idnits 2.17.1 draft-ietf-6lo-btle-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 4, 2015) is 3186 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'IPSP' == Outdated reference: A later version (-16) exists of draft-ietf-6man-default-iids-05 -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3633 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 4941 (Obsoleted by RFC 8981) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6Lo Working Group J. Nieminen 3 Internet-Draft T. Savolainen 4 Intended status: Standards Track M. Isomaki 5 Expires: February 5, 2016 Nokia 6 B. Patil 7 AT&T 8 Z. Shelby 9 Arm 10 C. Gomez 11 Universitat Politecnica de Catalunya/i2CAT 12 August 4, 2015 14 IPv6 over BLUETOOTH(R) Low Energy 15 draft-ietf-6lo-btle-17 17 Abstract 19 Bluetooth Smart is the brand name for the Bluetooth low energy 20 feature in the Bluetooth specification defined by the Bluetooth 21 Special Interest Group. The standard Bluetooth radio has been widely 22 implemented and available in mobile phones, notebook computers, audio 23 headsets and many other devices. The low power version of Bluetooth 24 is a specification that enables the use of this air interface with 25 devices such as sensors, smart meters, appliances, etc. The low 26 power variant of Bluetooth has been standardized since revision 4.0 27 of the Bluetooth specifications, although version 4.1 or newer is 28 required for IPv6. This document describes how IPv6 is transported 29 over Bluetooth low energy using IPv6 over Low-power Wireless Personal 30 Area Network (6LoWPAN) techniques. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on February 5, 2016. 49 Copyright Notice 51 Copyright (c) 2015 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 1.1. Terminology and Requirements Language . . . . . . . . . . 3 68 2. Bluetooth Low Energy . . . . . . . . . . . . . . . . . . . . 3 69 2.1. Bluetooth LE stack . . . . . . . . . . . . . . . . . . . 4 70 2.2. Link layer roles and topology . . . . . . . . . . . . . . 5 71 2.3. Bluetooth LE device addressing . . . . . . . . . . . . . 6 72 2.4. Bluetooth LE packet sizes and MTU . . . . . . . . . . . . 6 73 3. Specification of IPv6 over Bluetooth Low Energy . . . . . . . 7 74 3.1. Protocol stack . . . . . . . . . . . . . . . . . . . . . 7 75 3.2. Link model . . . . . . . . . . . . . . . . . . . . . . . 8 76 3.2.1. IPv6 subnet model and Internet connectivity . . . . . 9 77 3.2.2. Stateless address autoconfiguration . . . . . . . . . 10 78 3.2.3. Neighbor discovery . . . . . . . . . . . . . . . . . 12 79 3.2.4. Header compression . . . . . . . . . . . . . . . . . 13 80 3.2.4.1. Remote destination example . . . . . . . . . . . 14 81 3.2.4.2. Example of registration of multiple-addresses . . 15 82 3.2.5. Unicast and Multicast address mapping . . . . . . . . 16 83 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 84 5. Security Considerations . . . . . . . . . . . . . . . . . . . 16 85 6. Additional contributors . . . . . . . . . . . . . . . . . . . 17 86 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 87 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 88 8.1. Normative References . . . . . . . . . . . . . . . . . . 18 89 8.2. Informative References . . . . . . . . . . . . . . . . . 19 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 92 1. Introduction 94 Bluetooth Smart is the brand name for the Bluetooth low energy 95 feature (hereinafter, Bluetooth LE) in the Bluetooth specification 96 defined by the Bluetooth Special Interest Group. Bluetooth LE is a 97 radio technology targeted for devices that operate with very low 98 capacity (e.g., coin cell) batteries or minimalistic power sources, 99 which means that low power consumption is essential. Bluetooth LE is 100 especially attractive technology for Internet of Things applications, 101 such as health monitors, environmental sensing, proximity 102 applications and many others. 104 Considering the potential for the exponential growth in the number of 105 sensors and Internet connected devices, IPv6 is an ideal protocol for 106 communication with such devices due to the large address space it 107 provides. In addition, IPv6 provides tools for stateless address 108 autoconfiguration, which is particularly suitable for sensor network 109 applications and nodes which have very limited processing power or 110 lack a full-fledged operating system. 112 This document describes how IPv6 is transported over Bluetooth LE 113 connections using IPv6 over Low power Wireless Personal Area Networks 114 (6LoWPAN) techniques. RFCs 4944, 6282, and 6775 115 [RFC4944][RFC6282][RFC6775] developed for 6LoWPAN specify the 116 transmission of IPv6 over IEEE 802.15.4 [fifteendotfour]. The 117 Bluetooth LE link in many respects has similar characteristics to 118 that of IEEE 802.15.4 and many of the mechanisms defined for the IPv6 119 over IEEE 802.15.4 can be applied to the transmission of IPv6 on 120 Bluetooth LE links. This document specifies the details of IPv6 121 transmission over Bluetooth LE links. 123 1.1. Terminology and Requirements Language 125 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 126 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 127 document are to be interpreted as described in RFC 2119 [RFC2119]. 129 The terms 6LoWPAN Node (6LN), 6LoWPAN Router (6LR) and 6LoWPAN Border 130 Router (6LBR) are defined as in [RFC6775], with an addition that 131 Bluetooth LE central and Bluetooth LE peripheral (see Section 2.2) 132 can both be either 6LN or 6LBR. 134 2. Bluetooth Low Energy 136 Bluetooth LE is designed for transferring small amounts of data 137 infrequently at modest data rates with a very small energy 138 expenditure per bit. Bluetooth Special Interest Group (Bluetooth 139 SIG) has introduced two trademarks, Bluetooth Smart for single-mode 140 devices (a device that only supports Bluetooth LE) and Bluetooth 141 Smart Ready for dual-mode devices (devices that support both 142 Bluetooth and Bluetooth LE; note that Bluetooth and Bluetooth LE are 143 different, non-interoperable radio technologies). In the rest of the 144 document, the term Bluetooth LE is used regardless of whether this 145 technology is supported by a single-mode or dual-mode device. 147 Bluetooth LE was introduced in Bluetooth 4.0, enhanced in Bluetooth 148 4.1 [BTCorev4.1], and developed even further in successive versions. 149 Bluetooth SIG has also published the Internet Protocol Support 150 Profile (IPSP) [IPSP], which includes the Internet Protocol Support 151 Service (IPSS). The IPSP enables discovery of IP-enabled devices and 152 establishment of a link layer connection for transporting IPv6 153 packets. IPv6 over Bluetooth LE is dependent on both Bluetooth 4.1 154 and IPSP 1.0 or more recent versions of either specification to 155 provide necessary capabilities. 157 Devices such as mobile phones, notebooks, tablets and other handheld 158 computing devices that incorporate chipsets implementing Bluetooth 159 4.1 or later will also have the low-energy functionality of 160 Bluetooth. Bluetooth LE is also expected to be included in many 161 different types of accessories that collaborate with mobile devices 162 such as phones, tablets and notebook computers. An example of a use 163 case for a Bluetooth LE accessory is a heart rate monitor that sends 164 data via the mobile phone to a server on the Internet. 166 2.1. Bluetooth LE stack 168 The lower layer of the Bluetooth LE stack consists of the Physical 169 (PHY), the Link Layer (LL), and a test interface called the Direct 170 Test Mode (DTM). The Physical Layer transmits and receives the 171 actual packets. The Link Layer is responsible for providing medium 172 access, connection establishment, error control and flow control. 173 The Direct Test Mode is only used for testing purposes. The upper 174 layer consists of the Logical Link Control and Adaptation Protocol 175 (L2CAP), Attribute Protocol (ATT), Security Manager (SM), Generic 176 Attribute Profile (GATT) and Generic Access Profile (GAP) as shown in 177 Figure 1. The Host Controller Interface (HCI) separates the lower 178 layers, often implemented in the Bluetooth controller, from higher 179 layers, often implemented in the host stack. GATT and Bluetooth LE 180 profiles together enable the creation of applications in a 181 standardized way without using IP. L2CAP provides multiplexing 182 capability by multiplexing the data channels from the above layers. 183 L2CAP also provides fragmentation and reassembly for large data 184 packets. The Security Manager defines a protocol and mechanisms for 185 pairing, key distribution and a security toolbox for the Bluetooth LE 186 device. 188 +-------------------------------------------------+ 189 | Applications | 190 +---------------------------------------+---------+ 191 | Generic Attribute Profile | Generic | 192 +--------------------+------------------+ Access | 193 | Attribute Protocol | Security Manager | Profile | 194 +--------------------+------------------+---------+ 195 | Logical Link Control and Adaptation Protocol | 196 - - -+-----------------------+-------------------------+- - - HCI 197 | Link Layer | Direct Test Mode | 198 +-------------------------------------------------+ 199 | Physical Layer | 200 +-------------------------------------------------+ 202 Figure 1: Bluetooth LE Protocol Stack 204 As shown in Section 3.1, IPv6 over Bluetooth LE requires an adapted 205 6LoWPAN layer which runs on top of Bluetooth LE L2CAP. 207 2.2. Link layer roles and topology 209 Bluetooth LE defines two GAP roles of relevance herein: the Bluetooth 210 LE central role and the Bluetooth LE peripheral role. A device in 211 the central role, which is called central from now on, has 212 traditionally been able to manage multiple simultaneous connections 213 with a number of devices in the peripheral role, called peripherals 214 from now on. A peripheral is commonly connected to a single central, 215 but with versions of Bluetooth from 4.1 onwards it can also connect 216 to multiple centrals at the same time. In this document for IPv6 217 networking purposes the Bluetooth LE network (i.e., a Bluetooth LE 218 piconet) follows a star topology shown in the Figure 2, where a 219 router typically implements the Bluetooth LE central role and the 220 rest of nodes implement the Bluetooth LE peripheral role. In the 221 future mesh networking and/or parallel connectivity to multiple 222 centrals at a time may be defined for IPv6 over Bluetooth LE. 224 Peripheral --. .-- Peripheral 225 \ / 226 Peripheral ---- Central ---- Peripheral 227 / \ 228 Peripheral --' '-- Peripheral 230 Figure 2: Bluetooth LE Star Topology 232 In Bluetooth LE, direct wireless communication only takes place 233 between a central and a peripheral. This means that inherently the 234 Bluetooth LE star represents a hub and spokes link model. 236 Nevertheless, two peripherals may communicate through the central by 237 using IP routing functionality per this specification. 239 2.3. Bluetooth LE device addressing 241 Every Bluetooth LE device is identified by a 48-bit device address. 242 The Bluetooth specification describes the device address of a 243 Bluetooth LE device as:"Devices are identified using a device 244 address. Device addresses may be either a public device address or a 245 random device address." [BTCorev4.1]. The public device addresses 246 are based on the IEEE 802-2001 standard [IEEE802-2001]. Random 247 device addresses and Bluetooth LE privacy feature are described in 248 Bluetooth Generic Access Profile specification sections 10.8 and 249 10.7, respectively [BTCorev4.1]. There are two types of random 250 device addresses: static and private addresses. The private 251 addresses are further divided into two sub-types: resolvable or non- 252 resolvable addresses, which are explained in depth in the referenced 253 Bluetooth specification. Once a static address is initialized, it 254 does not change until the device is power cycled. The static address 255 can be initialized to a new value after each power cycle, but that is 256 not mandatory. Recommended time interval before randomizing new 257 private address is 15 minutes, as determined by timer 258 T_GAP(private_addr_int) at Bluetooth Generic Access Profile 259 Table 17.1. The selection of which device address types are used is 260 implementation and deployment specific. In random addresses first 46 261 bits are randomized and last 2 bits indicate the random address type. 262 Bluetooth LE does not support device address collision avoidance or 263 detection. However, these 48 bit random device addresses have a very 264 small probability of being in conflict within a typical deployment. 266 2.4. Bluetooth LE packet sizes and MTU 268 The optimal MTU defined for L2CAP fixed channels over Bluetooth LE is 269 27 octets including the L2CAP header of 4 octets. The default MTU 270 for Bluetooth LE is hence defined to be 27 octets. Therefore, 271 excluding the L2CAP header of 4 octets, a protocol data unit (PDU) 272 size of 23 octets is available for upper layers. In order to be able 273 to transmit IPv6 packets of 1280 octets or larger, a link layer 274 fragmentation and reassembly solution is provided by the L2CAP layer. 275 The IPSP defines means for negotiating up a link layer connection 276 that provides an MTU of 1280 octets or higher for the IPv6 layer 277 [IPSP]. The link layer MTU is negotiated separately for each 278 direction. Implementations that require an equal link layer MTU for 279 the two directions SHALL use the smallest of the possibly different 280 MTU values. 282 3. Specification of IPv6 over Bluetooth Low Energy 284 Bluetooth LE technology sets strict requirements for low power 285 consumption and thus limits the allowed protocol overhead. 6LoWPAN 286 standards [RFC6775], and [RFC6282] provide useful functionality for 287 reducing overhead, which are applied to Bluetooth LE. This 288 functionality is comprised of link-local IPv6 addresses and stateless 289 IPv6 address autoconfiguration (see Section 3.2.2), Neighbor 290 Discovery (see Section 3.2.3), and header compression (see 291 Section 3.2.4). Fragmentation features from 6LoWPAN standards are 292 not used due to Bluetooth LE's link layer fragmentation support (see 293 Section 2.4). 295 A significant difference between IEEE 802.15.4 and Bluetooth LE is 296 that the former supports both star and mesh topologies (and requires 297 a routing protocol), whereas Bluetooth LE does not currently support 298 the formation of multihop networks at the link layer. However, 299 inter-peripheral communication through the central is enabled by 300 using IP routing functionality per this specification. 302 In Bluetooth LE a central node is assumed to be less resource 303 constrained than a peripheral node. Hence, in the primary deployment 304 scenario central and peripheral will act as 6LoWPAN Border Router 305 (6LBR) and a 6LoWPAN Node (6LN), respectively. 307 Before any IP-layer communications can take place over Bluetooth LE, 308 Bluetooth LE enabled nodes such as 6LNs and 6LBRs have to find each 309 other and establish a suitable link layer connection. The discovery 310 and Bluetooth LE connection setup procedures are documented by the 311 Bluetooth SIG in the IPSP specification [IPSP]. 313 In the rare case of Bluetooth LE random device address conflict, a 314 6LBR can detect multiple 6LNs with the same Bluetooth LE device 315 address, as well as a 6LN with the same Bluetooth LE address as the 316 6LBR. The 6LBR MUST ignore 6LNs with the same device address the 317 6LBR has, and the 6LBR MUST have at most one connection for a given 318 Bluetooth LE device address at any given moment. This will avoid 319 addressing conflicts within a Bluetooth LE network. 321 3.1. Protocol stack 323 Figure 3 illustrates how the IPv6 stack works in parallel to the GATT 324 stack on top of Bluetooth LE L2CAP layer. The GATT stack is needed 325 herein for discovering nodes supporting the Internet Protocol Support 326 Service. UDP and TCP are provided as examples of transport 327 protocols, but the stack can be used by any other upper layer 328 protocol capable of running atop of IPv6. 330 +---------+ +----------------------------+ 331 | IPSS | | UDP/TCP/other | 332 +---------+ +----------------------------+ 333 | GATT | | IPv6 | 334 +---------+ +----------------------------+ 335 | ATT | | 6LoWPAN for Bluetooth LE | 336 +---------+--+----------------------------+ 337 | Bluetooth LE L2CAP | 338 - - +-----------------------------------------+- - - HCI 339 | Bluetooth LE Link Layer | 340 +-----------------------------------------+ 341 | Bluetooth LE Physical | 342 +-----------------------------------------+ 344 Figure 3: IPv6 and IPSS on the Bluetooth LE Stack 346 3.2. Link model 348 The distinct concepts of the IPv6 link (layer 3) and the physical 349 link (combination of PHY and MAC) need to be clear and their 350 relationship has to be well understood in order to specify the 351 addressing scheme for transmitting IPv6 packets over the Bluetooth LE 352 link. RFC 4861 [RFC4861] defines a link as "a communication facility 353 or medium over which nodes can communicate at the link layer, i.e., 354 the layer immediately below IPv6." 356 In the case of Bluetooth LE, the 6LoWPAN layer is adapted to support 357 transmission of IPv6 packets over Bluetooth LE. The IPSP defines all 358 steps required for setting up the Bluetooth LE connection over which 359 6LoWPAN can function [IPSP], including handling the link layer 360 fragmentation required on Bluetooth LE, as described in Section 2.4. 361 Even though MTUs larger than 1280 octets can be supported, use of a 362 1280 octet MTU is RECOMMENDED in order to avoid need for Path MTU 363 discovery procedures. 365 While Bluetooth LE protocols, such as L2CAP, utilize little-endian 366 byte orderering, IPv6 packets MUST be transmitted in big endian order 367 (network byte order). 369 Per this specification, the IPv6 header compression format specified 370 in RFC 6282 MUST be used [RFC6282]. The IPv6 payload length can be 371 derived from the L2CAP header length and the possibly elided IPv6 372 address can be reconstructed from the link layer address, used at the 373 time of Bluetooth LE connection establishment, from the HCI 374 Connection Handle during connection, compression context if any, and 375 from address registration information (see Section 3.2.3). 377 Bluetooth LE connections used to build a star topology are point-to- 378 point in nature, as Bluetooth broadcast features are not used for 379 IPv6 over Bluetooth LE (except for discovery of nodes supporting 380 IPSS). After the peripheral and central have connected at the 381 Bluetooth LE level, the link can be considered up and IPv6 address 382 configuration and transmission can begin. 384 3.2.1. IPv6 subnet model and Internet connectivity 386 In the Bluetooth LE piconet model (see Section 2.2) peripherals each 387 have a separate link to the central and the central acts as an IPv6 388 router rather than a link layer switch. As discussed in [RFC4903], 389 conventional usage of IPv6 anticipates IPv6 subnets spanning a single 390 link at the link layer. As IPv6 over Bluetooth LE is intended for 391 constrained nodes, and for Internet of Things use cases and 392 environments, the complexity of implementing a separate subnet on 393 each peripheral-central link and routing between the subnets appears 394 to be excessive. In the Bluetooth LE case, the benefits of treating 395 the collection of point-to-point links between a central and its 396 connected peripherals as a single multilink subnet rather than a 397 multiplicity of separate subnets are considered to outweigh the 398 multilink model's drawbacks as described in [RFC4903]. 400 Hence a multilink model has been chosen, as further illustrated in 401 Figure 4. Because of this, link-local multicast communications can 402 happen only within a single Bluetooth LE connection, and thus 6LN-to- 403 6LN communications using link-local addresses are not possible. 6LNs 404 connected to the same 6LBR have to communicate with each other by 405 using the shared prefix used on the subnet. The 6LBR ensures address 406 collisions do not occur (see Section 3.2.3) and forwards packets sent 407 by one 6LN to another. 409 In a typical scenario, the Bluetooth LE network is connected to the 410 Internet as shown in the Figure 4. In this scenario, the Bluetooth 411 LE star is deployed as one subnet, using one /64 IPv6 prefix, with 412 each spoke representing individual link. The 6LBR is acting as 413 router and forwarding packets between 6LNs and to and from Internet. 415 / 416 .---------------. / 417 / 6LN \ / 418 / \ \ / 419 | \ | / 420 | 6LN ----------- 6LBR ----- | Internet 421 | <--Link--> / | \ 422 \ / / \ 423 \ 6LN / \ 424 '---------------' \ 425 \ 427 <------ Subnet -----><-- IPv6 connection --> 428 to Internet 430 Figure 4: Bluetooth LE network connected to the Internet 432 In some scenarios, the Bluetooth LE network may transiently or 433 permanently be an isolated network as shown in the Figure 5. In this 434 case the whole star consist of a single subnet with multiple links, 435 where 6LBR is at central routing packets between 6LNs. In simplest 436 case the isolated network has one 6LBR and one 6LN. 438 .-------------------. 439 / \ 440 / 6LN 6LN \ 441 / \ / \ 442 | \ / | 443 | 6LN --- 6LBR --- 6LN | 444 | / \ | 445 \ / \ / 446 \ 6LN 6LN / 447 \ / 448 '-------------------' 449 <--------- Subnet ----------> 451 Figure 5: Isolated Bluetooth LE network 453 3.2.2. Stateless address autoconfiguration 455 At network interface initialization, both 6LN and 6LBR SHALL generate 456 and assign to the Bluetooth LE network interface IPv6 link-local 457 addresses [RFC4862] based on the 48-bit Bluetooth device addresses 458 (see Section 2.3) that were used for establishing the underlying 459 Bluetooth LE connection. A 6LN and a 6LBR are RECOMMENDED to use 460 private Bluetooth device addresses. A 6LN SHOULD pick a different 461 Bluetooth device address for every Bluetooth LE connection with a 462 6LBR, and a 6LBR SHOULD periodically change its random Bluetooth 463 device address. Following the guidance of [RFC7136], a 64-bit 464 Interface Identifier (IID) is formed from the 48-bit Bluetooth device 465 address by inserting two octets, with hexadecimal values of 0xFF and 466 0xFE in the middle of the 48-bit Bluetooth device address as shown in 467 Figure 6. In the Figure letter 'b' represents a bit from the 468 Bluetooth device address, copied as is without any changes on any 469 bit. This means that no bit in the IID indicates whether the 470 underlying Bluetooth device address is public or random. 472 |0 1|1 3|3 4|4 6| 473 |0 5|6 1|2 7|8 3| 474 +----------------+----------------+----------------+----------------+ 475 |bbbbbbbbbbbbbbbb|bbbbbbbb11111111|11111110bbbbbbbb|bbbbbbbbbbbbbbbb| 476 +----------------+----------------+----------------+----------------+ 478 Figure 6: Formation of IID from Bluetooth device adddress 480 The IID is then prepended with the prefix fe80::/64, as described in 481 RFC 4291 [RFC4291] and as depicted in Figure 7. The same link-local 482 address SHALL be used for the lifetime of the Bluetooth LE L2CAP 483 channel. (After a Bluetooth LE logical link has been established, it 484 is referenced with a Connection Handle in HCI. Thus possibly 485 changing device addresses do not impact data flows within existing 486 L2CAP channels. Hence there is no need to change IPv6 link-local 487 addresses even if devices change their random device addresses during 488 L2CAP channel lifetime). 490 10 bits 54 bits 64 bits 491 +----------+-----------------+----------------------+ 492 |1111111010| zeros | Interface Identifier | 493 +----------+-----------------+----------------------+ 495 Figure 7: IPv6 link-local address in Bluetooth LE 497 A 6LN MUST join the all-nodes multicast address. There is no need 498 for 6LN to join the solicited-node multicast address, since 6LBR will 499 know device addresses and hence link-local addresses of all connected 500 6LNs. The 6LBR will ensure no two devices with the same Bluetooth LE 501 device address are connected at the same time. Detection of 502 duplicate link-local addresses is performed by the process on the 503 6LBR responsible for the discovery of IP-enabled Bluetooth LE nodes 504 and for starting Bluetooth LE connection establishment procedures. 506 This approach increases the complexity of 6LBR, but reduces power 507 consumption on both 6LN and 6LBR in the link establishment phase by 508 reducing the number of mandatory packet transmissions. 510 After link-local address configuration, the 6LN sends Router 511 Solicitation messages as described in [RFC4861] Section 6.3.7. 513 For non-link-local addresses, 6LNs SHOULD NOT be configured to embed 514 the Bluetooth device address in the IID by default. Alternative 515 schemes such as Cryptographically Generated Addresses (CGA) 516 [RFC3972], privacy extensions [RFC4941], Hash-Based Addresses (HBA, 517 [RFC5535]), DHCPv6 [RFC3315], or static, semantically opaque addreses 518 [RFC7217] SHOULD be used by default. In situations where the 519 Bluetooth device address is known to be a private device address and/ 520 or the header compression benefits of embedding the device address in 521 the IID are required to support deployment constraints, 6LNs MAY form 522 a 64-bit IID by utilizing the 48-bit Bluetooth device address. The 523 non-link-local addresses that a 6LN generates MUST be registered with 524 the 6LBR as described in Section 3.2.3. 526 The tool for a 6LBR to obtain an IPv6 prefix for numbering the 527 Bluetooth LE network is out of scope of this document, but can be, 528 for example, accomplished via DHCPv6 Prefix Delegation [RFC3633] or 529 by using Unique Local IPv6 Unicast Addresses (ULA) [RFC4193]. Due to 530 the link model of the Bluetooth LE (see Section 3.2.1) the 6LBR MUST 531 set the "on-link" flag (L) to zero in the Prefix Information Option 532 in Neighbor Discovery messages[RFC4861] (see Section 3.2.3). This 533 will cause 6LNs to always send packets to the 6LBR, including the 534 case when the destination is another 6LN using the same prefix. 536 3.2.3. Neighbor discovery 538 'Neighbor Discovery Optimization for IPv6 over Low-Power Wireless 539 Personal Area Networks (6LoWPANs)' [RFC6775] describes the neighbor 540 discovery approach as adapted for use in several 6LoWPAN topologies, 541 including the mesh topology. Bluetooth LE does not support mesh 542 networks and hence only those aspects that apply to a star topology 543 are considered. 545 The following aspects of the Neighbor Discovery optimizations 546 [RFC6775] are applicable to Bluetooth LE 6LNs: 548 1. A Bluetooth LE 6LN MUST NOT register its link-local address. A 549 Bluetooth LE 6LN MUST register its non-link-local addresses with the 550 6LBR by sending a Neighbor Solicitation (NS) message with the Address 551 Registration Option (ARO) and process the Neighbor Advertisement (NA) 552 accordingly. The NS with the ARO option MUST be sent irrespective of 553 the method used to generate the IID. If the 6LN registers for a same 554 compression context multiple addresses that are not based on 555 Bluetooth device address, the header compression efficiency will 556 decrease (see Section 3.2.4). 558 2. For sending Router Solicitations and processing Router 559 Advertisements the Bluetooth LE 6LNs MUST, respectively, follow 560 Sections 5.3 and 5.4 of the [RFC6775]. 562 3.2.4. Header compression 564 Header compression as defined in RFC 6282 [RFC6282], which specifies 565 the compression format for IPv6 datagrams on top of IEEE 802.15.4, is 566 REQUIRED as the basis for IPv6 header compression on top of Bluetooth 567 LE. All headers MUST be compressed according to RFC 6282 [RFC6282] 568 encoding formats. 570 The Bluetooth LE's star topology structure and ARO can be exploited 571 in order to provide a mechanism for address compression. The 572 following text describes the principles of IPv6 address compression 573 on top of Bluetooth LE. 575 The ARO option requires use of an EUI-64 identifier [RFC6775]. In 576 the case of Bluetooth LE, the field SHALL be filled with the 48-bit 577 device address used by the Bluetooth LE node converted into 64-bit 578 Modified EUI-64 format [RFC4291]. 580 To enable efficient header compression, when the 6LBR sends a Router 581 Advertisement it MUST include a 6LoWPAN Context Option (6CO) 582 [RFC6775] matching each address prefix advertised via a Prefix 583 Information Option (PIO) [RFC4861] for use in stateless address 584 autoconfiguration. 586 When a 6LN is sending a packet to a 6LBR, it MUST fully elide the 587 source address if it is a link-local address. For other packets to 588 or through a 6LBR with a non-link-local source address that the 6LN 589 has registered with ARO to the 6LBR for the indicated prefix, the 590 source address MUST be fully elided if it is the latest address that 591 the 6LN has registered for the indicated prefix. If a source non- 592 link-local address is not the latest registered, then the 64-bits of 593 the IID SHALL be fully carried in-line (SAM=01) or if the first 594 48-bits of the IID match with the latest registered address, then the 595 last 16-bits of the IID SHALL be carried in-line (SAM=10). That is, 596 if SAC=0 and SAM=11 the 6LN MUST be using the link-local IPv6 address 597 derived from Bluetooth LE device address, and if SAC=1 and SAM=11 the 598 6LN MUST have registered the source IPv6 address with the prefix 599 related to the compression context and the 6LN MUST be referring to 600 the latest registered address related to the compression context. 601 The IPv6 address MUST be considered to be registered only after the 602 6LBR has sent a Neighbor Advertisement with an ARO having its status 603 field set to success. The destination IPv6 address MUST be fully 604 elided if the destination address is 6LBR's link-local-address based 605 on the 6LBR's Bluetooth device address (DAC=0, DAM=11). The 606 destination IPv6 address MUST be fully or partially elided if context 607 has been set up for the destination address. For example, DAC=0 and 608 DAM=01 when destination prefix is link-local, and DAC=1 and DAM=01 if 609 compression context has been configured for the destination prefix 610 used. 612 When a 6LBR is transmitting packets to a 6LN, it MUST fully elide the 613 source IID if the source IPv6 address is the link-local address based 614 on the 6LBR's Bluetooth device address (SAC=0, SAM=11), and it MUST 615 elide the source prefix or address if a compression context related 616 to the IPv6 source address has been set up. The 6LBR also MUST fully 617 elide the destination IPv6 address if it is the link-local-address 618 based on the 6LN's Bluetooth device address (DAC=0, DAM=11), or if 619 the destination address is the latest registered by the 6LN with ARO 620 for the indicated context (DAC=1, DAM=11). If the destination 621 address is a non-link-local address and not the latest registered, 622 then the 6LN MUST either include the IID part fully in-line (DAM=01) 623 or, if the first 48-bits of the IID match to the latest registered 624 address, then elide those 48-bits (DAM=10). 626 3.2.4.1. Remote destination example 628 When a 6LN transmits an IPv6 packet to a remote destination using 629 global Unicast IPv6 addresses, if a context is defined for the 6LN's 630 global IPv6 address, the 6LN has to indicate this context in the 631 corresponding source fields of the compressed IPv6 header as per 632 Section 3.1 of RFC 6282 [RFC6282], and has to elide the full IPv6 633 source address previously registered with ARO (if using the latest 634 registered address, otherwise part or all of the IID may have to be 635 transmitted in-line). For this, the 6LN MUST use the following 636 settings in the IPv6 compressed header: SAC=1 and SAM=11. The CID 637 may be set 0 or 1, depending on which context is used. In this case, 638 the 6LBR can infer the elided IPv6 source address since 1) the 6LBR 639 has previously assigned the prefix to the 6LNs; and 2) the 6LBR 640 maintains a Neighbor Cache that relates the Device Address and the 641 IID the device has registered with ARO. If a context is defined for 642 the IPv6 destination address, the 6LN has to also indicate this 643 context in the corresponding destination fields of the compressed 644 IPv6 header, and elide the prefix of or the full destination IPv6 645 address. For this, the 6LN MUST set the DAM field of the compressed 646 IPv6 header as DAM=01 (if the context covers a 64-bit prefix) or as 647 DAM=11 (if the context covers a full, 128-bit address). DAC MUST be 648 set to 1. Note that when a context is defined for the IPv6 649 destination address, the 6LBR can infer the elided destination prefix 650 by using the context. 652 When a 6LBR receives an IPv6 packet sent by a remote node outside the 653 Bluetooth LE network, and the destination of the packet is a 6LN, if 654 a context is defined for the prefix of the 6LN's global IPv6 address, 655 the 6LBR has to indicate this context in the corresponding 656 destination fields of the compressed IPv6 header. The 6LBR has to 657 elide the IPv6 destination address of the packet before forwarding 658 it, if the IPv6 destination address is inferable by the 6LN. For 659 this, the 6LBR will set the DAM field of the IPv6 compressed header 660 as DAM=11 (if the address is the latest 6LN has registered). DAC 661 needs to be set to 1. If a context is defined for the IPv6 source 662 address, the 6LBR needs to indicate this context in the source fields 663 of the compressed IPv6 header, and elide that prefix as well. For 664 this, the 6LBR needs to set the SAM field of the IPv6 compressed 665 header as SAM=01 (if the context covers a 64-bit prefix) or SAM=11 666 (if the context covers a full, 128-bit address). SAC is to be set to 667 1. 669 3.2.4.2. Example of registration of multiple-addresses 671 As described above, a 6LN can register multiple non-link-local 672 addresses that map to a same compression context. From the multiple 673 address registered, only the latest address can be fully elided 674 (SAM=11, DAM=11), and the IIDs of previously registered addresses 675 have to be transmitted fully in-line (SAM=01, DAM=01) or in the best 676 case can be partially elided (SAM=10, DAM=10). This is illustred in 677 an example below. 679 1) A 6LN registers first address 2001:db8::1111:2222:3333:4444 to a 680 6LBR. At this point the address can be fully elided using SAC=1/ 681 SAM=11 or DAC=1/DAM=11. 683 2) The 6LN registers second address 2001:db8::1111:2222:3333:5555 to 684 the 6LBR. As the second address is now the latest registered, it can 685 be fully elided using SAC=1/SAM=11 or DAC=1/DAM=11. The first 686 address can now be partially elided using SAC=1/SAM=10 or DAC=1/ 687 DAM=10, as the first 112 bits of the address are the same between the 688 first and the second registered addresses. 690 3) Expiration of registration time for the first or the second 691 address has no impact on the compression. Hence even if the most 692 recently registered address expires, the first address can only be 693 partially elided (SAC=1/SAM=10, DAC=1/DAM=10). The 6LN can register 694 a new address, or re-register an expired address, to become able to 695 again fully elide an address. 697 3.2.5. Unicast and Multicast address mapping 699 The Bluetooth LE link layer does not support multicast. Hence 700 traffic is always unicast between two Bluetooth LE nodes. Even in 701 the case where a 6LBR is attached to multiple 6LNs, the 6LBR cannot 702 do a multicast to all the connected 6LNs. If the 6LBR needs to send 703 a multicast packet to all its 6LNs, it has to replicate the packet 704 and unicast it on each link. However, this may not be energy- 705 efficient and particular care must be taken if the central is 706 battery-powered. To further conserve power, the 6LBR MUST keep track 707 of multicast listeners at Bluetooth LE link level granularity (not at 708 subnet granularity) and it MUST NOT forward multicast packets to 6LNs 709 that have not registered as listeners for multicast groups the 710 packets belong to. In the opposite direction, a 6LN always has to 711 send packets to or through 6LBR. Hence, when a 6LN needs to transmit 712 an IPv6 multicast packet, the 6LN will unicast the corresponding 713 Bluetooth LE packet to the 6LBR. 715 4. IANA Considerations 717 There are no IANA considerations related to this document. 719 5. Security Considerations 721 The transmission of IPv6 over Bluetooth LE links has similar 722 requirements and concerns for security as for IEEE 802.15.4. 723 Bluetooth LE Link Layer security considerations are covered by the 724 IPSP [IPSP]. 726 Bluetooth LE Link Layer supports encryption and authentication by 727 using the Counter with CBC-MAC (CCM) mechanism [RFC3610] and a 728 128-bit AES block cipher. Upper layer security mechanisms may 729 exploit this functionality when it is available. (Note: CCM does not 730 consume octets from the maximum per-packet L2CAP data size, since the 731 link layer data unit has a specific field for them when they are 732 used.) 734 Key management in Bluetooth LE is provided by the Security Manager 735 Protocol (SMP), as defined in [BTCorev4.1]. 737 The Direct Test Mode offers two setup alternatives: with and without 738 accessible HCI. In designs with accessible HCI, the so called upper 739 tester communicates through the HCI (which may be supported by 740 Universal Asynchronous Receiver Transmitter (UART), Universal Serial 741 Bus (USB) and Secure Digital transports), with the Physical and Link 742 Layers of the Bluetooth LE device under test. In designs without 743 accessible HCI, the upper tester communicates with the device under 744 test through a two-wire UART interface. The Bluetooth specification 745 does not provide security mechanisms for the communication between 746 the upper tester and the device under test in either case. 747 Nevertheless, an attacker needs to physically connect a device (via 748 one of the wired HCI types) to the device under test to be able to 749 interact with the latter. 751 The IPv6 link-local address configuration described in Section 3.2.2 752 only reveals information about the 6LN to the 6LBR that the 6LBR 753 already knows from the link layer connection. This means that a 754 device using Bluetooth privacy features reveals the same information 755 in its IPv6 link-local addresses as in its device addresses. 756 Respectively, device not using privacy at Bluetooth level will not 757 have privacy at IPv6 link-local address either. For non-link local 758 addresses implementations have a choice to support, for example, 759 [I-D.ietf-6man-default-iids], [RFC3315], [RFC3972], [RFC4941], 760 [RFC5535], or [RFC7217]. 762 A malicious 6LN may attempt to perform a denial of service attack on 763 the Bluetooth LE network, for example, by flooding packets. This 764 sort of attack is mitigated by the fact that link-local multicast is 765 not bridged between Bluetooth LE links and by 6LBR being able to rate 766 limit packets sent by each 6LN by making smart use of Bluetooth LE 767 L2CAP credit-based flow control mechanism. 769 6. Additional contributors 771 Kanji Kerai, Jari Mutikainen, David Canfeng-Chen and Minjun Xi from 772 Nokia have contributed significantly to this document. 774 7. Acknowledgements 776 The Bluetooth, Bluetooth Smart and Bluetooth Smart Ready marks are 777 registred trademarks owned by Bluetooth SIG, Inc. 779 Carsten Bormann, Samita Chakrabarti, Niclas Comstedt, Alissa Cooper, 780 Elwyn Davies, Brian Haberman, Marcel De Kogel, Jouni Korhonen, Chris 781 Lonvick, Erik Nordmark, Erik Rivard, Dave Thaler, Pascal Thubert, 782 Xavi Vilajosana and Victor Zhodzishsky have provided valuable 783 feedback for this draft. 785 Authors would like to give special acknowledgements for Krishna 786 Shingala, Frank Berntsen, and Bluetooth SIG's Internet Working Group 787 for providing significant feedback and improvement proposals for this 788 document. 790 8. References 792 8.1. Normative References 794 [BTCorev4.1] 795 Bluetooth Special Interest Group, "Bluetooth Core 796 Specification Version 4.1", December 2013, 797 . 800 [IPSP] Bluetooth Special Interest Group, "Bluetooth Internet 801 Protocol Support Profile Specification Version 1.0.0", 802 December 2014, . 805 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 806 Requirement Levels", BCP 14, RFC 2119, 807 DOI 10.17487/RFC2119, March 1997, 808 . 810 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 811 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 812 2006, . 814 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 815 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 816 DOI 10.17487/RFC4861, September 2007, 817 . 819 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 820 Address Autoconfiguration", RFC 4862, 821 DOI 10.17487/RFC4862, September 2007, 822 . 824 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 825 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 826 DOI 10.17487/RFC6282, September 2011, 827 . 829 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 830 Bormann, "Neighbor Discovery Optimization for IPv6 over 831 Low-Power Wireless Personal Area Networks (6LoWPANs)", 832 RFC 6775, DOI 10.17487/RFC6775, November 2012, 833 . 835 [RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6 836 Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136, 837 February 2014, . 839 8.2. Informative References 841 [fifteendotfour] 842 IEEE Computer Society, "IEEE Std. 802.15.4-2011 IEEE 843 Standard for Local and metropolitan area networks--Part 844 15.4: Low-Rate Wireless Personal Area Networks (LR- 845 WPANs)", June 2011. 847 [I-D.ietf-6man-default-iids] 848 Gont, F., Cooper, A., Thaler, D., and S. LIU, 849 "Recommendation on Stable IPv6 Interface Identifiers", 850 draft-ietf-6man-default-iids-05 (work in progress), July 851 2015. 853 [IEEE802-2001] 854 Institute of Electrical and Electronics Engineers (IEEE), 855 "IEEE 802-2001 Standard for Local and Metropolitan Area 856 Networks: Overview and Architecture", 2002. 858 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 859 C., and M. Carney, "Dynamic Host Configuration Protocol 860 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 861 2003, . 863 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with 864 CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September 865 2003, . 867 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 868 Host Configuration Protocol (DHCP) version 6", RFC 3633, 869 DOI 10.17487/RFC3633, December 2003, 870 . 872 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 873 RFC 3972, DOI 10.17487/RFC3972, March 2005, 874 . 876 [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 877 Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005, 878 . 880 [RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903, 881 DOI 10.17487/RFC4903, June 2007, 882 . 884 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 885 Extensions for Stateless Address Autoconfiguration in 886 IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, 887 . 889 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, 890 "Transmission of IPv6 Packets over IEEE 802.15.4 891 Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, 892 . 894 [RFC5535] Bagnulo, M., "Hash-Based Addresses (HBA)", RFC 5535, 895 DOI 10.17487/RFC5535, June 2009, 896 . 898 [RFC7217] Gont, F., "A Method for Generating Semantically Opaque 899 Interface Identifiers with IPv6 Stateless Address 900 Autoconfiguration (SLAAC)", RFC 7217, 901 DOI 10.17487/RFC7217, April 2014, 902 . 904 Authors' Addresses 906 Johanna Nieminen 907 Nokia 909 Email: johannamaria.nieminen@gmail.com 911 Teemu Savolainen 912 Nokia 913 Visiokatu 3 914 Tampere 33720 915 Finland 917 Email: teemu.savolainen@nokia.com 919 Markus Isomaki 920 Nokia 921 Otaniementie 19 922 Espoo 02150 923 Finland 925 Email: markus.isomaki@nokia.com 926 Basavaraj Patil 927 AT&T 928 1410 E. Renner Road 929 Richardson, TX 75082 930 USA 932 Email: basavaraj.patil@att.com 934 Zach Shelby 935 Arm 936 Hallituskatu 13-17D 937 Oulu 90100 938 Finland 940 Email: zach.shelby@arm.com 942 Carles Gomez 943 Universitat Politecnica de Catalunya/i2CAT 944 C/Esteve Terradas, 7 945 Castelldefels 08860 946 Spain 948 Email: carlesgo@entel.upc.edu