idnits 2.17.1
draft-ietf-6tisch-architecture-07.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
No issues found here.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 1558 has weird spacing: '...ssimiti for h...'
== Line 1561 has weird spacing: '... Pister for c...'
== Line 1564 has weird spacing: '...hardson for h...'
== Line 1567 has weird spacing: '... Struik for t...'
== Line 1570 has weird spacing: '...ajosana who l...'
== (1 more instance...)
-- The document date (April 10, 2015) is 3305 days in the past. Is this
intentional?
Checking references for intended status: Proposed Standard
----------------------------------------------------------------------------
(See RFCs 3967 and 4897 for information about using normative references
to lower-maturity documents in RFCs)
== Missing Reference: 'IEEE802.1TSNTG' is mentioned on line 1862, but not
defined
== Missing Reference: 'PCE' is mentioned on line 1882, but not defined
== Missing Reference: 'WirelessHART' is mentioned on line 1888, but not
defined
== Missing Reference: 'IEEE802154e' is mentioned on line 1867, but not
defined
== Missing Reference: 'TEAS' is mentioned on line 1885, but not defined
== Missing Reference: 'CCAMP' is mentioned on line 1852, but not defined
== Missing Reference: 'DICE' is mentioned on line 1855, but not defined
== Missing Reference: 'ACE' is mentioned on line 1848, but not defined
== Missing Reference: 'ISA100' is mentioned on line 1873, but not defined
== Missing Reference: 'HART' is mentioned on line 1858, but not defined
== Outdated reference: A later version (-10) exists of
draft-ietf-6tisch-terminology-04
** Downref: Normative reference to an Informational draft:
draft-ietf-6tisch-terminology (ref. 'I-D.ietf-6tisch-terminology')
** Downref: Normative reference to an Informational draft:
draft-ietf-6tisch-tsch (ref. 'I-D.ietf-6tisch-tsch')
** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200)
== Outdated reference: A later version (-06) exists of
draft-dujovne-6tisch-on-the-fly-05
== Outdated reference: A later version (-08) exists of
draft-finn-detnet-architecture-01
== Outdated reference: A later version (-04) exists of
draft-ietf-6tisch-6top-interface-03
== Outdated reference: A later version (-21) exists of
draft-ietf-6tisch-minimal-06
== Outdated reference: A later version (-04) exists of
draft-svshah-tsvwg-deterministic-forwarding-03
== Outdated reference: A later version (-07) exists of
draft-thubert-6lo-rfc6775-update-reqs-06
== Outdated reference: A later version (-07) exists of
draft-thubert-6lo-routing-dispatch-03
== Outdated reference: A later version (-11) exists of
draft-vanderstok-core-comi-06
== Outdated reference: A later version (-04) exists of
draft-wang-6tisch-6top-sublayer-01
-- Obsolete informational reference (is this intentional?): RFC 6347
(Obsoleted by RFC 9147)
-- Obsolete informational reference (is this intentional?): RFC 6830
(Obsoleted by RFC 9300, RFC 9301)
Summary: 3 errors (**), 0 flaws (~~), 27 warnings (==), 3 comments (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 6TiSCH P. Thubert, Ed.
3 Internet-Draft Cisco
4 Intended status: Standards Track April 10, 2015
5 Expires: October 12, 2015
7 An Architecture for IPv6 over the TSCH mode of IEEE 802.15.4e
8 draft-ietf-6tisch-architecture-07
10 Abstract
12 This document is the first volume of the 6TiSCH architecture of an
13 IPv6 Multi-Link subnet that is composed of a high speed powered
14 backbone and a number of IEEE802.15.4e TSCH low-power wireless
15 networks attached and synchronized by Backbone Routers. The
16 architecture defines mechanisms to establish and maintain routing and
17 scheduling in a centralized, distributed, or mixed fashion.
19 Status of This Memo
21 This Internet-Draft is submitted in full conformance with the
22 provisions of BCP 78 and BCP 79.
24 Internet-Drafts are working documents of the Internet Engineering
25 Task Force (IETF). Note that other groups may also distribute
26 working documents as Internet-Drafts. The list of current Internet-
27 Drafts is at http://datatracker.ietf.org/drafts/current/.
29 Internet-Drafts are draft documents valid for a maximum of six months
30 and may be updated, replaced, or obsoleted by other documents at any
31 time. It is inappropriate to use Internet-Drafts as reference
32 material or to cite them other than as "work in progress."
34 This Internet-Draft will expire on October 12, 2015.
36 Copyright Notice
38 Copyright (c) 2015 IETF Trust and the persons identified as the
39 document authors. All rights reserved.
41 This document is subject to BCP 78 and the IETF Trust's Legal
42 Provisions Relating to IETF Documents
43 (http://trustee.ietf.org/license-info) in effect on the date of
44 publication of this document. Please review these documents
45 carefully, as they describe your rights and restrictions with respect
46 to this document. Code Components extracted from this document must
47 include Simplified BSD License text as described in Section 4.e of
48 the Trust Legal Provisions and are provided without warranty as
49 described in the Simplified BSD License.
51 Table of Contents
53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
54 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
55 3. Applications and Goals . . . . . . . . . . . . . . . . . . . 5
56 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6
57 5. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
58 5.1. Components . . . . . . . . . . . . . . . . . . . . . . . 8
59 5.2. Dependencies . . . . . . . . . . . . . . . . . . . . . . 10
60 6. 6LoWPAN (and RPL) . . . . . . . . . . . . . . . . . . . . . . 10
61 6.1. RPL Leaf Support in 6LoWPAN ND . . . . . . . . . . . . . 12
62 6.2. registration Failures Due to Movement . . . . . . . . . . 13
63 6.3. Proxy registration . . . . . . . . . . . . . . . . . . . 13
64 6.4. Target Registration . . . . . . . . . . . . . . . . . . . 13
65 6.5. RPL root vs. 6LBR . . . . . . . . . . . . . . . . . . . . 14
66 6.6. Securing the Registration . . . . . . . . . . . . . . . . 14
67 7. Communication Paradigms and Interaction Models . . . . . . . 15
68 8. TSCH and 6top . . . . . . . . . . . . . . . . . . . . . . . . 16
69 8.1. 6top . . . . . . . . . . . . . . . . . . . . . . . . . . 16
70 8.1.1. Hard Cells . . . . . . . . . . . . . . . . . . . . . 16
71 8.1.2. Soft Cells . . . . . . . . . . . . . . . . . . . . . 17
72 8.2. 6top and RPL Objective Function operations . . . . . . . 17
73 8.3. Network Synchronization . . . . . . . . . . . . . . . . . 18
74 8.4. SlotFrames and Priorities . . . . . . . . . . . . . . . . 19
75 8.5. Distributing the reservation of cells . . . . . . . . . . 20
76 9. Schedule Management Mechanisms . . . . . . . . . . . . . . . 22
77 9.1. Static Scheduling . . . . . . . . . . . . . . . . . . . . 22
78 9.2. Neighbor-to-neighbor Scheduling . . . . . . . . . . . . . 22
79 9.3. remote Monitoring and Schedule Management . . . . . . . . 23
80 9.4. Hop-by-hop Scheduling . . . . . . . . . . . . . . . . . . 24
81 10. Forwarding Models . . . . . . . . . . . . . . . . . . . . . . 24
82 10.1. Track Forwarding . . . . . . . . . . . . . . . . . . . . 24
83 10.1.1. Transport Mode . . . . . . . . . . . . . . . . . . . 26
84 10.1.2. Tunnel Mode . . . . . . . . . . . . . . . . . . . . 27
85 10.1.3. Tunnel Metadata . . . . . . . . . . . . . . . . . . 28
86 10.2. Fragment Forwarding . . . . . . . . . . . . . . . . . . 28
87 10.3. IPv6 Forwarding . . . . . . . . . . . . . . . . . . . . 29
88 11. Centralized vs. Distributed Routing . . . . . . . . . . . . . 30
89 11.1. Packet Marking and Handling . . . . . . . . . . . . . . 30
90 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
91 13. Security Considerations . . . . . . . . . . . . . . . . . . . 31
92 13.1. Join Process Highlights . . . . . . . . . . . . . . . . 32
93 14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34
94 14.1. Contributors . . . . . . . . . . . . . . . . . . . . . . 34
95 14.2. Special Thanks . . . . . . . . . . . . . . . . . . . . . 35
96 14.3. And Do not Forget . . . . . . . . . . . . . . . . . . . 35
97 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 35
98 15.1. Normative References . . . . . . . . . . . . . . . . . . 35
99 15.2. Informative References . . . . . . . . . . . . . . . . . 37
100 15.3. Other Informative References . . . . . . . . . . . . . . 40
101 Appendix A. Personal submissions relevant to the next volumes . 41
102 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 42
104 1. Introduction
106 The emergence of wireless technology has enabled a variety of new
107 devices to get interconnected, at a very low marginal cost per
108 device, at any distance ranging from Near Field to interplanetary,
109 and in circumstances where wiring may not be practical, for instance
110 on fast-moving or rotating devices.
112 At the same time, a new breed of Time Sensitive Networks is being
113 developed to enable traffic that is highly sensitive to jitter, quite
114 sensitive to latency, and with a high degree of operational
115 criticality so that loss should be minimized at all times. Such
116 traffic is not limited to professional Audio/ Video networks, but is
117 also found in command and control operations such as industrial
118 automation and vehicular sensors and actuators. At IEEE802.1, the
119 Audio/Video Task Group [IEEE802.1TSNTG] Time Sensitive Networking
120 (TSN) to address Deterministic Ethernet. The IEEE802.15.4 Medium
121 access Control (MAC) has evolved with the new IEEE802.15.4e
122 TimeSlotted Channel Hopping (TSCH) [I-D.ietf-6tisch-tsch] mode for
123 deterministic industrial-type applications.
125 Though at a different time scale, both TSN and TSCH standards provide
126 Deterministic capabilities to the point that a packet that pertains
127 to a certain flow crosses the network from node to node following a
128 very precise schedule, as a train that leaves intermediate stations
129 at precise times along its path. With TSCH, time is formatted into
130 timeSlots, and an individual cell is allocated to unicast or
131 broadcast communication at the MAC level. The time-slotted operation
132 reduces collisions, saves energy, and enables to more closely
133 engineer the network for deterministic properties. The channel
134 hopping aspect is a simple and efficient technique to combat
135 multipath fading and external interference (for example by Wi-Fi
136 emitters).
138 This document is the first volume of an architecture for an IPv6
139 Multi-Link subnet that is composed of a high speed powered backbone
140 and a number of IEEE802.15.4e TSCH wireless networks attached and
141 synchronized by backbone routers. Route Computation may be achieved
142 in a centralized fashion by a Path Computation Element (PCE) [PCE],
143 in a distributed fashion using the Routing Protocol for Low Power and
144 Lossy Networks (RPL) [RFC6550], or in a mixed mode. The Backbone
145 Routers may perform proxy IPv6 Neighbor Discovery (ND) [RFC4861]
146 operations over the backbone on behalf of the wireless devices (also
147 called motes), so they can share a same IPv6 subnet and appear to be
148 connected to the same backbone as classical devices. The Backbone
149 Routers may alternatively redistribute the registration in a routing
150 protocol such as OSPF [RFC5340] or BGP [RFC2545], or inject them in a
151 mobility protocol such as MIPv6 [RFC6275], NEMO [RFC3963], or LISP
152 [RFC6830].
154 The 6TiSCH architecture defines four ways a schedule can be managed
155 and TimeSlots can be allocated: Static Scheduling, neighbor-to-
156 neighbor Scheduling, remote monitoring and scheduling management, and
157 Hop-by-hop scheduling. In the case of remote monitoring and
158 scheduling management, TimeSlots and other device resources are
159 managed by an abstract Network Management Entity (NME), which may
160 cooperate with the PCE in order to minimize the interaction with and
161 the load on the constrained device.
163 The 6TiSCH architecture supports three different forwarding models,
164 G-MPLS Track Forwarding, which switches a frame received at a
165 particular TimeSlot into another TimeStot at Layer-2, 6LoWPAN
166 Fragment Forwarding, which allows to forward individual 6loWPAN
167 fragments along the route set by the first fragment, and classical
168 IPv6 Forwarding, where the node selects a feasible successor at
169 Layer-3 on a per packet basis, based on its routing table.
171 2. Terminology
173 Readers are expected to be familiar with all the terms and concepts
174 that are discussed in "Neighbor Discovery for IP version 6"
175 [RFC4861], "IPv6 over Low-Power Wireless Personal Area Networks
176 (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals"
177 [RFC4919], Neighbor Discovery Optimization for Low-power and Lossy
178 Networks [RFC6775] where the 6LoWPAN Router (6LR) and the 6LoWPAN
179 Border Router (6LBR) are introduced, and "Multi-link Subnet Support
180 in IPv6" [I-D.ietf-ipv6-multilink-subnets].
182 Readers may benefit from reading the "RPL: IPv6 Routing Protocol for
183 Low-Power and Lossy Networks" [RFC6550] specification; "Multi-Link
184 Subnet Issues" [RFC4903]; "Mobility Support in IPv6" [RFC6275];
185 "Neighbor Discovery Proxies (ND Proxy)" [RFC4389]; "IPv6 Stateless
186 Address Autoconfiguration" [RFC4862]; "FCFS SAVI: First-Come, First-
187 Served Source Address Validation Improvement for Locally Assigned
188 IPv6 Addresses" [RFC6620]; and "Optimistic Duplicate Address
189 Detection" [RFC4429] prior to this specification for a clear
190 understanding of the art in ND-proxying and binding.
192 The draft uses terminology defined or referenced in
193 [I-D.ietf-6tisch-terminology],
194 [I-D.chakrabarti-nordmark-6man-efficient-nd],
195 [I-D.ietf-roll-rpl-industrial-applicability], [RFC4080], and
196 [RFC5191].
198 The draft also conforms to the terms and models described in
199 [RFC3444] and [RFC5889] and uses the vocabulary and the concepts
200 defined in [RFC4291] for the IPv6 Architecture.
202 3. Applications and Goals
204 Some aspects of this architecture derive from existing industrial
205 standards for Process Control such as ISA100.11a [ISA100.11a]and
206 WirelessHART [WirelessHART], by its focus on Deterministic
207 Networking, in particular with the use of the IEEE802.15.4e
208 [IEEE802154e] TSCH MAC and a centralized PCE. This approach
209 leverages the TSCH MAC benefits for high reliability against
210 interference, low-power consumption on deterministic traffic, and its
211 Traffic Engineering capabilities. In such applications,
212 Deterministic Networking applies mainly to control loops and movement
213 detection, but it can also be used for supervisory control flows and
214 management.
216 An incremental set of industrial requirements is addressed with the
217 addition of an autonomic and distributed routing operation based on
218 RPL. These use-cases include plant setup and decommissioning, as
219 well as monitoring of lots of lesser importance measurements such as
220 corrosion and events. RPL also enables mobile use cases such as
221 mobile workers and cranes, as discussed in
222 [I-D.ietf-roll-rpl-industrial-applicability].
224 A Backbone Router is included in order to scale the factory plant
225 subnet to address large deployments, with proxy ND and time
226 synchronization over a high speed backbone.
228 The architecture also applies to building automation that leverage
229 RPL's storing mode to address multipath over a large number of hops,
230 in-vehicle command and control that can be as demanding as industrial
231 applications, commercial automation and asset Tracking with mobile
232 scenarios, home automation and domotics which become more reliable
233 and thus provide a better user experience, and resource management
234 (energy, water, etc.).
236 4. Overview
238 The scope of the present work is a subnet that, in its basic
239 configuration, is made of a TSCH [I-D.ietf-6tisch-tsch] MAC Low Power
240 Lossy Network (LLN).
242 ---+-------- ............ ------------
243 | External Network |
244 | +-----+
245 +-----+ | NME |
246 | | LLN Border | |
247 | | router +-----+
248 +-----+
249 o o o
250 o o o o
251 o o LLN o o o
252 o o o o
253 o
255 Figure 1: Basic Configuration of a 6TiSCH Network
257 Security aspects of the join process by which a device obtains access
258 to the network are discussed in Section 13. With TSCH, devices are
259 time-synchronized at the MAC level. The use of a particular RPL
260 Instance for time synchronization is discussed in Section 8.3. With
261 this mechanism, the time synchronization starts at the RPL root and
262 follows the RPL DODAGs with no timing loop.
264 The LLN devices communicate over IPv6 [RFC2460] using the 6LoWPAN
265 Header Compression ( 6LoWPAN HC) [RFC6282]. From the perspective of
266 Layer-3, a single LLN interface (typically an IEEE802.15.4-compliant
267 radio) may be seen as a collection of Links with different
268 capabilities for unicast or multicast services. An IPv6 subnet spans
269 over multiple links, effectively forming a Multi-Link subnet. Within
270 that subnet, neighbor devices are discovered with 6LoWPAN Neighbor
271 Discovery [RFC6775] (6LoWPAN ND). RPL [RFC6550] enables routing
272 within the LLN, in the so called Route Over fashion, either in
273 storing (stateful) or non-storing (stateless, with routing headers)
274 mode.
276 RPL forms Destination Oriented Directed Acyclic Graphs (DODAGs)
277 within Instances of the protocol, each Instance being associated with
278 an Objective Function (OF) to form a routing topology. A particular
279 LLN device, the LLN Border Router (LBR), acts as RPL root, 6LoWPAN HC
280 terminator, and Border Router for the LLN to the outside. The LBR is
281 usually powered. More on RPL Instances can be found in section 3.1
282 of RPL [RFC6550], in particular "3.1.2. RPL Identifiers" and "3.1.3.
283 Instances, DODAGs, and DODAG Versions".
285 This architecture expects that a 6LoWPAN node can connect as a leaf
286 to a RPL network, where the leaf support is the minimal functionality
287 to connect as a host to a RPL network without the need to participate
288 to the full routing protocol. The architecture also expects that a
289 6LoWPAN node that is not aware at all of the RPL protocol may also
290 connect as a host. The derived requirements are listed in
291 [I-D.thubert-6lo-rfc6775-update-reqs].
293 An extended configuration of the subnet comprises multiple LLNs. The
294 LLNs are interconnected and synchronized over a backbone, that can be
295 wired or wireless. The backbone can be a classical IPv6 network,
296 with Neighbor Discovery operating as defined in [RFC4861] and
297 [RFC4862]. This architecture requires new work to standardize the
298 the registration of 6LoWPAN nodes to the Backbone Routers.
300 In the extended configuration, a Backbone Router (6BBR) acts as an
301 Energy Aware Default Router (NEAR) as defined in
302 [I-D.chakrabarti-nordmark-6man-efficient-nd]. The 6BBR performs ND
303 proxy operations between the registered devices and the classical ND
304 devices that are located over the backbone. 6TiSCH 6BBRs synchronize
305 with one another over the backbone, so as to ensure that the multiple
306 LLNs that form the IPv6 subnet stay tightly synchronized.
308 ---+-------- ............ ------------
309 | External Network |
310 | +-----+
311 | +-----+ | NME |
312 +-----+ | +-----+ | |
313 | | Router | | PCE | +-----+
314 | | +--| |
315 +-----+ +-----+
316 | |
317 | Subnet Backbone |
318 +--------------------+------------------+
319 | | |
320 +-----+ +-----+ +-----+
321 | | Backbone | | Backbone | | Backbone
322 o | | router | | router | | router
323 +-----+ +-----+ +-----+
324 o o o o o
325 o o o o o o o o o o o
326 o o o LLN o o o o
327 o o o o o o o o o o o o
329 Figure 2: Extended Configuration of a 6TiSCH Network
331 In order to serve nodes that are multiple hops away, an integrated
332 RPL root and 6LBR may be collocated with the 6BBR, or attached to the
333 6BBR in which case they would perform the registration on behalf of
334 the remote LLN nodes - they proxy the efficient ND registration over
335 the LLN in order for the 6BBR to perform proxy ND operations over the
336 backbone.
338 If the Backbone is Deterministic (such as defined by the Time
339 Sensitive Networking WG at IEEE), then the Backbone Router ensures
340 that the end-to-end deterministic behavior is maintained between the
341 LLN and the backbone. The DetNet Architecture
342 [I-D.finn-detnet-architecture] studies Layer-3 aspects of
343 Deterministic Networks, and covers networks that span multiple
344 Layer-2 domains.
346 5. Scope
348 5.1. Components
350 In order to control the complexity and the size of the 6TiSCH work,
351 the architecture and the associated IETF work are staged in volumes.
352 This document covers the first stage of the work, as specified by the
353 WG charter. If the work continues as expected, further volumes will
354 complete this piece and provide the full coverage of IPv6 over TSCH.
356 The main architectural blocks are represented below to help detail
357 what is covered and what is not yet covered from the global 6TiSCH
358 architecture by this initial volume:
360 +-----+-----+
361 | PCEP|TEAS/|
362 | PCE |CCAMP|
363 +-----+-----+-----+-----+-------+-----+
364 | (COMI) |PANA |6LoWPAN| RPL |
365 | CoAP / DTLS | | ND | |
366 +-----+-----+-----+-----+-------+-----+
367 | UDP | ICMP |
368 +-----+-----+-----+-----+-------+-----+-----+
369 | IPv6 |
370 +-------------------------------------------+
371 | 6LoWPAN adaptation and compression (HC) |
372 +-------------------------------------------+
373 | 6top |
374 +-------------------------------------------+
375 | IEEE802.15.4e TSCH |
376 +-------------------------------------------+
378 Figure 3: Envisioned 6TiSCH protocol stack
380 RPL is the routing protocol of choice for LLNs. So far, there was no
381 identified need to define a 6TiSCH specific Objective Function. The
382 Minimal 6TiSCH Configuration [I-D.ietf-6tisch-minimal] describes the
383 operation of RPL over a static schedule used in a slotted aloha
384 fashion, whereby all active slots may be used for emission or
385 reception of both unicast and multicast frames.
387 The architecture of the operation of RPL over a dynamic schedule is
388 deferred to a subsequent volume of the architecture.
390 6TiSCH has adopted the general direction of CoAP Management Interface
391 (COMI) [I-D.vanderstok-core-comi] for the management of devices.
392 This is leveraged for instance for the implementation of the generic
393 data model for the 6top sublayer management interface
394 [I-D.ietf-6tisch-6top-interface]. The proposed implementation is
395 based on CoAP and CBOR, and specified in 6TiSCH Resource Management
396 and Interaction using CoAP [I-D.ietf-6tisch-coap].
398 The work on centralized track computation is deferred to a subsequent
399 volume of the architecture. The Path Computation Element (PCE) is
400 certainly the core component of that architecture. Around the PCE, a
401 protocol such as an extension to a TEAS [TEAS] protocol (maybe
402 running over CoAP as illustrated) will be required to expose the
403 device capabilities and the network peers to the PCE, and a protocol
404 such as a lightweight PCEP or an adaptation of CCAMP [CCAMP] G-MPLS
405 formats and procedures will be used to publish the tracks, computed
406 by the PCE, to the devices (maybe in a fashion similar to RSVP-TE).
408 The selection of an authentication, an authorization and a Transport
409 layer security protocols are out of scope for this volume.
411 The Datagram Transport Layer Security (DTLS) [RFC6347] is represented
412 as an example of a protocol that could be used to protect CoAP
413 datagrams, and work at [DICE] may optimize the protocol for
414 constrained devices.
416 Similarly, the Protocol for Carrying Authentication for Network
417 access (PANA) [RFC5191] is represented as an example of a protocol
418 that could be leveraged to secure the join process, as a Layer-3
419 alternate to IEEE802.1x/EAP. Work resulting from [ACE] could be
420 considered as well. Regardless, the security model must ensure that,
421 prior to a join process, packets from a untrusted device are
422 controlled in volume and in reachability. An overview of the
423 security aspects of the join process can be found in Section 13.
424 Related contributions are presented in Appendix A.
426 The 6TiSCH Operation sublayer (6top) [I-D.wang-6tisch-6top-sublayer]
427 is an Logical Link Control (LLC) or a portion thereof that provides
428 the abstraction of an IP link over a TSCH MAC. The work on the
429 operations of that layer, in particular related to dynamic
430 scheduling, is only introduced here, and should be detailed further
431 in a subsequent volume of the architecture.
433 5.2. Dependencies
435 At the time of this writing, the components and protocols that are
436 required to implement this stage of architecture are not fully
437 available from the IETF. In particular, the requirements on an
438 evolution of 6LoWPAN Neighbor Discovery that are needed to implement
439 the Backbone Router as covered by this stage of the architecture are
440 detailed in [I-D.thubert-6lo-rfc6775-update-reqs].
442 The 6TiSCH Architecture applies the concepts of Deterministic
443 Networking on a Layer-3 network. The 6TiSCH Architecture should
444 inherit from DetNet [I-D.finn-detnet-architecture] work and thus
445 depends on it. In turn, DetNet is expected to integrate and maintain
446 consistency with the work that has taken place and is continuing at
447 IEEE802.1TSN and AVnu.
449 The current charter positions 6TiSCH on IEEE802.15.4 only. Though
450 most of the design should be portable on other link types, 6TiSCH has
451 a strong dependency on IEEE802.15.4 and its evolution. A new version
452 of the IEEE802.15.4 standard is expected in 2015. That version
453 should integrate TSCH as well as other amendments and fixes into the
454 main specification. The impact on this Architecture should be
455 minimal to non-existent, but deeper work such as 6top and security
456 may be impacted. A 6TiSCH Interest Group was formed at IEEE to
457 maintain the synchronization and help foster work at the IEEE should
458 6TiSCH demand it.
460 ISA100 [ISA100] Common Network Management (CNM) is another external
461 work of interest for 6TiSCH. The group, referred to as ISA100.20,
462 defines a Common Network Management framework that should enable the
463 management of resources that are controlled by heterogeneous
464 protocols such as ISA100.11a [ISA100.11a], WirelessHART
465 [WirelessHART], and 6TiSCH. Interestingly, the establishment of
466 6TiSCH Deterministic paths, called tracks, are also in scope, and
467 ISA100.20 is working on requirements for DetNet.
469 6. 6LoWPAN (and RPL)
471 The architecture expects that a 6LoWPAN node that is not aware at all
472 of the RPL protocol may still connect as a host. It suggests to
473 extend 6LoWPAN ND [RFC6775] to carry the sequence number that is
474 needed by RPL to track the movements of the device, and optionally
475 some abstract information about the RPL instance (topology) that the
476 device will be reachable over.
478 In this design, the root of the RPL network is integrated with the
479 6LoWPAN ND 6LBR, but it is logically separated from the Backbone
480 Router (6BBR) that is used to connect the RPL topology to the
481 backbone. This way, the root has all information from 6LoWPAN ND and
482 RPL about the LLN devices attached to it.
484 This architecture also expects that the root of the RPL network
485 (proxy-)registers the LLN devices on their behalf to the 6BBR, for
486 whatever operation the 6BBR performs on the backbone, such as ND
487 proxy, or redistribution in a routing protocol. It suggests to use
488 an extension of the mixed mode of Efficient ND
489 [I-D.chakrabarti-nordmark-6man-efficient-nd] for the registration as
490 described in [I-D.thubert-6lowpan-backbone-router].
492 It results that, as illustrated in Figure 4, the periodic signaling
493 would start at the leaf node with 6LoWPAN ND, then would be carried
494 over RPL to the RPL root, and then with Efficient-ND to the 6BBR.
495 Efficient ND being an adaptation of 6LoWPAN ND, it makes sense to
496 keep those two homogeneous in the way they use the source and the
497 target addresses in the Neighbor Solicitation (NS) messages for
498 registration, as well as in the options that they use for that
499 process.
501 6LoWPAN Node 6LR 6LBR 6BBR
502 (RPL leaf) (router) (root)
503 | | | |
504 | 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND
505 | LLN link |Route-Over mesh| IPv6 link | Backbone
506 | | | |
507 | NS(ARO) | | |
508 |-------------->| | |
509 | 6LoWPAN ND | DAR (then DAO)| |
510 | |-------------->| |
511 | | | NS(ARO) |
512 | | |-------------->|
513 | | | | DAD
514 | | | |------>
515 | | | |
516 | | | NA(ARO) |
517 | | |<--------------|
518 | | DAC | |
519 | |<--------------| |
520 | NA(ARO) | | |
521 |<--------------| | |
523 Figure 4: (Re-)Registration Flow over Multi-Link Subnet
525 As the network builds up, a node should start as a leaf to join the
526 RPL network, and may later turn into both a RPL-capable router and a
527 6LR, so as to accept leaf nodes to recursively join the network.
529 6.1. RPL Leaf Support in 6LoWPAN ND
531 RPL needs a set of information in order to advertise a leaf node
532 through a DAO message and establish reachability.
534 At the bare minimum the leaf device must provide a sequence number
535 that matches the RPL specification in section 7. Section 4.1 of
536 [I-D.chakrabarti-nordmark-6man-efficient-nd], on the Address
537 Registration Option (ARO), already incorporates that addition with a
538 new field in the option called the Transaction ID.
540 If for some reason the node is aware of RPL topologies, then
541 providing the RPL InstanceID for the instances to which the node
542 wishes to participate would be a welcome addition. In the absence of
543 such information, the RPL router must infer the proper instanceID
544 from external rules and policies.
546 On the backbone, the InstanceID is expected to be mapped onto a an
547 overlay that matches the instanceID, for instance a VLANID.
549 6.2. registration Failures Due to Movement
551 Registration to the 6LBR through DAR/DAC messages [RFC6775] may
552 percolate slowly through an LLN mesh, and it might happen that in the
553 meantime, the 6LoWPAN node moves and registers somewhere else. Both
554 RPL and 6LoWPAN ND lack the capability to indicate that the same node
555 is registered elsewhere, so as to invalidate states down the
556 deprecated path.
558 In its current expression and functionality, 6LoWPAN ND considers
559 that the registration is used for the purpose of DAD only as opposed
560 to that of achieving reachability, and as long as the same node
561 registers the IPv6 address, the protocol is functional. In order to
562 act as a RPL leaf registration protocol and achieve reachability, the
563 device must use the same TID for all its concurrent registrations,
564 and registrations with a past TID should be declined. The state for
565 an obsolete registration in the 6LR, as well as the RPL routers on
566 the way, should be invalidated. This can only be achieved with the
567 addition of a new Status in the DAC message, and a new error/clean-up
568 flow in RPL.
570 6.3. Proxy registration
572 The 6BBR provides the capability to defend an address that is owned
573 by a 6LoWPAN Node, and attract packets to that address, whether it is
574 done by proxying ND over a MultiLink Subnet, redistributing the
575 address in a routing protocol or advertising it through an alternate
576 proxy registration such as the Locator/ID Separation Protocol
577 [RFC6830] (LISP) or Mobility Support in IPv6 [RFC6275] (MIPv6). In a
578 LLN, it makes sense to piggyback the request to proxy/defend an
579 address with its registration.
581 6.4. Target Registration
583 In their current incarnations, both 6LoWPAN ND and Efficient ND
584 expect that the address being registered is the source of the NS(ARO)
585 message and thus impose that a Source Link-Layer Address (SLLA)
586 option be present in the message. In a mesh scenario where the 6LBR
587 is physically separated from the 6LoWPAN Node, the 6LBR does not own
588 the address being registered. This suggests that
589 [I-D.chakrabarti-nordmark-6man-efficient-nd] should evolve to
590 register the Target of the NS message as opposed to the Source
591 Address. From another perspective, it may happen, in the use case of
592 a Star topology, that the 6LR, 6LBR and 6BBR are effectively
593 collapsed and should support 6LoWPAN ND clients. The convergence of
594 efficient ND and 6LoWPAN ND into a single protocol is thus highly
595 desirable.
597 In any case, as long as the DAD process is not complete for the
598 address used as source of the packet, it is against the current
599 practice to advertise the SLLA, since this may corrupt the ND cache
600 of the destination node, as discussed in the Optimistic DAD
601 specification [RFC4429] with regards to the TENTATIVE state.
603 This may look like a chicken and an egg problem, but in fact 6LoWPAN
604 ND acknowledges that the Link-Local Address that is based on an
605 EUI-64 address of a LLN node may be autoconfigured without the need
606 for DAD. It results that a node could use that Address as source,
607 with an SLLA option in the message if required, to register any other
608 addresses, either Global or Unique-Local Addresses, which would be
609 indicated in the Target.
611 The suggested change is to register the target of the NS message, and
612 use Target Link-Layer Address (TLLA) in the NS as opposed to the SLLA
613 in order to install a Neighbor Cache Entry. This would apply to both
614 Efficient ND and 6LoWPAN ND in a very same manner, with the caveat
615 that depending on the nature of the link between the 6LBR and the
616 6BBR, the 6LBR may resort to classical ND or DHCPv6 to obtain the
617 address that it uses to source the NS registration messages, whether
618 for itself or on behalf of LLN nodes.
620 6.5. RPL root vs. 6LBR
622 6LoWPAN ND is unclear on how the 6LBR is discovered, and how the
623 liveliness of the 6LBR is asserted over time. On the other hand, the
624 discovery and liveliness of the RPL root are obtained through the RPL
625 protocol.
627 When 6LoWPAN ND is coupled with RPL, the 6LBR and RPL root
628 functionalities are co-located in order that the address of the 6LBR
629 be indicated by RPL DIO messages and to associate the unique ID from
630 the DAR/DAC exchange with the state that is maintained by RPL. The
631 DAR/DAC exchange becomes a preamble to the DAO messages that are used
632 from then on to reconfirm the registration, thus eliminating a
633 duplication of functionality between DAO and DAR messages.
635 6.6. Securing the Registration
637 A typical attack against IPv6 ND is address spoofing, whereby a rogue
638 node claims the IPv6 Address of another node in and hijacks its
639 traffic. The threats against IPv6 ND as described in SEcure Neighbor
640 Discovery (SEND) [RFC3971] are applicable to 6LoPWAN ND as well, but
641 the solution can not work as the route over network does not permit
642 direct peer to peer communication.
644 Additionally SEND requires considerably enlarged ND messages to carry
645 cryptographic material, and requires that each protected address is
646 generated cryptographically, which implies the computation of a
647 different key for each Cryptographically Generated Address (CGA).
648 SEND as defined in [RFC3971] is thus largely unsuitable for
649 application in a LLN.
651 With 6LoWPAN ND, as illustrated in Figure 4, it is possible to
652 leverage the registration state in the 6LBR, which may store
653 additional security information for later proof of ownership. If
654 this information proves the ownership independently of the address
655 itself, then a single proof may be used to protect multiple
656 addresses.
658 Once an Address is registered, the 6LBR maintains a state for that
659 Address and is in position to bind securely the first registration
660 with the Node that placed it, whether the Address is CGA or not. It
661 should thus be possible to protect the ownership of all the addresses
662 of a 6LoWPAN Node with a single key, and there should not be a need
663 to carry the cryptographic material more than once to the 6LBR.
665 The energy constraint is usually a foremost factor, and attention
666 should be paid to minimize the burden on the CPU. Hardware-assisted
667 support of variants of the Counter with CBC-MAC [RFC3610] (CCM)
668 authenticated encryption block cipher mode such as CCM* are common in
669 LowPower ship-set implementations, and 6LoWPAN ND security mechanism
670 should be capable to reuse them when applicable.
672 Finally, the code footprint in the device being also an issue, the
673 capability to reuse not only hardware-assist mechanisms but also
674 software across layers has to be considered. For instance, if code
675 has to be present for upper-layer operations, e.g AES-CCM Cipher
676 Suites for Transport Layer Security (TLS) [RFC6655], then the
677 capability to reuse that code should be considered.
679 7. Communication Paradigms and Interaction Models
681 [I-D.ietf-6tisch-terminology] defines the terms of Communication
682 Paradigms and Interaction Models, which can be placed in parallel to
683 the Information Models and Data Models that are defined in [RFC3444].
685 A Communication Paradigms would be an abstract view of a protocol
686 exchange, and would come with an Information Model for the
687 information that is being exchanged. In contrast, an Interaction
688 Models would be more refined and could point on standard operation
689 such as a Representational state transfer (REST) "GET" operation and
690 would match a Data Model for the data that is provided over the
691 protocol exchange.
693 section 2.1.3 of [I-D.ietf-roll-rpl-industrial-applicability] and
694 next sections discuss application-layer paradigms, such as Source-
695 sink (SS) that is a Multipeer to Multipeer (MP2MP) model primarily
696 used for alarms and alerts, Publish-subscribe (PS, or pub/sub) that
697 is typically used for sensor data, as well as Peer-to-peer (P2P) and
698 Peer-to-multipeer (P2MP) communications. Additional considerations
699 on Duocast and its N-cast generalization are also provided. Those
700 paradigms are frequently used in industrial automation, which is a
701 major use case for IEEE802.15.4e TSCH wireless networks with
702 [ISA100.11a] and [WirelessHART], that provides a wireless access to
703 [HART] applications and devices.
705 This specification focuses on Communication Paradigms and Interaction
706 Models for packet forwarding and TSCH resources (cells) management.
707 Management mechanisms for the TSCH schedule at Link-layer (one-hop),
708 Network-layer (multithop along a track), and Application-layer
709 (remote control) are discussed in Section 9. Link-layer frame
710 forwarding interactions are discussed in Section 10, and Network-
711 layer Packet routing is addressed in Section 11.
713 8. TSCH and 6top
715 8.1. 6top
717 6top is a logical link control sitting between the IP layer and the
718 TSCH MAC layer, which provides the link abstraction that is required
719 for IP operations. The 6top operations are specified in
720 [I-D.wang-6tisch-6top-sublayer]. In particular, 6top provides a
721 management interface that enables an external management entity to
722 schedule cells and slotFrames, and allows the addition of
723 complementary functionality, for instance to support a dynamic
724 schedule management based on observed resource usage as discussed in
725 Section 9.2.
727 The 6top data model and management interfaces are further discussed
728 in Section 9.3.
730 8.1.1. Hard Cells
732 The architecture defines "soft" cells and "hard" cells. "Hard" cells
733 are owned and managed by an separate scheduling entity (e.g. a PCE)
734 that specifies the slotOffset/channelOffset of the cells to be
735 added/moved/deleted, in which case 6top can only act as instructed,
736 and may not move hard cells in the TSCH schedule on its own.
738 8.1.2. Soft Cells
740 6top contains a monitoring process which monitors the performance of
741 cells, and can move a cell in the TSCH schedule when it performs
742 poorly. This is only applicable to cells which are marked as "soft".
743 To reserve a soft cell, the higher layer does not indicate the exact
744 slotOffset/channelOffset of the cell to add, but rather the resulting
745 bandwidth and QoS requirements. When the monitoring process triggers
746 a cell reallocation, the two neighbor devices communicating over this
747 cell negotiate its new position in the TSCH schedule.
749 8.2. 6top and RPL Objective Function operations
751 An implementation of a RPL [RFC6550] Objective Function (OF), such as
752 the RPL Objective Function Zero (OF0) [RFC6552] that is used in the
753 Minimal 6TiSCH Configuration [I-D.ietf-6tisch-minimal] to support RPL
754 over a static schedule, may leverage, for its internal computation,
755 the information maintained by 6top.
757 Most OFs require metrics about reachability, such as the ETX. 6top
758 creates and maintains an abstract neighbor table, and this state may
759 be leveraged to feed an OF and/or store OF information as well. In
760 particular, 6top creates and maintains an abstract neighbor table. A
761 neighbor table entry contains a set of statistics with respect to
762 that specific neighbor including the time when the last packet has
763 been received from that neighbor, a set of cell quality metrics (e.g.
764 RSSI or LQI), the number of packets sent to the neighbor or the
765 number of packets received from it. This information can be obtained
766 through 6top management APIs as detailed in the 6top sublayer
767 specification [I-D.wang-6tisch-6top-sublayer] and used for instance
768 to compute a Rank Increment that will determine the selection of the
769 preferred parent.
771 6top provides statistics about the underlying layer so the OF can be
772 tuned to the nature of the TSCH MAC layer. 6top also enables the RPL
773 OF to influence the MAC behaviour, for instance by configuring the
774 periodicity of IEEE802.15.4e Extended Beacons (EB's). By augmenting
775 the EB periodicity, it is possible to change the network dynamics so
776 as to improve the support of devices that may change their point of
777 attachment in the 6TiSCH network.
779 Some RPL control messages, such as the DODAG Information Object (DIO)
780 are ICMPv6 messages that are broadcast to all neighbor nodes. With
781 6TiSCH, the broadcast channel requirement is addressed by 6top by
782 configuring TSCH to provide a broadcast channel, as opposed to, for
783 instance, piggybacking the DIO messages in Enhance Beacons.
784 Consideration was given towards finding a way to embed the Route
785 Advertisements and the RPL DIO messages (both of which are multicast)
786 into the IEEE802.15.4e Enhanced Beacons. It was determined that this
787 produced undue timer coupling among layers, that the resulting packet
788 size was potentially too large, and required it is not yet clear that
789 there is any need for Enhanced Beacons in a production network.
791 8.3. Network Synchronization
793 Nodes in a TSCH network must be time synchronized. A node keeps
794 synchronized to its time source neighbor through a combination of
795 frame-based and acknowledgment-based synchronization. In order to
796 maximize battery life and network throughput, it is advisable that
797 RPL ICMP discovery and maintenance traffic (governed by the trickle
798 timer) be somehow coordinated with the transmission of time
799 synchronization packets (especially with enhanced beacons). This
800 could be achieved through an interaction of the 6top sublayer and the
801 RPL objective Function, or could be controlled by a management
802 entity.
804 Time distribution requires a loop-less structure. Nodes taken in a
805 synchronization loop will rapidly desynchronize from the network and
806 become isolated. It is expected that a RPL DAG with a dedicated
807 global Instance is deployed for the purpose of time synchronization.
808 That Instance is referred to as the Time Synchronization Global
809 Instance (TSGI). The TSGI can be operated in either of the 3 modes
810 that are detailed in section 3.1.3 of RPL [RFC6550], "Instances,
811 DODAGs, and DODAG Versions". Multiple uncoordinated DODAGs with
812 independent roots may be used if all the roots share a common time
813 source such as the Global Positioning System (GPS). In the absence
814 of a common time source, the TSGI should form a single DODAG with a
815 virtual root. A backbone network is then used to synchronize and
816 coordinate RPL operations between the backbone routers that act as
817 sinks for the LLN. Optionally, RPL's periodic operations may be used
818 to transport the network synchronization. This may mean that 6top
819 would need to trigger (override) the trickle timer if no other
820 traffic has occurred for such a time that nodes may get out of
821 synchronization.
823 A node that has not joined the TSGI advertises a MAC level Join
824 Priority of 0xFF to notify its neighbors that is not capable of
825 serving as time parent. A node that has joined the TSGI advertises a
826 MAC level Join Priority set to its DAGRank() in that Instance, where
827 DAGRank() is the operation specified in section 3.5.1 of [RFC6550],
828 "Rank Comparison".
830 A root is configured or obtains by some external means the knowledge
831 of the RPLInstanceID for the TSGI. The root advertises its DagRank
832 in the TSGI, that must be less than 0xFF, as its Join Priority (JP)
833 in its IEEE802.15.4e Extended Beacons (EB). We'll note that the JP
834 is now specified between 0 and 0x3F leaving 2 bits in the octet
835 unused in the IEEE802.15.4e specification. After consultation with
836 IEEE authors, it was asserted that 6TiSCH can make a full use of the
837 octet to carry an integer value up to 0xFF.
839 A node that reads a Join Priority of less than 0xFF should join the
840 neighbor with the lesser Join Priority and use it as time parent. If
841 the node is configured to serve as time parent, then the node should
842 join the TSGI, obtain a Rank in that Instance and start advertising
843 its own DagRank in the TSGI as its Join Priority in its EBs.
845 8.4. SlotFrames and Priorities
847 6TiSCH enables in essence the capability to use IPv6 over a MAC layer
848 that enables to schedule some of the transmissions. In order to
849 ensure that the medium is free of contending packets when time
850 arrives for a scheduled transmission, a window of time is defined
851 around the scheduled transmission time where the medium must be free
852 of contending energy.
854 One simple way to obtain such a window is to format time and
855 frequencies in cells of transmission of equal duration. This is the
856 method that is adopted in IEEE802.15.4e TSCH as well as the Long Term
857 Evolution (LTE) of cellular networks.
859 In order to describe that formatting of time and frequencies, the
860 6TiSCH architecture defines a global concept that is called a Channel
861 Distribution and Usage (CDU) matrix; a CDU matrix is a matrix of
862 cells with an height equal to the number of available channels
863 (indexed by ChannelOffsets) and a width (in timeSlots) that is the
864 period of the network scheduling operation (indexed by slotOffsets)
865 for that CDU matrix. The size of a cell is a timeSlot duration, and
866 values of 10 to 15 milliseconds are typical in 802.15.4e TSCH to
867 accommodate for the transmission of a frame and an ack, including the
868 security validation on the receive side which may take up to a few
869 milliseconds on some device architecture.
871 A CDU matrix iterates over and over with a pseudo-random rotation
872 from an epoch time. In a given network, there might be multiple CDU
873 matrices that operate with different width, so they have different
874 durations and represent different periodic operations. It is
875 recommended that all CDU matrices in a 6TiSCH domain operate with the
876 same cell duration and are aligned, so as to reduce the chances of
877 interferences from slotted-aloha operations. The knowledge of the
878 CDU matrices is shared between all the nodes and used in particular
879 to define slotFrames.
881 A slotFrame is a MAC-level abstraction that is common to all nodes
882 and contains a series of timeSlots of equal length and precedence.
883 It is characterized by a slotFrame_ID, and a slotFrame_size. A
884 slotFrame aligns to a CDU matrix for its parameters, such as number
885 and duration of timeSlots.
887 Multiple slotFrames can coexist in a node schedule, i.e., a node can
888 have multiple activities scheduled in different slotFrames, based on
889 the precedence of the 6TiSCH topologies. The slotFrames may be
890 aligned to different CDU matrices and thus have different width.
891 There is typically one slotFrame for scheduled traffic that has the
892 highest precedence and one or more slotFrame(s) for RPL traffic. The
893 timeSlots in the slotFrame are indexed by the SlotOffset; the first
894 cell is at SlotOffset 0.
896 When a packet is received from a higher layer for transmission, 6top
897 inserts that packet in the outgoing queue which matches the packet
898 best (Differentiated Services [RFC2474] can therefore be used). At
899 each scheduled transmit slot, 6top looks for the frame in all the
900 outgoing queues that best matches the cells. If a frame is found, it
901 is given to the TSCH MAC for transmission.
903 8.5. Distributing the reservation of cells
905 6TiSCH expects a high degree of scalability together with a
906 distributed routing functionality based on RPL. To achieve this
907 goal, the spectrum must be allocated in a way that allows for spatial
908 reuse between zones that will not interfere with one another. In a
909 large and spatially distributed network, a 6TiSCH node is often in a
910 good position to determine usage of spectrum in its vicinity.
912 Use cases for distributed routing are often associated with a
913 statistical distribution of best-effort traffic with variable needs
914 for bandwidth on each individual link. With 6TiSCH, the link
915 abstraction is implemented as a bundle of cells; the size of a bundle
916 is optimal when both the energy wasted idle listening and the packet
917 drops due to congestion loss are minimized. This can be maintained
918 if the number of cells in a bundle is adapted dynamically, and with
919 enough reactivity, to match the variations of best-effort traffic.
920 In turn, the agility to fulfill the needs for additional cells
921 improves when the number of interactions with other devices and the
922 protocol latencies are minimized.
924 6TiSCH limits that interaction to RPL parents that will only
925 negotiate with other RPL parents, and performs that negotiation by
926 groups of cells as opposed to individual cells. The 6TiSCH
927 architecture allows RPL parents to adjust dynamically, and
928 independently from the PCE, the amount of bandwidth that is used to
929 communicate between themselves and their children, in both
930 directions; to that effect, an allocation mechanism enables a RPL
931 parent to obtain the exclusive use of a portion of a CDU matrix
932 within its interference domain. Note that a PCE is expected to have
933 precedence in the allocation, so that a RPL parent would only be able
934 to obtain portions that are not in-use by the PCE.
936 The 6TiSCH architecture introduces the concept of chunks
937 [I-D.ietf-6tisch-terminology]) to operate such spectrum distribution
938 for a whole group of cells at a time. The CDU matrix is formatted
939 into a set of chunks, each of them identified uniquely by a chunk-ID.
940 The knowledge of this formatting is shared between all the nodes in a
941 6TiSCH network. 6TiSCH also defines the process of chunk ownership
942 appropriation whereby a RPL parent discovers a chunk that is not used
943 in its interference domain (e.g lack of energy detected in reference
944 cells in that chunk); then claims the chunk, and then defends it in
945 case another RPL parent would attempt to appropriate it while it is
946 in use. The chunk is the basic unit of ownership that is used in
947 that process.
949 +-----+-----+-----+-----+-----+-----+-----+ +-----+
950 chan.Off. 0 |chnkA|chnkP|chnk7|chnkO|chnk2|chnkK|chnk1| ... |chnkZ|
951 +-----+-----+-----+-----+-----+-----+-----+ +-----+
952 chan.Off. 1 |chnkB|chnkQ|chnkA|chnkP|chnk3|chnkL|chnk2| ... |chnk1|
953 +-----+-----+-----+-----+-----+-----+-----+ +-----+
954 ...
955 +-----+-----+-----+-----+-----+-----+-----+ +-----+
956 chan.Off. 15 |chnkO|chnk6|chnkN|chnk1|chnkJ|chnkZ|chnkI| ... |chnkG|
957 +-----+-----+-----+-----+-----+-----+-----+ +-----+
958 0 1 2 3 4 5 6 M
960 Figure 5: CDU matrix Partitioning in Chunks
962 As a result of the process of chunk ownership appropriation, the RPL
963 parent has exclusive authority to decide which cell in the
964 appropriated chunk can be used by which node in its interference
965 domain. In other words, it is implicitly delegated the right to
966 manage the portion of the CDU matrix that is represented by the
967 chunk. The RPL parent may thus orchestrate which transmissions occur
968 in any of the cells in the chunk, by allocating cells from the chunk
969 to any form of communication (unicast, multicast) in any direction
970 between itself and its children. Initially, those cells are added to
971 the heap of free cells, then dynamically placed into existing
972 bundles, in new bundles, or allocated opportunistically for one
973 transmission.
975 The appropriation of a chunk can also be requested explicitly by the
976 PCE to any node. In that case, the node still may need to perform
977 the appropriation process to validate that no other node has claimed
978 that chunk already. After a successful appropriation, the PCE owns
979 the cells in that chunk, and may use them as hard cells to set up
980 tracks.
982 9. Schedule Management Mechanisms
984 6TiSCH uses 4 paradigms to manage the TSCH schedule of the LLN nodes:
985 Static Scheduling, neighbor-to-neighbor Scheduling, remote monitoring
986 and scheduling management, and Hop-by-hop scheduling. Multiple
987 mechanisms are defined that implement the associated Interaction
988 Models, and can be combined and used in the same LLN. Which
989 mechanism(s) to use depends on application requirements.
991 9.1. Static Scheduling
993 In the simplest instantiation of a 6TiSCH network, a common fixed
994 schedule may be shared by all nodes in the network. Cells are
995 shared, and nodes contend for slot access in a slotted aloha manner.
997 A static TSCH schedule can be used to bootstrap a network, as an
998 initial phase during implementation, or as a fall-back mechanism in
999 case of network malfunction. This schedule can be preconfigured or
1000 learnt by a node when joining the network. Regardless, the schedule
1001 remains unchanged after the node has joined a network. The Routing
1002 Protocol for LLNs (RPL) is used on the resulting network. This
1003 "minimal" scheduling mechanism that implements this paradigm is
1004 detailed in [I-D.ietf-6tisch-minimal].
1006 9.2. Neighbor-to-neighbor Scheduling
1008 In the simplest instantiation of a 6TiSCH network described in
1009 Section 9.1, nodes may expect a packet at any cell in the schedule
1010 and will waste energy idle listening. In a more complex
1011 instantiation of a 6TiSCH network, a matching portion of the schedule
1012 is established between peers to reflect the observed amount of
1013 transmissions between those nodes. The aggregation of the cells
1014 between a node and a peer forms a bundle that the 6top layer uses to
1015 implement the abstraction of a link for IP. The bandwidth on that
1016 link is proportional to the number of cells in the bundle.
1018 If the size of a bundle is configured to fit an average amount of
1019 bandwidth, peak traffic is dropped. If the size is configured to
1020 allow for peak emissions, energy is be wasted idle listening.
1022 In the most efficient instantiation of a 6TiSCH network, the size of
1023 the bundles that implement the links may be changed dynamically in
1024 order to adapt to the need of end-to-end flows routed by RPL. An
1025 optional On-The-Fly (OTF) component may be used to monitor bandwidth
1026 usage and perform requests for dynamic allocation by the 6top
1027 sublayer. The OTF component is not part of the 6top sublayer. It
1028 may be collocated on the same device or may be partially or fully
1029 offloaded to an external system.
1031 The 6top sublayer [I-D.wang-6tisch-6top-sublayer] defines a protocol
1032 for neighbor nodes to reserve soft cells to one another. Because
1033 this reservation is done without global knowledge of the schedule of
1034 nodes in the LLN, scheduling collisions are possible. 6top defines a
1035 monitoring process which continuously tracks the packet delivery
1036 ratio of soft cells. It uses these statistics to trigger the
1037 reallocation of a soft cell in the schedule, using a negotiation
1038 protocol between the neighbors nodes communicating over that cell.
1040 Monitoring and relocation is done in the 6top layer. For the upper
1041 layer, the connection between two neighbor nodes appears as an number
1042 of cells. Depending on traffic requirements, the upper layer can
1043 request 6top to add or delete a number of cells scheduled to a
1044 particular neighbor, without being responsible for choosing the exact
1045 slotOffset/channelOffset of those cells.
1047 9.3. remote Monitoring and Schedule Management
1049 The 6top interface document [I-D.ietf-6tisch-6top-interface]
1050 specifies the generic data model that can be used to monitor and
1051 manage resources of the 6top sublayer. Abstract methods are
1052 suggested for use by a management entity in the device. The data
1053 model also enables remote control operations on the 6top sublayer.
1055 The capability to interact with the node 6top sublayer from multiple
1056 hops away can be leveraged for monitoring, scheduling, or a
1057 combination of thereof. The architecture supports variations on the
1058 deployment model, and focuses on the flows rather than whether there
1059 is a proxy or a translation operation en-route.
1061 [I-D.ietf-6tisch-coap] defines an mapping of the 6top set of
1062 commands, which is described in [I-D.ietf-6tisch-6top-interface], to
1063 CoAP resources. This allows an entity to interact with the 6top
1064 layer of a node that is multiple hops away in a RESTful fashion.
1066 [I-D.ietf-6tisch-coap] defines a basic set CoAP resources and
1067 associated RESTful access methods (GET/PUT/POST/DELETE). The payload
1068 (body) of the CoAP messages is encoded using the CBOR format. The
1069 draft also defines the concept of "profiles" to allow for future or
1070 specific extensions, as well as a mechanism for a CoAP client to
1071 discover the profiles installed on a node.
1073 The entity issuing the CoAP requests can be a central scheduling
1074 entity (e.g. a PCE), a node multiple hops away with the authority to
1075 modify the TSCH schedule (e.g. the head of a local cluster), or a
1076 external device monitoring the overall state of the network (e.g.
1077 NME). It is also possible that a mapping entity on the backbone
1078 transforms a non-CoAP protocol such as PCEP into the RESTful
1079 interfaces that the 6TiSCH devices support.
1081 9.4. Hop-by-hop Scheduling
1083 A node can reserve a track to a destination node multiple hops away
1084 by installing soft cells at each intermediate node. This forms a
1085 track of soft cells. It is the responsibility of the 6top sublayer
1086 of each node on the track to monitor these soft cells and trigger
1087 relocation when needed.
1089 This hop-by-hop reservation mechanism is expected to be similar in
1090 essence to [RFC3209] and/or [RFC4080]/[RFC5974]. The protocol for a
1091 node to trigger hop-by-hop scheduling is not yet defined.
1093 10. Forwarding Models
1095 By forwarding, this specification means the per-packet operation that
1096 allows to deliver a packet to a next hop or an upper layer in this
1097 node. Forwarding is based on pre-existing state that was installed
1098 as a result of a routing computation Section 11. 6TiSCH supports
1099 three different forwarding model, G-MPLS Track Forwarding (TF),
1100 6LoWPAN Fragment Forwarding (FF) and IPv6 Forwarding (6F).
1102 10.1. Track Forwarding
1104 A Track is a unidirectional path between a source and a destination.
1105 In a Track cell, the normal operation of IEEE802.15.4e Automatic
1106 Repeat-reQuest (ARQ) usually happens, though the acknowledgment may
1107 be omitted in some cases, for instance if there is no scheduled cell
1108 for a retry.
1110 Track Forwarding is the simplest and fastest. A bundle of cells set
1111 to receive (RX-cells) is uniquely paired to a bundle of cells that
1112 are set to transmit (TX-cells), representing a layer-2 forwarding
1113 state that can be used regardless of the network layer protocol.
1114 This model can effectively be seen as a Generalized Multi-protocol
1115 Label Switching (G-MPLS) operation in that the information used to
1116 switch a frame is not an explicit label, but rather related to other
1117 properties of the way the packet was received, a particular cell in
1118 the case of 6TiSCH. As a result, as long as the TSCH MAC (and
1119 Layer-2 security) accepts a frame, that frame can be switched
1120 regardless of the protocol, whether this is an IPv6 packet, a 6LoWPAN
1121 fragment, or a frame from an alternate protocol such as WirelessHART
1122 or ISA100.11a.
1124 A data frame that is forwarded along a Track normally has a
1125 destination MAC address that is set to broadcast - or a multicast
1126 address depending on MAC support. This way, the MAC layer in the
1127 intermediate nodes accepts the incoming frame and 6top switches it
1128 without incurring a change in the MAC header. In the case of
1129 IEEE802.15.4e, this means effectively broadcast, so that along the
1130 Track the short address for the destination of the frame is set to
1131 0xFFFF.
1133 A Track is thus formed end-to-end as a succession of paired bundles,
1134 a receive bundle from the previous hop and a transmit bundle to the
1135 next hop along the Track, and a cell in such a bundle belongs to at
1136 most one Track. For a given iteration of the device schedule, the
1137 effective channel of the cell is obtained by adding a pseudo-random
1138 number to the channelOffset of the cell, which results in a rotation
1139 of the frequency that used for transmission. The bundles may be
1140 computed so as to accommodate both variable rates and
1141 retransmissions, so they might not be fully used at a given iteration
1142 of the schedule. The 6TiSCH architecture provides additional means
1143 to avoid waste of cells as well as overflows in the transmit bundle,
1144 as follows:
1146 In one hand, a TX-cell that is not needed for the current iteration
1147 may be reused opportunistically on a per-hop basis for routed
1148 packets. When all of the frame that were received for a given Track
1149 are effectively transmitted, any available TX-cell for that Track can
1150 be reused for upper layer traffic for which the next-hop router
1151 matches the next hop along the Track. In that case, the cell that is
1152 being used is effectively a TX-cell from the Track, but the short
1153 address for the destination is that of the next-hop router. It
1154 results that a frame that is received in a RX-cell of a Track with a
1155 destination MAC address set to this node as opposed to broadcast must
1156 be extracted from the Track and delivered to the upper layer (a frame
1157 with an unrecognized MAC address is dropped at the lower MAC layer
1158 and thus is not received at the 6top sublayer).
1160 On the other hand, it might happen that there are not enough TX-cells
1161 in the transmit bundle to accommodate the Track traffic, for instance
1162 if more retransmissions are needed than provisioned. In that case,
1163 the frame can be placed for transmission in the bundle that is used
1164 for layer-3 traffic towards the next hop along the track as long as
1165 it can be routed by the upper layer, that is, typically, if the frame
1166 transports an IPv6 packet. The MAC address should be set to the
1167 next-hop MAC address to avoid confusion. It results that a frame
1168 that is received over a layer-3 bundle may be in fact associated to a
1169 Track. In a classical IP link such as an Ethernet, off-track traffic
1170 is typically in excess over reservation to be routed along the non-
1171 reserved path based on its QoS setting. But with 6TiSCH, since the
1172 use of the layer-3 bundle may be due to transmission failures, it
1173 makes sense for the receiver to recognize a frame that should be re-
1174 tracked, and to place it back on the appropriate bundle if possible.
1175 A frame should be re-tracked if the Per-Hop-Behavior group indicated
1176 in the Differentiated Services Field in the IPv6 header is set to
1177 Deterministic Forwarding, as discussed in Section 11.1. A frame is
1178 re-tracked by scheduling it for transmission over the transmit bundle
1179 associated to the Track, with the destination MAC address set to
1180 broadcast.
1182 There are 2 modes for a Track, transport mode and tunnel mode.
1184 10.1.1. Transport Mode
1186 In transport mode, the Protocol Data Unit (PDU) is associated with
1187 flow-dependant meta-data that refers uniquely to the Track, so the
1188 6top sublayer can place the frame in the appropriate cell without
1189 ambiguity. In the case of IPv6 traffic, this flow identification is
1190 transported in the Flow Label of the IPv6 header. Associated with
1191 the source IPv6 address, the Flow Label forms a globally unique
1192 identifier for that particular Track that is validated at egress
1193 before restoring the destination MAC address (DMAC) and punting to
1194 the upper layer.
1196 | ^
1197 +--------------+ | |
1198 | IPv6 | | |
1199 +--------------+ | |
1200 | 6LoWPAN HC | | |
1201 +--------------+ ingress egress
1202 | 6top | sets +----+ +----+ restores
1203 +--------------+ dmac to | | | | dmac to
1204 | TSCH MAC | brdcst | | | | self
1205 +--------------+ | | | | | |
1206 | LLN PHY | +-------+ +--...-----+ +-------+
1207 +--------------+
1209 Track Forwarding, Transport Mode
1211 10.1.2. Tunnel Mode
1213 In tunnel mode, the frames originate from an arbitrary protocol over
1214 a compatible MAC that may or may not be synchronized with the 6TiSCH
1215 network. An example of this would be a router with a dual radio that
1216 is capable of receiving and sending WirelessHART or ISA100.11a frames
1217 with the second radio, by presenting itself as an access Point or a
1218 Backbone Router, respectively.
1220 In that mode, some entity (e.g. PCE) can coordinate with a
1221 WirelessHART Network Manager or an ISA100.11a System Manager to
1222 specify the flows that are to be transported transparently over the
1223 Track.
1225 +--------------+
1226 | IPv6 |
1227 +--------------+
1228 | 6LoWPAN HC |
1229 +--------------+ set restore
1230 | 6top | +dmac+ +dmac+
1231 +--------------+ to|brdcst to|nexthop
1232 | TSCH MAC | | | | |
1233 +--------------+ | | | |
1234 | LLN PHY | +-------+ +--...-----+ +-------+
1235 +--------------+ | ingress egress |
1236 | |
1237 +--------------+ | |
1238 | LLN PHY | | |
1239 +--------------+ | |
1240 | TSCH MAC | | |
1241 +--------------+ | dmac = | dmac =
1242 |ISA100/WiHART | | nexthop v nexthop
1243 +--------------+
1245 Figure 6: Track Forwarding, Tunnel Mode
1247 In that case, the flow information that identifies the Track at the
1248 ingress 6TiSCH router is derived from the RX-cell. The dmac is set
1249 to this node but the flow information indicates that the frame must
1250 be tunneled over a particular Track so the frame is not passed to the
1251 upper layer. Instead, the dmac is forced to broadcast and the frame
1252 is passed to the 6top sublayer for switching.
1254 At the egress 6TiSCH router, the reverse operation occurs. Based on
1255 metadata associated to the Track, the frame is passed to the
1256 appropriate link layer with the destination MAC restored.
1258 10.1.3. Tunnel Metadata
1260 Metadata coming with the Track configuration is expected to provide
1261 the destination MAC address of the egress endpoint as well as the
1262 tunnel mode and specific data depending on the mode, for instance a
1263 service access point for frame delivery at egress. If the tunnel
1264 egress point does not have a MAC address that matches the
1265 configuration, the Track installation fails.
1267 In transport mode, if the final layer-3 destination is the tunnel
1268 termination, then it is possible that the IPv6 address of the
1269 destination is compressed at the 6LoWPAN sublayer based on the MAC
1270 address. It is thus mandatory at the ingress point to validate that
1271 the MAC address that was used at the 6LoWPAN sublayer for compression
1272 matches that of the tunnel egress point. For that reason, the node
1273 that injects a packet on a Track checks that the destination is
1274 effectively that of the tunnel egress point before it overwrites it
1275 to broadcast. The 6top sublayer at the tunnel egress point reverts
1276 that operation to the MAC address obtained from the tunnel metadata.
1278 10.2. Fragment Forwarding
1280 Considering that 6LoWPAN packets can be as large as 1280 bytes (the
1281 IPv6 MTU), and that the non-storing mode of RPL implies Source
1282 Routing that requires space for routing headers, and that a
1283 IEEE802.15.4 frame with security may carry in the order of 80 bytes
1284 of effective payload, an IPv6 packet might be fragmented into more
1285 than 16 fragments at the 6LoWPAN sublayer.
1287 This level of fragmentation is much higher than that traditionally
1288 experienced over the Internet with IPv4 fragments, where
1289 fragmentation is already known as harmful.
1291 In the case to a multihop route within a 6TiSCH network, Hop-by-Hop
1292 recomposition occurs at each hop in order to reform the packet and
1293 route it. This creates additional latency and forces intermediate
1294 nodes to store a portion of a packet for an undetermined time, thus
1295 impacting critical resources such as memory and battery.
1297 [I-D.thubert-roll-forwarding-frags] describes a mechanism whereby the
1298 datagram tag in the 6LoWPAN Fragment is used as a label for switching
1299 at the 6LoWPAN sublayer. The draft allows for a degree of flow
1300 control based on an Explicit Congestion Notification, as well as end-
1301 to-end individual fragment recovery.
1303 | ^
1304 +--------------+ | |
1305 | IPv6 | | +----+ +----+ |
1306 +--------------+ | | | | | |
1307 | 6LoWPAN HC | | learn learn |
1308 +--------------+ | | | | | |
1309 | 6top | | | | | | |
1310 +--------------+ | | | | | |
1311 | TSCH MAC | | | | | | |
1312 +--------------+ | | | | | |
1313 | LLN PHY | +-------+ +--...-----+ +-------+
1314 +--------------+
1316 Figure 7: Forwarding First Fragment
1318 In that model, the first fragment is routed based on the IPv6 header
1319 that is present in that fragment. The 6LoWPAN sublayer learns the
1320 next hop selection, generates a new datagram tag for transmission to
1321 the next hop, and stores that information indexed by the incoming MAC
1322 address and datagram tag. The next fragments are then switched based
1323 on that stored state.
1325 | ^
1326 +--------------+ | |
1327 | IPv6 | | |
1328 +--------------+ | |
1329 | 6LoWPAN HC | | replay replay |
1330 +--------------+ | | | | | |
1331 | 6top | | | | | | |
1332 +--------------+ | | | | | |
1333 | TSCH MAC | | | | | | |
1334 +--------------+ | | | | | |
1335 | LLN PHY | +-------+ +--...-----+ +-------+
1336 +--------------+
1338 Figure 8: Forwarding Next Fragment
1340 A bitmap and an ECN echo in the end-to-end acknowledgment enable the
1341 source to resend the missing fragments selectively. The first
1342 fragment may be resent to carve a new path in case of a path failure.
1343 The ECN echo set indicates that the number of outstanding fragments
1344 should be reduced.
1346 10.3. IPv6 Forwarding
1348 As the packets are routed at Layer-3, traditional QoS and RED
1349 operations are expected to prioritize flows; the application of
1350 Differentiated Services is further discussed in
1351 [I-D.svshah-tsvwg-lln-diffserv-recommendations].
1353 | ^
1354 +--------------+ | |
1355 | IPv6 | | +-QoS+ +-QoS+ |
1356 +--------------+ | | | | | |
1357 | 6LoWPAN HC | | | | | | |
1358 +--------------+ | | | | | |
1359 | 6top | | | | | | |
1360 +--------------+ | | | | | |
1361 | TSCH MAC | | | | | | |
1362 +--------------+ | | | | | |
1363 | LLN PHY | +-------+ +--...-----+ +-------+
1364 +--------------+
1366 Figure 9: IP Forwarding
1368 11. Centralized vs. Distributed Routing
1370 6TiSCH supports a mixed model of centralized routes and distributed
1371 routes. Centralized routes can for example be computed by a entity
1372 such as a PCE. Distributed routes are computed by RPL.
1374 Both methods may inject routes in the Routing Tables of the 6TiSCH
1375 routers. In either case, each route is associated with a 6TiSCH
1376 topology that can be a RPL Instance topology or a track. The 6TiSCH
1377 topology is indexed by a Instance ID, in a format that reuses the
1378 RPLInstanceID as defined in RPL [RFC6550].
1380 Both RPL and PCE rely on shared sources such as policies to define
1381 Global and Local RPLInstanceIDs that can be used by either method.
1382 It is possible for centralized and distributed routing to share a
1383 same topology. Generally they will operate in different slotFrames,
1384 and centralized routes will be used for scheduled traffic and will
1385 have precedence over distributed routes in case of conflict between
1386 the slotFrames.
1388 11.1. Packet Marking and Handling
1390 All packets inside a 6TiSCH domain must carry the Instance ID that
1391 identifies the 6TiSCH topology that is to be used for routing and
1392 forwarding that packet. The location of that information must be the
1393 same for all packets forwarded inside the domain.
1395 For packets that are routed by a PCE along a Track, the tuple formed
1396 by the IPv6 source address and a local RPLInstanceID in the packet
1397 identify uniquely the Track and associated transmit bundle.
1399 Additionally, an IP packet that is sent along a Track uses the
1400 Differentiated Services Per-Hop-Behavior Group called Deterministic
1401 Forwarding, as described in
1402 [I-D.svshah-tsvwg-deterministic-forwarding].
1404 For packets that are routed by RPL, that information is the
1405 RPLInstanceID which is carried in the RPL Packet Information, as
1406 discussed in section 11.2 of [RFC6550], "Loop Avoidance and
1407 Detection".
1409 The RPL Packet Information (RPI) is carried in IPv6 packets as a RPL
1410 option in the IPv6 Hop-By-Hop Header [RFC6553].
1412 6Lo is currently considering a Next Header Compression (NHC) for the
1413 RPI (RPI-NHC). The RPI-NHC is specified in
1414 [I-D.thubert-6lo-rpl-nhc], and is the compressed equivalent to the
1415 whole HbH header with the RPL option.
1417 An alternative form of compression that integrates the compression on
1418 IP-in-IP encapsulation and the Routing Header type 3 [RFC6554] with
1419 that of the RPI in a new 6LoWPAN dispatch/header type is concurrently
1420 being evaluated as [I-D.thubert-6lo-routing-dispatch].
1422 Either way, the method and format used for encoding the RPLInstanceID
1423 is generalized to all 6TiSCH topological Instances, which include
1424 both RPL Instances and Tracks.
1426 12. IANA Considerations
1428 This specification does not require IANA action.
1430 13. Security Considerations
1432 This architecture operates on IEEE802.15.4 and expects link-layer
1433 security to be enabled at all times between connected devices, except
1434 for the very first step of the device join process, where a joining
1435 device may need some initial, unsecured exchanges so as to obtain its
1436 initial key material. Work has already started at the 6TiSCH
1437 Security Design Team and an overview of the current state of that
1438 work is presented in Section 13.1.
1440 Future work on 6TiSCH security and will examine in deeper detail how
1441 to secure transactions end-to-end, and to maintain the security
1442 posture of a device over its lifetime. The result of that work will
1443 be described in a subsequent volume of this architecture.
1445 13.1. Join Process Highlights
1447 The architecture specifies three logical elements to describe the
1448 join process:
1450 Joining Node (JN): Node that wishes to become part of the network;
1452 Join Coordination Entity (JCE) : A Join Coordination Entity (JCE)
1453 that arbitrates network access and hands out network parameters
1454 (such as keying material);
1456 Join Assistant (JA), a one-hop (radio) neighbor of the joining node
1457 that acts as proxy network node and may provide connectivity
1458 with the JCE.
1460 The join protocol consists of three major activities:
1462 Device Authentication: The JN and the JA mutually authenticate each
1463 other and establish a shared key, so as to ensure on-going
1464 authenticated communications. This may involve a server as a
1465 third party.
1467 Authorization: The JA decides on whether/how to authorize a JN (if
1468 denied, this may result in loss of bandwidth). Conversely, the
1469 JN decides on whether/how to authorize the network (if denied,
1470 it will not join the network). Authorization decisions may
1471 involve other nodes in the network.
1473 Configuration/Parameterization: The JA distributes configuration
1474 information to the JN, such as scheduling information, IP
1475 address assignment information, and network policies. This may
1476 originate from other network devices, for which the JA may act
1477 as proxy. This step may also include distribution of
1478 information from the JN to the JA and other nodes in the
1479 network and, more generally, synchronization of information
1480 between these entities.
1482 The device joining process is depicted in Figure 10, where it is
1483 assumed that devices have access to certificates and where entities
1484 have access to the root CA keys of their communicating parties
1485 (initial set-up requirement). Under these assumptions, the
1486 authentication step of the device joining process does not require
1487 online involvement of a third party. Mutual authentication is
1488 performed between the JN and the JA using their certificates, which
1489 also results in a shared key between these two entities.
1491 The JA assists the JN in mutual authentication with a remote server
1492 node (primarily via provision of a communication path with the
1493 server), which also results in a shared (end-to-end) key between
1494 those two entities. The server node may be a JCE that arbitrages the
1495 network authorization of the JN (where the JA will deny bandwidth if
1496 authorization is not successful); it may distribute network-specific
1497 configuration parameters (including network-wide keys) to the JN. In
1498 its turn, the JN may distribute and synchronize information
1499 (including, e.g., network statistics) to the server node and, if so
1500 desired, also to the JA. The actual decision of the JN to become
1501 part of the network may depend on authorization of the network
1502 itself.
1504 The server functionality is a role which may be implemented with one
1505 (centralized) or multiple devices (distributed). In either case,
1506 mutual authentication is established with each physical server entity
1507 with which a role is implemented.
1509 Note that in the above description, the JA does not solely act as a
1510 relay node, thereby allowing it to first filter traffic to be relayed
1511 based on cryptographic authentication criteria - this provides first-
1512 level access control and mitigates certain types of denial-of-service
1513 attacks on the network at large.
1515 Depending on more detailed insight in cost/benefit trade-offs, this
1516 process might be complemented by a more "relaxed" mechanism, where
1517 the JA acts as a relay node only. The final architecture will
1518 provide mechanisms to also cover cases where the initial set-up
1519 requirements are not met or where some other out-of-sync behavior
1520 occurs; it will also suggest some optimizations in case JCE-related
1521 information is already available with the JA (via caching of
1522 information).
1524 When a device rejoins the network in the same authorization domain,
1525 the authorization step could be omitted if the server distributes the
1526 authorization state for the device to the JA when the device
1527 initially joined the network. However, this generally still requires
1528 the exchange of updated configuration information, e.g., related to
1529 time schedules and bandwidth allocation.
1531 {joining node} {neighbor} {server, etc.} Example:
1532 +---------+ +---------+ +---------+
1533 | Joining | | Join | +--| CA |certificate
1534 | Node | |Assistant| | +---------+ issuance
1535 +---------+ +---------+ | +---------+
1536 | | +--|Authoriz.| membership
1537 |<----Beaconing------| | +---------+ test (JCE)
1538 | | | +---------+
1539 |<--Authentication-->| +--| Routing | IP address
1540 | |<--Authorization-->| +--------- assignment
1541 |<-------------------| | +---------+
1542 | | +--| Gateway | backbone,
1543 |------------------->| | +---------+ cloud
1544 | |<--Configuration-->| +---------+
1545 |<-------------------| +--|Bandwidth| PCE
1546 +---------+ schedule
1547 . . .
1548 . . .
1550 Figure 10: Network joining, with only authorization by third party
1552 14. Acknowledgments
1554 14.1. Contributors
1556 The editors and authors wish to recognize the contribution of
1558 Robert Assimiti for his breakthrough work on RPL over TSCH and
1559 initial text and guidance.
1561 Kris Pister for creating it all and his continuing guidance through
1562 the elaboration of this design.
1564 Michael Richardson for his leadership role in the Security Design
1565 Team and his contribution throughout this document.
1567 Rene Struik for the security section and his contribution to the
1568 Security Design Team.
1570 Xavier Vilajosana who lead the design of the minimal support with
1571 RPL and contributed deeply to the 6top design.
1573 Qin Wang who lead the design of the 6top sublayer and contributed
1574 related text that was moved and/or adapted in this document.
1576 14.2. Special Thanks
1578 Special thanks to Tero Kivinen, Jonathan Simon, Giuseppe Piro, Subir
1579 Das and Yoshihiro Ohba for their deep contribution to the initial
1580 security work, and to Diego Dujovne for starting and leading the On-
1581 the-Fly effort.
1583 Special thanks also to Pat Kinney for his support in maintaining the
1584 connection active and the design in line with work happening at
1585 IEEE802.15.4.
1587 Also special thanks to Ted Lemon who was the INT Area A-D while this
1588 specification was developed for his great support and help
1589 throughout.
1591 14.3. And Do not Forget
1593 This specification is the result of multiple interactions, in
1594 particular during the 6TiSCH (bi)Weekly Interim call, relayed through
1595 the 6TiSCH mailing list at the IETF.
1597 The authors wish to thank: Alaeddine Weslati, Chonggang Wang,
1598 Georgios Exarchakos, Zhuo Chen, Alfredo Grieco, Bert Greevenbosch,
1599 Cedric Adjih, Deji Chen, Martin Turon, Dominique Barthel, Elvis
1600 Vogli, Geraldine Texier, Malisa Vucinic, Guillaume Gaillard, Herman
1601 Storey, Kazushi Muraoka, Ken Bannister, Kuor Hsin Chang, Laurent
1602 Toutain, Maik Seewald, Maria Rita Palattella, Michael Behringer,
1603 Nancy Cam Winget, Nicola Accettura, Nicolas Montavont, Oleg Hahm,
1604 Patrick Wetterwald, Paul Duffy, Peter van der Stock, Rahul Sen,
1605 Pieter de Mil, Pouria Zand, Rouhollah Nabati, Rafa Marin-Lopez,
1606 Raghuram Sudhaakar, Sedat Gormus, Shitanshu Shah, Steve Simlo,
1607 Tengfei Chang, Tina Tsou, Tom Phinney, Xavier Lagrange, Ines Robles
1608 and Samita Chakrabarti for their participation and various
1609 contributions.
1611 15. References
1613 15.1. Normative References
1615 [I-D.ietf-6tisch-terminology]
1616 Palattella, M., Thubert, P., Watteyne, T., and Q. Wang,
1617 "Terminology in IPv6 over the TSCH mode of IEEE
1618 802.15.4e", draft-ietf-6tisch-terminology-04 (work in
1619 progress), March 2015.
1621 [I-D.ietf-6tisch-tsch]
1622 Watteyne, T., Palattella, M., and L. Grieco, "Using
1623 IEEE802.15.4e TSCH in an IoT context: Overview, Problem
1624 Statement and Goals", draft-ietf-6tisch-tsch-06 (work in
1625 progress), March 2015.
1627 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
1628 (IPv6) Specification", RFC 2460, December 1998.
1630 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
1631 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
1632 September 2007.
1634 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
1635 Address Autoconfiguration", RFC 4862, September 2007.
1637 [RFC6282] Hui, J. and P. Thubert, "Compression Format for IPv6
1638 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282,
1639 September 2011.
1641 [RFC6550] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R.,
1642 Levis, P., Pister, K., Struik, R., Vasseur, JP., and R.
1643 Alexander, "RPL: IPv6 Routing Protocol for Low-Power and
1644 Lossy Networks", RFC 6550, March 2012.
1646 [RFC6552] Thubert, P., "Objective Function Zero for the Routing
1647 Protocol for Low-Power and Lossy Networks (RPL)", RFC
1648 6552, March 2012.
1650 [RFC6553] Hui, J. and JP. Vasseur, "The Routing Protocol for Low-
1651 Power and Lossy Networks (RPL) Option for Carrying RPL
1652 Information in Data-Plane Datagrams", RFC 6553, March
1653 2012.
1655 [RFC6554] Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6
1656 Routing Header for Source Routes with the Routing Protocol
1657 for Low-Power and Lossy Networks (RPL)", RFC 6554, March
1658 2012.
1660 [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann,
1661 "Neighbor Discovery Optimization for IPv6 over Low-Power
1662 Wireless Personal Area Networks (6LoWPANs)", RFC 6775,
1663 November 2012.
1665 15.2. Informative References
1667 [I-D.chakrabarti-nordmark-6man-efficient-nd]
1668 Chakrabarti, S., Nordmark, E., Thubert, P., and M.
1669 Wasserman, "IPv6 Neighbor Discovery Optimizations for
1670 Wired and Wireless Networks", draft-chakrabarti-nordmark-
1671 6man-efficient-nd-07 (work in progress), February 2015.
1673 [I-D.dujovne-6tisch-on-the-fly]
1674 Dujovne, D., Grieco, L., Palattella, M., and N. Accettura,
1675 "6TiSCH On-the-Fly Scheduling", draft-dujovne-6tisch-on-
1676 the-fly-05 (work in progress), March 2015.
1678 [I-D.finn-detnet-architecture]
1679 Finn, N., Thubert, P., and M. Teener, "Deterministic
1680 Networking Architecture", draft-finn-detnet-
1681 architecture-01 (work in progress), March 2015.
1683 [I-D.ietf-6tisch-6top-interface]
1684 Wang, Q., Vilajosana, X., and T. Watteyne, "6TiSCH
1685 Operation Sublayer (6top) Interface", draft-ietf-6tisch-
1686 6top-interface-03 (work in progress), March 2015.
1688 [I-D.ietf-6tisch-coap]
1689 Sudhaakar, R. and P. Zand, "6TiSCH Resource Management and
1690 Interaction using CoAP", draft-ietf-6tisch-coap-03 (work
1691 in progress), March 2015.
1693 [I-D.ietf-6tisch-minimal]
1694 Vilajosana, X. and K. Pister, "Minimal 6TiSCH
1695 Configuration", draft-ietf-6tisch-minimal-06 (work in
1696 progress), March 2015.
1698 [I-D.ietf-ipv6-multilink-subnets]
1699 Thaler, D. and C. Huitema, "Multi-link Subnet Support in
1700 IPv6", draft-ietf-ipv6-multilink-subnets-00 (work in
1701 progress), July 2002.
1703 [I-D.ietf-roll-rpl-industrial-applicability]
1704 Phinney, T., Thubert, P., and R. Assimiti, "RPL
1705 applicability in industrial networks", draft-ietf-roll-
1706 rpl-industrial-applicability-02 (work in progress),
1707 October 2013.
1709 [I-D.richardson-6tisch-security-architecture]
1710 Richardson, M., "security architecture for 6top:
1711 requirements and structure", draft-richardson-6tisch-
1712 security-architecture-02 (work in progress), April 2014.
1714 [I-D.struik-6tisch-security-architecture-elements]
1715 Struik, R., Ohba, Y., and S. Das, "6TiSCH Security
1716 Architectural Elements, Desired Protocol Properties, and
1717 Framework", draft-struik-6tisch-security-architecture-
1718 elements-01 (work in progress), October 2014.
1720 [I-D.svshah-tsvwg-deterministic-forwarding]
1721 Shah, S. and P. Thubert, "Deterministic Forwarding PHB",
1722 draft-svshah-tsvwg-deterministic-forwarding-03 (work in
1723 progress), March 2015.
1725 [I-D.svshah-tsvwg-lln-diffserv-recommendations]
1726 Shah, S. and P. Thubert, "Differentiated Service Class
1727 Recommendations for LLN Traffic", draft-svshah-tsvwg-lln-
1728 diffserv-recommendations-04 (work in progress), February
1729 2015.
1731 [I-D.thubert-6lo-rfc6775-update-reqs]
1732 Thubert, P. and P. Stok, "Requirements for an update to
1733 6LoWPAN ND", draft-thubert-6lo-rfc6775-update-reqs-06
1734 (work in progress), January 2015.
1736 [I-D.thubert-6lo-routing-dispatch]
1737 Thubert, P., Bormann, C., Toutain, L., and R. Cragie, "A
1738 Routing Header Dispatch for 6LoWPAN", draft-thubert-6lo-
1739 routing-dispatch-03 (work in progress), January 2015.
1741 [I-D.thubert-6lo-rpl-nhc]
1742 Thubert, P. and C. Bormann, "A compression mechanism for
1743 the RPL option", draft-thubert-6lo-rpl-nhc-02 (work in
1744 progress), October 2014.
1746 [I-D.thubert-6lowpan-backbone-router]
1747 Thubert, P., "6LoWPAN Backbone Router", draft-thubert-
1748 6lowpan-backbone-router-03 (work in progress), February
1749 2013.
1751 [I-D.thubert-roll-forwarding-frags]
1752 Thubert, P. and J. Hui, "LLN Fragment Forwarding and
1753 Recovery", draft-thubert-roll-forwarding-frags-02 (work in
1754 progress), September 2013.
1756 [I-D.vanderstok-core-comi]
1757 Stok, P., Greevenbosch, B., Bierman, A., Schoenwaelder,
1758 J., and A. Sehgal, "CoAP Management Interface", draft-
1759 vanderstok-core-comi-06 (work in progress), February 2015.
1761 [I-D.wang-6tisch-6top-sublayer]
1762 Wang, Q., Vilajosana, X., and T. Watteyne, "6TiSCH
1763 Operation Sublayer (6top)", draft-wang-6tisch-6top-
1764 sublayer-01 (work in progress), July 2014.
1766 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
1767 "Definition of the Differentiated Services Field (DS
1768 Field) in the IPv4 and IPv6 Headers", RFC 2474, December
1769 1998.
1771 [RFC2545] Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol
1772 Extensions for IPv6 Inter-Domain Routing", RFC 2545, March
1773 1999.
1775 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
1776 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
1777 Tunnels", RFC 3209, December 2001.
1779 [RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between
1780 Information Models and Data Models", RFC 3444, January
1781 2003.
1783 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with
1784 CBC-MAC (CCM)", RFC 3610, September 2003.
1786 [RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A., and P.
1787 Thubert, "Network Mobility (NEMO) Basic Support Protocol",
1788 RFC 3963, January 2005.
1790 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
1791 Neighbor Discovery (SEND)", RFC 3971, March 2005.
1793 [RFC4080] Hancock, R., Karagiannis, G., Loughney, J., and S. Van den
1794 Bosch, "Next Steps in Signaling (NSIS): Framework", RFC
1795 4080, June 2005.
1797 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
1798 Architecture", RFC 4291, February 2006.
1800 [RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
1801 Proxies (ND Proxy)", RFC 4389, April 2006.
1803 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD)
1804 for IPv6", RFC 4429, April 2006.
1806 [RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903, June
1807 2007.
1809 [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6
1810 over Low-Power Wireless Personal Area Networks (6LoWPANs):
1811 Overview, Assumptions, Problem Statement, and Goals", RFC
1812 4919, August 2007.
1814 [RFC5191] Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., and A.
1815 Yegin, "Protocol for Carrying Authentication for Network
1816 Access (PANA)", RFC 5191, May 2008.
1818 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
1819 for IPv6", RFC 5340, July 2008.
1821 [RFC5889] Baccelli, E. and M. Townsley, "IP Addressing Model in Ad
1822 Hoc Networks", RFC 5889, September 2010.
1824 [RFC5974] Manner, J., Karagiannis, G., and A. McDonald, "NSIS
1825 Signaling Layer Protocol (NSLP) for Quality-of-Service
1826 Signaling", RFC 5974, October 2010.
1828 [RFC6275] Perkins, C., Johnson, D., and J. Arkko, "Mobility Support
1829 in IPv6", RFC 6275, July 2011.
1831 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
1832 Security Version 1.2", RFC 6347, January 2012.
1834 [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS
1835 SAVI: First-Come, First-Served Source Address Validation
1836 Improvement for Locally Assigned IPv6 Addresses", RFC
1837 6620, May 2012.
1839 [RFC6655] McGrew, D. and D. Bailey, "AES-CCM Cipher Suites for
1840 Transport Layer Security (TLS)", RFC 6655, July 2012.
1842 [RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
1843 Locator/ID Separation Protocol (LISP)", RFC 6830, January
1844 2013.
1846 15.3. Other Informative References
1848 [ACE] IETF, "Authentication and Authorization for Constrained
1849 Environments", .
1852 [CCAMP] IETF, "Common Control and Measurement Plane",
1853 .
1855 [DICE] IETF, "DTLS In Constrained Environments",
1856 .
1858 [HART] www.hartcomm.org, "Highway Addressable remote Transducer,
1859 a group of specifications for industrial process and
1860 control devices administered by the HART Foundation".
1862 [IEEE802.1TSNTG]
1863 IEEE Standards Association, "IEEE 802.1 Time-Sensitive
1864 Networks Task Group", March 2013,
1865 .
1867 [IEEE802154e]
1868 IEEE standard for Information Technology, "IEEE std.
1869 802.15.4e, Part. 15.4: Low-Rate Wireless Personal Area
1870 Networks (LR-WPANs) Amendment 1: MAC sublayer", April
1871 2012.
1873 [ISA100] ISA/ANSI, "ISA100, Wireless Systems for Automation",
1874 .
1876 [ISA100.11a]
1877 ISA/ANSI, "Wireless Systems for Industrial Automation:
1878 Process Control and Related Applications - ISA100.11a-2011
1879 - IEC 62734", 2011, .
1882 [PCE] IETF, "Path Computation Element",
1883 .
1885 [TEAS] IETF, "Traffic Engineering Architecture and Signaling",
1886 .
1888 [WirelessHART]
1889 www.hartcomm.org, "Industrial Communication Networks -
1890 Wireless Communication Network and Communication Profiles
1891 - WirelessHART - IEC 62591", 2010.
1893 Appendix A. Personal submissions relevant to the next volumes
1895 This volume only covers a portion of the total work that is needed to
1896 cover the full 6TiSCH architecture. Missing portions include
1897 Deterministic Networking with Track Forwarding, Dynamic Scheduling,
1898 and Security.
1900 [I-D.richardson-6tisch-security-architecture] elaborates on the
1901 potential use of 802.1AR certificates, and some options for the join
1902 process are presented in more details.
1904 [I-D.struik-6tisch-security-architecture-elements] describes 6TiSCH
1905 security architectural elements with high level requirements and the
1906 security framework that are relevant for the design of the 6TiSCH
1907 security solution.
1909 [I-D.dujovne-6tisch-on-the-fly] discusses the use of the 6top
1910 sublayer [I-D.wang-6tisch-6top-sublayer] to adapt dynamically the
1911 number of cells between a RPL parent and a child to the needs of the
1912 actual traffic.
1914 Author's Address
1916 Pascal Thubert (editor)
1917 Cisco Systems, Inc
1918 Building D
1919 45 Allee des Ormes - BP1200
1920 MOUGINS - Sophia Antipolis 06254
1921 FRANCE
1923 Phone: +33 497 23 26 34
1924 Email: pthubert@cisco.com