idnits 2.17.1 draft-ietf-6lo-rfc6775-update-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 28, 2017) is 2458 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Perlman83' is mentioned on line 1191, but not defined == Missing Reference: 'IEEEstd802154' is mentioned on line 1404, but not defined == Outdated reference: A later version (-23) exists of draft-ietf-6lo-ap-nd-02 == Outdated reference: A later version (-20) exists of draft-ietf-6lo-backbone-router-04 == Outdated reference: A later version (-22) exists of draft-ietf-6lo-nfc-07 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-11 == Outdated reference: A later version (-08) exists of draft-ietf-bier-architecture-07 -- Obsolete informational reference (is this intentional?): RFC 4941 (Obsoleted by RFC 8981) Summary: 0 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo P. Thubert, Ed. 3 Internet-Draft cisco 4 Updates: 6775 (if approved) E. Nordmark 5 Intended status: Standards Track 6 Expires: January 29, 2018 S. Chakrabarti 7 July 28, 2017 9 An Update to 6LoWPAN ND 10 draft-ietf-6lo-rfc6775-update-07 12 Abstract 14 This specification updates RFC 6775 - 6LoWPAN Neighbor Discovery, to 15 clarify the role of the protocol as a registration technique, 16 simplify the registration operation in 6LoWPAN routers, as well as to 17 provide enhancements to the registration capabilities and mobility 18 detection for different network topologies including the backbone 19 routers performing proxy Neighbor Discovery in a low power network. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on January 29, 2018. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Applicability of Address Registration Options . . . . . . . . 3 57 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 4. Updating RFC 6775 . . . . . . . . . . . . . . . . . . . . . . 5 59 4.1. Extended Address Registration Option . . . . . . . . . . 6 60 4.2. Transaction ID . . . . . . . . . . . . . . . . . . . . . 6 61 4.2.1. Comparing TID values . . . . . . . . . . . . . . . . 7 62 4.3. Owner Unique ID . . . . . . . . . . . . . . . . . . . . . 8 63 4.4. Registering the Target Address . . . . . . . . . . . . . 9 64 4.5. Link-Local Addresses and Registration . . . . . . . . . . 9 65 4.6. Maintaining the Registration States . . . . . . . . . . . 11 66 5. Detecting Enhanced ARO Capability Support . . . . . . . . . . 12 67 6. Updated ND Options . . . . . . . . . . . . . . . . . . . . . 13 68 6.1. The Enhanced Address Registration Option (EARO) . . . . . 13 69 6.2. New 6LoWPAN capability Bits in the Capability Indication 70 Option . . . . . . . . . . . . . . . . . . . . . . . . . 15 71 7. Backward Compatibility . . . . . . . . . . . . . . . . . . . 16 72 7.1. Discovering the capabilities of an ND peer . . . . . . . 16 73 7.1.1. Using the E Flag in the CIO . . . . . . . . . . . . . 16 74 7.1.2. Using the T Flag in the EARO . . . . . . . . . . . . 17 75 7.2. Legacy 6LoWPAN Node . . . . . . . . . . . . . . . . . . . 17 76 7.3. Legacy 6LoWPAN Router . . . . . . . . . . . . . . . . . . 17 77 7.4. Legacy 6LoWPAN Border Router . . . . . . . . . . . . . . 18 78 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 79 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 20 80 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 81 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 82 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 83 12.1. Normative References . . . . . . . . . . . . . . . . . . 22 84 12.2. Informative References . . . . . . . . . . . . . . . . . 23 85 12.3. External Informative References . . . . . . . . . . . . 26 86 Appendix A. Applicability and Requirements Served . . . . . . . 26 87 Appendix B. Requirements . . . . . . . . . . . . . . . . . . . . 27 88 B.1. Requirements Related to Mobility . . . . . . . . . . . . 27 89 B.2. Requirements Related to Routing Protocols . . . . . . . . 27 90 B.3. Requirements Related to the Variety of Low-Power Link 91 types . . . . . . . . . . . . . . . . . . . . . . . . . . 28 92 B.4. Requirements Related to Proxy Operations . . . . . . . . 29 93 B.5. Requirements Related to Security . . . . . . . . . . . . 29 94 B.6. Requirements Related to Scalability . . . . . . . . . . . 31 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 97 1. Introduction 99 The scope of this draft is an IPv6 Low Power Networks including star 100 and mesh topologies. This specification modifies and extends the 101 behavior and protocol elements of RFC 6775 "Neighbor Discovery 102 Optimization for IPv6 over Low-Power Wireless Personal Area Networks 103 (6LoWPANs)" [RFC6775] to enable additional capabilities such as: 105 * Support the indication of mobility vs retry (T-bit) 107 * Ease up requirement of registration for link-local addresses 109 * Introducing Enhancement to Address Registration Option (ARO) 111 * Permitting regitration of target address 113 * Clarification of support of privacy and temporary addresses 115 The following sections will discuss applicability of 6LoWPAN ND 116 registration, new extensions and updates to RFC 6775. Finally, we 117 will discuss how the extensions of registration framework can be 118 useful for a scenario such as Backbone router(6BBR) proxy ND 119 operations. 121 2. Applicability of Address Registration Options 123 The purpose of the Address Registration Option (ARO) [RFC6775] and of 124 the Extended ARO (EARO) that is introduced in this document is to 125 facilitate duplicate address detection (DAD) for hosts and pre- 126 populate Neighbor Cache Entries (NCE) [RFC4861] in the routers to 127 reduce the need for sending 'multicast neighbor solicitations' which 128 may be harmful in low power constrained nodes networks where 129 multicast is most often treated as broadcasts. 131 In some cases the address registration can fail or becomes useless 132 for reasons other than a duplicate address. Examples are the router 133 having run out of space, a registration bearing a stale sequence 134 number (e.g. denoting a movement of the host after this registration 135 was placed), a host misbehaving and attempting to register an invalid 136 address such as the unspecified address [RFC4291], or the host using 137 an address which is not topologically correct on that link. In such 138 cases the host will receive an error to help diagnose the issue and 139 may retry, possibly with a different address, and possibly 140 registering to a different 6LR, depending on the returned error. 142 However, the ability to return errors to address registrations MUST 143 NOT be used to restrict the ability of hosts to form and use 144 addresses as recommended in "Host Address Availability 145 Recommendations" [RFC7934]. In particular, this is needed for 146 enhanced privacy, which implies that each host will register a 147 multiplicity of address as part mechanisms like "Privacy Extensions 148 for Stateless Address Autoconfiguration (SLAAC) in IPv6" [RFC4941]. 149 This implies that the capabilities of 6LR and 6LBRs in terms of 150 number of registrations must be clearly announced in the router 151 documentation, and that a network administrator should deploy adapted 152 6LR/6LBRs to support the number and type of devices in his network, 153 based on the number of IPv6 addresses that those devices require. 155 3. Terminology 157 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 158 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 159 document are to be interpreted as described in RFC 2119 [RFC2119]. 161 Readers are expected to be familiar with all the terms and concepts 162 that are discussed in 164 "Neighbor Discovery for IP version 6" [RFC4861], 166 "IPv6 Stateless Address Autoconfiguration" [RFC4862], 168 "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 169 Overview, Assumptions, Problem Statement, and Goals" [RFC4919], 171 "Neighbor Discovery Optimization for Low-power and Lossy Networks" 172 [RFC6775] and 174 "Multi-link Subnet Support in IPv6" 175 [I-D.ietf-ipv6-multilink-subnets]. 177 as well as this additional terminology: 179 Backbone This is an IPv6 transit link that interconnects 2 or more 180 Backbone Routers. It is expected to be deployed as a high 181 speed Backbone in order to federate a potentially large set of 182 LLNS. Also referred to as a LLN Backbone or Backbone network. 184 Backbone Router An IPv6 router that federates the LLN using a 185 Backbone link as a Backbone. A 6BBR acts as a 6LoWPAN Border 186 Routers (6LBR) and an Energy Aware Default Router (NEAR). 188 Extended LLN This is the aggregation of multiple LLNs as defined in 189 RFC 4919 [RFC4919], interconnected by a Backbone Link via 190 Backbone Routers, and forming a single IPv6 MultiLink Subnet. 192 Registration The process during which a wireless Node registers its 193 address(es) with the Border Router so the 6BBR can proxy ND for 194 it over the Backbone. 196 Binding The state in the 6BBR that associates an IP address with a 197 MAC address, a port and some other information about the node 198 that owns the IP address. 200 Registered Node The node for which the registration is performed, 201 which owns the fields in the EARO option. 203 Registering Node The node that performs the registration to the 204 6BBR, either for one of its own addresses, in which case it is 205 Registered Node and indicates its own MAC Address as Source 206 Link Layer Address (SLLA) in the NS(EARO), or on behalf of a 207 Registered Node that is reachable over a LLN mesh. In the 208 latter case, if the Registered Node is reachable from the 6BBR 209 over a Mesh-Under mesh, the Registering Node indicates the MAC 210 Address of the Registered Node as SLLA in the NS(EARO). 211 Otherwise, it is expected that the Registered Device is 212 reachable over a Route-Over mesh from the Registering Node, in 213 which case the SLLA in the NS(ARO) is that of the Registering 214 Node, which causes it to attract the packets from the 6BBR to 215 the Registered Node and route them over the LLN. 217 Registered Address The address owned by the Registered Node node 218 that is being registered. 220 4. Updating RFC 6775 222 This specification extends the Address Registration Option (ARO) 223 defined in RFC 6775 [RFC6775]; in particular a "T" flag is added that 224 must be set is NS messages when this specification is used, and 225 echo'ed in NA messages to confirm that the protocol effectively 226 supported. Support for this specification can thus be inferred from 227 the presence of the Extended ARO ("T" flag set) in ND messages. 229 In order to support various types of link layers, this specification 230 also adds recommendation to allow multiple registrations, including 231 for privacy / temporary addresses, and provides new mechanisms to 232 help clean up stale registration states as soon as possible. 234 A Registering Node that supports this specification will favor 235 registering to a 6LR that indicates support for this specification 236 over that of RFC 6775 [RFC6775]. 238 4.1. Extended Address Registration Option 240 This specification extends the ARO option that is used for the 241 process of address registration. The new ARO is referred to as 242 Extended ARO (EARO), and its semantics are modified as follows: 244 The address that is being registered with a Neighbor Solicitation 245 (NS) with an EARO is now the Target Address, as opposed to the Source 246 Address as specified in RFC 6775 [RFC6775] (see Section 4.4 for 247 more). This change enables a 6LBR to use an address of his as source 248 to the proxy-registration of an address that belongs to a LLN Node to 249 a 6BBR. This also limits the use of an address as source address 250 before it is registered and the associated Duplicate Address 251 Detection (DAD) is complete. 253 The Unique ID in the EARO option does no more have to be a MAC 254 address (see Section 4.3 for more). This enables in particular the 255 use of a Provable Temporary UID (PT-UID) as opposed to burn-in MAC 256 address, the PT-UID providing a trusted anchor by the 6LR and 6LBR to 257 protect the state associated to the node. 259 The specification introduces a Transaction ID (TID) field in the EARO 260 (see Section 4.2 for more on TID). The TID MUST be provided by a 261 node that supports this specification and a new T flag MUST be set to 262 indicate so. The T bit can be used to determine whether the peer 263 supports this specification. 265 Finally, this specification introduces a number of new Status codes 266 to help diagnose the cause of a registration failure (more in 267 Table 1). 269 4.2. Transaction ID 271 The specification expects that the Registered Node can provide a 272 sequence number called Transaction ID (TID) that is incremented with 273 each re-registration. The TID is used to detect the freshness of the 274 registration request and useful to detect one single registration by 275 multiple 6LOWPAN border routers supporting the same large 6LOWPAN, as 276 is the case for backbone routers (BBR). 278 For example, when a Registered Node is registered with multiple BBRs 279 in parallel, it is expected that the same TID is used, to enable the 280 6BBRs to correlate the registrations as being a single one, and 281 differentiate that situation from a movement. 283 Thus the TID could be tracked to follow the sequence of mobility of a 284 node. The details protocols of mobility verification by the border 285 routers is not part of this specification. 287 4.2.1. Comparing TID values 289 The TID is a sequence counter and by design, its operation is the 290 exact match of the path sequence specified in RPL, the IPv6 Routing 291 Protocol for Low-Power and Lossy Networks [RFC6550] specification. 292 In order to keep this document self-contained and yet compatible, the 293 text below is an exact copy from section 7.2. "Sequence Counter 294 Operation" of [RFC6550]. A TID is deemed to be fresher than another 295 when its value is greater per the operations detailed in this 296 section. 298 The TID range is subdivided in a 'lollipop' fashion ([Perlman83]), 299 where the values from 128 and greater are used as a linear sequence 300 to indicate a restart and bootstrap the counter, and the values less 301 than or equal to 127 used as a circular sequence number space of size 302 128 as in [RFC1982]. Consideration is given to the mode of operation 303 when transitioning from the linear region to the circular region. 304 Finally, when operating in the circular region, if sequence numbers 305 are detected to be too far apart then they are not comparable, as 306 detailed below. 308 A window of comparison, SEQUENCE_WINDOW = 16, is configured based on 309 a value of 2^N, where N is defined to be 4 in this specification. 311 For a given sequence counter, 313 1. The sequence counter SHOULD be initialized to an implementation 314 defined value which is 128 or greater prior to use. A 315 recommended value is 240 (256 - SEQUENCE_WINDOW). 317 2. When a sequence counter increment would cause the sequence 318 counter to increment beyond its maximum value, the sequence 319 counter MUST wrap back to zero. When incrementing a sequence 320 counter greater than or equal to 128, the maximum value is 255. 321 When incrementing a sequence counter less than 128, the maximum 322 value is 127. 324 3. When comparing two sequence counters, the following rules MUST be 325 applied: 327 1. When a first sequence counter A is in the interval [128..255] 328 and a second sequence counter B is in [0..127]: 330 1. If (256 + B - A) is less than or equal to 331 SEQUENCE_WINDOW, then B is greater than A, A is less than 332 B, and the two are not equal. 334 2. If (256 + B - A) is greater than SEQUENCE_WINDOW, then A 335 is greater than B, B is less than A, and the two are not 336 equal. 338 For example, if A is 240, and B is 5, then (256 + 5 - 240) is 339 21. 21 is greater than SEQUENCE_WINDOW (16), thus 240 is 340 greater than 5. As another example, if A is 250 and B is 5, 341 then (256 + 5 - 250) is 11. 11 is less than SEQUENCE_WINDOW 342 (16), thus 250 is less than 5. 344 2. In the case where both sequence counters to be compared are 345 less than or equal to 127, and in the case where both 346 sequence counters to be compared are greater than or equal to 347 128: 349 1. If the absolute magnitude of difference between the two 350 sequence counters is less than or equal to 351 SEQUENCE_WINDOW, then a comparison as described in 352 [RFC1982] is used to determine the relationships greater 353 than, less than, and equal. 355 2. If the absolute magnitude of difference of the two 356 sequence counters is greater than SEQUENCE_WINDOW, then a 357 desynchronization has occurred and the two sequence 358 numbers are not comparable. 360 4. If two sequence numbers are determined to be not comparable, i.e. 361 the results of the comparison are not defined, then a node should 362 consider the comparison as if it has evaluated in such a way so 363 as to give precedence to the sequence number that has most 364 recently been observed to increment. Failing this, the node 365 should consider the comparison as if it has evaluated in such a 366 way so as to minimize the resulting changes to its own state. 368 4.3. Owner Unique ID 370 The Owner Unique ID (OUID) enables to differentiate a real duplicate 371 address registration from a double registration or a movement. An ND 372 message from the 6BBR over the Backbone that is proxied on behalf of 373 a Registered Node must carry the most recent EARO option seen for 374 that node. A NS/NA with an EARO and a NS/NA without a EARO thus 375 represent different nodes and if they relate to a same target then 376 they reflect an address duplication. The Owner Unique ID can be as 377 simple as a EUI-64 burn-in address, if duplicate EUI-64 addresses are 378 avoided. 380 Alternatively, the unique ID can be a cryptographic string that can 381 can be used to prove the ownership of the registration as discussed 382 in "Address Protected Neighbor Discovery for Low-power and Lossy 383 Networks" [I-D.ietf-6lo-ap-nd]. 385 In any fashion, it is recommended that the node stores the unique Id 386 or the keys used to generate that ID in persistent memory. 387 Otherwise, it will be prevented to re-register after a reboot that 388 would cause a loss of memory until the Backbone Router times out the 389 registration. 391 4.4. Registering the Target Address 393 This specification changes the behavior of the 6LN and the 6LR so 394 that the Registered Address is found in the Target Address field of 395 the NS and NA messages as opposed to the Source Address. 397 The reason for this change is to enable proxy-registrations on behalf 398 of other nodes in Route-Over meshes, for instance to enable that a 399 RPL root registers addresses on behalf LLN nodes that are deeper in a 400 6TiSCH mesh, as discussed in Appendix B.4. In that case, the 401 Registering Node MUST indicate its own address as source of the ND 402 message and its MAC address in the Source Link-Layer Address Option 403 (SLLAO), since it still expects to get the packets and route them 404 down the mesh. But the Registered Address belongs to another node, 405 the Registered Node, and that address is indicated in the Target 406 Address field of the NS message. 408 With this convention, a TLLA option indicates the link-layer address 409 of the 6LN that owns the address, whereas the SLLA Option in a NS 410 message indicates that of the Registering Node, which can be the 411 owner device, or a proxy. 413 Since the Registering Node is the one that has reachability with the 414 6LR, and is the one expecting packets for the 6LN, it makes sense to 415 maintain compatibility with RFC 6775 [RFC6775], and it is REQUIRED 416 that an SLLA Option is always placed in a registration NS(EARO) 417 message. 419 4.5. Link-Local Addresses and Registration 421 Considering that LLN nodes are often not wired and may move, there is 422 no guarantee that a Link-Local address stays unique between a 423 potentially variable and unbounded set of neighboring nodes. 424 Compared to RFC 6775 [RFC6775], this specification only requires that 425 a Link-Local address is unique from the perspective of the peering 426 nodes. This simplifies the Duplicate Address Detection (DAD) for 427 Link-Local addresses, and there is no Duplicate Address Request (DAR) 428 / Duplicate Address Confirmation (DAC) exchange between the 6LR and a 429 6LBR for Link-Local addresses. 431 Additionally, RFC 6775 [RFC6775] requires that a 6LoWPAN Node (6LN) 432 uses an address being registered as the source of the registration 433 message. This generates complexities in the 6LR to be able to cope 434 with a potential duplication, in particular for global addresses. To 435 simplify this, a 6LN and a 6LR that conform this specification always 436 use Link-Local addresses as source and destination addresses for the 437 registration NS/NA exchange. As a result, the registration is 438 globally faster, and some of the complexity is removed. 440 In more details: 442 An exchange between two nodes using Link-Local addresses implies that 443 they are reachable over one hop and that at least one of the 2 nodes 444 acts as a 6LR. A node MUST register a Link-Local address to a 6LR in 445 order to obtain reachability from that 6LR beyond the current 446 exchange, and in particular to use the Link-Local address as source 447 address to register other addresses, e.g. global addresses. 449 If there is no collision with an address previously registered to 450 this 6LR by another 6LN, then, from the standpoint of this 6LR, this 451 Link-Local address is unique and the registration is acceptable. 452 Conversely, it may possibly happen that two different 6LRs expose the 453 same Link-Local address but different link-layer addresses. In that 454 case, a 6LN may only interact with one of the 6LR so as to avoid 455 confusion in the 6LN neighbor cache. 457 The DAD process between the 6LR and a 6LoWPAN Border Router (6LBR), 458 which is based on a Duplicate Address Request (DAR) / Duplicate 459 Address Confirmation (DAC) exchange as described in RFC 6775 460 [RFC6775], does not need to take place for Link-Local addresses. 462 It is desired that a 6LR does not need to modify its state associated 463 to the Source Address of an NS(EARO) message. For that reason, when 464 possible, it is RECOMMENDED to use an address that is already 465 registered with a 6LR 467 When registering to a 6LR that conforms this specification, a node 468 MUST use a Link-Local address as the source address of the 469 registration, whatever the type of IPv6 address that is being 470 registered. That Link-Local Address MUST be either already 471 registered, or the address that is being registered. 473 When a Registering Node does not have an already-Registered Address, 474 it MUST register a Link-Local address, using it as both the Source 475 and the Target Address of an NS(EARO) message. In that case, it is 476 RECOMMENDED to use a Link-Local address that is (expected to be) 477 globally unique, e.g. derived from a burn-in MAC address. An EARO 478 option in the response NA indicates that the 6LR supports this 479 specification. 481 Since there is no DAR/DAC exchange for Link-Local addresses, the 6LR 482 may answer immediately to the registration of a Link-Local address, 483 based solely on its existing state and the Source Link-Layer Option 484 that MUST be placed in the NS(EARO) message as required in RFC 6775 485 [RFC6775]. 487 A node needs to register its IPv6 Global Unicast IPv6 Addresses (GUA) 488 to a 6LR in order to obtain a global reachability for these addresses 489 via that 6LR. As opposed to a node that complies to RFC 6775 490 [RFC6775], a Registering Node registering a GUA does not use that GUA 491 as Source Address for the registration to a 6LR that conforms this 492 specification. The DAR/DAC exchange MUST take place for non-Link- 493 Local addresses as prescribed by RFC 6775 [RFC6775]. 495 4.6. Maintaining the Registration States 497 This section discusses protocol actions that involve the Registering 498 Node, the 6LR and the 6LBR. It must be noted that the portion that 499 deals with a 6LBR only applies to those addresses that are registered 500 to it, which, as discussed in Section 4.5, is not the case for Link- 501 Local addresses. The registration state includes all data that is 502 stored in the router relative to that registration, in particular, 503 but not limited to, an NCE in a 6LR. 6LBRs and 6BBRs may store 504 additional registration information in more complex data structures 505 and use protocols that are out of scope of this document to keep them 506 synchonized when they are distributed. 508 When its Neighbor Cache is full, a 6LR cannot accept a new 509 registration. In that situation, the EARO is returned in a NA 510 message with a Status of 2, and the Registering Node may attempt to 511 register to another 6LR. Conversely the registry in the 6LBR may be 512 saturated, in which case the 6LBR cannot guarantee that a new address 513 is effectively not a duplicate. In that case, the 6LBR replies to a 514 DAR message with a DAC message that carries a Status code 9 515 indicating "6LBR Registry saturated", and the address stays in 516 TENTATIVE state. 518 A node renews an existing registration by repeatedly sending NS(EARO) 519 messages for the Registered Address. In order to refresh the 520 registration state in the 6LBR, these registrations MUST be reported 521 to the 6LBR. 523 A node that ceases to use an address SHOULD attempt to deregister 524 that address from all the 6LRs to which it has registered the 525 address, which is achieved using an NS(EARO) message with a 526 Registration Lifetime of 0. 528 A node that moves away from a particular 6LR SHOULD attempt to 529 deregister all of its addresses registered to that 6LR and register 530 to a new 6LR with an incremented TID. 532 Upon receiving a NS(EARO) message with a Registration Lifetime of 0 533 and determining that this EARO is the freshest for a given NCE (see 534 Section 4.2), a 6LR cleans up its NCE. If the address was registered 535 to the 6LBR, then the 6LR MUST report to the 6LBR, through a DAR/DAC 536 exchange with the 6LBR, or an alternate protocol, indicating the null 537 Registration Lifetime and the latest TID that this 6LR is aware of. 539 Upon the DAR message, the 6LBR evaluates if this is the freshest EARO 540 it has received for that particular registry entry. If it is, then 541 the entry is scheduled to be removed, and the DAR is answered with a 542 DAC message bearing a Status of 0 "Success". If it is not the 543 freshest, then a Status 2 "Moved" is returned instead, and the 544 existing entry is conserved. 546 Upon timing out a registration, a 6LR removes silently its binding 547 cache entry, and a 6LBR schedules its entry to be removed. 549 When an address is scheduled to be removed, the 6LBR SHOULD conserve 550 its entry in a DELAY state for a configurable period of time, so as 551 to protect a mobile node that deregistered from one 6LR and did not 552 register yet to a new one, or the new registration did not reach yet 553 the 6LBR due to propagation delays in the network. Once the DELAY 554 time is passed, the 6LBR removes silently its entry. 556 5. Detecting Enhanced ARO Capability Support 558 The nodes and routers in a network may be mixed and if a node wants 559 to use EARO feature for address registration, it has to find a router 560 which supports it. Thus all implementations with EARO option MUST 561 provide the capability detection method using 6CIO option to support 562 both types of registrations (ARO and EARO) as described in later 563 sections. Moreover, any new implementation of 6LOWPAN is also 564 RECOMMENDED to support 6LoWPAN Capability Indication option(6CIO)in 565 general. 567 RFC 7400 [RFC7400] introduces the 6LoWPAN Capability Indication 568 Option (6CIO) to indicate a node's capabilities to its peers. This 569 specification extends the format defined in RFC 7400 to signal the 570 support for EARO, as well as the capability to act as a 6LR, 6LBR and 571 6BBR. 573 With RFC 7400 [RFC7400], the 6CIO is typically sent Router 574 Solicitation (RS) messages. When used to signal the capabilities 575 above per this specification, the 6CIO is typically present Router 576 Advertisement (RA) messages but can also be present in RS, Neighbor 577 Solicitation (NS) and Neighbor Advertisement (NA) messages. 579 6. Updated ND Options 581 This specification does not introduce new options, but it modifies 582 existing ones and updates the associated behaviors as follow: 584 6.1. The Enhanced Address Registration Option (EARO) 586 The Enhanced Address Registration Option (EARO) is intended to be 587 used as a replacement to the ARO option within Neighbor Discovery NS 588 and NA messages between a LLN node and its 6LoWPAN Router (6LR), as 589 well as in Duplicate Address Request (DAR) and the Duplicate Address 590 Confirmation (DAC) messages between 6LRs and 6LBRs in LLNs meshes 591 such as 6TiSCH networks. 593 An NS message with an EARO option is a registration if and only if it 594 also carries an SLLAO option. The EARO option also used in NS and NA 595 messages between Backbone Routers over the Backbone link to sort out 596 the distributed registration state, and in that case, it does not 597 carry the SLLAO option and is not confused with a registration. 599 When using the EARO option, the address being registered is found in 600 the Target Address field of the NS and NA messages. This differs 601 from 6LoWPAN ND RFC 6775 [RFC6775] which specifies that the address 602 being registered is the source of the NS. 604 The EARO extends the ARO and is recognized by the "T" flag set. The 605 format of the EARO option is as follows: 607 0 1 2 3 608 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 609 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 610 | Type | Length = 2 | Status | Reserved | 611 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 612 | Reserved |T| TID | Registration Lifetime | 613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 614 | | 615 + Owner Unique ID (EUI-64 or equivalent) + 616 | | 617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 619 Figure 1: EARO 621 Option Fields 623 Type: 33 625 Length: 8-bit unsigned integer. 627 Status: 8-bit unsigned integer. Indicates the status of a 628 registration in the NA response. MUST be set to 0 in 629 NS messages. See Table 1 below. 631 +-------+-----------------------------------------------------------+ 632 | Value | Description | 633 +-------+-----------------------------------------------------------+ 634 | 0..2 | See RFC 6775 [RFC6775]. Note that a Status of 1 | 635 | | "Duplicate Address" applies to the Registered Address. If | 636 | | the Source Address conflicts with an existing | 637 | | registration, "Duplicate Source Address" should be used. | 638 | | | 639 | 3 | Moved: The registration fails because it is not the | 640 | | freshest. This Status indicates that the registration is | 641 | | rejected because another more recent registration was | 642 | | done, as indicated by a same OUI and a more recent TID. | 643 | | One possible cause is a stale registration that has | 644 | | progressed slowly in the network and was passed by a more | 645 | | recent one. It could also indicate a OUI collision. | 646 | | | 647 | 4 | Removed: The binding state was removed. This may be | 648 | | placed in an asynchronous NS(ARO) message, or as the | 649 | | rejection of a proxy registration to a Backbone Router | 650 | | | 651 | 5 | Proof requested: The Registering Node is challenged for | 652 | | owning the Registered Address or for being an acceptable | 653 | | proxy for the registration. This Status is expected in | 654 | | asynchronous messages from a registrar (6LR, 6LBR, 6BBR) | 655 | | to indicate that the registration state is removed, for | 656 | | instance due to time out of a lifetime, or a movement. | 657 | | The receiver of the NA is the device that has performed a | 658 | | registration that is now stale and it should clean up its | 659 | | state. | 660 | | | 661 | 6 | Duplicate Source Address: The address used as source of | 662 | | the NS(ARO) conflicts with an existing registration. | 663 | | | 664 | 7 | Invalid Source Address: The address used as source of the | 665 | | NS(ARO) is not a Link-Local address as prescribed by this | 666 | | document. | 667 | | | 668 | 8 | Registered Address topologically incorrect: The address | 669 | | being registered is not usable on this link, e.g. it is | 670 | | not topologically correct | 671 | | | 672 | 9 | 6LBR Registry saturated: A new registration cannot be | 673 | | accepted because the 6LBR Registry is saturated. | 674 | | | 675 | 10 | Incorrect proof: The proof of ownership of the registered | 676 | | address is not correct. | 677 +-------+-----------------------------------------------------------+ 679 Table 1: EARO Status 681 Reserved: This field is unused. It MUST be initialized to zero 682 by the sender and MUST be ignored by the receiver. 684 T: One bit flag. Set if the next octet is a used as a 685 TID. 687 TID: 1-byte integer; a transaction id that is maintained 688 by the node and incremented with each transaction. 689 it is recommended that the node maintains the TID in 690 a persistent storage. 692 Registration Lifetime: 16-bit integer; expressed in minutes. 0 693 means that the registration has ended and the 694 associated state should be removed. 696 Owner Unique Identifier (OUI): A globally unique identifier for the 697 node associated. This can be the EUI-64 derived IID 698 of an interface, or some provable ID obtained 699 cryptographically. 701 Note: the code "6LBR Registry saturated" is used by 6LBRs instead of 702 Status 2 when responding to a DAR/DAC exchange and passed on to the 703 Registering Node by the 6LR. There is no point for the node to retry 704 this registration immediately via another 6LR, since the problem is 705 global to the network. The node may either abandon that address, 706 deregister other addresses first to make room, or keep the address in 707 TENTATIVE state and retry later. 709 6.2. New 6LoWPAN capability Bits in the Capability Indication Option 711 This specification defines a number of capability bits in the CIO 712 that was introduced by RFC 7400 [RFC7400]. 714 Support for this specification is indicated by setting the "E" flag 715 in a CIO option. Routers that are capable of acting as 6LR, 6LBR and 716 6BBR SHOULD set the L, B and P flags, respectively. 718 Those flags are not mutually exclusive and if a router is capable of 719 multiple roles, it SHOULD set all the related flags. 721 0 1 2 3 722 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 723 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 724 | Type | Length = 1 |_____________________|L|B|P|E|G| 725 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 726 |_______________________________________________________________| 727 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 729 Figure 2: New capability Bits L, B, P, E in the CIO 731 Option Fields 733 Type: 36 735 L: Node is a 6LR, it can take registrations. 737 B: Node is a 6LBR. 739 P: Node is a 6BBR, proxying for nodes on this link. 741 E: This specification is supported and applied. 743 7. Backward Compatibility 745 7.1. Discovering the capabilities of an ND peer 747 7.1.1. Using the E Flag in the CIO 749 If the CIO is used in an ND message, then the "E" Flag MUST be set by 750 the sending node if supports this specification. 752 It is RECOMMENDED that a router that supports this specification 753 indicates so with a CIO option, but this might not be practical if 754 the link-layer MTU is too small. 756 If the Registering Node receives a CIO in a RA, then the setting of 757 the E" Flag indicates whether or not this specification is supported. 759 A node which does not implement this draft or parse 6CIO option, MUST 760 ignore the packet and the sender of option SHOULD use legacy 761 registration method according to RFC 6775 [RFC6775] after a timeout 762 period. 764 7.1.2. Using the T Flag in the EARO 766 One alternate way for a 6LN to discover the router's capabilities to 767 first register a Link Local address, placing the same address in the 768 Source and Target Address fields of the NS message, and setting the 769 "T" Flag. The node may for instance register an address that is 770 based on EUI-64. For such address, DAD is not required and using the 771 SLLAO option in the NS is actually more amenable with existing ND 772 specifications such as the "Optimistic Duplicate Address Detection 773 (DAD) for IPv6" [RFC4429]. Once that first registration is complete, 774 the node knows from the setting of the "T" Flag in the response 775 whether the router supports this specification. If this is verified, 776 the node may register other addresses that it owns, or proxy-register 777 addresses on behalf some another node, indicating those addresses 778 being registered in the Target Address field of the NS messages, 779 while using one of its own, already registered, addresses as source. 781 A node that supports this specification MUST always use an EARO as a 782 replacement to an ARO in its registration to a router. This is 783 harmless since the "T" flag and TID field are reserved in RFC 6775 784 [RFC6775] are ignored by a legacy router. A router that supports 785 this specification answers to an ARO with an ARO and to an EARO with 786 an EARO. 788 This specification changes the behavior of the peers in a 789 registration flows. To enable backward compatibility, a node that 790 registers to a router that is not known to support this specification 791 MUST behave as prescribed by RFC 6775. Once the router is known to 792 support this specification, the node MUST obey this specification. 794 7.2. Legacy 6LoWPAN Node 796 A legacy 6LN will use the Registered Address as source and will not 797 use an EARO option. In order to be backward compatible, an updated 798 6LR needs to accept that registration if it is valid per the RFC 6775 799 [RFC6775] specification, and manage the binding cache accordingly. 801 The main difference with RFC 6775 is that DAR/DAC exchange for DAD 802 may be avoided for Link-Local addresses. Additionally, the 6LR 803 SHOULD use an EARO in the reply, and may use any of the Status codes 804 defined in this specification. 806 7.3. Legacy 6LoWPAN Router 808 The first registration by a an updated 6LN is for a Link-Local 809 address, using that Link-Local address as source. A legacy 6LR will 810 not make a difference and accept -or reject- that registration as if 811 the 6LN was a legacy node. 813 An updated 6LN will always use an EARO option in the registration NS 814 message, whereas a legacy 6LR will always reply with an ARO option in 815 the NA message. So from that first registration, the updated 6LN can 816 figure whether the 6LR supports this specification or not. 818 When facing a legacy 6LR, an updated 6LN may attempt to find an 819 alternate 6LR that is updated. In order to be backward compatible, 820 based on the discovery that a 6LR is legacy, the 6LN needs to 821 fallback to legacy behavior and source the packet with the Registered 822 Address. 824 The main difference is that the updated 6LN SHOULD use an EARO in the 825 request regardless of the type of 6LR, legacy or updated 827 7.4. Legacy 6LoWPAN Border Router 829 With this specification, the DAR/DAC transports an EARO option as 830 opposed to an ARO option. As described for the NS/NA exchange, 6LBR 831 devices that support this specification always use an EARO option and 832 all the associated behavior. A legacy 6LBR will accept and process 833 an EARO option as if it was an ARO option, so the legacy support of 834 DAD will function. But considering that there are a lot fewer 6LBR 835 than 6LR, the expectation is that they are upgraded as soon as 836 devices that implement this specification are deployed. 838 8. Security Considerations 840 This specification extends RFC 6775 [RFC6775], and the security 841 section of that draft also applies to this as well. In particular, 842 it is expected that the link layer is sufficiently protected to 843 prevent a rogue access, either by means of physical or IP security on 844 the Backbone Link and link layer cryptography on the LLN. This 845 specification also expects that the LLN MAC provides secure unicast 846 to/from the Backbone Router and secure Broadcast from the Backbone 847 Router in a way that prevents tempering with or replaying the RA 848 messages. 850 This specification recommends to using privacy techniques (more in 851 section Section 9, and protection against address theft such as 852 provided by "Address Protected Neighbor Discovery for Low-power and 853 Lossy Networks" [I-D.ietf-6lo-ap-nd], which guarantees the ownership 854 of the Registered Address using a cryptographic OUID. 856 The registration mechanism may be used by a rogue node to attack the 857 6LR or the 6LBR with a Denial-of-Service attack against the registry. 858 It may also happen that the registry of a 6LR or a 6LBR is saturated 859 and cannot take any more registration, which effectively denies the 860 requesting a node the capability to use a new address. In order to 861 alleviate those concerns, Section 4.6 provides a number of 862 recommendations that ensure that a stale registration is removed as 863 soon as possible from the 6LR and 6LBR. In particular, this 864 specification recommends that: 866 o A node that ceases to use an address should attempt to deregister 867 that address from all the 6LRs to which it is registered. The 868 flow is propagated to the 6LBR when needed, and a sequence number 869 is used to make sure that only the freshest command is acted upon. 871 o The nodes should be configured with a Registration Lifetime that 872 reflects their expectation of how long they will use the address 873 with the 6LR to which it is registered. In particular, use cases 874 that involve mobility or rapid address changes should use 875 lifetimes that are homogeneous with the expectation of presence. 877 o The router (6LR or 6LBR) should be configurable so as to limit the 878 number of addresses that can be registered by a single node, as 879 identified at least by MAC address and preferably by security 880 credentials. When that maximum is reached, the router should use 881 a Least-Recently-Used (LRU) logic so as to clean up the addresses 882 that were not used for the longest time, keeping at least one 883 Link-Local address, and attempting to keep one or more stable 884 addresses if such can be recognized, e.g. from the way the IID is 885 formed or because they are used over a much longer time span than 886 other (privacy, shorter-lived) addresses. 888 o Administrators should take great care to deploy adequate numbers 889 of 6LR to cover the needs of the nodes in their range, so as to 890 avoid a situation of starving nodes. It is expected that the 6LBR 891 that serves a LLN is a more capable node then the average 6LR, but 892 in a network condition where it may become saturated, a particular 893 deployment should distribute the 6LBR functionality, for instance 894 by leveraging a high speed Backbone and Backbone Routers to 895 aggregate multiple LLNs into a larger subnet. 897 When the ownership of the OUID cannot be assessed, this specification 898 limits the cases where the OUID and the TID are multicasted, and 899 obfuscates them in responses to attempts to take over an address. 901 The LLN nodes depend on the 6LBR and the 6BBR for their operation. A 902 trust model must be put in place to ensure that the right devices are 903 acting in these roles, so as to avoid threats such as black-holing, 904 or bombing attack whereby an impersonated 6LBR would destroy state in 905 the network by using the "Removed" Status code. 907 9. Privacy Considerations 909 As indicated in section Section 2, this protocol does not aim at 910 limiting the number of IPv6 addresses that a device can form. A host 911 should be able to form and register any address that is topologically 912 correct in the subnet(s) advertised by the 6LR/6LBR. 914 This specification does not mandate any particular way for forming 915 IPv6 addresses, but it recognizes that use of EUI-64 for forming the 916 Interface ID in the Link-Local address prevents the usage of "SEcure 917 Neighbor Discovery (SEND)" [RFC3971] and "Cryptographically Generated 918 Addresses (CGA)" [RFC3972], and that of address privacy techniques. 920 "Privacy Considerations for IPv6 Adaptation-Layer Mechanisms" 921 [RFC8065] addresses why privacy is important and how to form such 922 addresses. All implementations and deployment must consider the 923 option of privacy addresses in their own environment. Also future 924 specifications involving 6LOWPAN Neighbor Discovery should consult 925 "Recommendation on Stable IPv6 Interface Identifiers" [RFC8064] for 926 default interface identifaction. 928 10. IANA Considerations 930 IANA is requested to create a new subregistry for "ARO Flags" under 931 the "Internet Control Message Protocol version 6 (ICMPv6) 932 Parameters". This specification defines 8 positions, bit 0 to bit 7, 933 and assigns bit 7 for the "T" flag in Section 6.1. The policy is 934 "IETF Review" or "IESG Approval" [RFC8126]. The initial content of 935 the registry is as shown in Table 2. 937 New subregistry for ARO Flags under the "Internet Control Message 938 Protocol version 6 (ICMPv6) Parameters" 940 +------------+--------------+-----------+ 941 | ARO Status | Description | Document | 942 +------------+--------------+-----------+ 943 | 0..6 | Unassigned | | 944 | | | | 945 | 7 | "T" Flag | RFC This | 946 +------------+--------------+-----------+ 948 Table 2: new ARO Flags 950 IANA is requested to make additions to existing registries as 951 follows: 953 Address Registration Option Status Values Registry 955 +------------+------------------------------------------+-----------+ 956 | ARO Status | Description | Document | 957 +------------+------------------------------------------+-----------+ 958 | 3 | Moved | RFC This | 959 | | | | 960 | 4 | Removed | RFC This | 961 | | | | 962 | 5 | Proof requested | RFC This | 963 | | | | 964 | 6 | Duplicate Source Address | RFC This | 965 | | | | 966 | 7 | Invalid Source Address | RFC This | 967 | | | | 968 | 8 | Registered Address topologically | RFC This | 969 | | incorrect | | 970 | | | | 971 | 9 | 6LBR registry saturated | RFC This | 972 | | | | 973 | 10 | Incorrect proof | RFC This | 974 +------------+------------------------------------------+-----------+ 976 Table 3: New ARO Status values 978 Subregistry for "6LoWPAN capability Bits" under the "Internet Control 979 Message Protocol version 6 (ICMPv6) Parameters" 981 +----------------+----------------------+-----------+ 982 | capability Bit | Description | Document | 983 +----------------+----------------------+-----------+ 984 | 11 | 6LR capable (L bit) | RFC This | 985 | | | | 986 | 12 | 6LBR capable (B bit) | RFC This | 987 | | | | 988 | 13 | 6BBR capable (P bit) | RFC This | 989 | | | | 990 | 14 | EARO support (E bit) | RFC This | 991 +----------------+----------------------+-----------+ 993 Table 4: New 6LoWPAN capability Bits 995 11. Acknowledgments 997 Kudos to Eric Levy-Abegnoli who designed the First Hop Security 998 infrastructure at Cisco, upon which the first backbone router wsa 999 implemented; many thanks to Sedat Gormus, Rahul Jadhav, Charlie 1000 Perkins for their various contributions and reviews. Also many 1001 thanks to Thomas Watteyne for his early implementation of a 6LN that 1002 was instrumental to test the 6LR, 6LBR and Backbone Router. 1004 12. References 1006 12.1. Normative References 1008 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1009 Requirement Levels", BCP 14, RFC 2119, 1010 DOI 10.17487/RFC2119, March 1997, 1011 . 1013 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1014 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 1015 2006, . 1017 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1018 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1019 DOI 10.17487/RFC4861, September 2007, 1020 . 1022 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1023 Address Autoconfiguration", RFC 4862, 1024 DOI 10.17487/RFC4862, September 2007, 1025 . 1027 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 1028 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 1029 DOI 10.17487/RFC6282, September 2011, 1030 . 1032 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1033 Bormann, "Neighbor Discovery Optimization for IPv6 over 1034 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1035 RFC 6775, DOI 10.17487/RFC6775, November 2012, 1036 . 1038 [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for 1039 IPv6 over Low-Power Wireless Personal Area Networks 1040 (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 1041 2014, . 1043 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1044 Writing an IANA Considerations Section in RFCs", BCP 26, 1045 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1046 . 1048 12.2. Informative References 1050 [I-D.chakrabarti-nordmark-6man-efficient-nd] 1051 Chakrabarti, S., Nordmark, E., Thubert, P., and M. 1052 Wasserman, "IPv6 Neighbor Discovery Optimizations for 1053 Wired and Wireless Networks", draft-chakrabarti-nordmark- 1054 6man-efficient-nd-07 (work in progress), February 2015. 1056 [I-D.delcarpio-6lo-wlanah] 1057 Vega, L., Robles, I., and R. Morabito, "IPv6 over 1058 802.11ah", draft-delcarpio-6lo-wlanah-01 (work in 1059 progress), October 2015. 1061 [I-D.ietf-6lo-ap-nd] 1062 Sarikaya, B., Thubert, P., and M. Sethi, "Address 1063 Protected Neighbor Discovery for Low-power and Lossy 1064 Networks", draft-ietf-6lo-ap-nd-02 (work in progress), May 1065 2017. 1067 [I-D.ietf-6lo-backbone-router] 1068 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 1069 backbone-router-04 (work in progress), July 2017. 1071 [I-D.ietf-6lo-nfc] 1072 Choi, Y., Hong, Y., Youn, J., Kim, D., and J. Choi, 1073 "Transmission of IPv6 Packets over Near Field 1074 Communication", draft-ietf-6lo-nfc-07 (work in progress), 1075 June 2017. 1077 [I-D.ietf-6tisch-architecture] 1078 Thubert, P., "An Architecture for IPv6 over the TSCH mode 1079 of IEEE 802.15.4", draft-ietf-6tisch-architecture-11 (work 1080 in progress), January 2017. 1082 [I-D.ietf-bier-architecture] 1083 Wijnands, I., Rosen, E., Dolganow, A., Przygienda, T., and 1084 S. Aldrin, "Multicast using Bit Index Explicit 1085 Replication", draft-ietf-bier-architecture-07 (work in 1086 progress), June 2017. 1088 [I-D.ietf-ipv6-multilink-subnets] 1089 Thaler, D. and C. Huitema, "Multi-link Subnet Support in 1090 IPv6", draft-ietf-ipv6-multilink-subnets-00 (work in 1091 progress), July 2002. 1093 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] 1094 Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets 1095 over IEEE 1901.2 Narrowband Powerline Communication 1096 Networks", draft-popa-6lo-6loplc-ipv6-over- 1097 ieee19012-networks-00 (work in progress), March 2014. 1099 [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1100 DOI 10.17487/RFC1982, August 1996, 1101 . 1103 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with 1104 CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September 1105 2003, . 1107 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 1108 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 1109 DOI 10.17487/RFC3810, June 2004, 1110 . 1112 [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, 1113 "SEcure Neighbor Discovery (SEND)", RFC 3971, 1114 DOI 10.17487/RFC3971, March 2005, 1115 . 1117 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 1118 RFC 3972, DOI 10.17487/RFC3972, March 2005, 1119 . 1121 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 1122 for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006, 1123 . 1125 [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 1126 over Low-Power Wireless Personal Area Networks (6LoWPANs): 1127 Overview, Assumptions, Problem Statement, and Goals", 1128 RFC 4919, DOI 10.17487/RFC4919, August 2007, 1129 . 1131 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 1132 Extensions for Stateless Address Autoconfiguration in 1133 IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, 1134 . 1136 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1137 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1138 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1139 Low-Power and Lossy Networks", RFC 6550, 1140 DOI 10.17487/RFC6550, March 2012, 1141 . 1143 [RFC7217] Gont, F., "A Method for Generating Semantically Opaque 1144 Interface Identifiers with IPv6 Stateless Address 1145 Autoconfiguration (SLAAC)", RFC 7217, 1146 DOI 10.17487/RFC7217, April 2014, 1147 . 1149 [RFC7428] Brandt, A. and J. Buron, "Transmission of IPv6 Packets 1150 over ITU-T G.9959 Networks", RFC 7428, 1151 DOI 10.17487/RFC7428, February 2015, 1152 . 1154 [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 1155 Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low 1156 Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, 1157 . 1159 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 1160 "Host Address Availability Recommendations", BCP 204, 1161 RFC 7934, DOI 10.17487/RFC7934, July 2016, 1162 . 1164 [RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu, 1165 "Recommendation on Stable IPv6 Interface Identifiers", 1166 RFC 8064, DOI 10.17487/RFC8064, February 2017, 1167 . 1169 [RFC8065] Thaler, D., "Privacy Considerations for IPv6 Adaptation- 1170 Layer Mechanisms", RFC 8065, DOI 10.17487/RFC8065, 1171 February 2017, . 1173 [RFC8105] Mariager, P., Petersen, J., Ed., Shelby, Z., Van de Logt, 1174 M., and D. Barthel, "Transmission of IPv6 Packets over 1175 Digital Enhanced Cordless Telecommunications (DECT) Ultra 1176 Low Energy (ULE)", RFC 8105, DOI 10.17487/RFC8105, May 1177 2017, . 1179 [RFC8163] Lynn, K., Ed., Martocci, J., Neilson, C., and S. 1180 Donaldson, "Transmission of IPv6 over Master-Slave/Token- 1181 Passing (MS/TP) Networks", RFC 8163, DOI 10.17487/RFC8163, 1182 May 2017, . 1184 12.3. External Informative References 1186 [IEEEstd802154] 1187 IEEE, "IEEE Standard for Low-Rate Wireless Networks", 1188 IEEE Standard 802.15.4, DOI 10.1109/IEEESTD.2016.7460875, 1189 . 1191 [Perlman83] 1192 Perlman, R., "Fault-Tolerant Broadcast of Routing 1193 Information", North-Holland Computer Networks 7: 395-405, 1194 1983, . 1197 Appendix A. Applicability and Requirements Served 1199 This specification extends 6LoWPAN ND to sequence the registration 1200 and serves the requirements expressed Appendix B.1 by enabling the 1201 mobility of devices from one LLN to the next based on the 1202 complementary work in the "IPv6 Backbone Router" 1203 [I-D.ietf-6lo-backbone-router] specification. 1205 In the context of the the TimeSlotted Channel Hopping (TSCH) mode of 1206 IEEE Std. 802.15.4 [IEEEstd802154], the "6TiSCH architecture" 1207 [I-D.ietf-6tisch-architecture] introduces how a 6LoWPAN ND host could 1208 connect to the Internet via a RPL mesh Network, but this requires 1209 additions to the 6LOWPAN ND protocol to support mobility and 1210 reachability in a secured and manageable environment. This 1211 specification details the new operations that are required to 1212 implement the 6TiSCH architecture and serves the requirements listed 1213 in Appendix B.2. 1215 The term LLN is used loosely in this specification to cover multiple 1216 types of WLANs and WPANs, including Low-Power Wi-Fi, BLUETOOTH(R) Low 1217 Energy, IEEE Std.802.11AH and IEEE Std.802.15.4 wireless meshes, so 1218 as to address the requirements discussed in Appendix B.3 1220 This specification can be used by any wireless node to associate at 1221 Layer-3 with a 6BBR and register its IPv6 addresses to obtain routing 1222 services including proxy-ND operations over the Backbone, effectively 1223 providing a solution to the requirements expressed in Appendix B.4. 1225 "Efficiency aware IPv6 Neighbor Discovery Optimizations" 1226 [I-D.chakrabarti-nordmark-6man-efficient-nd] suggests that 6LoWPAN ND 1227 [RFC6775] can be extended to other types of links beyond IEEE Std. 1228 802.15.4 for which it was defined. The registration technique is 1229 beneficial when the Link-Layer technique used to carry IPv6 multicast 1230 packets is not sufficiently efficient in terms of delivery ratio or 1231 energy consumption in the end devices, in particular to enable 1232 energy-constrained sleeping nodes. The value of such extension is 1233 especially apparent in the case of mobile wireless nodes, to reduce 1234 the multicast operations that are related to classical ND ([RFC4861], 1235 [RFC4862]) and plague the wireless medium. This serves scalability 1236 requirements listed in Appendix B.6. 1238 Appendix B. Requirements 1240 This section lists requirements that were discussed at 6lo for an 1241 update to 6LoWPAN ND. This specification meets most of them, but 1242 those listed in Appendix B.5 which are deferred to a different 1243 specification such as [I-D.ietf-6lo-ap-nd], and those related to 1244 multicast. 1246 B.1. Requirements Related to Mobility 1248 Due to the unstable nature of LLN links, even in a LLN of immobile 1249 nodes a 6LN may change its point of attachment to a 6LR, say 6LR-a, 1250 and may not be able to notify 6LR-a. Consequently, 6LR-a may still 1251 attract traffic that it cannot deliver any more. When links to a 6LR 1252 change state, there is thus a need to identify stale states in a 6LR 1253 and restore reachability in a timely fashion. 1255 Req1.1: Upon a change of point of attachment, connectivity via a new 1256 6LR MUST be restored timely without the need to de-register from the 1257 previous 6LR. 1259 Req1.2: For that purpose, the protocol MUST enable to differentiate 1260 between multiple registrations from one 6LoWPAN Node and 1261 registrations from different 6LoWPAN Nodes claiming the same address. 1263 Req1.3: Stale states MUST be cleaned up in 6LRs. 1265 Req1.4: A 6LoWPAN Node SHOULD also be capable to register its Address 1266 to multiple 6LRs, and this, concurrently. 1268 B.2. Requirements Related to Routing Protocols 1270 The point of attachment of a 6LN may be a 6LR in an LLN mesh. IPv6 1271 routing in a LLN can be based on RPL, which is the routing protocol 1272 that was defined at the IETF for this particular purpose. Other 1273 routing protocols than RPL are also considered by Standard Defining 1274 Organizations (SDO) on the basis of the expected network 1275 characteristics. It is required that a 6LoWPAN Node attached via ND 1276 to a 6LR would need to participate in the selected routing protocol 1277 to obtain reachability via the 6LR. 1279 Next to the 6LBR unicast address registered by ND, other addresses 1280 including multicast addresses are needed as well. For example a 1281 routing protocol often uses a multicast address to register changes 1282 to established paths. ND needs to register such a multicast address 1283 to enable routing concurrently with discovery. 1285 Multicast is needed for groups. Groups MAY be formed by device type 1286 (e.g. routers, street lamps), location (Geography, RPL sub-tree), or 1287 both. 1289 The Bit Index Explicit Replication (BIER) Architecture 1290 [I-D.ietf-bier-architecture] proposes an optimized technique to 1291 enable multicast in a LLN with a very limited requirement for routing 1292 state in the nodes. 1294 Related requirements are: 1296 Req2.1: The ND registration method SHOULD be extended in such a 1297 fashion that the 6LR MAY advertise the Address of a 6LoWPAN Node over 1298 the selected routing protocol and obtain reachability to that Address 1299 using the selected routing protocol. 1301 Req2.2: Considering RPL, the Address Registration Option that is used 1302 in the ND registration SHOULD be extended to carry enough information 1303 to generate a DAO message as specified in [RFC6550] section 6.4, in 1304 particular the capability to compute a Path Sequence and, as an 1305 option, a RPLInstanceID. 1307 Req2.3: Multicast operations SHOULD be supported and optimized, for 1308 instance using BIER or MPL. Whether ND is appropriate for the 1309 registration to the 6BBR is to be defined, considering the additional 1310 burden of supporting the Multicast Listener Discovery Version 2 1311 [RFC3810] (MLDv2) for IPv6. 1313 B.3. Requirements Related to the Variety of Low-Power Link types 1315 6LoWPAN ND [RFC6775] was defined with a focus on IEEE Std.802.15.4 1316 and in particular the capability to derive a unique Identifier from a 1317 globally unique MAC-64 address. At this point, the 6lo Working Group 1318 is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique 1319 to other link types ITU-T G.9959 [RFC7428], Master-Slave/Token- 1320 Passing [RFC8163], DECT Ultra Low Energy [RFC8105], Near Field 1321 Communication [I-D.ietf-6lo-nfc], IEEE Std. 802.11ah 1322 [I-D.delcarpio-6lo-wlanah], as well as IEEE1901.2 Narrowband 1323 Powerline Communication Networks 1324 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] and BLUETOOTH(R) 1325 Low Energy [RFC7668]. 1327 Related requirements are: 1329 Req3.1: The support of the registration mechanism SHOULD be extended 1330 to more LLN links than IEEE Std.802.15.4, matching at least the LLN 1331 links for which an "IPv6 over foo" specification exists, as well as 1332 Low-Power Wi-Fi. 1334 Req3.2: As part of this extension, a mechanism to compute a unique 1335 Identifier should be provided, with the capability to form a Link- 1336 Local Address that SHOULD be unique at least within the LLN connected 1337 to a 6LBR discovered by ND in each node within the LLN. 1339 Req3.3: The Address Registration Option used in the ND registration 1340 SHOULD be extended to carry the relevant forms of unique Identifier. 1342 Req3.4: The Neighbour Discovery should specify the formation of a 1343 site-local address that follows the security recommendations from 1344 [RFC7217]. 1346 B.4. Requirements Related to Proxy Operations 1348 Duty-cycled devices may not be able to answer themselves to a lookup 1349 from a node that uses classical ND on a Backbone and may need a 1350 proxy. Additionally, the duty-cycled device may need to rely on the 1351 6LBR to perform registration to the 6BBR. 1353 The ND registration method SHOULD defend the addresses of duty-cycled 1354 devices that are sleeping most of the time and not capable to defend 1355 their own Addresses. 1357 Related requirements are: 1359 Req4.1: The registration mechanism SHOULD enable a third party to 1360 proxy register an Address on behalf of a 6LoWPAN node that may be 1361 sleeping or located deeper in an LLN mesh. 1363 Req4.2: The registration mechanism SHOULD be applicable to a duty- 1364 cycled device regardless of the link type, and enable a 6BBR to 1365 operate as a proxy to defend the Registered Addresses on its behalf. 1367 Req4.3: The registration mechanism SHOULD enable long sleep 1368 durations, in the order of multiple days to a month. 1370 B.5. Requirements Related to Security 1372 In order to guarantee the operations of the 6LoWPAN ND flows, the 1373 spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a 1374 node successfully registers an address, 6LoWPAN ND should provide 1375 energy-efficient means for the 6LBR to protect that ownership even 1376 when the node that registered the address is sleeping. 1378 In particular, the 6LR and the 6LBR then should be able to verify 1379 whether a subsequent registration for a given Address comes from the 1380 original node. 1382 In a LLN it makes sense to base security on layer-2 security. During 1383 bootstrap of the LLN, nodes join the network after authorization by a 1384 Joining Assistant (JA) or a Commissioning Tool (CT). After joining 1385 nodes communicate with each other via secured links. The keys for 1386 the layer-2 security are distributed by the JA/CT. The JA/CT can be 1387 part of the LLN or be outside the LLN. In both cases it is needed 1388 that packets are routed between JA/CT and the joining node. 1390 Related requirements are: 1392 Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1393 the 6LR, 6LBR and 6BBR to authenticate and authorize one another for 1394 their respective roles, as well as with the 6LoWPAN Node for the role 1395 of 6LR. 1397 Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1398 the 6LR and the 6LBR to validate new registration of authorized 1399 nodes. Joining of unauthorized nodes MUST be impossible. 1401 Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet 1402 sizes. In particular, the NS, NA, DAR and DAC messages for a re- 1403 registration flow SHOULD NOT exceed 80 octets so as to fit in a 1404 secured IEEE Std.802.15.4 [IEEEstd802154] frame. 1406 Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be 1407 computationally intensive on the LoWPAN Node CPU. When a Key hash 1408 calculation is employed, a mechanism lighter than SHA-1 SHOULD be 1409 preferred. 1411 Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate 1412 SHOULD be minimized. 1414 Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable the 1415 variation of CCM [RFC3610] called CCM* for use at both Layer 2 and 1416 Layer 3, and SHOULD enable the reuse of security code that has to be 1417 present on the device for upper layer security such as TLS. 1419 Req5.7: Public key and signature sizes SHOULD be minimized while 1420 maintaining adequate confidentiality and data origin authentication 1421 for multiple types of applications with various degrees of 1422 criticality. 1424 Req5.8: Routing of packets should continue when links pass from the 1425 unsecured to the secured state. 1427 Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1428 the 6LR and the 6LBR to validate whether a new registration for a 1429 given address corresponds to the same 6LoWPAN Node that registered it 1430 initially, and, if not, determine the rightful owner, and deny or 1431 clean-up the registration that is duplicate. 1433 B.6. Requirements Related to Scalability 1435 Use cases from Automatic Meter Reading (AMR, collection tree 1436 operations) and Advanced Metering Infrastructure (AMI, bi-directional 1437 communication to the meters) indicate the needs for a large number of 1438 LLN nodes pertaining to a single RPL DODAG (e.g. 5000) and connected 1439 to the 6LBR over a large number of LLN hops (e.g. 15). 1441 Related requirements are: 1443 Req6.1: The registration mechanism SHOULD enable a single 6LBR to 1444 register multiple thousands of devices. 1446 Req6.2: The timing of the registration operation should allow for a 1447 large latency such as found in LLNs with ten and more hops. 1449 Authors' Addresses 1451 Pascal Thubert (editor) 1452 Cisco Systems, Inc 1453 Sophia Antipolis 1454 FRANCE 1456 Email: pthubert@cisco.com 1458 Erik Nordmark 1459 Santa Clara, CA 1460 USA 1462 Email: nordmark@sonic.net 1464 Samita Chakrabarti 1465 San Jose, CA 1466 USA 1468 Email: samitac.ietf@gmail.com