idnits 2.17.1 draft-ietf-6tisch-msf-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (7 March 2020) is 1510 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 636 -- Looks like a reference, but probably isn't: '3' on line 636 -- Looks like a reference, but probably isn't: '4' on line 636 -- Looks like a reference, but probably isn't: '2' on line 636 -- Looks like a reference, but probably isn't: '0' on line 636 -- Looks like a reference, but probably isn't: '5' on line 636 -- Looks like a reference, but probably isn't: '6' on line 636 -- Looks like a reference, but probably isn't: '7' on line 636 -- Looks like a reference, but probably isn't: '9' on line 636 == Outdated reference: A later version (-15) exists of draft-ietf-6tisch-minimal-security-13 == Outdated reference: A later version (-14) exists of draft-ietf-6tisch-enrollment-enhanced-beacon-06 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-28 ** Downref: Normative reference to an Informational draft: draft-ietf-6tisch-architecture (ref. 'I-D.ietf-6tisch-architecture') -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE802154' Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 11 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6TiSCH T. Chang, Ed. 3 Internet-Draft M. Vucinic 4 Intended status: Standards Track Inria 5 Expires: 8 September 2020 X. Vilajosana 6 Universitat Oberta de Catalunya 7 S. Duquennoy 8 RISE SICS 9 D. Dujovne 10 Universidad Diego Portales 11 7 March 2020 13 6TiSCH Minimal Scheduling Function (MSF) 14 draft-ietf-6tisch-msf-12 16 Abstract 18 This specification defines the 6TiSCH Minimal Scheduling Function 19 (MSF). This Scheduling Function describes both the behavior of a 20 node when joining the network, and how the communication schedule is 21 managed in a distributed fashion. MSF is built upon the 6TiSCH 22 Operation Sublayer Protocol (6P) and the Minimal Security Framework 23 for 6TiSCH. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 29 "OPTIONAL" in this document are to be interpreted as described in 30 [RFC2119]. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at https://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on 8 September 2020. 49 Copyright Notice 51 Copyright (c) 2020 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 56 license-info) in effect on the date of publication of this document. 57 Please review these documents carefully, as they describe your rights 58 and restrictions with respect to this document. Code Components 59 extracted from this document must include Simplified BSD License text 60 as described in Section 4.e of the Trust Legal Provisions and are 61 provided without warranty as described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2. Interface to the Minimal 6TiSCH Configuration . . . . . . . . 4 67 3. Autonomous Cells . . . . . . . . . . . . . . . . . . . . . . 5 68 4. Node Behavior at Boot . . . . . . . . . . . . . . . . . . . . 6 69 4.1. Start State . . . . . . . . . . . . . . . . . . . . . . . 6 70 4.2. Step 1 - Choosing Frequency . . . . . . . . . . . . . . . 6 71 4.3. Step 2 - Receiving EBs . . . . . . . . . . . . . . . . . 7 72 4.4. Step 3 - Setting up Autonomous Cells for the Join 73 Process . . . . . . . . . . . . . . . . . . . . . . . . . 7 74 4.5. Step 4 - Acquiring a RPL Rank . . . . . . . . . . . . . . 8 75 4.6. Step 5 - Setting up first Tx negotiated Cells . . . . . . 8 76 4.7. Step 6 - Send EBs and DIOs . . . . . . . . . . . . . . . 8 77 4.8. End State . . . . . . . . . . . . . . . . . . . . . . . . 8 78 5. Rules for Adding/Deleting Cells . . . . . . . . . . . . . . . 9 79 5.1. Adapting to Traffic . . . . . . . . . . . . . . . . . . . 9 80 5.2. Switching Parent . . . . . . . . . . . . . . . . . . . . 11 81 5.3. Handling Schedule Collisions . . . . . . . . . . . . . . 11 82 6. 6P SIGNAL command . . . . . . . . . . . . . . . . . . . . . . 13 83 7. Scheduling Function Identifier . . . . . . . . . . . . . . . 13 84 8. Rules for CellList . . . . . . . . . . . . . . . . . . . . . 13 85 9. 6P Timeout Value . . . . . . . . . . . . . . . . . . . . . . 14 86 10. Rule for Ordering Cells . . . . . . . . . . . . . . . . . . . 14 87 11. Meaning of the Metadata Field . . . . . . . . . . . . . . . . 14 88 12. 6P Error Handling . . . . . . . . . . . . . . . . . . . . . . 14 89 13. Schedule Inconsistency Handling . . . . . . . . . . . . . . . 15 90 14. MSF Constants . . . . . . . . . . . . . . . . . . . . . . . . 15 91 15. MSF Statistics . . . . . . . . . . . . . . . . . . . . . . . 15 92 16. Security Considerations . . . . . . . . . . . . . . . . . . . 16 93 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 94 17.1. MSF Scheduling Function Identifiers . . . . . . . . . . 17 95 18. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 96 18.1. Normative References . . . . . . . . . . . . . . . . . . 17 97 18.2. Informative References . . . . . . . . . . . . . . . . . 19 98 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 19 99 Appendix B. Example of Implementation of SAX hash function . . . 19 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 102 1. Introduction 104 The 6TiSCH Minimal Scheduling Function (MSF), defined in this 105 specification, is a 6TiSCH Scheduling Function (SF). The role of an 106 SF is entirely defined in [RFC8480]. This specification complements 107 [RFC8480] by providing the rules of when to add/delete cells in the 108 communication schedule. This specification satisfies all the 109 requirements for an SF listed in Section 4.2 of [RFC8480]. 111 MSF builds on top of the following specifications: the Minimal IPv6 112 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) Configuration 113 [RFC8180], the 6TiSCH Operation Sublayer Protocol (6P) [RFC8480], and 114 the Minimal Security Framework for 6TiSCH 115 [I-D.ietf-6tisch-minimal-security]. 117 MSF defines both the behavior of a node when joining the network, and 118 how the communication schedule is managed in a distributed fashion. 119 When a node running MSF boots up, it joins the network by following 120 the 6 steps described in Section 4. The end state of the join 121 process is that the node is synchronized to the network, has mutually 122 authenticated to the network, has identified a routing parent, and 123 has scheduled one negotiated Tx cell (defined in Section 5.1) to/from 124 its routing parent. After the join process, the node can 125 continuously add/delete/relocate cells, as described in Section 5. 126 It does so for 3 reasons: to match the link-layer resources to the 127 traffic, to handle changing parent, to handle a schedule collision. 129 MSF works closely with RPL, specifically the routing parent defined 130 in [RFC6550]. This specification only describes how MSF works with 131 one routing parent, which is phrased as "selected parent". The 132 activity of MSF towards to single routing parent is called as a "MSF 133 session". Though the performance of MSF is evaluated only when the 134 "selected parent" represents node's preferred parent, there should be 135 no restrictions to go multiple MSF sessions, one per parent. The 136 distribution of traffic over multiple parents is a routing decision 137 that is out of scope for MSF. 139 MSF is designed to operate in a wide range of application domains. 140 It is optimized for applications with regular upstream traffic (from 141 the nodes to the DODAG root). 143 This specification follows the recommended structure of an SF 144 specification, given in Appendix A of [RFC8480], with the following 145 adaptations: 147 * We have reordered some sections, in particular to have the section 148 on the node behavior at boot (Section 4) appear early in this 149 specification. 150 * We added sections on the interface to the minimal 6TiSCH 151 configuration (Section 2), the use of the SIGNAL command 152 (Section 6), the MSF constants (Section 14), the MSF statistics 153 (Section 15). 155 2. Interface to the Minimal 6TiSCH Configuration 157 In a TSCH network, time is sliced up into time slots. The time slots 158 are grouped as one of more slotframes which repeat over time. The 159 TSCH schedule instructs a node what to do at each time slots, such as 160 transmit, receive or sleep [RFC7554]. In case of a slot to transmit 161 or receive, a channel is assigned to the time slot. The tuple (slot, 162 channel) is indicated as a cell of TSCH schedule. MSF is one of the 163 policies defining how to manage the TSCH schedule. 165 A node implementing MSF SHOULD implement the Minimal 6TiSCH 166 Configuration [RFC8180], which defines the "minimal cell", a single 167 shared cell providing minimal connectivity between the nodes in the 168 network. The MSF implementation provided in this specification is 169 based on the implementation of the Minimal 6TiSCH Configuration. 170 However, an implementor MAY implement MSF based on other 171 specifications as long as the specification defines a way to 172 advertise the EB/DIO among the network. 174 MSF uses the minimal cell for broadcast frames such as Enhanced 175 Beacons (EBs) [IEEE802154] and broadcast DODAG Information Objects 176 (DIOs) [RFC6550]. Cells scheduled by MSF are meant to be used only 177 for unicast frames. 179 To ensure there is enough bandwidth available on the minimal cell, a 180 node implementing MSF SHOULD enforce some rules for limiting the 181 traffic of broadcast frames. For example, the overall broadcast 182 traffic among the node and its neighbors SHOULD NOT exceed 1/3 of the 183 bandwidth of minimal cell. One of the algorithm met the rule is the 184 Trickle timer defined in [RFC6206] which is applied on DIO messages 185 [RFC6550]. However, any such algorithm of limiting the broadcast 186 traffic to meet those rules is implementation-specific and is out of 187 the scope of MSF. 189 MSF RECOMMENDS the use of 3 slotframes. MSF schedules autonomous 190 cells at Slotframe 1 (Section 3) and 6P negotiated cells at Slotframe 191 2 (Section 5) , while Slotframe 0 is used for the bootstrap traffic 192 as defined in the Minimal 6TiSCH Configuration. It is RECOMMENDED to 193 use the same slotframe length for Slotframe 0, 1 and 2. Thus it is 194 possible to avoid the scheduling collision between the autonomous 195 cells and 6P negotiated cells (Section 3). The default slotframe 196 length (SLOTFRAME_LENGTH) is RECOMMENDED for Slotframe 0, 1 and 2, 197 although any value can be advertised in the EBs. 199 3. Autonomous Cells 201 MSF nodes initialize Slotframe 1 with a set of default cells for 202 unicast communication with their neighbors. These cells are called 203 'autonomous cells', because they are maintained autonomously by each 204 node without negotiation through 6P. Cells scheduled by 6P 205 transaction are called 'negotiated cells' which are reserved on 206 Slotframe 2. How to schedule negotiated cells is detailed in 207 Section 5. There are two types of autonomous cells: 209 * Autonomous Rx Cell (AutoRxCell), one cell at a 210 [slotOffset,channelOffset] computed as a hash of the EUI64 of the 211 node itself (detailed next). Its cell options bits are assigned 212 as TX=0, RX=1, SHARED=0. 213 * Autonomous Tx Cell (AutoTxCell), one cell at a 214 [slotOffset,channelOffset] computed as a hash of the layer 2 EUI64 215 destination address in the unicast frame to be transmitted 216 (detailed in Section 4.4). Its cell options bits are assigned as 217 TX=1, RX=0, SHARED=1. 219 To compute a [slotOffset,channelOffset] from an EUI64 address, nodes 220 MUST use the hash function SAX [SAX-DASFAA]. The coordinates are 221 computed to distribute the cells across all channel offsets, and all 222 but the first slot offset of Slotframe 1. The first time offset is 223 skipped to avoid colliding with the minimal cell in Slotframe 0. The 224 slot coordinates derived from a given EUI64 address are computed as 225 follows: 227 * slotOffset(MAC) = 1 + hash(EUI64, length(Slotframe_1) - 1) 228 * channelOffset(MAC) = hash(EUI64, NUM_CH_OFFSET) 230 The second input parameter defines the maximum return value of the 231 hash function. Other optional parameters defined in SAX determine 232 the performance of SAX hash function. Those parameters could be 233 broadcasted in EB frame or pre-configured. For interoperability 234 purposes, an example how the hash function is implemented is detailed 235 in Appendix B. 237 AutoTxCell is not permanently installed in the schedule but added/ 238 deleted on demand when there is a frame to sent. Throughout the 239 network lifetime, nodes maintain the autonomous cells as follows: 241 * Add an AutoTxCell to the layer 2 destination address which is 242 indicated in a frame when there is no 6P negotiated Tx cell in 243 schedule for that frame to transmit. 244 * Remove an AutoTxCell when: 245 - there is no frame to transmit on that cell, or 246 - there is at least one 6P negotiated Tx cell in the schedule for 247 the frames to transmit. 248 * The AutoRxCell MUST always remain scheduled after synchronized. 249 * 6P CLEAR MUST NOT erase any autonomous cells. 251 Because of hash collisions, there will be cases that the AutoTxCell 252 and AutoRxCell are scheduled at the same slot offset and/or channel 253 offset. In such cases, AutoTxCell always take precedence over 254 AutoRxCell. In case of conflicting with a negotiated cell, 255 autonomous cells take precedence over negotiated cell, which is 256 stated in [IEEE802154]. However, when the Slotframe 0, 1 and 2 use 257 the same length value, it is possible for negotiated cell to avoid 258 the collision with AutoRxCell. 260 4. Node Behavior at Boot 262 This section details the behavior the node SHOULD follow from the 263 moment it is switched on, until it has successfully joined the 264 network. Alternative behaviors may involved, for example, when 265 alternative security solution is used for the network. Section 4.1 266 details the start state; Section 4.8 details the end state. The 267 other sections detail the 6 steps of the joining process. We use the 268 term "pledge" and "joined node", as defined in 269 [I-D.ietf-6tisch-minimal-security]. 271 4.1. Start State 273 A node implementing MSF SHOULD implement the Minimal Security 274 Framework for 6TiSCH [I-D.ietf-6tisch-minimal-security]. As a 275 corollary, this means that a pledge, before being switched on, may be 276 pre-configured with the Pre-Shared Key (PSK) for joining, as well as 277 any other configuration detailed in 278 ([I-D.ietf-6tisch-minimal-security]). This is not necessary if the 279 node implements a security solution not based on PSKs, such as 280 ([I-D.ietf-6tisch-dtsecurity-zerotouch-join]). 282 4.2. Step 1 - Choosing Frequency 284 When switched on, the pledge randomly chooses a frequency among the 285 available frequencies, and starts listening for EBs on that 286 frequency. 288 4.3. Step 2 - Receiving EBs 290 Upon receiving the first EB, the pledge continue listening for 291 additional EBs to learn: 293 1. the number of neighbors N in its vicinity 294 2. which neighbor to choose as a Join Proxy (JP) for the joining 295 process 297 While the exact behavior is implementation-specific, it is 298 RECOMMENDED that after having received the first EB, a node keeps 299 listen for at most MAX_EB_DELAY seconds until it has received EBs 300 from NUM_NEIGHBOURS_TO_WAIT distinct neighbors, which is defined in 301 [RFC8180]. 303 During this step, the pledge only gets synchronized when it received 304 enough EB from the network it wishes to join. How to decide whether 305 an EB originates from a node from the network it wishes to join is 306 implementation-specific, but MAY involve filtering EBs by the PAN ID 307 field it contains, the presence and contents of the IE defined in 308 [I-D.ietf-6tisch-enrollment-enhanced-beacon], or the key used to 309 authenticate it. 311 The decision of which neighbor to use as a JP is implementation- 312 specific, and discussed in [I-D.ietf-6tisch-minimal-security]. 314 4.4. Step 3 - Setting up Autonomous Cells for the Join Process 316 After selected a JP, a node generates a Join Request and installs an 317 AutoTxCell to the JP. The Join Request is then sent by the pledge to 318 its JP over the AutoTxCell. The AutoTxCell is removed by the pledge 319 when the Join Request is sent out. The JP receives the Join Request 320 through its AutoRxCell. Then it forwards the Join Request to the 321 JRC, possibly over multiple hops, over the 6P negotiated Tx cells. 322 Similarly, the JRC sends the Join Response to the JP, possibly over 323 multiple hops, over AutoTxCells or the 6P negotiated Tx cells. When 324 JP received the Join Response from the JRC, it installs an AutoTxCell 325 to the pledge and sends that Join Response to the pledge over 326 AutoTxCell. The AutoTxCell is removed by the JP when the Join 327 Response is sent out. The pledge receives the Join Response from its 328 AutoRxCell, thereby learns the keying material used in the network, 329 as well as other configurations, and becomes a "joined node". 331 When 6LoWPAN Neighbor Dicovery ([RFC8505]) (ND) is implemented, the 332 unicast packets used by ND are sent on the AutoTxCell. The specific 333 process how the ND works during the Join process is detailed in 334 [I-D.ietf-6tisch-architecture]. 336 4.5. Step 4 - Acquiring a RPL Rank 338 Per [RFC6550], the joined node receives DIOs, computes its own Rank, 339 and selects a routing parent. 341 4.6. Step 5 - Setting up first Tx negotiated Cells 343 Once it has selected a routing parent, the joined node MUST generate 344 a 6P ADD Request and install an AutoTxCell to that parent. The 6P 345 ADD Request is sent out through the AutoTxCell with the following 346 fields: 348 * CellOptions: set to TX=1,RX=0,SHARED=0 349 * NumCells: set to 1 350 * CellList: at least 5 cells, chosen according to Section 8 352 The joined node removes the AutoTxCell to the selected parent when 353 the 6P Request is sent out. That parent receives the 6P ADD Request 354 from its AutoRxCell. Then it generates a 6P ADD Response and 355 installs an AutoTxCell to the joined node. When the parent sends out 356 the 6P ADD Response, it MUST remove that AutoTxCell. The joined node 357 receives the 6P ADD Response from its AutoRxCell and completes the 6P 358 transaction. In case the 6P ADD transaction failed, the node MUST 359 issue another 6P ADD Request and repeat until the Tx cell is 360 installed to the parent. 362 4.7. Step 6 - Send EBs and DIOs 364 The node starts sending EBs and DIOs on the minimal cell, while 365 following the transmit rules for broadcast frames from Section 2. 367 4.8. End State 369 For a new node, the end state of the joining process is: 371 * it is synchronized to the network 372 * it is using the link-layer keying material it learned through the 373 secure joining process 374 * it has selected one neighbor as its routing parent 375 * it has one AutRxCell 376 * it has one negotiated Tx cell to the selected parent 377 * it starts to send DIOs, potentially serving as a router for other 378 nodes' traffic 379 * it starts to send EBs, potentially serving as a JP for new pledge 381 5. Rules for Adding/Deleting Cells 383 Once a node has joined the 6TiSCH network, it adds/deletes/relocates 384 cells with the selected parent for three reasons: 386 * to match the link-layer resources to the traffic between the node 387 and the selected parent (Section 5.1) 388 * to handle switching parent or(Section 5.2) 389 * to handle a schedule collision (Section 5.3) 391 Those cells are called 'negotiated cells' as they are scheduled 392 through 6P, negotiated with the node's parent. Without specific 393 declaring, all cells mentioned in this section are negotiated cells 394 and they are installed at Slotframe 2. 396 5.1. Adapting to Traffic 398 A node implementing MSF MUST implement the behavior described in this 399 section. 401 The goal of MSF is to manage the communication schedule in the 6TiSCH 402 schedule in a distributed manner. For a node, this translates into 403 monitoring the current usage of the cells it has to the selected 404 parent: 406 * If the node determines that the number of link-layer frames it is 407 attempting to exchange with the selected parent per unit of time 408 is larger than the capacity offered by the TSCH negotiated cells 409 it has scheduled with it, the node issues a 6P ADD command to that 410 parent to add cells to the TSCH schedule. 411 * If the traffic is lower than the capacity, the node issues a 6P 412 DELETE command to that parent to delete cells from the TSCH 413 schedule. 415 The node MUST maintain two separate pairs of following counters for 416 the selected parent, one for the negotiated Tx cells to that parent 417 and one for the negotiated Rx cells to that parent. 419 NumCellsElapsed : Counts the number of negotiated cells that have 420 elapsed since the counter was initialized. This counter is 421 initialized at 0. When the current cell is declared as a 422 negotiated cell to the selected parent, NumCellsElapsed is 423 incremented by exactly 1, regardless of whether the cell is used 424 to transmit/receive a frame. 425 NumCellsUsed: Counts the number of negotiated cells that have been 426 used. This counter is initialized at 0. NumCellsUsed is 427 incremented by exactly 1 when, during a negotiated cell to the 428 selected parent, either of the following happens: 430 * The node sends a frame to the parent. The counter increments 431 regardless of whether a link-layer acknowledgment was received 432 or not. 433 * The node receives a valid frame from the parent. The counter 434 increments only when the frame is a valid IEEE802.15.4 frame. 436 The cell option of cells listed in CellList in 6P Request frame 437 SHOULD be either Tx=1 only or Rx=1 only. Both NumCellsElapsed and 438 NumCellsUsed counters can be used to both type of negotiated cells. 440 As there is no negotiated Rx Cell installed at initial time, the 441 AutoRxCell is taken into account as well for downstream traffic 442 adaptation. In this case: 444 * NumCellsElapsed is incremented by exactly 1 when the current cell 445 is AutoRxCell. 446 * NumCellsUsed is incremented by exactly 1 when the node receives a 447 frame from the selected parent on AutoRxCell. 449 Implementors MAY choose to create the same counters for each 450 neighbor, and add them as additional statistics in the neighbor 451 table. 453 The counters are used as follows: 455 1. Both NumCellsElapsed and NumCellsUsed are initialized to 0 when 456 the node boots. 457 2. When the value of NumCellsElapsed reaches MAX_NUM_CELLS: 458 * If NumCellsUsed > LIM_NUMCELLSUSED_HIGH, trigger 6P to add a 459 single cell to the selected parent 460 * If NumCellsUsed < LIM_NUMCELLSUSED_LOW, trigger 6P to remove a 461 single cell to the selected parent 462 * Reset both NumCellsElapsed and NumCellsUsed to 0 and go to 463 step 2. 465 The value of MAX_NUM_CELLS is chosen according to the traffic type of 466 the network. Generally speaking, the larger the value MAX_NUM_CELLS 467 is, the more accurate the cell usage is calculated. The 6P traffic 468 overhead using a larger value of MAX_NUM_CELLS could be reduced as 469 well. Meanwhile, the latency won't increase much by using a larger 470 value of MAX_NUM_CELLS for periodic traffic type. For burst traffic 471 type, larger value of MAX_NUM_CELLS indeed introduces higher latency. 472 The latency caused by slight changes of traffic load can be absolved 473 by the additional scheduled cells. In this sense, MSF is a 474 scheduling function trading latency with energy by scheduling more 475 cells than needed. It is recommended to set MAX_NUM_CELLS value at 476 least 4x of the maximum number of used cells in a slot frame in 477 recent history. For example, a 2 packets/slotframe traffic load 478 results an average 4 cells scheduled (2 cells are used), using at 479 least the value of double number of scheduled cells (which is 8) as 480 MAX_NUM_CELLS gives a good resolution on cell usage calculation. 482 In case that a node booted or disappeared from the network, the cell 483 reserved at the selected parent may be kept in the schedule forever. 484 A clean-up mechanism MUST be provided to resolve this issue. The 485 clean-up mechanism is implementation-specific. It could either be a 486 periodic polling to the neighbors the nodes have negotiated cells 487 with, or monitoring the activities on those cells. The goal is to 488 confirm those negotiated cells are not used anymore by the associated 489 neighbors and remove them from the schedule. 491 5.2. Switching Parent 493 A node implementing MSF SHOULD implement the behavior described in 494 this section. 496 Part of its normal operation, the RPL routing protocol can have a 497 node switch parent. The procedure for switching from the old parent 498 to the new parent is: 500 1. the node counts the number of negotiated cells it has per 501 slotframe to the old parent 502 2. the node triggers one or more 6P ADD commands to schedule the 503 same number of negotiated cells with same cell options to the new 504 parent 505 3. when that successfully completes, the node issues a 6P CLEAR 506 command to its old parent 508 For what type of negotiated cell should be installed first, it 509 depends on which traffic has the higher priority, upstream or 510 downstream, which is application-specific and out-of-scope of MSF. 512 5.3. Handling Schedule Collisions 514 A node implementing MSF SHOULD implement the behavior described in 515 this section. The "MUST" statements in this section hence only apply 516 if the node implements schedule collision handling. 518 Since scheduling is entirely distributed, there is a non-zero 519 probability that two pairs of nearby neighbor nodes schedule a 520 negotiated cell at the same [slotOffset,channelOffset] location in 521 the TSCH schedule. In that case, data exchanged by the two pairs may 522 collide on that cell. We call this case a "schedule collision". 524 The node MUST maintain the following counters for each negotiated Tx 525 cell to the selected parent: 527 NumTx: Counts the number of transmission attempts on that cell. 528 Each time the node attempts to transmit a frame on that cell, 529 NumTx is incremented by exactly 1. 530 NumTxAck: Counts the number of successful transmission attempts on 531 that cell. Each time the node receives an acknowledgment for a 532 transmission attempt, NumTxAck is incremented by exactly 1. 534 Since both NumTx and NumTxAck are initialized to 0, we necessarily 535 have NumTxAck <= NumTx. We call Packet Delivery Ratio (PDR) the 536 ratio NumTxAck/NumTx; and represent it as a percentage. A cell with 537 PDR=50% means that half of the frames transmitted are not 538 acknowledged. 540 Each time the node switches parent (or during the join process when 541 the node selects a parent for the first time), both NumTx and 542 NumTxAck MUST be reset to 0. They increment over time, as the 543 schedule is executed and the node sends frames to that parent. When 544 NumTx reaches MAX_NUMTX, both NumTx and NumTxAck MUST be divided by 545 2. For example, when MAX_NUMTX is set to 256, from NumTx=255 and 546 NumTxAck=127, the counters become NumTx=128 and NumTxAck=64 if one 547 frame is sent to the parent with an Acknowledgment received. This 548 operation does not change the value of the PDR, but allows the 549 counters to keep incrementing. The value of MAX_NUMTX is 550 implementation-specific. 552 The key for detecting a schedule collision is that, if a node has 553 several cells to the selected parent, all cells should exhibit the 554 same PDR. A cell which exhibits a PDR significantly lower than the 555 others indicates than there are collisions on that cell. 557 Every HOUSEKEEPINGCOLLISION_PERIOD, the node executes the following 558 steps: 560 1. It computes, for each negotiated Tx cell with the parent (not for 561 the autonomous cell), that cell's PDR. 562 2. Any cell that hasn't yet had NumTx divided by 2 since it was last 563 reset is skipped in steps 3 and 4. This avoids triggering cell 564 relocation when the values of NumTx and NumTxAck are not 565 statistically significant yet. 566 3. It identifies the cell with the highest PDR. 567 4. For any other cell, it compares its PDR against that of the cell 568 with the highest PDR. If the difference is larger than 569 RELOCATE_PDRTHRES, it triggers the relocation of that cell using 570 a 6P RELOCATE command. 572 The RELOCATION for negotiated Rx cells is not supported by MSF. 574 6. 6P SIGNAL command 576 The 6P SIGNAL command is not used by MSF. 578 7. Scheduling Function Identifier 580 The Scheduling Function Identifier (SFID) of MSF is 581 IANA_6TISCH_SFID_MSF. 583 8. Rules for CellList 585 MSF uses 2-step 6P Transactions exclusively. 6P transactions are 586 only initiated by a node towards its parent. As a result, the cells 587 to put in the CellList of a 6P ADD command, and in the candidate 588 CellList of a RELOCATE command, are chosen by the node initiating the 589 6P transaction. In both cases, the same rules apply: 591 * The CellList is RECOMMENDED to have 5 or more cells. 592 * Each cell in the CellList MUST have a different slotOffset value. 593 * For each cell in the CellList, the node MUST NOT have any 594 scheduled cell on the same slotOffset. 595 * The slotOffset value of any cell in the CellList MUST NOT be the 596 same as the slotOffset of the minimal cell (slotOffset=0). 597 * The slotOffset of a cell in the CellList SHOULD be randomly and 598 uniformly chosen among all the slotOffset values that satisfy the 599 restrictions above. 600 * The channelOffset of a cell in the CellList SHOULD be randomly and 601 uniformly chosen in [0..numFrequencies], where numFrequencies 602 represents the number of frequencies a node can communicate on. 604 As a consequence of randomly cell selection, there is a non-zero 605 chance that nodes in the vicinity installed cells with same 606 slotOffset and channelOffset. An implementer MAY implement a 607 strategy to monitor the candidate cells before adding them in 608 CellList to avoid collision. For example, a node MAY maintain a 609 candidate cell pool for the CellList. The candidate cells in the 610 pool are pre-configured as Rx cells to promiscuously listen to detect 611 transmissions on those cells. If IEEE802.15.4 transmissions are 612 observed on one cell over multiple iterations of the schedule, that 613 cell is probably used by a TSCH neighbor. It is moved out from the 614 pool and a new cell is selected as a candidate cell. The cells in 615 CellList are picked from the candidate pool directly when required. 617 9. 6P Timeout Value 619 The timeout value is calculated for the worst case that a 6P response 620 is received, which means the 6P response is sent out successfully at 621 the very latest retransmission. And for each retransmission, it 622 backs-off with largest value. Hence the 6P timeout value is 623 calculated as ((2^MAXBE)-1)*MAXRETRIES*SLOTFRAME_LENGTH, where: 625 * MAXBE is the maximum backoff exponent used 626 * MAXRETRIES is the maximum retransmission times 627 * SLOTFRAME_LENGTH represents the length of slotframe 629 10. Rule for Ordering Cells 631 Cells are ordered slotOffset first, channelOffset second. 633 The following sequence is correctly ordered (each element represents 634 the [slottOffset,channelOffset] of a cell in the schedule): 636 [1,3],[1,4],[2,0],[5,3],[6,0],[6,3],[7,9] 638 11. Meaning of the Metadata Field 640 The Metadata field is not used by MSF. 642 12. 6P Error Handling 644 Section 6.2.4 of [RFC8480] lists the 6P Return Codes. Figure 1 lists 645 the same error codes, and the behavior a node implementing MSF SHOULD 646 follow. 648 +-----------------+----------------------+ 649 | Code | RECOMMENDED behavior | 650 +-----------------+----------------------+ 651 | RC_SUCCESS | nothing | 652 | RC_EOL | nothing | 653 | RC_ERR | quarantine | 654 | RC_RESET | quarantine | 655 | RC_ERR_VERSION | quarantine | 656 | RC_ERR_SFID | quarantine | 657 | RC_ERR_SEQNUM | clear | 658 | RC_ERR_CELLLIST | clear | 659 | RC_ERR_BUSY | waitretry | 660 | RC_ERR_LOCKED | waitretry | 661 +-----------------+----------------------+ 663 Figure 1: Recommended behavior for each 6P Error Code. 665 The meaning of each behavior from Figure 1 is: 667 nothing: Indicates that this Return Code is not an error. No error 668 handling behavior is triggered. 669 clear: Abort the 6P Transaction. Issue a 6P CLEAR command to that 670 neighbor (this command may fail at the link layer). Remove all 671 cells scheduled with that neighbor from the local schedule. 672 quarantine: Same behavior as for "clear". In addition, remove the 673 node from the neighbor and routing tables. Place the node's 674 identifier in a quarantine list for QUARANTINE_DURATION. When in 675 quarantine, drop all frames received from that node. 676 waitretry: Abort the 6P Transaction. Wait for a duration randomly 677 and uniformly chosen in [WAIT_DURATION_MIN,WAIT_DURATION_MAX]. 678 Retry the same transaction. 680 13. Schedule Inconsistency Handling 682 The behavior when schedule inconsistency is detected is explained in 683 Figure 1, for 6P Return Code RC_ERR_SEQNUM. 685 14. MSF Constants 687 Figure 2 lists MSF Constants and their RECOMMENDED values. 689 +------------------------------+-------------------+ 690 | Name | RECOMMENDED value | 691 +------------------------------+-------------------+ 692 | NUM_CH_OFFSET | 16 | 693 | KA_PERIOD | 1 min | 694 | LIM_NUMCELLSUSED_HIGH | 75 | 695 | LIM_NUMCELLSUSED_LOW | 25 | 696 | MAX_NUM_CELLS | 100 | 697 | HOUSEKEEPINGCOLLISION_PERIOD | 1 min | 698 | RELOCATE_PDRTHRES | 50 % | 699 | SLOTFRAME_LENGTH | 101 slots | 700 | QUARANTINE_DURATION | 5 min | 701 | WAIT_DURATION_MIN | 30 s | 702 | WAIT_DURATION_MAX | 60 s | 703 +------------------------------+-------------------+ 705 Figure 2: MSF Constants and their RECOMMENDED values. 707 15. MSF Statistics 709 Figure 3 lists MSF Statistics and their RECOMMENDED width. 711 +-----------------+-------------------+ 712 | Name | RECOMMENDED width | 713 +-----------------+-------------------+ 714 | NumCellsElapsed | 1 byte | 715 | NumCellsUsed | 1 byte | 716 | NumTx | 1 byte | 717 | NumTxAck | 1 byte | 718 +-----------------+-------------------+ 720 Figure 3: MSF Statistics and their RECOMMENDED width. 722 16. Security Considerations 724 MSF defines a series of "rules" for the node to follow. It triggers 725 several actions, that are carried out by the protocols defined in the 726 following specifications: the Minimal IPv6 over the TSCH Mode of IEEE 727 802.15.4e (6TiSCH) Configuration [RFC8180], the 6TiSCH Operation 728 Sublayer Protocol (6P) [RFC8480], and the Minimal Security Framework 729 for 6TiSCH [I-D.ietf-6tisch-minimal-security]. In particular, MSF 730 does not define a new protocol or packet format. 732 MSF uses autonomous cells for initial bootstrap and the transport of 733 join traffic. Autonomous cells are computed as a hash of nodes' 734 EUI64 addresses. This makes the coordinates of autonomous cell an 735 easy target for an attacker, as EUI64 addresses are visible on the 736 wire and are not encrypted by the link-layer security mechanism. 737 With the coordinates of autonomous cells available, the attacker can 738 launch a selective jamming attack against any nodes' AutoRxCell. If 739 the attacker targets a node acting as a JP, it can prevent pledges 740 from using that JP to join the network. The pledge detects such a 741 situation through the absence of a link-layer acknowledgment for its 742 Join Request. As it is expected that each pledge will have more than 743 one JP available to join the network, one available countermeasure 744 for the pledge is to pseudo-randomly select a new JP when the link to 745 the previous JP appears bad. Such strategy alleviates the issue of 746 the attacker randomly jamming to disturb the network but does not 747 help in case the attacker is targeting a particular pledge. In that 748 case, the attacker can jam the AutoRxCell of the pledge, in order to 749 prevent it from receiving the join response. This situation should 750 be detected through the absence of a particular node from the network 751 and handled by the network administrator through out-of-band means, 752 e.g. by moving the node outside the radio range of the attacker. 754 MSF adapts to traffics containing packets from IP layer. It is 755 possible that the IP packet has a non-zero DSCP (Diffserv Code Point 756 [RFC2597]) value in its IPv6 header. The decision whether to hand 757 over that packet to MAC layer to transmit or to drop that packet 758 belongs to the upper layer and is out of scope of MSF. As long as 759 the decision is made to hand over to MAC layer to transmit, MSF will 760 take that packet into account when adapting to traffic. 762 Note that non-zero DSCP value may imply that the traffic is 763 originated at unauthenticated pledges, referring to 764 [I-D.ietf-6tisch-minimal-security]. The implementation at IPv6 layer 765 SHOULD ensure that this join traffic is rate-limited before it is 766 passed to 6top sublayer where MSF can observe it. In case there is 767 no rate limit for join traffic, intermediate nodes in the 6TiSCH 768 network may be prone to a resource exhaustion attack, with the 769 attacker injecting unauthenticated traffic from the network edge. 770 The assumption is that the rate limiting function is aware of the 771 available bandwidth in the 6top L3 bundle(s) towards a next hop, not 772 directly from MSF, but from an interaction with the 6top sublayer 773 that manages ultimately the bundles under MSF's guidance. How this 774 rate limit is set is out of scope of MSF. 776 17. IANA Considerations 778 17.1. MSF Scheduling Function Identifiers 780 This document adds the following number to the "6P Scheduling 781 Function Identifiers" sub-registry, part of the "IPv6 over the TSCH 782 mode of IEEE 802.15.4e (6TiSCH) parameters" registry, as defined by 783 [RFC8480]: 785 +----------------------+-----------------------------+-------------+ 786 | SFID | Name | Reference | 787 +----------------------+-----------------------------+-------------+ 788 | IANA_6TISCH_SFID_MSF | Minimal Scheduling Function | RFC_THIS | 789 | | (MSF) | | 790 +----------------------+-----------------------------+-------------+ 792 Figure 4: New SFID in 6P Scheduling Function Identifiers subregistry. 794 IANA_6TISCH_SFID_MSF is chosen from range 0-127, which is used for 795 IETF Review or IESG Approval. 797 18. References 799 18.1. Normative References 801 [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal 802 IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) 803 Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, 804 May 2017, . 806 [RFC8480] Wang, Q., Ed., Vilajosana, X., and T. Watteyne, "6TiSCH 807 Operation Sublayer (6top) Protocol (6P)", RFC 8480, 808 DOI 10.17487/RFC8480, November 2018, 809 . 811 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 812 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 813 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 814 Low-Power and Lossy Networks", RFC 6550, 815 DOI 10.17487/RFC6550, March 2012, 816 . 818 [RFC6206] Levis, P., Clausen, T., Hui, J., Gnawali, O., and J. Ko, 819 "The Trickle Algorithm", RFC 6206, DOI 10.17487/RFC6206, 820 March 2011, . 822 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 823 Requirement Levels", BCP 14, RFC 2119, 824 DOI 10.17487/RFC2119, March 1997, 825 . 827 [RFC2597] Heinanen, J., Baker, F., Weiss, W., and J. Wroclawski, 828 "Assured Forwarding PHB Group", RFC 2597, 829 DOI 10.17487/RFC2597, June 1999, 830 . 832 [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. 833 Perkins, "Registration Extensions for IPv6 over Low-Power 834 Wireless Personal Area Network (6LoWPAN) Neighbor 835 Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, 836 . 838 [I-D.ietf-6tisch-minimal-security] 839 Vucinic, M., Simon, J., Pister, K., and M. Richardson, 840 "Minimal Security Framework for 6TiSCH", Work in Progress, 841 Internet-Draft, draft-ietf-6tisch-minimal-security-13, 28 842 October 2019, . 845 [I-D.ietf-6tisch-enrollment-enhanced-beacon] 846 Dujovne, D. and M. Richardson, "IEEE 802.15.4 Information 847 Element encapsulation of 6TiSCH Join and Enrollment 848 Information", Work in Progress, Internet-Draft, draft- 849 ietf-6tisch-enrollment-enhanced-beacon-06, 4 November 850 2019, . 853 [I-D.ietf-6tisch-architecture] 854 Thubert, P., "An Architecture for IPv6 over the TSCH mode 855 of IEEE 802.15.4", Work in Progress, Internet-Draft, 856 draft-ietf-6tisch-architecture-28, 29 October 2019, 857 . 860 [IEEE802154] 861 IEEE standard for Information Technology, "IEEE Std 862 802.15.4 Standard for Low-Rate Wireless Personal Area 863 Networks (WPANs)", DOI 10.1109/IEEE P802.15.4-REVd/D01, 864 . 866 18.2. Informative References 868 [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using 869 IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the 870 Internet of Things (IoT): Problem Statement", RFC 7554, 871 DOI 10.17487/RFC7554, May 2015, 872 . 874 [I-D.ietf-6tisch-dtsecurity-zerotouch-join] 875 Richardson, M., "6tisch Zero-Touch Secure Join protocol", 876 Work in Progress, Internet-Draft, draft-ietf-6tisch- 877 dtsecurity-zerotouch-join-04, 8 July 2019, 878 . 881 [SAX-DASFAA] 882 Ramakrishna, M.V. and J. Zobel, "Performance in Practice 883 of String Hashing Functions", DASFAA , 1997. 885 Appendix A. Contributors 887 Beshr Al Nahas (Chalmers University, beshr@chalmers.se) Olaf 888 Landsiedel (Chalmers University, olafl@chalmers.se) Yasuyuki Tanaka 889 (Inria-Paris, yasuyuki.tanaka@inria.fr) 891 Appendix B. Example of Implementation of SAX hash function 893 Considering the interoperability, this section provides an example of 894 implemention SAX hash function [SAX-DASFAA]. The input parameters of 895 the function are: 897 * T, which is the hashing table length 898 * c, which is the characters of string s, to be hashed 899 In MSF, the T is replaced by the length slotframe 1. String s is 900 replaced by the mote EUI64 address. The characters of the string c0, 901 c1, ..., c7 are the 8 bytes of EUI64 address. 903 The SAX hash function requires shift operation which is defined as 904 follow: 906 * L_shift(v,b), which refers to left shift variable v by b bits 907 * R_shift(v,b), which refers to right shift variable v by b bits 909 The steps to calculate the hash value of SAX hash function are: 911 1. initialize variable h to h0 and variable i to 0, where h is the 912 intermediate hash value and i is the index of the bytes of EUI64 913 address 914 2. sum the value of L_shift(h,l_bit), R_shift(h,r_bit) and ci 915 3. calculate the result of exclusive or between the sum value in 916 Step 2 and h 917 4. modulo the result of Step 3 by T 918 5. assign the result of Step 4 to h 919 6. increase i by 1 920 7. repeat Step2 to Step 6 until i reaches to 8 921 8. assign the result of Step 5 to h 923 The value of variable h is the hash value of SAX hash function. 925 The values of h0, l_bit and r_bit in Step 1 and 2 are configured as: 927 * h0 = 0 928 * l_bit = 0 929 * r_bit = 1 931 The appropriate values of l_bit and r_bit could vary depending on the 932 the set of motes' EUI64 address. How to find those values is out of 933 the scope of this specification. 935 Authors' Addresses 937 Tengfei Chang (editor) 938 Inria 939 2 rue Simone Iff 940 75012 Paris 941 France 943 Email: tengfei.chang@inria.fr 944 Malisa Vucinic 945 Inria 946 2 rue Simone Iff 947 75012 Paris 948 France 950 Email: malisa.vucinic@inria.fr 952 Xavier Vilajosana 953 Universitat Oberta de Catalunya 954 156 Rambla Poblenou 955 08018 Barcelona Catalonia 956 Spain 958 Email: xvilajosana@uoc.edu 960 Simon Duquennoy 961 RISE SICS 962 Isafjordsgatan 22 963 SE- 164 29 Kista 964 Sweden 966 Email: simon.duquennoy@gmail.com 968 Diego Dujovne 969 Universidad Diego Portales 970 Escuela de Informatica y Telecomunicaciones 971 Av. Ejercito 441 972 Santiago 973 Region Metropolitana 974 Chile 976 Phone: +56 (2) 676-8121 977 Email: diego.dujovne@mail.udp.cl