idnits 2.17.1 draft-ietf-6lo-rfc6775-update-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC6775, but the abstract doesn't seem to directly say this. It does mention RFC6775 though, so this could be OK. -- The draft header indicates that this document updates RFC7400, but the abstract doesn't seem to mention this, which it should. -- The abstract seems to indicate that this document updates RFC6, but the header doesn't have an 'Updates:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 7, 2017) is 2547 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'IEEEstd802154' is mentioned on line 1141, but not defined == Outdated reference: A later version (-20) exists of draft-ietf-6lo-backbone-router-03 ** Obsolete normative reference: RFC 4941 (Obsoleted by RFC 8981) ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) == Outdated reference: A later version (-23) exists of draft-ietf-6lo-ap-nd-00 == Outdated reference: A later version (-22) exists of draft-ietf-6lo-nfc-06 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-11 == Outdated reference: A later version (-10) exists of draft-ietf-6tisch-terminology-08 == Outdated reference: A later version (-08) exists of draft-ietf-bier-architecture-05 Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo P. Thubert, Ed. 3 Internet-Draft cisco 4 Updates: 6775, 7400 (if approved) E. Nordmark 5 Intended status: Standards Track 6 Expires: October 9, 2017 S. Chakrabarti 7 April 7, 2017 9 An Update to 6LoWPAN ND 10 draft-ietf-6lo-rfc6775-update-02 12 Abstract 14 This specification updates 6LoWPAN Neighbor Discovery (RFC 6775), to 15 clarify the role of the protocol as a registration technique, 16 simplify the registration operation in 6LoWPAN routers, and provide 17 enhancements to the registration capabilities, in particular for the 18 registration to a Backbone Router for proxy ND operations. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on October 9, 2017. 37 Copyright Notice 39 Copyright (c) 2017 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Considerations On Registration Rejection . . . . . . . . . . 3 56 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 4. Updating RFC 7400 . . . . . . . . . . . . . . . . . . . . . . 5 58 5. Updating RFC 6775 . . . . . . . . . . . . . . . . . . . . . . 5 59 5.1. Transaction ID . . . . . . . . . . . . . . . . . . . . . 6 60 5.2. Owner Unique ID . . . . . . . . . . . . . . . . . . . . . 6 61 5.3. Extended Address Registration Option . . . . . . . . . . 7 62 5.4. Registering the Target Address . . . . . . . . . . . . . 7 63 5.5. Link-local Addresses and Registration . . . . . . . . . . 8 64 6. Updated ND Options . . . . . . . . . . . . . . . . . . . . . 9 65 6.1. New 6LoWPAN capability Bits in the Capability Indication 66 Option . . . . . . . . . . . . . . . . . . . . . . . . . 9 67 6.2. The Enhanced Address Registration Option (EARO) . . . . . 10 68 7. Backward Compatibility . . . . . . . . . . . . . . . . . . . 13 69 7.1. Discovering the capabilities of an ND peer . . . . . . . 13 70 7.1.1. Using the E Flag in the CIO . . . . . . . . . . . . . 13 71 7.1.2. Using the T Flag in the EARO . . . . . . . . . . . . 13 72 7.2. Legacy 6LoWPAN Node . . . . . . . . . . . . . . . . . . . 14 73 7.3. Legacy 6LoWPAN Router . . . . . . . . . . . . . . . . . . 14 74 7.4. Legacy 6LoWPAN Border Router . . . . . . . . . . . . . . 14 75 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 76 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 77 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 78 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 79 11.1. Normative References . . . . . . . . . . . . . . . . . . 17 80 11.2. Informative References . . . . . . . . . . . . . . . . . 18 81 11.3. External Informative References . . . . . . . . . . . . 20 82 Appendix A. Applicability and Requirements Served . . . . . . . 20 83 Appendix B. Requirements . . . . . . . . . . . . . . . . . . . . 21 84 B.1. Requirements Related to Mobility . . . . . . . . . . . . 22 85 B.2. Requirements Related to Routing Protocols . . . . . . . . 22 86 B.3. Requirements Related to the Variety of Low-Power Link 87 types . . . . . . . . . . . . . . . . . . . . . . . . . . 23 88 B.4. Requirements Related to Proxy Operations . . . . . . . . 24 89 B.5. Requirements Related to Security . . . . . . . . . . . . 24 90 B.6. Requirements Related to Scalability . . . . . . . . . . . 25 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 93 1. Introduction 95 RFC 6775, the "Neighbor Discovery Optimization for IPv6 over Low- 96 Power Wireless Personal Area Networks (6LoWPANs)" [RFC6775] 97 introduced a proactive registration mechanism to IPv6 Neighbor 98 Discovery (ND) services that is well suited to nodes belonging to a 99 Low Power Lossy Network (LLN). 101 The scope of this draft is an IPv6 LLN, which can be a simple star or 102 a more complex mesh topology. The LLN may be anchored at an IPv6 103 Backbone Router (6BBR) [I-D.ietf-6lo-backbone-router]. The 6BBRs 104 interconnect the LLNs over a Backbone Link and emulate that the LLN 105 nodes are present on the Backbone using proxy-ND operations. 107 This specification modifies and extends the behaviour and protocol 108 elements of RFC 6775 [RFC6775] to enable additional capabilities, in 109 particular the registration to a 6BBR for proxy ND operations. 111 2. Considerations On Registration Rejection 113 The purpose of the Address Registration Option (ARO) RFC 6775 114 [RFC6775] and of the Extended ARO (EARO) that is introduced in this 115 document is to facilitate duplicate address detection (DAD) for hosts 116 and pre-populate Neighbor Cache Entries (NCE) [RFC4861] in the 117 routers to reduce the need for sending multicast neighbor 118 solicitations and also to be able to support IPv6 Backbone Routers. 120 In some cases the address registration can fail or be useless for 121 reasons other than a duplicate address. Examples are the router 122 having run out of space, a registration bearing a stale sequence 123 number (e.g. denoting a movement of the host after this registration 124 was placed), a host misbehaving and attempting to register an invalid 125 address such as the unspecified address [RFC4291], or the host using 126 an address which is not topologically correct on that link. In such 127 cases the host will receive an error to help diagnose the issue and 128 may retry, possibly with a different address, and possibly 129 registering to a different 6LR, depending on the returned error. 131 However, the ability to return errors to address registrations MUST 132 NOT be used to restrict the ability of hosts to form and use 133 addresses as recommended in "Host Address Availability 134 Recommendations" [RFC7934]. In particular, this is needed for 135 enhanced privacy, which implies that each host will register a 136 multiplicity of address as part mechanisms like "Privacy Extensions 137 for Stateless Address Autoconfiguration (SLAAC) in IPv6" [RFC4941]. 138 This implies that a 6LR or 6LBR which is intended to support N hosts 139 MUST have space to register at least on the order of 10N IPv6 140 addresses. 142 3. Terminology 144 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 145 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 146 document are to be interpreted as described in RFC 2119 [RFC2119]. 148 Readers are expected to be familiar with all the terms and concepts 149 that are discussed in 151 "Neighbor Discovery for IP version 6" [RFC4861], 153 "IPv6 Stateless Address Autoconfiguration" [RFC4862], 155 "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 156 Overview, Assumptions, Problem Statement, and Goals" [RFC4919], 158 "Neighbor Discovery Optimization for Low-power and Lossy Networks" 159 [RFC6775] and 161 "Multi-link Subnet Support in IPv6" 162 [I-D.ietf-ipv6-multilink-subnets]. 164 Additionally, this document uses terminology from 166 "Terms Used in Routing for Low-Power and Lossy Networks" [RFC7102] 167 and 169 the "6TiSCH Terminology" [I-D.ietf-6tisch-terminology], 171 as well as this additional terminology: 173 Backbone This is an IPv6 transit link that interconnects 2 or more 174 Backbone Routers. It is expected to be deployed as a high 175 speed backbone in order to federate a potentially large set of 176 LLNS. Also referred to as a LLN backbone or Backbone network. 178 Backbone Router An IPv6 router that federates the LLN using a 179 Backbone link as a backbone. A 6BBR acts as a 6LoWPAN Border 180 Routers (6LBR) and an Energy Aware Default Router (NEAR). 182 Extended LLN This is the aggregation of multiple LLNs as defined in 183 RFC 4919 [RFC4919], interconnected by a Backbone Link via 184 Backbone Routers, and forming a single IPv6 MultiLink Subnet. 186 Registration The process during which a wireless Node registers its 187 address(es) with the Border Router so the 6BBR can proxy ND for 188 it over the backbone. 190 Binding The state in the 6BBR that associates an IP address with a 191 MAC address, a port and some other information about the node 192 that owns the IP address. 194 Registered Node The node for which the registration is performed, 195 which owns the fields in the EARO option. 197 Registering Node The node that performs the registration to the 198 6BBR, either for one of its own addresses, in which case it is 199 Registered Node and indicates its own MAC Address as Source 200 Link Layer Address (SLLA) in the NS(EARO), or on behalf of a 201 Registered Node that is reachable over a LLN mesh. In the 202 latter case, if the Registered Node is reachable from the 6BBR 203 over a Mesh-Under mesh, the Registering Node indicates the MAC 204 Address of the Registered Node as SLLA in the NS(EARO). 205 Otherwise, it is expected that the Registered Device is 206 reachable over a Route-Over mesh from the Registering Node, in 207 which case the SLLA in the NS(ARO) is that of the Registering 208 Node, which causes it to attract the packets from the 6BBR to 209 the Registered Node and route them over the LLN. 211 Registered Address The address owned by the Registered Node node 212 that is being registered. 214 4. Updating RFC 7400 216 RFC 7400 [RFC7400] introduces the 6LoWPAN Capability Indication 217 Option (6CIO) to indicate a node's capabilities to its peers. This 218 specification extends the format defined in RFC 7400 to signal the 219 support for EARO, as well as the capability to act as a 6LR, 6LBR and 220 6BBR. 222 With RFC 7400 [RFC7400], the 6CIO is typically sent Router 223 Solicitation (RS) messages. When used to signal the capabilities 224 above per this specification, the 6CIO is typically present Router 225 Advertisement (RA) messages but can also be present in RS, Neighbor 226 Solicitation (NS) and Neighbor Advertisement (NA) messages. 228 5. Updating RFC 6775 230 This specification extends the Address Registration Option (ARO) 231 defined in RFC 6775 [RFC6775]; in particular a "T" flag is added that 232 must be set is NS messages when this specification is used, and 233 echo'ed in NA messages to confirm that the protocol effectively 234 supported. Support for this specification can thus be inferred from 235 the presence of the Extended ARO ("T" flag set) in ND messages. 237 A Registering Node that supports this specification will favor 238 registering to a 6LR that indicates support for this specification 239 over that of RFC 6775 [RFC6775]. 241 5.1. Transaction ID 243 The specification expects that the Registered Node can provide a 244 sequence number called Transaction ID (TID) that is incremented with 245 each re-registration. The TID essentially obeys the same rules as 246 the Path Sequence field in the Transit Information Option (TIO) found 247 in RPL's Destination Advertisement Object (DAO). This way, the LLN 248 node can use the same counter for ND and RPL, and a 6LBR acting as 249 RPL root may easily maintain the registration on behalf of a RPL node 250 deep inside the mesh by simply using the RPL TIO Path Sequence as TID 251 for EARO. 253 When a Registered Node is registered to multiple BBRs in parallel, it 254 is expected that the same TID is used, to enable the 6BBRs to 255 correlate the registrations as being a single one, and differentiate 256 that situation from a movement. 258 If the TIDs are different, the resolution inherited from RPL sorts 259 out the most recent registration and other ones are removed. The 260 operation for computing and comparing the Path Sequence is detailed 261 in section 7 of RFC 6550 [RFC6550] and applies to the TID in the 262 exact same fashion. 264 5.2. Owner Unique ID 266 The Owner Unique ID (OUID) enables to differentiate a real duplicate 267 address registration from a double registration or a movement. An ND 268 message from the 6BBR over the backbone that is proxied on behalf of 269 a Registered Node must carry the most recent EARO option seen for 270 that node. A NS/NA with an EARO and a NS/NA without a EARO thus 271 represent different nodes and if they relate to a same target then 272 they reflect an address duplication. The Owner Unique ID can be as 273 simple as a EUI-64 burn-in address, if duplicate EUI-64 addresses are 274 avoided. 276 Alternatively, the unique ID can be a cryptographic string that can 277 can be used to prove the ownership of the registration as discussed 278 in "Address Protected Neighbor Discovery for Low-power and Lossy 279 Networks" [I-D.ietf-6lo-ap-nd]. 281 In any fashion, it is recommended that the node stores the unique Id 282 or the keys used to generate that ID in persistent memory. 283 Otherwise, it will be prevented to re-register after a reboot that 284 would cause a loss of memory until the Backbone Router times out the 285 registration. 287 5.3. Extended Address Registration Option 289 This specification extends the ARO option that is used for the 290 process of address registration. The new ARO is referred to as 291 Extended ARO (EARO), and its semantics are modified as follows: 293 The address that is being registered with a Neighbor Solicitation 294 (NS) with an EARO is now the Target Address, as opposed to the Source 295 Address as specified in RFC 6775 [RFC6775]. This change enables a 296 6LBR to use an address of his as source to the proxy-registration of 297 an address that belongs to a LLN Node to a 6BBR. This also limits 298 the use of an address as source address before it is registered and 299 the associated Duplicate Address Detection (DAD) is complete. 301 The Unique ID in the EARO option does no more have to be a MAC 302 address. A new TLV format is introduced and a IANA registry is 303 created for the type (TBD). This enables in particular the use of a 304 Provable Temporary UID (PT-UID) as opposed to burn-in MAC address, 305 the PT-UID providing a trusted anchor by the 6LR and 6LBR to protect 306 the state associated to the node. 308 The specification introduces a Transaction ID (TID) field in the 309 EARO. The TID MUST be provided by a node that supports this 310 specification and a new T flag MUST be set to indicate so. The T bit 311 can be used to determine whether the peer supports this 312 specification. 314 5.4. Registering the Target Address 316 This specification changes the behaviour of the 6LN and the 6LR so 317 that the Registered Address is found in the Target Address field of 318 the NS and NA messages as opposed to the Source Address. 320 The reason for this change is to enable proxy-registrations on behalf 321 of other nodes in Route-Over meshes, for instance to enable that a 322 RPL root registers addresses on behalf LLN nodes that are deeper in a 323 6TiSCH mesh, as discussed in Appendix B.4. In that case, the 324 Registering Node MUST indicate its own address as source of the ND 325 message and its MAC address in the Source Link-Layer Address Option 326 (SLLAO), since it still expects to get the packets and route them 327 down the mesh. But the Registered Address belongs to another node, 328 the Registered Node, and that address is indicated in the Target 329 Address field of the NS message. 331 With this convention, a TLLA option indicates the link-layer address 332 of the 6LN that owns the address, whereas the SLLA Option in a NS 333 message indicates that of the Registering Node, which can be the 334 owner device, or a proxy. 336 Since the Registering Node is the one that has reachability with the 337 6LR, and is the one expecting packets for the 6LN, it makes sense to 338 maintain compatibility with RFC 6775 [RFC6775], and it is REQUIRED 339 that an SLLA Option is always placed in a registration NS(EARO) 340 message. 342 5.5. Link-local Addresses and Registration 344 Considering that LLN nodes are often not wired and may move, there is 345 no guarantee that a link-local address stays unique between a 346 potentially variable and unbounded set of neighboring nodes. 347 Compared to RFC 6775 [RFC6775], this specification only requires that 348 a link-local address is unique from the perspective of the peering 349 nodes. This simplifies the Duplicate Address Detection (DAD) for 350 link-local addresses, and there is no DAR/DAC exchange between the 351 6LR and a 6LBR for link-local addresses. 353 Additionally, RFC 6775 [RFC6775] requires that a 6LoWPAN Node (6LN) 354 uses an address being registered as the source of the registration 355 message. This generates complexities in the 6LR to be able to cope 356 with a potential duplication, in particular for global addresses. To 357 simplify this, a 6LN and a 6LR that conform this specification always 358 use link-local addresses as source and destination addresses for the 359 registration NS/NA exchange. As a result, the registration is 360 globally faster, and some of the complexity is removed. 362 In more details: 364 An exchange between two nodes using link-local addresses implies that 365 they are reachable over one hop and that at least one of the 2 nodes 366 acts as a 6LR. A node MUST register a link-local address to a 6LR in 367 order to obtain reachability from that 6LR beyond the current 368 exchange, and in particular to use the link-local address as source 369 address to register other addresses, e.g. global addresses. 371 If there is no collision with an address previously registered to 372 this 6LR by another 6LN, then, from the standpoint of this 6LR, this 373 link-local address is unique and the registration is acceptable. 374 Conversely, it may possibly happen that two different 6LRs expose a 375 same link-local address but different link-layer addresses. In that 376 case, a 6LN may only interact with one of the 6LR so as to avoid 377 confusion in the 6LN neighbor cache. 379 The DAD process between the 6LR and a 6LoWPAN Border Router (6LBR), 380 which is based on a Duplicate Address Request (DAR) / Duplicate 381 Address Confirmation (DAC) exchange as described in RFC 6775 382 [RFC6775], does not need to take place for link-local addresses. 384 It is desired that a 6LR does not need to modify its state associated 385 to the Source Address of an NS(EARO) message. For that reason, when 386 possible, it is RECOMMENDED to use an address that is already 387 registered with a 6LR 389 When registering to a 6LR that conforms this specification, a node 390 MUST use a link-local address as the source address of the 391 registration, whatever the type of IPv6 address that is being 392 registered. That link-local Address MUST be either already 393 registrered, or the address that is being registered. 395 When a Registering Node does not have an already-registered address, 396 it MUST register a link-local address, using it as both the Source 397 and the Target Address of an NS(EARO) message. In that case, it is 398 RECOMMENDED to use a link-local address that is (expected to be) 399 globally unique, e.g. derived from a burn-in MAC address. An EARO 400 option in the response NA indicates that the 6LR supports this 401 specification. 403 Since there is no DAR/DAC exchange for link-local addresses, the 6LR 404 may answer immediately to the registration of a link-local address, 405 based solely on its existing state and the Source Link-Layer Option 406 that MUST be placed in the NS(EARO) message as required in RFC 6775 407 [RFC6775]. 409 A node needs to register its IPv6 Global Unicast IPv6 Addresses (GUA) 410 to a 6LR in order to obtain a global reachability for these addresses 411 via that 6LR. As opposed to a node that complies to RFC 6775 412 [RFC6775], a Registering Node registering a GUA does not use that GUA 413 as Source Address for the registration to a 6LR that conforms this 414 specification. The DAR/DAC exchange MUST take place for non-link- 415 local addresses as prescribed by RFC 6775 [RFC6775]. 417 6. Updated ND Options 419 This specification does not introduce new options, but it modifies 420 existing ones and updates the associated behaviours as follow: 422 6.1. New 6LoWPAN capability Bits in the Capability Indication Option 424 This specification defines a number of capability bits in the CIO 425 that was introduced by RFC 7400 [RFC7400]. 427 Support for this specification is indicated by setting the "E" flag 428 in a CIO option. Routers that are capable of acting as 6LR, 6LBR and 429 6BBR SHOULD set the L, B andP flags, respectively. 431 Those flags are not mutually exclusive and if a router is capable of 432 multiple roles, it SHOULD set all the related flags. 434 0 1 2 3 435 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 437 | Type | Length = 1 |_____________________|L|B|P|E|G| 438 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 439 |_______________________________________________________________| 440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 Figure 1: New capability Bits L, B, P, E in the CIO 444 Option Fields 446 Type: 36 448 L: Node is a 6LR, it can take registrations. 450 B: Node is a 6LBR. 452 P: Node is a 6BBR, proxying for nodes on this link. 454 E: This specification is supported and applied. 456 6.2. The Enhanced Address Registration Option (EARO) 458 The Enhanced Address Registration Option (EARO) is intended to be 459 used as a replacement to the ARO option within Neighbor Discovery NS 460 and NA messages between a LLN node and its 6LoWPAN Router (6LR), as 461 well as in Duplicate Address Request (DAR) and the Duplicate Address 462 Confirmation (DAC) messages between 6LRs and 6LBRs in LLNs meshes 463 such as 6TiSCH networks. 465 An NS message with an EARO option is a registration if and only if it 466 also carries an SLLAO option. The AERO option also used in NS and NA 467 messages between Backbone Routers over the backbone link to sort out 468 the distributed registration state, and in that case, it does not 469 carry the SLLAO option and is not confused with a registration. 471 The EARO extends the ARO and is recognized by the "T" flag set. 473 When using the EARO option, the address being registered is found in 474 the Target Address field of the NS and NA messages. This differs 475 from 6LoWPAN ND RFC 6775 [RFC6775] which specifies that the address 476 being registered is the source of the NS. 478 The format of the EARO option is as follows: 480 0 1 2 3 481 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 483 | Type | Length = 2 | Status | Reserved | 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 485 | Reserved |T| TID | Registration Lifetime | 486 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 487 | | 488 + Owner Unique ID (EUI-64 or equivalent) + 489 | | 490 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 492 Figure 2: EARO 494 Option Fields 496 Type: 33 498 Length: 8-bit unsigned integer. 500 Status: 8-bit unsigned integer. Indicates the status of a 501 registration in the NA response. MUST be set to 0 in NS messages. 502 See Table 1 below. 504 Reserved: This field is unused. It MUST be initialized to zero by 505 the sender and MUST be ignored by the receiver. 507 T: One bit flag. Set if the next octet is a used as a TID. 509 TID: 1-byte integer; a transaction id that is maintained by the node 510 and incremented with each transaction. it is recommended that the 511 node maintains the TID in a persistent storage. 513 Registration Lifetime: 16-bit integer; expressed in minutes. 0 514 means that the registration has ended and the state should be 515 removed. 517 Owner Unique Identifier (OUI): A globally unique identifier for the 518 node associated. This can be the EUI-64 derived IID of an 519 interface, or some provable ID obtained cryptographically. 521 +-------+-----------------------------------------------------------+ 522 | Value | Description | 523 +-------+-----------------------------------------------------------+ 524 | 0..2 | See RFC 6775 [RFC6775]. Note that a Status of 1 | 525 | | "Duplicate Address" applies to the Registered Address. If | 526 | | the Source Address conflicts with an existing | 527 | | registration, "Duplicate Source Address" should be used | 528 | | instead | 529 | | | 530 | 3 | Moved: The registration fails because it is not the | 531 | | freshest. This status indicates that the registration is | 532 | | rejected because another more recent registration was | 533 | | done, as indicated by a same OUI and a more recent TID. | 534 | | One possible cause is a stale registration that has | 535 | | progressed slowly in the network and was passed by a more | 536 | | recent one. It could also indicate a OUI collision. | 537 | | | 538 | 4 | Removed: The binding state was removed. This may be | 539 | | placed in an asynchronous NS(ARO) message, or as the | 540 | | rejection of a proxy registration to a Backbone Router | 541 | | | 542 | 5 | Proof requested: The registering node is challenged for | 543 | | owning the registered address or for being an acceptable | 544 | | proxy for the registration. This status is expected in | 545 | | asynchronous messages from a registrar (6LR, 6LBR, 6BBR) | 546 | | to indicate that the registration state is removed, for | 547 | | instance due to time out of a lifetime, or a movement. It | 548 | | is used for instance by a 6BBR in a NA(ARO) message to | 549 | | indicate that the ownership of the proxy state on the | 550 | | backbone was transfered to another 6BBR, which is | 551 | | indicative of a movement of the device. The receiver of | 552 | | the NA is the device that has performed a registration | 553 | | that is now stale and it should clean up its state. | 554 | | | 555 | 6 | Duplicate Source Address: The address used as source of | 556 | | the NS(ARO) conflicts with an existing registration. | 557 | | | 558 | 7 | Invalid Source Address: The address used as source of the | 559 | | NS(ARO) is not usable on this link, e.g. it is not | 560 | | topologically correct | 561 | | | 562 | 8 | Invalid Registered Address: The address being registered | 563 | | is not usable on this link, e.g. it is not topologically | 564 | | correct | 565 +-------+-----------------------------------------------------------+ 567 Table 1: EARO Status 569 7. Backward Compatibility 571 7.1. Discovering the capabilities of an ND peer 573 7.1.1. Using the E Flag in the CIO 575 If the CIO is used in an ND message, then the "E" Flag MUST be set by 576 the sending node if supports this specification. 578 It is RECOMMENDED that a router that supports this specification 579 indicates so with a CIO option, but this might not be practical if 580 the link-layer MTU is too small. 582 If the registering node receives a CIO in a RA, then the setting of 583 the E" Flag indicates whether or not this specification is supported. 585 7.1.2. Using the T Flag in the EARO 587 One alternate way for a 6LN to discover the router's capabilities to 588 first register a Link Local address, placing the same address in the 589 Source and Target Address fields of the NS message, and setting the 590 "T" Flag. The node may for instance register an address that is 591 based on EUI-64. For such address, DAD is not required and using the 592 SLLAO option in the NS is actually more amenable with existing ND 593 specifications such as the "Optimistic Duplicate Address Detection 594 (DAD) for IPv6" [RFC4429]. Once that first registration is complete, 595 the node knows from the setting of the "T" Flag in the response 596 whether the router supports this specification. If this is verified, 597 the node may register other addresses that it owns, or proxy-register 598 addresses on behalf some another node, indicating those addresses 599 being registered in the Target Address field of the NS messages, 600 while using one of its own, already registered, addresses as source. 602 A node that supports this specification MUST always use an EARO as a 603 replacement to an ARO in its registration to a router. This is 604 harmless since the "T" flag and TID field are reserved in RFC 6775 605 [RFC6775] are ignored by a legacy router. A router that supports 606 this specification answers to an ARO with an ARO and to an EARO with 607 an EARO. 609 This specification changes the behavior of the peers in a 610 registration flows. To enable backward compatibility, a node that 611 registers to a router that is not known to support this specification 612 MUST behave as prescribed by RFC 6775 [RFC6775]. Once the router is 613 known to support this specification, the node MUST obey this 614 specification. 616 7.2. Legacy 6LoWPAN Node 618 A legacy 6LN will use the registered address as source and will not 619 use an EARO option. In order to be backward compatible, an updated 620 6LR needs to accept that registration if it is valid per the 621 "Cryptographically Generated Addresses (CGA)" [RFC3972] 622 specification, and manage the binding cache accordingly. 624 The main difference with RFC 3972 [RFC3972] is that DAR/DAC exchange 625 for DAD may be avoided for link-local addresses. Additionally, the 626 6LR SHOULD use an EARO in the reply, and may use any of the status 627 codes defined in this specification. 629 7.3. Legacy 6LoWPAN Router 631 The first registration by a an updated 6LN is for a link-local 632 address, using that link-local address as source. A legacy 6LN will 633 not makes a difference and accept -or reject- that registration as if 634 the 6LN was a legacy node. 636 An updated 6LN will always use an EARO option in the registration NS 637 message, whereas a legacy 6LN will always areply with an ARO option 638 in the NA message. So from that first registration, the updated 6LN 639 can figure whether the 6LR supports this specification or not. 641 When facing a legacy 6LR, an updated 6LN may attempt to find an 642 alternate 6LR that is updated. In order to be backward compatible, 643 based on the discovery that a 6LR is legacy, the 6LN needs to 644 fallback to legacy behaviour and source the packet with the 645 registrered address. 647 The main difference is that the updated 6LN SHOULD use an EARO in the 648 request regardless of the type of 6LN, legacy or updated 650 7.4. Legacy 6LoWPAN Border Router 652 With this specification, the DAR/DAC transports an EARO option as 653 opposed to an ARO option. As described for the NS/NA exchange, 654 devices that support this specification always use an EARO option and 655 all the associated behaviour. 657 8. Security Considerations 659 This specification expects that the link layer is sufficiently 660 protected, either by means of physical or IP security for the 661 Backbone Link or MAC sublayer cryptography. In particular, it is 662 expected that the LLN MAC provides secure unicast to/from the 663 Backbone Router and secure Broadcast from the Backbone Router in a 664 way that prevents tempering with or replaying the RA messages. 666 The use of EUI-64 for forming the Interface ID in the link-local 667 address prevents the usage of "SEcure Neighbor Discovery (SEND)" 668 [RFC3971] and CGA [RFC3972], and that of address privacy techniques. 669 This specification RECOMMENDS the use of additional protection 670 against address theft such as provided by "Address Protected Neighbor 671 Discovery for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd], 672 which guarantees the ownership of the OUID. 674 When the ownership of the OUID cannot be assessed, this specification 675 limits the cases where the OUID and the TID are multicasted, and 676 obfuscates them in responses to attempts to take over an address. 678 The LLN nodes depend on the 6LBR and the 6BBR for their operation. A 679 trust model must be put in place to ensure that the right devices are 680 acting in these roles, so as to avoid threats such as black-holing, 681 or bombing attack whereby an impersonated 6LBR would destroy state in 682 the network by using the "Removed" status code. 684 9. IANA Considerations 686 IANA is requested to create a new subregistry for "ARO Flags" under 687 the "Internet Control Message Protocol version 6 (ICMPv6) 688 Parameters". This specification defines 8 positions, bit 0 to bit 7, 689 and assigns bit 7 for the "T" flag in Section 6.2. The policy is 690 "IETF Review" or "IESG Approval" [RFC5226]. The initial content of 691 the registry is as shown in Table 2. 693 New subregistry for ARO Flags under the "Internet Control Message 694 Protocol version 6 (ICMPv6) Parameters" 696 +------------+--------------+-----------+ 697 | ARO Status | Description | Document | 698 +------------+--------------+-----------+ 699 | 0..6 | Unassigned | | 700 | | | | 701 | 7 | "T" Flag | RFC This | 702 +------------+--------------+-----------+ 704 Table 2: new ARO Flags 706 IANA is requested to make additions to existing registries as 707 follows: 709 Address Registration Option Status Values Registry 711 +------------+----------------------------+-----------+ 712 | ARO Status | Description | Document | 713 +------------+----------------------------+-----------+ 714 | 3 | Moved | RFC This | 715 | | | | 716 | 4 | Removed | RFC This | 717 | | | | 718 | 5 | Proof requested | RFC This | 719 | | | | 720 | 6 | Duplicate Source Address | RFC This | 721 | | | | 722 | 7 | Invalid Source Address | RFC This | 723 | | | | 724 | 8 | Invalid Registered Address | RFC This | 725 +------------+----------------------------+-----------+ 727 Table 3: New ARO Status values 729 Subregistry for "6LoWPAN capability Bits" under the "Internet Control 730 Message Protocol version 6 (ICMPv6) Parameters" 732 +----------------+----------------------+-----------+ 733 | capability Bit | Description | Document | 734 +----------------+----------------------+-----------+ 735 | 11 | 6LR capable (L bit) | RFC This | 736 | | | | 737 | 12 | 6LBR capable (B bit) | RFC This | 738 | | | | 739 | 13 | 6BBR capable (P bit) | RFC This | 740 | | | | 741 | 14 | EARO support (E bit) | RFC This | 742 +----------------+----------------------+-----------+ 744 Table 4: New 6LoWPAN capability Bits 746 10. Acknowledgments 748 Kudos to Eric Levy-Abegnoli who designed the First Hop Security 749 infrastructure at Cisco. 751 11. References 752 11.1. Normative References 754 [I-D.ietf-6lo-backbone-router] 755 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 756 backbone-router-03 (work in progress), January 2017. 758 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 759 Requirement Levels", BCP 14, RFC 2119, 760 DOI 10.17487/RFC2119, March 1997, 761 . 763 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 764 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 765 2006, . 767 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 768 for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006, 769 . 771 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 772 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 773 DOI 10.17487/RFC4861, September 2007, 774 . 776 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 777 Address Autoconfiguration", RFC 4862, 778 DOI 10.17487/RFC4862, September 2007, 779 . 781 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 782 Extensions for Stateless Address Autoconfiguration in 783 IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, 784 . 786 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 787 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 788 DOI 10.17487/RFC5226, May 2008, 789 . 791 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 792 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 793 DOI 10.17487/RFC6282, September 2011, 794 . 796 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 797 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 798 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 799 Low-Power and Lossy Networks", RFC 6550, 800 DOI 10.17487/RFC6550, March 2012, 801 . 803 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 804 Bormann, "Neighbor Discovery Optimization for IPv6 over 805 Low-Power Wireless Personal Area Networks (6LoWPANs)", 806 RFC 6775, DOI 10.17487/RFC6775, November 2012, 807 . 809 [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for 810 IPv6 over Low-Power Wireless Personal Area Networks 811 (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 812 2014, . 814 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 815 "Host Address Availability Recommendations", BCP 204, 816 RFC 7934, DOI 10.17487/RFC7934, July 2016, 817 . 819 11.2. Informative References 821 [I-D.chakrabarti-nordmark-6man-efficient-nd] 822 Chakrabarti, S., Nordmark, E., Thubert, P., and M. 823 Wasserman, "IPv6 Neighbor Discovery Optimizations for 824 Wired and Wireless Networks", draft-chakrabarti-nordmark- 825 6man-efficient-nd-07 (work in progress), February 2015. 827 [I-D.delcarpio-6lo-wlanah] 828 Vega, L., Robles, I., and R. Morabito, "IPv6 over 829 802.11ah", draft-delcarpio-6lo-wlanah-01 (work in 830 progress), October 2015. 832 [I-D.ietf-6lo-6lobac] 833 Lynn, K., Martocci, J., Neilson, C., and S. Donaldson, 834 "Transmission of IPv6 over MS/TP Networks", draft-ietf- 835 6lo-6lobac-08 (work in progress), March 2017. 837 [I-D.ietf-6lo-ap-nd] 838 Sarikaya, B., Thubert, P., and M. Sethi, "Address 839 Protected Neighbor Discovery for Low-power and Lossy 840 Networks", draft-ietf-6lo-ap-nd-00 (work in progress), 841 November 2016. 843 [I-D.ietf-6lo-dect-ule] 844 Mariager, P., Petersen, J., Shelby, Z., Logt, M., and D. 845 Barthel, "Transmission of IPv6 Packets over DECT Ultra Low 846 Energy", draft-ietf-6lo-dect-ule-09 (work in progress), 847 December 2016. 849 [I-D.ietf-6lo-nfc] 850 Choi, Y., Hong, Y., Youn, J., Kim, D., and J. Choi, 851 "Transmission of IPv6 Packets over Near Field 852 Communication", draft-ietf-6lo-nfc-06 (work in progress), 853 March 2017. 855 [I-D.ietf-6tisch-architecture] 856 Thubert, P., "An Architecture for IPv6 over the TSCH mode 857 of IEEE 802.15.4", draft-ietf-6tisch-architecture-11 (work 858 in progress), January 2017. 860 [I-D.ietf-6tisch-terminology] 861 Palattella, M., Thubert, P., Watteyne, T., and Q. Wang, 862 "Terminology in IPv6 over the TSCH mode of IEEE 863 802.15.4e", draft-ietf-6tisch-terminology-08 (work in 864 progress), December 2016. 866 [I-D.ietf-bier-architecture] 867 Wijnands, I., Rosen, E., Dolganow, A., Przygienda, T., and 868 S. Aldrin, "Multicast using Bit Index Explicit 869 Replication", draft-ietf-bier-architecture-05 (work in 870 progress), October 2016. 872 [I-D.ietf-ipv6-multilink-subnets] 873 Thaler, D. and C. Huitema, "Multi-link Subnet Support in 874 IPv6", draft-ietf-ipv6-multilink-subnets-00 (work in 875 progress), July 2002. 877 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] 878 Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets 879 over IEEE 1901.2 Narrowband Powerline Communication 880 Networks", draft-popa-6lo-6loplc-ipv6-over- 881 ieee19012-networks-00 (work in progress), March 2014. 883 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with 884 CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September 885 2003, . 887 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 888 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 889 DOI 10.17487/RFC3810, June 2004, 890 . 892 [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, 893 "SEcure Neighbor Discovery (SEND)", RFC 3971, 894 DOI 10.17487/RFC3971, March 2005, 895 . 897 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 898 RFC 3972, DOI 10.17487/RFC3972, March 2005, 899 . 901 [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 902 over Low-Power Wireless Personal Area Networks (6LoWPANs): 903 Overview, Assumptions, Problem Statement, and Goals", 904 RFC 4919, DOI 10.17487/RFC4919, August 2007, 905 . 907 [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and 908 Lossy Networks", RFC 7102, DOI 10.17487/RFC7102, January 909 2014, . 911 [RFC7217] Gont, F., "A Method for Generating Semantically Opaque 912 Interface Identifiers with IPv6 Stateless Address 913 Autoconfiguration (SLAAC)", RFC 7217, 914 DOI 10.17487/RFC7217, April 2014, 915 . 917 [RFC7428] Brandt, A. and J. Buron, "Transmission of IPv6 Packets 918 over ITU-T G.9959 Networks", RFC 7428, 919 DOI 10.17487/RFC7428, February 2015, 920 . 922 [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 923 Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low 924 Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, 925 . 927 11.3. External Informative References 929 [IEEEstd802154] 930 IEEE, "IEEE Standard for Low-Rate Wireless Networks", 931 IEEE Standard 802.15.4, 932 . 934 Appendix A. Applicability and Requirements Served 936 This specification extends 6LoWPAN ND to sequence the registration 937 and serves the requirements expressed Appendix B.1 by enabling the 938 mobility of devices from one LLN to the next based on the 939 complementary work in the "IPv6 Backbone Router" 940 [I-D.ietf-6lo-backbone-router] specification. 942 In the context of the the TimeSlotted Channel Hopping (TSCH) mode of 943 IEEE Std. 802.15.4 [IEEEstd802154], the "6TiSCH architecture" 944 [I-D.ietf-6tisch-architecture] introduces how a 6LoWPAN ND host could 945 connect to the Internet via a RPL mesh Network, but this requires 946 additions to the 6LOWPAN ND protocol to support mobility and 947 reachability in a secured and manageable environment. This 948 specification details the new operations that are required to 949 implement the 6TiSCH architecture and serves the requirements listed 950 in Appendix B.2. 952 The term LLN is used loosely in this specification to cover multiple 953 types of WLANs and WPANs, including Low-Power Wi-Fi, BLUETOOTH(R) Low 954 Energy, IEEE std 802.11AH and IEEE std 802.15.4 wireless meshes, so 955 as to address the requirements discussed in Appendix B.3 957 This specification can be used by any wireless node to associate at 958 Layer-3 with a 6BBR and register its IPv6 addresses to obtain routing 959 services including proxy-ND operations over the backbone, effectively 960 providing a solution to the requirements expressed in Appendix B.4. 962 "Efficiency aware IPv6 Neighbor Discovery Optimizations" 963 [I-D.chakrabarti-nordmark-6man-efficient-nd] suggests that 6LoWPAN ND 964 [RFC6775] can be extended to other types of links beyond IEEE Std. 965 802.15.4 for which it was defined. The registration technique is 966 beneficial when the Link-Layer technique used to carry IPv6 multicast 967 packets is not sufficiently efficient in terms of delivery ratio or 968 energy consumption in the end devices, in particular to enable 969 energy-constrained sleeping nodes. The value of such extension is 970 especially apparent in the case of mobile wireless nodes, to reduce 971 the multicast operations that are related to classical ND ([RFC4861], 972 [RFC4862]) and plague the wireless medium. This serves scalability 973 requirements listed in Appendix B.6. 975 Appendix B. Requirements 977 This section lists requirements that were discussed at 6lo for an 978 update to 6LoWPAN ND. This specification meets most of them, but 979 those listed in Appendix B.5 which are deferred to a different 980 specification such as [I-D.ietf-6lo-ap-nd], and those related to 981 multicast. 983 B.1. Requirements Related to Mobility 985 Due to the unstable nature of LLN links, even in a LLN of immobile 986 nodes a 6LN may change its point of attachment to a 6LR, say 6LR-a, 987 and may not be able to notify 6LR-a. Consequently, 6LR-a may still 988 attract traffic that it cannot deliver any more. When links to a 6LR 989 change state, there is thus a need to identify stale states in a 6LR 990 and restore reachability in a timely fashion. 992 Req1.1: Upon a change of point of attachment, connectivity via a new 993 6LR MUST be restored timely without the need to de-register from the 994 previous 6LR. 996 Req1.2: For that purpose, the protocol MUST enable to differentiate 997 between multiple registrations from one 6LoWPAN Node and 998 registrations from different 6LoWPAN Nodes claiming the same address. 1000 Req1.3: Stale states MUST be cleaned up in 6LRs. 1002 Req1.4: A 6LoWPAN Node SHOULD also be capable to register its Address 1003 to multiple 6LRs, and this, concurrently. 1005 B.2. Requirements Related to Routing Protocols 1007 The point of attachment of a 6LN may be a 6LR in an LLN mesh. IPv6 1008 routing in a LLN can be based on RPL, which is the routing protocol 1009 that was defined at the IETF for this particular purpose. Other 1010 routing protocols than RPL are also considered by Standard Defining 1011 Organizations (SDO) on the basis of the expected network 1012 characteristics. It is required that a 6LoWPAN Node attached via ND 1013 to a 6LR would need to participate in the selected routing protocol 1014 to obtain reachability via the 6LR. 1016 Next to the 6LBR unicast address registered by ND, other addresses 1017 including multicast addresses are needed as well. For example a 1018 routing protocol often uses a multicast address to register changes 1019 to established paths. ND needs to register such a multicast address 1020 to enable routing concurrently with discovery. 1022 Multicast is needed for groups. Groups MAY be formed by device type 1023 (e.g. routers, street lamps), location (Geography, RPL sub-tree), or 1024 both. 1026 The Bit Index Explicit Replication (BIER) Architecture 1027 [I-D.ietf-bier-architecture] proposes an optimized technique to 1028 enable multicast in a LLN with a very limited requirement for routing 1029 state in the nodes. 1031 Related requirements are: 1033 Req2.1: The ND registration method SHOULD be extended in such a 1034 fashion that the 6LR MAY advertise the Address of a 6LoWPAN Node over 1035 the selected routing protocol and obtain reachability to that Address 1036 using the selected routing protocol. 1038 Req2.2: Considering RPL, the Address Registration Option that is used 1039 in the ND registration SHOULD be extended to carry enough information 1040 to generate a DAO message as specified in [RFC6550] section 6.4, in 1041 particular the capability to compute a Path Sequence and, as an 1042 option, a RPLInstanceID. 1044 Req2.3: Multicast operations SHOULD be supported and optimized, for 1045 instance using BIER or MPL. Whether ND is appropriate for the 1046 registration to the 6BBR is to be defined, considering the additional 1047 burden of supporting the Multicast Listener Discovery Version 2 1048 [RFC3810] (MLDv2) for IPv6. 1050 B.3. Requirements Related to the Variety of Low-Power Link types 1052 6LoWPAN ND [RFC6775] was defined with a focus on IEEE std 802.15.4 1053 and in particular the capability to derive a unique Identifier from a 1054 globally unique MAC-64 address. At this point, the 6lo Working Group 1055 is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique 1056 to other link types ITU-T G.9959 [RFC7428], Master-Slave/Token- 1057 Passing [I-D.ietf-6lo-6lobac], DECT Ultra Low Energy 1058 [I-D.ietf-6lo-dect-ule], Near Field Communication [I-D.ietf-6lo-nfc], 1059 IEEE std 802.11ah [I-D.delcarpio-6lo-wlanah], as well as IEEE1901.2 1060 Narrowband Powerline Communication Networks 1061 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] and BLUETOOTH(R) 1062 Low Energy [RFC7668]. 1064 Related requirements are: 1066 Req3.1: The support of the registration mechanism SHOULD be extended 1067 to more LLN links than IEEE std 802.15.4, matching at least the LLN 1068 links for which an "IPv6 over foo" specification exists, as well as 1069 Low-Power Wi-Fi. 1071 Req3.2: As part of this extension, a mechanism to compute a unique 1072 Identifier should be provided, with the capability to form a Link- 1073 Local Address that SHOULD be unique at least within the LLN connected 1074 to a 6LBR discovered by ND in each node within the LLN. 1076 Req3.3: The Address Registration Option used in the ND registration 1077 SHOULD be extended to carry the relevant forms of unique Identifier. 1079 Req3.4: The Neighbour Discovery should specify the formation of a 1080 site-local address that follows the security recommendations from 1081 [RFC7217]. 1083 B.4. Requirements Related to Proxy Operations 1085 Duty-cycled devices may not be able to answer themselves to a lookup 1086 from a node that uses classical ND on a backbone and may need a 1087 proxy. Additionally, the duty-cycled device may need to rely on the 1088 6LBR to perform registration to the 6BBR. 1090 The ND registration method SHOULD defend the addresses of duty-cycled 1091 devices that are sleeping most of the time and not capable to defend 1092 their own Addresses. 1094 Related requirements are: 1096 Req4.1: The registration mechanism SHOULD enable a third party to 1097 proxy register an Address on behalf of a 6LoWPAN node that may be 1098 sleeping or located deeper in an LLN mesh. 1100 Req4.2: The registration mechanism SHOULD be applicable to a duty- 1101 cycled device regardless of the link type, and enable a 6BBR to 1102 operate as a proxy to defend the registered Addresses on its behalf. 1104 Req4.3: The registration mechanism SHOULD enable long sleep 1105 durations, in the order of multiple days to a month. 1107 B.5. Requirements Related to Security 1109 In order to guarantee the operations of the 6LoWPAN ND flows, the 1110 spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a 1111 node successfully registers an address, 6LoWPAN ND should provide 1112 energy-efficient means for the 6LBR to protect that ownership even 1113 when the node that registered the address is sleeping. 1115 In particular, the 6LR and the 6LBR then should be able to verify 1116 whether a subsequent registration for a given Address comes from the 1117 original node. 1119 In a LLN it makes sense to base security on layer-2 security. During 1120 bootstrap of the LLN, nodes join the network after authorization by a 1121 Joining Assistant (JA) or a Commissioning Tool (CT). After joining 1122 nodes communicate with each other via secured links. The keys for 1123 the layer-2 security are distributed by the JA/CT. The JA/CT can be 1124 part of the LLN or be outside the LLN. In both cases it is needed 1125 that packets are routed between JA/CT and the joining node. 1127 Related requirements are: 1129 Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1130 the 6LR, 6LBR and 6BBR to authenticate and authorize one another for 1131 their respective roles, as well as with the 6LoWPAN Node for the role 1132 of 6LR. 1134 Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1135 the 6LR and the 6LBR to validate new registration of authorized 1136 nodes. Joining of unauthorized nodes MUST be impossible. 1138 Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet 1139 sizes. In particular, the NS, NA, DAR and DAC messages for a re- 1140 registration flow SHOULD NOT exceed 80 octets so as to fit in a 1141 secured IEEE std 802.15.4 [IEEEstd802154] frame. 1143 Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be 1144 computationally intensive on the LoWPAN Node CPU. When a Key hash 1145 calculation is employed, a mechanism lighter than SHA-1 SHOULD be 1146 preferred. 1148 Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate 1149 SHOULD be minimized. 1151 Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable the 1152 variation of CCM [RFC3610] called CCM* for use at both Layer 2 and 1153 Layer 3, and SHOULD enable the reuse of security code that has to be 1154 present on the device for upper layer security such as TLS. 1156 Req5.7: Public key and signature sizes SHOULD be minimized while 1157 maintaining adequate confidentiality and data origin authentication 1158 for multiple types of applications with various degrees of 1159 criticality. 1161 Req5.8: Routing of packets should continue when links pass from the 1162 unsecured to the secured state. 1164 Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1165 the 6LR and the 6LBR to validate whether a new registration for a 1166 given address corresponds to the same 6LoWPAN Node that registered it 1167 initially, and, if not, determine the rightful owner, and deny or 1168 clean-up the registration that is duplicate. 1170 B.6. Requirements Related to Scalability 1172 Use cases from Automatic Meter Reading (AMR, collection tree 1173 operations) and Advanced Metering Infrastructure (AMI, bi-directional 1174 communication to the meters) indicate the needs for a large number of 1175 LLN nodes pertaining to a single RPL DODAG (e.g. 5000) and connected 1176 to the 6LBR over a large number of LLN hops (e.g. 15). 1178 Related requirements are: 1180 Req6.1: The registration mechanism SHOULD enable a single 6LBR to 1181 register multiple thousands of devices. 1183 Req6.2: The timing of the registration operation should allow for a 1184 large latency such as found in LLNs with ten and more hops. 1186 Authors' Addresses 1188 Pascal Thubert (editor) 1189 Cisco Systems, Inc 1190 Sophia Antipolis 1191 FRANCE 1193 Email: pthubert@cisco.com 1195 Erik Nordmark 1196 Santa Clara, CA 1197 USA 1199 Email: nordmark@sonic.net 1201 Samita Chakrabarti 1202 San Jose, CA 1203 USA 1205 Email: samitac.ietf@gmail.com