| < draft-thubert-6lo-rfc6775-update-reqs-02.txt | draft-thubert-6lo-rfc6775-update-reqs-03.txt > | |||
|---|---|---|---|---|
| 6Lo P. Thubert, Ed. | 6Lo P. Thubert, Ed. | |||
| Internet-Draft cisco | Internet-Draft cisco | |||
| Intended status: Standards Track August 19, 2014 | Intended status: Standards Track August 20, 2014 | |||
| Expires: February 18, 2015 | Expires: February 19, 2015 | |||
| Requirements for an update to 6LoWPAN ND | Requirements for an update to 6LoWPAN ND | |||
| draft-thubert-6lo-rfc6775-update-reqs-02 | draft-thubert-6lo-rfc6775-update-reqs-03 | |||
| Abstract | Abstract | |||
| Work presented at the 6lo, 6TiSCH and 6MAN working groups suggest | Work presented at the ROLL, 6lo, 6TiSCH and 6MAN Working Groups | |||
| that enhancements to the 6LoWPAN ND mechanism. This document | suggest that enhancements to the 6LoWPAN ND mechanism are now needed. | |||
| elaborates on such requirements. | This document elaborates on those requirements and suggests | |||
| approaches to serve them. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 18, 2015. | This Internet-Draft will expire on February 19, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (http://trustee.ietf.org/ | Provisions Relating to IETF Documents (http://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 12 ¶ | skipping to change at page 2, line 13 ¶ | |||
| 3.1. RPL Leaf Support in 6LoWPAN ND . . . . . . . . . . . . . . 5 | 3.1. RPL Leaf Support in 6LoWPAN ND . . . . . . . . . . . . . . 5 | |||
| 3.2. registration Failures Due to Movement . . . . . . . . . . 6 | 3.2. registration Failures Due to Movement . . . . . . . . . . 6 | |||
| 3.3. Proxy registration . . . . . . . . . . . . . . . . . . . . 6 | 3.3. Proxy registration . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.4. Target Registration . . . . . . . . . . . . . . . . . . . 6 | 3.4. Target Registration . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.5. RPL root vs. 6LBR . . . . . . . . . . . . . . . . . . . . 7 | 3.5. RPL root vs. 6LBR . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.6. Securing the Registration . . . . . . . . . . . . . . . . 7 | 3.6. Securing the Registration . . . . . . . . . . . . . . . . 7 | |||
| 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.1. Requirements Related to Mobility . . . . . . . . . . . . . 8 | 4.1. Requirements Related to Mobility . . . . . . . . . . . . . 8 | |||
| 4.2. Requirements Related to Routing Protocols . . . . . . . . 8 | 4.2. Requirements Related to Routing Protocols . . . . . . . . 8 | |||
| 4.3. Requirements Related to the Variety of Low-Power Link types 9 | 4.3. Requirements Related to the Variety of Low-Power Link types 9 | |||
| 4.4. Requirements Related to Proxy Operations . . . . . . . . . 9 | 4.4. Requirements Related to Proxy Operations . . . . . . . . . 10 | |||
| 4.5. Requirements Related to Security . . . . . . . . . . . . . 10 | 4.5. Requirements Related to Security . . . . . . . . . . . . . 10 | |||
| 4.6. Requirements Related to Low-Power devices . . . . . . . . 10 | 4.6. Requirements Related to Low-Power devices . . . . . . . . 10 | |||
| 5. Suggested Changes to Protocol Elements . . . . . . . . . . . . 10 | 5. Suggested Changes to Protocol Elements . . . . . . . . . . . . 10 | |||
| 5.1. ND Neighbor Solicitation (NS) . . . . . . . . . . . . . . 10 | 5.1. ND Neighbor Solicitation (NS) . . . . . . . . . . . . . . 10 | |||
| 5.2. ND Router Advertisement (RA) . . . . . . . . . . . . . . . 10 | 5.2. ND Router Advertisement (RA) . . . . . . . . . . . . . . . 11 | |||
| 5.3. RPL DODAG Information Object (DIO) . . . . . . . . . . . . 11 | 5.3. RPL DODAG Information Object (DIO) . . . . . . . . . . . . 11 | |||
| 5.4. ND Enhanced Address Registration Option (EARO) . . . . . . 11 | 5.4. ND Enhanced Address Registration Option (EARO) . . . . . . 11 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 12 | 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 13 | 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 1. Introduction | 1. Introduction | |||
| A number of use cases, including the Industrial Internet, require a | A number of use cases, including the Industrial Internet, require a | |||
| large scale deployment of sensors that can not be realized with wires | large scale deployment of sensors that can not be realized with wires | |||
| and is only feasible over wireless Low power and Lossy Network (LLN) | and is only feasible over wireless Low power and Lossy Network (LLN) | |||
| technologies. When simpler hub-and-spoke topologies are not | technologies. When simpler hub-and-spoke topologies are not | |||
| sufficient for the expected throughput and density, mesh networks | sufficient for the expected throughput and density, mesh networks | |||
| must be deployed, which implies the concepts of hosts and routers, | must be deployed, which implies the concepts of hosts and routers, | |||
| skipping to change at page 3, line 15 ¶ | skipping to change at page 3, line 15 ¶ | |||
| At the same time, new work at 6MAN on Efficiency aware IPv6 Neighbor | At the same time, new work at 6MAN on Efficiency aware IPv6 Neighbor | |||
| Discovery Optimizations [I-D.chakrabarti-nordmark-6man-efficient-nd] | Discovery Optimizations [I-D.chakrabarti-nordmark-6man-efficient-nd] | |||
| suggests that 6LoWPAN ND can be extended to other types of networks | suggests that 6LoWPAN ND can be extended to other types of networks | |||
| on top of the Low power and Lossy Networks (LLNs) for which it was | on top of the Low power and Lossy Networks (LLNs) for which it was | |||
| already defined. The value of such extension is especially apparent | already defined. The value of such extension is especially apparent | |||
| in the case of mobile wireless devices, to reduce the multicast | in the case of mobile wireless devices, to reduce the multicast | |||
| operations that are related to classical ND ([RFC4861], [RFC4862]) | operations that are related to classical ND ([RFC4861], [RFC4862]) | |||
| and plague the wireless medium. In this context also, there is a | and plague the wireless medium. In this context also, there is a | |||
| need for additions to the protocol. | need for additions to the protocol. | |||
| The"Optimistic Duplicate Address Detection" [RFC4429](ODAD) | The Optimistic Duplicate Address Detection [RFC4429] (ODAD) | |||
| specification details how an address can be used before a Duplicate | specification details how an address can be used before a Duplicate | |||
| Address Detection (DAD) is complete, and insists that an address that | Address Detection (DAD) is complete, and insists that an address that | |||
| is TENTATIVE should not be associated to a Source Link-Layer Address | is TENTATIVE should not be associated to a Source Link-Layer Address | |||
| Option in a Neighbor Solicitation message. As we expect the 6LoWPAN | Option in a Neighbor Solicitation message. As we expect the 6LoWPAN | |||
| ND protocol for a more general use, it can make sense to keep | ND protocol for a more general use, it can make sense to keep | |||
| respecting that rule, which is another change to the specification. | respecting that rule, which is another change to the specification. | |||
| This document proposes a limited evolution to [RFC6775] so as to | This document suggests a limited evolution to [RFC6775] so as to | |||
| allow operation of a 6LoWPAN ND node as a leaf to a RPL network, and | allow operation of a 6LoWPAN ND node as a leaf in a RPL network. It | |||
| enable a more generalized use of the formats therein outside of the | also suggests a more generalized use of the information in the ARO | |||
| strict LLN domain. | option outside of the strict LLN domain, for instance over a | |||
| converged backbone. | ||||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| Readers are expected to be familiar with all the terms and concepts | Readers are expected to be familiar with all the terms and concepts | |||
| that are discussed in "Neighbor Discovery for IP version 6" | that are discussed in "Neighbor Discovery for IP version 6" | |||
| [RFC4861], "IPv6 Stateless Address Autoconfiguration" [RFC4862], | [RFC4861], "IPv6 Stateless Address Autoconfiguration" [RFC4862], | |||
| skipping to change at page 4, line 15 ¶ | skipping to change at page 4, line 15 ¶ | |||
| sequence number that is used to track the movements of the device, | sequence number that is used to track the movements of the device, | |||
| and optionally some information about the RPL topology that this | and optionally some information about the RPL topology that this | |||
| device will join. | device will join. | |||
| The scope of the 6TiSCH Architecture is a Backbone Link that | The scope of the 6TiSCH Architecture is a Backbone Link that | |||
| federates multiple LLNs as a single IPv6 Multi-Link Subnet. Each LLN | federates multiple LLNs as a single IPv6 Multi-Link Subnet. Each LLN | |||
| in the subnet is anchored at a Backbone Router (6BBR). The Backbone | in the subnet is anchored at a Backbone Router (6BBR). The Backbone | |||
| Routers interconnect the LLNs over the Backbone Link and emulate that | Routers interconnect the LLNs over the Backbone Link and emulate that | |||
| the LLN nodes are present on the Backbone by proxy-ND operations. An | the LLN nodes are present on the Backbone by proxy-ND operations. An | |||
| LLN node can move freely from an LLN Route-Over mesh anchored at a | LLN node can move freely from an LLN Route-Over mesh anchored at a | |||
| Backbone Router to another anchored at same or a different Backbone | Backbone Router to another anchored at a same or a different Backbone | |||
| Router inside the Multi-Link Subnet and conserve its addresses. | Router inside the Multi-Link Subnet and conserve its addresses. | |||
| ---+------------------------ | ---+------------------------ | |||
| | Plant Network | | Plant Network | |||
| | | | | |||
| +-----+ | +-----+ | |||
| | | Gateway | | | Gateway | |||
| | | | | | | |||
| +-----+ | +-----+ | |||
| | | | | |||
| skipping to change at page 4, line 42 ¶ | skipping to change at page 4, line 42 ¶ | |||
| +-----+ +-----+ +-----+ | +-----+ +-----+ +-----+ | |||
| | | | | | | | | | | | | | | |||
| 0 0 0 0 0 (6LBR == RPL root) | 0 0 0 0 0 (6LBR == RPL root) | |||
| o o o o o o o o o o o o o o | o o o o o o o o o o o o o o | |||
| o o o o o o o o o o (6LR == RPL router) | o o o o o o o o o o (6LR == RPL router) | |||
| o o o o o o o z | o o o o o o o z | |||
| o o o o o z | o o o o o z | |||
| RPL Instances (6LoWPAN Host == RPL leaf) | RPL Instances (6LoWPAN Host == RPL leaf) | |||
| The root of the RPL topology is logically separated from the 6BBR | The root of the RPL topology is logically separated from the 6BBR | |||
| that is used to connect the RPL topology to the backbone. Efficient | that is used to connect the RPL topology to the backbone. The RPL | |||
| ND is a perfect interface for the RPL root to register the LLN node | root can use Efficient ND as the interface to register an LLN node in | |||
| in its topology to the 6BBR for proxy operations. It results that | its topology to the 6BBR for whatever operation the 6BBR performs, | |||
| the signalling would start at the leaf node with 6LoWPAN ND, then | such as ND proxy operations, or injection in a routing protocol. It | |||
| would be carried over RPL to the RPL root, and then with Efficient-ND | results that, as illustrated in Figure 2, the periodic signaling | |||
| to the 6BBR. Efficient ND being an adaptation of 6LoWPAN ND, it | could start at the leaf node with 6LoWPAN ND, then would be carried | |||
| makes sense to keep those two homogeneous in the way they use the | over RPL to the RPL root, and then with Efficient-ND to the 6BBR. | |||
| source and the target addresses in the Neighbor Solicitation (NS) | ||||
| messages for registration, as well as in the options that they use | Efficient ND being an adaptation of 6LoWPAN ND, it makes sense to | |||
| for that process. | keep those two homogeneous in the way they use the source and the | |||
| target addresses in the Neighbor Solicitation (NS) messages for | ||||
| registration, as well as in the options that they use for that | ||||
| process. | ||||
| 6LoWPAN Node 6LR 6LBR 6BBR | 6LoWPAN Node 6LR 6LBR 6BBR | |||
| (RPL leaf) (router) (root) | (RPL leaf) (router) (root) | |||
| | | | | | | | | | | |||
| | 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND | | 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND | |||
| | LLN link |Route-Over mesh| IPv6 link | Backbone | | LLN link |Route-Over mesh| IPv6 link | Backbone | |||
| | | | | | | | | | | |||
| | NS(ARO) | | | | | NS(ARO) | | | | |||
| |-------------->| | | | |-------------->| | | | |||
| | 6LoWPAN ND | DAR (then DAO)| | | | 6LoWPAN ND | DAR (then DAO)| | | |||
| | |-------------->| | | | |-------------->| | | |||
| | | | NS(ARO) | | | | | NS(ARO) | | |||
| | | |-------------->| | | | |-------------->| | |||
| | | | | DAD | | | | | DAD | |||
| | | | |------> | | | | |------> | |||
| | | | | | | | | | | |||
| | | | NA(ARO) | | | | | NA(ARO) | | |||
| | | |<--------------| | | | |<--------------| | |||
| | | DAC | | | | | DAC | | | |||
| | |<--------------| | | | | |<--------------| | | |||
| | NA(ARO) | | | | | NA(ARO) | | | | |||
| |<--------------| | | | | |<--------------| | | | |||
| As the network builds up, a node should start as a leaf to join the | As the network builds up, a node should start as a leaf to join the | |||
| RPL network, and may later turn into a RPL router and eventually a | RPL network, and may later turn into both a RPL-capable router and a | |||
| 6LR as well, so as to accept leaf nodes to recursively join the | 6LR, so as to accept leaf nodes to recursively join the network. | |||
| network. | ||||
| 3.1. RPL Leaf Support in 6LoWPAN ND | 3.1. RPL Leaf Support in 6LoWPAN ND | |||
| RPL needs a set of information in order to advertise a leaf node | RPL needs a set of information in order to advertise a leaf node | |||
| through a DAO message and establish reachability. | through a DAO message and establish reachability. | |||
| At the bare minimum the leaf device must provide a sequence number | At the bare minimum the leaf device must provide a sequence number | |||
| that matches the RPL specification in section 7. [I-D.chakrabarti- | that matches the RPL specification in section 7. [I-D.chakrabarti- | |||
| nordmark-6man-efficient-nd] section "4.1. Address Registration | nordmark-6man-efficient-nd] section "4.1. Address Registration | |||
| Option" (ARO) already incorporates that addition with a new field in | Option" (ARO) already incorporates that addition with a new field in | |||
| skipping to change at page 7, line 48 ¶ | skipping to change at page 7, line 48 ¶ | |||
| for itself or on behalf of LLN nodes. | for itself or on behalf of LLN nodes. | |||
| 3.5. RPL root vs. 6LBR | 3.5. RPL root vs. 6LBR | |||
| 6LoWPAN ND is unclear on how the 6LBR is discovered, and how the | 6LoWPAN ND is unclear on how the 6LBR is discovered, and how the | |||
| liveliness of the 6LBR is asserted over time. On the other hand, the | liveliness of the 6LBR is asserted over time. On the other hand, the | |||
| discovery and liveliness of the RPL root are obtained through the RPL | discovery and liveliness of the RPL root are obtained through the RPL | |||
| protocol. | protocol. | |||
| When 6LoWPAN ND is coupled with RPL, it makes sense to collocate the | When 6LoWPAN ND is coupled with RPL, it makes sense to collocate the | |||
| 6LBR functionality and that of the RPL root. The DAR/DAC exchange | 6LBR and the RPL root functionalities. The DAR/DAC exchange becomes | |||
| becomes a preamble to the DAO messages that are used from then on to | a preamble to the DAO messages that are used from then on to | |||
| reconfirm the registration, thus eliminating a duplication of | reconfirm the registration, thus eliminating a duplication of | |||
| functionality between DAO and DAR messages. | functionality between DAO and DAR messages. | |||
| 3.6. Securing the Registration | 3.6. Securing the Registration | |||
| A typical attack against IPv6 ND is address spoofing, whereby a rogue | A typical attack against IPv6 ND is address spoofing, whereby a rogue | |||
| node claims the IPv6 Address of another node in and hijacks its | node claims the IPv6 Address of another node in and hijacks its | |||
| traffic. | traffic. | |||
| SEcure Neighbor Discovery (SEND) [RFC3971] is designed to protect | SEcure Neighbor Discovery (SEND) [RFC3971] is designed to protect | |||
| each individual ND lookup/advertisement in a peer to peer model where | each individual ND lookup/advertisement in a peer to peer model where | |||
| skipping to change at page 8, line 32 ¶ | skipping to change at page 8, line 32 ¶ | |||
| should thus be possible to protect the ownership of all the addresses | should thus be possible to protect the ownership of all the addresses | |||
| of a 6LoWPAN Node with a single key, and there should not be a need | of a 6LoWPAN Node with a single key, and there should not be a need | |||
| to carry the cryptographic material more than once to the 6LBR. | to carry the cryptographic material more than once to the 6LBR. | |||
| 4. Requirements | 4. Requirements | |||
| 4.1. Requirements Related to Mobility | 4.1. Requirements Related to Mobility | |||
| Due to the nature of LLN networks, even a fixed 6LoWPAN Node may | Due to the nature of LLN networks, even a fixed 6LoWPAN Node may | |||
| change its point of attachment (a 6LR) and may not be able to notify | change its point of attachment (a 6LR) and may not be able to notify | |||
| the previous 6LR that it has disconnected. It results that the | the 6LR that it has disconnected from. It results that the previous | |||
| previous 6LR may still attract traffic that it cannot deliver. When | 6LR may still attract traffic that it cannot deliver any more. When | |||
| the 6LR changes, there is thus a need to identify stale states and | the 6LR changes, there is thus a need to identify stale states and | |||
| restore reachability timely. | restore reachability timely. | |||
| Upon a change of point of attachment, connectivity via a new 6LR MUST | Req1.1: Upon a change of point of attachment, connectivity via a new | |||
| be restored timely without the need to de-register from the previous | 6LR MUST be restored timely without the need to de-register from the | |||
| 6LR. | previous 6LR. | |||
| For that purpose, the protocol MUST enable to differentiate multiple | Req1.2: For that purpose, the protocol MUST enable to differentiate | |||
| registrations from a same 6LoWPAN Node from two different 6LoWPAN | multiple registrations from a same 6LoWPAN Node from two different | |||
| Nodes claiming a same address. | 6LoWPAN Nodes claiming a same address. | |||
| This information MUST be passed from the 6LR to the 6LBR, and the | Req1.3: This information MUST be passed from the 6LR to the 6LBR, and | |||
| 6LBR SHOULD be able to clean up the stale state asynchronously in the | the 6LBR SHOULD be able to clean up the stale state asynchronously in | |||
| previous 6LR. | the previous 6LR. | |||
| A 6LoWPAN Node SHOULD also be capable to register a same Address to | Req1.4: A 6LoWPAN Node SHOULD also be capable to register a same | |||
| multiple 6LRs, and this, concurrently. | Address to multiple 6LRs, and this, concurrently. | |||
| 4.2. Requirements Related to Routing Protocols | 4.2. Requirements Related to Routing Protocols | |||
| The point of attachment of a 6LoWPAN Node may be a 6LR in an LLN | The point of attachment of a 6LoWPAN Node may be a 6LR in an LLN | |||
| mesh. An LLN route-over mesh is typically based on RPL, which is the | mesh. An LLN route-over mesh is typically based on RPL, which is the | |||
| routing protocol that was defined at the IETF for this particular | routing protocol that was defined at the IETF for this particular | |||
| purpose. It derives that in this scenario, the 6LR would classically | purpose. It derives that in this scenario, the 6LR would classically | |||
| support RPL. One goal is that a 6LoWPAN Node attached via ND to a | support RPL. One goal is that a 6LoWPAN Node attached via ND to a | |||
| RPL-capable 6LR would not need to participate to the RPL protocol to | RPL-capable 6LR would not need to participate to the RPL protocol to | |||
| obtain reachability via the 6LR. An additional goal would be to | obtain reachability via the 6LR. An additional goal would be to | |||
| obtain reachability via other routing protocols through a same ND- | obtain reachability via other routing protocols through a same ND- | |||
| based abstraction. | based abstraction. | |||
| The ND registration method SHOULD be extended in such a fashion that | Related requirements are: | |||
| the 6LR MAY advertise the Address of a 6LoWPAN Node over RPL and | ||||
| obtain reachability to that Address over the RPL domain. | ||||
| The Address Registration Option used in the ND registration SHOULD be | Req2.1: The ND registration method SHOULD be extended in such a | |||
| extended to carry enough information to generate a DAO message as | fashion that the 6LR MAY advertise the Address of a 6LoWPAN Node over | |||
| specified in [RFC6550] section 6.4, in particular the capability to | RPL and obtain reachability to that Address over the RPL domain. | |||
| compute a DAOSequence and, as an option, a RPLInstanceID. | ||||
| Depending on their applicability to LLNs, other RPLInstanceID mesh/ | Req2.2: The Address Registration Option that is used in the ND | |||
| MANET protocols MAY be considered as well. | registration SHOULD be extended to carry enough information to | |||
| generate a DAO message as specified in [RFC6550] section 6.4, in | ||||
| particular the capability to compute a DAOSequence and, as an option, | ||||
| a RPLInstanceID. | ||||
| Req2.3: Depending on their applicability to LLNs, other standard mesh | ||||
| /MANET protocols MAY be considered as well. | ||||
| 4.3. Requirements Related to the Variety of Low-Power Link types | 4.3. Requirements Related to the Variety of Low-Power Link types | |||
| 6LoWPAN ND [RFC6775] was defined with a focus on IEEE802.15.4 and in | 6LoWPAN ND [RFC6775] was defined with a focus on IEEE802.15.4 and in | |||
| particular the capability to derive a unique Identifier from a | particular the capability to derive a unique Identifier from a | |||
| globally unique MAC-64 address. At this point, the 6lo Working Group | globally unique MAC-64 address. At this point, the 6lo Working Group | |||
| is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique | is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique | |||
| to other link types ITU-T G.9959 [I-D.brandt-6man-lowpanz], Master- | to other link types ITU-T G.9959 [I-D.brandt-6man-lowpanz], Master- | |||
| Slave/Token-Passing [I-D.ietf-6man-6lobac], DECT Ultra Low Energy | Slave/Token-Passing [I-D.ietf-6man-6lobac], DECT Ultra Low Energy | |||
| [I-D.mariager-6lowpan-v6over-dect-ule], Near Field Communication [I-D | [I-D.mariager-6lowpan-v6over-dect-ule], Near Field Communication [I-D | |||
| .hong-6lo-ipv6-over-nfc], as well as IEEE1901.2 Narrowband Powerline | .hong-6lo-ipv6-over-nfc], as well as IEEE1901.2 Narrowband Powerline | |||
| Communication Networks [I-D.popa-6lo-6loplc-ipv6-over- | Communication Networks [I-D.popa-6lo-6loplc-ipv6-over- | |||
| ieee19012-networks] and BLUETOOTH(R) Low Energy [I-D.ietf-6lo-btle]. | ieee19012-networks] and BLUETOOTH(R) Low Energy [I-D.ietf-6lo-btle]. | |||
| The support of the registration mechanism SHOULD be extended to more | Related requirements are: | |||
| LLN links, matching at least the links that are considered by 6lo as | ||||
| well as other RPLInstanceID Low-Power links such as Low-Power Wi-Fi. | ||||
| As part of this extension, a mechanism to compute a unique Identifier | Req3.1: The support of the registration mechanism SHOULD be extended | |||
| should be provided, with the capability to form a Link-Local Address | to more LLN links, matching at least the links that are considered by | |||
| that can not be a duplicate. The Identifier SHOULD be unique at | 6lo as well as other popular Low-Power links such as Low-Power Wi-Fi. | |||
| least to the domain where an Address formed by this device may be | ||||
| advertised through ND mechanisms. | ||||
| The Address Registration Option used in the ND registration SHOULD be | Req3.2: As part of this extension, a mechanism to compute a unique | |||
| extended to carry the relevant forms of unique Identifier. | Identifier should be provided, with the capability to form a Link- | |||
| Local Address that can not be a duplicate. The Identifier SHOULD be | ||||
| unique at least to the domain where an Address formed by this device | ||||
| may be advertised through ND mechanisms. | ||||
| Req3.3: The Address Registration Option used in the ND registration | ||||
| SHOULD be extended to carry the relevant forms of unique Identifier. | ||||
| 4.4. Requirements Related to Proxy Operations | 4.4. Requirements Related to Proxy Operations | |||
| The registration mechanism SHOULD enable a third party to proxy | Sleeping devices may not be able to answer themselves to a lookup | |||
| register an Address on behalf of a 6LoWPAN node that may be sleeping | from a node that uses classical ND on a backbone and may need a proxy | |||
| or located deeper in an LLN mesh. | operation by a 6BBR. Additionally, the device may need to rely on the | |||
| 6LBR to perform that registration to the 6BBR. | ||||
| Related requirements are: | ||||
| Req4.1: The registration mechanism SHOULD enable a third party to | ||||
| proxy register an Address on behalf of a 6LoWPAN node that may be | ||||
| sleeping or located deeper in an LLN mesh. | ||||
| 4.5. Requirements Related to Security | 4.5. Requirements Related to Security | |||
| In order to guarantee the operations of the 6LoWPAN ND flows, the | In order to guarantee the operations of the 6LoWPAN ND flows, the | |||
| spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a | spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a | |||
| node successfully registers an address, 6LoWPAN ND should provide the | node successfully registers an address, 6LoWPAN ND should provide the | |||
| means to protect that ownership even if the node is sleeping. In | means to protect that ownership even if the node is sleeping. In | |||
| particular, the 6LR and the 6LBR then should be able to verify | particular, the 6LR and the 6LBR then should be able to verify | |||
| whether a subsequent registration for a same Address comes from a | whether a subsequent registration for a same Address comes from a | |||
| same node or is a duplicate. | same node or is a duplicate. | |||
| 6LoWPAN ND SHOULD provide a mechanism for the 6LR, 6LBR and 6BBR to | Related requirements are: | |||
| authenticate and authorize one another for their respective roles, as | ||||
| well as with the 6LoWPAN Node for the role of 6LR. | ||||
| 6LoWPAN ND SHOULD provide a mechanism for the 6LR and the 6LBR to | Req5.1: 6LoWPAN ND SHOULD provide a mechanism for the 6LR, 6LBR and | |||
| validate whether a new registration corresponds to a same 6LoWPAN | 6BBR to authenticate and authorize one another for their respective | |||
| Node, and, if not, determine the rightful owner, and deny or clean-up | roles, as well as with the 6LoWPAN Node for the role of 6LR. | |||
| the registration that is deemed in excess. | ||||
| Req5.2: 6LoWPAN ND SHOULD provide a mechanism for the 6LR and the | ||||
| 6LBR to validate whether a new registration corresponds to a same | ||||
| 6LoWPAN Node, and, if not, determine the rightful owner, and deny or | ||||
| clean-up the registration that is deemed in excess. | ||||
| 4.6. Requirements Related to Low-Power devices | 4.6. Requirements Related to Low-Power devices | |||
| The ND registration method is designed to save energy on Low-Power | The ND registration method is designed to save energy on Low-Power | |||
| devices, and in particular enable duty-cycled devices that are | devices, and in particular enable duty-cycled devices that are | |||
| sleeping most of the time and not capable to defend their own | sleeping most of the time and not capable to defend their own | |||
| Addresses against always-on devices. | Addresses against always-on devices. | |||
| The registration mechanism SHOULD be applicable to a Low-Power device | Related requirements are: | |||
| regardless of the link type, and enable a 6BBR to operate as a proxy | ||||
| to defend the registered Addresses on its behalf. | Req6.1: The registration mechanism SHOULD be applicable to a Low- | |||
| Power device regardless of the link type, and enable a 6BBR to | ||||
| operate as a proxy to defend the registered Addresses on its behalf. | ||||
| 5. Suggested Changes to Protocol Elements | 5. Suggested Changes to Protocol Elements | |||
| 5.1. ND Neighbor Solicitation (NS) | 5.1. ND Neighbor Solicitation (NS) | |||
| The NS message used for registration should use a source address that | The NS message used for registration should use a source address that | |||
| respects the rules in [RFC6775], [RFC4861], and [RFC4429] for DAD. | respects the rules in [RFC6775], [RFC4861], and [RFC4429] for DAD. | |||
| The SLLA Option may be present but only if the address passed DAD, | The SLLA Option may be present but only if the address passed DAD, | |||
| and it is used to allow the 6LR to respond as opposed to as a | and it is used to allow the 6LR to respond as opposed to as a | |||
| registration mechanism. | registration mechanism. | |||
| The address that is being registered is the target address in the NS | The address that is being registered is the target address in the NS | |||
| message and the TLLA Option must be present. | message and the TLLA Option must be present. | |||
| 5.2. ND Router Advertisement (RA) | 5.2. ND Router Advertisement (RA) | |||
| skipping to change at page 11, line 28 ¶ | skipping to change at page 11, line 43 ¶ | |||
| prefix lifetime. | prefix lifetime. | |||
| 5.3. RPL DODAG Information Object (DIO) | 5.3. RPL DODAG Information Object (DIO) | |||
| If the RPL root serves as 6LBR, it makes sense to add at least a bit | If the RPL root serves as 6LBR, it makes sense to add at least a bit | |||
| of information in the DIO to signal so. A Registrar Address Option | of information in the DIO to signal so. A Registrar Address Option | |||
| (RAO) may also be considered for addition. | (RAO) may also be considered for addition. | |||
| 5.4. ND Enhanced Address Registration Option (EARO) | 5.4. ND Enhanced Address Registration Option (EARO) | |||
| The ARO option contains a Unique ID that is supposed to identify the | ||||
| device across multiple registrations. It is envisioned that the | ||||
| device could form a single CGA-based Unique Interface ID (CUID) to | ||||
| securely bind all of its addresses. The CUID would be used as Unique | ||||
| Interface Identifier in the ARO option and to form a Link-Local | ||||
| address that would be deemed unique regardless of the Link type. | ||||
| Provided that the relevant cryptographic material is passed to the | ||||
| 6LBR upon the first registration or on-demand at a later time, the | ||||
| 6LBR can validate that a Node is effectively the owner of a CUID, and | ||||
| ensure that the ownership of an Address stays with the CUID that | ||||
| registered it first. | ||||
| This option is designed to be used with standard NS and NA messages | This option is designed to be used with standard NS and NA messages | |||
| between backbone Routers as well as between nodes and 6LRs over the | between backbone Routers as well as between nodes and 6LRs over the | |||
| LLN and between the 6LBR and the 6BBR over whatever IP link they use | LLN and between the 6LBR and the 6BBR over whatever IP link they use | |||
| to communicate. | to communicate. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Type | Length | Status | RPLInstanceID | | | Type | Length | Status | RPLInstanceID | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 12, line 27 ¶ | skipping to change at page 12, line 53 ¶ | |||
| should be reset after the DAD operation upon address formation. | should be reset after the DAD operation upon address formation. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This specification expects that the link layer is sufficiently | This specification expects that the link layer is sufficiently | |||
| protected, either by means of physical or IP security for the | protected, either by means of physical or IP security for the | |||
| Backbone Link or MAC sublayer cryptography. In particular, it is | Backbone Link or MAC sublayer cryptography. In particular, it is | |||
| expected that the LLN MAC provides secure unicast to/from the | expected that the LLN MAC provides secure unicast to/from the | |||
| Backbone Router and secure broadcast from the Backbone Router in a | Backbone Router and secure broadcast from the Backbone Router in a | |||
| way that prevents tempering with or replaying the RA messages. | way that prevents tempering with or replaying the RA messages. | |||
| Still, Section 4.5 has a requirement for a mutual authentication and | ||||
| authorization for a role for 6LRs, 6LBRs and 6BBRs. | ||||
| The use of EUI-64 for forming the Interface ID in the link local | This documents also suggests in Section 5.4 that a 6LoWPAN Node could | |||
| address prevents the usage of Secure ND ([RFC3971] and [RFC3972]) and | form a single Unique Interface ID (CUID) based on cryptographic | |||
| address privacy techniques. Considering the envisioned deployments | techniques similar to CGA. The CUID would be used as Unique | |||
| and the MAC layer security applied, this is not considered an issue | Interface Identifier in the ARO option and new Secure ND procedures | |||
| at this time. It is envisioned that the device could form a single | would be proposed to use it as opposed to the source IPv6 address to | |||
| CGA-based Unique Interface ID (CUID) to securely bind all of its | secure the binding between an Address and its owning Node, and | |||
| addresses. The CUID would be used as Unique Interface Identifier in | enforce First/Come-First/Serve at the 6LBR. | |||
| the ARO option and the Secure ND procedures would be changed to use | ||||
| it as opposed to the source IPv6 address. | ||||
| 7. IANA Considerations | 7. IANA Considerations | |||
| A new type is requested for an ND option. | A new type is requested for an ND option. | |||
| 8. Acknowledgments | 8. Acknowledgments | |||
| Samita, Erik, JP, Eric, Thomas, you will all recognize your influence | The author wishes acknowledge the contributions by Samita | |||
| in this work... | Chakrabarti, Erik Normark, JP Vasseur, Eric Levy-Abegnoli, Patrick | |||
| Wetterwald, Thomas Watteyne, and Behcet Sarikaya. | ||||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version | [RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version | |||
| 6 (IPv6) Specification", RFC 2460, December 1998. | 6 (IPv6) Specification", RFC 2460, December 1998. | |||
| End of changes. 35 change blocks. | ||||
| 94 lines changed or deleted | 126 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||