idnits 2.17.1
draft-farrell-lpwan-overview-01.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== The document doesn't use any RFC 2119 keywords, yet seems to have RFC
2119 boilerplate text.
-- The document date (October 29, 2016) is 2730 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
== Outdated reference: A later version (-04) exists of
draft-zuniga-lpwan-sigfox-system-description-00
Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 lpwan S. Farrell, Ed.
3 Internet-Draft Trinity College Dublin
4 Intended status: Informational October 29, 2016
5 Expires: May 2, 2017
7 LPWAN Overview
8 draft-farrell-lpwan-overview-01
10 Abstract
12 Low Power Wide Area Networks (LPWAN) are wireless technologies with
13 characteristics such as large coverage areas, low bandwidth, possibly
14 very small packet and application layer data sizes and long battery
15 life operation. This memo is an informational overview of the set of
16 LPWAN technologies being considered in the IETF and of the gaps that
17 exist between the needs of those technologies and the goal of running
18 IP in LPWANs.
20 Status of This Memo
22 This Internet-Draft is submitted in full conformance with the
23 provisions of BCP 78 and BCP 79.
25 Internet-Drafts are working documents of the Internet Engineering
26 Task Force (IETF). Note that other groups may also distribute
27 working documents as Internet-Drafts. The list of current Internet-
28 Drafts is at http://datatracker.ietf.org/drafts/current/.
30 Internet-Drafts are draft documents valid for a maximum of six months
31 and may be updated, replaced, or obsoleted by other documents at any
32 time. It is inappropriate to use Internet-Drafts as reference
33 material or to cite them other than as "work in progress."
35 This Internet-Draft will expire on May 2, 2017.
37 Copyright Notice
39 Copyright (c) 2016 IETF Trust and the persons identified as the
40 document authors. All rights reserved.
42 This document is subject to BCP 78 and the IETF Trust's Legal
43 Provisions Relating to IETF Documents
44 (http://trustee.ietf.org/license-info) in effect on the date of
45 publication of this document. Please review these documents
46 carefully, as they describe your rights and restrictions with respect
47 to this document. Code Components extracted from this document must
48 include Simplified BSD License text as described in Section 4.e of
49 the Trust Legal Provisions and are provided without warranty as
50 described in the Simplified BSD License.
52 Table of Contents
54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
55 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
56 3. Common Concerns . . . . . . . . . . . . . . . . . . . . . . . 3
57 4. LPWAN Technologies . . . . . . . . . . . . . . . . . . . . . 3
58 4.1. LoRaWAN . . . . . . . . . . . . . . . . . . . . . . . . . 4
59 4.1.1. Provenance and Documents . . . . . . . . . . . . . . 4
60 4.1.2. Characteristics . . . . . . . . . . . . . . . . . . . 4
61 4.2. Narrowband IoT (NB-IoT) . . . . . . . . . . . . . . . . . 12
62 4.2.1. Provenance and Documents . . . . . . . . . . . . . . 12
63 4.2.2. Characteristics . . . . . . . . . . . . . . . . . . . 12
64 4.3. SIGFOX . . . . . . . . . . . . . . . . . . . . . . . . . 16
65 4.3.1. Provenance and Documents . . . . . . . . . . . . . . 17
66 4.3.2. Characteristics . . . . . . . . . . . . . . . . . . . 17
67 4.4. WI-SUN . . . . . . . . . . . . . . . . . . . . . . . . . 21
68 5. Gap Analysis . . . . . . . . . . . . . . . . . . . . . . . . 21
69 6. Security Considerations . . . . . . . . . . . . . . . . . . . 21
70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
71 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 21
72 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23
73 10. Informative References . . . . . . . . . . . . . . . . . . . 24
74 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 26
76 1. Introduction
78 [[Editor comments/queries are in double square brackets like this.]]
80 This document provides background material and an overview of the
81 technologies being considered in the IETF's Low Power Wide-Area
82 Networking (LPWAN) working group. We also provide a gap analysis
83 between the needs of these technologies and currently available IETF
84 specifications.
86 This document is largely the work of the people listed in Section 8.
87 Discussion of this document should take place on the lpwan@ietf.org
88 list.
90 [[Editor's note: the eventual fate of this draft is a topic for the
91 WG to consider - it might end up as a useful RFC, or it might be best
92 maintained as a draft only until its utility has dissapated. FWIW,
93 the editor doesn't mind what outcome the WG choose.]]
95 2. Terminology
97 [[Not sure if 2119 terms will be needed. Leave it here for now.]]
98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
100 document are to be interpreted as described in RFC 2119 [RFC2119].
102 [[Extract common terms here. Maybe define and relate technology
103 specific terms, e.g. lora g/w similar to sigfox bs etc. There is
104 text for this in the current "gaps" draft.]]
106 3. Common Concerns
108 [[Editors note: We may want a section like this that describes some
109 cross-cutting issues, e.g. duty-cycles, some of the ISM band
110 restrictions. This isn't intended to be a problem statement nor a
111 set of requirements but just to describe some issues that affect more
112 than one of the LPWAN technologies. Such a section might be better
113 before or after Section 4, will see when text's added there. There
114 is some text for this in the current "gaps" draft.]]
116 Most technologies in this space aim for similar goals of supporting
117 large numbers of low-cost, low-throughput devices at very low-cost
118 and with very-low power consumption, so that even battery-powered
119 devices can be deployed for years. And as the name implies, coverage
120 of large areas is also a common goal. There are some differences
121 however, e.g., the Narrowband IoT specifications Section 4.2 also aim
122 for increased indoor coverage. However, by and large, the different
123 technologies aim for deployment in very similar circumstances.
125 4. LPWAN Technologies
127 This section provides an overview of the set of LPWAN technologies
128 that are being considered in the LPWAN working group. The text for
129 each was mainly contributed by proponents of each technology.
131 Note that this text is not intended to be normative in any sesne, but
132 simply to help the reader in finding the relevant layer 2
133 specifications and in understanding how those integrate with IETF-
134 defined technologies. Similarly, there is no attempt here to set out
135 the pros and cons of the relevant technologies. [[Editor: I assume
136 that's the right target here. Please comment if you disagree.]]
138 [[Editor's note: the goal here is 2-3 pages per technology. If
139 there's much more needed then we could add appendices I guess
140 depending on what text the WG find useful to include.]]
142 4.1. LoRaWAN
144 [[Text here is from [I-D.farrell-lpwan-lora-overview] And yes, this
145 section is too long right now. Will shorten.]]
147 4.1.1. Provenance and Documents
149 LoRaWAN is a wireless technology for long-range low-power low-data-
150 rate applications developed by the LoRa Alliance, a membership
151 consortium. This draft is based on
152 version 1.0.2 [LoRaSpec] of the LoRa specification. (Note that
153 version 1.0.2 is expected to be published in a few weeks. We will
154 update this draft when that has happened. For now, version 1.0 is
155 available at [LoRaSpec1.0])
157 4.1.2. Characteristics
159 In LoRaWAN networks, end-device transmissions may be received at
160 multiple gateways, so during nominal operation a network server may
161 see multiple instances of the same uplink message from an end-device.
163 The LoRaWAN network infrastructure manages the data rate and RF
164 output power for each end-device individually by means of an adaptive
165 data rate (ADR) scheme. End-devices may transmit on any channel
166 allowed by local regulation at any time, using any of the currently
167 available data rates.
169 LoRaWAN networks are typically organized in a star-of-stars topology
170 in which gateways relay messages between end-devices and a central
171 "network server" in the backend. Gateways are connected to the
172 network server via IP links while end-devices use single-hop LoRaWAN
173 communication that can be received at one or more gateways. All
174 communication is generally bi-directional, although uplink
175 communication from end-devices to the network server are favoured in
176 terms of overall bandwidth availability.
178 This section introduces some LoRaWAN terms. Figure 1 shows the
179 entities involved in a LoRaWAN network.
181 +----------+
182 |End-device| * * *
183 +----------+ * +---------+
184 * | Gateway +---+
185 +----------+ * +---------+ | +---------+
186 |End-device| * * * +---+ Network +--- Application
187 +----------+ * | | Server |
188 * +---------+ | +---------+
189 +----------+ * | Gateway +---+
190 |End-device| * * * * +---------+
191 +----------+
192 Key: * LoRaWAN Radio
193 +---+ IP connectivity
195 Figure 1: LoRaWAN architecture
197 o End-device: a LoRa client device, sometimes called a mote.
198 Communicates with gateways.
200 o Gateway: a radio on the infrastructure-side, sometimes called a
201 concentrator or base-station. Communicates with end-devices and,
202 via IP, with a network server.
204 o Network Server: The Network Server (NS) terminates the LoRaWAN MAC
205 layer for the end-devices connected to the network. It is the
206 center of the star topology.
208 o Uplink message: refers to communications from end-device to
209 network server or appliction via one or more gateways.
211 o Downlink message: refers to communications from network server or
212 application via one gateway to a single end-device or a group of
213 end-devices (considering multicasting).
215 o Application: refers to application layer code both on the end-
216 device and running "behind" the network server. For LoRaWAN,
217 there will generally only be one application running on most end-
218 devices. Interfaces between the network server and application
219 are not further described here.
221 o Classes A, B and C define different device capabilities and modes
222 of operation for end-devices. End-devices can transmit uplink
223 messages at any time in any mode of operation (so long as e.g.,
224 ISM band restrictions are honoured). An end-device in Class A can
225 only receive downlink messages at predetermined timeslots after
226 each uplink message transmission. Class B allows the end-device
227 to receive downlink messages at periodically scheduled timeslots.
228 Class C allows receipt of downlink messages at anytime. Class
229 selection is based on the end-devices' application use case and
230 its power supply. (While Classes B and C are not further
231 described here, readers may have seen those terms elsewhere so we
232 include them for clarity.)
234 LoRaWAN radios make use of ISM bands, for example, 433MHz and 868MHz
235 within the European Union and 915MHz in the Americas.
237 The end-device changes channel in a pseudo-random fashion for every
238 transmission to help make the system more robust to interference and/
239 or to conform to local regulations.
241 As with other LPWAN radio technologies, LoRaWAN end-devices respect
242 the frequency, power and maximum transmit duty cycle requirements for
243 the sub-band imposed by local regulators. In most cases, this means
244 an end-device is only transmitting for 1% of the time, as specified
245 by ISM band regulations. And in some cases the LoRaWAN specification
246 calls for end-devices to transmit less often than is called for by
247 the ISM band regulations in order to avoid congestion.
249 Figure 2 below shows that after a transmission slot a Class A device
250 turns on its receiver for two short receive windows that are offset
251 from the end of the transmission window. The frequencies and data
252 rate chosen for the first of these receive windows depends on those
253 used for the transmit window. The frequency and data-rate for the
254 second receive window are configurable. If a downlink message
255 preamble is detected during a receive window, then the end-device
256 keeps the radio on in order to receive the frame.
258 End-devices can only transmit a subsequent uplink frame after the end
259 of the associated receive windows. When a device joins a LoRaWAN
260 network, there are similar timeouts on parts of that process.
262 |----------------------------| |--------| |--------|
263 | Tx | | Rx | | Rx |
264 |----------------------------| |--------| |--------|
265 |---------|
266 Rx delay 1
267 |------------------------|
268 Rx delay 2
270 Figure 2: LoRaWAN Class A transmission and reception window
272 Given the different regional requirements the detailed specification
273 for the LoRaWAN physical layer (taking up more than 30 pages of the
274 specification) is not reproduced here. Instead and mainly to
275 illustrate the kinds of issue encountered, in Table 1 we present some
276 of the default settings for one ISM band (without fully explaining
277 those here) and in Table 2 we describe maxima and minima for some
278 parameters of interest to those defining ways to use IETF protocols
279 over the LoRaWAN MAC layer.
281 +------------------------+------------------------------------------+
282 | Parameters | Default Value |
283 +------------------------+------------------------------------------+
284 | Rx delay 1 | 1 s |
285 | | |
286 | Rx delay 2 | 2 s (must be RECEIVE_DELAY1 + 1s) |
287 | | |
288 | join delay 1 | 5 s |
289 | | |
290 | join delay 2 | 6 s |
291 | | |
292 | 868MHz Default | 3 (868.1,868.2,868.3), date rate: 0.3-5 |
293 | channels | kbps |
294 +------------------------+------------------------------------------+
296 Table 1: Default settings for EU868MHz band
298 +-----------------------------------------------+--------+----------+
299 | Parameter/Notes | Min | Max |
300 +-----------------------------------------------+--------+----------+
301 | Duty Cycle: some but not all ISM bands impose | 1% | no-limit |
302 | a limit in terms of how often an end-device | | |
303 | can transmit. In some cases LoRaWAN is more | | |
304 | stringent in an attempt to avoid congestion. | | |
305 | | | |
306 | EU 868MHz band data rate/frame-size | 250 | 50000 |
307 | | bits/s | bits/s : |
308 | | : 59 | 250 |
309 | | octets | octets |
310 | | | |
311 | US 915MHz band data rate/frame-size | 980 | 21900 |
312 | | bits/s | bits/s : |
313 | | : 19 | 250 |
314 | | octets | octets |
315 +-----------------------------------------------+--------+----------+
317 Table 2: Minima and Maxima for various LoRaWAN Parameters
319 Note that in the case of the smallest frame size (19 octets), 8
320 octets are required for LoRa MAC layer headers leaving only 11 octets
321 for payload (including MAC layer options). However, those settings
322 do not apply for the join procedure - end-devices are required to use
323 a channel that can send the 23 byte Join-request message for the join
324 procedure.
326 Uplink and downlink higher layer data is carried in a MACPayload.
327 There is a concept of "ports" (an optional 8 bit value) to handle
328 different applications on an end-device. Port zero is reserved for
329 LoRaWAN specific messaging, such as the join procedure.
331 The header also distinguishes the uplink/downlink directions and
332 whether or not an acknowledgement ("confirmation") is required from
333 the peer.
335 All payloads are encrypted and ciphertexts are protected with a
336 cryptographic Message Integrity Check (MIC) - see Section 6 for
337 details.
339 In addition to carrying higher layer PDUs there are Join-Request and
340 Join-Response (aka Join-Accept) messages for handling network access.
341 And so-called "MAC commands" (see below) up to 15 bytes long can be
342 piggybacked in an options field ("FOpts").
344 LoRaWAN end-devices can choose various different data rates from a
345 menu of available rates (dependent on the frequencies in use). It is
346 however, recommended that end-devices set the Adaptive Data Rate
347 ("ADR") bit in the MAC layer which is a signal that the network
348 should control the data rate (via MAC commands to the end-device).
349 The network can also assert the ADR bit and control data rates at
350 it's discretion. The goal is to ensure minimal on-time for radios
351 whilst increasing throughput and reliability when possible. Other
352 things being equal, the effect should be that end-devices closer to a
353 gateway can successfully use higher data rates, whereas end-devices
354 further from all gateways still receive connectivity though at a
355 lower data rate.
357 Data rate changes can be validated via a scheme of acks from the
358 network with a fall-back to lower rates in the event that downlink
359 acks go missing.
361 There are 16 (or 32) bit frame counters maintained in each direction
362 that are incremented on each transmission (but not re-transmissions)
363 that are not re-used for a given key. When the device supports a 32
364 bit counter, then only the least significant 16 bits are sent in the
365 MAC header, but all 32 bits are used in cryptographic operations.
366 (If an end-device only supports a 16 bit counter internally, then the
367 topmost 16 bits are set to zero.)
369 There are a number of MAC commands for: Link and device status
370 checking, ADR and duty-cycle negotiation, managing the RX windows and
371 radio channel settings. For example, the link check response message
372 allows the network server (in response to a request from an end-
373 device) to inform an end-device about the signal attenuation seen
374 most recently at a gateway, and to also tell the end-device how many
375 gateways received the corresponding link request MAC command.
377 Some MAC commands are initiated by the network server. For example,
378 one command allows the network server to ask an end-device to reduce
379 it's duty-cycle to only use a proportion of the maximum allowed in a
380 region. Another allows the network server to query the end-device's
381 power status with the response from the end-device specifying whether
382 it has an external power source or is battery powered (in which case
383 a relative battery level is also sent to the network server).
385 The network server can also inform an end-device about channel
386 assignments (mid-point frequencies and data rates). Of course, these
387 must also remain within the bands assigned by local regulation.
389 A LoRaWAN network has a short network identifier ("NwkID") which is a
390 seven bit value. A private network (common for LoRaWAN) can use the
391 value zero. If a network wishes to support "foreign" end-devices
392 then the NwkID needs to be registered with the LoRA Alliance, in
393 which case the NwkID is the seven least significant bits of a
394 registered 24-bit NetID. (Note however, that the methods for
395 "roaming" are currently being enhanced within the LoRA Alliance, so
396 the situation here is somewhat fluid.)
398 In order to operate nominally on a LoRaWAN network, a device needs a
399 32-bit device address, which is the catentation of the NwkID and a
400 25-bit device-specific network address that is assigned when the
401 device "joins" the network (see below for the join procedure) or that
402 is pre-provisioned into the device.
404 End-devices are assumed to work with one or a quite limited number of
405 applications, which matches most LoRaWAN use-cases. The applications
406 are identified by a 64-bit AppEUI, which is assumed to be a
407 registered IEEE EUI64 value.
409 In addition, a device needs to have two symmetric session keys, one
410 for protecting network artefacts (port=0), the NwkSKey, and another
411 for protecting appliction layer traffic, the AppSKey. Both keys are
412 used for 128 bit AES cryptpgraphic operations. (See Section 6 for
413 details.)
415 So, one option is for an end-device to have all of the above, plus
416 channel information, somehow (pre-)provisioned, in which case the
417 end-device can simply start transmitting. This is achievable in many
418 cases via out-of-band means given the nature of LoRaWAN networks.
419 Table 3 summarises these values.
421 +---------+---------------------------------------------------------+
422 | Value | Description |
423 +---------+---------------------------------------------------------+
424 | DevAddr | DevAddr (32-bits) = NwkId (7-bits) + device-specific |
425 | | network address (25 bits) |
426 | | |
427 | AppEUI | IEEE EUI64 naming the application |
428 | | |
429 | NwkSKey | 128 bit network session key for use with AES |
430 | | |
431 | AppSKey | 128 bit application session key for use with AES |
432 +---------+---------------------------------------------------------+
434 Table 3: Values required for nominal operation
436 As an alternative, end-devices can use the LoRaWAN join procedure in
437 order to setup some of these values and dynamically gain access to
438 the network.
440 To use the join procedure, an end-device must still know the AppEUI.
441 In addition to the AppEUI, end-devices using the join procedure need
442 to also know a different (long-term) symmetric key that is bound to
443 the AppEUI - this is the application key (AppKey), and is distinct
444 from the application session key (AppSKey). The AppKey is required
445 to be specific to the device, that is, each end-device should have a
446 different AppKey value. And finally the end-device also needs a
447 long-term identifier for itself, syntactically also an EUI-64, and
448 known as the device EUI or DevEUI. Table 4 summarises these values.
450 +---------+----------------------------------------------------+
451 | Value | Description |
452 +---------+----------------------------------------------------+
453 | DevEUI | IEEE EUI64 naming the device |
454 | | |
455 | AppEUI | IEEE EUI64 naming the application |
456 | | |
457 | AppKey | 128 bit long term application key for use with AES |
458 +---------+----------------------------------------------------+
460 Table 4: Values required for join procedure
462 The join procedure involves a special exchange where the end-device
463 asserts the AppEUI and DevEUI (integrity protected with the long-term
464 AppKey, but not encrypted) in a Join-request uplink message. This is
465 then routed to the network server which interacts with an entity that
466 knows that AppKey to verify the Join-request. All going well, a
467 Join-accept downlink message is returned from the network server to
468 the end-device that specifies the 24-bit NetID, 32-bit DevAddr and
469 channel information and from which the AppSKey and NwkSKey can be
470 derived based on knowledge of the AppKey. This provides the end-
471 device with all the values listed in Table 3.
473 There is some special handling related to which channels to use and
474 for multiple transmissions for the join-request which is intended to
475 ensure a successful join in as many cases as possible. Join-request
476 and Join-accept messages also include some random values (nonces) to
477 both provide some replay protection and to help ensure the session
478 keys are unique per run of the join procedure. If a Join-request
479 fails validation, then no Join-accept message (indeed no message at
480 all) is returned to the end-device. For example, if an end-device is
481 factory-reset then it should end up in a state in which it can re-do
482 the join procedure.
484 In this section we describe the use of cryptography in LoRaWAN. This
485 section is not intended as a full specification but to be sufficient
486 so that future IETF specifications can encompass the required
487 security considerations. The emphasis is on describing the
488 externally visible characteristics of LoRaWAN.
490 All payloads are encrypted and have data integrity. Frame options
491 (used for MAC commands) when sent as a payload (port zero) are
492 therefore protected. MAC commands piggy-backed as frame options
493 ("FOpts") are however sent in clear. Since MAC commands may be sent
494 as options and not only as payload, any values sent in that manner
495 are visible to a passive attacker but are not malleable for an active
496 attacker due to the use of the MIC.
498 For LoRaWAN version 1.0.x, the NWkSkey session key is used to provide
499 data integrity between the end-device and the network server. The
500 AppSKey is used to provide data confidentiality between the end-
501 device and network server, or to the application "behind" the network
502 server, depending on the implementation of the network.
504 All MAC layer messages have an outer 32-bit Message Integrity Code
505 (MIC) calculated using AES-CMAC calculated over the ciphertext
506 payload and other headers and using the NwkSkey.
508 Payloads are encrypted using AES-128, with a counter-mode derived
509 from IEEE 802.15.4 using the AppSKey.
511 Gateways are not expected to be provided with the AppSKey or NwkSKey,
512 all of the infrastructure-side cryptography happens in (or "behind")
513 the network server.
515 When session keys are derived from the AppKey as a result of the join
516 procedure the Join-accept message payload is specially handled.
518 The long-term AppKey is directly used to protect the Join-accept
519 message content, but the function used is not an aes-encrypt
520 operation, but rather an aes-decrypt operation. The justification is
521 that this means that the end-device only needs to implement the aes-
522 encrypt operation. (The counter mode variant used for payload
523 decryption means the end-device doesn't need an aes-decrypt
524 primitive.)
526 The Join-accept plaintext is always less than 16 bytes long, so
527 electronic code book (ECB) mode is used for protecting Join-accept
528 messages.
530 The Join-accept contains an AppNonce (a 24 bit value) that is
531 recovered on the end-device along with the other Join-accept content
532 (e.g. DevAddr) using the aes-encrypt operation.
534 Once the Join-accept payload is available to the end-device the
535 session keys are derived from the AppKey, AppNonce and other values,
536 again using an ECB mode aes-encrypt operation, with the plaintext
537 input being a maximum of 16 octets.
539 4.2. Narrowband IoT (NB-IoT)
541 [[Text here is from [I-D.ratilainen-lpwan-nb-iot].]]
543 4.2.1. Provenance and Documents
545 Narrowband Internet of Things (NB-IoT) is developed and standardized
546 by 3GPP. The standardization of NB-IoT was finalized with 3GPP
547 Release-13 in June 2016, but further enhancements for NB-IoT are
548 worked on in the following releases, for example in the form of
549 multicast support. For more information of what has been specified
550 for NB-IoT, 3GPP specification 36.300 [TGPP36300] provides an
551 overview and overall description of the E-UTRAN radio interface
552 protocol architecture, while specifications 36.321 [TGPP36321],
553 36.322 [TGPP36322], 36.323 [TGPP36323] and 36.331 [TGPP36331] give
554 more detailed description of MAC, RLC, PDCP and RRC protocol layers
555 respectively.
557 4.2.2. Characteristics
559 [[Editor notes: Not clear if all the radio info here is needed. Not
560 clear what minimum MTU might be. Many 3GPP acronyms/terms to
561 eliminate or explain.]]
563 Specific targets for NB-IoT include: Less than 5$ module cost,
564 extended coverage of 164 dB maximum coupling loss, battery life of
565 over 10 years, ~55000 devices per cell and uplink reporting latency
566 of less than 10 seconds.
568 NB-IoT supports Half Duplex FDD operation mode with 60 kbps peak rate
569 in uplink and 30 kbps peak rate in downlink, and a maximum size MTU
570 of 1600 bytes. As the name suggests, NB-IoT uses narrowbands with
571 the bandwidth of 180 kHz in both, downlink and uplink. The multiple
572 access scheme used in the downlink is OFDMA with 15 kHz sub-carrier
573 spacing. On uplink multi-tone SC-FDMA is used with 15 kHz tone
574 spacing or as a special case of SC-FDMA single tone with either 15kHz
575 or 3.75 kHz tone spacing may be used.
577 NB-IoT can be deployed in three ways. In-band deployment means that
578 the narrowband is multiplexed within normal LTE carrier. In Guard-
579 band deployment the narrowband uses the unused resource blocks
580 between two adjacent LTE carriers. Also standalone deployment is
581 supported, where the narrowband can be located alone in dedicated
582 spectrum, which makes it possible for example to refarm the GSM
583 carrier at 850/900 MHz for NB-IoT. All three deployment modes are
584 meant to be used in licensed bands. The maximum transmission power
585 is either 20 or 23 dBm for uplink transmissions, while for downlink
586 transmission the eNodeB may use higher transmission power, up to 46
587 dBm depending on the deployment.
589 For signaling optimization, two options are introduced in addition to
590 legacy RRC connection setup, mandatory Data-over-NAS (Control Plane
591 optimization, solution 2 in [TGPP23720]) and optional RRC Suspend/
592 Resume (User Plane optimization, solution 18 in [TGPP23720]). In the
593 control plane optimization the data is sent over Non Access Stratum,
594 directly from Mobility Management Entity (MME) in core network to the
595 UE without interaction from base station. This means there are no
596 Access Stratum security or header compression, as the Access Stratum
597 is bypassed, and only limited RRC procedures.
599 The RRC Suspend/Resume procedures reduce the signaling overhead
600 required for UE state transition from Idle to Connected mode in order
601 to have a user plane transaction with the network and back to Idle
602 state by reducing the signaling messages required compared to legacy
603 operation
605 With extended DRX the RRC Connected mode DRX cycle is up to 10.24
606 seconds and in RRC Idle the DRX cycle can be up to 3 hours.
608 NB-IoT has no channel access restrictions allowing up to a 100% duty-
609 cycle.
611 3GPP access security is specified in [TGPP33203].
613 +--+
614 |UE| \ +------+ +------+
615 +--+ \ | MME |------| HSS |
616 \ / +------+ +------+
617 +--+ \+-----+ / |
618 |UE| ----| eNB |- |
619 +--+ /+-----+ \ |
620 / \ +--------+
621 / \| | +------+ Service PDN
622 +--+ / | S-GW |----| P-GW |---- e.g. Internet
623 |UE| | | +------+
624 +--+ +--------+
626 Figure 3: 3GPP network architecture
628 Mobility Management Entity (MME) is responsible for handling the
629 mobility of the UE. MME tasks include tracking and paging UEs,
630 session management, choosing the Serving gateway for the UE during
631 initial attachment and authenticating the user. At MME, the Non
632 Access Stratum (NAS) signaling from the UE is terminated.
634 Serving Gateway (S-GW) routes and forwards the user data packets
635 through the access network and acts as a mobility anchor for UEs
636 during handover between base stations known as eNodeBs and also
637 during handovers between other 3GPP technologies.
639 Packet Data Node Gateway (P-GW) works as an interface between 3GPP
640 network and external networks.
642 Home Subscriber Server (HSS) contains user-related and subscription-
643 related information. It is a database, which performs mobility
644 management, session establishment support, user authentication and
645 access authorization.
647 E-UTRAN consists of components of a single type, eNodeB. eNodeB is a
648 base station, which controls the UEs in one or several cells.
650 The illustration of 3GPP radio protocol architecture can be seen from
651 Figure 4.
653 +---------+ +---------+
654 | NAS |----|-----------------------------|----| NAS |
655 +---------+ | +---------+---------+ | +---------+
656 | RRC |----|----| RRC | S1-AP |----|----| S1-AP |
657 +---------+ | +---------+---------+ | +---------+
658 | PDCP |----|----| PDCP | SCTP |----|----| SCTP |
659 +---------+ | +---------+---------+ | +---------+
660 | RLC |----|----| RLC | IP |----|----| IP |
661 +---------+ | +---------+---------+ | +---------+
662 | MAC |----|----| MAC | L2 |----|----| L2 |
663 +---------+ | +---------+---------+ | +---------+
664 | PHY |----|----| PHY | PHY |----|----| PHY |
665 +---------+ +---------+---------+ +---------+
666 LTE-Uu S1-MME
667 UE eNodeB MME
669 Figure 4: 3GPP radio protocol architecture
671 The radio protocol architecture of NB-IoT (and LTE) is separated into
672 control plane and user plane. Control plane consists of protocols
673 which control the radio access bearers and the connection between the
674 UE and the network. The highest layer of control plane is called
675 Non-Access Stratum (NAS), which conveys the radio signaling between
676 the UE and the EPC, passing transparently through radio network. It
677 is responsible for authentication, security control, mobility
678 management and bearer management.
680 Access Stratum (AS) is the functional layer below NAS, and in control
681 plane it consists of Radio Resource Control protocol (RRC)
682 [TGPP36331], which handles connection establishment and release
683 functions, broadcast of system information, radio bearer
684 establishment, reconfiguration and release. RRC configures the user
685 and control planes according to the network status. There exists two
686 RRC states, RRC_Idle or RRC_Connected, and RRC entity controls the
687 switching between these states. In RRC_Idle, the network knows that
688 the UE is present in the network and the UE can be reached in case of
689 incoming call. In this state the UE monitors paging, performs cell
690 measurements and cell selection and acquires system information.
691 Also the UE can receive broadcast and multicast data, but it is not
692 expected to transmit or receive singlecast data. In RRC_Connected
693 the UE has a connection to the eNodeB, the network knows the UE
694 location on cell level and the UE may receive and transmit singlecast
695 data. RRC_Connected mode is established, when the UE is expected to
696 be active in the network, to transmit or receive data. Connection is
697 released, switching to RRC_Idle, when there is no traffic to save the
698 UE battery and radio resources. However, a new feature was
699 introduced for NB-IoT, as mentioned earlier, which allows data to be
700 transmitted from the MME directly to the UE, while the UE is in
701 RRC_Idle transparently to the eNodeB.
703 Packet Data Convergence Protocol's (PDCP) [TGPP36323] main services
704 in control plane are transfer of control plane data, ciphering and
705 integrity protection.
707 Radio Link Control protocol (RLC) [TGPP36322] performs transfer of
708 upper layer PDUs and optionally error correction with Automatic
709 Repeat reQuest (ARQ), concatenation, segmentation and reassembly of
710 RLC SDUs, in-sequence delivery of upper layer PDUs, duplicate
711 detection, RLC SDU discard, RLC-re-establishment and protocol error
712 detection and recovery.
714 Medium Access Control protocol (MAC) [TGPP36321] provides mapping
715 between logical channels and transport channels, multiplexing of MAC
716 SDUs, scheduling information reporting, error correction with HARQ,
717 priority handling and transport format selection.
719 Physical layer [TGPP36201] provides data transport services to higher
720 layers. These include error detection and indication to higher
721 layers, FEC encoding, HARQ soft-combining. Rate matching and mapping
722 of the transport channels onto physical channels, power weighting and
723 modulation of physical channels, frequency and time synchronization
724 and radio characteristics measurements.
726 User plane is responsible for transferring the user data through the
727 Access Stratum. It interfaces with IP and consists of PDCP, which in
728 user plane performs header compression using Robust Header
729 Compression (RoHC), transfer of user plane data between eNodeB and
730 UE, ciphering and integrity protection. Lower layers in user plane
731 are similarly RLC, MAC and physical layer performing tasks mentioned
732 above.
734 Under worst-case conditions, NB-IoT may achieve data rate of roughly
735 200 bps. For downlink with 164 dB coupling loss, NB-IoT may achieve
736 higher data rates, depending on the deployment mode. Stand-alone
737 operation may achieve the highest data rates, up to few kbps, while
738 in-band and guard-band operations may reach several hundreds of bps.
739 NB-IoT may even operate with higher maximum coupling loss than 170 dB
740 with very low bit rates.
742 4.3. SIGFOX
744 [[Text here is from [I-D.zuniga-lpwan-sigfox-system-description].]]
746 4.3.1. Provenance and Documents
748 The SIGFOX LPWAN is in line with the terminology and specifications
749 being defined by the ETSI ERM TG28 Low Throughput Networks (LTN)
750 group [etsi_ltn]. As of today, the SIGFOX LPWAN/LTN has been fully
751 deployed in 6 countries, with ongoing deployments on 14 other
752 countries, which in total will reach 316M people.
754 4.3.2. Characteristics
756 SIGFOX LPWAN autonomous battery-operated devices send only a few
757 bytes per day, week or month, allowing them to remain on a single
758 battery for up to 10-15 years.
760 The radio interface is compliant with the following regulations:
762 Spectrum allocation in the USA [fcc_ref]
764 Spectrum allocation in Europe [etsi_ref]
766 Spectrum allocation in Japan [arib_ref]
768 The SIGFOX LTN radio interface is also compliant with the local
769 regulations of the following countries: Australia, Brazil, Canada,
770 Kenya, Lebanon, Mauritius, Mexico, New Zealand, Oman, Peru,
771 Singapore, South Africa, South Korea, and Thailand.
773 The radio interface is based on Ultra Narrow Band (UNB)
774 communications, which allow an increased transmission range by
775 spending a limited amount of energy at the device. Moreover, UNB
776 allows a large number of devices to coexist in a given cell without
777 significantly increasing the spectrum interference.
779 Both uplink and downlink communications are possible with the UNB
780 solution. Due to spectrum optimizations, different uplink and
781 downlink frames and time synchronization methods are needed.
783 The main radio characteristics of the UNB uplink transmission are:
785 o Channelization mask: 100 Hz (600 Hz in the USA)
787 o Uplink baud rate: 100 baud (600 baud in the USA)
789 o Modulation scheme: DBPSK
791 o Uplink transmission power: compliant with local regulation
793 o Link budget: 155 dB (or better)
794 o Central frequency accuracy: not relevant, provided there is no
795 significant frequency drift within an uplink packet
797 In Europe, the UNB uplink frequency band is limited to 868,00 to
798 868,60 MHz, with a maximum output power of 25 mW and a maximum mean
799 transmission time of 1%.
801 The format of the uplink frame is the following:
803 +--------+--------+--------+------------------+-------------+-----+
804 |Preamble| Frame | Dev ID | Payload |Msg Auth Code| FCS |
805 | | Sync | | | | |
806 +--------+--------+--------+------------------+-------------+-----+
808 Figure 5: Uplink Frame Format
810 The uplink frame is composed of the following fields:
812 o Preamble: 19 bits
814 o Frame sync and header: 29 bits
816 o Device ID: 32 bits
818 o Payload: 0-96 bits
820 o Authentication: 16-40 bits
822 o Frame check sequence: 16 bits (CRC)
824 The main radio characteristics of the UNB downlink transmission are:
826 o Channelization mask: 1.5 kHz
828 o Downlink baud rate: 600 baud
830 o Modulation scheme: GFSK
832 o Downlink transmission power: 500 mW (4W in the USA)
834 o Link budget: 153 dB (or better)
836 o Central frequency accuracy: Centre frequency of downlink
837 transmission are set by the network according to the corresponding
838 uplink transmission.
840 In Europe, the UNB downlink frequency band is limited to 869,40 to
841 869,65 MHz, with a maximum output power of 500 mW with 10% duty
842 cycle.
844 The format of the downlink frame is the following:
846 +------------+-----+---------+------------------+-------------+-----+
847 | Preamble |Frame| ECC | Payload |Msg Auth Code| FCS |
848 | |Sync | | | | |
849 +------------+-----+---------+------------------+-------------+-----+
851 Figure 6: Downlink Frame Format
853 The downlink frame is composed of the following fields:
855 o Preamble: 91 bits
857 o Frame sync and header: 13 bits
859 o Error Correcting Code (ECC): 32 bits
861 o Payload: 0-64 bits
863 o Authentication: 16 bits
865 o Frame check sequence: 8 bits (CRC)
867 The radio interface is optimized for uplink transmissions, which are
868 asynchronous. Downlink communications are achieved by querying the
869 network for existing data from the device.
871 A device willing to receive downlink messages opens a fixed window
872 for reception after sending an uplink transmission. The delay and
873 duration of this window have fixed values. The LTN network transmits
874 the downlink message for a given device during the reception window.
875 The LTN network selects the BS for transmitting the corresponding
876 downlink message.
878 Uplink and downlink transmissions are unbalanced due to the
879 regulatory constraints on the ISM bands. Under the strictest
880 regulations, the system can allow a maximum of 140 uplink messages
881 and 4 downlink messages per device. These restrictions can be
882 slightly relaxed depending on system conditions and the specific
883 regulatory domain of operation.
885 +--+
886 |EP| * +------+
887 +--+ * | RA |
888 * +------+
889 +--+ * |
890 |EP| * * * * |
891 +--+ * +----+ |
892 * | BS | \ +--------+
893 +--+ * +----+ \ | |
894 DA -----|EP| * * * | SC |----- NA
895 +--+ * / | |
896 * +----+ / +--------+
897 +--+ * | BS |/
898 |EP| * * * * +----+
899 +--+ *
900 *
901 +--+ *
902 |EP| * *
903 +--+
905 Figure 7: ETSI LTN architecture
907 Figure 7 depicts the different elements of the SIGFOX architecture.
909 The architecture consists of a single core network, which allows
910 global connectivity with minimal impact on the end device and radio
911 access network. The core network elements are the Service Center
912 (SC) and the Registration Authority (RA). The SC is in charge of the
913 data connectivity between the Base Station (BS) and the Internet, as
914 well as the control and management of the BSs and End Points. The RA
915 is in charge of the End Point network access authorization.
917 The radio access network is comprised of several BSs connected
918 directly to the SC. Each BS performs complex L1/L2 functions,
919 leaving some L2 and L3 functionalities to the SC.
921 The devices or End Points (EPs) are the objects that communicate
922 application data between local device applications (DAs) and network
923 applications (NAs).
925 EPs (or devices) can be static or nomadic, as they associate with the
926 SC and they do not attach to a specific BS. Hence, they can
927 communicate with the SC through one or many BSs.
929 Due to constraints in the complexity of the EP, it is assumed that
930 EPs host only one or very few device applications, which communicate
931 to one single network application at a time.
933 The radio protocol provides mechanisms to authenticate and ensure
934 integrity of the message. This is achieved by using a unique device
935 ID and a message authentication code, which allow ensuring that the
936 message has been generated and sent by the device with the ID claimed
937 in the message.
939 Security keys are independent for each device. These keys are
940 associated with the device ID and they are pre-provisioned.
941 Application data can be encrypted by the application provider.
943 4.4. WI-SUN
945 [[Add text here when available. Source = bheile@ieee.org]]
947 5. Gap Analysis
949 [[Add text here from [I-D.minaburo-lpwan-gap-analysis].]]
951 6. Security Considerations
953 7. IANA Considerations
955 There are no IANA considerations related to this memo.
957 8. Contributors
959 As stated above this document is mainly a collection of content
960 developed by the full set of contributors listed below. The main
961 input documents and their authors were:
963 o The text on LoRaWAN was based on [I-D.farrell-lpwan-lora-overview]
964 co-authored by Alper Yegin and Stephen Farrell.
966 o Text for Section 4.2 was provided by Antti Ratilainen in
967 [I-D.ratilainen-lpwan-nb-iot].
969 o Text for Section 4.3 was provided by Juan Carlos Zuniga and Benoit
970 Ponsard in [I-D.zuniga-lpwan-sigfox-system-description].
972 o Text for Section 5 was provided by Ana Minabiru, Carles Gomez,
973 Laurent Toutain, Josep Paradells and Jon Crowcroft in
974 [I-D.minaburo-lpwan-gap-analysis]. Additional text from that
975 draft is also used elsewhere above.
977 The full list of contributors are:
979 Jon Crowcroft
980 University of Cambridge
981 JJ Thomson Avenue
982 Cambridge, CB3 0FD
983 United Kingdom
985 Email: jon.crowcroft@cl.cam.ac.uk
987 Carles Gomez
988 UPC/i2CAT
989 C/Esteve Terradas, 7
990 Castelldefels 08860
991 Spain
993 Email: carlesgo@entel.upc.edu
995 Ana Minaburo
996 Acklio
997 2bis rue de la Chataigneraie
998 35510 Cesson-Sevigne Cedex
999 France
1001 Email: ana@ackl.io
1003 Josep PAradells
1004 UPC/i2CAT
1005 C/Jordi Girona, 1-3
1006 Barcelona 08034
1007 Spain
1009 Email: josep.paradells@entel.upc.edu
1011 Benoit Ponsard
1012 SIGFOX
1013 425 rue Jean Rostand
1014 Labege 31670
1015 France
1017 Email: Benoit.Ponsard@sigfox.com
1018 URI: http://www.sigfox.com/
1020 Antti Ratilainen
1021 Ericsson
1022 Hirsalantie 11
1023 Jorvas 02420
1024 Finland
1026 Email: antti.ratilainen@ericsson.com
1028 Laurent Toutain
1029 Institut MINES TELECOM ; TELECOM Bretagne
1030 2 rue de la Chataigneraie
1031 CS 17607
1032 35576 Cesson-Sevigne Cedex
1033 France
1035 Email: Laurent.Toutain@telecom-bretagne.eu
1037 Alper Yegin
1038 Actility
1039 Paris, Paris
1040 FR
1042 Email: alper.yegin@actility.com
1044 Juan Carlos Zuniga
1045 SIGFOX
1046 425 rue Jean Rostand
1047 Labege 31670
1048 France
1050 Email: JuanCarlos.Zuniga@sigfox.com
1051 URI: http://www.sigfox.com/
1053 9. Acknowledgements
1055 Thanks to all those listed in Section 8 for the excellent text.
1056 Errors in the handling of that are solely the editor's fault.
1058 Thanks to [your name here] for comments.
1060 Stephen Farrell's work on this memo was supported by the Science
1061 Foundation Ireland funded CONNECT centre .
1063 10. Informative References
1065 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1066 Requirement Levels", BCP 14, RFC 2119,
1067 DOI 10.17487/RFC2119, March 1997,
1068 .
1070 [I-D.farrell-lpwan-lora-overview]
1071 Farrell, S. and A. Yegin, "LoRaWAN Overview", draft-
1072 farrell-lpwan-lora-overview-01 (work in progress), October
1073 2016.
1075 [I-D.minaburo-lpwan-gap-analysis]
1076 Minaburo, A., Gomez, C., Toutain, L., Paradells, J., and
1077 J. Crowcroft, "LPWAN Survey and GAP Analysis", draft-
1078 minaburo-lpwan-gap-analysis-02 (work in progress), October
1079 2016.
1081 [I-D.zuniga-lpwan-sigfox-system-description]
1082 Zuniga, J. and B. PONSARD, "SIGFOX System Description",
1083 draft-zuniga-lpwan-sigfox-system-description-00 (work in
1084 progress), July 2016.
1086 [I-D.ratilainen-lpwan-nb-iot]
1087 Ratilainen, A., "NB-IoT characteristics", draft-
1088 ratilainen-lpwan-nb-iot-00 (work in progress), July 2016.
1090 [TGPP36300]
1091 3GPP, "TS 36.300 v13.4.0 Evolved Universal Terrestrial
1092 Radio Access (E-UTRA) and Evolved Universal Terrestrial
1093 Radio Access Network (E-UTRAN); Overall description; Stage
1094 2", 2016,
1095 .
1097 [TGPP36321]
1098 3GPP, "TS 36.321 v13.2.0 Evolved Universal Terrestrial
1099 Radio Access (E-UTRA); Medium Access Control (MAC)
1100 protocol specification", 2016.
1102 [TGPP36322]
1103 3GPP, "TS 36.322 v13.2.0 Evolved Universal Terrestrial
1104 Radio Access (E-UTRA); Radio Link Control (RLC) protocol
1105 specification", 2016.
1107 [TGPP36323]
1108 3GPP, "TS 36.323 v13.2.0 Evolved Universal Terrestrial
1109 Radio Access (E-UTRA); Packet Data Convergence Protocol
1110 (PDCP) specification (Not yet available)", 2016.
1112 [TGPP36331]
1113 3GPP, "TS 36.331 v13.2.0 Evolved Universal Terrestrial
1114 Radio Access (E-UTRA); Radio Resource Control (RRC);
1115 Protocol specification", 2016.
1117 [TGPP36201]
1118 3GPP, "TS 36.201 v13.2.0 - Evolved Universal Terrestrial
1119 Radio Access (E-UTRA); LTE physical layer; General
1120 description", 2016.
1122 [TGPP23720]
1123 3GPP, "TR 23.720 v13.0.0 - Study on architecture
1124 enhancements for Cellular Internet of Things", 2016.
1126 [TGPP33203]
1127 3GPP, "TS 33.203 v13.1.0 - 3G security; Access security
1128 for IP-based services", 2016.
1130 [etsi_ltn]
1131 "ETSI Technical Committee on EMC and Radio Spectrum
1132 Matters (ERM) TG28 Low Throughput Networks (LTN)",
1133 February 2015.
1135 [fcc_ref] "FCC CFR 47 Part 15.247 Telecommunication Radio Frequency
1136 Devices - Operation within the bands 902-928 MHz,
1137 2400-2483.5 MHz, and 5725-5850 MHz.", June 2016.
1139 [etsi_ref]
1140 "ETSI EN 300-220 (Parts 1 and 2): Electromagnetic
1141 compatibility and Radio spectrum Matters (ERM); Short
1142 Range Devices (SRD); Radio equipment to be used in the 25
1143 MHz to 1 000 MHz frequency range with power levels ranging
1144 up to 500 mW", May 2016.
1146 [arib_ref]
1147 "ARIB STD-T108 (Version 1.0): 920MHz-Band Telemeter,
1148 Telecontrol and data transmission radio equipment.",
1149 February 2012.
1151 [LoRaSpec]
1152 LoRa Alliance, "LoRaWAN Specification Version V1.0.2", Nov
1153 2016, .
1155 [LoRaSpec1.0]
1156 LoRa Alliance, "LoRaWAN Specification Version V1.0", Jan
1157 2015, .
1160 Author's Address
1162 Stephen Farrell (editor)
1163 Trinity College Dublin
1164 Dublin 2
1165 Ireland
1167 Phone: +353-1-896-2354
1168 Email: stephen.farrell@cs.tcd.ie