idnits 2.17.1 draft-ietf-6tisch-enrollment-enhanced-beacon-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC8180]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 169 has weird spacing: '...riority this ...' == Line 177 has weird spacing: '...riority the p...' == Line 186 has weird spacing: '...riority the r...' -- The document date (September 09, 2019) is 1691 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-6tisch-dtsecurity-secure-join' is defined on line 312, but no explicit reference was found in the text == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-26 ** Downref: Normative reference to an Informational draft: draft-ietf-6tisch-architecture (ref. 'I-D.ietf-6tisch-architecture') == Outdated reference: A later version (-15) exists of draft-ietf-6tisch-minimal-security-12 -- Possible downref: Non-RFC (?) normative reference: ref. 'ieee802154' ** Downref: Normative reference to an Informational RFC: RFC 7554 ** Downref: Normative reference to an Informational RFC: RFC 8137 Summary: 4 errors (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo Working Group D. Dujovne 3 Internet-Draft Universidad Diego Portales 4 Intended status: Standards Track M. Richardson 5 Expires: March 12, 2020 Sandelman Software Works 6 September 09, 2019 8 IEEE802.15.4 Informational Element encapsulation of 6tisch Join and 9 Enrollment Information 10 draft-ietf-6tisch-enrollment-enhanced-beacon-03 12 Abstract 14 In TSCH mode of IEEE802.15.4, as described by [RFC8180], 15 opportunities for broadcasts are limited to specific times and 16 specific channels. Nodes in a TSCH network typically frequently send 17 Enhanced Beacon (EB) frames to announce the presence of the network. 18 This document provides a mechanism by which small details critical 19 for new nodes (pledges) and long sleeping nodes may be carried within 20 the Enhanced Beacon. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on March 12, 2020. 39 Copyright Notice 41 Copyright (c) 2019 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.1. Use of BCP 14 Terminology . . . . . . . . . . . . . . . . 2 58 1.2. Layer-2 Synchronization . . . . . . . . . . . . . . . . . 2 59 1.3. Layer-3 synchronization IPv6 Router solicitations and 60 advertisements . . . . . . . . . . . . . . . . . . . . . 3 61 2. Protocol Definition . . . . . . . . . . . . . . . . . . . . . 3 62 3. Security Considerations . . . . . . . . . . . . . . . . . . . 5 63 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6 64 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 65 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 66 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 67 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 68 7.2. Informative References . . . . . . . . . . . . . . . . . 7 69 Appendix A. Change history . . . . . . . . . . . . . . . . . . . 8 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 72 1. Introduction 74 [RFC7554] describes the use of the time-slotted channel hopping 75 (TSCH) mode of [ieee802154]. As further details in [RFC8180], an 76 Enhanced Beacon is transmitted during a slot designated a broadcast 77 slot. 79 1.1. Use of BCP 14 Terminology 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 83 "OPTIONAL" in this document are to be interpreted as described in 84 [BCP14] [RFC2119] when, and only when, they appear in all capitals, 85 as shown here. 87 Other terminology can be found in [I-D.ietf-6tisch-architecture] in 88 section 2.1. 90 1.2. Layer-2 Synchronization 92 As explained in section 6 of [RFC8180], the Enhanced Beacon has a 93 number of purposes: synchronization of ASN and Join Metric, timeslot 94 template identifier, the channel hopping sequence identifier, TSCH 95 SlotFrame and Link IE. 97 The Enhanced Beacon (EB) is used by nodes already part of a TSCH 98 network to annouce its existance. Receiving an EB allows a Joining 99 Node (pledge) to learn about the network and synchronize to it. The 100 EB may also be used as a means for a node already part of the network 101 to re-synchronize [RFC7554]. 103 There are a limited number of timeslots designated as a broadcast 104 slot by each router. These slots are rare, and with 10ms slots, with 105 a slot-frame length of 100, there may be only 1 slot/s for the 106 beacon. 108 1.3. Layer-3 synchronization IPv6 Router solicitations and 109 advertisements 111 At layer 3, [RFC4861] defines a mechanism by which nodes learn about 112 routers by listening for multicasted Router Advertisements (RA). If 113 no RA is heard within a set time, then a Router Solicitation (RS) may 114 be multicast, to which an RA will be received, usually unicast. 116 Although [RFC6775] reduces the amount of multicast necessary to do 117 address resolution via Neighbor Solicitation messages, it still 118 requires multicast of either RAs or RS. This is an expensive 119 operation for two reasons: there are few multicast timeslots for 120 unsolicited RAs; if a pledge node does not hear an RA, and decides to 121 send a RS (consuming a broadcast aloha slot with unencrypted 122 traffic), unicast RS may be sent in response. 124 This is a particularly acute issue for the join process for the 125 following reasons: 127 1. use of a multicast slot by even a non-malicious unauthenticated 128 node for a Router Solicitation may overwhelm that time slot. 130 2. it may require many seconds of on-time before a new pledge hears 131 a Router Soliciation that it can use. 133 3. a new pledge may listen to many Enhanced Beacons before it can 134 pick an appropriate network and/or closest Join Assistant to 135 attach to. If it must listen for a RS as well as find the 136 Enhanced Beacon, then the process may take a very long time. 138 2. Protocol Definition 140 [RFC8137] creates a registry for new IETF IE subtypes. This document 141 allocates a new subtype. 143 The new IE subtype structure is as follows. As explained in 144 [RFC8137] the length of the Sub-Type Content can be calculated from 145 the container, so no length information is necessary. 147 1 2 3 148 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 | TBD-XXX |R|P| res | proxy prio | rank priority | 151 +-+-+-+-+-+-+-+-+-+-------------+-------------+-----------------+ 152 | pan priority | | 153 +---------------+ + 154 | Join Proxy lower-64 | 155 + (present if P=1) + 156 | | 157 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 158 | | | 159 +-+-+-+-+-+-+-+-+ + 160 | network ID | 161 + variable length, up to 16 bytes + 162 ~ ~ 163 + + 164 | | 165 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | | 167 +-+-+-+-+-+-+-+-+ 169 proxy priority this field indicates the willingness to act as join 170 proxy. Lower value indicates willing to act as a Join Proxy as 171 described in [I-D.ietf-6tisch-minimal-security]. Values range 0 172 (most willing) to 0x7e (least willing). A priority of 0x7f 173 indicates that the announcer should never be considered as a 174 viable enrollment proxy. Only unenrolled pledges look at this 175 value. 177 pan priority the pan priority is a value set by the DODAG root to 178 indicate the relative priority of this LLN compared to those with 179 different PANIDs. This value may be used as part of the 180 enrollment priority, but typically is used by devices which have 181 already enrolled, and need to determine which PAN to pick. 182 Unenrolled pledges MAY consider this value when selecting a PAN to 183 join. Enrolled devices MAY consider this value when looking for 184 an eligible parent device. 186 rank priority the rank "priority" is set by the 6LR which sent the 187 beacon and is an indication of how willing this 6LR is to serve as 188 an RPL parent within a particular network ID. This is a local 189 value to be determined in other work. It might be calculated from 190 RPL rank, and it may include some modifications based upon current 191 number of children, or number of neighbor cache entries available. 192 This value MUST be ignored by pledges, it is for enrolled devices 193 only. 195 R the Router Advertisement R-flag is set if the sending node will 196 act as a Router for host-only nodes that need addressing via 197 unicast Router Solicitation messages. 199 P if the Proxy Address P-flag is set, then the lower 64-bits of the 200 Join Proxy's Link Layer address follows the network ID. If the 201 Proxy Address bit is not set, then the Link Layer address of the 202 Join Proxy is identical to the Layer-2 8-byte address used to 203 originate this enhanced beacon. In either case, the layer-2 204 address of any IPv6 traffic to the originator of this beacon may 205 use the layer-2 address which was used to originate the beacon. 207 join-proxy interface ID if the P bit is set, then 64 bits (8 bytes) 208 of address are present. This field provides the suffix of the 209 Link-Local address of the Join Proxy. The associated prefix is 210 well-known as fe80::/64. 212 network ID this is an variable length field, up to 16-bytes in size 213 that uniquely identifies this network, potentially among many 214 networks that are operating in the same frequencies in overlapping 215 physical space. The length of this field can be calculated as 216 being whatever is left in the Information Element. 218 In a 6tisch network, where RPL [RFC6550] is used as the mesh routing 219 protocol, the network ID can be constructed from a SHA256 hash of the 220 prefix (/64) of the network. That is just a suggestion for a default 221 value. In some LLNs where multiple PANIDs may lead to the same 222 management device (the JRC), then a common value that is the same 223 across all PANs MUST be configured. 225 3. Security Considerations 227 All of the contents of this Information Element are sent in the 228 clear. The containing Enhanced Beacon is not encrypted. 230 The Enhanced Beagon is authenticated at the layer-2 level using 231 802.15.4 mechanisms using the network-wide keying material. Nodes 232 which are enrolled will have the network-wide keying material and can 233 validate the beacon. 235 Pledges which have not yet enrolled are unable to authenticate the 236 beacons. 238 4. Privacy Considerations 240 The use of a network ID may reveal information about the network. 241 The use of a SHA256 hash of the DODAGID, rather than using the 242 DODAGID directly provides some cover the addresses used within the 243 network. The DODAGID is usually the IPv6 address of the root of the 244 RPL mesh. 246 An interloper with a radio sniffer would be able to use the network 247 ID to map out the extend of the mesh network. 249 5. IANA Considerations 251 Allocate a new number TBD-XXX from Registry IETF IE Sub-type ID. 252 This entry should be called 6tisch-Join-Info, and should refer to 253 this document. 255 6. Acknowledgements 257 Thomas Watteyne provided extensive editorial comments on the 258 document. 260 7. References 262 7.1. Normative References 264 [BCP14] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 265 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 266 May 2017, . 268 [I-D.ietf-6tisch-architecture] 269 Thubert, P., "An Architecture for IPv6 over the TSCH mode 270 of IEEE 802.15.4", draft-ietf-6tisch-architecture-26 (work 271 in progress), August 2019. 273 [I-D.ietf-6tisch-minimal-security] 274 Vucinic, M., Simon, J., Pister, K., and M. Richardson, 275 "Minimal Security Framework for 6TiSCH", draft-ietf- 276 6tisch-minimal-security-12 (work in progress), July 2019. 278 [ieee802154] 279 IEEE Standard, ., "802.15.4-2015 - IEEE Standard for Low- 280 Rate Wireless Personal Area Networks (WPANs)", 2015, 281 . 284 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 285 Requirement Levels", BCP 14, RFC 2119, 286 DOI 10.17487/RFC2119, March 1997, 287 . 289 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 290 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 291 DOI 10.17487/RFC4861, September 2007, 292 . 294 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 295 Bormann, "Neighbor Discovery Optimization for IPv6 over 296 Low-Power Wireless Personal Area Networks (6LoWPANs)", 297 RFC 6775, DOI 10.17487/RFC6775, November 2012, 298 . 300 [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using 301 IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the 302 Internet of Things (IoT): Problem Statement", RFC 7554, 303 DOI 10.17487/RFC7554, May 2015, 304 . 306 [RFC8137] Kivinen, T. and P. Kinney, "IEEE 802.15.4 Information 307 Element for the IETF", RFC 8137, DOI 10.17487/RFC8137, May 308 2017, . 310 7.2. Informative References 312 [I-D.ietf-6tisch-dtsecurity-secure-join] 313 Richardson, M., "6tisch Secure Join protocol", draft-ietf- 314 6tisch-dtsecurity-secure-join-01 (work in progress), 315 February 2017. 317 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 318 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 319 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 320 Low-Power and Lossy Networks", RFC 6550, 321 DOI 10.17487/RFC6550, March 2012, 322 . 324 [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal 325 IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) 326 Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, 327 May 2017, . 329 Appendix A. Change history 331 The rank priority was expanded to 2 bytes. 333 00: The extension was originally for the use of Pledges only during 334 the enrollment/join process. Additional information was desired for 335 nodes which have already enrolled in order to aid in the joining 336 (selecting of a parent) of an RPL DAG. The term "join" was realized 337 to be ambiguous, meaning different things to different groups, and so 338 the activity where the pledge finds a "Join Proxy" has been named 339 "enrollment" 341 -1: This is an evolution of an earlier proposal which provided for 342 storing an entire IPv6 Router Adverisement in an Informational 343 Element. It was deemed too general a solution, possibly subject to 344 mis-use. This proposal restricts the use to just the key pieces of 345 information required. 347 Authors' Addresses 349 Diego Dujovne (editor) 350 Universidad Diego Portales 351 Escuela de Informatica y Telecomunicaciones, Av. Ejercito 441 352 Santiago, Region Metropolitana 353 Chile 355 Phone: +56 (2) 676-8121 356 Email: diego.dujovne@mail.udp.cl 358 Michael Richardson 359 Sandelman Software Works 361 Email: mcr+ietf@sandelman.ca