires 7 July 2023 [Page 20] Internet-Draft Prefix Registration January 2023 [IANA.ICMP] IANA, "IANA Registry for ICMPv6", IANA, https://www.iana.org/assignments/icmpv6-parameters/ icmpv6-parameters.xhtml. [IANA.ICMP.6CIO] IANA, "IANA Sub-Registry for the 6LoWPAN Capability Bits", IANA, https://www.iana.org/assignments/icmpv6-parameters/ icmpv6-parameters.xhtml#sixlowpan-capability-bits. [IANA.RPL] IANA, "IANA Registry for the RPL", IANA, https://www.iana.org/assignments/rpl/rpl.xhtml. 15. Informative References [BCP38] Ferguson, P., Senie, D., and RFC Publisher, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, May 2000, . [RFC4919] Kushalnagar, N., Montenegro, G., Schumacher, C., and RFC Publisher, "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals", RFC 4919, DOI 10.17487/RFC4919, August 2007, . [RFC6282] Hui, J., Ed., Thubert, P., and RFC Publisher, "Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, DOI 10.17487/RFC6282, September 2011, . [RFC9008] Robles, M.I., Richardson, M., Thubert, P., and RFC Publisher, "Using RPI Option Type, Routing Header for Source Routes, and IPv6-in-IPv6 Encapsulation in the RPL Data Plane", RFC 9008, DOI 10.17487/RFC9008, April 2021, . [I-D.kuehlewind-update-tag] Kühlewind, M. and S. Krishnan, "Definition of new tags for relations between RFCs", Work in Progress, Internet-Draft, draft-kuehlewind-update-tag-04, 12 July 2021, . [I-D.heile-lpwan-wisun-overview] Robert, H., Liu, B. R., Zhang, M., and C. E. Perkins, "Wi- SUN FAN Overview", Work in Progress, Internet-Draft, Thubert Expires 7 July 2023 [Page 21] Internet-Draft Prefix Registration January 2023 draft-heile-lpwan-wisun-overview-00, 3 July 2017, . [I-D.ietf-6lo-multicast-registration] Thubert, P., "IPv6 Neighbor Discovery Multicast and Anycast Address Listener Subscription", Work in Progress, Internet-Draft, draft-ietf-6lo-multicast-registration-12, 22 November 2022, . [IEEE802154] IEEE standard for Information Technology, "IEEE Std 802.15.4, Part. 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks". [IEEE80211] IEEE standard for Information Technology, "IEEE Standard 802.11 - IEEE Standard for Information Technology - Telecommunications and information exchange between systems Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.", . [IEEE802151] IEEE standard for Information Technology, "IEEE Standard for Information Technology - Telecommunications and Information Exchange Between Systems - Local and Metropolitan Area Networks - Specific Requirements. - Part 15.1: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Wireless Personal Area Networks (WPANs)". Author's Address Pascal Thubert (editor) Cisco Systems, Inc Building D 45 Allee des Ormes - BP1200 06254 Mougins - Sophia Antipolis France Phone: +33 497 23 26 34 Email: pthubert@cisco.com Thubert Expires 7 July 2023 [Page 22]