idnits 2.17.1 draft-ietf-6lo-rfc6775-update-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 4, 2018) is 2244 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Perlman83' is mentioned on line 1472, but not defined == Missing Reference: 'IEEEstd802154' is mentioned on line 1692, but not defined == Unused Reference: 'RFC4429' is defined on line 1401, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 4919 ** Downref: Normative reference to an Informational RFC: RFC 6606 ** Downref: Normative reference to an Informational RFC: RFC 7102 ** Downref: Normative reference to an Informational RFC: RFC 7228 == Outdated reference: A later version (-23) exists of draft-ietf-6lo-ap-nd-06 == Outdated reference: A later version (-20) exists of draft-ietf-6lo-backbone-router-06 == Outdated reference: A later version (-22) exists of draft-ietf-6lo-nfc-09 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-13 == Outdated reference: A later version (-15) exists of draft-ietf-mboned-ieee802-mcast-problems-01 == Outdated reference: A later version (-18) exists of draft-ietf-roll-efficient-npdao-01 -- Obsolete informational reference (is this intentional?): RFC 4941 (Obsoleted by RFC 8981) Summary: 4 errors (**), 0 flaws (~~), 10 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo P. Thubert, Ed. 3 Internet-Draft Cisco 4 Updates: 6775 (if approved) E. Nordmark 5 Intended status: Standards Track Zededa 6 Expires: September 5, 2018 S. Chakrabarti 7 Verizon 8 C. Perkins 9 Futurewei 10 March 4, 2018 12 Registration Extensions for 6LoWPAN Neighbor Discovery 13 draft-ietf-6lo-rfc6775-update-15 15 Abstract 17 This specification updates RFC 6775 - 6LoWPAN Neighbor Discovery, to 18 clarify the role of the protocol as a registration technique, 19 simplify the registration operation in 6LoWPAN routers, as well as to 20 provide enhancements to the registration capabilities and mobility 21 detection for different network topologies including the backbone 22 routers performing proxy Neighbor Discovery in a low power network. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on September 5, 2018. 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2.1. BCP 14 . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.2. Subset of a 6LoWPAN Glossary . . . . . . . . . . . . . . 3 62 2.3. References . . . . . . . . . . . . . . . . . . . . . . . 4 63 2.4. New Terms . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3. Applicability of Address Registration Options . . . . . . . . 5 65 4. Updating RFC 6775 . . . . . . . . . . . . . . . . . . . . . . 6 66 4.1. Extended Address Registration Option (EARO) . . . . . . . 7 67 4.2. Transaction ID . . . . . . . . . . . . . . . . . . . . . 8 68 4.2.1. Comparing TID values . . . . . . . . . . . . . . . . 9 69 4.3. Registration Ownership Verifier . . . . . . . . . . . . . 10 70 4.4. Extended Duplicate Address Messages . . . . . . . . . . . 11 71 4.5. Registering the Target Address . . . . . . . . . . . . . 12 72 4.6. Link-Local Addresses and Registration . . . . . . . . . . 12 73 4.7. Maintaining the Registration States . . . . . . . . . . . 14 74 5. Detecting Enhanced ARO Capability Support . . . . . . . . . . 15 75 6. Extended ND Options And Messages . . . . . . . . . . . . . . 16 76 6.1. Extended Address Registration Option (EARO) . . . . . . . 16 77 6.2. Extended Duplicate Address Message Formats . . . . . . . 18 78 6.3. New 6LoWPAN Capability Bits in the Capability Indication 79 Option . . . . . . . . . . . . . . . . . . . . . . . . . 19 80 7. Backward Compatibility . . . . . . . . . . . . . . . . . . . 20 81 7.1. Discovering the Capabilities of an ND Peer . . . . . . . 20 82 7.2. RFC6775-only 6LoWPAN Node . . . . . . . . . . . . . . . . 21 83 7.3. RFC6775-only 6LoWPAN Router . . . . . . . . . . . . . . . 21 84 7.4. RFC6775-only 6LoWPAN Border Router . . . . . . . . . . . 22 85 8. Security Considerations . . . . . . . . . . . . . . . . . . . 22 86 9. Privacy Considerations . . . . . . . . . . . . . . . . . . . 23 87 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 88 10.1. ARO Flags . . . . . . . . . . . . . . . . . . . . . . . 24 89 10.2. ICMP Codes . . . . . . . . . . . . . . . . . . . . . . . 25 90 10.3. New ARO Status values . . . . . . . . . . . . . . . . . 26 91 10.4. New 6LoWPAN capability Bits . . . . . . . . . . . . . . 26 92 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 93 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 94 12.1. Normative References . . . . . . . . . . . . . . . . . . 27 95 12.2. Informative References . . . . . . . . . . . . . . . . . 29 96 12.3. External Informative References . . . . . . . . . . . . 32 98 Appendix A. Applicability and Requirements Served (Not 99 Normative) . . . . . . . . . . . . . . . . . . . . . 32 100 Appendix B. Requirements (Not Normative) . . . . . . . . . . . . 33 101 B.1. Requirements Related to Mobility . . . . . . . . . . . . 33 102 B.2. Requirements Related to Routing Protocols . . . . . . . . 34 103 B.3. Requirements Related to the Variety of Low-Power Link 104 types . . . . . . . . . . . . . . . . . . . . . . . . . . 35 105 B.4. Requirements Related to Proxy Operations . . . . . . . . 35 106 B.5. Requirements Related to Security . . . . . . . . . . . . 36 107 B.6. Requirements Related to Scalability . . . . . . . . . . . 37 108 B.7. Requirements Related to Operations and Management . . . . 38 109 B.8. Matching Requirements with Specifications . . . . . . . . 38 110 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40 112 1. Introduction 114 The scope of this draft is an IPv6 Low Power Network including star 115 and mesh topologies. This specification modifies and extends the 116 behavior and protocol elements of "Neighbor Discovery Optimization 117 for IPv6 over Low-Power Wireless Personal Area Networks" (6LoWPAN ND) 118 [RFC6775] to enable additional capabilities and enhancements 119 including: 121 o determining the freshest location in case of mobility (TID) 122 o Simplifying the registration flow for Link-Local Addresses 123 o Support of a Leaf Node in a Route-Over network 124 o Proxy registration in a Route-Over network 125 o Registration to a IPv6 ND proxy over a Backbone Link (6BBR) 126 o Clarification of support for privacy and temporary addresses 128 2. Terminology 130 2.1. BCP 14 132 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 133 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 134 "OPTIONAL" in this document are to be interpreted as described in BCP 135 14 [RFC2119][RFC8174] when, and only when, they appear in all 136 capitals, as shown here. 138 2.2. Subset of a 6LoWPAN Glossary 140 This document often uses the following acronyms: 142 6BBR: 6LoWPAN Backbone Router (proxy for the registration) 143 6LBR: 6LoWPAN Border Router (authoritative on DAD) 144 6LN: 6LoWPAN Node 145 6LR: 6LoWPAN Router (relay to the registration process) 146 6CIO: Capability Indication Option 147 (E)ARO: (Extended) Address Registration Option 148 DAD: Duplicate Address Detection 149 LLN: Low Power Lossy Network (a typical IoT network) 150 NA: Neighbor Advertisement 151 NCE: Neighbor Cache Entry 152 ND: Neighbor Discovery 153 NDP: Neighbor Discovery Protocol 154 NS: Neighbor Solicitation 155 ROVR: Registration Ownership Verifier 156 TSCH: TimeSlotted Channel Hopping 157 TID: Transaction ID (a sequence counter in the EARO) 159 2.3. References 161 The Terminology used in this document is consistent with and 162 incorporates that described in Terms Used in Routing for Low-Power 163 and Lossy Networks (LLNs). [RFC7102]. 165 Other terms in use in LLNs are found in Terminology for Constrained- 166 Node Networks [RFC7228]. 168 Readers are expected to be familiar with all the terms and concepts 169 that are discussed in 171 o "Neighbor Discovery for IP version 6" [RFC4861], 172 o "IPv6 Stateless Address Autoconfiguration" [RFC4862], 173 o "Problem Statement and Requirements for IPv6 over Low-Power 174 Wireless Personal Area Network (6LoWPAN) Routing" [RFC6606], 175 o "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 176 Overview, Assumptions, Problem Statement, and Goals" [RFC4919] and 177 o "Neighbor Discovery Optimization for Low-power and Lossy Networks" 178 [RFC6775]. 180 2.4. New Terms 182 This specification introduces the following terminology: 184 Backbone Link: An IPv6 transit link that interconnects two or more 185 Backbone Routers. It is expected to be of high speed compared 186 to the LLN in order to carry the traffic that is required to 187 federate multiple segments of the potentially large LLN into a 188 single IPv6 subnet. 189 Backbone Router: A logical network function in an IPv6 router that 190 federates a LLN over a Backbone Link. In order to do so, the 191 Backbone Router (6BBR) proxies the 6LoWPAN ND operations 192 detailed in this document onto the matching operations that run 193 over the backbone, typically IPv6 ND. Note that 6BBR is a 194 logical function, just like 6LR and 6LBR, and that the same 195 physical router may operate all three. 196 Extended LLN: Multiple LLNs as defined in [RFC6550], interconnected 197 by a Backbone Link via Backbone Routers, and forming a single 198 IPv6 MultiLink Subnet. 199 Registration: The process during which a 6LN registers an IPv6 200 Address with a 6LR in order to obtain services such as DAD and 201 routing back. Duding that flow, the 6LBR may serve as proxy 202 for the registration of the 6LN to the 6BBR so the 6BBR can 203 provide IPv6 ND proxy services over the Backbone. 204 Binding: The association between an IP address, a MAC address, a 205 port, and other information about the node that owns the IP 206 Address. 207 Registered Node: The 6LN for which the registration is performed, 208 and which owns the fields in the Extended ARO option. 209 Registering Node: The node that performs the registration; this may 210 be the Registered Node, or a proxy such as a 6LBR performing a 211 registration to a 6BBR, on behalf of the Registered Node. 212 Registered Address: An address owned by the Registered Node that was 213 or is being registered. 214 RFC6775-only: Applied to a type of node or a type of message, this 215 adjective indicates a behavior that is strictly as specified by 216 [RFC6775] as opposed to updated with this specification. 217 updated: Qualifies a 6LN, a 6LR or a 6LBR that supports this 218 specification. 220 3. Applicability of Address Registration Options 222 The purpose of the Address Registration Option (ARO) in [RFC6775] is 223 to facilitate duplicate address detection (DAD) for hosts as well as 224 to populate Neighbor Cache Entries (NCEs) [RFC4861] in the routers. 225 This reduces the reliance on multicast operations, which are often as 226 intrusive as broadcast, in IPv6 ND operations. 228 With this specification, a failed or useless registration can be 229 detected by a 6LR or a 6LBR for reasons other than address 230 duplication. Examples include: the router having run out of space; a 231 registration bearing a stale sequence number perhaps denoting a 232 movement of the host after the registration was placed; a host 233 misbehaving and attempting to register an invalid address such as the 234 unspecified address [RFC4291]; or a host using an address that is not 235 topologically correct on that link. 237 In such cases the host will receive an error to help diagnose the 238 issue and may retry, possibly with a different address, and possibly 239 registering to a different router, depending on the returned error. 240 The ability to return errors to address registrations is not intended 241 to be used to restrict the ability of hosts to form and use multiple 242 addresses. Rather, the intention is to conform to "Host Address 243 Availability Recommendations" [RFC7934]. 245 In particular, the freedom to form and register addresses is needed 246 for enhanced privacy; each host may register a number of addresses 247 using mechanisms such as "Privacy Extensions for Stateless Address 248 Autoconfiguration (SLAAC) in IPv6" [RFC4941]. 250 In IPv6 ND [RFC4861], a router needs enough storage to hold NCEs for 251 all the addresses to which it can currently forward packets. A 252 router using the Address Registration mechanism also needs enough 253 storage to hold NCEs for all the addresses that may be registered to 254 it, regardless of whether or not they are actively communicating. 255 The number of registrations supported by a 6LoWPAN Router (6LR) or 256 6LoWPAN Border Router (6LBR) MUST be clearly documented by the vendor 257 and the dynamic use of associated resources SHOULD be made available 258 to the network operator, e.g. to a management console. 260 A network administrator MUST deploy updated 6LR/6LBRs to support the 261 number and type of devices in their network, based on the number of 262 IPv6 addresses that those devices require and their address renewal 263 rate and behavior. 265 4. Updating RFC 6775 267 This specification introduces the Extended Address Registration 268 Option (EARO) based on the ARO as defined [RFC6775]. A "T" flag is 269 added to indicate that a new field, the Transaction ID (TID) is 270 populated. The "T" flag MUST be set in NS messages when this 271 specification is used, and echoed in NA messages to confirm that the 272 protocol is supported. The EUI-64 field is overloaded to carry 273 different types of information and its size may be increased when 274 backward compatibility is not an issue. 276 The extensions to the ARO option are used in the Duplicate Address 277 messages, the Duplicate Address Request (DAR) and Duplicate Address 278 Confirmation (DAC), so as to convey the additional information all 279 the way to the 6LBR. In turn the 6LBR may proxy the registration 280 using IPv6 ND over a Backbone Link as illustrated in Figure 1. Note 281 that this specification avoids the Duplicate Address message flow for 282 Link-Local Addresses in a Route-Over [RFC6606] topology. 284 6LN 6LR 6LBR 6BBR 285 | | | | 286 | NS(EARO) | | | 287 |--------------->| | | 288 | | Extended DAR | | 289 | |-------------->| | 290 | | | | 291 | | | proxy NS(EARO) | 292 | | |--------------->| 293 | | | | NS(DAD) 294 | | | | ------> 295 | | | | 296 | | | | 297 | | | proxy NA(EARO) | 298 | | |<---------------| 299 | | Extended DAC | | 300 | |<--------------| | 301 | NA(EARO) | | | 302 |<---------------| | | 303 | | | | 305 Figure 1: (Re-)Registration Flow 307 In order to support various types of link layers, it is RECOMMENDED 308 to allow multiple registrations, including for privacy / temporary 309 addresses. It is also RECOMMENDED to provide new mechanisms to help 310 clean up stale registration state as soon as possible. 312 Section 5 of [RFC6775] specifies how a 6LN bootstraps an interface 313 and locates available 6LRs. A Registering Node SHOULD prefer 314 registering to a 6LR that is found to support this specification, as 315 discussed in Section 5, over an RFC6775-only one and MUST operate in 316 a backward compatible fashion when attaching to an RFC6775-only 6LR. 318 4.1. Extended Address Registration Option (EARO) 320 The Extended ARO (EARO) replaces the ARO and is backward compatible 321 with the ARO if and only if the Length of the option is set to 2. 322 Its format is presented in Section 6.1. More details on backward 323 compatibility can be found in Section 7. 325 The semantics of the Neighbor Solicitation (NS) and the ARO are 326 modified as follows: 328 o The address that is being registered with a NS with an EARO is now 329 the Target Address, as opposed to the Source Address as specified 330 in [RFC6775] (see Section 4.5). This change enables a 6LBR to use 331 one of its addresses as source of the proxy-registration of an 332 address that belongs to a LLN Node to a 6BBR. This also limits 333 the use of an address as source address before it is registered 334 and the associated DAD process is complete. 335 o The EUI-64 field in the ARO Option is renamed Registration 336 Ownership Verifier (ROVR) and is not required to be derived from a 337 MAC address (see Section 4.3). 338 o The option Length MAY be different than 2 and take a value between 339 3 and 5, in which case the EARO is not backward compatible with an 340 ARO. The increase of size corresponds to a larger ROVR field, so 341 the size of the ROVR is inferred from the option Length. 342 o This document specifies a new flag in the EARO, the 'R' flag, used 343 by a 6LN, when registering, to indicate that this 6LN is not a 344 router and that it will not handle its own reachability. If the 345 'R' flag is set, the registering node expects that the 6LR ensures 346 reachability for the registered address by means of routing or 347 proxying ND. A host MUST set the 'R' flag. When not set, the 'R' 348 flag indicates that the Registering Node is a router, which for 349 instance participates to a Route-Over routing protocol such as the 350 IPv6 Routing Protocol for Low-Power and Lossy Networks [RFC6550] 351 (RPL), and that it will take care of injecting its Address over 352 the routing protocol by itself. A router SHOULD NOT set the 'R' 353 flag; if it does, routes towards the router may be installed on 354 its behalf and may interfere with those it injects. 355 o The specification introduces a Transaction ID (TID) field in the 356 EARO (see Section 4.2). The TID MUST be provided by a node that 357 supports this specification and a new "T" flag MUST be set to 358 indicate so. 359 o Finally, this specification introduces new status codes to help 360 diagnose the cause of a registration failure (see Table 1). 362 4.2. Transaction ID 364 The TID is a sequence number that is incremented by the 6LN with each 365 re-registration to a 6LR. The TID is used to detect the freshness of 366 the registration request and to detect one single registration by 367 multiple 6LoWPAN border routers (e.g., 6LBRs and 6BBRs) supporting 368 the same 6LoWPAN. The TID may also be used by the network to route 369 to the current (freshest known) location of a moving node by spotting 370 the most recent TID. 372 When a Registered Node is registered with multiple 6BBRs in parallel, 373 the same TID MUST be used. This enables the 6BBRs to determine that 374 the registrations are the same, and distinguish that situation from a 375 movement (see section 4 of [I-D.ietf-6lo-backbone-router] and 376 Section 4.7 below). 378 4.2.1. Comparing TID values 380 The TID is a sequence counter and its operation is the exact match of 381 the path sequence specified in RPL, the IPv6 Routing Protocol for 382 Low-Power and Lossy Networks [RFC6550] specification. 384 In order to keep this document self-contained and yet compatible, the 385 text below is an exact copy from section 7.2. "Sequence Counter 386 Operation" of [RFC6550]. 388 A TID is deemed to be fresher than another when its value is greater 389 per the operations detailed in this section. 391 The TID range is subdivided in a 'lollipop' fashion ([Perlman83]), 392 where the values from 128 and greater are used as a linear sequence 393 to indicate a restart and bootstrap the counter, and the values less 394 than or equal to 127 used as a circular sequence number space of size 395 128 as in [RFC1982]. Consideration is given to the mode of operation 396 when transitioning from the linear region to the circular region. 397 Finally, when operating in the circular region, if sequence numbers 398 are detected to be too far apart then they are not comparable, as 399 detailed below. 401 A window of comparison, SEQUENCE_WINDOW = 16, is configured based on 402 a value of 2^N, where N is defined to be 4 in this specification. 404 For a given sequence counter, 406 1. The sequence counter SHOULD be initialized to an implementation 407 defined value which is 128 or greater prior to use. A 408 recommended value is 240 (256 - SEQUENCE_WINDOW). 409 2. When a sequence counter increment would cause the sequence 410 counter to increment beyond its maximum value, the sequence 411 counter MUST wrap back to zero. When incrementing a sequence 412 counter greater than or equal to 128, the maximum value is 255. 413 When incrementing a sequence counter less than 128, the maximum 414 value is 127. 415 3. When comparing two sequence counters, the following rules MUST be 416 applied: 418 1. When a first sequence counter A is in the interval [128..255] 419 and a second sequence counter B is in [0..127]: 421 1. If (256 + B - A) is less than or equal to 422 SEQUENCE_WINDOW, then B is greater than A, A is less than 423 B, and the two are not equal. 425 2. If (256 + B - A) is greater than SEQUENCE_WINDOW, then A 426 is greater than B, B is less than A, and the two are not 427 equal. 429 For example, if A is 240, and B is 5, then (256 + 5 - 240) is 430 21. 21 is greater than SEQUENCE_WINDOW (16), thus 240 is 431 greater than 5. As another example, if A is 250 and B is 5, 432 then (256 + 5 - 250) is 11. 11 is less than SEQUENCE_WINDOW 433 (16), thus 250 is less than 5. 434 2. In the case where both sequence counters to be compared are 435 less than or equal to 127, and in the case where both 436 sequence counters to be compared are greater than or equal to 437 128: 439 1. If the absolute magnitude of difference between the two 440 sequence counters is less than or equal to 441 SEQUENCE_WINDOW, then a comparison as described in 442 [RFC1982] is used to determine the relationships greater 443 than, less than, and equal. 444 2. If the absolute magnitude of difference of the two 445 sequence counters is greater than SEQUENCE_WINDOW, then a 446 desynchronization has occurred and the two sequence 447 numbers are not comparable. 448 4. If two sequence numbers are determined to be not comparable, i.e. 449 the results of the comparison are not defined, then a node should 450 give precedence to the sequence number that was most recently 451 incremented. Failing this, the node should select the sequence 452 number in order to minimize the resulting changes to its own 453 state. 455 4.3. Registration Ownership Verifier 457 The ROVR field generalizes the EUI-64 field of the ARO defined in 458 [RFC6775]. It is scoped to a registration and enables recognize and 459 block a tentative to register a duplicate address, which is 460 characterized by a different ROVR in the conflicting registrations It 461 can also be used to protect the ownership of a Registered Address, if 462 the proof-of-ownership of the ROVR can be obtained (more in 463 Section 4.6). 465 The ROVR is allowed to be of different types, as ong as the type is 466 signaled in the message that carries the new type. For instance, the 467 type can be a cryptographic string and used to prove the ownership of 468 the registration as discussed in "Address Protected Neighbor 469 Discovery for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd]. In 470 order to support the flows related to the proof-of-ownership, this 471 specification introduces new status codes "Validation Requested" and 472 "Validation Failed" in the EARO. 474 Note on ROVR collision: different techniques for forming the ROVR 475 will operate in different name-spaces. [RFC6775] operates on EUI-64 476 addresses. [I-D.ietf-6lo-ap-nd] generates cryptographic tokens. 477 While collisions are not expected in the EUI-64 name-space only, they 478 may happen in the case of [I-D.ietf-6lo-ap-nd] and in a mixed 479 situation. An implementation that understands the name-space MUST 480 consider that ROVRs from different name-spaces are different even if 481 they have the same value. An RFC6775-only will confuse the name- 482 spaces, which slightly increases the risk of a ROVR collision. A 483 collision of ROVR has no effect if the two Registering Nodes register 484 different addresses, since the ROVR is only significant within the 485 context of one registration. A ROVR is not expected to be unique to 486 one registration, as this specification allows a node to use the same 487 ROVR to register multiple IPv6 addresses. This is why the ROVR MUST 488 NOT be used as a key to identify the Registering Node, or as an index 489 to the registration. It is only used as a match to ensure that the 490 node that updates a registration for an IPv6 address is the node that 491 made the original registration for that IPv6 address. Also, when the 492 ROVR is not an EUI-64 address, then it MUST NOT be used as the 493 interface ID of the Registered Address. This way, a registration 494 that uses that ROVR will not collision with that of an IPv6 Address 495 derived from EUI-64 and using the EUI-64 as ROVR per [RFC6775]. 497 The Registering Node SHOULD store the ROVR, or enough information to 498 regenerate it, in persistent memory. If this is not done and an 499 event such as a reboot causes a loss of memory, re-registering the 500 same address could be impossible until the 6LRs and the 6LBR time out 501 the previous registration, or a management action is taken to clear 502 the relevant state in the network. 504 4.4. Extended Duplicate Address Messages 506 In order to map the new EARO content in the Extended Duplicate 507 Address (EDA) messages, a new TID field is added to the Extended DAR 508 (EDAR) and the Extended DAC (EDAC) messages as a replacement of a 509 Reserved field, and a non-null value of the ICMP Code indicates 510 support for this specification. The format of the EDA messages is 511 presented in Section 6.2. 513 As for the EARO, the Extended Duplicate Address messages are backward 514 compatible with the RFC6775-only versions as long as the ROVR field 515 is 64 bits long. Remarks concerning backwards compatibility for the 516 protocol between the 6LN and the 6LR apply similarly between a 6LR 517 and a 6LBR. 519 4.5. Registering the Target Address 521 The Registering Node is the node that performs the registration to 522 the 6BBR. As in [RFC6775], it may be the Registered Node as well, in 523 which case it registers one of its own addresses, and indicates its 524 own MAC Address as Source Link Layer Address (SLLA) in the NS(EARO). 526 This specification adds the capability to proxy the registration 527 operation on behalf of a Registered Node that is reachable over a LLN 528 mesh. In that case, if the Registered Node is reachable from the 529 6BBR over a Mesh-Under mesh, the Registering Node indicates the MAC 530 Address of the Registered Node as the SLLA in the NS(EARO). If the 531 Registered Node is reachable over a Route-Over mesh from the 532 Registering Node, the SLLA in the NS(ARO) is that of the Registering 533 Node. This enables the Registering Node to attract the packets from 534 the 6BBR and route them over the LLN to the Registered Node. 536 In order to enable the latter operation, this specification changes 537 the behavior of the 6LN and the 6LR so that the Registered Address is 538 found in the Target Address field of the NS and NA messages as 539 opposed to the Source Address. With this convention, a TLLA option 540 indicates the link-layer address of the 6LN that owns the address. 542 The Registering Node expects packets for the 6LN. Therefore, it MUST 543 place its own Link Layer Address in the SLLA Option that MUST always 544 be placed in a registration NS(EARO) message. This maintains 545 compatibility with RFC6775-only 6LoWPAN ND [RFC6775]. 547 4.6. Link-Local Addresses and Registration 549 Considering that LLN nodes are often not wired and may move, there is 550 no guarantee that a Link-Local Address stays unique between a 551 potentially variable and unbounded set of neighboring nodes. 553 Compared to [RFC6775], this specification only requires that a Link- 554 Local Address is unique from the perspective of the two nodes that 555 use it to communicate (e.g., the 6LN and the 6LR in an NS/NA 556 exchange). This simplifies the DAD process in a Route-Over topology 557 for Link-Local Addresses, by avoiding an exchange of EDA messages 558 between the 6LR and a 6LBR for those addresses. 560 In more details: 562 An exchange between two nodes using Link-Local Addresses implies that 563 they are reachable over one hop. A node MUST register a Link-Local 564 Address to a 6LR in order to obtain reachability from that 6LR beyond 565 the current exchange, and in particular to use the Link-Local Address 566 as source address to register other addresses, e.g., global 567 addresses. 569 If there is no collision with an address previously registered to 570 this 6LR by another 6LN, then the Link-Local Address is unique from 571 the standpoint of this 6LR and the registration is not a duplicate. 572 Alternatively, two different 6LRs might expose the same Link-Local 573 Address but different link-layer addresses. In that case, a 6LN MUST 574 only interact with at most one of the 6LRs. 576 The DAD process between the 6LR and a 6LBR, which is based on an 577 exchange of EDA messages, does not need to take place for Link-Local 578 Addresses. 580 When registering to a 6LR that conforms to this specification, a node 581 MUST use a Link-Local Address as the source address of the 582 registration, whatever the type of IPv6 address that is being 583 registered. That Link-Local Address MUST be either an address that 584 is already registered to the 6LR, or the address that is being 585 registered. 587 When a Registering Node does not have an already-registered Address, 588 it MUST register a Link-Local Address, using it as both the Source 589 and the Target Address of an NS(EARO) message. In that case, it is 590 RECOMMENDED to use a Link-Local Address that is (expected to be) 591 globally unique, e.g., derived from a globally unique EUI-64 address. 592 An EARO in the response NA indicates that the 6LR supports this 593 specification. 595 Since there is no exchange of EDA messages for Link-Local Addresses, 596 the 6LR may answer immediately to the registration of a Link-Local 597 Address, based solely on its existing state and the Source Link-Layer 598 Option that is placed in the NS(EARO) message as required in 599 [RFC6775]. 601 A node needs to register its IPv6 Global Unicast IPv6 Addresses 602 (GUAs) to a 6LR in order to establish global reachability for these 603 addresses via that 6LR. When registering with an updated 6LR, a 604 Registering Node does not use a GUA as Source Address, in contrast to 605 a node that complies to [RFC6775]. For non-Link-Local Addresses, the 606 exchange of EDA messages MUST conform to [RFC6775], but the extended 607 formats described in this specification for the DAR and the DAC are 608 used to relay the extended information in the case of an EARO. 610 4.7. Maintaining the Registration States 612 This section discusses protocol actions that involve the Registering 613 Node, the 6LR and the 6LBR. It must be noted that the portion that 614 deals with a 6LBR only applies to those addresses that are registered 615 to it; as discussed in Section 4.6, this is not the case for Link- 616 Local Addresses. The registration state includes all data that is 617 stored in the router relative to that registration, in particular, 618 but not limited to, an NCE. 6LBRs and 6BBRs may store additional 619 registration information in more complex abstract data structures and 620 use protocols that are out of scope of this document to keep them 621 synchronized when they are distributed. 623 When its resource available to store registration states are 624 exhausted, a 6LR cannot accept a new registration. In that 625 situation, the EARO is returned in a NA message with a Status Code of 626 "Neighbor Cache Full", and the Registering Node may attempt to 627 register to another 6LR. 629 If the registry in the 6LBR is saturated, then the 6LBR cannot decide 630 whether a registration for a new address is a duplicate. In that 631 case, the 6LBR replies to a EDAR message with an EDAC message that 632 carries a new Status Code indicating "6LBR Registry saturated" 633 Table 1. Note: this code is used by 6LBRs instead of "Neighbor Cache 634 Full" when responding to a Duplicate Address message exchange and is 635 passed on to the Registering Node by the 6LR. There is no point for 636 the node to retry this registration immediately via another 6LR, 637 since the problem is global to the network. The node may either 638 abandon that address, de-register other addresses first to make room, 639 or keep the address in TENTATIVE state and retry later. 641 A node renews an existing registration by sending a new NS(EARO) 642 message for the Registered Address. In order to refresh the 643 registration state in the 6LBR, the registration MUST be reported to 644 the 6LBR. 646 A node that ceases to use an address SHOULD attempt to de-register 647 that address from all the 6LRs to which it has registered the 648 address. This is achieved using an NS(EARO) message with a 649 Registration Lifetime of 0. If this is not done, a state will remain 650 in the network for its Lifetime. 652 A node that moves away from a particular 6LR SHOULD attempt to de- 653 register all of its addresses registered to that 6LR and register to 654 a new 6LR with an incremented TID. When/if the node shows up 655 elsewhere, an asynchronous NA(EARO) or EDAC message with a Status 656 Code of "Moved" SHOULD be used to clean up the state in the previous 657 location. For instance, as described in 659 [I-D.ietf-6lo-backbone-router], the "Moved" status can be used by a 660 6BBR in an NA(EARO) message to indicate that the ownership of the 661 proxy state on the Backbone Link was transferred to another 6BBR, as 662 the consequence of a movement of the device. If the receiver of the 663 message has a state corresponding to the related address, it SHOULD 664 propagate the status down the forwarding path to the Registered node 665 (e.g., reversing an existing RPL [RFC6550] path as prescribed in 666 [I-D.ietf-roll-efficient-npdao]). Whether it could or not do so, the 667 receiver MUST clean up the said state. 669 Upon receiving an NS(EARO) message with a Registration Lifetime of 0 670 and determining that this EARO is the freshest for a given NCE (see 671 Section 4.2), a 6LR cleans up its NCE. If the address was registered 672 to the 6LBR, then the 6LR MUST report to the 6LBR, through a 673 Duplicate Address exchange with the 6LBR, indicating the null 674 Registration Lifetime and the latest TID that this 6LR is aware of. 676 Upon receiving the EDAR message, the 6LBR evaluates if this is the 677 most recent TID it has received for that particular registry entry. 678 If so, then the EDAR is answered with an EDAC message bearing a 679 Status of "Success" and the entry is scheduled to be removed. 680 Otherwise, a Status Code of "Moved" is returned instead, and the 681 existing entry is maintained. 683 When an address is scheduled to be removed, the 6LBR SHOULD keep its 684 entry in a DELAY state for a configurable period of time, so as to 685 protect a mobile node that de-registered from one 6LR and did not 686 register yet to a new one, or the new registration did not reach yet 687 the 6LBR due to propagation delays in the network. Once the DELAY 688 time is passed, the 6LBR silently removes its entry. 690 5. Detecting Enhanced ARO Capability Support 692 The "Generic Header Compression for IPv6 over 6LoWPANs" [RFC7400] 693 introduces the 6LoWPAN Capability Indication Option (6CIO) to 694 indicate a node's capabilities to its peers. The 6CIO MUST be 695 present in Router Advertisement (RA) messages, unless the 696 capabilities of the 6LR are already known by the 6LN. This can be 697 determined by the 6LR if there is an existing registration in place 698 for the 6LN that is based on EARO. This can also be implicit, or 699 configured in all nodes in a network. 701 Section 6.3 defines a new flag for the 6CIO to signal support for 702 EARO by the issuer of the message, and Section 7.1 specifies how the 703 flag is to be used. A similar flag indicates the support of EDA 704 messages by the 6LBR - note that other information on the 6LBR is 705 found in a separate Authoritative Border Router Option (ABRO) that 706 MUST also be present in RA messages [RFC6775]. New flags are also 707 added to signal the router's capability to act as a 6LR, 6LBR and 708 6BBR (see Section 6.3). 710 6. Extended ND Options And Messages 712 This specification does not introduce new options, but it modifies 713 existing ones and updates the associated behaviors as specified in 714 the following subsections. 716 6.1. Extended Address Registration Option (EARO) 718 The Address Registration Option (ARO) is defined in section 4.1 of 719 [RFC6775]. 721 The Extended Address Registration Option (EARO) replaces the ARO used 722 within Neighbor Discovery NS and NA messages between a 6LN and its 723 6LR. Similarly, the EDA messages, EDAR and EDAC, replace the DAR and 724 DAC messages so as to transport the new information between 6LRs and 725 6LBRs across LLN meshes such as 6TiSCH networks. 727 An NS message with an EARO is a registration if and only if it also 728 carries an SLLA Option. The EARO also used in NS and NA messages 729 between Backbone Routers [I-D.ietf-6lo-backbone-router] over the 730 Backbone Link to sort out the distributed registration state; in that 731 case, it does not carry the SLLA Option and is not confused with a 732 registration. 734 When using the EARO, the address being registered is found in the 735 Target Address field of the NS and NA messages. 737 The EARO extends the ARO and is indicated by the "T" flag set. The 738 format of the EARO is as follows: 740 0 1 2 3 741 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 742 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 743 | Type | Length | Status | Reserved | 744 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 745 | Reserved |R|T| TID | Registration Lifetime | 746 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 747 | | 748 + Registration Ownership Verifier + 749 | | 750 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 752 Figure 2: EARO 754 Option Fields 755 Type: 33 756 Length: 8-bit unsigned integer. The length of the option in 757 units of 8 bytes. It MUST be 2 when operating in 758 backward-compatible mode. It MAY be 3, 4 or 5, 759 denoting a ROVR size of 128, 192 and 256 bits 760 respectively. 761 Status: 8-bit unsigned integer. Indicates the status of a 762 registration in the NA response. MUST be set to 0 in 763 NS messages. See Table 1 below. 765 +-------+-----------------------------------------------------------+ 766 | Value | Description | 767 +-------+-----------------------------------------------------------+ 768 | 0..2 | See [RFC6775]. Note: a Status of 1 "Duplicate Address" | 769 | | applies to the Registered Address. If the Source Address | 770 | | conflicts with an existing registration, "Duplicate | 771 | | Source Address" MUST be used. | 772 | | | 773 | 3 | Moved: The registration failed because it is not the | 774 | | freshest. This Status indicates that the registration is | 775 | | rejected because another more recent registration was | 776 | | done, as indicated by a same ROVR and a more recent TID. | 777 | | One possible cause is a stale registration that has | 778 | | progressed slowly in the network and was passed by a more | 779 | | recent one. It could also indicate a ROVR collision. | 780 | | | 781 | 4 | Removed: The binding state was removed. This may be | 782 | | placed in an asynchronous NS(ARO) message, or as the | 783 | | rejection of a proxy registration to a Backbone Router | 784 | | | 785 | 5 | Validation Requested: The Registering Node is challenged | 786 | | for owning the Registered Address or for being an | 787 | | acceptable proxy for the registration. This Status is | 788 | | expected in asynchronous messages from a registrar (6LR, | 789 | | 6LBR, 6BBR) to indicate that the registration state is | 790 | | removed, for instance due to a movement of the device. | 791 | | | 792 | 6 | Duplicate Source Address: The address used as source of | 793 | | the NS(ARO) conflicts with an existing registration. | 794 | | | 795 | 7 | Invalid Source Address: The address used as source of the | 796 | | NS(ARO) is not a Link-Local Address as prescribed by this | 797 | | document. | 798 | | | 799 | 8 | Registered Address topologically incorrect: The address | 800 | | being registered is not usable on this link, e.g., it is | 801 | | not topologically correct | 802 | | | 803 | 9 | 6LBR Registry saturated: A new registration cannot be | 804 | | accepted because the 6LBR Registry is saturated. Note: | 805 | | this code is used by 6LBRs instead of Status 2 when | 806 | | responding to a Duplicate Address message exchange and is | 807 | | passed on to the Registering Node by the 6LR. | 808 | | | 809 | 10 | Validation Failed: The proof of ownership of the | 810 | | registered address is not correct. | 811 +-------+-----------------------------------------------------------+ 813 Table 1: EARO Status 815 Reserved: This field is unused. It MUST be initialized to zero 816 by the sender and MUST be ignored by the receiver. 817 R: If the 'R' flag is set, the registering node expects 818 that the 6LR ensures reachability for the registered 819 address, e.g. by injecting the address in a Route- 820 Over routing protocol or proxying ND over a Backbone 821 Link. 822 T: One bit flag. Set if the next octet is used as a 823 TID. 824 TID: 1-byte integer; a transaction id that is maintained 825 by the node and incremented with each transaction. 826 Registration Lifetime: 16-bit integer; expressed in minutes. 0 827 means that the registration has ended and the 828 associated state MUST be removed. 829 Registration Ownership Verifier (ROVR): Enables to correlate 830 multiple registrations for a same IPv6 Address. This 831 can be a unique ID of the Registering Node, such as 832 the EUI-64 address of an interface. This can also be 833 a token obtained with cryptographic methods and used 834 as proof of ownership of the registration. The scope 835 of a ROVR is one registration and it cannot be used 836 to correlate different registrations. 838 6.2. Extended Duplicate Address Message Formats 840 The DAR and DAC messages are defined in section 4.4 of [RFC6775]. 841 Those messages follow a common base format, which enables information 842 from the ARO to be transported over multiple hops. 844 Those messages are extended to adapt to the new EARO format, as 845 follows: 847 0 1 2 3 848 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 849 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 850 | Type | Code | Checksum | 851 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 852 | Status | TID | Registration Lifetime | 853 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 854 | | 855 + Registration Ownership Verifier + 856 | | 857 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 858 | | 859 + + 860 | | 861 + Registered Address + 862 | | 863 + + 864 | | 865 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 867 Figure 3: Duplicate Address Messages Format 869 Modified Message Fields 871 Code: The ICMP Code as defined in [RFC4443]. The ICMP Code 872 MUST be set to 1 with this specification. An odd 873 value of the ICMP Code indicates that the TID field 874 is present and obeys this specification. 875 TID: 1-byte integer; same definition and processing as the 876 TID in the EARO as defined in Section 6.1. 877 Registration Ownership Verifier (ROVR): The size of the ROVR is 878 computed from the overall size of the IPv6 packet. 879 It MUST be 64bits long when operating in backward- 880 compatible mode. This field has the same definition 881 and processing as the ROVR in the EARO option as 882 defined in Section 6.1. 884 6.3. New 6LoWPAN Capability Bits in the Capability Indication Option 886 This specification defines 5 new capability bits for use in the 6CIO, 887 which was introduced by [RFC7400] for use in IPv6 ND RA messages. 889 This specification introduces the "E" flag to indicate that extended 890 ARO can be used in a registration. A 6LR that supports this 891 specification MUST set the "E" flag. 893 A similar flag "D" indicates the support of Extended Duplicate 894 Address Messages by the 6LBR; A 6LBR that supports this specification 895 MUST set the "D" flag. The "D" flag is learned from advertisements 896 by a 6LBR, and is propagated down a graph of 6LRs as a node acting as 897 6LN registers to a 6LR (which could be the 6LBR), and in turn becomes 898 a 6LR to which other 6LNs will register. 900 The new "L", "B" and "P" flags, indicate whether a router is capable 901 of acting as 6LR, 6LBR and 6BBR, respectively. These flags are not 902 mutually exclusive and a node MUST set all the flags that are 903 relevant to it. 905 As an example, a 6LBR sets the "B" and "D" flags. If it acts as a 906 6LR, then it sets the "L" and "E" flags. If it is collocated with a 907 6BBR, then it also sets the "P" flag. 909 0 1 2 3 910 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 911 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 912 | Type | Length = 1 | Reserved |D|L|B|P|E|G| 913 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 914 | Reserved | 915 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 917 Figure 4: New capability Bits L, B, P, E in the 6CIO 919 Option Fields 921 Type: 36 922 L: Node is a 6LR. 923 B: Node is a 6LBR. 924 P: Node is a 6BBR. 925 E: Node supports registrations based on EARO. 926 D: 6LBR supports EDA messages. 928 7. Backward Compatibility 930 7.1. Discovering the Capabilities of an ND Peer 932 A 6LR that supports this specification MUST place a 6CIO in its RA 933 messages. A typical flow when a node starts up is that it sends a 934 multicast RS and receives one or more unicast RA messages. If the 935 6LR can process Extended ARO, then the "E" Flag is set in the RA. 937 This specification changes the behavior of the peers in a 938 registration flow. To enable backward compatibility, a 6LN that 939 registers to a 6LR that is not known to support this specification 940 MUST behave in a manner that is compatible with [RFC6775]. On the 941 contrary, if the 6LR is known to support this specification, then the 942 6LN MUST conform this specification. 944 A 6LN that supports this specification MUST always use an EARO as a 945 replacement to an ARO in its registration to a router. This is 946 harmless since the "T" flag and TID field are reserved in [RFC6775], 947 and are ignored by an RFC6775-only router. A router that supports 948 this specification MUST answer an NS(ARO) and an NS(EARO) with an 949 NA(EARO). A router that does not support this specification will 950 consider the ROVR as an EUI-64 and treat it the same, which has no 951 consequence if the Registered Addresses are different. 953 7.2. RFC6775-only 6LoWPAN Node 955 an RFC6775-only 6LN will use the Registered Address as source and 956 will not use an EARO. An updated 6LR MUST accept that registration 957 if it is valid per [RFC6775], and it MUST manage the binding cache 958 accordingly. The updated 6LR MUST then use the RFC6775-only EDA 959 messages as specified in [RFC6775] to indicate to the 6LBR that the 960 TID is not present in the messages. 962 The main difference from [RFC6775] is that the exchange of EDA 963 messages for the purpose of DAD is avoided for Link-Local Addresses. 964 In any case, the 6LR MUST use an EARO in the reply, and can use any 965 of the Status codes defined in this specification. 967 7.3. RFC6775-only 6LoWPAN Router 969 An updated 6LN discovers the capabilities of the 6LR in the 6CIO in 970 RA messages from that 6LR; if the 6CIO was not present in the RA, 971 then the 6LR is assumed to be a RFC6775-only 6LoWPAN Router. 973 An updated 6LN MUST use an EARO in the request regardless of the type 974 of 6LR, RFC6775-only or updated, which implies that the "T" flag is 975 set. It MUST use a ROVR of 64 bits if the 6LR is an RFC6775-only 976 6LoWPAN Router. 978 If an updated 6LN moves from an updated 6LR to an RFC6775-only 6LR, 979 the RFC6775-only 6LR will send an RFC6775-only DAR message, which can 980 not be compared with an updated one for freshness. Allowing 981 RFC6775-only DAR messages to replace a state established by the 982 updated protocol in the 6LBR would be an attack vector and that 983 cannot be the default behavior. But if RFC6775-only and updated 6LRs 984 coexist temporarily in a network, then it makes sense for an 985 administrator to install a policy that allows so, and the capability 986 to install such a policy should be configurable in a 6LBR though it 987 is out of scope for this document. 989 7.4. RFC6775-only 6LoWPAN Border Router 991 With this specification, the Duplicate Address messages are extended 992 to transport the EARO information. Similarly to the NS/NA exchange, 993 an updated 6LBR MUST always use the EDA messages. 995 Note that an RFC6775-only 6LBR will accept and process an EDAR 996 message as if it were an RFC6775-only DAR, as long as the ROVR is 64 997 bits long. An updated 6LR discovers the capabilities of the 6LBR in 998 the 6CIO in RA messages from the 6LR; if the 6CIO was not present in 999 any RA, then the 6LBR si assumed to be a RFC6775-only 6LoWPAN Border 1000 Router. 1002 If the 6LBR is RFC6775-only, and the ROVR in the NS(EARO) was more 1003 than 64 bits long, then the 6LR MUST truncate the ROVR to the 64 1004 rightmost bit and place the result in the EDAR message to maintain 1005 compatibility. This way, the support of DAD is preserved. 1007 8. Security Considerations 1009 This specification extends [RFC6775], and the security section of 1010 that document also applies to this as well. In particular, it is 1011 expected that the link layer is sufficiently protected to prevent a 1012 rogue access, either by means of physical or IP security on the 1013 Backbone Link and link layer cryptography on the LLN. 1015 This specification also expects that the LLN MAC provides secure 1016 unicast to/from the Backbone Router and secure Broadcast or Multicast 1017 from the Backbone Router in a way that prevents tampering with or 1018 replaying the RA messages. 1020 This specification recommends using privacy techniques (see 1021 Section 9), and protection against address theft such as provided by 1022 "Address Protected Neighbor Discovery for Low-power and Lossy 1023 Networks" [I-D.ietf-6lo-ap-nd], which guarantees the ownership of the 1024 Registered Address using a cryptographic ROVR. 1026 The registration mechanism may be used by a rogue node to attack the 1027 6LR or the 6LBR with a Denial-of-Service attack against the registry. 1028 It may also happen that the registry of a 6LR or a 6LBR is saturated 1029 and cannot take any more registrations, which effectively denies the 1030 requesting node the capability to use a new address. In order to 1031 alleviate those concerns, Section 4.7 provides a number of 1032 recommendations that ensure that a stale registration is removed as 1033 soon as possible from the 6LR and 6LBR. In particular, this 1034 specification recommends that: 1036 o A node that ceases to use an address SHOULD attempt to de-register 1037 that address from all the 6LRs to which it is registered. See 1038 Section 4.2 for the mechanism to avoid replay attacks and avoiding 1039 the use of stale registration information. 1040 o The Registration lifetimes SHOULD be individually configurable for 1041 each address or group of addresses. The nodes SHOULD be 1042 configured with a Registration Lifetime that reflects their 1043 expectation of how long they will use the address with the 6LR to 1044 which it is registered. In particular, use cases that involve 1045 mobility or rapid address changes SHOULD use lifetimes that are 1046 larger yet of a same order as the duration of the expectation of 1047 presence. 1048 o The router (6LR or 6LBR) SHOULD be configurable so as to limit the 1049 number of addresses that can be registered by a single node, but 1050 as a protective measure only. A node may be identified by MAC 1051 address, but a stringer identification (e.g., by security 1052 credentials) is RECOMMENDED. When that maximum is reached, the 1053 router should use a Least-Recently-Used (LRU) algorithm to clean 1054 up the addresses, keeping at least one Link-Local Address. The 1055 router SHOULD attempt to keep one or more stable addresses if 1056 stability can be determined, e.g., because they are used over a 1057 much longer time span than other (privacy, shorter-lived) 1058 addresses. Address lifetimes SHOULD be individually configurable. 1059 o In order to avoid denial of registration for the lack of 1060 resources, administrators should take great care to deploy 1061 adequate numbers of 6LRs to cover the needs of the nodes in their 1062 range, so as to avoid a situation of starving nodes. It is 1063 expected that the 6LBR that serves a LLN is a more capable node 1064 then the average 6LR, but in a network condition where it may 1065 become saturated, a particular deployment should distribute the 1066 6LBR functionality, for instance by leveraging a high speed 1067 Backbone Link and Backbone Routers to aggregate multiple LLNs into 1068 a larger subnet. 1070 The LLN nodes depend on the 6LBR and the 6BBR for their operation. A 1071 trust model must be put in place to ensure that the right devices are 1072 acting in these roles, so as to avoid threats such as black-holing, 1073 or bombing attack whereby an impersonated 6LBR would destroy state in 1074 the network by using the "Removed" Status code. This trust model 1075 could be at a minimum based on a Layer-2 access control, or could 1076 provide role validation as well (see Req5.1 in Appendix B.5). 1078 9. Privacy Considerations 1080 As indicated in Section 3, this protocol does not aim at limiting the 1081 number of IPv6 addresses that a device can form and if placed, a 1082 limit should be a protective measure only, that is high enough not to 1083 interfere with the normal behavior of devices in the network. A host 1084 should be able to form and register any address that is topologically 1085 correct in the subnet(s) advertised by the 6LR/6LBR. 1087 This specification does not mandate any particular way for forming 1088 IPv6 addresses, but it discourages using EUI-64 for forming the 1089 Interface ID in the Link-Local Address because this method prevents 1090 the usage of "SEcure Neighbor Discovery (SEND)" [RFC3971] and 1091 "Cryptographically Generated Addresses (CGA)" [RFC3972], and that of 1092 address privacy techniques. 1094 "Privacy Considerations for IPv6 Adaptation-Layer Mechanisms" 1095 [RFC8065] explains why privacy is important and how to form privacy- 1096 aware addresses. All implementations and deployment must consider 1097 the option of privacy addresses in their own environment. 1099 The IPv6 address of the 6LN in the IPv6 header can be compressed 1100 statelessly when the Interface Identifier in the IPv6 address can be 1101 derived from the Lower Layer address. When it is not critical to 1102 benefit from that compression, e.g. the address can be compressed 1103 statefully, or it is rarely used and/or it is used only over one hop, 1104 then privacy concerns should be considered. In particular, new 1105 implementations should follow the IETF "Recommendation on Stable IPv6 1106 Interface Identifiers" [RFC8064] [RFC8064] recommends the use of "A 1107 Method for Generating Semantically Opaque Interface Identifiers with 1108 IPv6 Stateless Address Autoconfiguration (SLAAC)" [RFC7217] for 1109 generating Interface Identifiers to be used in SLAAC. 1111 10. IANA Considerations 1113 Note to RFC Editor: please replace "This RFC" throughout this 1114 document by the RFC number for this specification once it is 1115 attributed. 1117 IANA is requested to make a number of changes under the "Internet 1118 Control Message Protocol version 6 (ICMPv6) Parameters" registry, as 1119 follows. 1121 10.1. ARO Flags 1123 IANA is requested to create a new subregistry for "ARO Flags". This 1124 specification defines 8 positions, bit 0 to bit 7, and assigns bit 7 1125 for the "T" flag in Section 6.1. The policy is "IETF Review" or 1126 "IESG Approval" [RFC8126]. The initial content of the registry is as 1127 shown in Table 2. 1129 New subregistry for ARO Flags under the "Internet Control Message 1130 Protocol version 6 (ICMPv6) [RFC4443] Parameters" 1132 +-------------+--------------+-----------+ 1133 | ARO Status | Description | Document | 1134 +-------------+--------------+-----------+ 1135 | 0..6 | Unassigned | | 1136 | | | | 1137 | 7 | "T" Flag | This RFC | 1138 +-------------+--------------+-----------+ 1140 Table 2: new ARO Flags 1142 10.2. ICMP Codes 1144 IANA is requested to create a new entry in the ICMPv6 "Code" Fields 1145 subregistry of the Internet Control Message Protocol version 6 1146 (ICMPv6) Parameters for the ICMP codes related to the ICMP type 157 1147 and 158 Duplicate Address Request (shown in Table 3) and Confirmation 1148 (shown in Table 4), respectively, as follows: 1150 New entries for ICMP types 157 DAR message 1152 +-------+----------------------+------------+ 1153 | Code | Name | Reference | 1154 +-------+----------------------+------------+ 1155 | 0 | Original DAR message | RFC 6775 | 1156 | | | | 1157 | 1 | Extended DAR message | This RFC | 1158 +-------+----------------------+------------+ 1160 Table 3: new ICMPv6 Code Fields 1162 New entries for ICMP types 158 DAC message 1164 +-------+----------------------+------------+ 1165 | Code | Name | Reference | 1166 +-------+----------------------+------------+ 1167 | 0 | Original DAC message | RFC 6775 | 1168 | | | | 1169 | 1 | Extended DAC message | This RFC | 1170 +-------+----------------------+------------+ 1172 Table 4: new ICMPv6 Code Fields 1174 10.3. New ARO Status values 1176 IANA is requested to make additions to the Address Registration 1177 Option Status Values Registry as follows: 1179 Address Registration Option Status Values Registry 1181 +-------------+-----------------------------------------+-----------+ 1182 | ARO Status | Description | Document | 1183 +-------------+-----------------------------------------+-----------+ 1184 | 3 | Moved | This RFC | 1185 | | | | 1186 | 4 | Removed | This RFC | 1187 | | | | 1188 | 5 | Validation Requested | This RFC | 1189 | | | | 1190 | 6 | Duplicate Source Address | This RFC | 1191 | | | | 1192 | 7 | Invalid Source Address | This RFC | 1193 | | | | 1194 | 8 | Registered Address topologically | This RFC | 1195 | | incorrect | | 1196 | | | | 1197 | 9 | 6LBR registry saturated | This RFC | 1198 | | | | 1199 | 10 | Validation Failed | This RFC | 1200 +-------------+-----------------------------------------+-----------+ 1202 Table 5: New ARO Status values 1204 10.4. New 6LoWPAN capability Bits 1206 IANA is requested to make additions to the Subregistry for "6LoWPAN 1207 capability Bits" as follows: 1209 Subregistry for "6LoWPAN capability Bits" under the "Internet Control 1210 Message Protocol version 6 (ICMPv6) Parameters" 1212 +-----------------+----------------------+-----------+ 1213 | Capability Bit | Description | Document | 1214 +-----------------+----------------------+-----------+ 1215 | 10 | EDA Support (D bit) | This RFC | 1216 | | | | 1217 | 11 | 6LR capable (L bit) | This RFC | 1218 | | | | 1219 | 12 | 6LBR capable (B bit) | This RFC | 1220 | | | | 1221 | 13 | 6BBR capable (P bit) | This RFC | 1222 | | | | 1223 | 14 | EARO support (E bit) | This RFC | 1224 +-----------------+----------------------+-----------+ 1226 Table 6: New 6LoWPAN capability Bits 1228 11. Acknowledgments 1230 Kudos to Eric Levy-Abegnoli who designed the First Hop Security 1231 infrastructure upon which the first backbone router was implemented. 1232 Many thanks to Sedat Gormus, Rahul Jadhav, Tim Chown, Juergen 1233 Schoenwaelder, Chris Lonvick, Dave Thaler and Lorenzo Colitti for 1234 their various contributions and reviews. Also many thanks to Thomas 1235 Watteyne for his early implementation of a 6LN that was instrumental 1236 to the early tests of the 6LR, 6LBR and Backbone Router. 1238 12. References 1240 12.1. Normative References 1242 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1243 Requirement Levels", BCP 14, RFC 2119, 1244 DOI 10.17487/RFC2119, March 1997, 1245 . 1247 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1248 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 1249 2006, . 1251 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 1252 Control Message Protocol (ICMPv6) for the Internet 1253 Protocol Version 6 (IPv6) Specification", STD 89, 1254 RFC 4443, DOI 10.17487/RFC4443, March 2006, 1255 . 1257 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1258 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1259 DOI 10.17487/RFC4861, September 2007, 1260 . 1262 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1263 Address Autoconfiguration", RFC 4862, 1264 DOI 10.17487/RFC4862, September 2007, 1265 . 1267 [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 1268 over Low-Power Wireless Personal Area Networks (6LoWPANs): 1269 Overview, Assumptions, Problem Statement, and Goals", 1270 RFC 4919, DOI 10.17487/RFC4919, August 2007, 1271 . 1273 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 1274 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 1275 DOI 10.17487/RFC6282, September 2011, 1276 . 1278 [RFC6606] Kim, E., Kaspar, D., Gomez, C., and C. Bormann, "Problem 1279 Statement and Requirements for IPv6 over Low-Power 1280 Wireless Personal Area Network (6LoWPAN) Routing", 1281 RFC 6606, DOI 10.17487/RFC6606, May 2012, 1282 . 1284 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1285 Bormann, "Neighbor Discovery Optimization for IPv6 over 1286 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1287 RFC 6775, DOI 10.17487/RFC6775, November 2012, 1288 . 1290 [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and 1291 Lossy Networks", RFC 7102, DOI 10.17487/RFC7102, January 1292 2014, . 1294 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for 1295 Constrained-Node Networks", RFC 7228, 1296 DOI 10.17487/RFC7228, May 2014, 1297 . 1299 [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for 1300 IPv6 over Low-Power Wireless Personal Area Networks 1301 (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 1302 2014, . 1304 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1305 Writing an IANA Considerations Section in RFCs", BCP 26, 1306 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1307 . 1309 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1310 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1311 May 2017, . 1313 12.2. Informative References 1315 [I-D.chakrabarti-nordmark-6man-efficient-nd] 1316 Chakrabarti, S., Nordmark, E., Thubert, P., and M. 1317 Wasserman, "IPv6 Neighbor Discovery Optimizations for 1318 Wired and Wireless Networks", draft-chakrabarti-nordmark- 1319 6man-efficient-nd-07 (work in progress), February 2015. 1321 [I-D.delcarpio-6lo-wlanah] 1322 Vega, L., Robles, I., and R. Morabito, "IPv6 over 1323 802.11ah", draft-delcarpio-6lo-wlanah-01 (work in 1324 progress), October 2015. 1326 [I-D.ietf-6lo-ap-nd] 1327 Thubert, P., Sarikaya, B., and M. Sethi, "Address 1328 Protected Neighbor Discovery for Low-power and Lossy 1329 Networks", draft-ietf-6lo-ap-nd-06 (work in progress), 1330 February 2018. 1332 [I-D.ietf-6lo-backbone-router] 1333 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 1334 backbone-router-06 (work in progress), February 2018. 1336 [I-D.ietf-6lo-nfc] 1337 Choi, Y., Hong, Y., Youn, J., Kim, D., and J. Choi, 1338 "Transmission of IPv6 Packets over Near Field 1339 Communication", draft-ietf-6lo-nfc-09 (work in progress), 1340 January 2018. 1342 [I-D.ietf-6tisch-architecture] 1343 Thubert, P., "An Architecture for IPv6 over the TSCH mode 1344 of IEEE 802.15.4", draft-ietf-6tisch-architecture-13 (work 1345 in progress), November 2017. 1347 [I-D.ietf-mboned-ieee802-mcast-problems] 1348 Perkins, C., McBride, M., Stanley, D., Kumari, W., and J. 1349 Zuniga, "Multicast Considerations over IEEE 802 Wireless 1350 Media", draft-ietf-mboned-ieee802-mcast-problems-01 (work 1351 in progress), February 2018. 1353 [I-D.ietf-roll-efficient-npdao] 1354 Jadhav, R., Sahoo, R., and Z. Cao, "No-Path DAO 1355 modifications", draft-ietf-roll-efficient-npdao-01 (work 1356 in progress), October 2017. 1358 [I-D.perkins-intarea-multicast-ieee802] 1359 Perkins, C., Stanley, D., Kumari, W., and J. Zuniga, 1360 "Multicast Considerations over IEEE 802 Wireless Media", 1361 draft-perkins-intarea-multicast-ieee802-03 (work in 1362 progress), July 2017. 1364 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] 1365 Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets 1366 over IEEE 1901.2 Narrowband Powerline Communication 1367 Networks", draft-popa-6lo-6loplc-ipv6-over- 1368 ieee19012-networks-00 (work in progress), March 2014. 1370 [I-D.struik-lwip-curve-representations] 1371 Struik, R., "Alternative Elliptic Curve Representations", 1372 draft-struik-lwip-curve-representations-00 (work in 1373 progress), October 2017. 1375 [RFC1958] Carpenter, B., Ed., "Architectural Principles of the 1376 Internet", RFC 1958, DOI 10.17487/RFC1958, June 1996, 1377 . 1379 [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1380 DOI 10.17487/RFC1982, August 1996, 1381 . 1383 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with 1384 CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September 1385 2003, . 1387 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 1388 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 1389 DOI 10.17487/RFC3810, June 2004, 1390 . 1392 [RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander, 1393 "SEcure Neighbor Discovery (SEND)", RFC 3971, 1394 DOI 10.17487/RFC3971, March 2005, 1395 . 1397 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 1398 RFC 3972, DOI 10.17487/RFC3972, March 2005, 1399 . 1401 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 1402 for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006, 1403 . 1405 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 1406 Extensions for Stateless Address Autoconfiguration in 1407 IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, 1408 . 1410 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1411 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1412 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1413 Low-Power and Lossy Networks", RFC 6550, 1414 DOI 10.17487/RFC6550, March 2012, 1415 . 1417 [RFC7217] Gont, F., "A Method for Generating Semantically Opaque 1418 Interface Identifiers with IPv6 Stateless Address 1419 Autoconfiguration (SLAAC)", RFC 7217, 1420 DOI 10.17487/RFC7217, April 2014, 1421 . 1423 [RFC7428] Brandt, A. and J. Buron, "Transmission of IPv6 Packets 1424 over ITU-T G.9959 Networks", RFC 7428, 1425 DOI 10.17487/RFC7428, February 2015, 1426 . 1428 [RFC7668] Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 1429 Shelby, Z., and C. Gomez, "IPv6 over BLUETOOTH(R) Low 1430 Energy", RFC 7668, DOI 10.17487/RFC7668, October 2015, 1431 . 1433 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 1434 "Host Address Availability Recommendations", BCP 204, 1435 RFC 7934, DOI 10.17487/RFC7934, July 2016, 1436 . 1438 [RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu, 1439 "Recommendation on Stable IPv6 Interface Identifiers", 1440 RFC 8064, DOI 10.17487/RFC8064, February 2017, 1441 . 1443 [RFC8065] Thaler, D., "Privacy Considerations for IPv6 Adaptation- 1444 Layer Mechanisms", RFC 8065, DOI 10.17487/RFC8065, 1445 February 2017, . 1447 [RFC8105] Mariager, P., Petersen, J., Ed., Shelby, Z., Van de Logt, 1448 M., and D. Barthel, "Transmission of IPv6 Packets over 1449 Digital Enhanced Cordless Telecommunications (DECT) Ultra 1450 Low Energy (ULE)", RFC 8105, DOI 10.17487/RFC8105, May 1451 2017, . 1453 [RFC8163] Lynn, K., Ed., Martocci, J., Neilson, C., and S. 1454 Donaldson, "Transmission of IPv6 over Master-Slave/Token- 1455 Passing (MS/TP) Networks", RFC 8163, DOI 10.17487/RFC8163, 1456 May 2017, . 1458 [RFC8279] Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., 1459 Przygienda, T., and S. Aldrin, "Multicast Using Bit Index 1460 Explicit Replication (BIER)", RFC 8279, 1461 DOI 10.17487/RFC8279, November 2017, 1462 . 1464 12.3. External Informative References 1466 [IEEEstd802154] 1467 IEEE, "IEEE Standard for Low-Rate Wireless Networks", 1468 IEEE Standard 802.15.4, DOI 10.1109/IEEE 1469 P802.15.4-REVd/D01, June 2017, 1470 . 1472 [Perlman83] 1473 Perlman, R., "Fault-Tolerant Broadcast of Routing 1474 Information", North-Holland Computer Networks 7: 395-405, 1475 1983, . 1478 Appendix A. Applicability and Requirements Served (Not Normative) 1480 This specification extends 6LoWPAN ND to provide a sequence number to 1481 the registration and serves the requirements expressed in 1482 Appendix B.1 by enabling the mobility of devices from one LLN to the 1483 next based on the complementary work in the "IPv6 Backbone Router" 1484 [I-D.ietf-6lo-backbone-router] specification. 1486 In the context of the TimeSlotted Channel Hopping (TSCH) mode of IEEE 1487 Std. 802.15.4 [IEEEstd802154], the "6TiSCH architecture" 1488 [I-D.ietf-6tisch-architecture] introduces how a 6LoWPAN ND host could 1489 connect to the Internet via a RPL mesh Network, but this requires 1490 additions to the 6LoWPAN ND protocol to support mobility and 1491 reachability in a secured and manageable environment. This 1492 specification details the new operations that are required to 1493 implement the 6TiSCH architecture and serves the requirements listed 1494 in Appendix B.2. 1496 The term LLN is used loosely in this specification to cover multiple 1497 types of WLANs and WPANs, including Low-Power Wi-Fi, BLUETOOTH(R) Low 1498 Energy, IEEE Std.802.11AH and IEEE Std.802.15.4 wireless meshes, so 1499 as to address the requirements discussed in Appendix B.3. 1501 This specification can be used by any wireless node to associate at 1502 Layer-3 with a 6BBR and register its IPv6 addresses to obtain routing 1503 services including proxy-ND operations over a Backbone Link, 1504 effectively providing a solution to the requirements expressed in 1505 Appendix B.4. 1507 This specification is extended by "Address Protected Neighbor 1508 Discovery for Low-power and Lossy Networks" [I-D.ietf-6lo-ap-nd] to 1509 providing a solution to some of the security-related requirements 1510 expressed in Appendix B.5. 1512 "Efficiency aware IPv6 Neighbor Discovery Optimizations" 1513 [I-D.chakrabarti-nordmark-6man-efficient-nd] suggests that 6LoWPAN ND 1514 [RFC6775] can be extended to other types of links beyond IEEE Std. 1515 802.15.4 for which it was defined. The registration technique is 1516 beneficial when the Link-Layer technique used to carry IPv6 multicast 1517 packets is not sufficiently efficient in terms of delivery ratio or 1518 energy consumption in the end devices, in particular to enable 1519 energy-constrained sleeping nodes. The value of such extension is 1520 especially apparent in the case of mobile wireless nodes, to reduce 1521 the multicast operations that are related to IPv6 ND ([RFC4861], 1522 [RFC4862]) and affect the operation of the wireless medium 1523 [I-D.ietf-mboned-ieee802-mcast-problems] 1524 [I-D.perkins-intarea-multicast-ieee802]. This serves the scalability 1525 requirements listed in Appendix B.6. 1527 Appendix B. Requirements (Not Normative) 1529 This section lists requirements that were discussed at 6lo for an 1530 update to 6LoWPAN ND. How those requirements are matched with 1531 existing specifications at the time of this writing is shown in 1532 Appendix B.8 . 1534 B.1. Requirements Related to Mobility 1536 Due to the unstable nature of LLN links, even in a LLN of immobile 1537 nodes a 6LN may change its point of attachment to a 6LR, say 6LR-a, 1538 and may not be able to notify 6LR-a. Consequently, 6LR-a may still 1539 attract traffic that it cannot deliver any more. When links to a 6LR 1540 change state, there is thus a need to identify stale states in a 6LR 1541 and restore reachability in a timely fashion. 1543 Req1.1: Upon a change of point of attachment, connectivity via a new 1544 6LR MUST be restored in a timely fashion without the need to de- 1545 register from the previous 6LR. 1547 Req1.2: For that purpose, the protocol MUST enable differentiating 1548 between multiple registrations from one 6LoWPAN Node and 1549 registrations from different 6LoWPAN Nodes claiming the same address. 1551 Req1.3: Stale states MUST be cleaned up in 6LRs. 1553 Req1.4: A 6LoWPAN Node SHOULD also be able to register its Address 1554 concurrently to multiple 6LRs. 1556 B.2. Requirements Related to Routing Protocols 1558 The point of attachment of a 6LN may be a 6LR in an LLN mesh. IPv6 1559 routing in a LLN can be based on RPL, which is the routing protocol 1560 that was defined at the IETF for this particular purpose. Other 1561 routing protocols are also considered by Standard Development 1562 Organizations (SDO) on the basis of the expected network 1563 characteristics. It is required that a 6LoWPAN Node attached via ND 1564 to a 6LR would need to participate in the selected routing protocol 1565 to obtain reachability via the 6LR. 1567 Next to the 6LBR unicast address registered by ND, other addresses 1568 including multicast addresses are needed as well. For example a 1569 routing protocol often uses a multicast address to register changes 1570 to established paths. ND needs to register such a multicast address 1571 to enable routing concurrently with discovery. 1573 Multicast is needed for groups. Groups may be formed by device type 1574 (e.g., routers, street lamps), location (Geography, RPL sub-tree), or 1575 both. 1577 The Bit Index Explicit Replication (BIER) Architecture [RFC8279] 1578 proposes an optimized technique to enable multicast in a LLN with a 1579 very limited requirement for routing state in the nodes. 1581 Related requirements are: 1583 Req2.1: The ND registration method SHOULD be extended so that the 6LR 1584 is able to advertise the Address of a 6LoWPAN Node over the selected 1585 routing protocol and obtain reachability to that Address using the 1586 selected routing protocol. 1588 Req2.2: Considering RPL, the Address Registration Option that is used 1589 in the ND registration SHOULD be extended to carry enough information 1590 to generate a DAO message as specified in [RFC6550] section 6.4, in 1591 particular the capability to compute a Path Sequence and, as an 1592 option, a RPLInstanceID. 1594 Req2.3: Multicast operations SHOULD be supported and optimized, for 1595 instance using BIER or MPL. Whether ND is appropriate for the 1596 registration to the 6BBR is to be defined, considering the additional 1597 burden of supporting the Multicast Listener Discovery Version 2 1598 [RFC3810] (MLDv2) for IPv6. 1600 B.3. Requirements Related to the Variety of Low-Power Link types 1602 6LoWPAN ND [RFC6775] was defined with a focus on IEEE Std.802.15.4 1603 and in particular the capability to derive a unique Identifier from a 1604 globally unique EUI-64 address. At this point, the 6lo Working Group 1605 is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique 1606 to other link types ITU-T G.9959 [RFC7428], Master-Slave/Token- 1607 Passing [RFC8163], DECT Ultra Low Energy [RFC8105], Near Field 1608 Communication [I-D.ietf-6lo-nfc], IEEE Std. 802.11ah 1609 [I-D.delcarpio-6lo-wlanah], as well as IEEE1901.2 Narrowband 1610 Powerline Communication Networks 1611 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] and BLUETOOTH(R) 1612 Low Energy [RFC7668]. 1614 Related requirements are: 1616 Req3.1: The support of the registration mechanism SHOULD be extended 1617 to more LLN links than IEEE Std.802.15.4, matching at least the LLN 1618 links for which an "IPv6 over foo" specification exists, as well as 1619 Low-Power Wi-Fi. 1621 Req3.2: As part of this extension, a mechanism to compute a unique 1622 Identifier should be provided, with the capability to form a Link- 1623 Local Address that SHOULD be unique at least within the LLN connected 1624 to a 6LBR discovered by ND in each node within the LLN. 1626 Req3.3: The Address Registration Option used in the ND registration 1627 SHOULD be extended to carry the relevant forms of unique Identifier. 1629 Req3.4: The Neighbor Discovery should specify the formation of a 1630 site-local address that follows the security recommendations from 1631 [RFC7217]. 1633 B.4. Requirements Related to Proxy Operations 1635 Duty-cycled devices may not be able to answer themselves to a lookup 1636 from a node that uses IPv6 ND on a Backbone Link and may need a 1637 proxy. Additionally, the duty-cycled device may need to rely on the 1638 6LBR to perform registration to the 6BBR. 1640 The ND registration method SHOULD defend the addresses of duty-cycled 1641 devices that are sleeping most of the time and not capable to defend 1642 their own Addresses. 1644 Related requirements are: 1646 Req4.1: The registration mechanism SHOULD enable a third party to 1647 proxy register an Address on behalf of a 6LoWPAN node that may be 1648 sleeping or located deeper in an LLN mesh. 1650 Req4.2: The registration mechanism SHOULD be applicable to a duty- 1651 cycled device regardless of the link type, and enable a 6BBR to 1652 operate as a proxy to defend the Registered Addresses on its behalf. 1654 Req4.3: The registration mechanism SHOULD enable long sleep 1655 durations, in the order of multiple days to a month. 1657 B.5. Requirements Related to Security 1659 In order to guarantee the operations of the 6LoWPAN ND flows, the 1660 spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a 1661 node successfully registers an address, 6LoWPAN ND should provide 1662 energy-efficient means for the 6LBR to protect that ownership even 1663 when the node that registered the address is sleeping. 1665 In particular, the 6LR and the 6LBR then should be able to verify 1666 whether a subsequent registration for a given address comes from the 1667 original node. 1669 In an LLN it makes sense to base security on layer-2 security. 1670 During bootstrap of the LLN, nodes join the network after 1671 authorization by a Joining Assistant (JA) or a Commissioning Tool 1672 (CT). After joining nodes communicate with each other via secured 1673 links. The keys for the layer-2 security are distributed by the JA/ 1674 CT. The JA/CT can be part of the LLN or be outside the LLN. In both 1675 cases it is needed that packets are routed between JA/CT and the 1676 joining node. 1678 Related requirements are: 1680 Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1681 the 6LR, 6LBR and 6BBR to authenticate and authorize one another for 1682 their respective roles, as well as with the 6LoWPAN Node for the role 1683 of 6LR. 1685 Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1686 the 6LR and the 6LBR to validate new registration of authorized 1687 nodes. Joining of unauthorized nodes MUST be prevented. 1689 Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet 1690 sizes. In particular, the NS, NA, DAR and DAC messages for a re- 1691 registration flow SHOULD NOT exceed 80 octets so as to fit in a 1692 secured IEEE Std.802.15.4 [IEEEstd802154] frame. 1694 Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be 1695 computationally intensive on the LoWPAN Node CPU. When a Key hash 1696 calculation is employed, a mechanism lighter than SHA-1 SHOULD be 1697 preferred. 1699 Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate 1700 SHOULD be minimized. 1702 Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable the 1703 variation of CCM [RFC3610] called CCM* for use at both Layer 2 and 1704 Layer 3, and SHOULD enable the reuse of security code that has to be 1705 present on the device for upper layer security such as TLS. 1707 Req5.7: Public key and signature sizes SHOULD be minimized while 1708 maintaining adequate confidentiality and data origin authentication 1709 for multiple types of applications with various degrees of 1710 criticality. 1712 Req5.8: Routing of packets should continue when links pass from the 1713 unsecured to the secured state. 1715 Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for 1716 the 6LR and the 6LBR to validate whether a new registration for a 1717 given address corresponds to the same 6LoWPAN Node that registered it 1718 initially, and, if not, determine the rightful owner, and deny or 1719 clean up the registration that is duplicate. 1721 B.6. Requirements Related to Scalability 1723 Use cases from Automatic Meter Reading (AMR, collection tree 1724 operations) and Advanced Metering Infrastructure (AMI, bi-directional 1725 communication to the meters) indicate the needs for a large number of 1726 LLN nodes pertaining to a single RPL DODAG (e.g., 5000) and connected 1727 to the 6LBR over a large number of LLN hops (e.g., 15). 1729 Related requirements are: 1731 Req6.1: The registration mechanism SHOULD enable a single 6LBR to 1732 register multiple thousands of devices. 1734 Req6.2: The timing of the registration operation should allow for a 1735 large latency such as found in LLNs with ten and more hops. 1737 B.7. Requirements Related to Operations and Management 1739 Section 3.8 of "Architectural Principles of the Internet" [RFC1958] 1740 recommends to : "avoid options and parameters whenever possible. Any 1741 options and parameters should be configured or negotiated dynamically 1742 rather than manually". This is especially true in LLNs where the 1743 number of devices may be large and manual configuration is 1744 infeasible. Capabilities for a dynamic configuration of LLN devices 1745 can also be constrained by the network and power limitation. 1747 A Network Administrator should be able to validate that the network 1748 is operating within capacity, and that in particular a 6LBR does not 1749 get overloaded with an excessive amount of registration, so he can 1750 take actions such as adding a Backbone Link with additional 6LBRs and 1751 6BBRs to his network. 1753 Related requirements are: 1755 Req7.1: A management model SHOULD be provided providing access to the 1756 6LBR, monitor its usage vs. capacity, and alert in case of 1757 congestion. It is recommended that the 6LBR be reachable over a non- 1758 LLN link. 1760 Req7.2: A management model SHOULD be provided providing access to the 1761 6LR and its capacity to host additional NCE. This management model 1762 SHOULD avoid polling individual 6LRs n a way that could disrupt the 1763 operation of the LLN. 1765 Req7.3: information on successful and failed registration SHOULD be 1766 provided, including information such as the ROVR of the 6LN, the 1767 Registered Address, the Address of the 6LR and the duration of the 1768 registration flow. 1770 Req7.4: In case of a failed registration, information on the failure 1771 including the identification of the node that rejected the 1772 registration and the status in the EARO SHOULD be provided. 1774 B.8. Matching Requirements with Specifications 1776 I-drafts/RFCs addressing requirements 1778 +-------------+-----------------------------------------+ 1779 | Requirement | Document | 1780 +-------------+-----------------------------------------+ 1781 | Req1.1 | [I-D.ietf-6lo-backbone-router] | 1782 | | | 1783 | Req1.2 | [RFC6775] | 1784 | | | 1785 | Req1.3 | [RFC6775] | 1786 | | | 1787 | Req1.4 | This RFC | 1788 | | | 1789 | Req2.1 | This RFC | 1790 | | | 1791 | Req2.2 | This RFC | 1792 | | | 1793 | Req2.3 | | 1794 | | | 1795 | Req3.1 | Technology Dependant | 1796 | | | 1797 | Req3.2 | Technology Dependant | 1798 | | | 1799 | Req3.3 | Technology Dependant | 1800 | | | 1801 | Req3.4 | Technology Dependant | 1802 | | | 1803 | Req4.1 | This RFC | 1804 | | | 1805 | Req4.2 | This RFC | 1806 | | | 1807 | Req4.3 | [RFC6775] | 1808 | | | 1809 | Req5.1 | | 1810 | | | 1811 | Req5.2 | [I-D.ietf-6lo-ap-nd] | 1812 | | | 1813 | Req5.3 | | 1814 | | | 1815 | Req5.4 | | 1816 | | | 1817 | Req5.5 | [I-D.ietf-6lo-ap-nd] | 1818 | | | 1819 | Req5.6 | [I-D.struik-lwip-curve-representations] | 1820 | | | 1821 | Req5.7 | [I-D.ietf-6lo-ap-nd] | 1822 | | | 1823 | Req5.8 | | 1824 | | | 1825 | Req5.9 | [I-D.ietf-6lo-ap-nd] | 1826 | | | 1827 | Req6.1 | This RFC | 1828 | | | 1829 | Req6.2 | This RFC | 1830 | | | 1831 | Req7.1 | | 1832 | | | 1833 | Req7.2 | | 1834 | | | 1835 | Req7.3 | | 1836 | | | 1837 | Req7.4 | | 1838 +-------------+-----------------------------------------+ 1840 Table 7: Work Addressing requirements 1842 Authors' Addresses 1844 Pascal Thubert (editor) 1845 Cisco Systems, Inc 1846 Building D (Regus) 45 Allee des Ormes 1847 Mougins - Sophia Antipolis 1848 France 1850 Phone: +33 4 97 23 26 34 1851 Email: pthubert@cisco.com 1853 Erik Nordmark 1854 Zededa 1855 Santa Clara, CA 1856 United States of America 1858 Email: nordmark@sonic.net 1860 Samita Chakrabarti 1861 Verizon 1862 San Jose, CA 1863 United States of America 1865 Email: samitac.ietf@gmail.com 1867 Charles E. Perkins 1868 Futurewei 1869 2330 Central Expressway 1870 Santa Clara 95050 1871 United States of America 1873 Email: charliep@computer.org