< draft-ietf-roll-useofrplinfo-35.txt   draft-ietf-roll-useofrplinfo-36.txt >
ROLL Working Group M. Robles ROLL Working Group M. Robles
Internet-Draft UTN-FRM/Aalto Internet-Draft UTN-FRM/Aalto
Updates: 6553, 6550, 8138 (if approved) M. Richardson Updates: 6553, 6550, 8138 (if approved) M. Richardson
Intended status: Standards Track SSW Intended status: Standards Track SSW
Expires: August 15, 2020 P. Thubert Expires: August 29, 2020 P. Thubert
Cisco Cisco
February 12, 2020 February 26, 2020
Using RPI Option Type, Routing Header for Source Routes and IPv6-in-IPv6 Using RPI option Type, Routing Header for Source Routes and IPv6-in-IPv6
encapsulation in the RPL Data Plane encapsulation in the RPL Data Plane
draft-ietf-roll-useofrplinfo-35 draft-ietf-roll-useofrplinfo-36
Abstract Abstract
This document looks at different data flows through LLN (Low-Power This document looks at different data flows through LLN (Low-Power
and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power
and Lossy Networks) is used to establish routing. The document and Lossy Networks) is used to establish routing. The document
enumerates the cases where RFC6553 (RPI Option Type), RFC6554 enumerates the cases where RFC6553 (RPI option Type), RFC6554
(Routing Header for Source Routes) and IPv6-in-IPv6 encapsulation is (Routing Header for Source Routes) and IPv6-in-IPv6 encapsulation is
required in data plane. This analysis provides the basis on which to required in data plane. This analysis provides the basis on which to
design efficient compression of these headers. This document updates design efficient compression of these headers. This document updates
RFC6553 adding a change to the RPI Option Type. Additionally, this RFC6553 adding a change to the RPI option Type. Additionally, this
document updates RFC6550 defining a flag in the DIO Configuration document updates RFC6550 defining a flag in the DIO Configuration
Option to indicate about this change and updates RFC8138 as well to option to indicate about this change and updates RFC8138 as well to
consider the new Option Type when the RPL Option is decompressed. consider the new Option Type when the RPL Option is decompressed.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 15, 2020. This Internet-Draft will expire on August 29, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology and Requirements Language . . . . . . . . . . . . 5 2. Terminology and Requirements Language . . . . . . . . . . . . 5
3. RPL Overview . . . . . . . . . . . . . . . . . . . . . . . . 6 3. RPL Overview . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Updates to RFC6553, RFC6550 and RFC8138 . . . . . . . . . . . 7 4. Updates to RFC6553, RFC6550 and RFC8138 . . . . . . . . . . . 7
4.1. Updates to RFC6550: Advertising External Routes with Non- 4.1. Updates to RFC6550: Advertising External Routes with Non-
Storing Mode Signaling. . . . . . . . . . . . . . . . . . 7 Storing Mode Signaling. . . . . . . . . . . . . . . . . . 7
4.2. Updates to RFC6553: Indicating the new RPI Option Type. . 8 4.2. Updates to RFC6553: Indicating the new RPI option Type. . 8
4.3. Updates to RFC6550: Indicating the new RPI in the 4.3. Updates to RFC6550: Indicating the new RPI in the
DODAG Configuration Option Flag. . . . . . . . . . . . . 11 DODAG Configuration option Flag. . . . . . . . . . . . . 11
4.4. Updates to RFC8138: Indicating the way to decompress with 4.4. Updates to RFC8138: Indicating the way to decompress with
the new RPI Option Type. . . . . . . . . . . . . . . . . 13 the new RPI option Type. . . . . . . . . . . . . . . . . 13
5. Sample/reference topology . . . . . . . . . . . . . . . . . . 14 5. Sample/reference topology . . . . . . . . . . . . . . . . . . 14
6. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 16 6. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 16
7. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 19 7. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 19
7.1. Storing Mode: Interaction between Leaf and Root . . . . . 20 7.1. Storing Mode: Interaction between Leaf and Root . . . . . 20
7.1.1. SM: Example of Flow from RAL to root . . . . . . . . 20 7.1.1. SM: Example of Flow from RAL to root . . . . . . . . 20
7.1.2. SM: Example of Flow from root to RAL . . . . . . . . 21 7.1.2. SM: Example of Flow from root to RAL . . . . . . . . 21
7.1.3. SM: Example of Flow from root to RUL . . . . . . . . 22 7.1.3. SM: Example of Flow from root to RUL . . . . . . . . 22
7.1.4. SM: Example of Flow from RUL to root . . . . . . . . 22 7.1.4. SM: Example of Flow from RUL to root . . . . . . . . 22
7.2. SM: Interaction between Leaf and Internet. . . . . . . . 23 7.2. SM: Interaction between Leaf and Internet. . . . . . . . 23
7.2.1. SM: Example of Flow from RAL to Internet . . . . . . 23 7.2.1. SM: Example of Flow from RAL to Internet . . . . . . 23
skipping to change at page 3, line 14 skipping to change at page 3, line 14
8.1. Non-Storing Mode: Interaction between Leaf and Root . . . 33 8.1. Non-Storing Mode: Interaction between Leaf and Root . . . 33
8.1.1. Non-SM: Example of Flow from RAL to root . . . . . . 34 8.1.1. Non-SM: Example of Flow from RAL to root . . . . . . 34
8.1.2. Non-SM: Example of Flow from root to RAL . . . . . . 34 8.1.2. Non-SM: Example of Flow from root to RAL . . . . . . 34
8.1.3. Non-SM: Example of Flow from root to RUL . . . . . . 35 8.1.3. Non-SM: Example of Flow from root to RUL . . . . . . 35
8.1.4. Non-SM: Example of Flow from RUL to root . . . . . . 36 8.1.4. Non-SM: Example of Flow from RUL to root . . . . . . 36
8.2. Non-Storing Mode: Interaction between Leaf and Internet . 37 8.2. Non-Storing Mode: Interaction between Leaf and Internet . 37
8.2.1. Non-SM: Example of Flow from RAL to Internet . . . . 37 8.2.1. Non-SM: Example of Flow from RAL to Internet . . . . 37
8.2.2. Non-SM: Example of Flow from Internet to RAL . . . . 38 8.2.2. Non-SM: Example of Flow from Internet to RAL . . . . 38
8.2.3. Non-SM: Example of Flow from RUL to Internet . . . . 39 8.2.3. Non-SM: Example of Flow from RUL to Internet . . . . 39
8.2.4. Non-SM: Example of Flow from Internet to RUL . . . . 40 8.2.4. Non-SM: Example of Flow from Internet to RUL . . . . 40
8.3. Non-SM: Interaction between Leafs . . . . . . . . . . . . 41 8.3. Non-SM: Interaction between leaves . . . . . . . . . . . 41
8.3.1. Non-SM: Example of Flow from RAL to RAL . . . . . . . 41 8.3.1. Non-SM: Example of Flow from RAL to RAL . . . . . . . 41
8.3.2. Non-SM: Example of Flow from RAL to RUL . . . . . . . 44 8.3.2. Non-SM: Example of Flow from RAL to RUL . . . . . . . 44
8.3.3. Non-SM: Example of Flow from RUL to RAL . . . . . . . 46 8.3.3. Non-SM: Example of Flow from RUL to RAL . . . . . . . 46
8.3.4. Non-SM: Example of Flow from RUL to RUL . . . . . . . 47 8.3.4. Non-SM: Example of Flow from RUL to RUL . . . . . . . 47
9. Operational Considerations of supporting 9. Operational Considerations of supporting
RUL-leaves . . . . . . . . . . . . . . . . . . . . . . . . . 48 RUL-leaves . . . . . . . . . . . . . . . . . . . . . . . . . 48
10. Operational considerations of introducing 0x23 . . . . . . . 49 10. Operational considerations of introducing 0x23 . . . . . . . 49
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49
12. Security Considerations . . . . . . . . . . . . . . . . . . . 50 12. Security Considerations . . . . . . . . . . . . . . . . . . . 50
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 53 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 53
skipping to change at page 3, line 46 skipping to change at page 3, line 46
in the routing topology. The RPL Option is commonly referred to as in the routing topology. The RPL Option is commonly referred to as
the RPL Packet Information (RPI) though the RPI is really the the RPL Packet Information (RPI) though the RPI is really the
abstract information that is defined in [RFC6550] and transported in abstract information that is defined in [RFC6550] and transported in
the RPL Option. RFC6554 [RFC6554] defines the "RPL Source Route the RPL Option. RFC6554 [RFC6554] defines the "RPL Source Route
Header" (RH3), an IPv6 Extension Header to deliver datagrams within a Header" (RH3), an IPv6 Extension Header to deliver datagrams within a
RPL routing domain, particularly in non-storing mode. RPL routing domain, particularly in non-storing mode.
These various items are referred to as RPL artifacts, and they are These various items are referred to as RPL artifacts, and they are
seen on all of the data-plane traffic that occurs in RPL routed seen on all of the data-plane traffic that occurs in RPL routed
networks; they do not in general appear on the RPL control plane networks; they do not in general appear on the RPL control plane
traffic at all which is mostly hop-by-hop traffic (one exception traffic at all which is mostly Hop-by-Hop traffic (one exception
being DAO messages in non-storing mode). being DAO messages in non-storing mode).
It has become clear from attempts to do multi-vendor It has become clear from attempts to do multi-vendor
interoperability, and from a desire to compress as many of the above interoperability, and from a desire to compress as many of the above
artifacts as possible that not all implementers agree when artifacts artifacts as possible that not all implementers agree when artifacts
are necessary, or when they can be safely omitted, or removed. are necessary, or when they can be safely omitted, or removed.
The ROLL WG analysized how [RFC2460] rules apply to storing and non- The ROLL WG analysized how [RFC2460] rules apply to storing and non-
storing use of RPL. The result was 24 data plane use cases. They storing use of RPL. The result was 24 data plane use cases. They
are exhaustively outlined here in order to be completely unambiguous. are exhaustively outlined here in order to be completely unambiguous.
skipping to change at page 4, line 47 skipping to change at page 4, line 47
1.1. Overview 1.1. Overview
The rest of the document is organized as follows: Section 2 describes The rest of the document is organized as follows: Section 2 describes
the used terminology. Section 3 provides a RPL Overview. Section 4 the used terminology. Section 3 provides a RPL Overview. Section 4
describes the updates to RFC6553, RFC6550 and RFC 8138. Section 5 describes the updates to RFC6553, RFC6550 and RFC 8138. Section 5
provides the reference topology used for the uses cases. Section 6 provides the reference topology used for the uses cases. Section 6
describes the uses cases included. Section 7 describes the storing describes the uses cases included. Section 7 describes the storing
mode cases and section 8 the non-storing mode cases. Section 9 mode cases and section 8 the non-storing mode cases. Section 9
describes the operational considerations of supporting RPL-unaware- describes the operational considerations of supporting RPL-unaware-
leaves. Section 10 depicts operational considerations for the leaves. Section 10 depicts operational considerations for the
proposed change on RPI Option Type, section 11 the IANA proposed change on RPI option Type, section 11 the IANA
considerations and then section 12 describes the security aspects. considerations and then section 12 describes the security aspects.
2. Terminology and Requirements Language 2. Terminology and Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Terminology defined in [RFC7102] applies to this document: LLN, RPL, Terminology defined in [RFC7102] applies to this document: LLN, RPL,
RPL Domain and ROLL. RPL domain and ROLL.
RPL Leaf: An IPv6 host that is attached to a RPL router and obtains RPL Leaf: An IPv6 host that is attached to a RPL router and obtains
connectivity through a RPL Destination Oriented Directed Acyclic connectivity through a RPL Destination Oriented Directed Acyclic
Graph (DODAG). As an IPv6 node, a RPL Leaf is expected to ignore a Graph (DODAG). As an IPv6 node, a RPL Leaf is expected to ignore a
consumed Routing Header and as an IPv6 host, it is expected to ignore consumed Routing Header and as an IPv6 host, it is expected to ignore
a Hop-by-Hop header. It results that a RPL Leaf can correctly a Hop-by-Hop header. It results that a RPL Leaf can correctly
receive a packet with RPL artifacts. On the other hand, a RPL Leaf receive a packet with RPL artifacts. On the other hand, a RPL Leaf
is not expected to generate RPL artifacts or to support IP-in-IP is not expected to generate RPL artifacts or to support IP-in-IP
encapsulation. For simplification, this document uses the standalone encapsulation. For simplification, this document uses the standalone
term leaf to mean a RPL leaf. term leaf to mean a RPL leaf.
skipping to change at page 6, line 13 skipping to change at page 6, line 13
route-over topologies." route-over topologies."
6LoWPAN Border Router (6LBR): [RFC6775] defines it as:"A border 6LoWPAN Border Router (6LBR): [RFC6775] defines it as:"A border
router located at the junction of separate 6LoWPAN networks or router located at the junction of separate 6LoWPAN networks or
between a 6LoWPAN network and another IP network. There may be one between a 6LoWPAN network and another IP network. There may be one
or more 6LBRs at the 6LoWPAN network boundary. A 6LBR is the or more 6LBRs at the 6LoWPAN network boundary. A 6LBR is the
responsible authority for IPv6 prefix propagation for the 6LoWPAN responsible authority for IPv6 prefix propagation for the 6LoWPAN
network it is serving. An isolated LoWPAN also contains a 6LBR in network it is serving. An isolated LoWPAN also contains a 6LBR in
the network, which provides the prefix(es) for the isolated network." the network, which provides the prefix(es) for the isolated network."
Flag Day: A transition that involves having a network with different Flag Day: A transition that involves having a network with different
values of RPI Option Type. Thus the network does not work correctly values of RPI option Type. Thus the network does not work correctly
(Lack of interoperation). (Lack of interoperation).
Hop-by-hop re-encapsulation: The term "hop-by-hop re-encapsulation" Hop-by-Hop re-encapsulation: The term "Hop-by-Hop re-encapsulation"
header refers to adding a header that originates from a node to an header refers to adding a header that originates from a node to an
adjacent node, using the addresses (usually the GUA or ULA, but could adjacent node, using the addresses (usually the Global Unicast
use the link-local addresses) of each node. If the packet must Address (GUA) or Unique Local Address (ULA) but could also use the
traverse multiple hops, then it must be decapsulated at each hop, and link-local addresses) of each node. If the packet must traverse
then re-encapsulated again in a similar fashion. multiple hops, then it must be decapsulated at each hop, and then re-
encapsulated again in a similar fashion.
Non-Storing Mode (Non-SM): RPL mode of operation in which the RPL- Non-Storing Mode (Non-SM): RPL mode of operation in which the RPL-
aware-nodes send information to the root about its parents. Thus, aware-nodes send information to the root about its parents. Thus,
the root know the topology, then the intermediate 6LRs do not the root know the topology. Because the root knows the topology, the
maintain routing state so that source routing is needed. intermediate 6LRs do not maintain routing state then source routing
is needed.
Storing Mode (SM): RPL mode of operation in which RPL-aware-nodes Storing Mode (SM): RPL mode of operation in which RPL-aware-nodes
(6LRs) maintain routing state (of the children) so that source (6LRs) maintain routing state (of the children) so that source
routing is not needed. routing is not needed.
Note: Due to lack of space in some figures (tables) we refers IPv6- Note: Due to lack of space in some figures (tables) we refers IPv6-
in-IPv6 as IP6-IP6. in-IPv6 as IP6-IP6.
3. RPL Overview 3. RPL Overview
skipping to change at page 8, line 41 skipping to change at page 8, line 41
by [RFC8504]. If the 6LN is a RUL, the Root that encapsulates a by [RFC8504]. If the 6LN is a RUL, the Root that encapsulates a
packet SHOULD terminate the tunnel at a parent 6LR unless it is aware packet SHOULD terminate the tunnel at a parent 6LR unless it is aware
that the RUL supports IP-in-IP decapsulation. that the RUL supports IP-in-IP decapsulation.
A node that is reachable over an external route is not expected to A node that is reachable over an external route is not expected to
support [RFC8138]. Whether a decapsulation took place or not and support [RFC8138]. Whether a decapsulation took place or not and
even when the 6LR is delivering the packet to a RUL, the 6LR that even when the 6LR is delivering the packet to a RUL, the 6LR that
injected an external route MUST uncompress the packet before injected an external route MUST uncompress the packet before
forwarding over that external route. forwarding over that external route.
4.2. Updates to RFC6553: Indicating the new RPI Option Type. 4.2. Updates to RFC6553: Indicating the new RPI option Type.
This modification is required to be able to send, for example, IPv6 This modification is required in order to be able to send, for
packets from a RPL-Aware-Leaf to a RPL-unaware node through Internet example, IPv6 packets from a RPL-Aware-Leaf to a RPL-unaware node
(see Section 7.2.1), without requiring IPv6-in-IPv6 encapsulation. through Internet (see Section 7.2.1), without requiring IPv6-in-IPv6
encapsulation.
[RFC6553] (Section 6, Page 7) states as shown in Figure 2, that in [RFC6553] (Section 6, Page 7) states as shown in Figure 2, that in
the Option Type field of the RPL Option, the two high order bits must the Option Type field of the RPL Option, the two high order bits must
be set to '01' and the third bit is equal to '1'. The first two bits be set to '01' and the third bit is equal to '1'. The first two bits
indicate that the IPv6 node must discard the packet if it doesn't indicate that the IPv6 node must discard the packet if it doesn't
recognize the Option Type, and the third bit indicates that the recognize the Option Type, and the third bit indicates that the
Option Data may change in route. The remaining bits serve as the Option Data may change in route. The remaining bits serve as the
Option Type. Option Type.
+-------+-------------------+----------------+-----------+ +-------+-------------------+----------------+-----------+
skipping to change at page 9, line 31 skipping to change at page 9, line 31
At the time [RFC6553] was published, leaking a Hop-by-Hop header in At the time [RFC6553] was published, leaking a Hop-by-Hop header in
the outer IPv6 header chain could potentially impact core routers in the outer IPv6 header chain could potentially impact core routers in
the internet. So at that time, it was decided to encapsulate any the internet. So at that time, it was decided to encapsulate any
packet with a RPL Option using IPv6-in-IPv6 in all cases where it was packet with a RPL Option using IPv6-in-IPv6 in all cases where it was
unclear whether the packet would remain within the RPL domain. In unclear whether the packet would remain within the RPL domain. In
the exception case where a packet would still leak, the Option Type the exception case where a packet would still leak, the Option Type
would ensure that the first router in the Internet that does not would ensure that the first router in the Internet that does not
recognize the option would drop the packet and protect the rest of recognize the option would drop the packet and protect the rest of
the network. the network.
Even with [RFC8138] that compresses the IPv6-in-IPv6 header, this Even with [RFC8138], where the IPv6-in-IPv6 header is compressed,
approach yields extra bytes in a packet which means consuming more this approach yields extra bytes in a packet which means consuming
energy, more bandwidth, incurring higher chances of loss and possibly more energy, more bandwidth, incurring higher chances of loss and
causing a fragmentation at the 6LoWPAN level. This impacts the daily possibly causing a fragmentation at the 6LoWPAN level. This impacts
operation of constrained devices for a case that generally does not the daily operation of constrained devices for a case that generally
happen and would not heavily impact the core anyway. does not happen and would not heavily impact the core anyway.
While intention was and remains that the Hop-by-Hop header with a RPL While intention was and remains that the Hop-by-Hop header with a RPL
Option should be confined within the RPL domain, this specification Option should be confined within the RPL domain, this specification
modifies this behavior in order to reduce the dependency on IPv6-in- modifies this behavior in order to reduce the dependency on IPv6-in-
IPv6 and protect the constrained devices. Section 4 of [RFC8200] IPv6 and protect the constrained devices. Section 4 of [RFC8200]
clarifies the behaviour of routers in the Internet as follows: "it is clarifies the behaviour of routers in the Internet as follows: "it is
now expected that nodes along a packet's delivery path only examine now expected that nodes along a packet's delivery path only examine
and process the Hop-by-Hop Options header if explicitly configured to and process the Hop-by-Hop Options header if explicitly configured to
do so". do so".
skipping to change at page 10, line 11 skipping to change at page 10, line 11
leave the RPL domain on its way to its destination. In that event, leave the RPL domain on its way to its destination. In that event,
the packet should reach its destination and should not be discarded the packet should reach its destination and should not be discarded
by the first node that does not recognize the RPL Option. But with by the first node that does not recognize the RPL Option. But with
the current value of the Option Type, if a node in the Internet is the current value of the Option Type, if a node in the Internet is
configured to process the Hop-by-Hop header, and if such node configured to process the Hop-by-Hop header, and if such node
encounters an option with the first two bits set to 01 and conforms encounters an option with the first two bits set to 01 and conforms
to [RFC8200], it will drop the packet. Host systems should do the to [RFC8200], it will drop the packet. Host systems should do the
same, irrespective of the configuration. same, irrespective of the configuration.
Thus, this document updates the Option Type of the RPL Option Thus, this document updates the Option Type of the RPL Option
[RFC6553], abusively naming it RPI Option Type for simplicity, to [RFC6553], abusively naming it RPI option Type for simplicity, to
(Figure 3): the two high order bits MUST be set to '00' and the third (Figure 3): the two high order bits MUST be set to '00' and the third
bit is equal to '1'. The first two bits indicate that the IPv6 node bit is equal to '1'. The first two bits indicate that the IPv6 node
MUST skip over this option and continue processing the header MUST skip over this option and continue processing the header
([RFC8200] Section 4.2) if it doesn't recognize the Option Type, and ([RFC8200] Section 4.2) if it doesn't recognize the Option Type, and
the third bit continues to be set to indicate that the Option Data the third bit continues to be set to indicate that the Option Data
may change en route. The five rightmost bits remain at 0x3. This may change en route. The five rightmost bits remain at 0x3(00011).
ensures that a packet that leaves the RPL domain of an LLN (or that This ensures that a packet that leaves the RPL domain of an LLN (or
leaves the LLN entirely) will not be discarded when it contains the that leaves the LLN entirely) will not be discarded when it contains
RPL Option. the RPL Option.
With the new Option Type, if an IPv6 (intermediate) node (RPL-not- With the new Option Type, if an IPv6 (intermediate) node (RPL-not-
capable) receives a packet with an RPL Option, it should ignore the capable) receives a packet with an RPL Option, it should ignore the
Hop-by-Hop RPL Option (skip over this option and continue processing Hop-by-Hop RPL Option (skip over this option and continue processing
the header). This is relevant, as it was mentioned previously, in the header). This is relevant, as it was mentioned previously, in
the case that there is a flow from RAL to Internet (see the case that there is a flow from RAL to Internet (see
Section 7.2.1). Section 7.2.1).
This is a significant update to [RFC6553]. This is a significant update to [RFC6553].
skipping to change at page 10, line 44 skipping to change at page 10, line 44
| | act | chg | rest | | | | | act | chg | rest | | |
+-------+-----+-----+-------+-------------+------------+ +-------+-----+-----+-------+-------------+------------+
| 0x23 | 00 | 1 | 00011 | RPL Option |[RFCXXXX](*)| | 0x23 | 00 | 1 | 00011 | RPL Option |[RFCXXXX](*)|
+-------+-----+-----+-------+-------------+------------+ +-------+-----+-----+-------+-------------+------------+
Figure 3: Revised Option Type in RPL Option. (*)represents this Figure 3: Revised Option Type in RPL Option. (*)represents this
document document
Without the signaling described below, this change would otherwise Without the signaling described below, this change would otherwise
create a lack of interoperation (flag day) for existing networks create a lack of interoperation (flag day) for existing networks
which are currently using 0x63 as the RPI Option Type value. A move which are currently using 0x63 as the RPI option Type value. A move
to 0x23 will not be understood by those networks. It is suggested to 0x23 will not be understood by those networks. It is suggested
that RPL implementations accept both 0x63 and 0x23 when processing that RPL implementations accept both 0x63 and 0x23 when processing
the header. the header.
When forwarding packets, implementations SHOULD use the same value as When forwarding packets, implementations SHOULD use the same value of
it was received. This is required because, RPI Option Type can not RPI Type as it was received. This is required because the RPI option
be changed by [RFC8200] - Section 4.2. It allows to the network to Type does not change en route ([RFC8200] - Section 4.2). It allows
be incrementally upgraded, and for the DODAG root to know which parts the network to be incrementally upgraded and allows the DODAG root to
of the network are upgraded. know which parts of the network have been upgraded.
When originating new packets, implementations SHOULD have an option When originating new packets, implementations SHOULD have an option
to determine which value to originate with, this option is controlled to determine which value to originate with, this option is controlled
by the DIO option described below. by the DIO option described below.
The change of RPI Option Type from 0x63 to 0x23, makes all [RFC8200] The change of RPI option Type from 0x63 to 0x23, makes all [RFC8200]
Section 4.2 compliant nodes tolerant of the RPL artifacts. There is Section 4.2 compliant nodes tolerant of the RPL artifacts. There is
therefore no longer a necessity to remove the artifacts when sending therefore no longer a necessity to remove the artifacts when sending
traffic to the Internet. This change clarifies when to use an IPv6- traffic to the Internet. This change clarifies when to use IPv6-in-
in-IPv6 header, and how to address them: The Hop-by-Hop Options IPv6 headers, and how to address them: The Hop-by-Hop Options header
Header containing the RPI MUST always be added when 6LRs originate containing the RPI MUST always be added when 6LRs originate packets
packets (without IPv6-in-IPv6 headers), and IPv6-in-IPv6 headers MUST (without IPv6-in-IPv6 headers), and IPv6-in-IPv6 headers MUST always
always be added when a 6LR find that it needs to insert a Hop-by-Hop be added when a 6LR find that it needs to insert a Hop-by-Hop Options
Options Header containing the RPL Option. The IPv6-in-IPv6 header is header containing the RPL Option. The IPv6-in-IPv6 header is to be
to be addressed to the RPL root when on the way up, and to the end- addressed to the RPL root when on the way up, and to the end-host
host when on the way down. when on the way down.
In the non-storing case, dealing with not-RPL aware leaf nodes is In the non-storing case, dealing with not-RPL aware leaf nodes is
much easier as the 6LBR (DODAG root) has complete knowledge about the much easier as the 6LBR (DODAG root) has complete knowledge about the
connectivity of all DODAG nodes, and all traffic flows through the connectivity of all DODAG nodes, and all traffic flows through the
root node. root node.
The 6LBR can recognize not-RPL aware leaf nodes because it will The 6LBR can recognize not-RPL aware leaf nodes because it will
receive a DAO about that node from the 6LR immediately above that receive a DAO about that node from the 6LR immediately above that
not-RPL aware node. This means that the non-storing mode case can not-RPL aware node. This means that the non-storing mode case can
avoid ever using hop-by-hop re-encapsulation headers for traffic avoid ever using Hop-by-Hop re-encapsulation headers for traffic
originating from the root to the leafs. originating from the root to the leaves.
The non-storing mode case does not require the type change from 0x63 The non-storing mode case does not require the type change from 0x63
to 0x23, as the root can always create the right packet. The type to 0x23, as the root can always create the right packet. The type
change does not adversely affect the non-storing case. change does not adversely affect the non-storing case.
4.3. Updates to RFC6550: Indicating the new RPI in the DODAG 4.3. Updates to RFC6550: Indicating the new RPI in the DODAG
Configuration Option Flag. Configuration option Flag.
In order to avoid a Flag Day caused by lack of interoperation between In order to avoid a Flag Day caused by lack of interoperation between
new RPI Option Type (0x23) and old RPI Option Type (0x63) nodes, this new RPI option Type (0x23) and old RPI option Type (0x63) nodes, this
section defines a flag in the DIO Configuration Option, to indicate section defines a flag in the DIO Configuration option, to indicate
when then new RPI Option Type can be safely used. This means, the when then new RPI option Type can be safely used. This means, the
flag is going to indicate the value of Option Type that the network flag is going to indicate the value of Option Type that the network
is using for the RPL Option. Thus, when a node join to a network is using for the RPL Option. Thus, when a node join to a network
will know which value to use. With this, RPL-capable nodes know if will know which value to use. With this, RPL-capable nodes know if
it is safe to use 0x23 when creating a new RPL Option. A node that it is safe to use 0x23 when creating a new RPL Option. A node that
forwards a packet with an RPI MUST NOT modify the Option Type of the forwards a packet with a RPI MUST NOT modify the Option Type of the
RPL Option. RPL Option.
This is done using a DODAG Configuration Option flag which will This is done using a DODAG Configuration option flag which will
signal "RPI 0x23 enable" and propagate through the network. signal "RPI 0x23 enable" and propagate through the network.
Section 6.3.1. of [RFC6550] defines a 3-bit Mode of Operation (MOP) Section 6.3.1. of [RFC6550] defines a 3-bit Mode of Operation (MOP)
in the DIO Base Object. The flag is defined only for MOP value in the DIO Base Object. The flag is defined only for MOP value
between 0 to 6. For a MOP value of 7 or above, the flag MAY indicate between 0 to 6. For a MOP value of 7 or above, the flag MAY indicate
something different and MUST NOT be interpreted as "RPI 0x23 enable" something different and MUST NOT be interpreted as "RPI 0x23 enable"
unless the specification of the MOP indicates to do so. unless the specification of the MOP indicates to do so.
As stated in [RFC6550] the DODAG Configuration option is present in As stated in [RFC6550] the DODAG Configuration option is present in
DIO messages. The DODAG Configuration option distributes DIO messages. The DODAG Configuration option distributes
configuration information. It is generally static, and does not configuration information. It is generally static, and does not
change within the DODAG. This information is configured at the DODAG change within the DODAG. This information is configured at the DODAG
root and distributed throughout the DODAG with the DODAG root and distributed throughout the DODAG with the DODAG
Configuration option. Nodes other than the DODAG root do not modify Configuration option. Nodes other than the DODAG root do not modify
this information when propagating the DODAG Configuration option. this information when propagating the DODAG Configuration option.
Currently, the DODAG Configuration Option in [RFC6550] states: "the Currently, the DODAG Configuration option in [RFC6550] states: "the
unused bits MUST be initialize to zero by the sender and MUST be unused bits MUST be initialize to zero by the sender and MUST be
ignored by the receiver". If the flag is received with a value zero ignored by the receiver". If the flag is received with a value zero
(which is the default), then new nodes will remain in RFC6553 (which is the default), then new nodes will remain in RFC6553
Compatible Mode; originating traffic with the old-RPI Option Type Compatible Mode; originating traffic with the old-RPI option Type
(0x63) value. If the flag is received with a value of 1, then the (0x63) value. If the flag is received with a value of 1, then the
option value for the RPL Option MUST be set to 0x23. option value for the RPL Option MUST be set to 0x23.
Bit number three of the flag field in the DODAG Configuration option Bit number three of the flag field in the DODAG Configuration option
is to be used as shown in Figure 4 : is to be used as shown in Figure 4 (which is the same as Figure 26 in
Section 11 and is shown here for convenience):
+------------+-----------------+---------------+ +------------+-----------------+---------------+
| Bit number | Description | Reference | | Bit number | Description | Reference |
+------------+-----------------+---------------+ +------------+-----------------+---------------+
| 3 | RPI 0x23 enable | This document | | 3 | RPI 0x23 enable | This document |
+------------+-----------------+---------------+ +------------+-----------------+---------------+
Figure 4: DODAG Configuration Option Flag to indicate the RPI-flag- Figure 4: DODAG Configuration option Flag to indicate the RPI-flag-
day. day.
In case of rebooting, the node (6LN or 6LR) does not remember the RPI In the case of rebooting, the node (6LN or 6LR) does not remember the
Option Type, that is if the flag is set, so DIO messages sent by the RPL Option Type (i.e., whether or not the flag is set), so DIO
node would be set with the flag unset until a DIO message is received messages sent by the node would be sent with the flag unset until a
with the flag set indicating the new RPI Option Type. The node sets DIO message is received with the flag set, indicating the new RPI
to 0x23 if the node supports this feature. value. The node will use the value 0x23 if it supports this feature.
4.4. Updates to RFC8138: Indicating the way to decompress with the new 4.4. Updates to RFC8138: Indicating the way to decompress with the new
RPI Option Type. RPI option Type.
This modification is required to be able to decompress the RPL Option This modification is required in order to be able to decompress the
with the new Option Type of 0x23. RPL Option with the new Option Type of 0x23.
RPI-6LoRH header provides a compressed form for the RPL RPI [RFC8138] RPI-6LoRH header provides a compressed form for the RPL RPI; see
in section 6. A node that is decompressing this header MUST [RFC8138], Section 6. A node that is decompressing this header MUST
decompress using the RPI Option Type that is currently active: that decompress using the RPI option Type that is currently active: that
is, a choice between 0x23 (new) and 0x63 (old). The node will know is, a choice between 0x23 (new) and 0x63 (old). The node will know
which to use based upon the presence of the flag in the DODAG which to use based upon the presence of the flag in the DODAG
Configuration Option defined in Section 4.3. E.g. If the network is Configuration option defined in Section 4.3. E.g. If the network is
in 0x23 mode (by DIO option), then it should be decompressed to 0x23. in 0x23 mode (by DIO option), then it should be decompressed to 0x23.
[RFC8138] section 7 documents how to compress the IPv6-in-IPv6 [RFC8138] section 7 documents how to compress the IPv6-in-IPv6
header. header.
There are potential significant advantages to having a single code There are potential significant advantages to having a single code
path that always processes IPv6-in-IPv6 headers with no conditional path that always processes IPv6-in-IPv6 headers with no conditional
branches. branches.
In Storing Mode, for the examples of Flow from RAL to RUL and RUL to In Storing Mode, the scenarios where the flow goes from RAL to RUL
RUL comprise an IPv6-in-IPv6 and RPI compressed headers. The use of and RUL to RUL include compression of the IPv6-in-IPv6 and RPI
the IPv6-in-IPv6 header is MANDATORY in this case, and it SHOULD be headers. The use of the IPv6-in-IPv6 header is MANDATORY in this
compressed with [RFC8138] section 7. Figure 5 illustrates the case case, and it SHOULD be compressed with [RFC8138] section 7. Figure 5
in Storing mode where the packet is received from the Internet, then illustrates the case in Storing mode where the packet is received
the root encapsulates the packet to insert the RPI. In that example, from the Internet, then the root encapsulates the packet to insert
the leaf is not known to support RFC 8138, and the packet is the RPI. In that example, the leaf is not known to support RFC 8138,
encapsulated to the 6LR that is the parent and last hop to the final and the packet is encapsulated to the 6LR that is the parent and last
destination. hop to the final destination.
+-+ ... -+-+ ... +-+- ... -+-+- +-+-+-+ ... +-+-+ ... -+++ ... +-... +-+ ... -+-+ ... +-+- ... -+-+- +-+-+-+ ... +-+-+ ... -+++ ... +-...
|11110001|SRH-6LoRH| RPI- |IP-in-IP| NH=1 |11110CPP| UDP | UDP |11110001|SRH-6LoRH| RPI- |IP-in-IP| NH=1 |11110CPP| UDP | UDP
|Page 1 |Type1 S=0| 6LoRH |6LoRH |LOWPAN_IPHC| UDP | hdr |Payld |Page 1 |Type1 S=0| 6LoRH |6LoRH |LOWPAN_IPHC| UDP | hdr |Payld
+-+ ... -+-+ ... +-+- ... -+-+-.+-+-+-+-+ ... +-+-+ ... -+ ... +-... +-+ ... -+-+ ... +-+- ... -+-+-.+-+-+-+-+ ... +-+-+ ... -+ ... +-...
<-4bytes-> <- RFC 6282 -> <-4bytes-> <- RFC 6282 ->
No RPL artifact No RPL artifact
Figure 5: RPI Inserted by the Root in Storing Mode Figure 5: RPI Inserted by the Root in Storing Mode
skipping to change at page 14, line 14 skipping to change at page 14, line 14
6LoRH is removed, all the router headers that precede it are also 6LoRH is removed, all the router headers that precede it are also
removed. The Paging Dispatch [RFC8025] may also be removed if there removed. The Paging Dispatch [RFC8025] may also be removed if there
was no previous Page change to a Page other than 0 or 1, since the was no previous Page change to a Page other than 0 or 1, since the
LOWPAN_IPHC is encoded in the same fashion in the default Page 0 and LOWPAN_IPHC is encoded in the same fashion in the default Page 0 and
in Page 1. The resulting packet to the destination is the inner in Page 1. The resulting packet to the destination is the inner
packet compressed with [RFC6282]. packet compressed with [RFC6282].
5. Sample/reference topology 5. Sample/reference topology
A RPL network in general is composed of a 6LBR, Backbone Router A RPL network in general is composed of a 6LBR, Backbone Router
(6BBR), 6LR and 6LN as leaf logically organized in a DODAG structure. (6BBR), 6LR and 6LN as a leaf logically organized in a DODAG
structure.
Figure 6 shows the reference RPL Topology for this document. The Figure 6 shows the reference RPL Topology for this document. The
letters above the nodes are there so that they may be referenced in letters above the nodes are there so that they may be referenced in
subsequent sections. In the figure, 6LR represents a full router subsequent sections. In the figure, 6LR represents a full router
node. The 6LN is a RPL aware router, or host (as a leaf). node. The 6LN is a RPL aware router, or host (as a leaf).
Additionally, for simplification purposes, it is supposed that the Additionally, for simplification purposes, it is supposed that the
6LBR has direct access to Internet and is the root of the DODAG, thus 6LBR has direct access to Internet and is the root of the DODAG, thus
the 6BBR is not present in the figure. the 6BBR is not present in the figure.
The 6LN leaves (RAL) marked as (F, H and I) are RPL nodes with no The 6LN leaves (RAL) marked as (F, H and I) are RPL nodes with no
children hosts. children hosts.
The leafs marked as RUL (G and J) are devices which do not speak RPL The leaves marked as RUL (G and J) are devices which do not speak RPL
at all (not-RPL-aware), but uses Router-Advertisements, 6LowPAN DAR/ at all (not-RPL-aware), but uses Router-Advertisements, 6LowPAN DAR/
DAC and efficient-ND only to participate in the network [RFC6775]. DAC and efficient-ND only to participate in the network [RFC6775].
In the document these leafs (G and J) are also referred to as an IPv6 In the document these leaves (G and J) are also referred to as an
node. IPv6 node.
The 6LBR ("A") in the figure is the root of the Global DODAG. The 6LBR ("A") in the figure is the root of the Global DODAG.
+------------+ +------------+
| INTERNET ----------+ | INTERNET ----------+
| | | | | |
+------------+ | +------------+ |
| |
| |
| |
skipping to change at page 16, line 11 skipping to change at page 16, line 11
+-------+ +-------+ +------+ +-------+ +-------+ +-------+ +-------+ +------+ +-------+ +-------+
Figure 6: A reference RPL Topology. Figure 6: A reference RPL Topology.
6. Use cases 6. Use cases
In the data plane a combination of RFC6553, RFC6554 and IPv6-in-IPv6 In the data plane a combination of RFC6553, RFC6554 and IPv6-in-IPv6
encapsulation are going to be analyzed for a number of representative encapsulation are going to be analyzed for a number of representative
traffic flows. traffic flows.
This document assumes that the LLN is using the no-drop RPI Option This document assumes that the LLN is using the no-drop RPI option
Type of 0x23. Type of 0x23.
The use cases describe the communication in the following cases: - The use cases describe the communication in the following cases: -
Between RPL-aware-nodes with the root (6LBR) - Between RPL-aware- Between RPL-aware-nodes with the root (6LBR) - Between RPL-aware-
nodes with the Internet - Between RUL nodes within the LLN (e.g. see nodes with the Internet - Between RUL nodes within the LLN (e.g. see
Section 7.1.4) - Inside of the LLN when the final destination address Section 7.1.4) - Inside of the LLN when the final destination address
resides outside of the LLN (e.g. see Section 7.2.3). resides outside of the LLN (e.g. see Section 7.2.3).
The uses cases are as follows: The uses cases are as follows:
skipping to change at page 16, line 42 skipping to change at page 16, line 42
Interaction between Leaf and Internet: Interaction between Leaf and Internet:
RAL to Internet RAL to Internet
Internet to RAL Internet to RAL
RUL to Internet RUL to Internet
Internet to RUL Internet to RUL
Interaction between Leafs: Interaction between leaves:
RAL to RAL RAL to RAL
RAL to RUL RAL to RUL
RUL to RAL RUL to RAL
RUL to RUL RUL to RUL
This document is consistent with the rule that a Header cannot be This document is consistent with the rule that a Header cannot be
skipping to change at page 17, line 22 skipping to change at page 17, line 22
DODAG root MUST force it to zero when passing the packet out to the DODAG root MUST force it to zero when passing the packet out to the
Internet. The Internet will therefore not see any SenderRank Internet. The Internet will therefore not see any SenderRank
information. information.
Despite being legal to leave the RPI artifact in place, an Despite being legal to leave the RPI artifact in place, an
intermediate router that needs to add an extension header (e.g. RH3 intermediate router that needs to add an extension header (e.g. RH3
or RPL Option) MUST still encapsulate the packet in an (additional) or RPL Option) MUST still encapsulate the packet in an (additional)
outer IP header. The new header is placed after this new outer IP outer IP header. The new header is placed after this new outer IP
header. header.
A corollary is that an RH3 or RPL Option can only be removed by an A corollary is that a RH3 or RPL Option can only be removed by an
intermediate router if it is placed in an encapsulating IPv6 Header, intermediate router if it is placed in an encapsulating IPv6 Header,
which is addressed TO the intermediate router. When it does so, the which is addressed TO the intermediate router. When it does so, the
whole encapsulating header must be removed. (A replacement may be whole encapsulating header must be removed. (A replacement may be
added). This sometimes can result in outer IP headers being added). This sometimes can result in outer IP headers being
addressed to the next hop router using link-local address. addressed to the next hop router using link-local address.
Both the RPL Option and the RH3 headers may be modified in very Both the RPL Option and the RH3 headers may be modified in very
specific ways by routers on the path of the packet without the need specific ways by routers on the path of the packet without the need
to add and remove an encapsulating header. Both headers were to add and remove an encapsulating header. Both headers were
designed with this modification in mind, and both the RPL RH3 and the designed with this modification in mind, and both the RPL RH3 and the
skipping to change at page 18, line 18 skipping to change at page 18, line 18
- A Header cannot be inserted or removed on the fly inside an IPv6 - A Header cannot be inserted or removed on the fly inside an IPv6
packet that is being routed. packet that is being routed.
- Extension headers may not be added or removed except by the - Extension headers may not be added or removed except by the
sender or the receiver. sender or the receiver.
- RPI and RH3 headers may be modified by routers on the path of - RPI and RH3 headers may be modified by routers on the path of
the packet without the need to add and remove an encapsulating the packet without the need to add and remove an encapsulating
header. header.
- An RH3 or RPL Option can only be removed by an intermediate - a RH3 or RPL Option can only be removed by an intermediate
router if it is placed in an encapsulating IPv6 Header, which is router if it is placed in an encapsulating IPv6 Header, which is
addressed to the intermediate router. addressed to the intermediate router.
- Non-storing mode requires downstream encapsulation by root for - Non-storing mode requires downstream encapsulation by root for
RH3. RH3.
The uses cases are delineated based on the following assumptions: The uses cases are delineated based on the following assumptions:
This document assumes that the LLN is using the no-drop RPI Option This document assumes that the LLN is using the no-drop RPI option
Type (0x23). Type (0x23).
- Each IPv6 node (including Internet routers) obeys [RFC8200] RFC - Each IPv6 node (including Internet routers) obeys [RFC8200] RFC
8200, so that 0x23 RPI Option type can be safely inserted. 8200, so that 0x23 RPI option Type can be safely inserted.
- All 6LRs obey RFC 8200 [RFC8200]. - All 6LRs obey RFC 8200 [RFC8200].
- The RPI is ignored at the IPv6 dst node (RUL). - The RPI is ignored at the IPv6 dst node (RUL).
- In the uses cases, we assume that the RAL supports IP-in-IP - In the uses cases, we assume that the RAL supports IP-in-IP
encapsulation. encapsulation.
- In the uses cases, we dont assume that the RUL supports IP-in-IP - In the uses cases, we dont assume that the RUL supports IP-in-IP
encapsulation. encapsulation.
skipping to change at page 19, line 13 skipping to change at page 19, line 13
- The flow label [RFC6437] is not needed in RPL. - The flow label [RFC6437] is not needed in RPL.
7. Storing mode 7. Storing mode
In storing mode (SM) (fully stateful), the sender can determine if In storing mode (SM) (fully stateful), the sender can determine if
the destination is inside the LLN by looking if the destination the destination is inside the LLN by looking if the destination
address is matched by the DIO's Prefix Information Option (PIO) address is matched by the DIO's Prefix Information Option (PIO)
option. option.
The following table (Figure 7) itemizes which headers are needed in The following table (Figure 7) itemizes which headers are needed in
each of the following scenarios. It indicates if the IPv6-in-IPv6 each of the following scenarios. It indicates whether (1) the IPv6-
header that is added, must be addressed to the final destination (the in-IPv6 header that is added must be addressed to the final
RAL node that is the target(tgt)), to the "root", or the 6LR parent destination (the RAL node that is the target (tgt)), (2) the IPv6-in-
of a leaf. IPv6 header that is added must be addressed to the "root", or (3) the
6LR parent of a RUL.
In cases where no IPv6-in-IPv6 header is needed, the column states as In cases where no IPv6-in-IPv6 header is needed, the column states as
"No". If the IPv6-in-IPv6 header is needed is a "must". "No". If the IPv6-in-IPv6 header is needed is a "must".
In all cases the RPI is needed, since it identifies inconsistencies In all cases the RPI is needed, since it identifies inconsistencies
(loops) in the routing topology. In all cases the RH3 is not needed (loops) in the routing topology. In all cases the RH3 is not needed
because it is not used in storing mode. because it is not used in storing mode.
In each case, 6LR_i are the intermediate routers from source to In each case, 6LR_i represents the intermediate routers from source
destination. "1 <= i <= n", n is the number of routers (6LR) that to destination. "1 <= i <= n", n is the number of routers (6LR) that
the packet goes through from source (6LN) to destination. the packet goes through from source (6LN) to destination.
The leaf can be a router 6LR or a host, both indicated as 6LN. The The leaf can be a router 6LR or a host, both indicated as 6LN. The
root refers to the 6LBR (see Figure 6). root refers to the 6LBR (see Figure 6).
+---------------------+--------------+------------+----------------+ +---------------------+--------------+------------+----------------+
| Interaction between | Use Case |IPv6-in-IPv6|IPv6-in-IPv6 dst| | Interaction between | Use Case |IPv6-in-IPv6|IPv6-in-IPv6 dst|
+---------------------+--------------+------------+----------------+ +---------------------+--------------+------------+----------------+
| | RAL to root | No | No | | | RAL to root | No | No |
+ +--------------+------------+----------------+ + +--------------+------------+----------------+
skipping to change at page 21, line 48 skipping to change at page 21, line 48
7.1.2. SM: Example of Flow from root to RAL 7.1.2. SM: Example of Flow from root to RAL
In this case the flow comprises: In this case the flow comprises:
root (6LBR) --> 6LR_i --> RAL (6LN) root (6LBR) --> 6LR_i --> RAL (6LN)
For example, a communication flow could be: Node A root(6LBR) --> For example, a communication flow could be: Node A root(6LBR) -->
Node B (6LR_i) --> Node D (6LR_i) --> Node F (6LN) Node B (6LR_i) --> Node D (6LR_i) --> Node F (6LN)
In this case the 6LBR inserts RPI and sends the packet down, the 6LR In this case the 6LBR inserts RPI and sends the packet down, the 6LR
is going to increment the rank in RPI (it examines the instanceID to is going to increment the rank in RPI (it examines the RPLInstanceID
identify the right forwarding table), the packet is processed in the to identify the right forwarding table), the packet is processed in
RAL and the RPI removed. the RAL and the RPI removed.
No IPv6-in-IPv6 header is required. No IPv6-in-IPv6 header is required.
The Table 2 summarizes what headers are needed for this use case. The Table 2 summarizes what headers are needed for this use case.
+-------------------+----------+-------+---------+ +-------------------+----------+-------+---------+
| Header | 6LBR src | 6LR_i | RAL dst | | Header | 6LBR src | 6LR_i | RAL dst |
+-------------------+----------+-------+---------+ +-------------------+----------+-------+---------+
| Added headers | RPI | -- | -- | | Added headers | RPI | -- | -- |
| Modified headers | -- | RPI | -- | | Modified headers | -- | RPI | -- |
skipping to change at page 23, line 19 skipping to change at page 23, line 19
The Figure 8 shows the table that summarizes what headers are needed The Figure 8 shows the table that summarizes what headers are needed
for this use case where the IPv6-in-IPv6 header is addressed to the for this use case where the IPv6-in-IPv6 header is addressed to the
root (Node A). root (Node A).
+-----------+------+--------------+----------------+-----------------+ +-----------+------+--------------+----------------+-----------------+
| Header | RUL | 6LR_1 | 6LR_i | 6LBR dst | | Header | RUL | 6LR_1 | 6LR_i | 6LBR dst |
| | src | | | | | | src | | | |
| | node | | | | | | node | | | |
+-----------+------+--------------+----------------+-----------------+ +-----------+------+--------------+----------------+-----------------+
| Added | -- | IP6-IP6(RPI) | | -- | | Added | -- | IP6-IP6(RPI) | | -- |
| headers | | | | | | headers | | | -- | |
+-----------+------+--------------+----------------+-----------------+ +-----------+------+--------------+----------------+-----------------+
| Modified | -- | -- | IP6-IP6(RPI) | -- | | Modified | -- | -- | IP6-IP6(RPI) | -- |
| headers | | | | | | headers | | | | |
+-----------+------+--------------+----------------+-----------------+ +-----------+------+--------------+----------------+-----------------+
| Removed | -- | -- | | IP6-IP6(RPI) | | Removed | -- | -- | --- | IP6-IP6(RPI) |
| headers | | | | | | headers | | | | |
+-----------+------+--------------+----------------+-----------------+ +-----------+------+--------------+----------------+-----------------+
| Untouched | -- | -- | -- | -- | | Untouched | -- | -- | -- | -- |
| headers | | | | | | headers | | | | |
+-----------+------+--------------+----------------+-----------------+ +-----------+------+--------------+----------------+-----------------+
Figure 8: SM: Summary of the use of headers from RUL to root. Figure 8: SM: Summary of the use of headers from RUL to root.
7.2. SM: Interaction between Leaf and Internet. 7.2. SM: Interaction between Leaf and Internet.
skipping to change at page 24, line 12 skipping to change at page 24, line 12
In this case the flow comprises: In this case the flow comprises:
RAL (6LN) --> 6LR_i --> root (6LBR) --> Internet RAL (6LN) --> 6LR_i --> root (6LBR) --> Internet
For example, the communication flow could be: Node F (RAL) --> Node D For example, the communication flow could be: Node F (RAL) --> Node D
(6LR_i)--> Node B (6LR_i)--> Node A root(6LBR) --> Internet (6LR_i)--> Node B (6LR_i)--> Node A root(6LBR) --> Internet
No IPv6-in-IPv6 header is required. No IPv6-in-IPv6 header is required.
Note: In this use case, it is used a node as leaf, but this use case Note: In this use case, it is used a node as a leaf, but this use
can be also applicable to any RPL-aware-node type (e.g. 6LR) case can be also applicable to any RPL-aware-node type (e.g. 6LR)
The Table 4 summarizes what headers are needed for this use case. The Table 4 summarizes what headers are needed for this use case.
+-------------------+---------+-------+------+----------------+ +-------------------+---------+-------+------+----------------+
| Header | RAL src | 6LR_i | 6LBR | Internet dst | | Header | RAL src | 6LR_i | 6LBR | Internet dst |
+-------------------+---------+-------+------+----------------+ +-------------------+---------+-------+------+----------------+
| Added headers | RPI | -- | -- | -- | | Added headers | RPI | -- | -- | -- |
| Modified headers | -- | RPI | -- | -- | | Modified headers | -- | RPI | -- | -- |
| Removed headers | -- | -- | -- | -- | | Removed headers | -- | -- | -- | -- |
| Untouched headers | -- | -- | RPI | RPI (Ignored) | | Untouched headers | -- | -- | RPI | RPI (Ignored) |
skipping to change at page 25, line 33 skipping to change at page 25, line 33
7.2.3. SM: Example of Flow from RUL to Internet 7.2.3. SM: Example of Flow from RUL to Internet
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node) --> 6LR_1 --> 6LR_i -->root (6LBR) --> Internet RUL (IPv6 src node) --> 6LR_1 --> 6LR_i -->root (6LBR) --> Internet
For example, a communication flow could be: Node G (RUL)--> Node E For example, a communication flow could be: Node G (RUL)--> Node E
(6LR_1)--> Node B (6lR_i) --> Node A root(6LBR) --> Internet (6LR_1)--> Node B (6lR_i) --> Node A root(6LBR) --> Internet
The 6LR_1 (i=1) node will add an IPv6-in-IPv6(RPI) header addressed The node 6LR_1 (i=1) will add an IPv6-in-IPv6(RPI) header addressed
to the root such that the root can remove the RPI before passing to the root such that the root can remove the RPI before passing
upwards. The IPv6-in-IPv6 addressed to the root cause less upwards. The IPv6-in-IPv6 addressed to the root cause less
processing overhead. In the intermindiate 6LR the rank in the RPI is processing overhead. In the intermindiate 6LR the rank in the RPI is
modified. modified.
The originating node will ideally leave the IPv6 flow label as zero The originating node will ideally leave the IPv6 flow label as zero
so that the packet can be better compressed through the LLN. The so that the packet can be better compressed through the LLN. The
6LBR will set the flow label of the packet to a non-zero value when 6LBR will set the flow label of the packet to a non-zero value when
sending to the Internet, for details check [RFC6437]. sending to the Internet, for details check [RFC6437].
skipping to change at page 26, line 35 skipping to change at page 26, line 35
7.2.4. SM: Example of Flow from Internet to RUL. 7.2.4. SM: Example of Flow from Internet to RUL.
In this case the flow comprises: In this case the flow comprises:
Internet --> root (6LBR) --> 6LR_i --> RUL (IPv6 dst node) Internet --> root (6LBR) --> 6LR_i --> RUL (IPv6 dst node)
For example, a communication flow could be: Internet --> Node A For example, a communication flow could be: Internet --> Node A
root(6LBR) --> Node B (6LR_i)--> Node E (6LR_n) --> Node G (RUL) root(6LBR) --> Node B (6LR_i)--> Node E (6LR_n) --> Node G (RUL)
The 6LBR will have to add an RPI within an IPv6-in-IPv6 header. The The 6LBR will have to add a RPI within an IPv6-in-IPv6 header. The
IPv6-in-IPv6 is addressed to the 6LR parent of the RUL. IPv6-in-IPv6 is addressed to the 6LR parent of the RUL.
Further details about this are mentioned in Further details about this are mentioned in
[I-D.ietf-roll-unaware-leaves], which specifies RPL routing for a 6LN [I-D.ietf-roll-unaware-leaves], which specifies RPL routing for a 6LN
acting as a plain host and not being aware of RPL. acting as a plain host and not being aware of RPL.
The 6LBR may set the flow label on the inner IPv6-in-IPv6 header to The 6LBR may set the flow label on the inner IPv6-in-IPv6 header to
zero in order to aid in compression [RFC8138][RFC6437]. zero in order to aid in compression [RFC8138][RFC6437].
The Figure 11 shows the table that summarizes what headers are needed The Figure 11 shows the table that summarizes what headers are needed
for this use case. for this use case.
+---------+-------+------------+--------------+-------------+-------+ +---------+-------+------------+--------------+-------------+-------+
| Header |Inter- | 6LBR | 6LR_i | 6LR_n | RUL | | Header |Inter- | 6LBR | 6LR_i | 6LR_n | RUL |
| | net | |[i=1,..,n-1] | | dst | | | net | |[i=1,..,n-1] | | dst |
| | src | | | | | | | src | | | | |
| | | | | | | | | | | | | |
+---------+-------+------------+--------------+-------------+-------+ +---------+-------+------------+--------------+-------------+-------+
| Inserted| -- |IP6-IP6(RPI)| | -- | -- | | Inserted| -- |IP6-IP6(RPI)| -- | -- | -- |
| headers | | | | | | | headers | | | | | |
+---------+-------+------------+--------------+-------------+-------+ +---------+-------+------------+--------------+-------------+-------+
| Modified| -- | -- | IP6-IP6(RPI) | -- | -- | | Modified| -- | -- | IP6-IP6(RPI) | -- | -- |
| headers | | | | | | | headers | | | | | |
+---------+-------+------------+--------------+-------------+-------+ +---------+-------+------------+--------------+-------------+-------+
| Removed | -- | -- | | IP6-IP6(RPI)| -- | | Removed | -- | -- | -- | IP6-IP6(RPI)| -- |
| headers | | | | | | | headers | | | | | |
+---------+-------+------------+--------------+-------------+-------+ +---------+-------+------------+--------------+-------------+-------+
|Untouched| -- | -- | -- | -- | -- | |Untouched| -- | -- | -- | -- | -- |
| headers | | | | | | | headers | | | | | |
+---------+-------+------------+--------------+-------------+-------+ +---------+-------+------------+--------------+-------------+-------+
Figure 11: SM: Summary of the use of headers from Internet to RUL. Figure 11: SM: Summary of the use of headers from Internet to RUL.
7.3. SM: Interaction between Leaf and Leaf 7.3. SM: Interaction between Leaf and Leaf
In this section is described the communication flow in storing mode In this section is described the communication flow in storing mode
skipping to change at page 28, line 7 skipping to change at page 28, line 7
[RFC6550]. [RFC6550].
When the nodes are not directly connected, then in storing mode, the When the nodes are not directly connected, then in storing mode, the
flow comprises: flow comprises:
RAL src (6LN) --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> RAL RAL src (6LN) --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> RAL
dst (6LN) dst (6LN)
For example, a communication flow could be: Node F (RAL src)--> Node For example, a communication flow could be: Node F (RAL src)--> Node
D (6LR_ia)--> Node B (6LR_x) --> Node E (6LR_id) --> Node H (RAL dst) D (6LR_ia)--> Node B (6LR_x) --> Node E (6LR_id) --> Node H (RAL dst)
6LR_ia (Node D) are the intermediate routers from source to the 6LR_ia (Node D) represents the intermediate routers from source to
common parent (6LR_x) (Node B). In this case, 1 <= ia <= n, n is the the common parent (6LR_x) (Node B). In this case, 1 <= ia <= n, n is
number of routers (6LR) that the packet goes through from RAL (Node the number of routers (6LR) that the packet goes through from RAL
F) to the common parent 6LR_x (Node B). (Node F) to the common parent 6LR_x (Node B).
6LR_id (Node E) are the intermediate routers from the common parent 6LR_id (Node E) represents the intermediate routers from the common
(6LR_x) (Node B) to destination RAL (Node H). In this case, 1 <= id parent (6LR_x) (Node B) to destination RAL (Node H). In this case, 1
<= m, m is the number of routers (6LR) that the packet goes through <= id <= m, m is the number of routers (6LR) that the packet goes
from the common parent (6LR_x) to destination RAL (Node H). through from the common parent (6LR_x) to destination RAL (Node H).
It is assumed that the two nodes are in the same RPL Domain (that It is assumed that the two nodes are in the same RPL domain (that
they share the same DODAG root). At the common parent (Node B), the they share the same DODAG root). At the common parent (Node B), the
direction of RPI is changed (from decreasing to increasing the rank). direction of RPI is changed (from decreasing to increasing the rank).
While the 6LR nodes will update the RPI, no node needs to add or While the 6LR nodes will update the RPI, no node needs to add or
remove the RPI, so no IPv6-in-IPv6 headers are necessary. remove the RPI, so no IPv6-in-IPv6 headers are necessary.
The Table 5 summarizes what headers are needed for this use case. The Table 5 summarizes what headers are needed for this use case.
+---------------+--------+--------+---------------+--------+--------+ +---------------+--------+--------+---------------+--------+--------+
| Header | RAL | 6LR_ia | 6LR_x (common | 6LR_id | RAL | | Header | RAL | 6LR_ia | 6LR_x (common | 6LR_id | RAL |
skipping to change at page 28, line 39 skipping to change at page 28, line 39
+---------------+--------+--------+---------------+--------+--------+ +---------------+--------+--------+---------------+--------+--------+
| Added headers | RPI | -- | -- | -- | -- | | Added headers | RPI | -- | -- | -- | -- |
| Modified | -- | RPI | RPI | RPI | -- | | Modified | -- | RPI | RPI | RPI | -- |
| headers | | | | | | | headers | | | | | |
| Removed | -- | -- | -- | -- | RPI | | Removed | -- | -- | -- | -- | RPI |
| headers | | | | | | | headers | | | | | |
| Untouched | -- | -- | -- | -- | -- | | Untouched | -- | -- | -- | -- | -- |
| headers | | | | | | | headers | | | | | |
+---------------+--------+--------+---------------+--------+--------+ +---------------+--------+--------+---------------+--------+--------+
Table 5: SM: Summary of the use of headers for RAL to RAL Table 5: SM: Summary of the Use of Headers from RAL to RAL
7.3.2. SM: Example of Flow from RAL to RUL 7.3.2. SM: Example of Flow from RAL to RUL
In this case the flow comprises: In this case the flow comprises:
RAL src (6LN) --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> RUL RAL src (6LN) --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> RUL
(IPv6 dst node) (IPv6 dst node)
For example, a communication flow could be: Node F (RAL)--> Node D For example, a communication flow could be: Node F (RAL)--> Node D
--> Node B --> Node E --> Node G (RUL) --> Node B --> Node E --> Node G (RUL)
6LR_ia are the intermediate routers from source (RAL) to the common 6LR_ia represents the intermediate routers from source (RAL) to the
parent (6LR_x) In this case, 1 <= ia <= n, n is the number of routers common parent (6LR_x) In this case, 1 <= ia <= n, n is the number of
(6LR) that the packet goes through from RAL to the common parent routers (6LR) that the packet goes through from RAL to the common
(6LR_x). parent (6LR_x).
6LR_id (Node E) are the intermediate routers from the common parent 6LR_id (Node E) represents the intermediate routers from the common
(6LR_x) (Node B) to destination RUL (Node G). In this case, 1 <= id parent (6LR_x) (Node B) to destination RUL (Node G). In this case, 1
<= m, m is the number of routers (6LR) that the packet goes through <= id <= m, m is the number of routers (6LR) that the packet goes
from the common parent (6LR_x) to destination RUL. The packet from through from the common parent (6LR_x) to destination RUL. The
the RAL goes to 6LBR because the route to the RUL is not injected packet from the RAL goes to 6LBR because the route to the RUL is not
into the RPL-SM. injected into the RPL-SM.
The Table 6 summarizes what headers are needed for this use case. The Table 6 summarizes what headers are needed for this use case.
+-----------------+---------+--------+------+--------+--------------+ +-----------------+---------+--------+------+--------+--------------+
| Header | RAL src | 6LR_ia | 6LBR | 6LR_id | RUL dst | | Header | RAL src | 6LR_ia | 6LBR | 6LR_id | RUL dst |
+-----------------+---------+--------+------+--------+--------------+ +-----------------+---------+--------+------+--------+--------------+
| Added headers | RPI | -- | -- | -- | -- | | Added headers | RPI | -- | -- | -- | -- |
| Modified | -- | RPI | RPI | RPI | -- | | Modified | -- | RPI | RPI | RPI | -- |
| headers | | | | | | | headers | | | | | |
| Removed headers | -- | -- | -- | -- | -- | | Removed headers | -- | -- | -- | -- | -- |
| Untouched | -- | -- | -- | -- | RPI(Ignored) | | Untouched | -- | -- | -- | -- | RPI(Ignored) |
| headers | | | | | | | headers | | | | | |
+-----------------+---------+--------+------+--------+--------------+ +-----------------+---------+--------+------+--------+--------------+
Table 6: SM: Summary of the use of headers for RAL to RUL Table 6: SM: Summary of the Use of Headers from RAL to RUL
7.3.3. SM: Example of Flow from RUL to RAL 7.3.3. SM: Example of Flow from RUL to RAL
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node) --> 6LR_ia --> 6LBR --> 6LR_id --> RAL dst (6LN) RUL (IPv6 src node) --> 6LR_ia --> 6LBR --> 6LR_id --> RAL dst (6LN)
For example, a communication flow could be: Node G (RUL)--> Node E For example, a communication flow could be: Node G (RUL)--> Node E
--> Node B --> Node A --> Node B --> Node D --> Node F (RAL) --> Node B --> Node A --> Node B --> Node D --> Node F (RAL)
6LR_ia (Node E) are the intermediate routers from source (RUL) (Node 6LR_ia (Node E) represents the intermediate routers from source (RUL)
G) to the root (Node A). In this case, 1 <= ia <= n, n is the number (Node G) to the root (Node A). In this case, 1 <= ia <= n, n is the
of routers (6LR) that the packet goes through from source to the number of routers (6LR) that the packet goes through from source to
root. the root.
6LR_id are the intermediate routers from the root (Node A) to 6LR_id represents the intermediate routers from the root (Node A) to
destination RAL (Node F). In this case, 1 <= id <= m, m is the destination RAL (Node F). In this case, 1 <= id <= m, m is the
number of routers (6LR) that the packet goes through from the root to number of routers (6LR) that the packet goes through from the root to
the destination RAL. the destination RAL.
The 6LR_ia (ia=1) (Node E) receives the packet from the RUL (Node G) The 6LR_ia (ia=1) (Node E) receives the packet from the RUL (Node G)
and inserts the RPI (RPI1) encapsulated in a IPv6-in-IPv6 header to and inserts the RPI (RPI1) encapsulated in a IPv6-in-IPv6 header to
the root. The root removes the outer header including the RPI (RPI1) the root. The root removes the outer header including the RPI (RPI1)
and inserts a new RPI (RPI2) addressed to the destination RAL (Node and inserts a new RPI (RPI2) addressed to the destination RAL (Node
F). F).
skipping to change at page 30, line 21 skipping to change at page 30, line 21
+-----------+------+---------+---------+---------+---------+---------+ +-----------+------+---------+---------+---------+---------+---------+
| Header | RUL | 6LR_1 | 6LR_ia | 6LBR | 6LR_id | RAL | | Header | RUL | 6LR_1 | 6LR_ia | 6LBR | 6LR_id | RAL |
| | src | | | | | dst | | | src | | | | | dst |
| | node | | | | | node | | | node | | | | | node |
+-----------+------+---------+---------+---------+---------+---------+ +-----------+------+---------+---------+---------+---------+---------+
| Added | -- | IP6-IP6 | -- | IP6-IP6 | -- | -- | | Added | -- | IP6-IP6 | -- | IP6-IP6 | -- | -- |
| headers | | (RPI1) | | (RPI2) | | | | headers | | (RPI1) | | (RPI2) | | |
| | | | | | | | | | | | | | | |
+-----------+------+---------+---------+---------+---------+---------+ +-----------+------+---------+---------+---------+---------+---------+
| Modified | -- | | IP6-IP6 | -- | IP6-IP6 | -- | | Modified | -- | | IP6-IP6 | -- | IP6-IP6 | -- |
| headers | | | (RPI1) | | (RPI2) | | | headers | | -- | (RPI1) | | (RPI2) | |
| | | | | | | | | | | | | | | |
+-----------+------+---------+---------+---------+---------+---------+ +-----------+------+---------+---------+---------+---------+---------+
| Removed | -- | | -- | IP6-IP6 | -- | IP6-IP6 | | Removed | -- | | -- | IP6-IP6 | -- | IP6-IP6 |
| headers | | | | (RPI1) | | (RPI2) | | headers | | -- | | (RPI1) | | (RPI2) |
| | | | | | | | | | | | | | | |
+-----------+------+---------+---------+---------+---------+---------+ +-----------+------+---------+---------+---------+---------+---------+
| Untouched | -- | | -- | -- | -- | -- | | Untouched | -- | -- | -- | -- | -- | -- |
| headers | | | | | | | | headers | | | | | | |
+-----------+------+---------+---------+---------+---------+---------+ +-----------+------+---------+---------+---------+---------+---------+
Figure 12: SM: Summary of the use of headers from RUL to RAL. Figure 12: SM: Summary of the use of headers from RUL to RAL.
7.3.4. SM: Example of Flow from RUL to RUL 7.3.4. SM: Example of Flow from RUL to RUL
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node)--> 6LR_1--> 6LR_ia --> 6LBR --> 6LR_id --> RUL RUL (IPv6 src node)--> 6LR_1--> 6LR_ia --> 6LBR --> 6LR_id --> RUL
(IPv6 dst node) (IPv6 dst node)
For example, a communication flow could be: Node G (RUL src)--> Node For example, a communication flow could be: Node G (RUL src)--> Node
E --> Node B --> Node A (root) --> Node C --> Node J (RUL dst) E --> Node B --> Node A (root) --> Node C --> Node J (RUL dst)
Internal nodes 6LR_ia (e.g: Node E or Node B) is the intermediate Internal nodes 6LR_ia (e.g: Node E or Node B) is the intermediate
router from the RUL source (Node G) to the root (6LBR) (Node A). In router from the RUL source (Node G) to the root (6LBR) (Node A). In
this case, "1 < ia <= n", n is the number of routers (6LR) that the this case, 1 <= ia <= n, n is the number of routers (6LR) that the
packet goes through from the RUL to the root. packet goes through from the RUL to the root. 6LR_1 refers when ia=1.
6LR_id (Node C) are the intermediate routers from the root (Node A) 6LR_id (Node C) represents the intermediate routers from the root
to the destination RUL dst node (Node J). In this case, 1 <= id <= (Node A) to the destination RUL dst node (Node J). In this case, 1
m, m is the number of routers (6LR) that the packet goes through from <= id <= m, m is the number of routers (6LR) that the packet goes
the root to destination RUL. through from the root to destination RUL.
The RPI is ignored at the RUL dst node. The RPI is ignored at the RUL dst node.
The 6LR_1 (Node E) receives the packet from the RUL (Node G) and The 6LR_1 (Node E) receives the packet from the RUL (Node G) and
inserts the RPI (RPI), encapsulated in an IPv6-in-IPv6 header inserts the RPI (RPI), encapsulated in an IPv6-in-IPv6 header
directed to the root. The root removes the outer header including directed to the root. The root removes the outer header including
the RPI (RPI1) and inserts a new RPI (RPI2) addressed to the 6LR the RPI (RPI1) and inserts a new RPI (RPI2) addressed to the 6LR
father of the RUL. father of the RUL.
The Figure 13 shows the table that summarizes what headers are needed The Figure 13 shows the table that summarizes what headers are needed
skipping to change at page 32, line 15 skipping to change at page 32, line 15
be omitted, because it is needed for routing, quality of service and be omitted, because it is needed for routing, quality of service and
compression. This specification expects that is always a RPI compression. This specification expects that is always a RPI
Present. The term "may(up)" refers that the IPv6-in-IPv6 header may Present. The term "may(up)" refers that the IPv6-in-IPv6 header may
be necessary in the upwards direction. The term "must(up)" refers be necessary in the upwards direction. The term "must(up)" refers
that the IPv6-in-IPv6 header must be present in the upwards that the IPv6-in-IPv6 header must be present in the upwards
direction. The term "must(down)" refers that the IPv6-in-IPv6 header direction. The term "must(down)" refers that the IPv6-in-IPv6 header
must be present in the downward direction. must be present in the downward direction.
The leaf can be a router 6LR or a host, both indicated as 6LN The leaf can be a router 6LR or a host, both indicated as 6LN
(Figure 6). In the table (Figure 14) the (1) indicates a 6tisch case (Figure 6). In the table (Figure 14) the (1) indicates a 6tisch case
[RFC8180], where the RPI may still be needed for the instanceID to be [RFC8180], where the RPI may still be needed for the RPLInstanceID to
available for priority/channel selection at each hop. be available for priority/channel selection at each hop.
The root always have to encapuslate on the way down The root always have to encapuslate on the way down
+--- ------------+-------------+-----+-----+--------------+----------+ +--- ------------+-------------+-----+-----+--------------+----------+
| Interaction | Use Case | RPI | RH3 | IPv6-in-IPv6 | IP-in-IP | | Interaction | Use Case | RPI | RH3 | IPv6-in-IPv6 | IP-in-IP |
| between | | | | | dst | | between | | | | | dst |
+----------------+-------------+-----+-----+--------------+----------+ +----------------+-------------+-----+-----+--------------+----------+
| | RAL to root | Yes | No | No | No | | | RAL to root | Yes | No | No | No |
| +-------------+-----+-----+--------------+----------+ | +-------------+-----+-----+--------------+----------+
| Leaf - Root | root to RAL | Yes | Yes | No | No | | Leaf - Root | root to RAL | Yes | Yes | No | No |
skipping to change at page 34, line 21 skipping to change at page 34, line 21
In non-storing mode the leaf node uses default routing to send In non-storing mode the leaf node uses default routing to send
traffic to the root. The RPI must be included since it contains the traffic to the root. The RPI must be included since it contains the
rank information, which is used to avoid/detect loops. rank information, which is used to avoid/detect loops.
RAL (6LN) --> 6LR_i --> root(6LBR) RAL (6LN) --> 6LR_i --> root(6LBR)
For example, a communication flow could be: Node F --> Node D --> For example, a communication flow could be: Node F --> Node D -->
Node B --> Node A (root) Node B --> Node A (root)
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from source (RAL) to destination (6LBR). packet goes through from source (RAL) to destination (6LBR).
This situation is the same case as storing mode. This situation is the same case as storing mode.
The Table 7 summarizes what headers are needed for this use case. The Table 7 summarizes what headers are needed for this use case.
+-------------------+---------+-------+----------+ +-------------------+---------+-------+----------+
| Header | RAL src | 6LR_i | 6LBR dst | | Header | RAL src | 6LR_i | 6LBR dst |
+-------------------+---------+-------+----------+ +-------------------+---------+-------+----------+
| Added headers | RPI | -- | -- | | Added headers | RPI | -- | -- |
skipping to change at page 34, line 49 skipping to change at page 34, line 49
8.1.2. Non-SM: Example of Flow from root to RAL 8.1.2. Non-SM: Example of Flow from root to RAL
In this case the flow comprises: In this case the flow comprises:
root (6LBR) --> 6LR_i --> RAL (6LN) root (6LBR) --> 6LR_i --> RAL (6LN)
For example, a communication flow could be: Node A (root) --> Node B For example, a communication flow could be: Node A (root) --> Node B
--> Node D --> Node F --> Node D --> Node F
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from source (6LBR) to destination (RAL). packet goes through from source (6LBR) to destination (RAL).
The 6LBR inserts an RH3, and a RPI. No IPv6-in-IPv6 header is The 6LBR inserts a RH3, and a RPI. No IPv6-in-IPv6 header is
necessary as the traffic originates with an RPL aware node, the 6LBR. necessary as the traffic originates with a RPL aware node, the 6LBR.
The destination is known to be RPL-aware because the root knows the The destination is known to be RPL-aware because the root knows the
whole topology in non-storing mode. whole topology in non-storing mode.
The Table 8 summarizes what headers are needed for this use case. The Table 8 summarizes what headers are needed for this use case.
+-------------------+----------+-----------+-----------+ +-------------------+----------+-----------+-----------+
| Header | 6LBR src | 6LR_i | RAL dst | | Header | 6LBR src | 6LR_i | RAL dst |
+-------------------+----------+-----------+-----------+ +-------------------+----------+-----------+-----------+
| Added headers | RPI, RH3 | -- | -- | | Added headers | RPI, RH3 | -- | -- |
| Modified headers | -- | RPI, RH3 | -- | | Modified headers | -- | RPI, RH3 | -- |
skipping to change at page 35, line 32 skipping to change at page 35, line 32
8.1.3. Non-SM: Example of Flow from root to RUL 8.1.3. Non-SM: Example of Flow from root to RUL
In this case the flow comprises: In this case the flow comprises:
root (6LBR) --> 6LR_i --> RUL (IPv6 dst node) root (6LBR) --> 6LR_i --> RUL (IPv6 dst node)
For example, a communication flow could be: Node A (root) --> Node B For example, a communication flow could be: Node A (root) --> Node B
--> Node E --> Node G (RUL) --> Node E --> Node G (RUL)
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from source (6LBR) to destination (RUL). packet goes through from source (6LBR) to destination (RUL).
In the 6LBR the RH3 is added, it is modified at each intermediate 6LR In the 6LBR, the RH3 is added; it is then modified at each
(6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n), intermediate 6LR (6LR_1 and so on), and it is fully consumed in the
but left there. As the RPI is added, then the IPv6 node which does last 6LR (6LR_n) but is left in place. When the RPI is added, the
not understand the RPI, will ignore it (following RFC8200), thus IPv6 node, which does not understand the RPI, will ignore it (per
encapsulation is not necessary. RFC8200); thus, encapsulation is not necessary.
The Figure 15 depicts the table that summarizes what headers are The Figure 15 depicts the table that summarizes what headers are
needed for this use case. needed for this use case.
+-----------+----------+--------------+----------------+----------+ +-----------+----------+--------------+----------------+----------+
| Header | 6LBR | 6LR_i | 6LR_n | RUL | | Header | 6LBR | 6LR_i | 6LR_n | RUL |
| | src | i=(1,..,n-1) | | dst | | | src | i=(1,..,n-1) | | dst |
| | | | | | | | | | | |
+-----------+----------+--------------+----------------+----------+ +-----------+----------+--------------+----------------+----------+
| Added | RPI, RH3 | -- | -- | -- | | Added | RPI, RH3 | -- | -- | -- |
| headers | | | | | | headers | | | | |
+-----------+----------+--------------+----------------+----------+ +-----------+----------+--------------+----------------+----------+
| Modified | -- | RPI, RH3 | RPI, | -- | | Modified | -- | RPI, RH3 | RPI, | -- |
| headers | | | RH3(consumed) | | | headers | | | RH3(consumed) | |
+-----------+----------+--------------+----------------+----------+ +-----------+----------+--------------+----------------+----------+
| Removed | -- | -- | | -- | | Removed | -- | -- | -- | -- |
| headers | | | | | | headers | | | | |
+-----------+----------+--------------+----------------+----------+ +-----------+----------+--------------+----------------+----------+
| Untouched | -- | -- | -- | RPI, RH3 | | Untouched | -- | -- | -- | RPI, RH3 |
| headers | | | | (both | | headers | | | | (both |
| | | | | ignored) | | | | | | ignored) |
+-----------+----------+--------------+----------------+----------+ +-----------+----------+--------------+----------------+----------+
Figure 15: Non-SM: Summary of the use of headers from root to RUL Figure 15: Non-SM: Summary of the use of headers from root to RUL
8.1.4. Non-SM: Example of Flow from RUL to root 8.1.4. Non-SM: Example of Flow from RUL to root
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node) --> 6LR_1 --> 6LR_i --> root (6LBR) dst RUL (IPv6 src node) --> 6LR_1 --> 6LR_i --> root (6LBR) dst
For example, a communication flow could be: Node G --> Node E --> For example, a communication flow could be: Node G --> Node E -->
Node B --> Node A (root) Node B --> Node A (root)
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from source (RUL) to destination (6LBR). For packet goes through from source (RUL) to destination (6LBR). For
example, 6LR_1 (i=1) is the router that receives the packets from the example, 6LR_1 (i=1) is the router that receives the packets from the
IPv6 node. IPv6 node.
In this case the RPI is added by the first 6LR (6LR1) (Node E), In this case, the RPI is added by the first 6LR (6LR_1) (Node E),
encapsulated in an IPv6-in-IPv6 header, and is modified in the encapsulated in an IPv6-in-IPv6 header, and modified in the
following 6LRs. The RPI and the entire packet is consumed by the subsequent 6LRs in the flow. The RPI and the entire packet is
root. consumed by the root.
The Figure 16 shows the table that summarizes what headers are needed The Figure 16 shows the table that summarizes what headers are needed
for this use case. for this use case.
+---------+----+-----------------+-----------------+-----------------+ +---------+----+-----------------+-----------------+-----------------+
| |RUL | | | | | |RUL | | | |
| Header |src | 6LR_1 | 6LR_i | 6LBR dst | | Header |src | 6LR_1 | 6LR_i | 6LBR dst |
| |node| | | | | |node| | | |
+---------+----+-----------------+-----------------+-----------------+ +---------+----+-----------------+-----------------+-----------------+
| Added | -- |IPv6-in-IPv6(RPI)| -- | -- | | Added | -- |IPv6-in-IPv6(RPI)| -- | -- |
skipping to change at page 37, line 47 skipping to change at page 37, line 47
8.2.1. Non-SM: Example of Flow from RAL to Internet 8.2.1. Non-SM: Example of Flow from RAL to Internet
In this case the flow comprises: In this case the flow comprises:
RAL (6LN) src --> 6LR_i --> root (6LBR) --> Internet dst RAL (6LN) src --> 6LR_i --> root (6LBR) --> Internet dst
For example, a communication flow could be: Node F (RAL) --> Node D For example, a communication flow could be: Node F (RAL) --> Node D
--> Node B --> Node A --> Internet --> Node B --> Node A --> Internet
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from source (RAL) to 6LBR. packet goes through from source (RAL) to 6LBR.
In this case, the encapsulation from the RAL to the root is optional. In this case, the encapsulation from the RAL to the root is optional.
The simplest case is when the RPI gets to the Internet (as the table The simplest case is when the RPI gets to the Internet (as the table
show it), knowing that the Internet is going to ignore it. show it), knowing that the Internet is going to ignore it.
The IPv6 flow label should be set to zero to aid in compression The IPv6 flow label should be set to zero to aid in compression
[RFC8138], and the 6LBR will set it to a non-zero value when sending [RFC8138], and the 6LBR will set it to a non-zero value when sending
towards the Internet [RFC6437]. towards the Internet [RFC6437].
skipping to change at page 39, line 7 skipping to change at page 39, line 7
with encapsulation to the root with encapsulation to the root
8.2.2. Non-SM: Example of Flow from Internet to RAL 8.2.2. Non-SM: Example of Flow from Internet to RAL
In this case the flow comprises: In this case the flow comprises:
Internet --> root (6LBR) --> 6LR_i --> RAL dst (6LN) Internet --> root (6LBR) --> 6LR_i --> RAL dst (6LN)
For example, a communication flow could be: Internet --> Node A For example, a communication flow could be: Internet --> Node A
(root) --> Node B --> Node D --> Node F (RAL) (root) --> Node B --> Node D --> Node F (RAL)
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from 6LBR to destination (RAL). packet goes through from 6LBR to destination (RAL).
The 6LBR must add an RH3 header. As the 6LBR will know the path and The 6LBR must add a RH3 header. As the 6LBR will know the path and
address of the target node, it can address the IPv6-in-IPv6 header to address of the target node, it can address the IPv6-in-IPv6 header to
that node. The 6LBR will zero the flow label upon entry in order to that node. The 6LBR will zero the flow label upon entry in order to
aid compression [RFC8138]. aid compression [RFC8138].
The Table 11 summarizes what headers are needed for this use case. The Table 11 summarizes what headers are needed for this use case.
+-----------+----------+--------------+--------------+--------------+ +-----------+----------+--------------+--------------+--------------+
| Header | Internet | 6LBR | 6LR_i | RAL dst | | Header | Internet | 6LBR | 6LR_i | RAL dst |
| | src | | | | | | src | | | |
+-----------+----------+--------------+--------------+--------------+ +-----------+----------+--------------+--------------+--------------+
skipping to change at page 39, line 45 skipping to change at page 39, line 45
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node) --> 6LR_1 --> 6LR_i -->root (6LBR) --> Internet RUL (IPv6 src node) --> 6LR_1 --> 6LR_i -->root (6LBR) --> Internet
dst dst
For example, a communication flow could be: Node G --> Node E --> For example, a communication flow could be: Node G --> Node E -->
Node B --> Node A --> Internet Node B --> Node A --> Internet
6LR_i are the intermediate routers from source to destination. In 6LR_i are the intermediate routers from source to destination. In
this case, "1 <= i <= n", n is the number of routers (6LR) that the this case, "1 <= i <= n", where n is the number of routers (6LRs)
packet goes through from source (RUL) to 6LBR, e.g. 6LR_1 (i=1). that the packet goes through from the source (RUL) to the 6LBR, e.g.,
6LR_1 (i=1).
In this case the flow label is recommended to be zero in the IPv6 In this case the flow label is recommended to be zero in the IPv6
node. As RPL headers are added in the IPv6 node packet, the first node. As RPL headers are added in the IPv6 node packet, the first
6LR (6LR_1) will add a RPI inside a new IPv6-in-IPv6 header. The 6LR (6LR_1) will add a RPI inside a new IPv6-in-IPv6 header. The
IPv6-in-IPv6 header will be addressed to the root. This case is IPv6-in-IPv6 header will be addressed to the root. This case is
identical to the storing-mode case (see Section 7.2.3). identical to the storing-mode case (see Section 7.2.3).
The Figure 17 shows the table that summarizes what headers are needed The Figure 17 shows the table that summarizes what headers are needed
for this use case. for this use case.
skipping to change at page 40, line 39 skipping to change at page 40, line 39
8.2.4. Non-SM: Example of Flow from Internet to RUL 8.2.4. Non-SM: Example of Flow from Internet to RUL
In this case the flow comprises: In this case the flow comprises:
Internet src --> root (6LBR) --> 6LR_i --> RUL (IPv6 dst node) Internet src --> root (6LBR) --> 6LR_i --> RUL (IPv6 dst node)
For example, a communication flow could be: Internet --> Node A For example, a communication flow could be: Internet --> Node A
(root) --> Node B --> Node E --> Node G (root) --> Node B --> Node E --> Node G
6LR_i are the intermediate routers from source to destination. In 6LR_i represents the intermediate routers from source to destination.
this case, "1 <= i <= n", n is the number of routers (6LR) that the In this case, 1 <= i <= n, n is the number of routers (6LR) that the
packet goes through from 6LBR to RUL. packet goes through from 6LBR to RUL.
The 6LBR must add an RH3 header inside an IPv6-in-IPv6 header. The The 6LBR must add a RH3 header inside an IPv6-in-IPv6 header. The
6LBR will know the path, and will recognize that the final node is 6LBR will know the path, and will recognize that the final node is
not an RPL capable node as it will have received the connectivity DAO not a RPL capable node as it will have received the connectivity DAO
from the nearest 6LR. The 6LBR can therefore make the IPv6-in-IPv6 from the nearest 6LR. The 6LBR can therefore make the IPv6-in-IPv6
header destination be the last 6LR. The 6LBR will set to zero the header destination be the last 6LR. The 6LBR will set to zero the
flow label upon entry in order to aid compression [RFC8138]. flow label upon entry in order to aid compression [RFC8138].
The Figure 18 shows the table that summarizes what headers are needed The Figure 18 shows the table that summarizes what headers are needed
for this use case. for this use case.
+----------+--------+------------------+-----------+-----------+-----+ +----------+--------+------------------+-----------+-----------+-----+
| Header |Internet| 6LBR | 6LR_i | 6LR_n | RUL | | Header |Internet| 6LBR | 6LR_i | 6LR_n | RUL |
| | src | | | | dst | | | src | | | | dst |
skipping to change at page 41, line 25 skipping to change at page 41, line 25
| Removed | -- | -- | -- | IP6-IP6 | -- | | Removed | -- | -- | -- | IP6-IP6 | -- |
| headers | | | | (RH3,RPI) | | | headers | | | | (RH3,RPI) | |
+----------+--------+------------------+-----------+-----------+-----+ +----------+--------+------------------+-----------+-----------+-----+
|Untouched | -- | -- | -- | -- | -- | |Untouched | -- | -- | -- | -- | -- |
| headers | | | | | | | headers | | | | | |
+----------+--------+------------------+-----------+-----------+-----+ +----------+--------+------------------+-----------+-----------+-----+
Figure 18: Non-SM: Summary of the use of headers from Internet to Figure 18: Non-SM: Summary of the use of headers from Internet to
RUL. RUL.
8.3. Non-SM: Interaction between Leafs 8.3. Non-SM: Interaction between leaves
In this section is described the communication flow in Non Storing In this section is described the communication flow in Non Storing
Mode (Non-SM) between, Mode (Non-SM) between,
RAL to RAL RAL to RAL
RAL to RUL RAL to RUL
RUL to RAL RUL to RAL
skipping to change at page 41, line 48 skipping to change at page 41, line 48
8.3.1. Non-SM: Example of Flow from RAL to RAL 8.3.1. Non-SM: Example of Flow from RAL to RAL
In this case the flow comprises: In this case the flow comprises:
RAL src --> 6LR_ia --> root (6LBR) --> 6LR_id --> RAL dst RAL src --> 6LR_ia --> root (6LBR) --> 6LR_id --> RAL dst
For example, a communication flow could be: Node F (RAL src)--> Node For example, a communication flow could be: Node F (RAL src)--> Node
D --> Node B --> Node A (root) --> Node B --> Node E --> Node H (RAL D --> Node B --> Node A (root) --> Node B --> Node E --> Node H (RAL
dst) dst)
6LR_ia are the intermediate routers from source to the root In this 6LR_ia represents the intermediate routers from source to the root In
case, 1 <= ia <= n, n is the number of routers (6LR) that the packet this case, 1 <= ia <= n, n is the number of routers (6LR) that the
goes through from RAL to the root. packet goes through from RAL to the root.
6LR_id are the intermediate routers from the root to the destination. 6LR_id represents the intermediate routers from the root to the
In this case, "1 <= ia <= m", m is the number of the intermediate destination. In this case, 1 <= id <= m, m is the number of the
routers (6LR). intermediate routers (6LR).
This case involves only nodes in same RPL Domain. The originating This case involves only nodes in same RPL domain. The originating
node will add a RPI to the original packet, and send the packet node will add a RPI to the original packet, and send the packet
upwards. upwards.
The originating node may put the RPI (RPI1) into an IPv6-in-IPv6 The originating node may put the RPI (RPI1) into an IPv6-in-IPv6
header addressed to the root, so that the 6LBR can remove that header addressed to the root, so that the 6LBR can remove that
header. If it does not, then the RPI1 is forwarded down from the header. If it does not, then the RPI1 is forwarded down from the
root in the inner header to no avail. root in the inner header to no avail.
The 6LBR will need to insert an RH3 header, which requires that it The 6LBR will need to insert a RH3 header, which requires that it add
add an IPv6-in-IPv6 header. It should be able to remove the an IPv6-in-IPv6 header. It should be able to remove the RPI(RPI1),
RPI(RPI1), as it was contained in an IPv6-in-IPv6 header addressed to as it was contained in an IPv6-in-IPv6 header addressed to it.
it. Otherwise, there may be a RPI buried inside the inner IP header, Otherwise, there may be a RPI buried inside the inner IP header,
which should get ignored. The root inserts a RPI (RPI2) alongside which should get ignored. The root inserts a RPI (RPI2) alongside
the RH3. the RH3.
Networks that use the RPL P2P extension [RFC6997] are essentially Networks that use the RPL P2P extension [RFC6997] are essentially
non-storing DODAGs and fall into this scenario or scenario non-storing DODAGs and fall into this scenario or scenario
Section 8.1.2, with the originating node acting as 6LBR. Section 8.1.2, with the originating node acting as 6LBR.
The Figure 19 shows the table that summarizes what headers are needed The Figure 19 shows the table that summarizes what headers are needed
for this use case when encapsulation to the root takes place. for this use case when encapsulation to the root takes place.
The Figure 20 shows the table that summarizes what headers are needed The Figure 20 shows the table that summarizes what headers are needed
for this use case when there is no encapsulation to the root. for this use case when there is no encapsulation to the root.
+---------+-------+----------+------------+----------+------------+ +---------+-------+----------+------------+----------+------------+
| Header | RAL | 6LR_ia | 6LBR | 6LR_id | RAL | | Header | RAL | 6LR_ia | 6LBR | 6LR_id | RAL |
| | src | | | | dst | | | src | | | | dst |
+---------+-------+----------+------------+----------+------------+ +---------+-------+----------+------------+----------+------------+
| Added |IP6-IP6| | IP6-IP6 | -- | -- | | Added |IP6-IP6| | IP6-IP6 | -- | -- |
| headers |(RPI1) | |(RH3-> RAL, | | | | headers |(RPI1) | -- |(RH3-> RAL, | | |
| | | | RPI2) | | | | | | | RPI2) | | |
+---------+-------+----------+------------+----------+------------+ +---------+-------+----------+------------+----------+------------+
| Modified| -- | IP6-IP6 | -- | IP6-IP6 | -- | | Modified| -- | IP6-IP6 | -- | IP6-IP6 | -- |
| headers | | (RPI1) | |(RH3,RPI) | | | headers | | (RPI1) | |(RH3,RPI) | |
+---------+-------+----------+------------+----------+------------+ +---------+-------+----------+------------+----------+------------+
| Removed | -- | -- | IP6-IP6 | -- | IP6-IP6 | | Removed | -- | -- | IP6-IP6 | -- | IP6-IP6 |
| headers | | | (RPI1) | | (RH3, | | headers | | | (RPI1) | | (RH3, |
| | | | | | RPI2) | | | | | | | RPI2) |
+---------+-------+----------+------------+----------+------------+ +---------+-------+----------+------------+----------+------------+
|Untouched| -- | -- | -- | -- | -- | |Untouched| -- | -- | -- | -- | -- |
| headers | | | | | | | headers | | | | | |
+---------+-------+----------+------------+----------+------------+ +---------+-------+----------+------------+----------+------------+
Figure 19: Non-SM: Summary of the use of headers for RAL to RAL with Figure 19: Non-SM: Summary of the Use of Headers from RAL to RAL with
encapsulation to the root. encapsulation to the root.
+-----------+------+--------+---------+---------+---------+ +-----------+------+--------+---------+---------+---------+
| Header | RAL | 6LR_ia | 6LBR | 6LR_id | RAL | | Header | RAL | 6LR_ia | 6LBR | 6LR_id | RAL |
+-----------+------+--------+---------+---------+---------+ +-----------+------+--------+---------+---------+---------+
| Inserted | RPI1 | -- | IP6-IP6 | -- | -- | | Inserted | RPI1 | -- | IP6-IP6 | -- | -- |
| headers | | | (RH3, | | | | headers | | | (RH3, | | |
| | | | RPI2) | | | | | | | RPI2) | | |
+-----------+------+--------+---------+---------+---------+ +-----------+------+--------+---------+---------+---------+
| Modified | -- | RPI1 | -- | IP6-IP6 | -- | | Modified | -- | RPI1 | -- | IP6-IP6 | -- |
skipping to change at page 43, line 47 skipping to change at page 43, line 47
+-----------+------+--------+---------+---------+---------+ +-----------+------+--------+---------+---------+---------+
| Removed | -- | -- | -- | -- | IP6-IP6 | | Removed | -- | -- | -- | -- | IP6-IP6 |
| headers | | | | | (RH3, | | headers | | | | | (RH3, |
| | | | | | RPI2) | | | | | | | RPI2) |
| | | | | | RPI1 | | | | | | | RPI1 |
+-----------+------+--------+---------+---------+---------+ +-----------+------+--------+---------+---------+---------+
| Untouched | -- | -- | RPI1 | RPI1 | -- | | Untouched | -- | -- | RPI1 | RPI1 | -- |
| headers | | | | | | | headers | | | | | |
+-----------+------+--------+---------+---------+---------+ +-----------+------+--------+---------+---------+---------+
Figure 20: Non-SM: Summary of the use of headers for RAL to RAL Figure 20: Non-SM: Summary of the Use of Headers from RAL to RAL
without encapsulation to the root. without encapsulation to the root.
8.3.2. Non-SM: Example of Flow from RAL to RUL 8.3.2. Non-SM: Example of Flow from RAL to RUL
In this case the flow comprises: In this case the flow comprises:
RAL --> 6LR_ia --> root (6LBR) --> 6LR_id --> RUL (IPv6 dst node) RAL --> 6LR_ia --> root (6LBR) --> 6LR_id --> RUL (IPv6 dst node)
For example, a communication flow could be: Node F (RAL) --> Node D For example, a communication flow could be: Node F (RAL) --> Node D
--> Node B --> Node A (root) --> Node B --> Node E --> Node G (RUL) --> Node B --> Node A (root) --> Node B --> Node E --> Node G (RUL)
6LR_ia are the intermediate routers from source to the root In this 6LR_ia represents the intermediate routers from source to the root In
case, 1 <= ia <= n, n is the number of intermediate routers (6LR) this case, 1 <= ia <= n, n is the number of intermediate routers
(6LR)
6LR_id are the intermediate routers from the root to the destination. 6LR_id represents the intermediate routers from the root to the
In this case, "1 <= ia <= m", m is the number of the intermediate destination. In this case, 1 <= id <= m, m is the number of the
routers (6LRs). intermediate routers (6LRs).
As in the previous case, the RAL (6LN) may insert a RPI (RPI1) header As in the previous case, the RAL (6LN) may insert a RPI (RPI1) header
which must be in an IPv6-in-IPv6 header addressed to the root so that which must be in an IPv6-in-IPv6 header addressed to the root so that
the 6LBR can remove this RPI. The 6LBR will then insert an RH3 the 6LBR can remove this RPI. The 6LBR will then insert a RH3 inside
inside a new IPv6-in-IPv6 header addressed to the last 6LR_id (6LR_id a new IPv6-in-IPv6 header addressed to the last 6LR_id (6LR_id = m)
= m) alongside the insertion of RPI2. alongside the insertion of RPI2.
If the originating node does not not put the RPI (RPI1) into an IPv6- If the originating node does not not put the RPI (RPI1) into an IPv6-
in-IPv6 header addressed to the root. Then, the RPI1 is forwarded in-IPv6 header addressed to the root. Then, the RPI1 is forwarded
down from the root in the inner header to no avail. down from the root in the inner header to no avail.
The Figure 21 shows the table that summarizes what headers are needed The Figure 21 shows the table that summarizes what headers are needed
for this use case when encapsulation to the root takes place. The for this use case when encapsulation to the root takes place. The
Figure 22 shows the table that summarizes what headers are needed for Figure 22 shows the table that summarizes what headers are needed for
this use case when no encapsulation to the root takes place. this use case when no encapsulation to the root takes place.
+-----------+---------+---------+---------+---------+---------+------+ +-----------+---------+---------+---------+---------+---------+------+
| Header | RAL | 6LR_ia | 6LBR | 6LR_id | 6LR_m | RUL | | Header | RAL | 6LR_ia | 6LBR | 6LR_id | 6LR_m | RUL |
| | src | | | | | dst | | | src | | | | | dst |
| | node | | | | | node | | | node | | | | | node |
+-----------+---------+---------+---------+---------+---------+------+ +-----------+---------+---------+---------+---------+---------+------+
| Added | IP6-IP6 | | IP6-IP6 | -- | -- | -- | | Added | IP6-IP6 | | IP6-IP6 | -- | -- | -- |
| headers | (RPI1) | | (RH3, | | | | | headers | (RPI1) | -- | (RH3, | | | |
| | | | RPI2) | | | | | | | | RPI2) | | | |
+-----------+---------+---------+---------+---------+---------+------+ +-----------+---------+---------+---------+---------+---------+------+
| Modified | -- | IP6-IP6 | -- | IP6-IP6 | | -- | | Modified | -- | IP6-IP6 | -- | IP6-IP6 | | -- |
| headers | | (RPI1) | | (RH3, | | | | headers | | (RPI1) | | (RH3, | -- | |
| | | | | RPI2) | | | | | | | | RPI2) | | |
+-----------+---------+---------+---------+---------+---------+------+ +-----------+---------+---------+---------+---------+---------+------+
| Removed | -- | -- | IP6-IP6 | -- | IP6-IP6 | -- | | Removed | -- | -- | IP6-IP6 | -- | IP6-IP6 | -- |
| headers | | | (RPI1) | | (RH3, | | | headers | | | (RPI1) | | (RH3, | |
| | | | | | RPI2) | | | | | | | | RPI2) | |
+-----------+---------+---------+---------+---------+---------+------+ +-----------+---------+---------+---------+---------+---------+------+
| Untouched | -- | -- | -- | -- | -- | -- | | Untouched | -- | -- | -- | -- | -- | -- |
| headers | | | | | | | | headers | | | | | | |
+-----------+---------+---------+---------+---------+---------+------+ +-----------+---------+---------+---------+---------+---------+------+
skipping to change at page 46, line 15 skipping to change at page 46, line 15
8.3.3. Non-SM: Example of Flow from RUL to RAL 8.3.3. Non-SM: Example of Flow from RUL to RAL
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node) --> 6LR_1 --> 6LR_ia --> root (6LBR) --> 6LR_id RUL (IPv6 src node) --> 6LR_1 --> 6LR_ia --> root (6LBR) --> 6LR_id
--> RAL dst (6LN) --> RAL dst (6LN)
For example, a communication flow could be: Node G (RUL)--> Node E For example, a communication flow could be: Node G (RUL)--> Node E
--> Node B --> Node A (root) --> Node B --> Node E --> Node H (RAL) --> Node B --> Node A (root) --> Node B --> Node E --> Node H (RAL)
6LR_ia are the intermediate routers from source to the root. In this 6LR_ia represents the intermediate routers from source to the root.
case, 1 <= ia <= n, n is the number of intermediate routers (6LR) In this case, 1 <= ia <= n, n is the number of intermediate routers
(6LR)
6LR_id are the intermediate routers from the root to the destination. 6LR_id represents the intermediate routers from the root to the
In this case, "1 <= ia <= m", m is the number of the intermediate destination. In this case, 1 <= id <= m, m is the number of the
routers (6LR). intermediate routers (6LR).
In this scenario the RPI (RPI1) is added by the first 6LR (6LR_1) In this scenario the RPI (RPI1) is added by the first 6LR (6LR_1)
inside an IPv6-in-IPv6 header addressed to the root. The 6LBR will inside an IPv6-in-IPv6 header addressed to the root. The 6LBR will
remove this RPI, and add it's own IPv6-in-IPv6 header containing an remove this RPI, and add it's own IPv6-in-IPv6 header containing a
RH3 header and an RPI (RPI2). RH3 header and a RPI (RPI2).
The Figure 23 shows the table that summarizes what headers are needed The Figure 23 shows the table that summarizes what headers are needed
for this use case. for this use case.
+----------+------+---------+---------+---------+---------+---------+ +----------+------+---------+---------+---------+---------+---------+
| Header | RUL | 6LR_1 | 6LR_ia | 6LBR | 6LR_id | RAL | | Header | RUL | 6LR_1 | 6LR_ia | 6LBR | 6LR_id | RAL |
| | src | | | | | dst | | | src | | | | | dst |
| | node | | | | | node | | | node | | | | | node |
+----------+------+---------+---------+---------+---------+---------+ +----------+------+---------+---------+---------+---------+---------+
| Added | -- | IP6-IP6 | -- | IP6-IP6 | -- | -- | | Added | -- | IP6-IP6 | -- | IP6-IP6 | -- | -- |
| headers | | (RPI1) | | (RH3, | | | | headers | | (RPI1) | | (RH3, | | |
| | | | | RPI2) | | | | | | | | RPI2) | | |
+----------+------+---------+---------+---------+---------+---------+ +----------+------+---------+---------+---------+---------+---------+
| Modified | -- | | IP6-IP6 | -- | IP6-IP6 | -- | | Modified | -- | | IP6-IP6 | -- | IP6-IP6 | -- |
| headers | | | (RPI1) | | (RH3, | | | headers | | -- | (RPI1) | | (RH3, | |
| | | | | | RPI2) | | | | | | | | RPI2) | |
+----------+------+---------+---------+---------+---------+---------+ +----------+------+---------+---------+---------+---------+---------+
| Removed | -- | | -- | IP6-IP6 | -- | IP6-IP6 | | Removed | -- | | -- | IP6-IP6 | -- | IP6-IP6 |
| headers | | | | (RPI1) | | (RH3, | | headers | | -- | | (RPI1) | | (RH3, |
| | | | | | | RPI2) | | | | | | | | RPI2) |
+----------+------+---------+---------+---------+---------+---------+ +----------+------+---------+---------+---------+---------+---------+
|Untouched | -- | | -- | -- | -- | -- | |Untouched | -- | -- | -- | -- | -- | -- |
| headers | | | | | | | | headers | | | | | | |
+----------+------+---------+---------+---------+---------+---------+ +----------+------+---------+---------+---------+---------+---------+
Figure 23: Non-SM: Summary of the use of headers from RUL to RAL. Figure 23: Non-SM: Summary of the use of headers from RUL to RAL.
8.3.4. Non-SM: Example of Flow from RUL to RUL 8.3.4. Non-SM: Example of Flow from RUL to RUL
In this case the flow comprises: In this case the flow comprises:
RUL (IPv6 src node) --> 6LR_1 --> 6LR_ia --> root (6LBR) --> 6LR_id RUL (IPv6 src node) --> 6LR_1 --> 6LR_ia --> root (6LBR) --> 6LR_id
--> RUL (IPv6 dst node) --> RUL (IPv6 dst node)
For example, a communication flow could be: Node G --> Node E --> For example, a communication flow could be: Node G --> Node E -->
Node B --> Node A (root) --> Node C --> Node J Node B --> Node A (root) --> Node C --> Node J
6LR_ia are the intermediate routers from source to the root. In this 6LR_ia represents the intermediate routers from source to the root.
case, 1 <= ia <= n, n is the number of intermediate routers (6LR) In this case, 1 <= ia <= n, n is the number of intermediate routers
(6LR)
6LR_id are the intermediate routers from the root to the destination. 6LR_id represents the intermediate routers from the root to the
In this case, "1 <= ia <= m", m is the number of the intermediate destination. In this case, 1 <= id <= m, m is the number of the
routers (6LR). intermediate routers (6LR).
This scenario is the combination of the previous two cases. This scenario is the combination of the previous two cases.
The Figure 24 shows the table that summarizes what headers are needed The Figure 24 shows the table that summarizes what headers are needed
for this use case. for this use case.
+---------+------+-------+-------+---------+-------+---------+------+ +---------+------+-------+-------+---------+-------+---------+------+
| Header | RUL | 6LR_1 | 6LR_ia| 6LBR |6LR_id | 6LR_m | RUL | | Header | RUL | 6LR_1 | 6LR_ia| 6LBR |6LR_id | 6LR_m | RUL |
| | src | | | | | | dst | | | src | | | | | | dst |
| | node | | | | | | node | | | node | | | | | | node |
skipping to change at page 48, line 32 skipping to change at page 48, line 32
artifacts prior to forwarding the packet to the leaf host. The artifacts prior to forwarding the packet to the leaf host. The
critical thing is that the artifacts have been inserted by the RPL critical thing is that the artifacts have been inserted by the RPL
root inside an IPv6-in-IPv6 header, and that the header has been root inside an IPv6-in-IPv6 header, and that the header has been
addressed to the 6LR immediately prior to the leaf node. In that addressed to the 6LR immediately prior to the leaf node. In that
case, in the process of removing the IPv6-in-IPv6 header, the case, in the process of removing the IPv6-in-IPv6 header, the
artifacts can also be removed. artifacts can also be removed.
The above case occurs whenever traffic originates from the outside The above case occurs whenever traffic originates from the outside
the LLN (the "Internet" cases above), and non-storing mode is used. the LLN (the "Internet" cases above), and non-storing mode is used.
In non-storing mode, the RPL root knows the exact topology (as it In non-storing mode, the RPL root knows the exact topology (as it
must be create the RH3 header), and therefore knows what the 6LR must create the RH3 header) and therefore knows which 6LR is prior to
prior to the leaf. For example, in Figure 5, node E is the 6LR prior the leaf. For example, in Figure 6, Node E is the 6LR prior to leaf
to the leaf node G, or node C is the 6LR prior to the leaf node J. Node G, or Node C is the 6LR prior to leaf Node J.
traffic originating from the RPL root (such as when the data traffic originating from the RPL root (such as when the data
collection system is co-located on the RPL root), does not require an collection system is co-located on the RPL root), does not require an
IPv6-in-IPv6 header (in either mode), as the packet is originating at IPv6-in-IPv6 header (in either mode), as the packet is originating at
the root, and the root can insert the RPI and RH3 headers directly the root, and the root can insert the RPI and RH3 headers directly
into the packet, as it is formed. Such a packet is slightly smaller, into the packet, as it is formed. Such a packet is slightly smaller,
but only can be sent to nodes (whether RPL aware or not), that will but only can be sent to nodes (whether RPL aware or not), that will
tolerate the RPL artifacts. tolerate the RPL artifacts.
An operator that finds itself with a lot of traffic from the RPL root An operator that finds itself with a lot of traffic from the RPL root
skipping to change at page 49, line 8 skipping to change at page 49, line 8
could otherwise omit this unnecessary header if it was certain of the could otherwise omit this unnecessary header if it was certain of the
properties of the leaf. properties of the leaf.
As storing mode can not know the final path of the traffic, As storing mode can not know the final path of the traffic,
intolerant (that drop packets with RPL artifacts) leaf nodes can not intolerant (that drop packets with RPL artifacts) leaf nodes can not
be supported. be supported.
10. Operational considerations of introducing 0x23 10. Operational considerations of introducing 0x23
This section describes the operational considerations of introducing This section describes the operational considerations of introducing
the new RPI Option Type of 0x23. the new RPI option Type of 0x23.
During bootstrapping the node gets the DIO with the information of During bootstrapping the node gets the DIO with the information of
RPI Option Type, indicating the new RPI in the DODAG Configuration RPI option Type, indicating the new RPI in the DODAG Configuration
Option Flag. The DODAG root is in charge to configure the current option Flag. The DODAG root is in charge to configure the current
network to the new value, through DIO messages and when all the nodes network to the new value, through DIO messages and when all the nodes
are set with the new value. The DODAG should change to a new DODAG are set with the new value. The DODAG should change to a new DODAG
version. In case of rebooting, the node does not remember the RPI version. In case of rebooting, the node does not remember the RPI
Option Type. Thus, the DIO is sent with a flag indicating the new option Type. Thus, the DIO is sent with a flag indicating the new
RPI Option Type. RPI option Type.
The DODAG Configuration option is contained in a RPL DIO message, The DODAG Configuration option is contained in a RPL DIO message,
which contains a unique DTSN counter. The leaf nodes respond to this which contains a unique DTSN counter. The leaf nodes respond to this
message with DAO messages containing the same DTSN. This is a normal message with DAO messages containing the same DTSN. This is a normal
part of RPL routing; the RPL root therefore knows when the updated part of RPL routing; the RPL root therefore knows when the updated
DODAG Configuration Option has been seen by all nodes. DODAG Configuration option has been seen by all nodes.
Before the migration happens, all the RPL-aware nodes should support Before the migration happens, all the RPL-aware nodes should support
both values . The migration procedure it is triggered when the DIO both values . The migration procedure it is triggered when the DIO
is sent with the flag indicating the new RPI Option Type. Namely, it is sent with the flag indicating the new RPI option Type. Namely, it
remains at 0x63 until it is sure that the network is capable of 0x23, remains at 0x63 until it is sure that the network is capable of 0x23,
then it abruptly change to 0x23. This options allows to send packets then it abruptly change to 0x23. This options allows to send packets
to not-RPL nodes, which should ignore the option and continue to not-RPL nodes, which should ignore the option and continue
processing the packets. processing the packets.
In case that a node join to a network that only process 0x63, it In case that a node join to a network that only process 0x63, it
would produce a flag day as was mentioned previously. Indicating the would produce a flag day as was mentioned previously. Indicating the
new RPI in the DODAG Configuration Option Flag is a way to avoid the new RPI in the DODAG Configuration option Flag is a way to avoid the
flag day in a network. It is recommended that a network process both flag day in a network. It is recommended that a network process both
options to enable interoperability. options to enable interoperability.
11. IANA Considerations 11. IANA Considerations
This document updates the registration made in [RFC6553] Destination This document updates the registration made in [RFC6553] Destination
Options and Hop-by-Hop Options registry from 0x63 to 0x23 as shown in Options and Hop-by-Hop Options registry from 0x63 to 0x23 as shown in
Figure 25. Figure 25.
+-------+-------------------+------------------------+---------- -+ +-------+-------------------+------------------------+---------- -+
skipping to change at page 50, line 26 skipping to change at page 50, line 26
Figure 25: Option Type in RPL Option.(*)represents this document Figure 25: Option Type in RPL Option.(*)represents this document
DODAG Configuration option is updated as follows (Figure 26): DODAG Configuration option is updated as follows (Figure 26):
+------------+-----------------+---------------+ +------------+-----------------+---------------+
| Bit number | Description | Reference | | Bit number | Description | Reference |
+------------+-----------------+---------------+ +------------+-----------------+---------------+
| 3 | RPI 0x23 enable | This document | | 3 | RPI 0x23 enable | This document |
+------------+-----------------+---------------+ +------------+-----------------+---------------+
Figure 26: DODAG Configuration Option Flag to indicate the RPI-flag- Figure 26: DODAG Configuration option Flag to indicate the RPI-flag-
day. day.
12. Security Considerations 12. Security Considerations
The security considerations covered in [RFC6553] and [RFC6554] apply The security considerations covered in [RFC6553] and [RFC6554] apply
when the packets are in the RPL Domain. when the packets are in the RPL Domain.
The IPv6-in-IPv6 mechanism described in this document is much more The IPv6-in-IPv6 mechanism described in this document is much more
limited than the general mechanism described in [RFC2473]. The limited than the general mechanism described in [RFC2473]. The
willingness of each node in the LLN to decapsulate packets and willingness of each node in the LLN to decapsulate packets and
skipping to change at page 51, line 15 skipping to change at page 51, line 15
alert the operator to the existence of the attack, as well as drop alert the operator to the existence of the attack, as well as drop
the attack traffic. As the RPL network is typically numbered from a the attack traffic. As the RPL network is typically numbered from a
single prefix, which is itself assigned by RPL, BCP38 filtering single prefix, which is itself assigned by RPL, BCP38 filtering
involves a single prefix comparison and should be trivial to involves a single prefix comparison and should be trivial to
automatically configure. automatically configure.
There are some scenarios where IPv6-in-IPv6 traffic should be allowed There are some scenarios where IPv6-in-IPv6 traffic should be allowed
to pass through the RPL root, such as the IPv6-in-IPv6 mediated to pass through the RPL root, such as the IPv6-in-IPv6 mediated
communications between a new Pledge and the Join Registrar/ communications between a new Pledge and the Join Registrar/
Coordinator (JRC) when using [I-D.ietf-anima-bootstrapping-keyinfra] Coordinator (JRC) when using [I-D.ietf-anima-bootstrapping-keyinfra]
and [I-D.ietf-6tisch-dtsecurity-secure-join]. This is the case for and [I-D.ietf-6tisch-dtsecurity-zerotouch-join]. This is the case
the RPL root to do careful filtering: it occurs only when the Join for the RPL root to do careful filtering: it occurs only when the
Coordinator is not co-located inside the RPL root. Join Coordinator is not co-located inside the RPL root.
With the above precautions, an attack using IPv6-in-IPv6 tunnels can With the above precautions, an attack using IPv6-in-IPv6 tunnels can
only be by a node within the LLN on another node within the LLN. only be by a node within the LLN on another node within the LLN.
Such an attack could, of course, be done directly. An attack of this Such an attack could, of course, be done directly. An attack of this
kind is meaningful only if the source addresses are either fake or if kind is meaningful only if the source addresses are either fake or if
the point is to amplify return traffic. Such an attack, could also the point is to amplify return traffic. Such an attack, could also
be done without the use of IPv6-in-IPv6 headers using forged source be done without the use of IPv6-in-IPv6 headers using forged source
addresses. If the attack requires bi-directional communication, then addresses. If the attack requires bi-directional communication, then
IPv6-in-IPv6 provides no advantages. IPv6-in-IPv6 provides no advantages.
Whenever IPv6-in-IPv6 headers are being proposed, there is a concern Whenever IPv6-in-IPv6 headers are being proposed, there is a concern
about creating security issues. In the security section of about creating security issues. In the Security Considerations
[RFC2473], it was suggested that tunnel entry and exit points can be section of [RFC2473], it was suggested that tunnel entry and exit
secured, via "Use IPsec". This recommendation is not practical for points can be secured by securing the IPv6 path between them. This
RPL networks. [RFC5406] goes into some detail on what additional recommendation is not practical for RPL networks. [RFC5406] goes
details would be needed in order to "Use IPsec". Use of ESP would into some detail on what additional details would be needed in order
prevent RFC8183 compression (compression must occur before to "Use IPsec". Use of ESP would prevent RFC8138 compression
encryption), and RFC8183 compression is lossy in a way that prevents (compression must occur before encryption), and RFC8138 compression
use of AH. These are minor issues. The major issue is how to is lossy in a way that prevents use of AH. These are minor issues.
establish trust enough such that IKEv2 could be used. This would The major issue is how to establish trust enough such that IKEv2
require a system of certificates to be present in every single node, could be used. This would require a system of certificates to be
including any Internet nodes that might need to communicate with the present in every single node, including any Internet nodes that might
LLN. Thus, "Use IPsec" requires a global PKI in the general case. need to communicate with the LLN. Thus, using IPsec requires a
global PKI in the general case.
More significantly, the use of IPsec tunnels to protect the IPv6-in- More significantly, the use of IPsec tunnels to protect the IPv6-in-
IPv6 headers would in the general case scale with the square of the IPv6 headers would in the general case scale with the square of the
number of nodes. This is a lot of resource for a constrained nodes number of nodes. This is a lot of resource for a constrained nodes
on a constrained network. In the end, the IPsec tunnels would be on a constrained network. In the end, the IPsec tunnels would be
providing only BCP38-like origin authentication! That is, IPsec providing only BCP38-like origin authentication! That is, IPsec
provides a transitive guarantee to the tunnel exit point that the provides a transitive guarantee to the tunnel exit point that the
tunnel entry point did BCP38 on traffic going in. Just doing BCP38 tunnel entry point did BCP38 on traffic going in. Just doing origin
origin filtering at the entry and exit of the LLN provides a similar filtering per BCP 38 at the entry and exit of the LLN provides a
level amount of security without all the scaling and trust problems similar level of security without all the scaling and trust problems
of using IPsec as RFC2473 suggested. IPsec is not recommended. related to IPv6 tunnels as discussed in RFC 2473. IPsec is not
recommended.
An LLN with hostile nodes within it would not be protected against An LLN with hostile nodes within it would not be protected against
impersonation with the LLN by entry/exit filtering. impersonation with the LLN by entry/exit filtering.
The RH3 header usage described here can be abused in equivalent ways The RH3 header usage described here can be abused in equivalent ways
(to disguise the origin of traffic and attack other nodes) with an (to disguise the origin of traffic and attack other nodes) with an
IPv6-in-IPv6 header to add the needed RH3 header. As such, the IPv6-in-IPv6 header to add the needed RH3 header. As such, the
attacker's RH3 header will not be seen by the network until it attacker's RH3 header will not be seen by the network until it
reaches the end host, which will decapsulate it. An end-host should reaches the end host, which will decapsulate it. An end-host should
be suspicious about a RH3 header which has additional hops which have be suspicious about a RH3 header which has additional hops which have
not yet been processed, and SHOULD ignore such a second RH3 header. not yet been processed, and SHOULD ignore such a second RH3 header.
In addition, the LLN will likely use [RFC8138] to compress the IPv6- In addition, the LLN will likely use [RFC8138] to compress the IPv6-
in-IPv6 and RH3 headers. As such, the compressor at the RPL-root in-IPv6 and RH3 headers. As such, the compressor at the RPL-root
will see the second RH3 header and MAY choose to discard the packet will see the second RH3 header and MAY choose to discard the packet
if the RH3 header has not been completely consumed. A consumed if the RH3 header has not been completely consumed. A consumed
(inert) RH3 header could be present in a packet that flows from one (inert) RH3 header could be present in a packet that flows from one
LLN, crosses the Internet, and enters another LLN. As per the LLN, crosses the Internet, and enters another LLN. As per the
discussion in this document, such headers do not need to be removed. discussion in this document, such headers do not need to be removed.
However, there is no case described in this document where an RH3 is However, there is no case described in this document where a RH3 is
inserted in a non-storing network on traffic that is leaving the LLN, inserted in a non-storing network on traffic that is leaving the LLN,
but this document should not preclude such a future innovation. It but this document should not preclude such a future innovation. It
should just be noted that an incoming RH3 must be fully consumed, or should just be noted that an incoming RH3 must be fully consumed, or
very carefully inspected. very carefully inspected.
The RPI, if permitted to enter the LLN, could be used by an attacker The RPI, if permitted to enter the LLN, could be used by an attacker
to change the priority of a packet by selecting a different to change the priority of a packet by selecting a different
RPLInstanceID, perhaps one with a higher energy cost, for instance. RPLInstanceID, perhaps one with a higher energy cost, for instance.
It could also be that not all nodes are reachable in an LLN using the It could also be that not all nodes are reachable in an LLN using the
default instanceID, but a change of instanceID would permit an default RPLInstanceID, but a change of RPLInstanceID would permit an
attacker to bypass such filtering. Like the RH3, a RPI is to be attacker to bypass such filtering. Like the RH3, a RPI is to be
inserted by the RPL root on traffic entering the LLN by first inserted by the RPL root on traffic entering the LLN by first
inserting an IPv6-in-IPv6 header. The attacker's RPI therefore will inserting an IPv6-in-IPv6 header. The attacker's RPI therefore will
not be seen by the network. Upon reaching the destination node the not be seen by the network. Upon reaching the destination node the
RPI has no further meaning and is just skipped; the presence of a RPI has no further meaning and is just skipped; the presence of a
second RPI will have no meaning to the end node as the packet has second RPI will have no meaning to the end node as the packet has
already been identified as being at it's final destination. already been identified as being at it's final destination.
The RH3 and RPIs could be abused by an attacker inside of the network The RH3 and RPIs could be abused by an attacker inside of the network
to route packets on non-obvious ways, perhaps eluding observation. to route packets on non-obvious ways, perhaps eluding observation.
skipping to change at page 55, line 44 skipping to change at page 55, line 49
cameras-reportedly-deliver-internets-biggest-ddos-ever/>. cameras-reportedly-deliver-internets-biggest-ddos-ever/>.
[I-D.ietf-6lo-ap-nd] [I-D.ietf-6lo-ap-nd]
Thubert, P., Sarikaya, B., Sethi, M., and R. Struik, Thubert, P., Sarikaya, B., Sethi, M., and R. Struik,
"Address Protected Neighbor Discovery for Low-power and "Address Protected Neighbor Discovery for Low-power and
Lossy Networks", draft-ietf-6lo-ap-nd-19 (work in Lossy Networks", draft-ietf-6lo-ap-nd-19 (work in
progress), February 2020. progress), February 2020.
[I-D.ietf-6lo-backbone-router] [I-D.ietf-6lo-backbone-router]
Thubert, P., Perkins, C., and E. Levy-Abegnoli, "IPv6 Thubert, P., Perkins, C., and E. Levy-Abegnoli, "IPv6
Backbone Router", draft-ietf-6lo-backbone-router-16 (work Backbone Router", draft-ietf-6lo-backbone-router-17 (work
in progress), February 2020. in progress), February 2020.
[I-D.ietf-6tisch-dtsecurity-secure-join] [I-D.ietf-6tisch-dtsecurity-zerotouch-join]
Richardson, M., "6tisch Secure Join protocol", draft-ietf- Richardson, M., "6tisch Zero-Touch Secure Join protocol",
6tisch-dtsecurity-secure-join-01 (work in progress), draft-ietf-6tisch-dtsecurity-zerotouch-join-04 (work in
February 2017. progress), July 2019.
[I-D.ietf-anima-autonomic-control-plane] [I-D.ietf-anima-autonomic-control-plane]
Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic
Control Plane (ACP)", draft-ietf-anima-autonomic-control- Control Plane (ACP)", draft-ietf-anima-autonomic-control-
plane-22 (work in progress), February 2020. plane-22 (work in progress), February 2020.
[I-D.ietf-anima-bootstrapping-keyinfra] [I-D.ietf-anima-bootstrapping-keyinfra]
Pritikin, M., Richardson, M., Eckert, T., Behringer, M., Pritikin, M., Richardson, M., Eckert, T., Behringer, M.,
and K. Watsen, "Bootstrapping Remote Secure Key and K. Watsen, "Bootstrapping Remote Secure Key
Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping-
 End of changes. 128 change blocks. 
261 lines changed or deleted 273 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/