< draft-ietf-6lo-rfc6775-update-15.txt   draft-ietf-6lo-rfc6775-update-16.txt >
6lo P. Thubert, Ed. 6lo P. Thubert, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Updates: 6775 (if approved) E. Nordmark Updates: 6775 (if approved) E. Nordmark
Intended status: Standards Track Zededa Intended status: Standards Track Zededa
Expires: September 5, 2018 S. Chakrabarti Expires: September 19, 2018 S. Chakrabarti
Verizon Verizon
C. Perkins C. Perkins
Futurewei Futurewei
March 4, 2018 March 18, 2018
Registration Extensions for 6LoWPAN Neighbor Discovery Registration Extensions for 6LoWPAN Neighbor Discovery
draft-ietf-6lo-rfc6775-update-15 draft-ietf-6lo-rfc6775-update-16
Abstract Abstract
This specification updates RFC 6775 - 6LoWPAN Neighbor Discovery, to This specification updates RFC 6775 - 6LoWPAN Neighbor Discovery, to
clarify the role of the protocol as a registration technique, clarify the role of the protocol as a registration technique,
simplify the registration operation in 6LoWPAN routers, as well as to simplify the registration operation in 6LoWPAN routers, as well as to
provide enhancements to the registration capabilities and mobility provide enhancements to the registration capabilities and mobility
detection for different network topologies including the backbone detection for different network topologies including the backbone
routers performing proxy Neighbor Discovery in a low power network. routers performing proxy Neighbor Discovery in a low power network.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 5, 2018. This Internet-Draft will expire on September 19, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 30 skipping to change at page 2, line 30
4. Updating RFC 6775 . . . . . . . . . . . . . . . . . . . . . . 6 4. Updating RFC 6775 . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Extended Address Registration Option (EARO) . . . . . . . 7 4.1. Extended Address Registration Option (EARO) . . . . . . . 7
4.2. Transaction ID . . . . . . . . . . . . . . . . . . . . . 8 4.2. Transaction ID . . . . . . . . . . . . . . . . . . . . . 8
4.2.1. Comparing TID values . . . . . . . . . . . . . . . . 9 4.2.1. Comparing TID values . . . . . . . . . . . . . . . . 9
4.3. Registration Ownership Verifier . . . . . . . . . . . . . 10 4.3. Registration Ownership Verifier . . . . . . . . . . . . . 10
4.4. Extended Duplicate Address Messages . . . . . . . . . . . 11 4.4. Extended Duplicate Address Messages . . . . . . . . . . . 11
4.5. Registering the Target Address . . . . . . . . . . . . . 12 4.5. Registering the Target Address . . . . . . . . . . . . . 12
4.6. Link-Local Addresses and Registration . . . . . . . . . . 12 4.6. Link-Local Addresses and Registration . . . . . . . . . . 12
4.7. Maintaining the Registration States . . . . . . . . . . . 14 4.7. Maintaining the Registration States . . . . . . . . . . . 14
5. Detecting Enhanced ARO Capability Support . . . . . . . . . . 15 5. Detecting Enhanced ARO Capability Support . . . . . . . . . . 15
6. Extended ND Options And Messages . . . . . . . . . . . . . . 16 6. Extended ND Options and Messages . . . . . . . . . . . . . . 16
6.1. Extended Address Registration Option (EARO) . . . . . . . 16 6.1. Extended Address Registration Option (EARO) . . . . . . . 16
6.2. Extended Duplicate Address Message Formats . . . . . . . 18 6.2. Extended Duplicate Address Message Formats . . . . . . . 19
6.3. New 6LoWPAN Capability Bits in the Capability Indication 6.3. New 6LoWPAN Capability Bits in the Capability Indication
Option . . . . . . . . . . . . . . . . . . . . . . . . . 19 Option . . . . . . . . . . . . . . . . . . . . . . . . . 20
7. Backward Compatibility . . . . . . . . . . . . . . . . . . . 20 7. Backward Compatibility . . . . . . . . . . . . . . . . . . . 21
7.1. Discovering the Capabilities of an ND Peer . . . . . . . 20 7.1. Discovering the Capabilities of Router . . . . . . . . . 21
7.2. RFC6775-only 6LoWPAN Node . . . . . . . . . . . . . . . . 21 7.2. RFC6775-only 6LoWPAN Node . . . . . . . . . . . . . . . . 21
7.3. RFC6775-only 6LoWPAN Router . . . . . . . . . . . . . . . 21 7.3. RFC6775-only 6LoWPAN Router . . . . . . . . . . . . . . . 21
7.4. RFC6775-only 6LoWPAN Border Router . . . . . . . . . . . 22 7.4. RFC6775-only 6LoWPAN Border Router . . . . . . . . . . . 22
8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 8. Security Considerations . . . . . . . . . . . . . . . . . . . 22
9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 23 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 24
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
10.1. ARO Flags . . . . . . . . . . . . . . . . . . . . . . . 24 10.1. ARO Flags . . . . . . . . . . . . . . . . . . . . . . . 25
10.2. ICMP Codes . . . . . . . . . . . . . . . . . . . . . . . 25 10.2. ICMP Codes . . . . . . . . . . . . . . . . . . . . . . . 25
10.3. New ARO Status values . . . . . . . . . . . . . . . . . 26 10.3. New ARO Status values . . . . . . . . . . . . . . . . . 26
10.4. New 6LoWPAN capability Bits . . . . . . . . . . . . . . 26 10.4. New 6LoWPAN capability Bits . . . . . . . . . . . . . . 27
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 28
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 28
12.1. Normative References . . . . . . . . . . . . . . . . . . 27 12.1. Normative References . . . . . . . . . . . . . . . . . . 28
12.2. Informative References . . . . . . . . . . . . . . . . . 29 12.2. Informative References . . . . . . . . . . . . . . . . . 29
12.3. External Informative References . . . . . . . . . . . . 32 12.3. External Informative References . . . . . . . . . . . . 33
Appendix A. Applicability and Requirements Served (Not Appendix A. Applicability and Requirements Served (Not
Normative) . . . . . . . . . . . . . . . . . . . . . 32 Normative) . . . . . . . . . . . . . . . . . . . . . 33
Appendix B. Requirements (Not Normative) . . . . . . . . . . . . 33 Appendix B. Requirements (Not Normative) . . . . . . . . . . . . 34
B.1. Requirements Related to Mobility . . . . . . . . . . . . 33 B.1. Requirements Related to Mobility . . . . . . . . . . . . 34
B.2. Requirements Related to Routing Protocols . . . . . . . . 34 B.2. Requirements Related to Routing Protocols . . . . . . . . 35
B.3. Requirements Related to the Variety of Low-Power Link B.3. Requirements Related to the Variety of Low-Power Link
types . . . . . . . . . . . . . . . . . . . . . . . . . . 35 types . . . . . . . . . . . . . . . . . . . . . . . . . . 36
B.4. Requirements Related to Proxy Operations . . . . . . . . 35 B.4. Requirements Related to Proxy Operations . . . . . . . . 36
B.5. Requirements Related to Security . . . . . . . . . . . . 36 B.5. Requirements Related to Security . . . . . . . . . . . . 37
B.6. Requirements Related to Scalability . . . . . . . . . . . 37 B.6. Requirements Related to Scalability . . . . . . . . . . . 38
B.7. Requirements Related to Operations and Management . . . . 38 B.7. Requirements Related to Operations and Management . . . . 38
B.8. Matching Requirements with Specifications . . . . . . . . 38 B.8. Matching Requirements with Specifications . . . . . . . . 39
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
The scope of this draft is an IPv6 Low Power Network including star The scope of this draft is an IPv6 Low-Power Network including star
and mesh topologies. This specification modifies and extends the and mesh topologies. This specification modifies and extends the
behavior and protocol elements of "Neighbor Discovery Optimization behavior and protocol elements of "Neighbor Discovery Optimization
for IPv6 over Low-Power Wireless Personal Area Networks" (6LoWPAN ND) for IPv6 over Low-Power Wireless Personal Area Networks" (6LoWPAN ND)
[RFC6775] to enable additional capabilities and enhancements [RFC6775] to enable additional capabilities and enhancements
including: including:
o determining the freshest location in case of mobility (TID) o determining the freshest location in case of mobility (TID)
o Simplifying the registration flow for Link-Local Addresses o Simplifying the registration flow for Link-Local Addresses
o Support of a Leaf Node in a Route-Over network o Support of a Leaf Node in a Route-Over network
o Proxy registration in a Route-Over network o Proxy registration in a Route-Over network
skipping to change at page 4, line 6 skipping to change at page 4, line 6
2.2. Subset of a 6LoWPAN Glossary 2.2. Subset of a 6LoWPAN Glossary
This document often uses the following acronyms: This document often uses the following acronyms:
6BBR: 6LoWPAN Backbone Router (proxy for the registration) 6BBR: 6LoWPAN Backbone Router (proxy for the registration)
6LBR: 6LoWPAN Border Router (authoritative on DAD) 6LBR: 6LoWPAN Border Router (authoritative on DAD)
6LN: 6LoWPAN Node 6LN: 6LoWPAN Node
6LR: 6LoWPAN Router (relay to the registration process) 6LR: 6LoWPAN Router (relay to the registration process)
6CIO: Capability Indication Option 6CIO: Capability Indication Option
(E)ARO: (Extended) Address Registration Option (E)ARO: (Extended) Address Registration Option
(E)DAR: (Extended) Duplicate Address Request
(E)DAC: (Extended) Duplicate Address Confirmation
DAD: Duplicate Address Detection DAD: Duplicate Address Detection
LLN: Low Power Lossy Network (a typical IoT network) DODAG: Destination-Oriented Directed Acyclic Graph
LLN: Low-Power and Lossy Network (a typical IoT network)
NA: Neighbor Advertisement NA: Neighbor Advertisement
NCE: Neighbor Cache Entry NCE: Neighbor Cache Entry
ND: Neighbor Discovery ND: Neighbor Discovery
NDP: Neighbor Discovery Protocol NDP: Neighbor Discovery Protocol
NS: Neighbor Solicitation NS: Neighbor Solicitation
ROVR: Registration Ownership Verifier ROVR: Registration Ownership Verifier (pronounced rover)
TSCH: TimeSlotted Channel Hopping RPL: IPv6 Routing Protocol for LLNs (pronounced ripple)
RA: Router Advertisement
RS: Router Solicitation
TSCH: Timeslotted Channel Hopping
TID: Transaction ID (a sequence counter in the EARO) TID: Transaction ID (a sequence counter in the EARO)
2.3. References 2.3. References
The Terminology used in this document is consistent with and The Terminology used in this document is consistent with and
incorporates that described in Terms Used in Routing for Low-Power incorporates that described in Terms Used in Routing for Low-Power
and Lossy Networks (LLNs). [RFC7102]. and Lossy Networks (LLNs). [RFC7102].
Other terms in use in LLNs are found in Terminology for Constrained- Other terms in use in LLNs are found in Terminology for Constrained-
Node Networks [RFC7228]. Node Networks [RFC7228].
skipping to change at page 4, line 48 skipping to change at page 5, line 7
2.4. New Terms 2.4. New Terms
This specification introduces the following terminology: This specification introduces the following terminology:
Backbone Link: An IPv6 transit link that interconnects two or more Backbone Link: An IPv6 transit link that interconnects two or more
Backbone Routers. It is expected to be of high speed compared Backbone Routers. It is expected to be of high speed compared
to the LLN in order to carry the traffic that is required to to the LLN in order to carry the traffic that is required to
federate multiple segments of the potentially large LLN into a federate multiple segments of the potentially large LLN into a
single IPv6 subnet. single IPv6 subnet.
Backbone Router: A logical network function in an IPv6 router that Backbone Router: A logical network function in an IPv6 router that
federates a LLN over a Backbone Link. In order to do so, the federates an LLN over a Backbone Link. In order to do so, the
Backbone Router (6BBR) proxies the 6LoWPAN ND operations Backbone Router (6BBR) proxies the 6LoWPAN ND operations
detailed in this document onto the matching operations that run detailed in this document onto the matching operations that run
over the backbone, typically IPv6 ND. Note that 6BBR is a over the backbone, typically IPv6 ND. Note that 6BBR is a
logical function, just like 6LR and 6LBR, and that the same logical function, just like 6LR and 6LBR, and that the same
physical router may operate all three. physical router may operate all three.
Extended LLN: Multiple LLNs as defined in [RFC6550], interconnected Extended LLN: Multiple LLNs as defined in [RFC6550], interconnected
by a Backbone Link via Backbone Routers, and forming a single by a Backbone Link via Backbone Routers, and forming a single
IPv6 MultiLink Subnet. IPv6 Multi-Link Subnet.
Registration: The process during which a 6LN registers an IPv6 Registration: The process during which a 6LN registers an IPv6
Address with a 6LR in order to obtain services such as DAD and Address with a 6LR in order to obtain services such as DAD and
routing back. Duding that flow, the 6LBR may serve as proxy routing back. In a Route-Over network, a router that provides
for the registration of the 6LN to the 6BBR so the 6BBR can connectivity to the LLN (typically a 6LBR, e.g., collocated
provide IPv6 ND proxy services over the Backbone. with a RPL Root) may serve as proxy for the registration of the
6LN to the 6BBR so the 6BBR can provide IPv6 ND proxy services
over the Backbone.
Binding: The association between an IP address, a MAC address, a Binding: The association between an IP address, a MAC address, a
port, and other information about the node that owns the IP port, and other information about the node that owns the IP
Address. Address.
Registered Node: The 6LN for which the registration is performed, Registered Node: The 6LN for which the registration is performed,
and which owns the fields in the Extended ARO option. and which owns the fields in the Extended ARO option.
Registering Node: The node that performs the registration; this may Registering Node: The node that performs the registration; this may
be the Registered Node, or a proxy such as a 6LBR performing a be the Registered Node, or a proxy such as a 6LBR performing a
registration to a 6BBR, on behalf of the Registered Node. registration to a 6BBR, on behalf of the Registered Node.
Registered Address: An address owned by the Registered Node that was Registered Address: An address owned by the Registered Node that was
or is being registered. or is being registered.
RFC6775-only: Applied to a type of node or a type of message, this RFC6775-only: Applied to a type of node or a type of message, this
adjective indicates a behavior that is strictly as specified by adjective indicates a behavior that is strictly as specified by
[RFC6775] as opposed to updated with this specification. [RFC6775] as opposed to updated with this specification.
updated: Qualifies a 6LN, a 6LR or a 6LBR that supports this updated: Qualifies a 6LN, a 6LR, or a 6LBR that supports this
specification. specification.
3. Applicability of Address Registration Options 3. Applicability of Address Registration Options
The purpose of the Address Registration Option (ARO) in [RFC6775] is The purpose of the Address Registration Option (ARO) in [RFC6775] is
to facilitate duplicate address detection (DAD) for hosts as well as to facilitate duplicate address detection (DAD) for hosts as well as
to populate Neighbor Cache Entries (NCEs) [RFC4861] in the routers. to populate Neighbor Cache Entries (NCEs) [RFC4861] in the routers.
This reduces the reliance on multicast operations, which are often as This reduces the reliance on multicast operations, which are often as
intrusive as broadcast, in IPv6 ND operations. intrusive as broadcast, in IPv6 ND operations.
skipping to change at page 6, line 20 skipping to change at page 6, line 29
Autoconfiguration (SLAAC) in IPv6" [RFC4941]. Autoconfiguration (SLAAC) in IPv6" [RFC4941].
In IPv6 ND [RFC4861], a router needs enough storage to hold NCEs for In IPv6 ND [RFC4861], a router needs enough storage to hold NCEs for
all the addresses to which it can currently forward packets. A all the addresses to which it can currently forward packets. A
router using the Address Registration mechanism also needs enough router using the Address Registration mechanism also needs enough
storage to hold NCEs for all the addresses that may be registered to storage to hold NCEs for all the addresses that may be registered to
it, regardless of whether or not they are actively communicating. it, regardless of whether or not they are actively communicating.
The number of registrations supported by a 6LoWPAN Router (6LR) or The number of registrations supported by a 6LoWPAN Router (6LR) or
6LoWPAN Border Router (6LBR) MUST be clearly documented by the vendor 6LoWPAN Border Router (6LBR) MUST be clearly documented by the vendor
and the dynamic use of associated resources SHOULD be made available and the dynamic use of associated resources SHOULD be made available
to the network operator, e.g. to a management console. to the network operator, e.g., to a management console.
A network administrator MUST deploy updated 6LR/6LBRs to support the A network administrator MUST deploy updated 6LR/6LBRs to support the
number and type of devices in their network, based on the number of number and type of devices in their network, based on the number of
IPv6 addresses that those devices require and their address renewal IPv6 addresses that those devices require and their address renewal
rate and behavior. rate and behavior.
4. Updating RFC 6775 4. Updating RFC 6775
This specification introduces the Extended Address Registration This specification introduces the Extended Address Registration
Option (EARO) based on the ARO as defined [RFC6775]. A "T" flag is Option (EARO) based on the ARO as defined [RFC6775]. A 'T' flag is
added to indicate that a new field, the Transaction ID (TID) is added to indicate that a new field, the Transaction ID (TID) is
populated. The "T" flag MUST be set in NS messages when this populated. The 'T' flag MUST be set in NS messages when this
specification is used, and echoed in NA messages to confirm that the specification is used, and echoed in NA messages to confirm that the
protocol is supported. The EUI-64 field is overloaded to carry protocol is supported. The EUI-64 field is overloaded to carry
different types of information and its size may be increased when different types of information and its size may be increased when
backward compatibility is not an issue. backward compatibility is not an issue.
The extensions to the ARO option are used in the Duplicate Address The extensions to the ARO option are used in the Duplicate Address
messages, the Duplicate Address Request (DAR) and Duplicate Address messages, the Duplicate Address Request (DAR) and Duplicate Address
Confirmation (DAC), so as to convey the additional information all Confirmation (DAC), so as to convey the additional information all
the way to the 6LBR. In turn the 6LBR may proxy the registration the way to the 6LBR. In turn the 6LBR may proxy the registration
using IPv6 ND over a Backbone Link as illustrated in Figure 1. Note using IPv6 ND over a Backbone Link as illustrated in Figure 1. Note
skipping to change at page 7, line 28 skipping to change at page 7, line 30
| | | proxy NA(EARO) | | | | proxy NA(EARO) |
| | |<---------------| | | |<---------------|
| | Extended DAC | | | | Extended DAC | |
| |<--------------| | | |<--------------| |
| NA(EARO) | | | | NA(EARO) | | |
|<---------------| | | |<---------------| | |
| | | | | | | |
Figure 1: (Re-)Registration Flow Figure 1: (Re-)Registration Flow
In order to support various types of link layers, it is RECOMMENDED In order to support various types of link layers, this specification
to allow multiple registrations, including for privacy / temporary allows multiple registrations, including for privacy / temporary
addresses. It is also RECOMMENDED to provide new mechanisms to help addresses and provides new mechanisms to help clean up stale
clean up stale registration state as soon as possible. registration state as soon as possible, e.g., after a movement (see
Section 8).
Section 5 of [RFC6775] specifies how a 6LN bootstraps an interface Section 5 of [RFC6775] specifies how a 6LN bootstraps an interface
and locates available 6LRs. A Registering Node SHOULD prefer and locates available 6LRs. A Registering Node prefers registering
registering to a 6LR that is found to support this specification, as to a 6LR that is found to support this specification, as discussed in
discussed in Section 5, over an RFC6775-only one and MUST operate in Section 5, over an RFC6775-only one, and operates in a backward-
a backward compatible fashion when attaching to an RFC6775-only 6LR. compatible fashion when attaching to an RFC6775-only 6LR.
4.1. Extended Address Registration Option (EARO) 4.1. Extended Address Registration Option (EARO)
The Extended ARO (EARO) replaces the ARO and is backward compatible The Extended ARO (EARO) replaces the ARO and is backward compatible
with the ARO if and only if the Length of the option is set to 2. with the ARO if and only if the Length of the option is set to 2.
Its format is presented in Section 6.1. More details on backward Its format is presented in Section 6.1. More details on backward
compatibility can be found in Section 7. compatibility can be found in Section 7.
The semantics of the Neighbor Solicitation (NS) and the ARO are The semantics of the Neighbor Solicitation (NS) and the ARO are
modified as follows: modified as follows:
o The address that is being registered with a NS with an EARO is now o The address that is being registered with an NS with an EARO is
the Target Address, as opposed to the Source Address as specified now the Target Address, as opposed to the Source Address as
in [RFC6775] (see Section 4.5). This change enables a 6LBR to use specified in [RFC6775] (see Section 4.5). This change enables a
one of its addresses as source of the proxy-registration of an 6LBR to use one of its addresses as source of the proxy-
address that belongs to a LLN Node to a 6BBR. This also limits registration of an address that belongs to a LLN Node to a 6BBR.
the use of an address as source address before it is registered This also limits the use of an address as source address before it
and the associated DAD process is complete. is registered and the associated DAD process is complete.
o The EUI-64 field in the ARO Option is renamed Registration o The EUI-64 field in the ARO Option is renamed Registration
Ownership Verifier (ROVR) and is not required to be derived from a Ownership Verifier (ROVR) and is not required to be derived from a
MAC address (see Section 4.3). MAC address (see Section 4.3).
o The option Length MAY be different than 2 and take a value between o The option Length MAY be different than 2 and take a value between
3 and 5, in which case the EARO is not backward compatible with an 3 and 5, in which case the EARO is not backward compatible with an
ARO. The increase of size corresponds to a larger ROVR field, so ARO. The increase of size corresponds to a larger ROVR field, so
the size of the ROVR is inferred from the option Length. the size of the ROVR is inferred from the option Length.
o This document specifies a new flag in the EARO, the 'R' flag, used o This document specifies a new flag in the EARO, the 'R' flag. If
by a 6LN, when registering, to indicate that this 6LN is not a the 'R' flag is set, the Registering Node expects that the 6LR
router and that it will not handle its own reachability. If the ensures reachability for the Registered Address, e.g., by means of
'R' flag is set, the registering node expects that the 6LR ensures routing or proxying ND. Conversely, when it is not set, the 'R'
reachability for the registered address by means of routing or
proxying ND. A host MUST set the 'R' flag. When not set, the 'R'
flag indicates that the Registering Node is a router, which for flag indicates that the Registering Node is a router, which for
instance participates to a Route-Over routing protocol such as the instance participates to a Route-Over routing protocol such as the
IPv6 Routing Protocol for Low-Power and Lossy Networks [RFC6550] IPv6 Routing Protocol for Low-Power and Lossy Networks [RFC6550]
(RPL), and that it will take care of injecting its Address over (RPL) and that it will take care of injecting its Address over the
the routing protocol by itself. A router SHOULD NOT set the 'R' routing protocol by itself. A 6LN that acts only as a host, when
flag; if it does, routes towards the router may be installed on registering, MUST set the 'R' flag to indicate that it is not a
its behalf and may interfere with those it injects. router and that it will not handle its own reachability. A 6LR
that manages its reachability SHOULD NOT set the 'R' flag; if it
does, routes towards this router may be installed on its behalf
and may interfere with those it injects.
o The specification introduces a Transaction ID (TID) field in the o The specification introduces a Transaction ID (TID) field in the
EARO (see Section 4.2). The TID MUST be provided by a node that EARO (see Section 4.2). The TID MUST be provided by a node that
supports this specification and a new "T" flag MUST be set to supports this specification and another new flag, the 'T' flag,
indicate so. MUST be set to indicate so.
o Finally, this specification introduces new status codes to help o Finally, this specification introduces new status codes to help
diagnose the cause of a registration failure (see Table 1). diagnose the cause of a registration failure (see Table 1).
4.2. Transaction ID 4.2. Transaction ID
The TID is a sequence number that is incremented by the 6LN with each The TID is a sequence number that is incremented by the 6LN with each
re-registration to a 6LR. The TID is used to detect the freshness of re-registration to a 6LR. The TID is used to detect the freshness of
the registration request and to detect one single registration by the registration request and to detect one single registration by
multiple 6LoWPAN border routers (e.g., 6LBRs and 6BBRs) supporting multiple 6LoWPAN border routers (e.g., 6LBRs and 6BBRs) supporting
the same 6LoWPAN. The TID may also be used by the network to route the same 6LoWPAN. The TID may also be used by the network to route
skipping to change at page 10, line 28 skipping to change at page 10, line 31
1. If the absolute magnitude of difference between the two 1. If the absolute magnitude of difference between the two
sequence counters is less than or equal to sequence counters is less than or equal to
SEQUENCE_WINDOW, then a comparison as described in SEQUENCE_WINDOW, then a comparison as described in
[RFC1982] is used to determine the relationships greater [RFC1982] is used to determine the relationships greater
than, less than, and equal. than, less than, and equal.
2. If the absolute magnitude of difference of the two 2. If the absolute magnitude of difference of the two
sequence counters is greater than SEQUENCE_WINDOW, then a sequence counters is greater than SEQUENCE_WINDOW, then a
desynchronization has occurred and the two sequence desynchronization has occurred and the two sequence
numbers are not comparable. numbers are not comparable.
4. If two sequence numbers are determined to be not comparable, i.e. 4. If two sequence numbers are determined to be not comparable,
the results of the comparison are not defined, then a node should i.e., the results of the comparison are not defined, then a node
give precedence to the sequence number that was most recently should give precedence to the sequence number that was most
incremented. Failing this, the node should select the sequence recently incremented. Failing this, the node should select the
number in order to minimize the resulting changes to its own sequence number in order to minimize the resulting changes to its
state. own state.
4.3. Registration Ownership Verifier 4.3. Registration Ownership Verifier
The ROVR field generalizes the EUI-64 field of the ARO defined in The ROVR field generalizes the EUI-64 field of the ARO defined in
[RFC6775]. It is scoped to a registration and enables recognize and [RFC6775]. It is scoped to a registration and enables recognizing
block a tentative to register a duplicate address, which is and blocking an attempt to register a duplicate address, which is
characterized by a different ROVR in the conflicting registrations It characterized by a different ROVR in the conflicting registrations.
can also be used to protect the ownership of a Registered Address, if It can also be used to protect the ownership of a Registered Address,
the proof-of-ownership of the ROVR can be obtained (more in if the proof-of-ownership of the ROVR can be obtained (more in
Section 4.6). Section 4.6).
The ROVR is allowed to be of different types, as ong as the type is The ROVR can be of different types, as long as the type is signaled
signaled in the message that carries the new type. For instance, the in the message that carries the new type. For instance, the type can
type can be a cryptographic string and used to prove the ownership of be a cryptographic string and used to prove the ownership of the
the registration as discussed in "Address Protected Neighbor registration as specified in "Address Protected Neighbor Discovery
Discovery for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd]. In for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd]. In order to
order to support the flows related to the proof-of-ownership, this support the flows related to the proof-of-ownership, this
specification introduces new status codes "Validation Requested" and specification introduces new status codes "Validation Requested" and
"Validation Failed" in the EARO. "Validation Failed" in the EARO.
Note on ROVR collision: different techniques for forming the ROVR Note on ROVR collision: different techniques for forming the ROVR
will operate in different name-spaces. [RFC6775] operates on EUI-64 will operate in different name-spaces. [RFC6775] operates on EUI-
addresses. [I-D.ietf-6lo-ap-nd] generates cryptographic tokens. 64(TM) addresses. [I-D.ietf-6lo-ap-nd] generates cryptographic
While collisions are not expected in the EUI-64 name-space only, they tokens. While collisions are not expected in the EUI-64 name-space
may happen in the case of [I-D.ietf-6lo-ap-nd] and in a mixed only, they may happen in the case of [I-D.ietf-6lo-ap-nd] and in a
situation. An implementation that understands the name-space MUST mixed situation. An implementation that understands the name-space
consider that ROVRs from different name-spaces are different even if MUST consider that ROVRs from different name-spaces are different
they have the same value. An RFC6775-only will confuse the name- even if they have the same value. An RFC6775-only will confuse the
spaces, which slightly increases the risk of a ROVR collision. A name-spaces, which slightly increases the risk of a ROVR collision.
collision of ROVR has no effect if the two Registering Nodes register A collision of ROVR has no effect if the two Registering Nodes
different addresses, since the ROVR is only significant within the register different addresses, since the ROVR is only significant
context of one registration. A ROVR is not expected to be unique to within the context of one registration. A ROVR is not expected to be
one registration, as this specification allows a node to use the same unique to one registration, as this specification allows a node to
ROVR to register multiple IPv6 addresses. This is why the ROVR MUST use the same ROVR to register multiple IPv6 addresses. This is why
NOT be used as a key to identify the Registering Node, or as an index the ROVR MUST NOT be used as a key to identify the Registering Node,
to the registration. It is only used as a match to ensure that the or as an index to the registration. It is only used as a match to
node that updates a registration for an IPv6 address is the node that ensure that the node that updates a registration for an IPv6 address
made the original registration for that IPv6 address. Also, when the is the node that made the original registration for that IPv6
ROVR is not an EUI-64 address, then it MUST NOT be used as the address. Also, when the ROVR is not an EUI-64 address, then it MUST
interface ID of the Registered Address. This way, a registration NOT be used as the interface ID of the Registered Address. This way,
that uses that ROVR will not collision with that of an IPv6 Address a registration that uses that ROVR will not collision with that of an
derived from EUI-64 and using the EUI-64 as ROVR per [RFC6775]. IPv6 Address derived from EUI-64 and using the EUI-64 as ROVR per
[RFC6775].
The Registering Node SHOULD store the ROVR, or enough information to The Registering Node SHOULD store the ROVR, or enough information to
regenerate it, in persistent memory. If this is not done and an regenerate it, in persistent memory. If this is not done and an
event such as a reboot causes a loss of memory, re-registering the event such as a reboot causes a loss of state, re-registering the
same address could be impossible until the 6LRs and the 6LBR time out same address could be impossible until the 6LRs and the 6LBR time out
the previous registration, or a management action is taken to clear the previous registration, or a management action is taken to clear
the relevant state in the network. the relevant state in the network.
4.4. Extended Duplicate Address Messages 4.4. Extended Duplicate Address Messages
In order to map the new EARO content in the Extended Duplicate In order to map the new EARO content in the Extended Duplicate
Address (EDA) messages, a new TID field is added to the Extended DAR Address (EDA) messages, a new TID field is added to the Extended DAR
(EDAR) and the Extended DAC (EDAC) messages as a replacement of a (EDAR) and the Extended DAC (EDAC) messages as a replacement of the
Reserved field, and a non-null value of the ICMP Code indicates Reserved field, and a non-null value of the ICMP Code indicates
support for this specification. The format of the EDA messages is support for this specification. The format of the EDA messages is
presented in Section 6.2. presented in Section 6.2.
As for the EARO, the Extended Duplicate Address messages are backward As with the EARO, the Extended Duplicate Address messages are
compatible with the RFC6775-only versions as long as the ROVR field backward compatible with the RFC6775-only versions as long as the
is 64 bits long. Remarks concerning backwards compatibility for the ROVR field is 64 bits long. Remarks concerning backwards
protocol between the 6LN and the 6LR apply similarly between a 6LR compatibility for the protocol between the 6LN and the 6LR apply
and a 6LBR. similarly between a 6LR and a 6LBR.
4.5. Registering the Target Address 4.5. Registering the Target Address
The Registering Node is the node that performs the registration to The Registering Node is the node that performs the registration to
the 6BBR. As in [RFC6775], it may be the Registered Node as well, in the 6BBR. As in [RFC6775], it may be the Registered Node as well, in
which case it registers one of its own addresses, and indicates its which case it registers one of its own addresses and indicates its
own MAC Address as Source Link Layer Address (SLLA) in the NS(EARO). own MAC Address as Source Link Layer Address (SLLA) in the NS(EARO).
This specification adds the capability to proxy the registration This specification adds the capability to proxy the registration
operation on behalf of a Registered Node that is reachable over a LLN operation on behalf of a Registered Node that is reachable over an
mesh. In that case, if the Registered Node is reachable from the LLN mesh. In that case, if the Registered Node is reachable from the
6BBR over a Mesh-Under mesh, the Registering Node indicates the MAC 6BBR over a Mesh-Under mesh, the Registering Node indicates the MAC
Address of the Registered Node as the SLLA in the NS(EARO). If the Address of the Registered Node as the SLLA in the NS(EARO). If the
Registered Node is reachable over a Route-Over mesh from the Registered Node is reachable over a Route-Over mesh from the
Registering Node, the SLLA in the NS(ARO) is that of the Registering Registering Node, the SLLA in the NS(ARO) is that of the Registering
Node. This enables the Registering Node to attract the packets from Node. This enables the Registering Node to attract the packets from
the 6BBR and route them over the LLN to the Registered Node. the 6BBR and route them over the LLN to the Registered Node.
In order to enable the latter operation, this specification changes In order to enable the latter operation, this specification changes
the behavior of the 6LN and the 6LR so that the Registered Address is the behavior of the 6LN and the 6LR so that the Registered Address is
found in the Target Address field of the NS and NA messages as found in the Target Address field of the NS and NA messages as
opposed to the Source Address. With this convention, a TLLA option opposed to the Source Address. With this convention, a TLLA option
indicates the link-layer address of the 6LN that owns the address. indicates the link-layer address of the 6LN that owns the address.
The Registering Node expects packets for the 6LN. Therefore, it MUST If Registering Node expects packets for the 6LN, e.g., a 6LBR also
place its own Link Layer Address in the SLLA Option that MUST always acting as RPL Root, then it MUST place its own Link Layer Address in
be placed in a registration NS(EARO) message. This maintains the SLLA Option that MUST always be placed in a registration NS(EARO)
compatibility with RFC6775-only 6LoWPAN ND [RFC6775]. message. This maintains compatibility with RFC6775-only 6LoWPAN ND
[RFC6775].
4.6. Link-Local Addresses and Registration 4.6. Link-Local Addresses and Registration
Considering that LLN nodes are often not wired and may move, there is Considering that LLN nodes are often not wired and may move, there is
no guarantee that a Link-Local Address stays unique between a no guarantee that a Link-Local Address stays unique between a
potentially variable and unbounded set of neighboring nodes. potentially variable and unbounded set of neighboring nodes.
Compared to [RFC6775], this specification only requires that a Link- Compared to [RFC6775], this specification only requires that a Link-
Local Address is unique from the perspective of the two nodes that Local Address be unique from the perspective of the two nodes that
use it to communicate (e.g., the 6LN and the 6LR in an NS/NA use it to communicate (e.g., the 6LN and the 6LR in an NS/NA
exchange). This simplifies the DAD process in a Route-Over topology exchange). This simplifies the DAD process in a Route-Over topology
for Link-Local Addresses, by avoiding an exchange of EDA messages for Link-Local Addresses by avoiding an exchange of EDA messages
between the 6LR and a 6LBR for those addresses. between the 6LR and a 6LBR for those addresses.
In more details: In more details:
An exchange between two nodes using Link-Local Addresses implies that An exchange between two nodes using Link-Local Addresses implies that
they are reachable over one hop. A node MUST register a Link-Local they are reachable over one hop. A node MUST register a Link-Local
Address to a 6LR in order to obtain reachability from that 6LR beyond Address to a 6LR in order to obtain reachability from that 6LR beyond
the current exchange, and in particular to use the Link-Local Address the current exchange, and in particular to use the Link-Local Address
as source address to register other addresses, e.g., global as source address to register other addresses, e.g., global
addresses. addresses.
skipping to change at page 13, line 18 skipping to change at page 13, line 23
this 6LR by another 6LN, then the Link-Local Address is unique from this 6LR by another 6LN, then the Link-Local Address is unique from
the standpoint of this 6LR and the registration is not a duplicate. the standpoint of this 6LR and the registration is not a duplicate.
Alternatively, two different 6LRs might expose the same Link-Local Alternatively, two different 6LRs might expose the same Link-Local
Address but different link-layer addresses. In that case, a 6LN MUST Address but different link-layer addresses. In that case, a 6LN MUST
only interact with at most one of the 6LRs. only interact with at most one of the 6LRs.
The DAD process between the 6LR and a 6LBR, which is based on an The DAD process between the 6LR and a 6LBR, which is based on an
exchange of EDA messages, does not need to take place for Link-Local exchange of EDA messages, does not need to take place for Link-Local
Addresses. Addresses.
When registering to a 6LR that conforms to this specification, a node When registering to a 6LR that conforms to this specification (see
MUST use a Link-Local Address as the source address of the Section 7.1, a node MUST use a Link-Local Address as the source
registration, whatever the type of IPv6 address that is being address of the registration, whatever the type of IPv6 address that
registered. That Link-Local Address MUST be either an address that is being registered. That Link-Local Address MUST be either an
is already registered to the 6LR, or the address that is being address that is already registered to the 6LR, or the address that is
registered. being registered.
When a Registering Node does not have an already-registered Address, When a Registering Node does not have an already-registered Address,
it MUST register a Link-Local Address, using it as both the Source it MUST register a Link-Local Address, using it as both the Source
and the Target Address of an NS(EARO) message. In that case, it is and the Target Address of an NS(EARO) message. In that case, it is
RECOMMENDED to use a Link-Local Address that is (expected to be) RECOMMENDED to use a Link-Local Address that is (expected to be)
globally unique, e.g., derived from a globally unique EUI-64 address. globally unique, e.g., derived from a globally unique EUI-64 address.
An EARO in the response NA indicates that the 6LR supports this A 6LR that supports this specification replies with an NA(EARO),
specification. setting the appropriate status.
Since there is no exchange of EDA messages for Link-Local Addresses, Since there is no exchange of EDA messages for Link-Local Addresses,
the 6LR may answer immediately to the registration of a Link-Local the 6LR may answer immediately to the registration of a Link-Local
Address, based solely on its existing state and the Source Link-Layer Address, based solely on its existing state and the Source Link-Layer
Option that is placed in the NS(EARO) message as required in Option that is placed in the NS(EARO) message as required in
[RFC6775]. [RFC6775].
A node needs to register its IPv6 Global Unicast IPv6 Addresses A node needs to register its IPv6 Global Unicast Addresses (GUAs) to
(GUAs) to a 6LR in order to establish global reachability for these a 6LR in order to establish global reachability for these addresses
addresses via that 6LR. When registering with an updated 6LR, a via that 6LR. When registering with an updated 6LR, a Registering
Registering Node does not use a GUA as Source Address, in contrast to Node does not use a GUA as Source Address, in contrast to a node that
a node that complies to [RFC6775]. For non-Link-Local Addresses, the complies to [RFC6775]. For non-Link-Local Addresses, the exchange of
exchange of EDA messages MUST conform to [RFC6775], but the extended EDA messages MUST conform to [RFC6775], but the extended formats
formats described in this specification for the DAR and the DAC are described in this specification for the DAR and the DAC are used to
used to relay the extended information in the case of an EARO. relay the extended information in the case of an EARO.
4.7. Maintaining the Registration States 4.7. Maintaining the Registration States
This section discusses protocol actions that involve the Registering This section discusses protocol actions that involve the Registering
Node, the 6LR and the 6LBR. It must be noted that the portion that Node, the 6LR, and the 6LBR. It must be noted that the portion that
deals with a 6LBR only applies to those addresses that are registered deals with a 6LBR only applies to those addresses that are registered
to it; as discussed in Section 4.6, this is not the case for Link- to it; as discussed in Section 4.6, this is not the case for Link-
Local Addresses. The registration state includes all data that is Local Addresses. The registration state includes all data that is
stored in the router relative to that registration, in particular, stored in the router relative to that registration, in particular,
but not limited to, an NCE. 6LBRs and 6BBRs may store additional but not limited to, an NCE. 6LBRs and 6BBRs may store additional
registration information in more complex abstract data structures and registration information in more complex abstract data structures and
use protocols that are out of scope of this document to keep them use protocols that are out of scope of this document to keep them
synchronized when they are distributed. synchronized when they are distributed.
When its resource available to store registration states are When its resource available to store registration states are
exhausted, a 6LR cannot accept a new registration. In that exhausted, a 6LR cannot accept a new registration. In that
situation, the EARO is returned in a NA message with a Status Code of situation, the EARO is returned in an NA message with a Status Code
"Neighbor Cache Full", and the Registering Node may attempt to of "Neighbor Cache Full" (Table 1), and the Registering Node may
register to another 6LR. attempt to register to another 6LR.
If the registry in the 6LBR is saturated, then the 6LBR cannot decide If the registry in the 6LBR is saturated, then the 6LBR cannot decide
whether a registration for a new address is a duplicate. In that whether a registration for a new address is a duplicate. In that
case, the 6LBR replies to a EDAR message with an EDAC message that case, the 6LBR replies to an EDAR message with an EDAC message that
carries a new Status Code indicating "6LBR Registry saturated" carries a new Status Code indicating "6LBR Registry saturated"
Table 1. Note: this code is used by 6LBRs instead of "Neighbor Cache (Table 1). Note: this code is used by 6LBRs instead of "Neighbor
Full" when responding to a Duplicate Address message exchange and is Cache Full" when responding to a Duplicate Address message exchange
passed on to the Registering Node by the 6LR. There is no point for and is passed on to the Registering Node by the 6LR. There is no
the node to retry this registration immediately via another 6LR, point for the node to retry this registration immediately via another
since the problem is global to the network. The node may either 6LR, since the problem is global to the network. The node may either
abandon that address, de-register other addresses first to make room, abandon that address, de-register other addresses first to make room,
or keep the address in TENTATIVE state and retry later. or keep the address in TENTATIVE state and retry later.
A node renews an existing registration by sending a new NS(EARO) A node renews an existing registration by sending a new NS(EARO)
message for the Registered Address. In order to refresh the message for the Registered Address. In order to refresh the
registration state in the 6LBR, the registration MUST be reported to registration state in the 6LBR, the registration MUST be reported to
the 6LBR. the 6LBR.
A node that ceases to use an address SHOULD attempt to de-register A node that ceases to use an address SHOULD attempt to de-register
that address from all the 6LRs to which it has registered the that address from all the 6LRs to which it has registered the
skipping to change at page 15, line 7 skipping to change at page 15, line 7
A node that moves away from a particular 6LR SHOULD attempt to de- A node that moves away from a particular 6LR SHOULD attempt to de-
register all of its addresses registered to that 6LR and register to register all of its addresses registered to that 6LR and register to
a new 6LR with an incremented TID. When/if the node shows up a new 6LR with an incremented TID. When/if the node shows up
elsewhere, an asynchronous NA(EARO) or EDAC message with a Status elsewhere, an asynchronous NA(EARO) or EDAC message with a Status
Code of "Moved" SHOULD be used to clean up the state in the previous Code of "Moved" SHOULD be used to clean up the state in the previous
location. For instance, as described in location. For instance, as described in
[I-D.ietf-6lo-backbone-router], the "Moved" status can be used by a [I-D.ietf-6lo-backbone-router], the "Moved" status can be used by a
6BBR in an NA(EARO) message to indicate that the ownership of the 6BBR in an NA(EARO) message to indicate that the ownership of the
proxy state on the Backbone Link was transferred to another 6BBR, as proxy state on the Backbone Link was transferred to another 6BBR as
the consequence of a movement of the device. If the receiver of the the consequence of a movement of the device. If the receiver of the
message has a state corresponding to the related address, it SHOULD message has a state corresponding to the related address, it SHOULD
propagate the status down the forwarding path to the Registered node propagate the status down the forwarding path to the Registered node
(e.g., reversing an existing RPL [RFC6550] path as prescribed in (e.g., reversing an existing RPL [RFC6550] path as prescribed in
[I-D.ietf-roll-efficient-npdao]). Whether it could or not do so, the [I-D.ietf-roll-efficient-npdao]). Whether it could do so or not, the
receiver MUST clean up the said state. receiver MUST clean up said state.
Upon receiving an NS(EARO) message with a Registration Lifetime of 0 Upon receiving an NS(EARO) message with a Registration Lifetime of 0
and determining that this EARO is the freshest for a given NCE (see and determining that this EARO is the freshest for a given NCE (see
Section 4.2), a 6LR cleans up its NCE. If the address was registered Section 4.2), a 6LR cleans up its NCE. If the address was registered
to the 6LBR, then the 6LR MUST report to the 6LBR, through a to the 6LBR, then the 6LR MUST report to the 6LBR, through a
Duplicate Address exchange with the 6LBR, indicating the null Duplicate Address exchange with the 6LBR, indicating the null
Registration Lifetime and the latest TID that this 6LR is aware of. Registration Lifetime and the latest TID that this 6LR is aware of.
Upon receiving the EDAR message, the 6LBR evaluates if this is the Upon receiving the EDAR message, the 6LBR evaluates if this is the
most recent TID it has received for that particular registry entry. most recent TID it has received for that particular registry entry.
If so, then the EDAR is answered with an EDAC message bearing a If so, then the EDAR is answered with an EDAC message bearing a
Status of "Success" and the entry is scheduled to be removed. Status of "Success" and the entry is scheduled to be removed.
Otherwise, a Status Code of "Moved" is returned instead, and the Otherwise, a Status Code of "Moved" is returned instead, and the
existing entry is maintained. existing entry is maintained.
When an address is scheduled to be removed, the 6LBR SHOULD keep its When an address is scheduled to be removed, the 6LBR SHOULD keep its
entry in a DELAY state for a configurable period of time, so as to entry in a DELAY state for a configurable period of time, so as to
protect a mobile node that de-registered from one 6LR and did not protect a mobile node that de-registered from one 6LR and did not
register yet to a new one, or the new registration did not reach yet register yet to a new one, or the new registration did not yet reach
the 6LBR due to propagation delays in the network. Once the DELAY the 6LBR due to propagation delays in the network. Once the DELAY
time is passed, the 6LBR silently removes its entry. time is passed, the 6LBR silently removes its entry.
5. Detecting Enhanced ARO Capability Support 5. Detecting Enhanced ARO Capability Support
The "Generic Header Compression for IPv6 over 6LoWPANs" [RFC7400] "Generic Header Compression for IPv6 over 6LoWPANs" [RFC7400]
introduces the 6LoWPAN Capability Indication Option (6CIO) to introduces the 6LoWPAN Capability Indication Option (6CIO) to
indicate a node's capabilities to its peers. The 6CIO MUST be indicate a node's capabilities to its peers. The 6CIO MUST be
present in Router Advertisement (RA) messages, unless the present in both Router Solicitation (RS) and Router Advertisement
capabilities of the 6LR are already known by the 6LN. This can be (RA) messages, unless the information therein was already shared.
determined by the 6LR if there is an existing registration in place This can have happened in recent exchanges. The information can also
for the 6LN that is based on EARO. This can also be implicit, or be implicit, or pre-configured in all nodes in a network. In any
configured in all nodes in a network. case, a 6CIO MUST be placed in an RA message that is sent in response
to an RS with a 6CIO.
Section 6.3 defines a new flag for the 6CIO to signal support for Section 6.3 defines a new flag for the 6CIO to signal support for
EARO by the issuer of the message, and Section 7.1 specifies how the EARO by the issuer of the message and Section 7.1 specifies how the
flag is to be used. A similar flag indicates the support of EDA flag is to be used. New flags are also added to the 6CIO to signal
messages by the 6LBR - note that other information on the 6LBR is the sender's capability to act as a 6LR, 6LBR, and 6BBR (see
found in a separate Authoritative Border Router Option (ABRO) that Section 6.3).
MUST also be present in RA messages [RFC6775]. New flags are also
added to signal the router's capability to act as a 6LR, 6LBR and
6BBR (see Section 6.3).
6. Extended ND Options And Messages Section 6.3 also defines a new flag that indicates the support of EDA
messages by the 6LBR. This flag is valid in RA messages but not in
RS messages. More information on the 6LBR is found in a separate
Authoritative Border Router Option (ABRO). The ABRO is placed in RA
messages as prescribed by [RFC6775]; in particular, it MUST be placed
in an RA message that is sent in response to an RS with a 6CIO
indicating the capability to act as a 6LR, since the RA propagates
information between routers.
6. Extended ND Options and Messages
This specification does not introduce new options, but it modifies This specification does not introduce new options, but it modifies
existing ones and updates the associated behaviors as specified in existing ones and updates the associated behaviors as specified in
the following subsections. the following subsections.
6.1. Extended Address Registration Option (EARO) 6.1. Extended Address Registration Option (EARO)
The Address Registration Option (ARO) is defined in section 4.1 of The Address Registration Option (ARO) is defined in section 4.1 of
[RFC6775]. [RFC6775].
The Extended Address Registration Option (EARO) replaces the ARO used The Extended Address Registration Option (EARO) replaces the ARO used
within Neighbor Discovery NS and NA messages between a 6LN and its within Neighbor Discovery NS and NA messages between a 6LN and its
6LR. Similarly, the EDA messages, EDAR and EDAC, replace the DAR and 6LR. Similarly, the EDA messages, EDAR and EDAC, replace the DAR and
DAC messages so as to transport the new information between 6LRs and DAC messages so as to transport the new information between 6LRs and
6LBRs across LLN meshes such as 6TiSCH networks. 6LBRs across LLN meshes such as 6TiSCH networks.
An NS message with an EARO is a registration if and only if it also An NS message with an EARO is a registration if and only if it also
carries an SLLA Option. The EARO also used in NS and NA messages carries an SLLA Option. The EARO is also used in NS and NA messages
between Backbone Routers [I-D.ietf-6lo-backbone-router] over the between Backbone Routers [I-D.ietf-6lo-backbone-router] over the
Backbone Link to sort out the distributed registration state; in that Backbone Link to sort out the distributed registration state; in that
case, it does not carry the SLLA Option and is not confused with a case, it does not carry the SLLA Option and is not confused with a
registration. registration.
When using the EARO, the address being registered is found in the When using the EARO, the address being registered is found in the
Target Address field of the NS and NA messages. Target Address field of the NS and NA messages.
The EARO extends the ARO and is indicated by the "T" flag set. The The EARO extends the ARO and is indicated by the 'T' flag being set.
format of the EARO is as follows: The format of the EARO is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Status | Reserved | | Type | Length | Status | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |R|T| TID | Registration Lifetime | | Reserved |R|T| TID | Registration Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ Registration Ownership Verifier + ... Registration Ownership Verifier ...
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: EARO Figure 2: EARO
Option Fields Option Fields
Type: 33 Type: 33
Length: 8-bit unsigned integer. The length of the option in Length: 8-bit unsigned integer. The length of the option in
units of 8 bytes. It MUST be 2 when operating in units of 8 bytes. It MUST be 2 when operating in
backward-compatible mode. It MAY be 3, 4 or 5, backward-compatible mode. It MAY be 3, 4 or 5,
denoting a ROVR size of 128, 192 and 256 bits denoting a ROVR size of 128, 192 and 256 bits
respectively. respectively.
Status: 8-bit unsigned integer. Indicates the status of a Status: 8-bit unsigned integer. Indicates the status of a
registration in the NA response. MUST be set to 0 in registration in the NA response. MUST be set to 0 in
NS messages. See Table 1 below. NS messages. See Table 1 below.
+-------+-----------------------------------------------------------+ +-------+-----------------------------------------------------------+
| Value | Description | | Value | Description |
+-------+-----------------------------------------------------------+ +-------+-----------------------------------------------------------+
| 0..2 | See [RFC6775]. Note: a Status of 1 "Duplicate Address" | | 0..2 | See [RFC6775]. Note: a Status of 1 ("Duplicate Address") |
| | applies to the Registered Address. If the Source Address | | | applies to the Registered Address. If the Source Address |
| | conflicts with an existing registration, "Duplicate | | | conflicts with an existing registration, "Duplicate |
| | Source Address" MUST be used. | | | Source Address" MUST be used. |
| | | | | |
| 3 | Moved: The registration failed because it is not the | | 3 | Moved: The registration failed because it is not the |
| | freshest. This Status indicates that the registration is | | | freshest. This Status indicates that the registration is |
| | rejected because another more recent registration was | | | rejected because another more recent registration was |
| | done, as indicated by a same ROVR and a more recent TID. | | | done, as indicated by a same ROVR and a more recent TID. |
| | One possible cause is a stale registration that has | | | One possible cause is a stale registration that has |
| | progressed slowly in the network and was passed by a more | | | progressed slowly in the network and was passed by a more |
| | recent one. It could also indicate a ROVR collision. | | | recent one. It could also indicate a ROVR collision. |
| | | | | |
| 4 | Removed: The binding state was removed. This may be | | 4 | Removed: The binding state was removed. This status may |
| | placed in an asynchronous NS(ARO) message, or as the | | | be placed in an NA(EARO) message that is sent as the |
| | rejection of a proxy registration to a Backbone Router | | | rejection of a proxy registration to a Backbone Router, |
| | or in an asynchronous NA(EARO) at any time. |
| | | | | |
| 5 | Validation Requested: The Registering Node is challenged | | 5 | Validation Requested: The Registering Node is challenged |
| | for owning the Registered Address or for being an | | | for owning the Registered Address or for being an |
| | acceptable proxy for the registration. This Status is | | | acceptable proxy for the registration. This Status is |
| | expected in asynchronous messages from a registrar (6LR, | | | expected in asynchronous messages from a registrar (6LR, |
| | 6LBR, 6BBR) to indicate that the registration state is | | | 6LBR, 6BBR) to indicate that the registration state is |
| | removed, for instance due to a movement of the device. | | | removed, for instance, due to a movement of the device. |
| | | | | |
| 6 | Duplicate Source Address: The address used as source of | | 6 | Duplicate Source Address: The address used as source of |
| | the NS(ARO) conflicts with an existing registration. | | | the NS(ARO) conflicts with an existing registration. |
| | | | | |
| 7 | Invalid Source Address: The address used as source of the | | 7 | Invalid Source Address: The address used as source of the |
| | NS(ARO) is not a Link-Local Address as prescribed by this | | | NS(ARO) is not a Link-Local Address as prescribed by this |
| | document. | | | document. |
| | | | | |
| 8 | Registered Address topologically incorrect: The address | | 8 | Registered Address topologically incorrect: The address |
| | being registered is not usable on this link, e.g., it is | | | being registered is not usable on this link, e.g., it is |
skipping to change at page 18, line 18 skipping to change at page 18, line 35
| | passed on to the Registering Node by the 6LR. | | | passed on to the Registering Node by the 6LR. |
| | | | | |
| 10 | Validation Failed: The proof of ownership of the | | 10 | Validation Failed: The proof of ownership of the |
| | registered address is not correct. | | | registered address is not correct. |
+-------+-----------------------------------------------------------+ +-------+-----------------------------------------------------------+
Table 1: EARO Status Table 1: EARO Status
Reserved: This field is unused. It MUST be initialized to zero Reserved: This field is unused. It MUST be initialized to zero
by the sender and MUST be ignored by the receiver. by the sender and MUST be ignored by the receiver.
R: If the 'R' flag is set, the registering node expects R: One-bit flag. If the 'R' flag is set, the
that the 6LR ensures reachability for the registered Registering Node expects that the 6LR ensures
address, e.g. by injecting the address in a Route- reachability for the registered address, e.g., by
Over routing protocol or proxying ND over a Backbone injecting the address in a Route-Over routing
Link. protocol or proxying ND over a Backbone Link.
T: One bit flag. Set if the next octet is used as a T: One-bit flag. Set if the next octet is used as a
TID. TID.
TID: 1-byte integer; a transaction id that is maintained TID: One-byte integer; a Transaction ID that is maintained
by the node and incremented with each transaction. by the node and incremented with each transaction.
Registration Lifetime: 16-bit integer; expressed in minutes. 0 Registration Lifetime: 16-bit integer; expressed in minutes. 0
means that the registration has ended and the means that the registration has ended and the
associated state MUST be removed. associated state MUST be removed.
Registration Ownership Verifier (ROVR): Enables to correlate Registration Ownership Verifier (ROVR): Enables the correlation
multiple registrations for a same IPv6 Address. This between multiple attempts to register a same IPv6
can be a unique ID of the Registering Node, such as Address. This can be a unique ID of the Registering
the EUI-64 address of an interface. This can also be Node, such as the EUI-64 address of an interface.
a token obtained with cryptographic methods and used This can also be a token obtained with cryptographic
as proof of ownership of the registration. The scope methods and used as proof of ownership of the
of a ROVR is one registration and it cannot be used registration. The scope of a ROVR is the
to correlate different registrations. registration of a particular IPv6 Address and it
cannot be used to correlate registrations of
different addresses.
6.2. Extended Duplicate Address Message Formats 6.2. Extended Duplicate Address Message Formats
The DAR and DAC messages are defined in section 4.4 of [RFC6775]. The DAR and DAC messages are defined in section 4.4 of [RFC6775].
Those messages follow a common base format, which enables information Those messages follow a common base format, which enables information
from the ARO to be transported over multiple hops. from the ARO to be transported over multiple hops.
Those messages are extended to adapt to the new EARO format, as Those messages are extended to adapt to the new EARO format, as
follows: follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Status | TID | Registration Lifetime | | Status | TID | Registration Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ Registration Ownership Verifier + ... Registration Ownership Verifier ...
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Registered Address + + Registered Address +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Duplicate Address Messages Format Figure 3: Duplicate Address Messages Format
Modified Message Fields Modified Message Fields
Code: The ICMP Code as defined in [RFC4443]. The ICMP Code Code: The ICMP Code as defined in [RFC4443]. The ICMP Code
MUST be set to 1 with this specification. An odd MUST be set to 1 with this specification. An non-
value of the ICMP Code indicates that the TID field null value of the ICMP Code indicates support for
is present and obeys this specification. this specification.
TID: 1-byte integer; same definition and processing as the TID: 1-byte integer; same definition and processing as the
TID in the EARO as defined in Section 6.1. TID in the EARO as defined in Section 6.1.
Registration Ownership Verifier (ROVR): The size of the ROVR is Registration Ownership Verifier (ROVR): The size of the ROVR is
computed from the overall size of the IPv6 packet. computed from the overall size of the IPv6 packet.
It MUST be 64bits long when operating in backward- It MUST be 64bits long when operating in backward-
compatible mode. This field has the same definition compatible mode. This field has the same definition
and processing as the ROVR in the EARO option as and processing as the ROVR in the EARO option as
defined in Section 6.1. defined in Section 6.1.
6.3. New 6LoWPAN Capability Bits in the Capability Indication Option 6.3. New 6LoWPAN Capability Bits in the Capability Indication Option
This specification defines 5 new capability bits for use in the 6CIO, This specification defines 5 new capability bits for use in the 6CIO,
which was introduced by [RFC7400] for use in IPv6 ND RA messages. which was introduced by [RFC7400] for use in IPv6 ND RA messages.
skipping to change at page 20, line 9 skipping to change at page 20, line 26
ARO can be used in a registration. A 6LR that supports this ARO can be used in a registration. A 6LR that supports this
specification MUST set the "E" flag. specification MUST set the "E" flag.
A similar flag "D" indicates the support of Extended Duplicate A similar flag "D" indicates the support of Extended Duplicate
Address Messages by the 6LBR; A 6LBR that supports this specification Address Messages by the 6LBR; A 6LBR that supports this specification
MUST set the "D" flag. The "D" flag is learned from advertisements MUST set the "D" flag. The "D" flag is learned from advertisements
by a 6LBR, and is propagated down a graph of 6LRs as a node acting as by a 6LBR, and is propagated down a graph of 6LRs as a node acting as
6LN registers to a 6LR (which could be the 6LBR), and in turn becomes 6LN registers to a 6LR (which could be the 6LBR), and in turn becomes
a 6LR to which other 6LNs will register. a 6LR to which other 6LNs will register.
The new "L", "B" and "P" flags, indicate whether a router is capable The new "L", "B", and "P" flags, indicate whether a router is capable
of acting as 6LR, 6LBR and 6BBR, respectively. These flags are not of acting as 6LR, 6LBR, and 6BBR, respectively. These flags are not
mutually exclusive and a node MUST set all the flags that are mutually exclusive and a node MUST set all the flags that are
relevant to it. relevant to it.
As an example, a 6LBR sets the "B" and "D" flags. If it acts as a As an example, a 6LBR sets the "B" and "D" flags. If it acts as a
6LR, then it sets the "L" and "E" flags. If it is collocated with a 6LR, then it sets the "L" and "E" flags. If it is collocated with a
6BBR, then it also sets the "P" flag. 6BBR, then it also sets the "P" flag.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 20, line 35 skipping to change at page 21, line 4
Figure 4: New capability Bits L, B, P, E in the 6CIO Figure 4: New capability Bits L, B, P, E in the 6CIO
Option Fields Option Fields
Type: 36 Type: 36
L: Node is a 6LR. L: Node is a 6LR.
B: Node is a 6LBR. B: Node is a 6LBR.
P: Node is a 6BBR. P: Node is a 6BBR.
E: Node supports registrations based on EARO. E: Node supports registrations based on EARO.
D: 6LBR supports EDA messages. D: 6LBR supports EDA messages.
7. Backward Compatibility 7. Backward Compatibility
7.1. Discovering the Capabilities of an ND Peer 7.1. Discovering the Capabilities of Router
A 6LR that supports this specification MUST place a 6CIO in its RA A 6LR that supports this specification MUST place a 6CIO in its RA
messages. A typical flow when a node starts up is that it sends a messages. A typical flow when a node starts up is that it sends a
multicast RS and receives one or more unicast RA messages. If the multicast RS and receives one or more unicast RA messages. If the
6LR can process Extended ARO, then the "E" Flag is set in the RA. 6LR can process Extended ARO, then the "E" Flag is set in the RA.
This specification changes the behavior of the peers in a This specification changes the behavior of the peers in a
registration flow. To enable backward compatibility, a 6LN that registration flow. To enable backward compatibility, a 6LN that
registers to a 6LR that is not known to support this specification registers to a 6LR that is not known to support this specification
MUST behave in a manner that is compatible with [RFC6775]. On the MUST behave in a manner that is backward-compatible with [RFC6775].
contrary, if the 6LR is known to support this specification, then the On the contrary, if the 6LR is known to support this specification,
6LN MUST conform this specification. then the 6LN MUST conform to this specification when communicating
with that 6LR.
A 6LN that supports this specification MUST always use an EARO as a A 6LN that supports this specification MUST always use an EARO as a
replacement to an ARO in its registration to a router. This is replacement for an ARO in its registration to a router. This is
harmless since the "T" flag and TID field are reserved in [RFC6775], harmless since the 'T' flag and TID field are reserved in [RFC6775],
and are ignored by an RFC6775-only router. A router that supports and are ignored by an RFC6775-only router. A router that supports
this specification MUST answer an NS(ARO) and an NS(EARO) with an this specification MUST answer an NS(ARO) and an NS(EARO) with an
NA(EARO). A router that does not support this specification will NA(EARO). A router that does not support this specification will
consider the ROVR as an EUI-64 and treat it the same, which has no consider the ROVR as an EUI-64 address and treat it the same, which
consequence if the Registered Addresses are different. has no consequence if the Registered Addresses are different.
7.2. RFC6775-only 6LoWPAN Node 7.2. RFC6775-only 6LoWPAN Node
an RFC6775-only 6LN will use the Registered Address as source and An RFC6775-only 6LN will use the Registered Address as the source
will not use an EARO. An updated 6LR MUST accept that registration address of the NS message and will not use an EARO. An updated 6LR
if it is valid per [RFC6775], and it MUST manage the binding cache MUST accept that registration if it is valid per [RFC6775], and it
accordingly. The updated 6LR MUST then use the RFC6775-only EDA MUST manage the binding cache accordingly. The updated 6LR MUST then
messages as specified in [RFC6775] to indicate to the 6LBR that the use the RFC6775-only EDA messages as specified in [RFC6775] to
TID is not present in the messages. indicate to the 6LBR that the TID is not present in the messages.
The main difference from [RFC6775] is that the exchange of EDA The main difference from [RFC6775] is that the exchange of EDA
messages for the purpose of DAD is avoided for Link-Local Addresses. messages for the purpose of DAD is avoided for Link-Local Addresses.
In any case, the 6LR MUST use an EARO in the reply, and can use any In any case, the 6LR MUST use an EARO in the reply, and can use any
of the Status codes defined in this specification. of the Status codes defined in this specification.
7.3. RFC6775-only 6LoWPAN Router 7.3. RFC6775-only 6LoWPAN Router
An updated 6LN discovers the capabilities of the 6LR in the 6CIO in An updated 6LN discovers the capabilities of the 6LR in the 6CIO in
RA messages from that 6LR; if the 6CIO was not present in the RA, RA messages from that 6LR; if the 6CIO was not present in the RA,
then the 6LR is assumed to be a RFC6775-only 6LoWPAN Router. then the 6LR is assumed to be a RFC6775-only 6LoWPAN Router.
An updated 6LN MUST use an EARO in the request regardless of the type An updated 6LN MUST use an EARO in the request regardless of the type
of 6LR, RFC6775-only or updated, which implies that the "T" flag is of 6LR, RFC6775-only or updated, which implies that the 'T' flag is
set. It MUST use a ROVR of 64 bits if the 6LR is an RFC6775-only set. It MUST use a ROVR of 64 bits if the 6LR is an RFC6775-only
6LoWPAN Router. 6LoWPAN Router.
If an updated 6LN moves from an updated 6LR to an RFC6775-only 6LR, If an updated 6LN moves from an updated 6LR to an RFC6775-only 6LR,
the RFC6775-only 6LR will send an RFC6775-only DAR message, which can the RFC6775-only 6LR will send an RFC6775-only DAR message, which
not be compared with an updated one for freshness. Allowing cannot be compared with an updated one for freshness. Allowing
RFC6775-only DAR messages to replace a state established by the RFC6775-only DAR messages to replace a state established by the
updated protocol in the 6LBR would be an attack vector and that updated protocol in the 6LBR would be an attack vector and that
cannot be the default behavior. But if RFC6775-only and updated 6LRs cannot be the default behavior. But if RFC6775-only and updated 6LRs
coexist temporarily in a network, then it makes sense for an coexist temporarily in a network, then it makes sense for an
administrator to install a policy that allows so, and the capability administrator to install a policy that allows so, and the capability
to install such a policy should be configurable in a 6LBR though it to install such a policy should be configurable in a 6LBR though it
is out of scope for this document. is out of scope for this document.
7.4. RFC6775-only 6LoWPAN Border Router 7.4. RFC6775-only 6LoWPAN Border Router
skipping to change at page 22, line 27 skipping to change at page 22, line 43
If the 6LBR is RFC6775-only, and the ROVR in the NS(EARO) was more If the 6LBR is RFC6775-only, and the ROVR in the NS(EARO) was more
than 64 bits long, then the 6LR MUST truncate the ROVR to the 64 than 64 bits long, then the 6LR MUST truncate the ROVR to the 64
rightmost bit and place the result in the EDAR message to maintain rightmost bit and place the result in the EDAR message to maintain
compatibility. This way, the support of DAD is preserved. compatibility. This way, the support of DAD is preserved.
8. Security Considerations 8. Security Considerations
This specification extends [RFC6775], and the security section of This specification extends [RFC6775], and the security section of
that document also applies to this as well. In particular, it is that document also applies to this as well. In particular, it is
expected that the link layer is sufficiently protected to prevent a expected that the link layer is sufficiently protected to prevent
rogue access, either by means of physical or IP security on the rogue access, either by means of physical or IP security on the
Backbone Link and link layer cryptography on the LLN. Backbone Link and link-layer cryptography on the LLN.
This specification also expects that the LLN MAC provides secure [RFC6775] does not protect the content of its messages and expects a
unicast to/from the Backbone Router and secure Broadcast or Multicast lower layer encryption to defeat potential attacks. This
from the Backbone Router in a way that prevents tampering with or specification also expects that the LLN MAC provides secure unicast
replaying the RA messages. to/from the Backbone Router and secure Broadcast or Multicast from
the Backbone Router in a way that prevents tampering with or
replaying the Neighbor Discovery messages.
This specification recommends using privacy techniques (see This specification recommends using privacy techniques (see
Section 9), and protection against address theft such as provided by Section 9) and protecting against address theft such as provided by
"Address Protected Neighbor Discovery for Low-power and Lossy "Address Protected Neighbor Discovery for Low-power and Lossy
Networks" [I-D.ietf-6lo-ap-nd], which guarantees the ownership of the Networks" [I-D.ietf-6lo-ap-nd], which guarantees the ownership of the
Registered Address using a cryptographic ROVR. Registered Address using a cryptographic ROVR.
The registration mechanism may be used by a rogue node to attack the The registration mechanism may be used by a rogue node to attack the
6LR or the 6LBR with a Denial-of-Service attack against the registry. 6LR or the 6LBR with a Denial-of-Service attack against the registry.
It may also happen that the registry of a 6LR or a 6LBR is saturated It may also happen that the registry of a 6LR or a 6LBR is saturated
and cannot take any more registrations, which effectively denies the and cannot take any more registrations, which effectively denies the
requesting node the capability to use a new address. In order to requesting node the capability to use a new address. In order to
alleviate those concerns, Section 4.7 provides a number of alleviate those concerns, Section 4.7 provides a number of
skipping to change at page 23, line 20 skipping to change at page 23, line 36
each address or group of addresses. The nodes SHOULD be each address or group of addresses. The nodes SHOULD be
configured with a Registration Lifetime that reflects their configured with a Registration Lifetime that reflects their
expectation of how long they will use the address with the 6LR to expectation of how long they will use the address with the 6LR to
which it is registered. In particular, use cases that involve which it is registered. In particular, use cases that involve
mobility or rapid address changes SHOULD use lifetimes that are mobility or rapid address changes SHOULD use lifetimes that are
larger yet of a same order as the duration of the expectation of larger yet of a same order as the duration of the expectation of
presence. presence.
o The router (6LR or 6LBR) SHOULD be configurable so as to limit the o The router (6LR or 6LBR) SHOULD be configurable so as to limit the
number of addresses that can be registered by a single node, but number of addresses that can be registered by a single node, but
as a protective measure only. A node may be identified by MAC as a protective measure only. A node may be identified by MAC
address, but a stringer identification (e.g., by security address, but a stronger identification (e.g., by security
credentials) is RECOMMENDED. When that maximum is reached, the credentials) is RECOMMENDED. When that maximum is reached, the
router should use a Least-Recently-Used (LRU) algorithm to clean router should use a Least-Recently-Used (LRU) algorithm to clean
up the addresses, keeping at least one Link-Local Address. The up the addresses, keeping at least one Link-Local Address. The
router SHOULD attempt to keep one or more stable addresses if router SHOULD attempt to keep one or more stable addresses if
stability can be determined, e.g., because they are used over a stability can be determined, e.g., because they are used over a
much longer time span than other (privacy, shorter-lived) much longer time span than other (privacy, shorter-lived)
addresses. Address lifetimes SHOULD be individually configurable. addresses. Address lifetimes SHOULD be individually configurable.
o In order to avoid denial of registration for the lack of o In order to avoid denial of registration for the lack of
resources, administrators should take great care to deploy resources, administrators should take great care to deploy
adequate numbers of 6LRs to cover the needs of the nodes in their adequate numbers of 6LRs to cover the needs of the nodes in their
range, so as to avoid a situation of starving nodes. It is range, so as to avoid a situation of starving nodes. It is
expected that the 6LBR that serves a LLN is a more capable node expected that the 6LBR that serves an LLN is a more capable node
then the average 6LR, but in a network condition where it may than the average 6LR, but in a network condition where it may
become saturated, a particular deployment should distribute the become saturated, a particular deployment should distribute the
6LBR functionality, for instance by leveraging a high speed 6LBR functionality, for instance by leveraging a high speed
Backbone Link and Backbone Routers to aggregate multiple LLNs into Backbone Link and Backbone Routers to aggregate multiple LLNs into
a larger subnet. a larger subnet.
The LLN nodes depend on the 6LBR and the 6BBR for their operation. A The LLN nodes depend on the 6LBR and the 6BBR for their operation. A
trust model must be put in place to ensure that the right devices are trust model must be put in place to ensure that the right devices are
acting in these roles, so as to avoid threats such as black-holing, acting in these roles so as to avoid threats such as black-holing or
or bombing attack whereby an impersonated 6LBR would destroy state in bombing attack whereby an impersonated 6LBR would destroy state in
the network by using the "Removed" Status code. This trust model the network by using the "Removed" Status code. This trust model
could be at a minimum based on a Layer-2 access control, or could could be at a minimum based on a Layer-2 access control, or could
provide role validation as well (see Req5.1 in Appendix B.5). provide role validation as well (see Req5.1 in Appendix B.5).
9. Privacy Considerations 9. Privacy Considerations
As indicated in Section 3, this protocol does not aim at limiting the As indicated in Section 3, this protocol does not inherently limit
number of IPv6 addresses that a device can form and if placed, a the number of IPv6 addresses that each device can form. However, to
limit should be a protective measure only, that is high enough not to mitigate denial-of-service attacks, it can be useful as a protective
interfere with the normal behavior of devices in the network. A host measure to have a limit that is high enough not to interfere with the
should be able to form and register any address that is topologically normal behavior of devices in the network. A host should be able to
correct in the subnet(s) advertised by the 6LR/6LBR. form and register any address that is topologically correct in the
subnet(s) advertised by the 6LR/6LBR.
This specification does not mandate any particular way for forming This specification does not mandate any particular way for forming
IPv6 addresses, but it discourages using EUI-64 for forming the IPv6 addresses, but it discourages using EUI-64 for forming the
Interface ID in the Link-Local Address because this method prevents Interface ID in the Link-Local Address because this method prevents
the usage of "SEcure Neighbor Discovery (SEND)" [RFC3971] and the usage of "SEcure Neighbor Discovery (SEND)" [RFC3971],
"Cryptographically Generated Addresses (CGA)" [RFC3972], and that of "Cryptographically Generated Addresses (CGA)" [RFC3972], and that of
address privacy techniques. address privacy techniques.
"Privacy Considerations for IPv6 Adaptation-Layer Mechanisms" "Privacy Considerations for IPv6 Adaptation-Layer Mechanisms"
[RFC8065] explains why privacy is important and how to form privacy- [RFC8065] explains why privacy is important and how to form privacy-
aware addresses. All implementations and deployment must consider aware addresses. All implementations and deployments must consider
the option of privacy addresses in their own environment. the option of privacy addresses in their own environments.
The IPv6 address of the 6LN in the IPv6 header can be compressed The IPv6 address of the 6LN in the IPv6 header can be compressed
statelessly when the Interface Identifier in the IPv6 address can be statelessly when the Interface Identifier in the IPv6 address can be
derived from the Lower Layer address. When it is not critical to derived from the Lower Layer address. When it is not critical to
benefit from that compression, e.g. the address can be compressed benefit from that compression, e.g., the address can be compressed
statefully, or it is rarely used and/or it is used only over one hop, statefully, or it is rarely used and/or it is used only over one hop,
then privacy concerns should be considered. In particular, new then privacy concerns should be considered. In particular, new
implementations should follow the IETF "Recommendation on Stable IPv6 implementations should follow the IETF "Recommendation on Stable IPv6
Interface Identifiers" [RFC8064] [RFC8064] recommends the use of "A Interface Identifiers" [RFC8064]. [RFC8064] recommends the use of "A
Method for Generating Semantically Opaque Interface Identifiers with Method for Generating Semantically Opaque Interface Identifiers with
IPv6 Stateless Address Autoconfiguration (SLAAC)" [RFC7217] for IPv6 Stateless Address Autoconfiguration (SLAAC)" [RFC7217] for
generating Interface Identifiers to be used in SLAAC. generating Interface Identifiers to be used in SLAAC.
10. IANA Considerations 10. IANA Considerations
Note to RFC Editor: please replace "This RFC" throughout this Note to RFC Editor, to be removed: please replace "This RFC"
document by the RFC number for this specification once it is throughout this document by the RFC number for this specification
attributed. once it is allocated.
IANA is requested to make a number of changes under the "Internet IANA is requested to make a number of changes under the "Internet
Control Message Protocol version 6 (ICMPv6) Parameters" registry, as Control Message Protocol version 6 (ICMPv6) Parameters" registry, as
follows. follows.
10.1. ARO Flags 10.1. ARO Flags
IANA is requested to create a new subregistry for "ARO Flags". This IANA is requested to create a new subregistry for "ARO Flags". This
specification defines 8 positions, bit 0 to bit 7, and assigns bit 7 specification defines 8 positions, bit 0 to bit 7, and assigns bit 6
for the "T" flag in Section 6.1. The policy is "IETF Review" or for the 'R' flag and bit 7 for the 'T' flag (see Section 6.1). The
"IESG Approval" [RFC8126]. The initial content of the registry is as policy is "IETF Review" or "IESG Approval" [RFC8126]. The initial
shown in Table 2. content of the registry is as shown in Table 2.
New subregistry for ARO Flags under the "Internet Control Message New subregistry for ARO Flags under the "Internet Control Message
Protocol version 6 (ICMPv6) [RFC4443] Parameters" Protocol version 6 (ICMPv6) [RFC4443] Parameters"
+-------------+--------------+-----------+ +-------------+--------------+-----------+
| ARO Status | Description | Document | | ARO Status | Description | Document |
+-------------+--------------+-----------+ +-------------+--------------+-----------+
| 0..6 | Unassigned | | | 0..5 | Unassigned | |
| | | | | | | |
| 7 | "T" Flag | This RFC | | 6 | 'R' Flag | This RFC |
| | | |
| 7 | 'T' Flag | This RFC |
+-------------+--------------+-----------+ +-------------+--------------+-----------+
Table 2: new ARO Flags Table 2: new ARO Flags
10.2. ICMP Codes 10.2. ICMP Codes
IANA is requested to create a new entry in the ICMPv6 "Code" Fields IANA is requested to create 2 new subregistries of the ICMPv6 "Code"
subregistry of the Internet Control Message Protocol version 6 Fields registry, which itself is a subregistry of the Internet
(ICMPv6) Parameters for the ICMP codes related to the ICMP type 157 Control Message Protocol version 6 (ICMPv6) Parameters for the ICMP
and 158 Duplicate Address Request (shown in Table 3) and Confirmation codes. The new subregistries relate to the ICMP type 157, Duplicate
(shown in Table 4), respectively, as follows: Address Request (shown in Table 3), and 158, Duplicate Address
Confirmation (shown in Table 4), respectively. The range of an
ICMPv6 "Code" Field is 0..255 in all cases. The policy is "IETF
Review" or "IESG Approval" [RFC8126] for both subregistries. The new
subregistries are initialized as follows:
New entries for ICMP types 157 DAR message New entries for ICMP types 157 DAR message
+-------+----------------------+------------+ +---------+----------------------+------------+
| Code | Name | Reference | | Code | Name | Reference |
+-------+----------------------+------------+ +---------+----------------------+------------+
| 0 | Original DAR message | RFC 6775 | | 0 | Original DAR message | RFC 6775 |
| | | | | | | |
| 1 | Extended DAR message | This RFC | | 1 | Extended DAR message | This RFC |
+-------+----------------------+------------+ | | | |
| 2...255 | Unassigned | |
+---------+----------------------+------------+
Table 3: new ICMPv6 Code Fields Table 3: new ICMPv6 Code Fields
New entries for ICMP types 158 DAC message New entries for ICMP types 158 DAC message
+-------+----------------------+------------+ +---------+----------------------+------------+
| Code | Name | Reference | | Code | Name | Reference |
+-------+----------------------+------------+ +---------+----------------------+------------+
| 0 | Original DAC message | RFC 6775 | | 0 | Original DAC message | RFC 6775 |
| | | | | | | |
| 1 | Extended DAC message | This RFC | | 1 | Extended DAC message | This RFC |
+-------+----------------------+------------+ | | | |
| 2...255 | Unassigned | |
+---------+----------------------+------------+
Table 4: new ICMPv6 Code Fields Table 4: new ICMPv6 Code Fields
10.3. New ARO Status values 10.3. New ARO Status values
IANA is requested to make additions to the Address Registration IANA is requested to make additions to the Address Registration
Option Status Values Registry as follows: Option Status Values Registry as follows:
Address Registration Option Status Values Registry Address Registration Option Status Values Registry
skipping to change at page 26, line 28 skipping to change at page 27, line 23
| | | | | | | |
| 5 | Validation Requested | This RFC | | 5 | Validation Requested | This RFC |
| | | | | | | |
| 6 | Duplicate Source Address | This RFC | | 6 | Duplicate Source Address | This RFC |
| | | | | | | |
| 7 | Invalid Source Address | This RFC | | 7 | Invalid Source Address | This RFC |
| | | | | | | |
| 8 | Registered Address topologically | This RFC | | 8 | Registered Address topologically | This RFC |
| | incorrect | | | | incorrect | |
| | | | | | | |
| 9 | 6LBR registry saturated | This RFC | | 9 | 6LBR Registry saturated | This RFC |
| | | | | | | |
| 10 | Validation Failed | This RFC | | 10 | Validation Failed | This RFC |
+-------------+-----------------------------------------+-----------+ +-------------+-----------------------------------------+-----------+
Table 5: New ARO Status values Table 5: New ARO Status values
10.4. New 6LoWPAN capability Bits 10.4. New 6LoWPAN capability Bits
IANA is requested to make additions to the Subregistry for "6LoWPAN IANA is requested to make additions to the Subregistry for "6LoWPAN
capability Bits" as follows: capability Bits" as follows:
skipping to change at page 27, line 29 skipping to change at page 28, line 10
| 14 | EARO support (E bit) | This RFC | | 14 | EARO support (E bit) | This RFC |
+-----------------+----------------------+-----------+ +-----------------+----------------------+-----------+
Table 6: New 6LoWPAN capability Bits Table 6: New 6LoWPAN capability Bits
11. Acknowledgments 11. Acknowledgments
Kudos to Eric Levy-Abegnoli who designed the First Hop Security Kudos to Eric Levy-Abegnoli who designed the First Hop Security
infrastructure upon which the first backbone router was implemented. infrastructure upon which the first backbone router was implemented.
Many thanks to Sedat Gormus, Rahul Jadhav, Tim Chown, Juergen Many thanks to Sedat Gormus, Rahul Jadhav, Tim Chown, Juergen
Schoenwaelder, Chris Lonvick, Dave Thaler and Lorenzo Colitti for Schoenwaelder, Chris Lonvick, Dave Thaler, Adrian Farrel, Peter Yee,
their various contributions and reviews. Also many thanks to Thomas and Lorenzo Colitti for their various contributions and reviews.
Watteyne for his early implementation of a 6LN that was instrumental Also, many thanks to Thomas Watteyne for the world first
to the early tests of the 6LR, 6LBR and Backbone Router. implementation of a 6LN that was instrumental to the early tests of
the 6LR, 6LBR and Backbone Router.
12. References 12. References
12.1. Normative References 12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 29, line 27 skipping to change at page 30, line 10
Chakrabarti, S., Nordmark, E., Thubert, P., and M. Chakrabarti, S., Nordmark, E., Thubert, P., and M.
Wasserman, "IPv6 Neighbor Discovery Optimizations for Wasserman, "IPv6 Neighbor Discovery Optimizations for
Wired and Wireless Networks", draft-chakrabarti-nordmark- Wired and Wireless Networks", draft-chakrabarti-nordmark-
6man-efficient-nd-07 (work in progress), February 2015. 6man-efficient-nd-07 (work in progress), February 2015.
[I-D.delcarpio-6lo-wlanah] [I-D.delcarpio-6lo-wlanah]
Vega, L., Robles, I., and R. Morabito, "IPv6 over Vega, L., Robles, I., and R. Morabito, "IPv6 over
802.11ah", draft-delcarpio-6lo-wlanah-01 (work in 802.11ah", draft-delcarpio-6lo-wlanah-01 (work in
progress), October 2015. progress), October 2015.
[I-D.hou-6lo-plc]
Hou, J., Hong, Y., and X. Tang, "Transmission of IPv6
Packets over PLC Networks", draft-hou-6lo-plc-03 (work in
progress), December 2017.
[I-D.ietf-6lo-ap-nd] [I-D.ietf-6lo-ap-nd]
Thubert, P., Sarikaya, B., and M. Sethi, "Address Thubert, P., Sarikaya, B., and M. Sethi, "Address
Protected Neighbor Discovery for Low-power and Lossy Protected Neighbor Discovery for Low-power and Lossy
Networks", draft-ietf-6lo-ap-nd-06 (work in progress), Networks", draft-ietf-6lo-ap-nd-06 (work in progress),
February 2018. February 2018.
[I-D.ietf-6lo-backbone-router] [I-D.ietf-6lo-backbone-router]
Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo-
backbone-router-06 (work in progress), February 2018. backbone-router-06 (work in progress), February 2018.
skipping to change at page 30, line 16 skipping to change at page 31, line 5
Jadhav, R., Sahoo, R., and Z. Cao, "No-Path DAO Jadhav, R., Sahoo, R., and Z. Cao, "No-Path DAO
modifications", draft-ietf-roll-efficient-npdao-01 (work modifications", draft-ietf-roll-efficient-npdao-01 (work
in progress), October 2017. in progress), October 2017.
[I-D.perkins-intarea-multicast-ieee802] [I-D.perkins-intarea-multicast-ieee802]
Perkins, C., Stanley, D., Kumari, W., and J. Zuniga, Perkins, C., Stanley, D., Kumari, W., and J. Zuniga,
"Multicast Considerations over IEEE 802 Wireless Media", "Multicast Considerations over IEEE 802 Wireless Media",
draft-perkins-intarea-multicast-ieee802-03 (work in draft-perkins-intarea-multicast-ieee802-03 (work in
progress), July 2017. progress), July 2017.
[I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks]
Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets
over IEEE 1901.2 Narrowband Powerline Communication
Networks", draft-popa-6lo-6loplc-ipv6-over-
ieee19012-networks-00 (work in progress), March 2014.
[I-D.struik-lwip-curve-representations] [I-D.struik-lwip-curve-representations]
Struik, R., "Alternative Elliptic Curve Representations", Struik, R., "Alternative Elliptic Curve Representations",
draft-struik-lwip-curve-representations-00 (work in draft-struik-lwip-curve-representations-00 (work in
progress), October 2017. progress), October 2017.
[RFC1958] Carpenter, B., Ed., "Architectural Principles of the [RFC1958] Carpenter, B., Ed., "Architectural Principles of the
Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996,
<https://www.rfc-editor.org/info/rfc1958>. <https://www.rfc-editor.org/info/rfc1958>.
[RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
skipping to change at page 32, line 44 skipping to change at page 33, line 27
readings/p83.pdf>. readings/p83.pdf>.
Appendix A. Applicability and Requirements Served (Not Normative) Appendix A. Applicability and Requirements Served (Not Normative)
This specification extends 6LoWPAN ND to provide a sequence number to This specification extends 6LoWPAN ND to provide a sequence number to
the registration and serves the requirements expressed in the registration and serves the requirements expressed in
Appendix B.1 by enabling the mobility of devices from one LLN to the Appendix B.1 by enabling the mobility of devices from one LLN to the
next based on the complementary work in the "IPv6 Backbone Router" next based on the complementary work in the "IPv6 Backbone Router"
[I-D.ietf-6lo-backbone-router] specification. [I-D.ietf-6lo-backbone-router] specification.
In the context of the TimeSlotted Channel Hopping (TSCH) mode of IEEE IEEE Std. 802.15.4 [IEEEstd802154], the "6TiSCH architecture"
Std. 802.15.4 [IEEEstd802154], the "6TiSCH architecture"
[I-D.ietf-6tisch-architecture] introduces how a 6LoWPAN ND host could [I-D.ietf-6tisch-architecture] introduces how a 6LoWPAN ND host could
connect to the Internet via a RPL mesh Network, but this requires connect to the Internet via a RPL mesh network, but this requires
additions to the 6LoWPAN ND protocol to support mobility and additions to the 6LoWPAN ND protocol to support mobility and
reachability in a secured and manageable environment. This reachability in a secured and manageable environment. This
specification details the new operations that are required to specification details the new operations that are required to
implement the 6TiSCH architecture and serves the requirements listed implement the 6TiSCH architecture and serves the requirements listed
in Appendix B.2. in Appendix B.2.
The term LLN is used loosely in this specification to cover multiple The term LLN is used loosely in this specification to cover multiple
types of WLANs and WPANs, including Low-Power Wi-Fi, BLUETOOTH(R) Low types of WLANs and WPANs, including Low-Power IEEE Std. 802.11
Energy, IEEE Std.802.11AH and IEEE Std.802.15.4 wireless meshes, so networking, Bluetooth Low Energy, IEEE Std. 802.11ah, and IEEE Std.
as to address the requirements discussed in Appendix B.3. 802.15.4 wireless meshes, so as to address the requirements discussed
in Appendix B.3.
This specification can be used by any wireless node to associate at This specification can be used by any wireless node to associate at
Layer-3 with a 6BBR and register its IPv6 addresses to obtain routing Layer-3 with a 6BBR and register its IPv6 addresses to obtain routing
services including proxy-ND operations over a Backbone Link, services including proxy-ND operations over a Backbone Link,
effectively providing a solution to the requirements expressed in effectively providing a solution to the requirements expressed in
Appendix B.4. Appendix B.4.
This specification is extended by "Address Protected Neighbor This specification is extended by "Address Protected Neighbor
Discovery for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd] to Discovery for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd] to
providing a solution to some of the security-related requirements providing a solution to some of the security-related requirements
skipping to change at page 33, line 38 skipping to change at page 34, line 22
energy-constrained sleeping nodes. The value of such extension is energy-constrained sleeping nodes. The value of such extension is
especially apparent in the case of mobile wireless nodes, to reduce especially apparent in the case of mobile wireless nodes, to reduce
the multicast operations that are related to IPv6 ND ([RFC4861], the multicast operations that are related to IPv6 ND ([RFC4861],
[RFC4862]) and affect the operation of the wireless medium [RFC4862]) and affect the operation of the wireless medium
[I-D.ietf-mboned-ieee802-mcast-problems] [I-D.ietf-mboned-ieee802-mcast-problems]
[I-D.perkins-intarea-multicast-ieee802]. This serves the scalability [I-D.perkins-intarea-multicast-ieee802]. This serves the scalability
requirements listed in Appendix B.6. requirements listed in Appendix B.6.
Appendix B. Requirements (Not Normative) Appendix B. Requirements (Not Normative)
This section lists requirements that were discussed at 6lo for an This section lists requirements that were discussed discussed by the
update to 6LoWPAN ND. How those requirements are matched with 6lo WG for an update to 6LoWPAN ND. How those requirements are
existing specifications at the time of this writing is shown in matched with existing specifications at the time of this writing is
Appendix B.8 . shown in Appendix B.8.
B.1. Requirements Related to Mobility B.1. Requirements Related to Mobility
Due to the unstable nature of LLN links, even in a LLN of immobile Due to the unstable nature of LLN links, even in an LLN of immobile
nodes a 6LN may change its point of attachment to a 6LR, say 6LR-a, nodes a 6LN may change its point of attachment from 6LR-a to 6LR-b,
and may not be able to notify 6LR-a. Consequently, 6LR-a may still and may not be able to notify 6LR-a. Consequently, 6LR-a may still
attract traffic that it cannot deliver any more. When links to a 6LR attract traffic that it cannot deliver any more. When links to a 6LR
change state, there is thus a need to identify stale states in a 6LR change state, there is thus a need to identify stale states in a 6LR
and restore reachability in a timely fashion. and restore reachability in a timely fashion, e.g., by using some
signaling upon the detection of the movement, or using a keep-alive
mechanism with a period that is consistent with the application
needs.
Req1.1: Upon a change of point of attachment, connectivity via a new Req1.1: Upon a change of point of attachment, connectivity via a new
6LR MUST be restored in a timely fashion without the need to de- 6LR MUST be restored in a timely fashion without the need to de-
register from the previous 6LR. register from the previous 6LR.
Req1.2: For that purpose, the protocol MUST enable differentiating Req1.2: For that purpose, the protocol MUST enable differentiating
between multiple registrations from one 6LoWPAN Node and between multiple registrations from one 6LoWPAN Node and
registrations from different 6LoWPAN Nodes claiming the same address. registrations from different 6LoWPAN Nodes claiming the same address.
Req1.3: Stale states MUST be cleaned up in 6LRs. Req1.3: Stale states MUST be cleaned up in 6LRs.
Req1.4: A 6LoWPAN Node SHOULD also be able to register its Address Req1.4: A 6LoWPAN Node SHOULD also be able to register its Address
concurrently to multiple 6LRs. concurrently to multiple 6LRs.
B.2. Requirements Related to Routing Protocols B.2. Requirements Related to Routing Protocols
The point of attachment of a 6LN may be a 6LR in an LLN mesh. IPv6 The point of attachment of a 6LN may be a 6LR in an LLN mesh. IPv6
routing in a LLN can be based on RPL, which is the routing protocol routing in an LLN can be based on RPL, which is the routing protocol
that was defined at the IETF for this particular purpose. Other that was defined by the IETF for this particular purpose. Other
routing protocols are also considered by Standard Development routing protocols are also considered by Standards Development
Organizations (SDO) on the basis of the expected network Organizations (SDO) on the basis of the expected network
characteristics. It is required that a 6LoWPAN Node attached via ND characteristics. It is required that a 6LN attached via ND to a 6LR
to a 6LR would need to participate in the selected routing protocol indicates whether it participates in the selected routing protocol to
to obtain reachability via the 6LR. obtain reachability via the 6LR, or whether it expects the 6LR to
manage its reachability.
Next to the 6LBR unicast address registered by ND, other addresses Beyond the 6LBR unicast address registered by ND, other addresses
including multicast addresses are needed as well. For example a including multicast addresses are needed as well. For example, a
routing protocol often uses a multicast address to register changes routing protocol often uses a multicast address to register changes
to established paths. ND needs to register such a multicast address to established paths. ND needs to register such a multicast address
to enable routing concurrently with discovery. to enable routing concurrently with discovery.
Multicast is needed for groups. Groups may be formed by device type Multicast is needed for groups. Groups may be formed by device type
(e.g., routers, street lamps), location (Geography, RPL sub-tree), or (e.g., routers, street lamps), location (Geography, RPL sub-tree), or
both. both.
The Bit Index Explicit Replication (BIER) Architecture [RFC8279] The Bit Index Explicit Replication (BIER) Architecture [RFC8279]
proposes an optimized technique to enable multicast in a LLN with a proposes an optimized technique to enable multicast in an LLN with a
very limited requirement for routing state in the nodes. very limited requirement for routing state in the nodes.
Related requirements are: Related requirements are:
Req2.1: The ND registration method SHOULD be extended so that the 6LR Req2.1: The ND registration method SHOULD be extended so that the 6LR
is able to advertise the Address of a 6LoWPAN Node over the selected is instructed whether to advertise the Address of a 6LN over the
routing protocol and obtain reachability to that Address using the selected routing protocol and obtain reachability to that Address
selected routing protocol. using the selected routing protocol.
Req2.2: Considering RPL, the Address Registration Option that is used Req2.2: Considering RPL, the Address Registration Option that is used
in the ND registration SHOULD be extended to carry enough information in the ND registration SHOULD be extended to carry enough information
to generate a DAO message as specified in [RFC6550] section 6.4, in to generate a DAO message as specified in section 6.4 of [RFC6550],
particular the capability to compute a Path Sequence and, as an in particular the capability to compute a Path Sequence and, as an
option, a RPLInstanceID. option, a RPLInstanceID.
Req2.3: Multicast operations SHOULD be supported and optimized, for Req2.3: Multicast operations SHOULD be supported and optimized, for
instance using BIER or MPL. Whether ND is appropriate for the instance, using BIER or MPL. Whether ND is appropriate for the
registration to the 6BBR is to be defined, considering the additional registration to the 6BBR is to be defined, considering the additional
burden of supporting the Multicast Listener Discovery Version 2 burden of supporting the Multicast Listener Discovery Version 2
[RFC3810] (MLDv2) for IPv6. [RFC3810] (MLDv2) for IPv6.
B.3. Requirements Related to the Variety of Low-Power Link types B.3. Requirements Related to the Variety of Low-Power Link types
6LoWPAN ND [RFC6775] was defined with a focus on IEEE Std.802.15.4 6LoWPAN ND [RFC6775] was defined with a focus on IEEE Std.802.15.4
and in particular the capability to derive a unique Identifier from a and in particular the capability to derive a unique identifier from a
globally unique EUI-64 address. At this point, the 6lo Working Group globally unique EUI-64 address. At this point, the 6lo Working Group
is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique
to other link types ITU-T G.9959 [RFC7428], Master-Slave/Token- to other link types including ITU-T G.9959 [RFC7428], Master-Slave/
Passing [RFC8163], DECT Ultra Low Energy [RFC8105], Near Field Token-Passing [RFC8163], DECT Ultra Low Energy [RFC8105], Near Field
Communication [I-D.ietf-6lo-nfc], IEEE Std. 802.11ah Communication [I-D.ietf-6lo-nfc], IEEE Std. 802.11ah
[I-D.delcarpio-6lo-wlanah], as well as IEEE1901.2 Narrowband [I-D.delcarpio-6lo-wlanah], as well as Bluetooth(R) Low Energy
Powerline Communication Networks [RFC7668], and Power Line Communication (PLC) [I-D.hou-6lo-plc]
[I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] and BLUETOOTH(R) Networks.
Low Energy [RFC7668].
Related requirements are: Related requirements are:
Req3.1: The support of the registration mechanism SHOULD be extended Req3.1: The support of the registration mechanism SHOULD be extended
to more LLN links than IEEE Std.802.15.4, matching at least the LLN to more LLN links than IEEE Std.802.15.4, matching at least the LLN
links for which an "IPv6 over foo" specification exists, as well as links for which an "IPv6 over foo" specification exists, as well as
Low-Power Wi-Fi. Low-Power Wi-Fi.
Req3.2: As part of this extension, a mechanism to compute a unique Req3.2: As part of this extension, a mechanism to compute a unique
Identifier should be provided, with the capability to form a Link- identifier should be provided, with the capability to form a Link-
Local Address that SHOULD be unique at least within the LLN connected Local Address that SHOULD be unique at least within the LLN connected
to a 6LBR discovered by ND in each node within the LLN. to a 6LBR discovered by ND in each node within the LLN.
Req3.3: The Address Registration Option used in the ND registration Req3.3: The Address Registration Option used in the ND registration
SHOULD be extended to carry the relevant forms of unique Identifier. SHOULD be extended to carry the relevant forms of unique Identifier.
Req3.4: The Neighbor Discovery should specify the formation of a Req3.4: The Neighbor Discovery should specify the formation of a
site-local address that follows the security recommendations from site-local address that follows the security recommendations from
[RFC7217]. [RFC7217].
B.4. Requirements Related to Proxy Operations B.4. Requirements Related to Proxy Operations
Duty-cycled devices may not be able to answer themselves to a lookup Duty-cycled devices may not be able to answer themselves to a lookup
from a node that uses IPv6 ND on a Backbone Link and may need a from a node that uses IPv6 ND on a Backbone Link and may need a
proxy. Additionally, the duty-cycled device may need to rely on the proxy. Additionally, the duty-cycled device may need to rely on the
6LBR to perform registration to the 6BBR. 6LBR to perform registration to the 6BBR.
The ND registration method SHOULD defend the addresses of duty-cycled The ND registration method SHOULD defend the addresses of duty-cycled
devices that are sleeping most of the time and not capable to defend devices that are sleeping most of the time and not capable to defend
their own Addresses. their own addresses.
Related requirements are: Related requirements are:
Req4.1: The registration mechanism SHOULD enable a third party to Req4.1: The registration mechanism SHOULD enable a third party to
proxy register an Address on behalf of a 6LoWPAN node that may be proxy register an address on behalf of a 6LoWPAN node that may be
sleeping or located deeper in an LLN mesh. sleeping or located deeper in an LLN mesh.
Req4.2: The registration mechanism SHOULD be applicable to a duty- Req4.2: The registration mechanism SHOULD be applicable to a duty-
cycled device regardless of the link type, and enable a 6BBR to cycled device regardless of the link type and SHOULD enable a 6BBR to
operate as a proxy to defend the Registered Addresses on its behalf. operate as a proxy to defend the Registered Addresses on its behalf.
Req4.3: The registration mechanism SHOULD enable long sleep Req4.3: The registration mechanism SHOULD enable long sleep
durations, in the order of multiple days to a month. durations, on the order of multiple days to a month.
B.5. Requirements Related to Security B.5. Requirements Related to Security
In order to guarantee the operations of the 6LoWPAN ND flows, the In order to guarantee the operations of the 6LoWPAN ND flows, the
spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a spoofing of the 6LR, 6LBR, and 6BBRs roles should be avoided. Once a
node successfully registers an address, 6LoWPAN ND should provide node successfully registers an address, 6LoWPAN ND should provide
energy-efficient means for the 6LBR to protect that ownership even energy-efficient means for the 6LBR to protect that ownership even
when the node that registered the address is sleeping. when the node that registered the address is sleeping.
In particular, the 6LR and the 6LBR then should be able to verify In particular, the 6LR and the 6LBR then should be able to verify
whether a subsequent registration for a given address comes from the whether a subsequent registration for a given address comes from the
original node. original node.
In an LLN it makes sense to base security on layer-2 security. In an LLN it makes sense to base security on Layer-2 security.
During bootstrap of the LLN, nodes join the network after During bootstrap of the LLN, nodes join the network after
authorization by a Joining Assistant (JA) or a Commissioning Tool authorization by a Joining Assistant (JA) or a Commissioning Tool
(CT). After joining nodes communicate with each other via secured (CT). After joining, nodes communicate with each other via secured
links. The keys for the layer-2 security are distributed by the JA/ links. The keys for the Layer-2 security are distributed by the JA/
CT. The JA/CT can be part of the LLN or be outside the LLN. In both CT. The JA/CT can be part of the LLN or be outside the LLN. In both
cases it is needed that packets are routed between JA/CT and the cases it is needed that packets are routed between JA/CT and the
joining node. joining node.
Related requirements are: Related requirements are:
Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for
the 6LR, 6LBR and 6BBR to authenticate and authorize one another for the 6LR, 6LBR, and 6BBR to authenticate and authorize one another for
their respective roles, as well as with the 6LoWPAN Node for the role their respective roles, as well as with the 6LoWPAN Node for the role
of 6LR. of 6LR.
Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for
the 6LR and the 6LBR to validate new registration of authorized the 6LR and the 6LBR to validate new registration of authorized
nodes. Joining of unauthorized nodes MUST be prevented. nodes. Joining of unauthorized nodes MUST be prevented.
Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet Req5.3: 6LoWPAN ND security mechanisms SHOULD NOT lead to large
sizes. In particular, the NS, NA, DAR and DAC messages for a re- packet sizes. In particular, the NS, NA, DAR, and DAC messages for a
registration flow SHOULD NOT exceed 80 octets so as to fit in a re-registration flow SHOULD NOT exceed 80 octets so as to fit in a
secured IEEE Std.802.15.4 [IEEEstd802154] frame. secured IEEE Std.802.15.4 [IEEEstd802154] frame.
Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be
computationally intensive on the LoWPAN Node CPU. When a Key hash computationally intensive on the LoWPAN Node CPU. When a Key hash
calculation is employed, a mechanism lighter than SHA-1 SHOULD be calculation is employed, a mechanism lighter than SHA-1 SHOULD be
preferred. preferred.
Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate
SHOULD be minimized. SHOULD be minimized.
Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable the Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable the
variation of CCM [RFC3610] called CCM* for use at both Layer 2 and variation of CCM [RFC3610] called CCM* for use at both Layer 2 and
Layer 3, and SHOULD enable the reuse of security code that has to be Layer 3, and SHOULD enable the reuse of security code that has to be
present on the device for upper layer security such as TLS. present on the device for upper layer security such as TLS.
Algorithm agility and support for large keys (e.g., 256-bit key
sizes) is also desirable, following at Layer-3 the introduction of
those capabilities at Layer-2.
Req5.7: Public key and signature sizes SHOULD be minimized while Req5.7: Public key and signature sizes SHOULD be minimized while
maintaining adequate confidentiality and data origin authentication maintaining adequate confidentiality and data origin authentication
for multiple types of applications with various degrees of for multiple types of applications with various degrees of
criticality. criticality.
Req5.8: Routing of packets should continue when links pass from the Req5.8: Routing of packets should continue when links pass from the
unsecured to the secured state. unsecured to the secured state.
Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for
the 6LR and the 6LBR to validate whether a new registration for a the 6LR and the 6LBR to validate whether a new registration for a
given address corresponds to the same 6LoWPAN Node that registered it given address corresponds to the same 6LN that registered it
initially, and, if not, determine the rightful owner, and deny or initially, and, if not, determine the rightful owner and deny or
clean up the registration that is duplicate. clean up the registration that is duplicate.
B.6. Requirements Related to Scalability B.6. Requirements Related to Scalability
Use cases from Automatic Meter Reading (AMR, collection tree Use cases from Automatic Meter Reading (AMR, collection tree
operations) and Advanced Metering Infrastructure (AMI, bi-directional operations) and Advanced Metering Infrastructure (AMI, bi-directional
communication to the meters) indicate the needs for a large number of communication to the meters) indicate the needs for a large number of
LLN nodes pertaining to a single RPL DODAG (e.g., 5000) and connected LLN nodes pertaining to a single RPL DODAG (e.g., 5000) and connected
to the 6LBR over a large number of LLN hops (e.g., 15). to the 6LBR over a large number of LLN hops (e.g., 15).
Related requirements are: Related requirements are:
Req6.1: The registration mechanism SHOULD enable a single 6LBR to Req6.1: The registration mechanism SHOULD enable a single 6LBR to
register multiple thousands of devices. register multiple thousands of devices.
Req6.2: The timing of the registration operation should allow for a Req6.2: The timing of the registration operation should allow for a
large latency such as found in LLNs with ten and more hops. large latency such as found in LLNs with ten to more hops.
B.7. Requirements Related to Operations and Management B.7. Requirements Related to Operations and Management
Section 3.8 of "Architectural Principles of the Internet" [RFC1958] Section 3.8 of "Architectural Principles of the Internet" [RFC1958]
recommends to : "avoid options and parameters whenever possible. Any recommends to: "avoid options and parameters whenever possible. Any
options and parameters should be configured or negotiated dynamically options and parameters should be configured or negotiated dynamically
rather than manually". This is especially true in LLNs where the rather than manually". This is especially true in LLNs where the
number of devices may be large and manual configuration is number of devices may be large and manual configuration is
infeasible. Capabilities for a dynamic configuration of LLN devices infeasible. Capabilities for a dynamic configuration of LLN devices
can also be constrained by the network and power limitation. can also be constrained by the network and power limitation.
A Network Administrator should be able to validate that the network A Network Administrator should be able to validate that the network
is operating within capacity, and that in particular a 6LBR does not is operating within capacity, and that in particular a 6LBR does not
get overloaded with an excessive amount of registration, so he can get overloaded with an excessive amount of registration, so the
take actions such as adding a Backbone Link with additional 6LBRs and administrator can take actions such as adding a Backbone Link with
6BBRs to his network. additional 6LBRs and 6BBRs to the network.
Related requirements are: Related requirements are:
Req7.1: A management model SHOULD be provided providing access to the Req7.1: A management model SHOULD be provided that enables access to
6LBR, monitor its usage vs. capacity, and alert in case of the 6LBR, monitor its usage vs. capacity, and alert in case of
congestion. It is recommended that the 6LBR be reachable over a non- congestion. It is recommended that the 6LBR be reachable over a non-
LLN link. LLN link.
Req7.2: A management model SHOULD be provided providing access to the Req7.2: A management model SHOULD be provided that enables access to
6LR and its capacity to host additional NCE. This management model the 6LR and its capacity to host additional NCE. This management
SHOULD avoid polling individual 6LRs n a way that could disrupt the model SHOULD avoid polling individual 6LRs in a way that could
operation of the LLN. disrupt the operation of the LLN.
Req7.3: information on successful and failed registration SHOULD be Req7.3: Information on successful and failed registration SHOULD be
provided, including information such as the ROVR of the 6LN, the provided, including information such as the ROVR of the 6LN, the
Registered Address, the Address of the 6LR and the duration of the Registered Address, the address of the 6LR, and the duration of the
registration flow. registration flow.
Req7.4: In case of a failed registration, information on the failure Req7.4: In case of a failed registration, information on the failure
including the identification of the node that rejected the including the identification of the node that rejected the
registration and the status in the EARO SHOULD be provided. registration and the status in the EARO SHOULD be provided.
B.8. Matching Requirements with Specifications B.8. Matching Requirements with Specifications
I-drafts/RFCs addressing requirements I-drafts/RFCs addressing requirements
skipping to change at page 39, line 14 skipping to change at page 40, line 7
| Req1.3 | [RFC6775] | | Req1.3 | [RFC6775] |
| | | | | |
| Req1.4 | This RFC | | Req1.4 | This RFC |
| | | | | |
| Req2.1 | This RFC | | Req2.1 | This RFC |
| | | | | |
| Req2.2 | This RFC | | Req2.2 | This RFC |
| | | | | |
| Req2.3 | | | Req2.3 | |
| | | | | |
| Req3.1 | Technology Dependant | | Req3.1 | Technology Dependent |
| | | | | |
| Req3.2 | Technology Dependant | | Req3.2 | Technology Dependent |
| | | | | |
| Req3.3 | Technology Dependant | | Req3.3 | Technology Dependent |
| | | | | |
| Req3.4 | Technology Dependant | | Req3.4 | Technology Dependent |
| | | | | |
| Req4.1 | This RFC | | Req4.1 | This RFC |
| | | | | |
| Req4.2 | This RFC | | Req4.2 | This RFC |
| | | | | |
| Req4.3 | [RFC6775] | | Req4.3 | [RFC6775] |
| | | | | |
| Req5.1 | | | Req5.1 | |
| | | | | |
| Req5.2 | [I-D.ietf-6lo-ap-nd] | | Req5.2 | [I-D.ietf-6lo-ap-nd] |
 End of changes. 140 change blocks. 
341 lines changed or deleted 386 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/