Cisco Systems, Inc

Building D 45 Allee des Ormes - BP1200 MOUGINS - Sophia Antipolis 06254 FRANCE +33 497 23 26 34 pthubert@cisco.com

Routing ROLL This specification updates RFC 6550 and RFC 6775 unicast routing service in a RPL domain to 6LoWPAN ND nodes that do not participate to the routing protocol.

The design of Low Power and Lossy Networks (LLNs) is generally focused on saving energy, which is the most constrained resource of all. Other design constraints, such as a limited memory capacity, duty cycling of the LLN devices and low-power lossy transmissions, derive from that primary concern. The IETF produced the "Routing Protocol for Low Power and Lossy Networks" (RPL) to provide routing services within such constraints. RPL is a Distance-Vector protocol, which, compared to link-state protocols, limits the amount of topological knowledge that needs to be installed and maintained in each node. In order to operate in constrained networks, RPL allows a Routing Stretch (see ), whereby routing is only performed along a DODAG as opposed to straight along a shortest path between 2 peers, whatever that would mean in a given LLN. This trades the quality of peer-to-peer (P2P) paths for a vastly reduced amount of control traffic and routing state that would be required to operate a any-to-any shortest path protocol. Finally, broken routes may be fixed lazily and on-demand, based on dataplane inconsistency discovery, which avoids wasting energy in the proactive repair of unused paths. In order to cope with lossy transmissions, RPL forms Direction-Oriented Directed Acyclic Graphs (DODAGs) using DODAG Information Solicitation (DIS) and DODAG Information Object (DIO) messages. For most of the nodes, though not all, a DODAG provides multiple forwarding solutions towards the Root of the topology via so-called parents. RPL is designed to adapt to fuzzy connectivity, whereby the physical topology cannot be expected to reach a stable state, with a lazy control that creates routes proactively but only fixes them when they are used by actual traffic. It results that RPL provides reachability for most of the LLN nodes, most of the time, but does not really converge in the classical sense. RPL provides unicast and multicast routing services back to RPL-Aware nodes. A RPL-Aware Node will inject routes to self using Destination Advertisement Object (DAO) messages sent to either their parents in Storing Mode or to the Root indicating their parent in Non-Storing mode. This process effectively forms a DODAG back to the device that is a subset of the DODAG to the Root with all links reversed. The IPv6 Neighbor Discovery (IPv6 ND) Protocol (NDP) suite defined for fast media such a Ethernet, relies heavily on multicast operations for address discovery and duplicate address detection (DAD). "Neighbor Discovery Optimizations for 6LoWPAN networks" (6LoWPAN ND) adapts IPv6 ND for operations over energy-constrained LLNs. In particular, 6LoWPAN ND introduces a unicast host address registration mechanism that contributes to reduce the use of multicast messages that are present in the classical IPv6 ND protocol. 6LoWPAN ND defines a new Address Registration Option (ARO) that is carried in the unicast Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages between the 6LoWPAN Node (6LN) and the 6LoWPAN Router (6LR). 6LoWPAN ND also defines the Duplicate Address Request (DAR) and Duplicate Address Confirmation (DAC) messages between the 6LR and the 6LoWPAN Border Router (6LBR). In an LLN, the 6LBR is the central repository of all the registered addresses in its domain. When a routing protocol such as RPL is used to maintain reachability within a Non-Broadcast Multi-Access (NBMA) subnet, some nodes may act as routers and participate to the routing operations whereas others may be plain hosts. In RPL terms, a plain host that does not participate to the routing protocol is called a Leaf. It must be noted that a 6LN could participate to RPL and inject DAO routes to self, but refrain from advertising DIO and get children. In that case, the 6LN is still a host but not a Leaf. An Update to 6LoWPAN ND defines an Extended ARO (EARO) with a 'R' flag to be used by a 6LN when registering, to indicate that this 6LN is not a router and that it will not handle its own reachability. The EARO also includes a sequence counter called Transaction ID (TID), which maps to the Path Sequence Field found in Transit Options in RPL DAO messages. It is a prerequisite for this specification. The DAR and DAC messages are also extended as EDAR and EDAC messages respectively. With this specification, a 6LN that operates as a Leaf uses the 'R' flag to declare itself as such and the 6LR that accepts the registration will inject routing information on behalf of the 6LN in the RPL domain. The packet forwarding operation by the 6LR serving a Leaf 6LN is described in "When to use RFC 6553, 6554 and IPv6-in-IPv6". This document adds the capability by a 6LR to advertise the IPv6 address(es) of the 6LN in the RPL protocol. Examples of routing-agnostic 6LN may include lightly-powered sensors such as window smash sensor (alarm system), or the kinetically powered light switch.

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in . The Terminology used in this document is consistent with and incorporates that described in Terms Used in Routing for Low-Power and Lossy Networks (LLNs).. Other terms in use in LLNs are found in Terminology for Constrained-Node Networks. A glossary of classical 6LoWPAN acronyms is given in . The term “byte” is used in its now customary sense as a synonym for “octet”. "RPL", "RPL Packet Information" (RPI) and "RPL Instance", DIO, DAO and DIS messages are defined in the "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks" specification.

This document specifies a new behavior whereby a 6LR injects DAO messages for unicast addresses registered through the updated 6LoWPAN ND on behalf of 6LN nodes that are not RPL-aware. Upon the renewal of a 6lowPAN ND registration, this specification changes the behavior of the 6LR as follows. If the 'R' flag is set, the 6LR injects a DAO targeting the Registered Address, and refrains from sending a DAR message. the DAR/DAC exchange that refreshes the state in the 6LBR happens instead between the RPL Root and the 6LBR. In that flow, the RPL Root acts as a proxy on behalf of the 6LR upon the reception of the DAO propagation initiated at the 6LR.

This document makes use of the 'R' flag in the EARO option, used by a 6LN, when registering, to indicate that this 6LN is a Leaf, not aware of the RPL operation in the network, and thus does not participate to it. The behavior defined in this specification whereby the 6LR that processes the registration advertises the Registered Address in DAO messages and bypasses the DAR/DAC process for the renewal of a registration, is only triggered by an NS(EARO) that has the 'R' flag set. A RPL Leaf SHOULD set the 'R' flag. If the 'R' flag is not set, then the Registering Node is expected to be a RPL router that handles the reachability of the Registered Address by itself. This document also specifies a keep-alive EDAR message that the RPL Root may use to maintain an existing state in the 6LBR upon receiving DAO messages. The EDAR message may only act as a refresher and can only update the Lifetime and the TID of the state in the 6LBR. A RPL router SHOULD NOT set the 'R' flag.

This specification enables to save the exchange of Extended Duplicate Address messages, EDAR and EDAC, from a 6LN all the way to the 6LBR across a RPL mesh, for the sole purpose of refreshing an existing state in the 6LBR. Instead, the EDAR/EDAC exchange is proxied by the RPL Root upon a DAO message that refreshes the RPL routing state. To achieve this, the lifetimes and sequence counters in 6LoWPAN ND and RPL are aligned. In other words, the Path Sequence and the Path Lifetime in the DAO message are derived from the Transaction ID and the registration lifetime in the NS(EARO) message from the 6LN. From the perspective of the 6LN, the registration flow happens transparently; it is not delayed by the proxy RPL operation, so the device does not need to wait more whether RPL proxy operation happens or not. The flows below are RPL Non-Storing Mode examples. In Storing Mode, the DAO ACK may not be present, and the DAO messages cascade from child to parent all the way to the DODAG Root. On the first registration, illustrated in , from the perspective of the 6LR, the Extended Duplicate Address message takes place as prescribed by . When successful, the flow creates a Neighbor Cache Entry (NCE) in the 6LR, and the 6LR injects the registered address in RPL using DAO/DAO-ACK exchanges all the way to the RPL DODAG Root. The protocol does not carry a specific information that the Extended Duplicate Address messages were already exchanged, so the Root proxies them anyway.

| | | | | Extended DAR | | |------------------------------->| | | | | | Extended DAC | | |<-------------------------------| | NA(EARO) | | |<---------------| | | | | DAO | | | |-------------->| | | | DAO ACK | | | |<--------------| | | | | keep-alive DAR | | | |--------------->| | | | keep-alive DAC | | | |<---------------| | | | | ]]>

A re-registration is performed by the 6LN to maintain the NCE in the 6LR alive before lifetime expires. Upon a re-registration, as illustrated in , the 6LR redistributes the NS(EARO) in RPL. This causes the RPL DODAG Root to refresh the state in the 6LBR with a keep-alive EDAR message.

| | | | NA(EARO) | | | |<---------------| | | | | DAO | | | |-------------->| | | | DAO ACK | | | |<--------------| | | | | proxy DAR | | | |--------------->| | | | proxy DAC | | | |<---------------| | | | | ]]>

Note that any of the functions 6LR, Root and 6LBR might be collapsed in a single node, in which case the flow above happens internally, and possibly through internal API calls as opposed to messaging.

This specification does not alter the operation of a 6LowpAN ND-compliant 6LN, which is expected to operate as follows: The 6LN obtains an IPv6 global address, for instance using autoconfiguration based on a Prefix Information Option (PIO) found in a Router Advertisement message or by some other means such as DHCPv6 . Once it has formed an address, the 6LN (re)registers its address periodically, within the Lifetime of the previous registration, as prescribed by . Upon each consecutive registration, the 6LN increases the TID field. The 6LN MAY register to more than one 6LR at the same time. In that case, a same value of TID is used for each registration. The 6LN MAY use any of the 6LRs to which it register to forward its packets.

Also as prescribed by , the 6LR generates a DAR message upon reception of a valid NS(EARO) message for the registration of a new IPv6 Address by a 6LN. If the Duplicate Address exchange succeeds, then the 6LR installs a Neighbor Cache Entry (NCE). If the 'R' flag was set in the EARO of the NS message, and this 6LR can manage the reachability of Registered Address, then the 6LR sets the 'R' flag in the ARO of the response NA message. From then on, the 6LN periodically sends a new NS(EARO) to refresh the NCE state before the lifetime indicated in the EARO expires, with TID that is incremented each time till it wraps in a lollipop fashion. As long as the 'R' flag is set and this router can still manage the reachability of Registered Address, the 6LR keeps setting the 'R' flag in the ARO of the response NA message, but the exchange of Duplicate Address messages is skipped. Upon a successful NS/NA(EARO) exchange: if the 'R' flag was set in the EARO of the NS message, then the 6LR SHOULD inject the Registered Address in RPL by sending a DAO message on behalf of the 6LN; else the 6LR SHOULD refrain from injecting the registered address into RPL. The DAO message advertising the Registered Address MUST be constructed as follows: The registered address is placed in a RPL Target Option in the DAO message as the Target Prefix, and the Prefix Length is set to 128 the External 'E' flag in the Transit Information Option (TIO) associated to the Target Option is set to indicate that the 6LR redistributes an external target into the RPL network the Path Lifetime in the TIO is computed from the Lifetime in the EARO Option to adapt it to the Lifetime Units used in the RPL operation. Note that if the lifetime is 0, then the 6LR generates a No-Path DAO message that cleans up the routes down to the Address of the 6LN. the Path Sequence in the TIO is set to the TID value found in the EARO option. Additionally, in Non-Storing Mode the 6LR indicates one of its global IPv6 unicast addresses as the Parent Address in the TIO. If a 6LR receives a valid NS(EARO) message with the 'R' flag reset and the 6LR was redistributing the registered address due to previous NS(EARO) messages with the flag set, then it MUST stop injecting the address. It is up to the Registering Node to maintain the corresponding route from then on, either keeping it active by sending further DAO messages, or destroying it using a No-Path DAO.

In RPL Storing Mode of Operation (MOP), the DAO message is propagated from child to parent all the way to the Root along the DODAG, populating routing state as it goes. In Non-Storing Mode, The DAO message is sent directly to the route. Upon reception of a DAO message that creates or updates an existing RPL state, the Root notifies the 6LR using an internal API if they are collocated, or a proxied DAR/DAC exchange on behalf of the registering node if they are separated. In the latter case, the DAR message MUST be constructed as follows: The registered address from in the Target Option is placed in the Registered Address field the Owner Unique ID field is set to all ones to indicate that it is not provided the Registration Lifetime in the DAR message is adapted from the Path Lifetime in the TIO. the TID value is set to the Path Sequence in the TIO. Upon a status in a DAC message that is not "Success", the Root MAY destroy the formed paths using a No-Path DAO downwards as specified in . In Non-Storing Mode, the outer IPv6 header that is used by the Root to transport the source routing information in data packets down the DODAG has the 6LR that serves the 6LN as final destination. This way, when the final 6LR decapsulates the outer header, it also removes all the RPL artifacts from the packet.

Upon reception of a DAR message with the Owner Unique ID field is set to all ones, the 6LBR checks whether an entry exists for the and computes whether the TID in the DAR message is fresher than that in the entry as prescribed in section 4.2.1. of . If the entry does not exist, the 6LBR does not create the entry, and answers with a Status "Removed" in the DAC message. If the entry exists but is not fresher, the 6LBR does not update the entry, and answers with a Status "Success" in the DAC message. If the entry exists and the TID in the DAR message is fresher, the 6LBR updates the TID in the entry, and if the lifetime of the entry is extended by the Registration Lifetime in the DAR message, it also updates the lifetime of the entry. In that case, the 6LBR replies with a Status "Success" in the DAC message.

The LLN nodes depend on the 6LBR and the RPL participants for their operation. A trust model must be put in place to ensure that the right devices are acting in these roles, so as to avoid threats such as black-holing, or bombing attack whereby an impersonated 6LBR would destroy state in the network by using the "Removed" Status code. This trust model could be at a minimum based on a Layer-2 access control, or could provide role validation as well. This is a generic 6LoWPAN requirement, see Req5.1 in Appendix of . The keep-alive EDAR message does not carry a valid Registration Unique ID and it cannot be used to create a binding state in the 6LBR. The 6LBR MUST NOT create an entry based on a keep-alive EDAR that does not match an existing entry. All it can do is refresh the lifetime and the TID of an existing entry.

This specification has no requirement on IANA.

The author wishes to thank Michael Richardson and Georgios Papadopoulos for their early reviews of and contributions to this document

IEEE standard for Information Technology

This document often uses the followng acronyms: 6LoWPAN Backbone Router (proxy for the registration) 6LoWPAN Border Router (authoritative on DAD) 6LoWPAN Node 6LoWPAN Router (relay to the registration process) Capability Indication Option (Extended) Address Registration Option Duplicate Address Detection Low Power Lossy Network (a typical IoT network) Neighbor Cache Entry Registration Unique ID Transaction ID (a sequence counter in the EARO)