idnits 2.17.1 draft-ietf-6lo-rfc6775-update-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 20, 2017) is 2408 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Perlman83' is mentioned on line 1396, but not defined == Missing Reference: 'IEEEstd802154' is mentioned on line 1609, but not defined == Outdated reference: A later version (-23) exists of draft-ietf-6lo-ap-nd-02 == Outdated reference: A later version (-20) exists of draft-ietf-6lo-backbone-router-04 == Outdated reference: A later version (-22) exists of draft-ietf-6lo-nfc-07 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-12 -- Obsolete informational reference (is this intentional?): RFC 4941 (Obsoleted by RFC 8981) Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo P. Thubert, Ed. 3 Internet-Draft cisco 4 Updates: 6775 (if approved) E. Nordmark 5 Intended status: Standards Track 6 Expires: March 24, 2018 S. Chakrabarti 7 September 20, 2017 9 An Update to 6LoWPAN ND 10 draft-ietf-6lo-rfc6775-update-09 12 Abstract 14 This specification updates RFC 6775 - 6LoWPAN Neighbor Discovery, to 15 clarify the role of the protocol as a registration technique, 16 simplify the registration operation in 6LoWPAN routers, as well as to 17 provide enhancements to the registration capabilities and mobility 18 detection for different network topologies including the backbone 19 routers performing proxy Neighbor Discovery in a low power network. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on March 24, 2018. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Applicability of Address Registration Options . . . . . . . . 3 57 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 4. Updating RFC 6775 . . . . . . . . . . . . . . . . . . . . . . 6 59 4.1. Extended Address Registration Option (EARO) . . . . . . . 7 60 4.2. Transaction ID . . . . . . . . . . . . . . . . . . . . . 7 61 4.2.1. Comparing TID values . . . . . . . . . . . . . . . . 8 62 4.3. Owner Unique ID . . . . . . . . . . . . . . . . . . . . . 9 63 4.4. Extended Duplicate Address Messages . . . . . . . . . . . 10 64 4.5. Registering the Target Address . . . . . . . . . . . . . 10 65 4.6. Link-Local Addresses and Registration . . . . . . . . . . 11 66 4.7. Maintaining the Registration States . . . . . . . . . . . 13 67 5. Detecting Enhanced ARO Capability Support . . . . . . . . . . 14 68 6. Extended ND Options And Messages . . . . . . . . . . . . . . 15 69 6.1. Enhanced Address Registration Option (EARO) . . . . . . . 15 70 6.2. Extended Duplicate Address Message Formats . . . . . . . 18 71 6.3. New 6LoWPAN Capability Bits in the Capability Indication 72 Option . . . . . . . . . . . . . . . . . . . . . . . . . 19 73 7. Backward Compatibility . . . . . . . . . . . . . . . . . . . 19 74 7.1. Discovering the capabilities of an ND peer . . . . . . . 19 75 7.1.1. Using the "E" Flag in the 6CIO Option . . . . . . . . 19 76 7.1.2. Using the "T" Flag in the EARO . . . . . . . . . . . 20 77 7.2. Legacy 6LoWPAN Node . . . . . . . . . . . . . . . . . . . 21 78 7.3. Legacy 6LoWPAN Router . . . . . . . . . . . . . . . . . . 21 79 7.4. Legacy 6LoWPAN Border Router . . . . . . . . . . . . . . 22 80 8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 81 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 23 82 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 83 10.1. ARO Flags . . . . . . . . . . . . . . . . . . . . . . . 24 84 10.2. ICMP Codes . . . . . . . . . . . . . . . . . . . . . . . 24 85 10.3. New ARO Status values . . . . . . . . . . . . . . . . . 25 86 10.4. New 6LoWPAN capability Bits . . . . . . . . . . . . . . 26 87 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 26 88 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 89 12.1. Normative References . . . . . . . . . . . . . . . . . . 26 90 12.2. Informative References . . . . . . . . . . . . . . . . . 27 91 12.3. External Informative References . . . . . . . . . . . . 30 92 Appendix A. Applicability and Requirements Served . . . . . . . 30 93 Appendix B. Requirements . . . . . . . . . . . . . . . . . . . . 31 94 B.1. Requirements Related to Mobility . . . . . . . . . . . . 32 95 B.2. Requirements Related to Routing Protocols . . . . . . . . 32 96 B.3. Requirements Related to the Variety of Low-Power Link 97 types . . . . . . . . . . . . . . . . . . . . . . . . . . 33 98 B.4. Requirements Related to Proxy Operations . . . . . . . . 34 99 B.5. Requirements Related to Security . . . . . . . . . . . . 34 100 B.6. Requirements Related to Scalability . . . . . . . . . . . 35 101 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 103 1. Introduction 105 The scope of this draft is an IPv6 Low Power Networks including star 106 and mesh topologies. This specification modifies and extends the 107 behavior and protocol elements of "Neighbor Discovery Optimization 108 for IPv6 over Low-Power Wireless Personal Area Networks" (6LoWPAN ND) 109 [RFC6775] to enable additional capabilities such as: 111 o Support for indicating mobility vs retry (T-bit) 113 o Ease up requirement of registration for link-local addresses 115 o Enhancement to Address Registration Option (ARO) 117 o Permitting registration of target address 119 o Clarification of support of privacy and temporary addresses 121 The applicability of 6LoWPAN ND registration is discussed in 122 Section 2, and new extensions and updates to RFC 6775 are presented 123 in Section 4. Considerations on Backward Compatibility, Security and 124 Privacy are also elaborated upon in Section 7, Section 8 and in 125 Section 9, respectively. 127 2. Applicability of Address Registration Options 129 The original purpose of the Address Registration Option (ARO) in the 130 original 6LoWPAN ND specification is to facilitate duplicate address 131 detection (DAD) for hosts as well as populate Neighbor Cache Entries 132 (NCE) [RFC4861] in the routers. This reduces the reliance on 133 multicast operations, which are often as intrusive as broadcast, in 134 IPv6 ND operations. 136 With this specification, a registration can fail or become useless 137 for reasons other than address duplication. Examples include: the 138 router having run out of space; a registration bearing a stale 139 sequence number perhaps denoting a movement of the host after the 140 registration was placed; a host misbehaving and attempting to 141 register an invalid address such as the unspecified address 142 [RFC4291]; or a host using an address which is not topologically 143 correct on that link. 145 In such cases the host will receive an error to help diagnose the 146 issue and may retry, possibly with a different address, and possibly 147 registering to a different router, depending on the returned error. 148 However, the ability to return errors to address registrations is not 149 intended to be used to restrict the ability of hosts to form and use 150 addresses, as recommended in "Host Address Availability 151 Recommendations" [RFC7934]. 153 In particular, the freedom to form and register addresses is needed 154 for enhanced privacy; each host may register a multiplicity of 155 address using mechanisms such as "Privacy Extensions for Stateless 156 Address Autoconfiguration (SLAAC) in IPv6" [RFC4941]. 158 In the classical IPv6 ND [RFC4861], a router must have enough storage 159 to hold neighbor cache entries for all the addresses to which it may 160 forward. A router using the Address Registration mechanism needs 161 enough storage to hold NCEs for all the addresses that may be 162 registered to it, regardless of whether or not they are actively 163 communicating. For this reason, the number of registrations 164 supported by a 6LoWPAN Router (6LR) or 6LoWPAN Border Router (6LBR) 165 must be clearly documented. 167 A network administrator should deploy adapted 6LR/6LBRs to support 168 the number and type of devices in his network, based on the number of 169 IPv6 addresses that those devices require and their renewal rate and 170 behaviour. 172 3. Terminology 174 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 175 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 176 document are to be interpreted as described in RFC 2119 [RFC2119]. 178 Readers are expected to be familiar with all the terms and concepts 179 that are discussed in 181 o "Neighbor Discovery for IP version 6" [RFC4861], 183 o "IPv6 Stateless Address Autoconfiguration" [RFC4862], 185 o "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 186 Overview, Assumptions, Problem Statement, and Goals" [RFC4919], 188 o "Neighbor Discovery Optimization for Low-power and Lossy Networks" 189 [RFC6775] and 191 o "Multi-link Subnet Support in IPv6" 192 [I-D.ietf-ipv6-multilink-subnets], 194 as well as the following terminology: 196 Backbone Link An IPv6 transit link that interconnects two or more 197 Backbone Routers. It is expected to be of a relatively high 198 speed compared to the LLN in order to support the trafic that 199 is required to federate multiple segments of the potentially 200 large LLN into a single IPv6 subnet. Also referred to as a to 201 as a Backbone, a LLN Backbone, and a Backbone Network. 203 Backbone Router A logical network function in an IPv6 router that 204 federates a LLN over a Backbone Link. In order to do so, the 205 Backbone Router (6BBR) proxies the 6LoWPAN ND operations 206 detailed in the document onto the matching operations that run 207 over the backbone, typically classical IPv6 ND. Note that 6BBR 208 is a logical function, just like 6LR and 6LBR, and that a same 209 physical router may operate all three. 211 Extended LLN The aggregation of multiple LLNs as defined in RFC 4919 212 [RFC4919], interconnected by a Backbone Link via Backbone 213 Routers, and forming a single IPv6 MultiLink Subnet. 215 Registration The process during which a wireless Node registers its 216 address(es) with the Border Router so the 6BBR can serve as 217 proxy for ND operations over the Backbone. 219 Binding The association between an IP address with a MAC address, a 220 port and/or other information about the node that owns the IP 221 address. 223 Registered Node The node for which the registration is performed, 224 and which owns the fields in the EARO option. 226 Registering Node The node that performs the registration to the 227 6BBR, which may proxy for the registered node. 229 Registered Address An address owned by the Registered Node node that 230 was or is being registered. 232 legacy and original vs. updated In the context of this 233 specification, the terms "legacy" and "original" relate to the 234 support of the RFC 6775 by a 6LN, a 6LR or a 6LBR, whereas the 235 term "updated" refers to the support of this specification. 237 classical In the context of this specification, the term "classical" 238 relates to the support of the IPv6 Neighbor Discovery (IPv6 ND) 239 protocol as specified in RFC 4861 and RFC 4862. This 240 specification does not deprecate the classical IPv6 ND 241 Protocol. 243 4. Updating RFC 6775 245 This specification introduces the Extended Address Registration 246 Option (EARO) based on the ARO as defined in RFC 6775 [RFC6775]; in 247 particular a "T" flag is added that MUST be set is NS messages when 248 this specification is used, and echoed in NA messages to confirm that 249 the protocol is supported. 251 The extensions to the ARO option are reported to the Duplicate 252 Address Request (DAR) and Duplicate Address Confirmation (DAC) 253 messages, so as to convey the additional information all the way to 254 the 6LBR, and in turn the 6LBR may proxy the registration using 255 classical ND over a backbone as illustrated in Figure 1. 257 6LN 6LR 6LBR 6BBR 258 | | | | 259 | NS(EARO) | | | 260 |--------------->| | | 261 | | Extended DAR | | 262 | |-------------->| | 263 | | | | 264 | | | proxy NS(EARO) | 265 | | |--------------->| 266 | | | | NS(DAD) 267 | | | | ------> 268 | | | | 269 | | | | 270 | | | proxy NA(EARO) | 271 | | |<---------------| 272 | | Extended DAC | | 273 | |<--------------| | 274 | NA(EARO) | | | 275 |<---------------| | | 276 | | | | 278 Figure 1: (Re-)Registration Flow 280 In order to support various types of link layers, it is RECOMMENDED 281 to allow multiple registrations, including for privacy / temporary 282 addresses, and provides new mechanisms to help clean up stale 283 registration states as soon as possible. 285 A Registering Node SHOULD prefer registering to a 6LR that is found 286 to support this specification, as discussed in Section 7.1, over a 287 legacy one. 289 4.1. Extended Address Registration Option (EARO) 291 The Extended ARO (EARO) deprecates the ARO and is backward compatible 292 with it. More details on backward compatibility can be found in 293 Section 7. 295 The semantics of the ARO are modified as follows: 297 o The address that is being registered with a Neighbor Solicitation 298 (NS) with an EARO is now the Target Address, as opposed to the 299 Source Address as specified in RFC 6775 [RFC6775] (see 300 Section 4.5). This change enables a 6LBR to use one of its 301 addresses as source to the proxy-registration of an address that 302 belongs to a LLN Node to a 6BBR. This also limits the use of an 303 address as source address before it is registered and the 304 associated DAD process is complete. 306 o The Unique ID in the EARO Option is no longer required to be a MAC 307 address (see Section 4.3). This enables in particular the use of 308 a Provable Temporary UID (PT-UID) as opposed to burn-in MAC 309 address; the PT-UID provides an anchor trusted by the 6LR and 6LBR 310 to protect the state associated to the node. 312 o The specification introduces a Transaction ID (TID) field in the 313 EARO (see Section 4.2). The TID MUST be provided by a node that 314 supports this specification and a new "T" flag MUST be set to 315 indicate so. 317 o Finally, this specification introduces new status codes to help 318 diagnose the cause of a registration failure (see Table 1). 320 4.2. Transaction ID 322 The Transaction ID (TID) is a sequence number that is incremented 323 with each re-registration. The TID is used to detect the freshness 324 of the registration request and useful to detect one single 325 registration by multiple 6LOWPAN border routers (e.g., 6LBRs and 326 6BBRs) supporting the same 6LOWPAN. The TID may also be used by the 327 network to track the sequence of movements of a node in order to 328 route to the current (freshest known) location of a moving node. 330 When a Registered Node is registered with multiple BBRs in parallel, 331 the same TID SHOULD be used, to enable the 6BBRs to determine that 332 the registrations are the same, and distinguish that situation from a 333 movement. 335 4.2.1. Comparing TID values 337 The TID is a sequence counter and its operation is the exact match of 338 the path sequence specified in RPL, the IPv6 Routing Protocol for 339 Low-Power and Lossy Networks [RFC6550] specification. 341 In order to keep this document self-contained and yet compatible, the 342 text below is an exact copy from section 7.2. "Sequence Counter 343 Operation" of [RFC6550]. 345 A TID is deemed to be fresher than another when its value is greater 346 per the operations detailed in this section. 348 The TID range is subdivided in a 'lollipop' fashion ([Perlman83]), 349 where the values from 128 and greater are used as a linear sequence 350 to indicate a restart and bootstrap the counter, and the values less 351 than or equal to 127 used as a circular sequence number space of size 352 128 as in [RFC1982]. Consideration is given to the mode of operation 353 when transitioning from the linear region to the circular region. 354 Finally, when operating in the circular region, if sequence numbers 355 are detected to be too far apart then they are not comparable, as 356 detailed below. 358 A window of comparison, SEQUENCE_WINDOW = 16, is configured based on 359 a value of 2^N, where N is defined to be 4 in this specification. 361 For a given sequence counter, 363 1. The sequence counter SHOULD be initialized to an implementation 364 defined value which is 128 or greater prior to use. A 365 recommended value is 240 (256 - SEQUENCE_WINDOW). 367 2. When a sequence counter increment would cause the sequence 368 counter to increment beyond its maximum value, the sequence 369 counter MUST wrap back to zero. When incrementing a sequence 370 counter greater than or equal to 128, the maximum value is 255. 371 When incrementing a sequence counter less than 128, the maximum 372 value is 127. 374 3. When comparing two sequence counters, the following rules MUST be 375 applied: 377 1. When a first sequence counter A is in the interval [128..255] 378 and a second sequence counter B is in [0..127]: 380 1. If (256 + B - A) is less than or equal to 381 SEQUENCE_WINDOW, then B is greater than A, A is less than 382 B, and the two are not equal. 384 2. If (256 + B - A) is greater than SEQUENCE_WINDOW, then A 385 is greater than B, B is less than A, and the two are not 386 equal. 388 For example, if A is 240, and B is 5, then (256 + 5 - 240) is 389 21. 21 is greater than SEQUENCE_WINDOW (16), thus 240 is 390 greater than 5. As another example, if A is 250 and B is 5, 391 then (256 + 5 - 250) is 11. 11 is less than SEQUENCE_WINDOW 392 (16), thus 250 is less than 5. 394 2. In the case where both sequence counters to be compared are 395 less than or equal to 127, and in the case where both 396 sequence counters to be compared are greater than or equal to 397 128: 399 1. If the absolute magnitude of difference between the two 400 sequence counters is less than or equal to 401 SEQUENCE_WINDOW, then a comparison as described in 402 [RFC1982] is used to determine the relationships greater 403 than, less than, and equal. 405 2. If the absolute magnitude of difference of the two 406 sequence counters is greater than SEQUENCE_WINDOW, then a 407 desynchronization has occurred and the two sequence 408 numbers are not comparable. 410 4. If two sequence numbers are determined to be not comparable, i.e. 411 the results of the comparison are not defined, then a node should 412 consider the comparison as if it has evaluated in such a way so 413 as to give precedence to the sequence number that has most 414 recently been observed to increment. Failing this, the node 415 should consider the comparison as if it has evaluated in such a 416 way so as to minimize the resulting changes to its own state. 418 4.3. Owner Unique ID 420 The Owner Unique ID (OUID) enables a duplicate address registration 421 to be distinguished from a double registration or a movement. An ND 422 message from the 6BBR over the Backbone that is proxied on behalf of 423 a Registered Node must carry the most recent EARO option seen for 424 that node. A NS/NA with an EARO and a NS/NA without a EARO thus 425 represent different nodes; if they relate to a same target then an 426 address duplication is likely. 428 With RFC 6775, the Owner Unique ID carries an EUI-64 burn-in address, 429 which implies that duplicate EUI-64 addresses are avoided. With this 430 specification, the Owner Unique ID is allowed to be extended to 431 different types of identifier, as long as the type is clearly 432 indicated. For instance, the type can be a cryptographic string and 433 used to prove the ownership of the registration as discussed in 434 "Address Protected Neighbor Discovery for Low-power and Lossy 435 Networks" [I-D.ietf-6lo-ap-nd]. 437 In any fashion, it is recommended that the node stores the unique Id 438 or the keys used to generate that ID in persistent memory. 439 Otherwise, it will be prevented to re-register a same address after a 440 reboot that would cause a loss of memory until the 6LBR times out the 441 registration. 443 4.4. Extended Duplicate Address Messages 445 In order to map the new EARO content in the DAR/DAC messages, a new 446 TID field is added to the Extended DAR (EDAR) and the Extended DAC 447 (EDAC) messages as a replacement to a Reserved field, and an odd 448 value of the ICMP Code indicates support for the TID, to transport 449 the "T" flag. 451 In order to prepare for new extensions, and though no option had been 452 earlier defined for the Duplicate Address messages, implementations 453 SHOULD expect ND options after the main body, and SHOULD ignore them. 455 As for the EARO, the Extended Duplicate Address messages are backward 456 compatible with the original versions, and remarks concerning 457 backwards compatibility between the 6LN and the 6LR apply similarly 458 between a 6LR and a 6LBR. 460 4.5. Registering the Target Address 462 The Registering Node is the node that performs the registration to 463 the 6BBR. As inherited from RFC 6775, it may be the Registered Node 464 as well, in which case it registers one of its own addresses, and 465 indicates its own MAC Address as Source Link Layer Address (SLLA) in 466 the NS(EARO). 468 This specification adds the capability to proxy the registration 469 operation on behalf of a Registered Node that is reachable over a LLN 470 mesh. In that case, if the Registered Node is reachable from the 471 6BBR over a Mesh-Under mesh, the Registering Node indicates the MAC 472 Address of the Registered Node as SLLA in the NS(EARO). If the 473 Registered Node is reachable over a Route-Over mesh from the 474 Registering Node, the SLLA in the NS(ARO) is that of the Registering 475 Node. This enables the Registering Node to attract the packets from 476 the 6BBR and route them over the LLN to the Registered Node . 478 In order to enable the latter operation, this specification changes 479 the behavior of the 6LN and the 6LR so that the Registered Address is 480 found in the Target Address field of the NS and NA messages as 481 opposed to the Source Address. 483 The reason for this change is to enable proxy-registrations on behalf 484 of other nodes, for instance to enable a RPL root to register 485 addresses on behalf of other LLN nodes, as discussed in Appendix B.4. 486 In that case, the Registering Node MUST indicate its own address as 487 source of the ND message and its MAC address in the Source Link-Layer 488 Address Option (SLLAO), since it still expects to receive and route 489 the packets. Since the Registered Address belongs to the Registered 490 Node, that address is indicated in the Target Address field of the NS 491 message. 493 With this convention, a TLLA option indicates the link-layer address 494 of the 6LN that owns the address, whereas the SLLA Option in a NS 495 message indicates that of the Registering Node, which can be the 496 owner device, or a proxy. 498 The Registering Node is reachable from the 6LR, and is also the one 499 expecting packets for the 6LN. Therefore, it MUST place its own Link 500 Layer Address in the SLLA Option that MUST always be placed in a 501 registration NS(EARO) message. This maintains compatibility with the 502 original 6LoWPAN ND [RFC6775]. 504 4.6. Link-Local Addresses and Registration 506 Considering that LLN nodes are often not wired and may move, there is 507 no guarantee that a Link-Local address stays unique between a 508 potentially variable and unbounded set of neighboring nodes. 510 Compared to RFC 6775, this specification only requires that a Link- 511 Local address is unique from the perspective of the nodes that use it 512 to communicate (e.g. the 6LN and the 6LR in an NS/NA exchange). This 513 simplifies the DAD process for Link-Local addresses, and there is no 514 exchange of Duplicate Address messages between the 6LR and a 6LBR for 515 Link-Local addresses. 517 According to RFC 6775, a 6LoWPAN Node (6LN) uses the an address being 518 registered as the source of the registration message. This generates 519 complexities in the 6LR to be able to cope with a potential 520 duplication, in particular for global addresses. 522 To simplify this, a 6LN and a 6LR that conform this specification 523 MUST always use Link-Local addresses as source and destination 524 addresses for the registration NS/NA exchange. As a result, the 525 registration is globally faster, and some of the complexity is 526 removed. 528 In more details: 530 An exchange between two nodes using Link-Local addresses implies that 531 they are reachable over one hop and that at least one of the 2 nodes 532 acts as a 6LR. A node MUST register a Link-Local address to a 6LR in 533 order to obtain reachability from that 6LR beyond the current 534 exchange, and in particular to use the Link-Local address as source 535 address to register other addresses, e.g. global addresses. 537 If there is no collision with an address previously registered to 538 this 6LR by another 6LN, then, from the standpoint of this 6LR, this 539 Link-Local address is unique and the registration is acceptable. 540 Conversely, it may possibly happen that two different 6LRs expose the 541 same Link-Local address but different link-layer addresses. In that 542 case, a 6LN may only interact with one of the 6LRs so as to avoid 543 confusion in the 6LN neighbor cache. 545 The DAD process between the 6LR and a 6LBR, which is based on an 546 exchange of Duplicate Address messages, does not need to take place 547 for Link-Local addresses. 549 It is desired that a 6LR does not need to modify its state associated 550 to the Source Address of an NS(EARO) message. For that reason, when 551 possible, it is RECOMMENDED to use an address that is already 552 registered with a 6LR 554 When registering to a 6LR that conforms this specification, a node 555 MUST use a Link-Local address as the source address of the 556 registration, whatever the type of IPv6 address that is being 557 registered. That Link-Local Address MUST be either already 558 registered, or the address that is being registered. 560 When a Registering Node does not have an already-Registered Address, 561 it MUST register a Link-Local address, using it as both the Source 562 and the Target Address of an NS(EARO) message. In that case, it is 563 RECOMMENDED to use a Link-Local address that is (expected to be) 564 globally unique, e.g. derived from a burn-in MAC address. An EARO 565 option in the response NA indicates that the 6LR supports this 566 specification. 568 Since there is no Duplicate Address exchange for Link-Local 569 addresses, the 6LR may answer immediately to the registration of a 570 Link-Local address, based solely on its existing state and the Source 571 Link-Layer Option that MUST be placed in the NS(EARO) message as 572 required in RFC 6775 [RFC6775]. 574 A node needs to register its IPv6 Global Unicast IPv6 Addresses 575 (GUAs) to a 6LR in order to establish global reachability for these 576 addresses via that 6LR. When registering with a 6LR that conforms 577 this specification, a Registering Node does not use its GUA as Source 578 Address, in contrast to a node that complies to RFC 6775 [RFC6775]. 579 For non-Link-Local addresses, the Duplicate Address exchange MUST 580 conform to RFC 6775, but the extended formats described in this 581 specification for the DAR and the DAC are used to relay the extended 582 information in the case of an EARO. 584 4.7. Maintaining the Registration States 586 This section discusses protocol actions that involve the Registering 587 Node, the 6LR and the 6LBR. It must be noted that the portion that 588 deals with a 6LBR only applies to those addresses that are registered 589 to it, which, as discussed in Section 4.6, is not the case for Link- 590 Local addresses. The registration state includes all data that is 591 stored in the router relative to that registration, in particular, 592 but not limited to, an NCE in a 6LR. 6LBRs and 6BBRs may store 593 additional registration information in more complex data structures 594 and use protocols that are out of scope of this document to keep them 595 synchonized when they are distributed. 597 When its Neighbor Cache is full, a 6LR cannot accept a new 598 registration. In that situation, the EARO is returned in a NA 599 message with a Status of 2, and the Registering Node may attempt to 600 register to another 6LR. 602 Conversely the registry in the 6LBR may be saturated, in which case 603 the LBR cannot guarantee that a new address is effectively not a 604 duplicate. In that case, the 6LBR replies to a EDAR message with a 605 EDAC message that carries a Status code 9 indicating "6LBR Registry 606 saturated", and the address stays in TENTATIVE state. Note: this 607 code is used by 6LBRs instead of Status 2 when responding to a 608 Duplicate Address message exchange and passed on to the Registering 609 Node by the 6LR. There is no point for the node to retry this 610 registration immediately via another 6LR, since the problem is global 611 to the network. The node may either abandon that address, deregister 612 other addresses first to make room, or keep the address in TENTATIVE 613 state and retry later. 615 A node renews an existing registration by repeatedly sending NS(EARO) 616 messages for the Registered Address. In order to refresh the 617 registration state in the 6LBR, these registrations MUST be reported 618 to the 6LBR. 620 A node that ceases to use an address SHOULD attempt to deregister 621 that address from all the 6LRs to which it has registered the 622 address, which is achieved using an NS(EARO) message with a 623 Registration Lifetime of 0. 625 A node that moves away from a particular 6LR SHOULD attempt to 626 deregister all of its addresses registered to that 6LR and register 627 to a new 6LR with an incremented TID. When/if the node shows up 628 elsewhere, an asynchronous NA(EARO) or EDAC message with a status of 629 3 "Moved" SHOULD be used to clean up the state in the previous 630 location. For instance, the "Moved" status can be used by a 6BBR in 631 a NA(EARO) message to indicate that the ownership of the proxy state 632 on the Backbone was transferred to another 6BBR, as the consequence 633 of a movement of the device. The receiver of the message SHOULD 634 propagate the status down the chain towards the Registered node and 635 clean up its state. 637 Upon receiving a NS(EARO) message with a Registration Lifetime of 0 638 and determining that this EARO is the freshest for a given NCE (see 639 Section 4.2), a 6LR cleans up its NCE. If the address was registered 640 to the 6LBR, then the 6LR MUST report to the 6LBR, through a 641 Duplicate Address exchange with the 6LBR, or an alternate protocol, 642 indicating the null Registration Lifetime and the latest TID that 643 this 6LR is aware of. 645 Upon the Extended DAR message, the 6LBR evaluates if this is the 646 freshest TID it has received for that particular registry entry. If 647 it is, then the entry is scheduled to be removed, and the EDAR is 648 answered with a EDAC message bearing a Status of 0 "Success". If it 649 is not the freshest, then a Status 3 "Moved" is returned instead, and 650 the existing entry is conserved. 652 Upon timing out a registration, a 6LR removes silently its binding 653 cache entry, and a 6LBR schedules its entry to be removed. 655 When an address is scheduled to be removed, the 6LBR SHOULD keep its 656 entry in a DELAY state for a configurable period of time, so as to 657 protect a mobile node that deregistered from one 6LR and did not 658 register yet to a new one, or the new registration did not reach yet 659 the 6LBR due to propagation delays in the network. Once the DELAY 660 time is passed, the 6LBR removes silently its entry. 662 5. Detecting Enhanced ARO Capability Support 664 The "Generic Header Compression for IPv6 over 6LoWPANs" [RFC7400] 665 introduces the 6LoWPAN Capability Indication Option (6CIO) to 666 indicate a node's capabilities to its peers. This specification 667 extends the format defined in RFC 7400 to signal the support for 668 EARO, as well as the node's capability to act as a 6LR, 6LBR and 669 6BBR. 671 With RFC 7400, the 6CIO is typically sent in a Router Solicitation 672 (RS) message. When used to signal the capabilities above per this 673 specification, the 6CIO is typically present in Router Advertisement 674 (RA) messages but can also be present in RS, Neighbor Solicitation 675 (NS) and Neighbor Advertisement (NA) messages. 677 6. Extended ND Options And Messages 679 This specification does not introduce new options, but it modifies 680 existing ones and updates the associated behaviors as specified in 681 the following subsections. 683 6.1. Enhanced Address Registration Option (EARO) 685 The Address Registration Option (ARO) is defined in section 4.1. of 686 [RFC6775]. 688 The Enhanced Address Registration Option (EARO) is intended to be 689 used as a replacement to the ARO option within Neighbor Discovery NS 690 and NA messages between a 6LN and its 6LR. Conversely, the Extended 691 Duplicate Address messages, EDAR and EDAC, are to be used in 692 replacement of the DAR and DAC messages so as to transport the new 693 information between 6LRs and 6LBRs across LLNs meshes such as 6TiSCH 694 networks. 696 An NS message with an EARO option is a registration if and only if it 697 also carries an SLLAO option. The EARO option also used in NS and NA 698 messages between Backbone Routers over the Backbone link to sort out 699 the distributed registration state; in that case, it does not carry 700 the SLLAO option and is not confused with a registration. 702 When using the EARO option, the address being registered is found in 703 the Target Address field of the NS and NA messages. This differs 704 from 6LoWPAN ND RFC 6775 [RFC6775] which specifies that the address 705 being registered is the source of the NS. 707 The EARO extends the ARO and is recognized by the "T" flag set. The 708 format of the EARO option is as follows: 710 0 1 2 3 711 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 712 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 713 | Type | Length = 2 | Status | Reserved | 714 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 715 | Reserved |T| TID | Registration Lifetime | 716 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 717 | | 718 + Owner Unique ID (EUI-64 or equivalent) + 719 | | 720 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 722 Figure 2: EARO 724 Option Fields 726 Type: 33 728 Length: 8-bit unsigned integer. The length of the option in 729 units of 8 bytes. Always 2. 731 Status: 8-bit unsigned integer. Indicates the status of a 732 registration in the NA response. MUST be set to 0 in 733 NS messages. See Table 1 below. 735 +-------+-----------------------------------------------------------+ 736 | Value | Description | 737 +-------+-----------------------------------------------------------+ 738 | 0..2 | See RFC 6775 [RFC6775]. Note: a Status of 1 "Duplicate | 739 | | Address" applies to the Registered Address. If the Source | 740 | | Address conflicts with an existing registration, | 741 | | "Duplicate Source Address" should be used. | 742 | | | 743 | 3 | Moved: The registration fails because it is not the | 744 | | freshest. This Status indicates that the registration is | 745 | | rejected because another more recent registration was | 746 | | done, as indicated by a same OUI and a more recent TID. | 747 | | One possible cause is a stale registration that has | 748 | | progressed slowly in the network and was passed by a more | 749 | | recent one. It could also indicate a OUI collision. | 750 | | | 751 | 4 | Removed: The binding state was removed. This may be | 752 | | placed in an asynchronous NS(ARO) message, or as the | 753 | | rejection of a proxy registration to a Backbone Router | 754 | | | 755 | 5 | Validation Requested: The Registering Node is challenged | 756 | | for owning the Registered Address or for being an | 757 | | acceptable proxy for the registration. This Status is | 758 | | expected in asynchronous messages from a registrar (6LR, | 759 | | 6LBR, 6BBR) to indicate that the registration state is | 760 | | removed, for instance due to a movement of the device. | 761 | | | 762 | 6 | Duplicate Source Address: The address used as source of | 763 | | the NS(ARO) conflicts with an existing registration. | 764 | | | 765 | 7 | Invalid Source Address: The address used as source of the | 766 | | NS(ARO) is not a Link-Local address as prescribed by this | 767 | | document. | 768 | | | 769 | 8 | Registered Address topologically incorrect: The address | 770 | | being registered is not usable on this link, e.g. it is | 771 | | not topologically correct | 772 | | | 773 | 9 | 6LBR Registry saturated: A new registration cannot be | 774 | | accepted because the 6LBR Registry is saturated. Note: | 775 | | this code is used by 6LBRs instead of Status 2 when | 776 | | responding to a Duplicate Address message exchange and | 777 | | passed on to the Registering Node by the 6LR. | 778 | | | 779 | 10 | Validation Failed: The proof of ownership of the | 780 | | registered address is not correct. | 781 +-------+-----------------------------------------------------------+ 783 Table 1: EARO Status 785 Reserved: This field is unused. It MUST be initialized to zero 786 by the sender and MUST be ignored by the receiver. 788 T: One bit flag. Set if the next octet is a used as a 789 TID. 791 TID: 1-byte integer; a transaction id that is maintained 792 by the node and incremented with each transaction. 793 The node SHOULD maintain the TID in a persistent 794 storage. 796 Registration Lifetime: 16-bit integer; expressed in minutes. 0 797 means that the registration has ended and the 798 associated state should be removed. 800 Owner Unique Identifier (OUI): A globally unique identifier for the 801 node associated. This can be the EUI-64 derived IID 802 of an interface, or some provable ID obtained 803 cryptographically. 805 6.2. Extended Duplicate Address Message Formats 807 The Duplicate Address Request (DAR) and the Duplicate Address 808 Confirmation (DAC) messages are defined in section 4.4. of [RFC6775]. 809 Those messages follow a common base format, which enables information 810 from the ARO to be transported over multiple hops. 812 The Duplicate Address Messages are extended to adapt to the Extended 813 ARO format, as follows: 815 0 1 2 3 816 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 | Type | Code | Checksum | 819 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 820 | Status | TID | Registration Lifetime | 821 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 822 | | 823 + Owner Unique ID (EUI-64 or equivalent) + 824 | | 825 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 826 | | 827 + + 828 | | 829 + Registered Address + 830 | | 831 + + 832 | | 833 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 835 Figure 3: Duplicate Address Messages Format 837 Modified Message Fields 839 Code: The ICMP Code as defined in [RFC4443]. The ICMP Code 840 MUST be set to 1 with this specification. An odd 841 value of the ICMP Code indicates that the TID field 842 is present and obeys this specification. 844 TID: 1-byte integer; same definition and processing as the 845 TID in the EARO option as defined in Section 6.1. 847 Owner Unique Identifier (OUI): 8 bytes; same definition and 848 processing as the OUI in the EARO option as defined 849 in Section 6.1. 851 6.3. New 6LoWPAN Capability Bits in the Capability Indication Option 853 This specification defines a number of capability bits in the 6CIO 854 that was introduced by RFC 7400 for use in IPv6 ND RA messages. 856 Routers that support this specification SHOULD set the "E" flag and 857 6LN SHOULD favor 6LR routers that support this specification over 858 those that do not. Routers that are capable of acting as 6LR, 6LBR 859 and 6BBR SHOULD set the "L", "B" and "P" flags, respectively. In 860 particular, the function 6LR is usually collocated with that of 6LBR. 862 Those flags are not mutually exclusive and if a router is capable of 863 running multiple functions, it SHOULD set all the related flags. 865 0 1 2 3 866 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 867 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 868 | Type | Length = 1 | Reserved |L|B|P|E|G| 869 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 870 | Reserved | 871 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 873 Figure 4: New capability Bits L, B, P, E in the 6CIO 875 Option Fields 877 Type: 36 879 L: Node is a 6LR, it can take registrations. 881 B: Node is a 6LBR. 883 P: Node is a 6BBR, proxying for nodes on this link. 885 E: This specification is supported and applied. 887 7. Backward Compatibility 889 7.1. Discovering the capabilities of an ND peer 891 7.1.1. Using the "E" Flag in the 6CIO Option 893 If the 6CIO is used in an ND message and the sending node supports 894 this specification, then the "E" Flag MUST be set. 896 A router that supports this specification SHOULD indicate that with a 897 6CIO Option, but this might not be practical if the link-layer MTU is 898 too small. 900 If the Registering Node (RN) receives a CIO in a Router Advertisement 901 message, then the setting of the "E" Flag indicates whether or not 902 this specification is supported. RN SHOULD favor a router that 903 supports this specification over those that do not. 905 7.1.2. Using the "T" Flag in the EARO 907 One alternate way for a 6LN to discover the router's capabilities to 908 first register a Link Local address, placing the same address in the 909 Source and Target Address fields of the NS message, and setting the 910 "T" Flag. The node may for instance register an address that is 911 based on EUI-64. For such address, DAD is not required and using the 912 SLLAO option in the NS is actually more consistent with existing ND 913 specifications such as the "Optimistic Duplicate Address Detection 914 (DAD) for IPv6" [RFC4429]. 916 Once that first registration is complete, the node knows from the 917 setting of the "T" Flag in the response whether the router supports 918 this specification. If support is verified, the node may register 919 other addresses that it owns, or proxy-register addresses on behalf 920 some another node, indicating those addresses being registered in the 921 Target Address field of the NS messages, while using one of its own 922 previously registered addresses as source. 924 A node that supports this specification MUST always use an EARO as a 925 replacement to an ARO in its registration to a router. This is 926 harmless since the "T" flag and TID field are reserved in RFC 6775 927 are ignored by a legacy router. A router that supports this 928 specification answers an ARO with an ARO and answers an EARO with an 929 EARO. 931 This specification changes the behavior of the peers in a 932 registration flows. To enable backward compatibility, a 6LB that 933 registers to a 6LR that is not known to support this specification 934 MUST behave in a manner that is compatible with RFC 6775. A 6LN can 935 achieve that by sending a NS(EARO) message with a Link-Local Address 936 used as both Source and Target Address, as described in Section 4.6. 937 Once the 6LR is known to support this specification, the 6LN MUST 938 obey this specification. 940 7.2. Legacy 6LoWPAN Node 942 A legacy 6LN will use the Registered Address as source and will not 943 use an EARO option. An updated 6LR MUST accept that registration if 944 it is valid per RFC 6775, and it MUST manage the binding cache 945 accordingly. The updated 6LR MUST then use the original Duplicate 946 Address messages as specified in RFC 6775 to indicate to the 6LBR 947 that the TID is not present in the messages. 949 The main difference with RFC 6775 is that Duplicate Address exchange 950 for DAD is avoided for Link-Local addresses. In any case, the 6LR 951 SHOULD use an EARO in the reply, and may use any of the Status codes 952 defined in this specification. 954 7.3. Legacy 6LoWPAN Router 956 The first registration by an updated 6LN MUST be for a Link-Local 957 address, using that Link-Local address as source. A legacy 6LR will 958 not make a difference and accept -or reject- that registration as if 959 the 6LN was a legacy node. 961 An updated 6LN will always use an EARO option in the registration NS 962 message, whereas a legacy 6LR will always reply with an ARO option in 963 the NA message. So from that first registration, the updated 6LN can 964 figure whether the 6LR supports this specification or not. 966 After detecting a legacy 6LR, an updated 6LN may attempt to find an 967 alternate 6LR that is updated. In order to be backward compatible, 968 after detecting that a 6LR is legacy, the 6LN MUST adhere to RFC 6775 969 in future protocol exchanges with that 6LR, and source the packet 970 with the Registered Address. 972 Note that the updated 6LN SHOULD use an EARO in the request 973 regardless of the type of 6LR, legacy or updated, which implies that 974 the "T" flag is set. 976 If an updated 6LN moves from an updated 6LR to a legacy 6LR, the 977 legacy 6LR will send a legacy DAR message, which can not be compared 978 with an updated one for freshness. 980 Allowing legacy DAR messages to replace a state established by the 981 updated protocol in the 6LBR would be an attack vector and that 982 cannot be the default behavior. 984 But if legacy and updated 6LRs coexist temporarily in a network, then 985 it makes sense for an administrator to install a policy that allows 986 so, and the capability to install such a policy should be 987 configurable in a 6LBR though it is out of scope for this document. 989 7.4. Legacy 6LoWPAN Border Router 991 With this specification, the Duplicate Address messages are extended 992 to transport the EARO information. Similarly to the NS/NA exchange, 993 updated 6LBR devices always use the Extended Duplicate Address 994 messages and all the associated behavior so they can amlways be 995 differentiated from legacy ones. 997 Note that a legacy 6LBR will accept and process an EDAR message as if 998 it was an original one, so the original support of DAD is preserved. 1000 8. Security Considerations 1002 This specification extends RFC 6775 [RFC6775], and the security 1003 section of that draft also applies to this as well. In particular, 1004 it is expected that the link layer is sufficiently protected to 1005 prevent a rogue access, either by means of physical or IP security on 1006 the Backbone Link and link layer cryptography on the LLN. 1008 This specification also expects that the LLN MAC provides secure 1009 unicast to/from the Backbone Router and secure Broadcast from the 1010 Backbone Router in a way that prevents tempering with or replaying 1011 the RA messages. 1013 This specification recommends to using privacy techniques (see 1014 Section 9, and protection against address theft such as provided by 1015 "Address Protected Neighbor Discovery for Low-power and Lossy 1016 Networks" [I-D.ietf-6lo-ap-nd], which guarantees the ownership of the 1017 Registered Address using a cryptographic OUID. 1019 The registration mechanism may be used by a rogue node to attack the 1020 6LR or the 6LBR with a Denial-of-Service attack against the registry. 1021 It may also happen that the registry of a 6LR or a 6LBR is saturated 1022 and cannot take any more registration, which effectively denies the 1023 requesting a node the capability to use a new address. In order to 1024 alleviate those concerns, Section 4.7 provides a number of 1025 recommendations that ensure that a stale registration is removed as 1026 soon as possible from the 6LR and 6LBR. In particular, this 1027 specification recommends that: 1029 o A node that ceases to use an address SHOULD attempt to deregister 1030 that address from all the 6LRs to which it is registered. The 1031 flow is propagated to the 6LBR when needed, and a sequence number 1032 is used to make sure that only the freshest command is acted upon. 1034 o The Registration lifetimes SHOULD be individually configurable for 1035 each address or group of addresses. The nodes SHOULD be 1036 configured with a Registration Lifetime that reflects their 1037 expectation of how long they will use the address with the 6LR to 1038 which it is registered. In particular, use cases that involve 1039 mobility or rapid address changes SHOULD use lifetimes that are 1040 larger yet of a same order as the duration of the expectation of 1041 presence. 1043 o The router (6LR or 6LBR) SHOULD be configurable so as to limit the 1044 number of addresses that can be registered by a single node, as 1045 identified at least by MAC address and preferably by security 1046 credentials. When that maximum is reached, the router should use 1047 a Least-Recently-Used (LRU) logic so as to clean up the addresses 1048 that were not used for the longest time, keeping at least one 1049 Link-Local address, and attempting to keep one or more stable 1050 addresses if such can be recognized, e.g. from the way the IID is 1051 formed or because they are used over a much longer time span than 1052 other (privacy, shorter-lived) addresses. The address lifetimes 1053 SHOULD be individually configurable. 1055 o In order to avoid denial of registration for the lack of 1056 resources, administrators SHOULD take great care to deploy 1057 adequate numbers of 6LRs to cover the needs of the nodes in their 1058 range, so as to avoid a situation of starving nodes. It is 1059 expected that the 6LBR that serves a LLN is a more capable node 1060 then the average 6LR, but in a network condition where it may 1061 become saturated, a particular deployment SHOULD distribute the 1062 6LBR functionality, for instance by leveraging a high speed 1063 Backbone and Backbone Routers to aggregate multiple LLNs into a 1064 larger subnet. 1066 The LLN nodes depend on the 6LBR and the 6BBR for their operation. A 1067 trust model must be put in place to ensure that the right devices are 1068 acting in these roles, so as to avoid threats such as black-holing, 1069 or bombing attack whereby an impersonated 6LBR would destroy state in 1070 the network by using the "Removed" Status code. 1072 9. Privacy Considerations 1074 As indicated in section Section 2, this protocol does not aim at 1075 limiting the number of IPv6 addresses that a device can form. A host 1076 should be able to form and register any address that is topologically 1077 correct in the subnet(s) advertised by the 6LR/6LBR. 1079 This specification does not mandate any particular way for forming 1080 IPv6 addresses, but it discourages using EUI-64 for forming the 1081 Interface ID in the Link-Local address because this method prevents 1082 the usage of "SEcure Neighbor Discovery (SEND)" [RFC3971] and 1083 "Cryptographically Generated Addresses (CGA)" [RFC3972], and that of 1084 address privacy techniques. 1086 "Privacy Considerations for IPv6 Adaptation-Layer Mechanisms" 1087 [RFC8065] explains why privacy is important and how to form such 1088 addresses. All implementations and deployment must consider the 1089 option of privacy addresses in their own environment. Also future 1090 specifications involving 6LOWPAN Neighbor Discovery should consult 1091 "Recommendation on Stable IPv6 Interface Identifiers" [RFC8064] for 1092 default interface identifaction. 1094 10. IANA Considerations 1096 IANA is requested to make a number of changes under the "Internet 1097 Control Message Protocol version 6 (ICMPv6) Parameters" registry, as 1098 follows. 1100 10.1. ARO Flags 1102 IANA is requested to create a new subregistry for "ARO Flags". This 1103 specification defines 8 positions, bit 0 to bit 7, and assigns bit 7 1104 for the "T" flag in Section 6.1. The policy is "IETF Review" or 1105 "IESG Approval" [RFC8126]. The initial content of the registry is as 1106 shown in Table 2. 1108 New subregistry for ARO Flags under the "Internet Control Message 1109 Protocol version 6 (ICMPv6) [RFC4443] Parameters" 1111 +------------+--------------+-----------+ 1112 | ARO Status | Description | Document | 1113 +------------+--------------+-----------+ 1114 | 0..6 | Unassigned | | 1115 | 7 | "T" Flag | RFC This | 1116 +------------+--------------+-----------+ 1118 Table 2: new ARO Flags 1120 10.2. ICMP Codes 1122 IANA is requested to create a new entry in the ICMPv6 "Code" Fields 1123 subregistry of the Internet Control Message Protocol version 6 1124 (ICMPv6) Parameters for the ICMP codes related to the ICMP type 157 1125 and 158 Duplicate Address Request (shown in Table 3) and Confirmation 1126 (shown in Table 4), respectively, as follows: 1128 New entries for ICMP types 157 DAR message 1130 +------+----------------------+------------+ 1131 | Code | Name | Reference | 1132 +------+----------------------+------------+ 1133 | 0 | Original DAR message | RFC 6775 | 1134 | 1 | Extended DAR message | RFC This | 1135 +------+----------------------+------------+ 1137 Table 3: new ICMPv6 Code Fields 1139 New entries for ICMP types 158 DAC message 1141 +------+----------------------+------------+ 1142 | Code | Name | Reference | 1143 +------+----------------------+------------+ 1144 | 0 | Original DAC message | RFC 6775 | 1145 | 1 | Extended DAC message | RFC This | 1146 +------+----------------------+------------+ 1148 Table 4: new ICMPv6 Code Fields 1150 10.3. New ARO Status values 1152 IANA is requested to make additions to the Address Registration 1153 Option Status Values Registry as follows: 1155 Address Registration Option Status Values Registry 1157 +------------+------------------------------------------+-----------+ 1158 | ARO Status | Description | Document | 1159 +------------+------------------------------------------+-----------+ 1160 | 3 | Moved | RFC This | 1161 | 4 | Removed | RFC This | 1162 | 5 | Validation Requested | RFC This | 1163 | 6 | Duplicate Source Address | RFC This | 1164 | 7 | Invalid Source Address | RFC This | 1165 | 8 | Registered Address topologically | RFC This | 1166 | | incorrect | | 1167 | 9 | 6LBR registry saturated | RFC This | 1168 | 10 | Validation Failed | RFC This | 1169 +------------+------------------------------------------+-----------+ 1171 Table 5: New ARO Status values 1173 10.4. New 6LoWPAN capability Bits 1175 IANA is requested to make additions to the Subregistry for "6LoWPAN 1176 capability Bits" as follows: 1178 Subregistry for "6LoWPAN capability Bits" under the "Internet Control 1179 Message Protocol version 6 (ICMPv6) Parameters" 1181 +----------------+----------------------+-----------+ 1182 | capability Bit | Description | Document | 1183 +----------------+----------------------+-----------+ 1184 | 11 | 6LR capable (L bit) | RFC This | 1185 | 12 | 6LBR capable (B bit) | RFC This | 1186 | 13 | 6BBR capable (P bit) | RFC This | 1187 | 14 | EARO support (E bit) | RFC This | 1188 +----------------+----------------------+-----------+ 1190 Table 6: New 6LoWPAN capability Bits 1192 11. Acknowledgments 1194 Kudos to Eric Levy-Abegnoli who designed the First Hop Security 1195 infrastructure upon which the first backbone router was implemented; 1196 many thanks to Charlie Perkins for his in-depth reviews and 1197 constructive suggestions, as well as to Sedat Gormus, Rahul Jadhav 1198 and Lorenzo Colitti for their various contributions and reviews. 1199 Also many thanks to Thomas Watteyne for his early implementation of a 1200 6LN that was instrumental to the early tests of the 6LR, 6LBR and 1201 Backbone Router. 1203 12. References 1205 12.1. Normative References 1207 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1208 Requirement Levels", BCP 14, RFC 2119, 1209 DOI 10.17487/RFC2119, March 1997, 1210 . 1212 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1213 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 1214 2006, . 1216 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 1217 Control Message Protocol (ICMPv6) for the Internet 1218 Protocol Version 6 (IPv6) Specification", STD 89, 1219 RFC 4443, DOI 10.17487/RFC4443, March 2006, 1220 . 1222 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1223 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1224 DOI 10.17487/RFC4861, September 2007, 1225 . 1227 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1228 Address Autoconfiguration", RFC 4862, 1229 DOI 10.17487/RFC4862, September 2007, 1230 . 1232 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 1233 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 1234 DOI 10.17487/RFC6282, September 2011, 1235 . 1237 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1238 Bormann, "Neighbor Discovery Optimization for IPv6 over 1239 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1240 RFC 6775, DOI 10.17487/RFC6775, November 2012, 1241 . 1243 [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for 1244 IPv6 over Low-Power Wireless Personal Area Networks 1245 (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 1246 2014, . 1248 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1249 Writing an IANA Considerations Section in RFCs", BCP 26, 1250 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1251 . 1253 12.2. Informative References 1255 [I-D.chakrabarti-nordmark-6man-efficient-nd] 1256 Chakrabarti, S., Nordmark, E., Thubert, P., and M. 1257 Wasserman, "IPv6 Neighbor Discovery Optimizations for 1258 Wired and Wireless Networks", draft-chakrabarti-nordmark- 1259 6man-efficient-nd-07 (work in progress), February 2015. 1261 [I-D.delcarpio-6lo-wlanah] 1262 Vega, L., Robles, I., and R. Morabito, "IPv6 over 1263 802.11ah", draft-delcarpio-6lo-wlanah-01 (work in 1264 progress), October 2015. 1266 [I-D.ietf-6lo-ap-nd] 1267 Sarikaya, B., Thubert, P., and M. Sethi, "Address 1268 Protected Neighbor Discovery for Low-power and Lossy 1269 Networks", draft-ietf-6lo-ap-nd-02 (work in progress), May 1270 2017. 1272 [I-D.ietf-6lo-backbone-router] 1273 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 1274 backbone-router-04 (work in progress), July 2017. 1276 [I-D.ietf-6lo-nfc] 1277 Choi, Y., Hong, Y., Youn, J., Kim, D., and J. Choi, 1278 "Transmission of IPv6 Packets over Near Field 1279 Communication", draft-ietf-6lo-nfc-07 (work in progress), 1280 June 2017. 1282 [I-D.ietf-6tisch-architecture] 1283 Thubert, P., "An Architecture for IPv6 over the TSCH mode 1284 of IEEE 802.15.4", draft-ietf-6tisch-architecture-12 (work 1285 in progress), August 2017. 1287 [I-D.ietf-bier-architecture] 1288 Wijnands, I., Rosen, E., Dolganow, A., Przygienda, T., and 1289 S. Aldrin, "Multicast using Bit Index Explicit 1290 Replication", draft-ietf-bier-architecture-08 (work in 1291 progress), September 2017. 1293 [I-D.ietf-ipv6-multilink-subnets] 1294 Thaler, D. and C. Huitema, "Multi-link Subnet Support in 1295 IPv6", draft-ietf-ipv6-multilink-subnets-00 (work in 1296 progress), July 2002. 1298 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] 1299 Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets 1300 over IEEE 1901.2 Narrowband Powerline Communication 1301 Networks", draft-popa-6lo-6loplc-ipv6-over- 1302 ieee19012-networks-00 (work in progress), March 2014. 1304 [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1305 DOI 10.17487/RFC1982, August 1996, 1306 . 1308 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with 1309 CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September 1310 2003, . 1312 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 1313 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 1314 DOI 10.17487/RFC3810, June 2004, 1315 . 1317 [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, 1318 "SEcure Neighbor Discovery (SEND)", RFC 3971, 1319 DOI 10.17487/RFC3971, March 2005, 1320 . 1322 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 1323 RFC 3972, DOI 10.17487/RFC3972, March 2005, 1324 . 1326 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 1327 for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006, 1328 . 1330 [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 1331 over Low-Power Wireless Personal Area Networks (6LoWPANs): 1332 Overview, Assumptions, Problem Statement, and Goals", 1333 RFC 4919, DOI 10.17487/RFC4919, August 2007, 1334 . 1336 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 1337 Extensions for Stateless Address Autoconfiguration in 1338 IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, 1339 . 1341 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1342 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1343 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1344 Low-Power and Lossy Networks", RFC 6550, 1345 DOI 10.17487/RFC6550, March 2012, 1346 . 1348 [RFC7217] Gont, F., "A Method for Generating Semantically Opaque 1349 Interface Identifiers with IPv6 Stateless Address 1350 Autoconfiguration (SLAAC)", RFC 7217, 1351 DOI 10.17487/RFC7217, April 2014, 1352 . 1354 [RFC7428] Brandt, A. and J. Buron, "Transmission of IPv6 Packets 1355 over ITU-T G.9959 Networks", RFC 7428, 1356 DOI 10.17487/RFC7428, February 2015, 1357 . 1359 [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 1360 Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low 1361 Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, 1362 . 1364 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 1365 "Host Address Availability Recommendations", BCP 204, 1366 RFC 7934, DOI 10.17487/RFC7934, July 2016, 1367 . 1369 [RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu, 1370 "Recommendation on Stable IPv6 Interface Identifiers", 1371 RFC 8064, DOI 10.17487/RFC8064, February 2017, 1372 . 1374 [RFC8065] Thaler, D., "Privacy Considerations for IPv6 Adaptation- 1375 Layer Mechanisms", RFC 8065, DOI 10.17487/RFC8065, 1376 February 2017, . 1378 [RFC8105] Mariager, P., Petersen, J., Ed., Shelby, Z., Van de Logt, 1379 M., and D. Barthel, "Transmission of IPv6 Packets over 1380 Digital Enhanced Cordless Telecommunications (DECT) Ultra 1381 Low Energy (ULE)", RFC 8105, DOI 10.17487/RFC8105, May 1382 2017, . 1384 [RFC8163] Lynn, K., Ed., Martocci, J., Neilson, C., and S. 1385 Donaldson, "Transmission of IPv6 over Master-Slave/Token- 1386 Passing (MS/TP) Networks", RFC 8163, DOI 10.17487/RFC8163, 1387 May 2017, . 1389 12.3. External Informative References 1391 [IEEEstd802154] 1392 IEEE, "IEEE Standard for Low-Rate Wireless Networks", 1393 IEEE Standard 802.15.4, DOI 10.1109/IEEESTD.2016.7460875, 1394 . 1396 [Perlman83] 1397 Perlman, R., "Fault-Tolerant Broadcast of Routing 1398 Information", North-Holland Computer Networks 7: 395-405, 1399 1983, . 1402 Appendix A. Applicability and Requirements Served 1404 This specification extends 6LoWPAN ND to sequence the registration 1405 and serves the requirements expressed Appendix B.1 by enabling the 1406 mobility of devices from one LLN to the next based on the 1407 complementary work in the "IPv6 Backbone Router" 1408 [I-D.ietf-6lo-backbone-router] specification. 1410 In the context of the the TimeSlotted Channel Hopping (TSCH) mode of 1411 IEEE Std. 802.15.4 [IEEEstd802154], the "6TiSCH architecture" 1412 [I-D.ietf-6tisch-architecture] introduces how a 6LoWPAN ND host could 1413 connect to the Internet via a RPL mesh Network, but this requires 1414 additions to the 6LOWPAN ND protocol to support mobility and 1415 reachability in a secured and manageable environment. This 1416 specification details the new operations that are required to 1417 implement the 6TiSCH architecture and serves the requirements listed 1418 in Appendix B.2. 1420 The term LLN is used loosely in this specification to cover multiple 1421 types of WLANs and WPANs, including Low-Power Wi-Fi, BLUETOOTH(R) Low 1422 Energy, IEEE Std.802.11AH and IEEE Std.802.15.4 wireless meshes, so 1423 as to address the requirements discussed in Appendix B.3 1425 This specification can be used by any wireless node to associate at 1426 Layer-3 with a 6BBR and register its IPv6 addresses to obtain routing 1427 services including proxy-ND operations over the Backbone, effectively 1428 providing a solution to the requirements expressed in Appendix B.4. 1430 "Efficiency aware IPv6 Neighbor Discovery Optimizations" 1431 [I-D.chakrabarti-nordmark-6man-efficient-nd] suggests that 6LoWPAN ND 1432 [RFC6775] can be extended to other types of links beyond IEEE Std. 1433 802.15.4 for which it was defined. The registration technique is 1434 beneficial when the Link-Layer technique used to carry IPv6 multicast 1435 packets is not sufficiently efficient in terms of delivery ratio or 1436 energy consumption in the end devices, in particular to enable 1437 energy-constrained sleeping nodes. The value of such extension is 1438 especially apparent in the case of mobile wireless nodes, to reduce 1439 the multicast operations that are related to classical ND ([RFC4861], 1440 [RFC4862]) and plague the wireless medium. This serves scalability 1441 requirements listed in Appendix B.6. 1443 Appendix B. Requirements 1445 This section lists requirements that were discussed at 6lo for an 1446 update to 6LoWPAN ND. This specification meets most of them, but 1447 those listed in Appendix B.5 which are deferred to a different 1448 specification such as [I-D.ietf-6lo-ap-nd], and those related to 1449 multicast. 1451 B.1. Requirements Related to Mobility 1453 Due to the unstable nature of LLN links, even in a LLN of immobile 1454 nodes a 6LN may change its point of attachment to a 6LR, say 6LR-a, 1455 and may not be able to notify 6LR-a. Consequently, 6LR-a may still 1456 attract traffic that it cannot deliver any more. When links to a 6LR 1457 change state, there is thus a need to identify stale states in a 6LR 1458 and restore reachability in a timely fashion. 1460 Req1.1: Upon a change of point of attachment, connectivity via a new 1461 6LR MUST be restored timely without the need to de-register from the 1462 previous 6LR. 1464 Req1.2: For that purpose, the protocol MUST enable to differentiate 1465 between multiple registrations from one 6LoWPAN Node and 1466 registrations from different 6LoWPAN Nodes claiming the same address. 1468 Req1.3: Stale states MUST be cleaned up in 6LRs. 1470 Req1.4: A 6LoWPAN Node SHOULD also be capable to register its Address 1471 to multiple 6LRs, and this, concurrently. 1473 B.2. Requirements Related to Routing Protocols 1475 The point of attachment of a 6LN may be a 6LR in an LLN mesh. IPv6 1476 routing in a LLN can be based on RPL, which is the routing protocol 1477 that was defined at the IETF for this particular purpose. Other 1478 routing protocols than RPL are also considered by Standard Defining 1479 Organizations (SDO) on the basis of the expected network 1480 characteristics. It is required that a 6LoWPAN Node attached via ND 1481 to a 6LR would need to participate in the selected routing protocol 1482 to obtain reachability via the 6LR. 1484 Next to the 6LBR unicast address registered by ND, other addresses 1485 including multicast addresses are needed as well. For example a 1486 routing protocol often uses a multicast address to register changes 1487 to established paths. ND needs to register such a multicast address 1488 to enable routing concurrently with discovery. 1490 Multicast is needed for groups. Groups MAY be formed by device type 1491 (e.g. routers, street lamps), location (Geography, RPL sub-tree), or 1492 both. 1494 The Bit Index Explicit Replication (BIER) Architecture 1495 [I-D.ietf-bier-architecture] proposes an optimized technique to 1496 enable multicast in a LLN with a very limited requirement for routing 1497 state in the nodes. 1499 Related requirements are: 1501 Req2.1: The ND registration method SHOULD be extended in such a 1502 fashion that the 6LR MAY advertise the Address of a 6LoWPAN Node over 1503 the selected routing protocol and obtain reachability to that Address 1504 using the selected routing protocol. 1506 Req2.2: Considering RPL, the Address Registration Option that is used 1507 in the ND registration SHOULD be extended to carry enough information 1508 to generate a DAO message as specified in [RFC6550] section 6.4, in 1509 particular the capability to compute a Path Sequence and, as an 1510 option, a RPLInstanceID. 1512 Req2.3: Multicast operations SHOULD be supported and optimized, for 1513 instance using BIER or MPL. Whether ND is appropriate for the 1514 registration to the 6BBR is to be defined, considering the additional 1515 burden of supporting the Multicast Listener Discovery Version 2 1516 [RFC3810] (MLDv2) for IPv6. 1518 B.3. Requirements Related to the Variety of Low-Power Link types 1520 6LoWPAN ND [RFC6775] was defined with a focus on IEEE Std.802.15.4 1521 and in particular the capability to derive a unique Identifier from a 1522 globally unique MAC-64 address. At this point, the 6lo Working Group 1523 is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique 1524 to other link types ITU-T G.9959 [RFC7428], Master-Slave/Token- 1525 Passing [RFC8163], DECT Ultra Low Energy [RFC8105], Near Field 1526 Communication [I-D.ietf-6lo-nfc], IEEE Std. 802.11ah 1527 [I-D.delcarpio-6lo-wlanah], as well as IEEE1901.2 Narrowband 1528 Powerline Communication Networks 1529 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] and BLUETOOTH(R) 1530 Low Energy [RFC7668]. 1532 Related requirements are: 1534 Req3.1: The support of the registration mechanism SHOULD be extended 1535 to more LLN links than IEEE Std.802.15.4, matching at least the LLN 1536 links for which an "IPv6 over foo" specification exists, as well as 1537 Low-Power Wi-Fi. 1539 Req3.2: As part of this extension, a mechanism to compute a unique 1540 Identifier should be provided, with the capability to form a Link- 1541 Local Address that SHOULD be unique at least within the LLN connected 1542 to a 6LBR discovered by ND in each node within the LLN. 1544 Req3.3: The Address Registration Option used in the ND registration 1545 SHOULD be extended to carry the relevant forms of unique Identifier. 1547 Req3.4: The Neighbour Discovery should specify the formation of a 1548 site-local address that follows the security recommendations from 1549 [RFC7217]. 1551 B.4. Requirements Related to Proxy Operations 1553 Duty-cycled devices may not be able to answer themselves to a lookup 1554 from a node that uses classical ND on a Backbone and may need a 1555 proxy. Additionally, the duty-cycled device may need to rely on the 1556 6LBR to perform registration to the 6BBR. 1558 The ND registration method SHOULD defend the addresses of duty-cycled 1559 devices that are sleeping most of the time and not capable to defend 1560 their own Addresses. 1562 Related requirements are: 1564 Req4.1: The registration mechanism SHOULD enable a third party to 1565 proxy register an Address on behalf of a 6LoWPAN node that may be 1566 sleeping or located deeper in an LLN mesh. 1568 Req4.2: The registration mechanism SHOULD be applicable to a duty- 1569 cycled device regardless of the link type, and enable a 6BBR to 1570 operate as a proxy to defend the Registered Addresses on its behalf. 1572 Req4.3: The registration mechanism SHOULD enable long sleep 1573 durations, in the order of multiple days to a month. 1575 B.5. Requirements Related to Security 1577 In order to guarantee the operations of the 6LoWPAN ND flows, the 1578 spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a 1579 node successfully registers an address, 6LoWPAN ND should provide 1580 energy-efficient means for the 6LBR to protect that ownership even 1581 when the node that registered the address is sleeping. 1583 In particular, the 6LR and the 6LBR then should be able to verify 1584 whether a subsequent registration for a given Address comes from the 1585 original node. 1587 In a LLN it makes sense to base security on layer-2 security. During 1588 bootstrap of the LLN, nodes join the network after authorization by a 1589 Joining Assistant (JA) or a Commissioning Tool (CT). After joining 1590 nodes communicate with each other via secured links. The keys for 1591 the layer-2 security are distributed by the JA/CT. The JA/CT can be 1592 part of the LLN or be outside the LLN. In both cases it is needed 1593 that packets are routed between JA/CT and the joining node. 1595 Related requirements are: 1597 Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1598 the 6LR, 6LBR and 6BBR to authenticate and authorize one another for 1599 their respective roles, as well as with the 6LoWPAN Node for the role 1600 of 6LR. 1602 Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1603 the 6LR and the 6LBR to validate new registration of authorized 1604 nodes. Joining of unauthorized nodes MUST be impossible. 1606 Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet 1607 sizes. In particular, the NS, NA, DAR and DAC messages for a re- 1608 registration flow SHOULD NOT exceed 80 octets so as to fit in a 1609 secured IEEE Std.802.15.4 [IEEEstd802154] frame. 1611 Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be 1612 computationally intensive on the LoWPAN Node CPU. When a Key hash 1613 calculation is employed, a mechanism lighter than SHA-1 SHOULD be 1614 preferred. 1616 Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate 1617 SHOULD be minimized. 1619 Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable the 1620 variation of CCM [RFC3610] called CCM* for use at both Layer 2 and 1621 Layer 3, and SHOULD enable the reuse of security code that has to be 1622 present on the device for upper layer security such as TLS. 1624 Req5.7: Public key and signature sizes SHOULD be minimized while 1625 maintaining adequate confidentiality and data origin authentication 1626 for multiple types of applications with various degrees of 1627 criticality. 1629 Req5.8: Routing of packets should continue when links pass from the 1630 unsecured to the secured state. 1632 Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1633 the 6LR and the 6LBR to validate whether a new registration for a 1634 given address corresponds to the same 6LoWPAN Node that registered it 1635 initially, and, if not, determine the rightful owner, and deny or 1636 clean-up the registration that is duplicate. 1638 B.6. Requirements Related to Scalability 1640 Use cases from Automatic Meter Reading (AMR, collection tree 1641 operations) and Advanced Metering Infrastructure (AMI, bi-directional 1642 communication to the meters) indicate the needs for a large number of 1643 LLN nodes pertaining to a single RPL DODAG (e.g. 5000) and connected 1644 to the 6LBR over a large number of LLN hops (e.g. 15). 1646 Related requirements are: 1648 Req6.1: The registration mechanism SHOULD enable a single 6LBR to 1649 register multiple thousands of devices. 1651 Req6.2: The timing of the registration operation should allow for a 1652 large latency such as found in LLNs with ten and more hops. 1654 Authors' Addresses 1656 Pascal Thubert (editor) 1657 Cisco Systems, Inc 1658 Sophia Antipolis 1659 FRANCE 1661 Email: pthubert@cisco.com 1663 Erik Nordmark 1664 Santa Clara, CA 1665 USA 1667 Email: nordmark@sonic.net 1669 Samita Chakrabarti 1670 San Jose, CA 1671 USA 1673 Email: samitac.ietf@gmail.com