idnits 2.17.1 draft-barthel-oam-schc-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 28, 2019) is 1907 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 276 -- Looks like a reference, but probably isn't: '2' on line 276 -- Looks like a reference, but probably isn't: '3' on line 276 -- Looks like a reference, but probably isn't: '4' on line 276 == Outdated reference: A later version (-24) exists of draft-ietf-lpwan-ipv6-static-context-hc-18 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 lpwan Working Group D. Barthel 3 Internet-Draft Orange SA 4 Intended status: Informational L. Toutain 5 Expires: August 1, 2019 IMT-Atlantique 6 A. Kandasamy 7 Acklio 8 D. Dujovne 9 Universidad Diego Portales 10 JC. Zuniga 11 SIGFOX 12 January 28, 2019 14 OAM for LPWAN using Static Context Header Compression (SCHC) 15 draft-barthel-oam-schc-00 17 Abstract 19 With IP protocols now generalizing to constrained networks, users 20 expect to be able to Operate, Administer and Maintain them with the 21 familiar tools and protocols they already use on less constrained 22 networks. 24 OAM uses specific messages sent into the data plane to measure some 25 parameters of a network. Most of the time, no explicit values are 26 sent is these messages. Network parameters are obtained from the 27 analysis of these specific messages. 29 This can be used: 31 o To detect if a host is up or down. 33 o To measure the RTT and its variation over time. 35 o To learn the path used by packets to reach a destination. 37 OAM in LPWAN is a little bit trickier since the bandwidth is limited 38 and extra traffic added by OAM can introduce perturbation on regular 39 transmission. 41 Two scenarios can be investigated: 43 o OAM coming from internet. In that case, the NGW should act as a 44 proxy and handle specifically the OAM traffic. 46 o OAM coming from LPWAN devices: This can be included into regular 47 devices but some specific devices may be installed in the LPWAN 48 network to measure its quality. 50 The primitive functionalities of OAM are achieved with the ICMPv6 51 protocol. 53 ICMPv6 defines messages that inform the source of IPv6 packets of 54 errors during packet delivery. It also defines the Echo Request/ 55 Reply messages that are used for basic network troubleshooting (ping 56 command). ICMPv6 messages are transported on IPv6. 58 This document describes how basic OAM is performed on Low Power Wide 59 Area Networks (LPWANs) by compressing ICMPv6/IPv6 headers and by 60 protecting the LPWAN network and the Device from undesirable ICMPv6 61 traffic. 63 Status of This Memo 65 This Internet-Draft is submitted in full conformance with the 66 provisions of BCP 78 and BCP 79. 68 Internet-Drafts are working documents of the Internet Engineering 69 Task Force (IETF). Note that other groups may also distribute 70 working documents as Internet-Drafts. The list of current Internet- 71 Drafts is at http://datatracker.ietf.org/drafts/current/. 73 Internet-Drafts are draft documents valid for a maximum of six months 74 and may be updated, replaced, or obsoleted by other documents at any 75 time. It is inappropriate to use Internet-Drafts as reference 76 material or to cite them other than as "work in progress." 78 This Internet-Draft will expire on August 1, 2019. 80 Copyright Notice 82 Copyright (c) 2019 IETF Trust and the persons identified as the 83 document authors. All rights reserved. 85 This document is subject to BCP 78 and the IETF Trust's Legal 86 Provisions Relating to IETF Documents 87 (http://trustee.ietf.org/license-info) in effect on the date of 88 publication of this document. Please review these documents 89 carefully, as they describe your rights and restrictions with respect 90 to this document. Code Components extracted from this document must 91 include Simplified BSD License text as described in Section 4.e of 92 the Trust Legal Provisions and are provided without warranty as 93 described in the Simplified BSD License. 95 Table of Contents 97 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 98 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 99 3. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 4 100 4. Detailed behavior . . . . . . . . . . . . . . . . . . . . . . 4 101 4.1. Device is the source of an ICMPv6 error message . . . . . 4 102 4.2. Device is the destination of an ICMPv6 error message . . 5 103 4.2.1. ICMPv6 error message compression. . . . . . . . . . . 6 104 4.3. Device does a ping . . . . . . . . . . . . . . . . . . . 7 105 4.4. Device is ping'ed . . . . . . . . . . . . . . . . . . . . 9 106 5. Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . 9 107 6. Security considerations . . . . . . . . . . . . . . . . . . . 11 108 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 109 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 110 8.1. Normative References . . . . . . . . . . . . . . . . . . 11 111 8.2. Informative References . . . . . . . . . . . . . . . . . 12 112 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 114 1. Introduction 116 The primitive functionalities of OAM [RFC6291] are achieved with the 117 ICMPv6 protocol. 119 ICMPv6 [RFC4443] is a companion protocol to IPv6 [RFC8200]. 121 [RFC4443] defines a generic message format. This format is used for 122 messages to be sent back to the source of an IPv6 packet to inform it 123 about errors during packet delivery. 125 More specifically, [RFC4443] defines 4 error messages: Destination 126 Unreachable, Packet Too Big, Time Exceeded and Parameter Problem. 128 [RFC4443] also defines the Echo Request and Echo Reply messages, 129 which provide support for the ping application. 131 Other ICMPv6 messages are defined in other RFCs, such as an extended 132 format of the same messages [RFC4884] and other messages used by the 133 Neighbor Discovery Protocol [RFC4861]. 135 This document focuses on using Static Context Header Compression 136 (SCHC) to compress [RFC4443] messages that need to be transmitted 137 over the LPWAN network, and on having the LPWAN gateway proxying the 138 Device to save it the unwanted traffic. 140 LPWANs' salient characteristics are described in [RFC8376]. 142 2. Terminology 144 This draft re-uses the Terminology defined in 145 [I-D.ietf-lpwan-ipv6-static-context-hc]. 147 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 148 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 149 "OPTIONAL" in this document are to be interpreted as described in BCP 150 14 [RFC2119] [RFC8174] when, and only when, they appear in all 151 capitals, as shown here. 153 3. Use cases 155 In the LPWAN architecture, we can distinguish the following cases: 157 o the Device is the (purported) source of an ICMP error message, 158 mainly in response to an incorrect incoming IPv6 message, or in 159 response to a ping request. In this case, as much as possible, 160 the core SCHC C/D should act as a proxy and originate the ICMP 161 message, so that the Device and the LPWAN network are protected 162 from this unwanted traffic. 164 o the Device is the destination of the ICMP message, mainly in 165 response to a packet sent by the Device to the network that 166 generates an error. In this case, we want the ICMP message to 167 reach the Device, and this document describes in section 168 Section 4.2.1 what SCHC compression should be applied. 170 o the Device is the originator of an Echo Request message, and 171 therefore the destination of the Echo Reply message. 173 o the Device is the destination of an Echo Request message, and 174 therefore the purported source of an Echo Reply message. 176 These cases are further described in Section 4. 178 4. Detailed behavior 180 4.1. Device is the source of an ICMPv6 error message 182 As stated in [RFC4443], a node should generate an ICMPv6 message in 183 response to an IPv6 packet that is malformed or which cannot be 184 processed due to some incorrect field value. 186 The general intent of this document is to spare both the Device and 187 the LPWAN network this un-necessary traffic. The incorrect packets 188 should be caught at the core SCHC C/D and the ICMPv6 notification 189 should be sent back from there. 191 Device NGW core SCHC C/D Internet Host 193 | | | Destination Port=XXX | 194 | | |<---------------------------| 195 | | | | 196 | | |--------------------------->| 197 | | | ICMPv6 Port Unreachable | 198 | | | | 199 | | | | 201 Figure 1: Example of ICMPv6 error message sent back to the Internet 203 Figure 1 shows an example of an IPv6 packet trying to reach a Device. 204 Let's assume that the port number used as destination port is not 205 "known" (needs better definition) from the core SCHC C/D. Instead of 206 sending the packet over the LPWAN and having this packet rejected by 207 the Device, the core SCHC C/D issues an ICMPv6 error message 208 "Destination Unreachable" (Type 1) with Code 1 ("Port Unreachable") 209 on behalf of the Device. 211 TODO: This assumes that all ports that the Device listens to will be 212 matched by a SCHC rule. Is this the basic assumption of SCHC that 213 all packets that do not match a rule are rejected? If yes, why do 214 have fragmentation also for uncompressed packets? 216 TODO: discuss the various Type/Code that are expected to be generated 217 in response to various errors. 219 4.2. Device is the destination of an ICMPv6 error message 221 In this situation, we assume that a Device has been configured to 222 send information to a server on the Internet. If this server becomes 223 no longer accessible, an ICMPv6 message will be generated back 224 towards the Device by an intermediate router. This information can 225 be useful to the Device, for example for reducing the reporting rate 226 in case of periodic reporting of data. Therefore, we compress the 227 ICMPv6 message using SCHC and forward it to the Device over the 228 LPWAN. 230 Device NGW core SCHC C/D Internet Server 232 | | | | 233 | SCHC compressed IPv6 | | 234 |~~~~~~~~~~~|----------->|----------------------X | 235 | | | <--------------------- | 236 |<~~~~~~~~~~|------------| ICMPv6 Host unreachable | 237 |SCHC compressed ICMPv6 | | 238 | | | | 239 | | | | 241 Figure 2: Example of ICMPv6 error message sent back to the Device 243 Figure 2 illustrates this behavior. The ICMPv6 error message is 244 compressed as described in Section 4.2.1 and forwarded over the LPWAN 245 to the Device. 247 4.2.1. ICMPv6 error message compression. 249 The ICMPv6 error messages defined in [RFC4443] contain the fields 250 shown in Figure 3. 252 0 1 2 3 253 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 254 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 | Type | Code | Checksum | 256 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 257 | Value | 258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 259 | As much of invoking packet | 260 + as possible without the ICMPv6 packet + 261 | exceeding the minimum IPv6 MTU | 263 Figure 3: ICMPv6 Error Message format 265 [RFC4443] states that Type can take the values 1 to 4, and Code can 266 be set to values between 0 and 6. Value is unused for the 267 Destination Unreachable and Time Exceeded messages. It contains the 268 MTU for the Packet Too Big message and a pointer to the byte causing 269 the error for the Parameter Error message. Therefore, Value is never 270 expected to be greater than 1280 in LPWAN networks. 272 The following generic rule can therefore be used to compress all 273 ICMPv6 error messages as defined today. More specific rules can also 274 be defined to achieve better compression of some error messages. 276 The Type field can be associated to a matching list [1, 2, 3, 4] and 277 is therefore compressed down to 2 bits. Code can be reduced to 3 278 bits using the LSB CDA. Value can be sent on 11 bits using the LSB 279 CDA, but if the Device is known to send smaller packets, then the 280 size of this field can be further reduced. 282 By [RFC4443], the rest of the ICMPv6 message must contain as much as 283 possible of the IPv6 offending (invoking) packet that triggered this 284 ICMPv6 error message. This information is used to try and identify 285 the SCHC rule that was used to decompress the offending IPv6 packet. 286 If the rule can be found then the Rule Id is added at the end of the 287 compressed ICMPv6 message. Otherwise the compressed packet ends with 288 the compressed Value field. 290 [RFC4443] states that the "ICMPv6 error message MUST include as much 291 of the IPv6 offending (invoking) packet ... as possible". In order 292 to comply with this requirement, if there is enough information in 293 the incoming ICMPv6 message for the core SCHC C/D to identify the 294 rule that has been used to decompress the erroneous IPv6 packet, this 295 Rule Id must be sent in the compressed ICMPv6 message to the Device. 296 TODO: the erroneous IPv6 packet header (not just the Rule Id) should 297 be sent back. This includes the Rule Id and the compression residue. 298 This means the SCHC C/D uses the context backwards (in the reverse 299 direction). How does the Device know it must also use the context 300 backwards? 302 TODO: how does one know that the "payload" of a compressed-header 303 packet is in fact another compressed header? 305 4.3. Device does a ping 307 If a ping request is generated by a Device, then SCHC compression 308 applies. 310 The format of an ICMPv6 Echo Request message is described in 311 Figure 4, with Type=128 and Code=0. 313 0 1 2 3 314 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 315 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 316 | Type | Code | Checksum | 317 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 318 | Identifier | Sequence Number | 319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 320 | Data ... 321 +-+-+-+-+- 323 Figure 4: ICMPv6 Echo Request message format 325 If we assume that one rule will be devoted to compressing Echo 326 Request messages, then Type and Code are known in the rule to be 128 327 and 0 and can therefore be elided with the not-sent CDA. 329 Checksum can be reconstructed with the compute-checksum CDA and 330 therefore is not transmitted. 332 [RFC4443] states that Identifier and Sequence Number are meant to 333 "aid in matching Echo Replies to this Echo Request" and that they 334 "may be zero". Data is "zero or more bytes of arbitrary data". 336 We recommend that Identifier be zero, Sequence Number be a counter on 337 3 bits, and Data be zero bytes (absent). Therefore, Identifier is 338 elided with the not-sent CDA, Sequence Number is transmitted on 3 339 bits with the LSB CDA and no Data is transmitted. 341 The transmission cost of the Echo Request message is therefore the 342 size of the Rule Id + 3 bits. 344 When the destination receives the Echo Request message, it will 345 respond back with a Echo Reply message. This message bears the same 346 format as the Echo Request message but with Type = 129 (see 347 Figure 4). 349 [RFC4443] states that the Identifier, Sequence Number and Data fields 350 of the Echo Reply message shall contain the same values as the 351 invoking Echo Request message. Therefore, a rule shall be used 352 similar to that used for compressing the Echo Request message. 354 TODO: how about a shared rule for Echo Request and Echo Reply with an 355 LSB(1) CDA on the Type field? Or exploiting the Up/Down direction 356 field in the rule? 358 4.4. Device is ping'ed 360 If the Device is ping'ed (i.e., is the destination of an Echo Request 361 message), the default behavior is to avoid propagating the Echo 362 Request message over the LPWAN. 364 This is the recommended behavior with the Code 0 (default value) of 365 the Echo Request message. 367 The resulting behavior is shown on Figure 5 and described below: 369 Device NGW core SCHC C/D Internet Host 371 | | | Echo Request, Code=0 | 372 | | |<---------------------------| 373 | | | | 374 | | |--------------------------->| 375 | | | Echo Reply, Code=0 | 377 Figure 5: Examples of ICMPv6 Echo Request/Reply 379 o Code = 0: The Echo Request message is not propagated on the LPWAN 380 to the Device. If the SCHC C/D finds a rule in the context with 381 the IPv6 address of the Device, it responds with an Echo Reply on 382 behalf of the Device. If no rule is found with that IPv6 address, 383 the SCHC C/D does not respond. 385 TODO: again, we are assuming that no compression rule is equivalent 386 to the device not providing the service. 388 5. Traceroute 390 The traceroute6 program sends successive probe packets destined to a 391 chosen target but with the Hop Limit value successively incremented 392 from the initial value 1. 394 It expects to receive a "Time Exceeded" (Type = 3) "Hop Limit" (Code 395 = 0) ICMPv6 error message back from the successive routers along the 396 path to the destination. 398 The probe packet is usually a UDP datagram, but can also be a TCP 399 datagram or even an ICMPv6 message. The destination port is chosen 400 in the unassigned range in hope that the destination, when eventually 401 reached, will respond with a "Destination Unreachable" (Type = 1) 402 "Port Unreachable" (Code = 4) ICMPv6 error message. 404 It is not anticipated that a Device will want to traceroute a 405 destination on the Internet. 407 By contrast, a host on the Internet may attempt to traceroute an IPv6 408 address that is assigned to an LPWAN device. This is described in 409 Figure 6. 411 Device NGW core SCHC C/D Internet 413 | | | Hop Limit=1, Dest Port=XXX | 414 | | |<---------------------------| 415 | | | | 416 | | |--------------------------->| 417 | | | ICMPv6 Hop Limit error | 418 | | | | 419 | | | | 420 | | | Hop Limit=2, Dest Port=XXX | 421 | | |<---------------------------| 422 | | | | 423 | | |--------------------------->| 424 | | | ICMPv6 Port Unreachable | 426 Figure 6: Example of traceroute to the LPWAN Device 428 When the probe packet first reaches the core SCHC C/D, its remaining 429 Hop Limit is 1. The core SCHC C/D will respond back with a "Time 430 Exceeded" (Type = 3) "Hop Limit" (Code = 0) ICMPv6 error message. 431 Later on, when the probe packet reaches the code SCHC C/D with a Hop 432 Limit value of 2, the core SCHC C/D will, as explained in 433 Section 4.1, answer back with a "Destination Unreachable" (Type = 1) 434 "Port Unreachable" (Code = 4) ICMPv6 error message. This is what the 435 traceroute6 command expects. Therefore, the traceroute6 command will 436 work with LPWAN IPv6 destinations, except for the time displayed for 437 the destination, which is actually the time to its proxy. 439 However, if the probe packet happens to hit a port that matches a 440 SCHC rule for that Device, the packet will be compressed with this 441 rule and sent over the LPWAN, which is unfortunate. Forwarding of 442 packets to the Device over the LPWAN should only be done from 443 authenticated/trusted sources anyway. Rate-limitation on top of 444 authentication will mitigate this nuisance. 446 6. Security considerations 448 TODO 450 7. IANA Considerations 452 TODO 454 8. References 456 8.1. Normative References 458 [I-D.ietf-lpwan-ipv6-static-context-hc] 459 Minaburo, A., Toutain, L., Gomez, C., Barthel, D., and J. 460 Zuniga, "LPWAN Static Context Header Compression (SCHC) 461 and fragmentation for IPv6 and UDP", draft-ietf-lpwan- 462 ipv6-static-context-hc-18 (work in progress), December 463 2018. 465 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 466 Requirement Levels", BCP 14, RFC 2119, 467 DOI 10.17487/RFC2119, March 1997, . 470 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 471 Control Message Protocol (ICMPv6) for the Internet 472 Protocol Version 6 (IPv6) Specification", STD 89, 473 RFC 4443, DOI 10.17487/RFC4443, March 2006, 474 . 476 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 477 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 478 DOI 10.17487/RFC4861, September 2007, . 481 [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, 482 "Extended ICMP to Support Multi-Part Messages", RFC 4884, 483 DOI 10.17487/RFC4884, April 2007, . 486 [RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu, 487 D., and S. Mansfield, "Guidelines for the Use of the "OAM" 488 Acronym in the IETF", BCP 161, RFC 6291, 489 DOI 10.17487/RFC6291, June 2011, . 492 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 493 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 494 May 2017, . 496 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 497 (IPv6) Specification", STD 86, RFC 8200, 498 DOI 10.17487/RFC8200, July 2017, . 501 8.2. Informative References 503 [RFC8376] Farrell, S., Ed., "Low-Power Wide Area Network (LPWAN) 504 Overview", RFC 8376, DOI 10.17487/RFC8376, May 2018, 505 . 507 Authors' Addresses 509 Dominique Barthel 510 Orange SA 511 28 chemin du Vieux Chene 512 BP 98 513 38243 Meylan Cedex 514 France 516 Email: dominique.barthel@orange.com 518 Laurent Toutain 519 IMT-Atlantique 520 2 rue de la Chataigneraie 521 CS 17607 522 35576 Cesson-Sevigne Cedex 523 France 525 Email: laurent.toutain@imt-atlantique.fr 527 Arunprabhu Kandasamy 528 Acklio 529 1137A avenue des Champs Blancs 530 35510 Cesson-Sevigne Cedex 531 France 533 Email: arun@ackl.io 534 Diego Dujovne 535 Universidad Diego Portales 536 Vergara 432 537 Santiago 538 Chile 540 Email: diego.dujovne@mail.udp.cl 542 Juan Carlos Zuniga 543 SIGFOX 544 425 rue Jean Rostand 545 Labege 31670 546 France 548 Email: JuanCarlos.Zuniga@sigfox.com