< draft-ietf-roll-useofrplinfo-24.txt   draft-ietf-roll-useofrplinfo-25.txt >
ROLL Working Group M. Robles ROLL Working Group M. Robles
Internet-Draft Aalto Internet-Draft Aalto
Updates: 6553, 6550, 8138 (if approved) M. Richardson Updates: 6553, 6550, 8138 (if approved) M. Richardson
Intended status: Standards Track SSW Intended status: Standards Track SSW
Expires: July 27, 2019 P. Thubert Expires: September 12, 2019 P. Thubert
Cisco Cisco
January 23, 2019 March 11, 2019
Using RPL Option Type, Routing Header for Source Routes and IPv6-in- Using RPL Option Type, Routing Header for Source Routes and IPv6-in-IPv6
IPv6 encapsulation in the RPL Data Plane encapsulation in the RPL Data Plane
draft-ietf-roll-useofrplinfo-24 draft-ietf-roll-useofrplinfo-25
Abstract Abstract
This document looks at different data flows through LLN (Low-Power This document looks at different data flows through LLN (Low-Power
and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power
and Lossy Networks) is used to establish routing. The document and Lossy Networks) is used to establish routing. The document
enumerates the cases where RFC 6553 (RPL Option Type), RFC 6554 enumerates the cases where RFC 6553 (RPL Option Type), RFC 6554
(Routing Header for Source Routes) and IPv6-in-IPv6 encapsulation is (Routing Header for Source Routes) and IPv6-in-IPv6 encapsulation is
required in data plane. This analysis provides the basis on which to required in data plane. This analysis provides the basis on which to
design efficient compression of these headers. This document updates design efficient compression of these headers. This document updates
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 27, 2019. This Internet-Draft will expire on September 12, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology and Requirements Language . . . . . . . . . . . . 5 2. Terminology and Requirements Language . . . . . . . . . . . . 4
3. Updates to RFC6553, RFC6550 and RFC 8138 . . . . . . . . . . 5 3. Updates to RFC6553, RFC6550 and RFC 8138 . . . . . . . . . . 5
3.1. Updates to RFC 6553 . . . . . . . . . . . . . . . . . . . 5 3.1. Updates to RFC 6553 . . . . . . . . . . . . . . . . . . . 5
3.2. Updates to RFC 8138 . . . . . . . . . . . . . . . . . . . 8 3.2. Updates to RFC 8138 . . . . . . . . . . . . . . . . . . . 8
3.3. Updates to RFC 6550: Indicating the new RPI in the 3.3. Updates to RFC 6550: Indicating the new RPI in the
DODAG Configuration Option Flag. . . . . . . . . . . . . 9 DODAG Configuration Option Flag. . . . . . . . . . . . . 8
4. Sample/reference topology . . . . . . . . . . . . . . . . . . 10 4. Sample/reference topology . . . . . . . . . . . . . . . . . . 9
5. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 15 6. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 15
6.1. Storing Mode: Interaction between Leaf and Root . . . . . 16 6.1. Storing Mode: Interaction between Leaf and Root . . . . . 16
6.1.1. SM: Example of Flow from RPL-aware-leaf to root . . . 17 6.1.1. SM: Example of Flow from RPL-aware-leaf to root . . . 17
6.1.2. SM: Example of Flow from root to RPL-aware-leaf . . . 18 6.1.2. SM: Example of Flow from root to RPL-aware-leaf . . . 18
6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf . 18 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf . 18
6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root . 19 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root . 19
6.2. Storing Mode: Interaction between Leaf and Internet. . . 20 6.2. Storing Mode: Interaction between Leaf and Internet. . . 20
6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet . 20 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet . 20
6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf . 21 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf . 21
6.2.3. SM: Example of Flow from not-RPL-aware-leaf to 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to
Internet . . . . . . . . . . . . . . . . . . . . . . 22 Internet . . . . . . . . . . . . . . . . . . . . . . 22
6.2.4. SM: Example of Flow from Internet to non-RPL-aware- 6.2.4. SM: Example of Flow from Internet to non-RPL-aware-
leaf. . . . . . . . . . . . . . . . . . . . . . . . . 23 leaf. . . . . . . . . . . . . . . . . . . . . . . . . 23
6.3. Storing Mode: Interaction between Leaf and Leaf . . . . . 24 6.3. Storing Mode: Interaction between Leaf and Leaf . . . . . 24
6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware- 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware-
leaf . . . . . . . . . . . . . . . . . . . . . . . . 25 leaf . . . . . . . . . . . . . . . . . . . . . . . . 24
6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL- 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL-
aware-leaf . . . . . . . . . . . . . . . . . . . . . 26 aware-leaf . . . . . . . . . . . . . . . . . . . . . 26
6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL- 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL-
aware-leaf . . . . . . . . . . . . . . . . . . . . . 27 aware-leaf . . . . . . . . . . . . . . . . . . . . . 26
6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not- 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not-
RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 28 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 28
7. Non Storing mode . . . . . . . . . . . . . . . . . . . . . . 29 7. Non Storing mode . . . . . . . . . . . . . . . . . . . . . . 29
7.1. Non-Storing Mode: Interaction between Leaf and Root . . . 31 7.1. Non-Storing Mode: Interaction between Leaf and Root . . . 30
7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root . 32 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root . 31
7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf . 32 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf . 31
7.1.3. Non-SM: Example of Flow from root to not-RPL-aware- 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware-
leaf . . . . . . . . . . . . . . . . . . . . . . . . 33 leaf . . . . . . . . . . . . . . . . . . . . . . . . 32
7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to
root . . . . . . . . . . . . . . . . . . . . . . . . 34 root . . . . . . . . . . . . . . . . . . . . . . . . 33
7.2. Non-Storing Mode: Interaction between Leaf and Internet . 35 7.2. Non-Storing Mode: Interaction between Leaf and Internet . 34
7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to
Internet . . . . . . . . . . . . . . . . . . . . . . 35 Internet . . . . . . . . . . . . . . . . . . . . . . 34
7.2.2. Non-SM: Example of Flow from Internet to RPL-aware- 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware-
leaf . . . . . . . . . . . . . . . . . . . . . . . . 36 leaf . . . . . . . . . . . . . . . . . . . . . . . . 35
7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to
Internet . . . . . . . . . . . . . . . . . . . . . . 37 Internet . . . . . . . . . . . . . . . . . . . . . . 36
7.2.4. Non-SM: Example of Flow from Internet to not-RPL- 7.2.4. Non-SM: Example of Flow from Internet to not-RPL-
aware-leaf . . . . . . . . . . . . . . . . . . . . . 38 aware-leaf . . . . . . . . . . . . . . . . . . . . . 37
7.3. Non-Storing Mode: Interaction between Leafs . . . . . . . 39 7.3. Non-Storing Mode: Interaction between Leafs . . . . . . . 38
7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL- 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL-
aware-leaf . . . . . . . . . . . . . . . . . . . . . 39 aware-leaf . . . . . . . . . . . . . . . . . . . . . 38
7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not- 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not-
RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 41 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 40
7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to
RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 42 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 41
7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to
not-RPL-aware-leaf . . . . . . . . . . . . . . . . . 43 not-RPL-aware-leaf . . . . . . . . . . . . . . . . . 42
8. Operational Considerations of supporting 8. Operational Considerations of supporting
not-RPL-aware-leaves . . . . . . . . . . . . . . . . . . . . 43 not-RPL-aware-leaves . . . . . . . . . . . . . . . . . . . . 42
9. Operational considerations of introducing 0x23 . . . . . . . 44 9. Operational considerations of introducing 0x23 . . . . . . . 43
9.1. Has deployment been discussed? . . . . . . . . . . . . . 45 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 44
9.2. Has installation and initial setup been discussed?? . . . 45 11. Security Considerations . . . . . . . . . . . . . . . . . . . 45
9.3. Has the migration path been discussed? . . . . . . . . . 45 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 48
9.4. Have the Requirements on other protocols and 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 48
functional components been discussed? . . . . . . . . . . 45 13.1. Normative References . . . . . . . . . . . . . . . . . . 48
9.5. Has the impact on network operation been discussed? . . . 45 13.2. Informative References . . . . . . . . . . . . . . . . . 49
9.6. Have suggestions for verifying correct operation been Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 51
discussed? . . . . . . . . . . . . . . . . . . . . . . . 45
9.7. Has management interoperability been discussed? . . . . . 45
9.8. Are there fault or threshold conditions that should be
reported? . . . . . . . . . . . . . . . . . . . . . . . . 46
9.9. Is configuration discussed? . . . . . . . . . . . . . . . 46
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 46
11. Security Considerations . . . . . . . . . . . . . . . . . . . 46
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 49
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 49
13.1. Normative References . . . . . . . . . . . . . . . . . . 49
13.2. Informative References . . . . . . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 52
1. Introduction 1. Introduction
RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks)
[RFC6550] is a routing protocol for constrained networks. RFC 6553 [RFC6550] is a routing protocol for constrained networks. RFC 6553
[RFC6553] defines the "RPL option" (RPI), carried within the IPv6 [RFC6553] defines the "RPL option" (RPI), carried within the IPv6
Hop-by-Hop header to quickly identify inconsistencies (loops) in the Hop-by-Hop header to quickly identify inconsistencies (loops) in the
routing topology. RFC 6554 [RFC6554] defines the "RPL Source Route routing topology. RFC 6554 [RFC6554] defines the "RPL Source Route
Header" (RH3), an IPv6 Extension Header to deliver datagrams within a Header" (RH3), an IPv6 Extension Header to deliver datagrams within a
RPL routing domain, particularly in non-storing mode. RPL routing domain, particularly in non-storing mode.
skipping to change at page 4, line 47 skipping to change at page 4, line 35
type 3 [RFC6554], as well as an efficient IPv6-in-IPv6 technique. type 3 [RFC6554], as well as an efficient IPv6-in-IPv6 technique.
1.1. Overview 1.1. Overview
The rest of the document is organized as follows: Section 2 describes The rest of the document is organized as follows: Section 2 describes
the used terminology. Section 3 describes the updates to RFC6553, the used terminology. Section 3 describes the updates to RFC6553,
RFC6550 and RFC 8138. Section 4 provides the reference topology used RFC6550 and RFC 8138. Section 4 provides the reference topology used
for the uses cases. Section 5 describes the uses cases included. for the uses cases. Section 5 describes the uses cases included.
Section 6 describes the storing mode cases and section 7 the non- Section 6 describes the storing mode cases and section 7 the non-
storing mode cases. Section 8 describes the operational storing mode cases. Section 8 describes the operational
considerations for the proposed change on RPL Option type. Section 9 considerations of supporting not-RPL-aware-leaves. Section 9 depicts
depicts the 6LoRH Compression cases, section 10 the IANA operational considerations for the proposed change on RPL Option
considerations and then section 11 describes the security aspects. type, section 10 the IANA considerations and then section 11
describes the security aspects.
2. Terminology and Requirements Language 2. Terminology and Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119], [RFC8174] when, and only when, they appear in all 14 [RFC2119], [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Terminology defined in [RFC7102] applies to this document: LBR, LLN, Terminology defined in [RFC7102] applies to this document: LBR, LLN,
skipping to change at page 5, line 34 skipping to change at page 5, line 20
inside the LLN. In this document a not-RPL-aware node which is a inside the LLN. In this document a not-RPL-aware node which is a
leaf of a DODAG is called not-RPL-aware-leaf (~Raf). leaf of a DODAG is called not-RPL-aware-leaf (~Raf).
6LN: [RFC6775] defines it as: "A 6LoWPAN node is any host or router 6LN: [RFC6775] defines it as: "A 6LoWPAN node is any host or router
participating in a LoWPAN. This term is used when referring to participating in a LoWPAN. This term is used when referring to
situations in which either a host or router can play the role situations in which either a host or router can play the role
described.". In this document, a 6LN acts as a leaf. described.". In this document, a 6LN acts as a leaf.
6LR, 6LBR are defined in [RFC6775]. 6LR, 6LBR are defined in [RFC6775].
Flag Day: A transition that involves have a network with different Flag Day: A transition that involves having a network with different
values of RPL Option Type. Thus the network do not work correctly. values of RPL Option Type. Thus the network does not work correctly.
Hop-by-hop IPv6-in-IPv6 headers: The term "hop-by-hop IPv6-in-IPv6" Hop-by-hop IPv6-in-IPv6 headers: The term "hop-by-hop IPv6-in-IPv6"
header refers to: adding a header that originates from a node to an header refers to: adding a header that originates from a node to an
adjacent node, using the addresses (usually the GUA or ULA, but could adjacent node, using the addresses (usually the GUA or ULA, but could
use the link-local addresses) of each node. If the packet must use the link-local addresses) of each node. If the packet must
traverse multiple hops, then it must be decapsulated at each hop, and traverse multiple hops, then it must be decapsulated at each hop, and
then re-encapsulated again in a similar fashion. then re-encapsulated again in a similar fashion.
3. Updates to RFC6553, RFC6550 and RFC 8138 3. Updates to RFC6553, RFC6550 and RFC 8138
skipping to change at page 7, line 49 skipping to change at page 7, line 42
traffic to the Internet. This change clarifies when to use an IPv6- traffic to the Internet. This change clarifies when to use an IPv6-
in-IPv6 header, and how to address them: The Hop-by-Hop Options in-IPv6 header, and how to address them: The Hop-by-Hop Options
Header containing the RPI option SHOULD always be added when 6LRs Header containing the RPI option SHOULD always be added when 6LRs
originate packets (without IPv6-in-IPv6 headers), and IPv6-in-IPv6 originate packets (without IPv6-in-IPv6 headers), and IPv6-in-IPv6
headers SHOULD always be added when a 6LR find that it needs to headers SHOULD always be added when a 6LR find that it needs to
insert a Hop-by-Hop Options Header containing the RPI option. The insert a Hop-by-Hop Options Header containing the RPI option. The
IPv6-in-IPv6 header is to be addressed to the RPL root when on the IPv6-in-IPv6 header is to be addressed to the RPL root when on the
way up, and to the end-host when on the way down. way up, and to the end-host when on the way down.
Non-constrained uses of RPL are not in scope of this document, and Non-constrained uses of RPL are not in scope of this document, and
applicability statements for those uses MAY provide different advice, applicability statements for those uses may provide different advice,
E.g. [I-D.ietf-anima-autonomic-control-plane]. E.g. [I-D.ietf-anima-autonomic-control-plane].
In the non-storing case, dealing with non-RPL aware leaf nodes is In the non-storing case, dealing with non-RPL aware leaf nodes is
much easier as the 6LBR (DODAG root) has complete knowledge about the much easier as the 6LBR (DODAG root) has complete knowledge about the
connectivity of all DODAG nodes, and all traffic flows through the connectivity of all DODAG nodes, and all traffic flows through the
root node. root node.
The 6LBR can recognize non-RPL aware leaf nodes because it will The 6LBR can recognize non-RPL aware leaf nodes because it will
receive a DAO about that node from the 6LR immediately above that receive a DAO about that node from the 6LR immediately above that
non-RPL aware node. This means that the non-storing mode case can non-RPL aware node. This means that the non-storing mode case can
skipping to change at page 8, line 46 skipping to change at page 8, line 37
In Storing Mode, for the examples of Flow from RPL-aware-leaf to non- In Storing Mode, for the examples of Flow from RPL-aware-leaf to non-
RPL-aware-leaf and non-RPL-aware-leaf to non-RPL-aware-leaf comprise RPL-aware-leaf and non-RPL-aware-leaf to non-RPL-aware-leaf comprise
an IPv6-in-IPv6 and RPI compression headers. The use of the IPv6-in- an IPv6-in-IPv6 and RPI compression headers. The use of the IPv6-in-
IPv6 header is MANDATORY in this case, and it SHOULD be compressed IPv6 header is MANDATORY in this case, and it SHOULD be compressed
with [RFC8138] section 7. with [RFC8138] section 7.
+--+-----+---+--------------+-----------+-----------+-----------+ +--+-----+---+--------------+-----------+-----------+-----------+
|1 | 0|0 |TSE| 6LoRH Type 6 | Hop Limit | RPI-6LoRH |LOWPAN IPHC| |1 | 0|0 |TSE| 6LoRH Type 6 | Hop Limit | RPI-6LoRH |LOWPAN IPHC|
+--+-----+---+--------------+-----------+-----------+-----------+ +--+-----+---+--------------+-----------+-----------+-----------+
Figure 3: Critical IPv6-in-IPv6 (RPI). Figure 3: IPv6-in-IPv6 (RPI).
3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG
Configuration Option Flag. Configuration Option Flag.
In order to avoid a Flag Day caused by lack of interoperation between In order to avoid a Flag Day caused by lack of interoperation between
new RPI (0x23) and old RPI (0x63) nodes, this section defines a flag new RPI (0x23) and old RPI (0x63) nodes, this section defines a flag
in the DIO Configuration Option, to indicate when then new RPI value in the DIO Configuration Option, to indicate when then new RPI value
can be safely used. Without this, there could be a mix of new nodes can be safely used. Without this, there could be a mix of new nodes
(which understand 0x23 and 0x63), and old nodes (which understand (which understand 0x23 and 0x63), and old nodes (which understand
0x63 only). A new node would not know if it was safe to use 0x23. 0x63 only). A new node would not know if it was safe to use 0x23.
skipping to change at page 15, line 22 skipping to change at page 15, line 22
The earlier examples are more extensive to make sure that the process The earlier examples are more extensive to make sure that the process
is clear, while later examples are more concise. is clear, while later examples are more concise.
6. Storing mode 6. Storing mode
In storing mode (fully stateful), the sender can determine if the In storing mode (fully stateful), the sender can determine if the
destination is inside the LLN by looking if the destination address destination is inside the LLN by looking if the destination address
is matched by the DIO's Prefix Information Option (PIO) option. is matched by the DIO's Prefix Information Option (PIO) option.
The following table itemizes which headers are needed in each of the The following table (Figure 7) itemizes which headers are needed in
following scenarios. It indicate if an IPv6-in-IPv6 header MUST be each of the following scenarios. It indicate if an IPv6-in-IPv6
inserted, and whether the destination address of the IPv6-in-IPv6 header must be inserted, and whether the destination address of the
header is the next hop, or the final target address. There are these IPv6-in-IPv6 header is the next hop, or the final target address.
possible situations: hop-by-hop necessary (indicated by "hop"), or There are these possible situations: hop-by-hop necessary (indicated
final target address possible (indicated by "tgt"). In all cases hop by "hop"), or final target address possible (indicated by "tgt"). In
by hop MAY be used rather than the final target address. all cases hop by hop may be used rather than the final target
address.
In cases where no IPv6-in-IPv6 header is needed, the column states as In cases where no IPv6-in-IPv6 header is needed, the column states as
"No". "No".
In all cases the RPI headers are needed, since it identifies In all cases the RPI headers are needed, since it identifies
inconsistencies (loops) in the routing topology. In all cases the inconsistencies (loops) in the routing topology. In all cases the
RH3 is not needed because it is not used in storing mode. RH3 is not needed because it is not used in storing mode.
In each case, 6LR_i are the intermediate routers from source to In each case, 6LR_i are the intermediate routers from source to
destination. "1 <= i <= n", n is the number of routers (6LR) that destination. "1 <= i <= n", n is the number of routers (6LR) that
skipping to change at page 16, line 14 skipping to change at page 16, line 14
+---------------------+--------------+------------+--------------+ +---------------------+--------------+------------+--------------+
| Interaction between | Use Case |IPv6-in-IPv6| v6-in-v6 dst | | Interaction between | Use Case |IPv6-in-IPv6| v6-in-v6 dst |
+---------------------+--------------+------------+--------------+ +---------------------+--------------+------------+--------------+
| | Raf to root | No | No | | | Raf to root | No | No |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| Leaf - Root | root to Raf | No | No | | Leaf - Root | root to Raf | No | No |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| | root to ~Raf | No | No | | | root to ~Raf | No | No |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| | ~Raf to root | MUST | root | | | ~Raf to root | must | root |
+---------------------+--------------+------------+--------------+ +---------------------+--------------+------------+--------------+
| | Raf to Int | No | No | | | Raf to Int | No | No |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| Leaf - Internet | Int to Raf | MUST | tgt (Raf) | | Leaf - Internet | Int to Raf | must | tgt (Raf) |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| | ~Raf to Int | MUST | root | | | ~Raf to Int | must | root |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| | Int to ~Raf | MUST | hop | | | Int to ~Raf | must | hop |
+---------------------+--------------+------------+--------------+ +---------------------+--------------+------------+--------------+
| | Raf to Raf | No | No | | | Raf to Raf | No | No |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| | Raf to ~Raf | No | No | | | Raf to ~Raf | No | No |
+ Leaf - Leaf +--------------+------------+--------------+ + Leaf - Leaf +--------------+------------+--------------+
| | ~Raf to Raf | MUST | tgt (Raf) | | | ~Raf to Raf | must | tgt (Raf) |
+ +--------------+------------+--------------+ + +--------------+------------+--------------+
| | ~Raf to ~Raf | Yes | hop | | | ~Raf to ~Raf | Yes | hop |
+---------------------+--------------+------------+--------------+ +---------------------+--------------+------------+--------------+
Figure 7: IPv6-in-IPv6 encapsulation in Storing mode. Figure 7: Table of IPv6-in-IPv6 encapsulation in Storing mode.
6.1. Storing Mode: Interaction between Leaf and Root 6.1. Storing Mode: Interaction between Leaf and Root
In this section is described the communication flow in storing mode In this section is described the communication flow in storing mode
(SM) between, (SM) between,
RPL-aware-leaf to root RPL-aware-leaf to root
root to RPL-aware-leaf root to RPL-aware-leaf
skipping to change at page 23, line 47 skipping to change at page 23, line 47
Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6)
For example, a communication flow could be: Internet --> Node A For example, a communication flow could be: Internet --> Node A
root(6LBR) --> Node B --> Node E --> Node G root(6LBR) --> Node B --> Node E --> Node G
The 6LBR will have to add an RPI header within an IPv6-in-IPv6 The 6LBR will have to add an RPI header within an IPv6-in-IPv6
header. The IPv6-in-IPv6 is addressed to the not-RPL-aware-leaf, header. The IPv6-in-IPv6 is addressed to the not-RPL-aware-leaf,
leaving the RPI inside. leaving the RPI inside.
Note that there is a requirement that the final node be able to The final node should be able to remove one or more IPv6-in-IPv6
remove one or more IPv6-in-IPv6 headers which are all addressed to headers which are all addressed to it. Furhter details about this
it, mentioned in [I-D.thubert-roll-unaware-leaves] : are mentioned in [I-D.thubert-roll-unaware-leaves], which specifies
RPL routing for a 6LN acting as a plain host and not aware of RPL.
"RPL data packets are often encapsulated using IP in IP. The 6LN
MUST be able to decapsulate a packet when it is the destination of
the outer header and process correctly the inner header."
The 6LBR MAY set the flow label on the inner IPv6-in-IPv6 header to The 6LBR may set the flow label on the inner IPv6-in-IPv6 header to
zero in order to aid in compression. zero in order to aid in compression.
+--------+---------+---------------+---------------+----------------+ +--------+---------+---------------+---------------+----------------+
| Header | Interne | 6LBR | 6LR_i | IPv6 | | Header | Interne | 6LBR | 6LR_i | IPv6 |
| | t | | | | | | t | | | |
+--------+---------+---------------+---------------+----------------+ +--------+---------+---------------+---------------+----------------+
| Insert | -- | IPv6-in- | -- | -- | | Insert | -- | IPv6-in- | -- | -- |
| ed hea | | IPv6(RPI) | | | | ed hea | | IPv6(RPI) | | |
| ders | | | | | | ders | | | | |
| Remove | -- | -- | -- | IPv6-in- | | Remove | -- | -- | -- | IPv6-in- |
skipping to change at page 30, line 7 skipping to change at page 29, line 44
7. Non Storing mode 7. Non Storing mode
In Non Storing Mode (Non SM) (fully source routed), the 6LBR (DODAG In Non Storing Mode (Non SM) (fully source routed), the 6LBR (DODAG
root) has complete knowledge about the connectivity of all DODAG root) has complete knowledge about the connectivity of all DODAG
nodes, and all traffic flows through the root node. Thus, there is nodes, and all traffic flows through the root node. Thus, there is
no need for all nodes to know about the existence of non-RPL aware no need for all nodes to know about the existence of non-RPL aware
nodes. Only the 6LBR needs to act if compensation is necessary for nodes. Only the 6LBR needs to act if compensation is necessary for
non-RPL aware receivers. non-RPL aware receivers.
The following table summarizes what headers are needed in the The following table (Figure 8) summarizes what headers are needed in
following scenarios, and indicates when the RPI, RH3 and IPv6-in-IPv6 the following scenarios, and indicates when the RPI, RH3 and IPv6-in-
header are to be inserted. There are these possible situations: IPv6 header are to be inserted. There are these possible situations:
target destination address possible (indicated by "tgt"), to a 6LR, target destination address possible (indicated by "tgt"), to a 6LR,
to a 6LN or to the root. In cases where no IPv6-in-IPv6 header is to a 6LN or to the root. In cases where no IPv6-in-IPv6 header is
needed, the column states as "No". needed, the column states as "No".
The leaf can be a router 6LR or a host, both indicated as 6LN The leaf can be a router 6LR or a host, both indicated as 6LN
(Figure 3). In the Figure the (1) indicates a 6tisch case [RFC8180], (Figure 3). In the Figure the (1) indicates a 6tisch case [RFC8180],
where the instanceID portion of the RPI header may still be needed to where the instanceID portion of the RPI header may still be needed to
pick an appropriate priority or channel at each hop. pick an appropriate priority or channel at each hop.
+-----------------+--------------+-----+-----+----------+----------+ +-----------------+--------------+-----+-----+----------+----------+
| Interaction | Use Case | RPI | RH3 | v6-in-v6 | v6-in-v6 | | Interaction | Use Case | RPI | RH3 | v6-in-v6 | v6-in-v6 |
| between | | | | | dst | | between | | | | | dst |
+-----------------+--------------+-----+-----+----------+----------+ +-----------------+--------------+-----+-----+----------+----------+
| | Raf to root | Yes | No | No | No | | | Raf to root | Yes | No | No | No |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| Leaf - Root | root to Raf | Opt | Yes | No | No | | Leaf - Root | root to Raf | Opt | Yes | No | No |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| | root to ~Raf |No(1)| Yes | MUST | 6LR | | | root to ~Raf |No(1)| Yes | must | 6LR |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| | ~Raf to root | Yes | No | MUST | root | | | ~Raf to root | Yes | No | must | root |
+-----------------+--------------+-----+-----+----------+----------+ +-----------------+--------------+-----+-----+----------+----------+
| | Raf to Int | Yes | No | MUST | root | | | Raf to Int | Yes | No | must | root |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| Leaf - Internet | Int to Raf |No(1)| Yes | MUST | tgt | | Leaf - Internet | Int to Raf |No(1)| Yes | must | tgt |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| | ~Raf to Int | Yes | No | MUST | root | | | ~Raf to Int | Yes | No | must | root |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| | Int to ~Raf |No(1)| Yes | MUST | 6LR | | | Int to ~Raf |No(1)| Yes | must | 6LR |
+-----------------+--------------+-----+-----+----------+----------+ +-----------------+--------------+-----+-----+----------+----------+
| | Raf to Raf | Yes | Yes | MUST | root/tgt | | | Raf to Raf | Yes | Yes | must | root/tgt |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| | Raf to ~Raf | Yes | Yes | MUST | root/6LR | | | Raf to ~Raf | Yes | Yes | must | root/6LR |
+ Leaf - Leaf +--------------+-----+-----+----------+----------+ + Leaf - Leaf +--------------+-----+-----+----------+----------+
| | ~Raf to Raf | Yes | Yes | MUST | root/6LN | | | ~Raf to Raf | Yes | Yes | must | root/6LN |
+ +--------------+-----+-----+----------+----------+ + +--------------+-----+-----+----------+----------+
| | ~Raf to ~Raf | Yes | Yes | MUST | root/6LR | | | ~Raf to ~Raf | Yes | Yes | must | root/6LR |
+-----------------+--------------+-----+-----+----------+----------+ +-----------------+--------------+-----+-----+----------+----------+
(1)-6tisch networks may need the RPI information. (1)-6tisch networks may need the RPI information.
Figure 8: Headers needed in Non-Storing mode: RPI, RH3, IPv6-in-IPv6 Figure 8: Table that shows headers needed in Non-Storing mode: RPI,
encapsulation. RH3, IPv6-in-IPv6 encapsulation.
7.1. Non-Storing Mode: Interaction between Leaf and Root 7.1. Non-Storing Mode: Interaction between Leaf and Root
In this section is described the communication flow in Non Storing In this section is described the communication flow in Non Storing
Mode (Non-SM) between, Mode (Non-SM) between,
RPL-aware-leaf to root RPL-aware-leaf to root
root to RPL-aware-leaf root to RPL-aware-leaf
skipping to change at page 31, line 49 skipping to change at page 31, line 4
7.1. Non-Storing Mode: Interaction between Leaf and Root 7.1. Non-Storing Mode: Interaction between Leaf and Root
In this section is described the communication flow in Non Storing In this section is described the communication flow in Non Storing
Mode (Non-SM) between, Mode (Non-SM) between,
RPL-aware-leaf to root RPL-aware-leaf to root
root to RPL-aware-leaf root to RPL-aware-leaf
not-RPL-aware-leaf to root not-RPL-aware-leaf to root
root to not-RPL-aware-leaf root to not-RPL-aware-leaf
7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root
In non-storing mode the leaf node uses default routing to send In non-storing mode the leaf node uses default routing to send
traffic to the root. The RPI header MUST be included since contains traffic to the root. The RPI header must be included since it
the rank information, which is used to avoid/detect loops. contains the rank information, which is used to avoid/detect loops.
RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR)
For example, a communication flow could be: Node F --> Node D --> For example, a communication flow could be: Node F --> Node D -->
Node B --> Node A (root) Node B --> Node A (root)
6LR_i are the intermediate routers from source to destination. In 6LR_i are the intermediate routers from source to destination. In
this case, "1 <= i <= n", n is the number of routers (6LR) that the this case, "1 <= i <= n", n is the number of routers (6LR) that the
packet go through from source (6LN) to destination (6LBR). packet go through from source (6LN) to destination (6LBR).
skipping to change at page 33, line 35 skipping to change at page 32, line 38
--> Node E --> Node G --> Node E --> Node G
6LR_i are the intermediate routers from source to destination. In 6LR_i are the intermediate routers from source to destination. In
this case, "1 <= i <= n", n is the number of routers (6LR) that the this case, "1 <= i <= n", n is the number of routers (6LR) that the
packet go through from source (6LBR) to destination (IPv6). packet go through from source (6LBR) to destination (IPv6).
In 6LBR the RH3 is added, it is modified at each intermediate 6LR In 6LBR the RH3 is added, it is modified at each intermediate 6LR
(6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n), (6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n),
but left there. If RPI is left by the previous 6LR, then the IPv6 but left there. If RPI is left by the previous 6LR, then the IPv6
node which does not understand the RPI, will ignore it (following node which does not understand the RPI, will ignore it (following
RFC8200), thus encapsulation is not necessary. Due the complete RFC8200), thus encapsulation is not necessary. Due to the complete
knowledge of the topology at the root, the 6LBR may optionally knowledge of the topology at the root, the 6LBR may optionally
address the IPv6-in-IPv6 header to the last 6LR, such that it is address the IPv6-in-IPv6 header to the last 6LR, such that it is
removed prior to the IPv6 node. Please see Section 8 for removed prior to the IPv6 node. Please see Section 8 for
clarification of use of IPv6-in-IPv6 encapsulation. clarification of use of IPv6-in-IPv6 encapsulation.
+---------------+-------------+--------------+------------+---------+ +---------------+-------------+--------------+------------+---------+
| Header | 6LBR | 6LR_i(i=1) | 6LR_n(i=n) | IPv6 | | Header | 6LBR | 6LR_i(i=1) | 6LR_n(i=n) | IPv6 |
+---------------+-------------+--------------+------------+---------+ +---------------+-------------+--------------+------------+---------+
| Inserted | (opt: RPI), | -- | -- | -- | | Inserted | (opt: RPI), | -- | -- | -- |
| headers | RH3 | | | | | headers | RH3 | | | |
skipping to change at page 40, line 13 skipping to change at page 39, line 13
packet go through from 6LN to the root. packet go through from 6LN to the root.
6LR_id are the intermediate routers from the root to the destination. 6LR_id are the intermediate routers from the root to the destination.
In this case, "1 <= ia <= m", m is the number of the intermediate In this case, "1 <= ia <= m", m is the number of the intermediate
routers (6LR). routers (6LR).
This case involves only nodes in same RPL Domain. The originating This case involves only nodes in same RPL Domain. The originating
node will add a RPI header to the original packet, and send the node will add a RPI header to the original packet, and send the
packet upwards. packet upwards.
The originating node SHOULD put the RPI into an IPv6-in-IPv6 header The originating node should put the RPI into an IPv6-in-IPv6 header
addressed to the root, so that the 6LBR can remove that header. If addressed to the root, so that the 6LBR can remove that header. If
it does not, then additional resources are wasted on the way down to it does not, then additional resources are wasted on the way down to
carry the useless RPI option. carry the useless RPI option.
The 6LBR will need to insert an RH3 header, which requires that it The 6LBR will need to insert an RH3 header, which requires that it
add an IPv6-in-IPv6 header. It SHOULD be able to remove the RPI, as add an IPv6-in-IPv6 header. It should be able to remove the RPI, as
it was contained in an IPv6-in-IPv6 header addressed to it. it was contained in an IPv6-in-IPv6 header addressed to it.
Otherwise, there MAY be a RPI header buried inside the inner IP Otherwise, there may be a RPI header buried inside the inner IP
header, which should get ignored. header, which should get ignored.
Networks that use the RPL P2P extension [RFC6997] are essentially Networks that use the RPL P2P extension [RFC6997] are essentially
non-storing DODAGs and fall into this scenario or scenario non-storing DODAGs and fall into this scenario or scenario
Section 7.1.2, with the originating node acting as 6LBR. Section 7.1.2, with the originating node acting as 6LBR.
+---------+------------+-------+-------------+--------+-------------+ +---------+------------+-------+-------------+--------+-------------+
| Header | 6LN src | 6LR_i | 6LBR | 6LR_id | 6LN dst | | Header | 6LN src | 6LR_i | 6LBR | 6LR_id | 6LN dst |
| | | a | | | | | | | a | | | |
+---------+------------+-------+-------------+--------+-------------+ +---------+------------+-------+-------------+--------+-------------+
skipping to change at page 41, line 23 skipping to change at page 40, line 23
Node B --> Node A (root) --> Node B --> Node E --> Node G Node B --> Node A (root) --> Node B --> Node E --> Node G
6LR_ia are the intermediate routers from source to the root In this 6LR_ia are the intermediate routers from source to the root In this
case, "1 <= ia <= n", n is the number of intermediate routers (6LR) case, "1 <= ia <= n", n is the number of intermediate routers (6LR)
6LR_id are the intermediate routers from the root to the destination. 6LR_id are the intermediate routers from the root to the destination.
In this case, "1 <= ia <= m", m is the number of the intermediate In this case, "1 <= ia <= m", m is the number of the intermediate
routers (6LR). routers (6LR).
As in the previous case, the 6LN will insert a RPI (RPI_1) header As in the previous case, the 6LN will insert a RPI (RPI_1) header
which MUST be in an IPv6-in-IPv6 header addressed to the root so that which must be in an IPv6-in-IPv6 header addressed to the root so that
the 6LBR can remove this RPI. The 6LBR will then insert an RH3 the 6LBR can remove this RPI. The 6LBR will then insert an RH3
inside a new IPv6-in-IPv6 header addressed to the 6LR_id. The RPI is inside a new IPv6-in-IPv6 header addressed to the 6LR_id. The RPI is
optional from 6LBR to 6LR_id (RPI_2). optional from 6LBR to 6LR_id (RPI_2).
+---------+-----------+-----------+------------+------------+-------+ +---------+-----------+-----------+------------+------------+-------+
| Header | 6LN | 6LR_1 | 6LBR | 6LR_id | IPv6 | | Header | 6LN | 6LR_1 | 6LBR | 6LR_id | IPv6 |
+---------+-----------+-----------+------------+------------+-------+ +---------+-----------+-----------+------------+------------+-------+
| Inserte | IPv6-in- | -- | IPv6-in- | -- | -- | | Inserte | IPv6-in- | -- | IPv6-in- | -- | -- |
| d | IPv6 | | IPv6 (RH3, | | | | d | IPv6 | | IPv6 (RH3, | | |
| headers | (RPI1) | | opt RPI_2) | | | | headers | (RPI1) | | opt RPI_2) | | |
skipping to change at page 44, line 49 skipping to change at page 43, line 49
if the leaf is not tolerant of the RPL artifacts. Such an operator if the leaf is not tolerant of the RPL artifacts. Such an operator
could otherwise omit this unnecessary header if it was certain of the could otherwise omit this unnecessary header if it was certain of the
properties of the leaf. properties of the leaf.
As storing mode can not know the final path of the traffic, As storing mode can not know the final path of the traffic,
intolerant (that drop packets with RPL artifacts) leaf nodes can not intolerant (that drop packets with RPL artifacts) leaf nodes can not
be supported. be supported.
9. Operational considerations of introducing 0x23 9. Operational considerations of introducing 0x23
This section describes the operational considerations This section describes the operational considerations of introducing
the new RPI value of 0x23.
9.1. Has deployment been discussed?
There are no known multivendor deployments outside of the research
groups! All known deployments of RPL are in market verticals, with a
single vendor providing all components. Research groups typically
are using Contiki, RiotOS, or OpenWSN., and these are easily adapted
to 0x23 functionality. Compatibility issue of RPL Option type not
seems to be quite relevant for research groups.
9.2. Has installation and initial setup been discussed?? Related to the deployment of RPL, there are no known multivendor
deployments outside of the research groups! All known deployments of
RPL are in market verticals, with a single vendor providing all
components. Research groups typically are using Contiki, RiotOS, or
OpenWSN, and these are easily adapted to 0x23 functionality.
During bootstrapping the node get the DIO with the information of RPL During bootstrapping the node get the DIO with the information of RPL
Option Type and Indicating the new RPI in the DODAG Configuration Option Type, indicating the new RPI in the DODAG Configuration Option
Option Flag. The DODAG root is in charge to configure the current Flag. The DODAG root is in charge to configure the current network
network to the new value gradually, through DIO messages and when all to the new value, through DIO messages and when all the nodes are set
the nodes are set with the new value. The DODAG should change to a with the new value. The DODAG should change to a new DODAG version.
new DODAG version. Not able to send data plane messages. Should In case of rebooting, the node does not remember the RPL Option Type.
drop the packet. In case of rebooting, the node does not remember Thus, the DIO is sent with a flag indicating the new RPI value.
the RPL Option Type. Thus, the DIO is sent with flag indicating the
new RPI value.
9.3. Has the migration path been discussed?
TBD
9.4. Have the Requirements on other protocols and functional components
been discussed?
It allows to send packets to non-RPL nodes, the 0x23?..
TBD
9.5. Has the impact on network operation been discussed?
Missconfiguration in case that a node join.
TBD
9.6. Have suggestions for verifying correct operation been discussed?
TBD
9.7. Has management interoperability been discussed?
TBD
9.8. Are there fault or threshold conditions that should be reported?
TBD
9.9. Is configuration discussed? The migration path to the change from 0x63 to 0x23 in networks that
accepts both values is changed when the DIO is sent with the flag
indicating the new RPI value. Namely, it remains at 0x63 until it is
sure that the network is capable of 0x23, then it abruptly change to
0x23. This options allows to send packets to non-RPL nodes, which
should ignore the option and continue processing the packets.
TBD In case that a node join to a network that only process 0x63, it
would produce a flag day as was mentioned previously. Indicating the
new RPI in the DODAG Configuration Option Flag is a way to avoid the
flag day in a network. It is recommended that a network process both
options to enable interoperability.
10. IANA Considerations 10. IANA Considerations
This document updates the registration made in [RFC6553] Destination This document updates the registration made in [RFC6553] Destination
Options and Hop-by-Hop Options registry from 0x63 to 0x23. Options and Hop-by-Hop Options registry from 0x63 to 0x23.
[RFCXXXX] represents this document. [RFCXXXX] represents this document.
Hex Value Binary Value Hex Value Binary Value
act chg rest Description Reference act chg rest Description Reference
skipping to change at page 48, line 8 skipping to change at page 46, line 27
into every node having a tunnel with every other node. It would into every node having a tunnel with every other node. It would
provide a small amount of origin address authentication at a very provide a small amount of origin address authentication at a very
high cost; doing BCP38 at every node (linking layer-3 addresses to high cost; doing BCP38 at every node (linking layer-3 addresses to
layer-2 addresses, and to already present layer-2 cryptographic layer-2 addresses, and to already present layer-2 cryptographic
mechanisms) would be cheaper should RPL be run in an environment mechanisms) would be cheaper should RPL be run in an environment
where hostile nodes are likely to be a part of the LLN. where hostile nodes are likely to be a part of the LLN.
The RH3 header usage described here can be abused in equivalent ways The RH3 header usage described here can be abused in equivalent ways
with an IPv6-in-IPv6 header to add the needed RH3 header. As such, with an IPv6-in-IPv6 header to add the needed RH3 header. As such,
the attacker's RH3 header will not be seen by the network until it the attacker's RH3 header will not be seen by the network until it
reaches the end host, which will decapsulate it. An end-host SHOULD reaches the end host, which will decapsulate it. An end-host should
be suspicious about a RH3 header which has additional hops which have be suspicious about a RH3 header which has additional hops which have
not yet been processed, and SHOULD ignore such a second RH3 header. not yet been processed, and SHOULD ignore such a second RH3 header.
In addition, the LLN will likely use [RFC8138] to compress the IPv6- In addition, the LLN will likely use [RFC8138] to compress the IPv6-
in-IPv6 and RH3 headers. As such, the compressor at the RPL-root in-IPv6 and RH3 headers. As such, the compressor at the RPL-root
will see the second RH3 header and MAY choose to discard the packet will see the second RH3 header and MAY choose to discard the packet
if the RH3 header has not been completely consumed. A consumed if the RH3 header has not been completely consumed. A consumed
(inert) RH3 header could be present in a packet that flows from one (inert) RH3 header could be present in a packet that flows from one
LLN, crosses the Internet, and enters another LLN. As per the LLN, crosses the Internet, and enters another LLN. As per the
discussion in this document, such headers do not need to be removed. discussion in this document, such headers do not need to be removed.
skipping to change at page 49, line 7 skipping to change at page 47, line 26
that analysis. that analysis.
Nodes within the LLN can use the IPv6-in-IPv6 mechanism to mount an Nodes within the LLN can use the IPv6-in-IPv6 mechanism to mount an
attack on another part of the LLN, while disguising the origin of the attack on another part of the LLN, while disguising the origin of the
attack. The mechanism can even be abused to make it appear that the attack. The mechanism can even be abused to make it appear that the
attack is coming from outside the LLN, and unless countered, this attack is coming from outside the LLN, and unless countered, this
could be used to mount a Distributed Denial Of Service attack upon could be used to mount a Distributed Denial Of Service attack upon
nodes elsewhere in the Internet. See [DDOS-KREBS] for an example of nodes elsewhere in the Internet. See [DDOS-KREBS] for an example of
such attacks already seen in the real world. such attacks already seen in the real world.
If an attack comes from inside of LLN, it can be alleviated with SAVI
(Source Address Validation Improvement) using [RFC8505] with
[I-D.ietf-6lo-ap-nd]. The attacker will not be able to source with
an address that is not registered, and the registration checks for
topological correctness. Notice that there is an L2 authentication
in most of the cases. If an attack comes from outside LLN IPv6-in-
IPv6 can be used to hide inner routing headers, but RH3 is protected
by its definition.
Nodes outside of the LLN will need to pass IPv6-in-IPv6 traffic Nodes outside of the LLN will need to pass IPv6-in-IPv6 traffic
through the RPL root to perform this attack. To counter, the RPL through the RPL root to perform this attack. To counter, the RPL
root SHOULD either restrict ingress of IPv6-in-IPv6 packets (the root SHOULD either restrict ingress of IPv6-in-IPv6 packets (the
simpler solution), or it SHOULD do a deep packet inspection wherein simpler solution), or it SHOULD do a deep packet inspection wherein
it walks the IP header extension chain until it can inspect the it walks the IP header extension chain until it can inspect the
upper-layer-payload as described in [RFC7045]. In particular, the upper-layer-payload as described in [RFC7045]. In particular, the
RPL root SHOULD do BCP38 ([RFC2827]) processing on the source RPL root SHOULD do BCP38 ([RFC2827]) processing on the source
addresses of all IP headers that it examines in both directions. addresses of all IP headers that it examines in both directions.
Note: there are some situations where a prefix will spread across Note: there are some situations where a prefix will spread across
skipping to change at page 49, line 44 skipping to change at page 48, line 25
Additionally, the authors would like to acknowledge the review, Additionally, the authors would like to acknowledge the review,
feedback, and comments of (alphabetical order): Robert Cragie, Simon feedback, and comments of (alphabetical order): Robert Cragie, Simon
Duquennoy, Ralph Droms, Cenk Guendogan, Rahul Jadhav, Matthias Duquennoy, Ralph Droms, Cenk Guendogan, Rahul Jadhav, Matthias
Kovatsch, Peter van der Stok, Xavier Vilajosana and Thomas Watteyne. Kovatsch, Peter van der Stok, Xavier Vilajosana and Thomas Watteyne.
13. References 13. References
13.1. Normative References 13.1. Normative References
[I-D.thubert-roll-unaware-leaves]
Thubert, P., "Routing for RPL Leaves", draft-thubert-roll-
unaware-leaves-06 (work in progress), November 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827,
May 2000, <https://www.rfc-editor.org/info/rfc2827>. May 2000, <https://www.rfc-editor.org/info/rfc2827>.
skipping to change at page 51, line 11 skipping to change at page 49, line 32
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
13.2. Informative References 13.2. Informative References
[DDOS-KREBS] [DDOS-KREBS]
Goodin, D., "Record-breaking DDoS reportedly delivered by Goodin, D., "Record-breaking DDoS reportedly delivered by
>145k hacked cameras", September 2016, >145k hacked cameras", September 2016,
<http://arstechnica.com/security/2016/09/botnet-of-145k- <http://arstechnica.com/security/2016/09/botnet-of-145k-
cameras-reportedly-deliver-internets-biggest-ddos-ever/>. cameras-reportedly-deliver-internets-biggest-ddos-ever/>.
[I-D.ietf-6lo-ap-nd]
Thubert, P., Sarikaya, B., Sethi, M., and R. Struik,
"Address Protected Neighbor Discovery for Low-power and
Lossy Networks", draft-ietf-6lo-ap-nd-11 (work in
progress), February 2019.
[I-D.ietf-6lo-backbone-router] [I-D.ietf-6lo-backbone-router]
Thubert, P., Perkins, C., and E. Levy-Abegnoli, "IPv6 Thubert, P., Perkins, C., and E. Levy-Abegnoli, "IPv6
Backbone Router", draft-ietf-6lo-backbone-router-10 (work Backbone Router", draft-ietf-6lo-backbone-router-11 (work
in progress), January 2019. in progress), February 2019.
[I-D.ietf-6tisch-dtsecurity-secure-join] [I-D.ietf-6tisch-dtsecurity-secure-join]
Richardson, M., "6tisch Secure Join protocol", draft-ietf- Richardson, M., "6tisch Secure Join protocol", draft-ietf-
6tisch-dtsecurity-secure-join-01 (work in progress), 6tisch-dtsecurity-secure-join-01 (work in progress),
February 2017. February 2017.
[I-D.ietf-anima-autonomic-control-plane] [I-D.ietf-anima-autonomic-control-plane]
Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic
Control Plane (ACP)", draft-ietf-anima-autonomic-control- Control Plane (ACP)", draft-ietf-anima-autonomic-control-
plane-18 (work in progress), August 2018. plane-18 (work in progress), August 2018.
[I-D.ietf-anima-bootstrapping-keyinfra] [I-D.ietf-anima-bootstrapping-keyinfra]
Pritikin, M., Richardson, M., Behringer, M., Bjarnason, Pritikin, M., Richardson, M., Behringer, M., Bjarnason,
S., and K. Watsen, "Bootstrapping Remote Secure Key S., and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
keyinfra-18 (work in progress), January 2019. keyinfra-19 (work in progress), March 2019.
[I-D.thubert-roll-unaware-leaves]
Thubert, P., "Routing for RPL Leaves", draft-thubert-roll-
unaware-leaves-06 (work in progress), November 2018.
[RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in
IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473,
December 1998, <https://www.rfc-editor.org/info/rfc2473>. December 1998, <https://www.rfc-editor.org/info/rfc2473>.
[RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for
Renumbering an IPv6 Network without a Flag Day", RFC 4192,
DOI 10.17487/RFC4192, September 2005,
<https://www.rfc-editor.org/info/rfc4192>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89, Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006, RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>. <https://www.rfc-editor.org/info/rfc4443>.
[RFC5406] Bellovin, S., "Guidelines for Specifying the Use of IPsec [RFC5406] Bellovin, S., "Guidelines for Specifying the Use of IPsec
Version 2", BCP 146, RFC 5406, DOI 10.17487/RFC5406, Version 2", BCP 146, RFC 5406, DOI 10.17487/RFC5406,
February 2009, <https://www.rfc-editor.org/info/rfc5406>. February 2009, <https://www.rfc-editor.org/info/rfc5406>.
skipping to change at page 52, line 32 skipping to change at page 51, line 10
and M. Richardson, Ed., "A Security Threat Analysis for and M. Richardson, Ed., "A Security Threat Analysis for
the Routing Protocol for Low-Power and Lossy Networks the Routing Protocol for Low-Power and Lossy Networks
(RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015, (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015,
<https://www.rfc-editor.org/info/rfc7416>. <https://www.rfc-editor.org/info/rfc7416>.
[RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal
IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH)
Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180,
May 2017, <https://www.rfc-editor.org/info/rfc8180>. May 2017, <https://www.rfc-editor.org/info/rfc8180>.
[RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C.
Perkins, "Registration Extensions for IPv6 over Low-Power
Wireless Personal Area Network (6LoWPAN) Neighbor
Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018,
<https://www.rfc-editor.org/info/rfc8505>.
Authors' Addresses Authors' Addresses
Maria Ines Robles Maria Ines Robles
Aalto University Aalto University
Innopoli Innopoli
Espoo 02150 Espoo 02150
Finland Finland
Email: mariainesrobles@gmail.com Email: mariainesrobles@gmail.com
 End of changes. 66 change blocks. 
163 lines changed or deleted 138 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/