idnits 2.17.1 draft-ietf-6tisch-msf-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (24 March 2020) is 1494 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 640 -- Looks like a reference, but probably isn't: '3' on line 640 -- Looks like a reference, but probably isn't: '4' on line 640 -- Looks like a reference, but probably isn't: '2' on line 640 -- Looks like a reference, but probably isn't: '0' on line 640 -- Looks like a reference, but probably isn't: '5' on line 640 -- Looks like a reference, but probably isn't: '6' on line 640 -- Looks like a reference, but probably isn't: '7' on line 640 -- Looks like a reference, but probably isn't: '9' on line 640 == Outdated reference: A later version (-15) exists of draft-ietf-6tisch-minimal-security-13 == Outdated reference: A later version (-14) exists of draft-ietf-6tisch-enrollment-enhanced-beacon-06 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-28 ** Downref: Normative reference to an Informational draft: draft-ietf-6tisch-architecture (ref. 'I-D.ietf-6tisch-architecture') -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE802154' -- Possible downref: Non-RFC (?) normative reference: ref. 'SAX-DASFAA' Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6TiSCH T. Chang, Ed. 3 Internet-Draft M. Vucinic 4 Intended status: Standards Track Inria 5 Expires: 25 September 2020 X. Vilajosana 6 Universitat Oberta de Catalunya 7 S. Duquennoy 8 RISE SICS 9 D. Dujovne 10 Universidad Diego Portales 11 24 March 2020 13 6TiSCH Minimal Scheduling Function (MSF) 14 draft-ietf-6tisch-msf-13 16 Abstract 18 This specification defines the 6TiSCH Minimal Scheduling Function 19 (MSF). This Scheduling Function describes both the behavior of a 20 node when joining the network, and how the communication schedule is 21 managed in a distributed fashion. MSF is built upon the 6TiSCH 22 Operation Sublayer Protocol (6P) and the Minimal Security Framework 23 for 6TiSCH. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in [RFC8174]. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on 25 September 2020. 48 Copyright Notice 50 Copyright (c) 2020 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 55 license-info) in effect on the date of publication of this document. 56 Please review these documents carefully, as they describe your rights 57 and restrictions with respect to this document. Code Components 58 extracted from this document must include Simplified BSD License text 59 as described in Section 4.e of the Trust Legal Provisions and are 60 provided without warranty as described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Interface to the Minimal 6TiSCH Configuration . . . . . . . . 4 66 3. Autonomous Cells . . . . . . . . . . . . . . . . . . . . . . 5 67 4. Node Behavior at Boot . . . . . . . . . . . . . . . . . . . . 6 68 4.1. Start State . . . . . . . . . . . . . . . . . . . . . . . 6 69 4.2. Step 1 - Choosing Frequency . . . . . . . . . . . . . . . 7 70 4.3. Step 2 - Receiving EBs . . . . . . . . . . . . . . . . . 7 71 4.4. Step 3 - Setting up Autonomous Cells for the Join 72 Process . . . . . . . . . . . . . . . . . . . . . . . . . 7 73 4.5. Step 4 - Acquiring a RPL Rank . . . . . . . . . . . . . . 8 74 4.6. Step 5 - Setting up first Tx negotiated Cells . . . . . . 8 75 4.7. Step 6 - Send EBs and DIOs . . . . . . . . . . . . . . . 8 76 4.8. End State . . . . . . . . . . . . . . . . . . . . . . . . 8 77 5. Rules for Adding/Deleting Cells . . . . . . . . . . . . . . . 9 78 5.1. Adapting to Traffic . . . . . . . . . . . . . . . . . . . 9 79 5.2. Switching Parent . . . . . . . . . . . . . . . . . . . . 11 80 5.3. Handling Schedule Collisions . . . . . . . . . . . . . . 11 81 6. 6P SIGNAL command . . . . . . . . . . . . . . . . . . . . . . 13 82 7. Scheduling Function Identifier . . . . . . . . . . . . . . . 13 83 8. Rules for CellList . . . . . . . . . . . . . . . . . . . . . 13 84 9. 6P Timeout Value . . . . . . . . . . . . . . . . . . . . . . 14 85 10. Rule for Ordering Cells . . . . . . . . . . . . . . . . . . . 14 86 11. Meaning of the Metadata Field . . . . . . . . . . . . . . . . 14 87 12. 6P Error Handling . . . . . . . . . . . . . . . . . . . . . . 14 88 13. Schedule Inconsistency Handling . . . . . . . . . . . . . . . 15 89 14. MSF Constants . . . . . . . . . . . . . . . . . . . . . . . . 15 90 15. MSF Statistics . . . . . . . . . . . . . . . . . . . . . . . 15 91 16. Security Considerations . . . . . . . . . . . . . . . . . . . 16 92 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 93 17.1. MSF Scheduling Function Identifiers . . . . . . . . . . 17 94 18. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 17 95 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 96 19.1. Normative References . . . . . . . . . . . . . . . . . . 17 97 19.2. Informative References . . . . . . . . . . . . . . . . . 19 98 Appendix A. Example of Implementation of SAX hash function . . . 19 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 101 1. Introduction 103 The 6TiSCH Minimal Scheduling Function (MSF), defined in this 104 specification, is a 6TiSCH Scheduling Function (SF). The role of an 105 SF is entirely defined in [RFC8480]. This specification complements 106 [RFC8480] by providing the rules of when to add/delete cells in the 107 communication schedule. This specification satisfies all the 108 requirements for an SF listed in Section 4.2 of [RFC8480]. 110 MSF builds on top of the following specifications: the Minimal IPv6 111 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) Configuration 112 [RFC8180], the 6TiSCH Operation Sublayer Protocol (6P) [RFC8480], and 113 the Minimal Security Framework for 6TiSCH 114 [I-D.ietf-6tisch-minimal-security]. 116 MSF defines both the behavior of a node when joining the network, and 117 how the communication schedule is managed in a distributed fashion. 118 When a node running MSF boots up, it joins the network by following 119 the 6 steps described in Section 4. The end state of the join 120 process is that the node is synchronized to the network, has mutually 121 authenticated with the network, has identified a routing parent, and 122 has scheduled one negotiated Tx cell (defined in Section 5.1) to/from 123 its routing parent. After the join process, the node can 124 continuously add/delete/relocate cells, as described in Section 5. 125 It does so for 3 reasons: to match the link-layer resources to the 126 traffic, to handle changing parent and to handle a schedule 127 collision. 129 MSF works closely with the IPv6 Routing Protocol for Low-Power and 130 Lossy Networks (RPL), specifically the routing parent defined in 131 [RFC6550]. This specification only describes how MSF works with the 132 selected routing parent, which is phrased as "selected parent". The 133 activity of MSF towards the single routing parent is called a "MSF 134 session". Though the performance of MSF is evaluated only when the 135 "selected parent" represents the node's preferred parent, there 136 should be no restrictions to use multiple MSF sessions, one per 137 parent. The distribution of traffic over multiple parents is a 138 routing decision that is out of scope for MSF. 140 MSF is designed to operate in a wide range of application domains. 141 It is optimized for applications with regular upstream traffic, from 142 the nodes to the Destination-Oriented Directed Acyclic Graph (DODAG 143 [RFC6550]) root. 145 This specification follows the recommended structure of an SF 146 specification, given in Appendix A of [RFC8480], with the following 147 adaptations: 149 * We have reordered some sections, in particular to have the section 150 on the node behavior at boot (Section 4) appear early in this 151 specification. 152 * We added sections on the interface to the minimal 6TiSCH 153 configuration (Section 2), the use of the SIGNAL command 154 (Section 6), the MSF constants (Section 14) and the MSF statistics 155 (Section 15). 157 2. Interface to the Minimal 6TiSCH Configuration 159 In a TSCH network, time is sliced up into time slots. The time slots 160 are grouped as one or multiple slotframes which repeat over time. 161 The TSCH schedule instructs a node what to do at each time slots, 162 such as transmit, receive or sleep [RFC7554]. In case of a slot to 163 transmit or receive, a channel is assigned to the time slot. The 164 tuple (slot, channel) is indicated as a cell of TSCH schedule. MSF 165 is one of the policies defining how to manage the TSCH schedule. 167 A node implementing MSF SHOULD implement the Minimal 6TiSCH 168 Configuration [RFC8180], which defines the "minimal cell", a single 169 shared cell providing minimal connectivity between the nodes in the 170 network. The MSF implementation provided in this specification is 171 based on the implementation of the Minimal 6TiSCH Configuration. 172 However, an implementor MAY implement MSF based on other 173 specifications as long as the specification defines a way to 174 advertise the EB/DIO among the network. 176 MSF uses the minimal cell for broadcast frames such as Enhanced 177 Beacons (EBs) [IEEE802154] and broadcast DODAG Information Objects 178 (DIOs) [RFC6550]. Cells scheduled by MSF are meant to be used only 179 for unicast frames. 181 To ensure there is enough bandwidth available on the minimal cell, a 182 node implementing MSF SHOULD enforce some rules for limiting the 183 traffic of broadcast frames. For example, the overall broadcast 184 traffic among the node and its neighbors SHOULD NOT exceed 1/3 of the 185 bandwidth of minimal cell. One of the algorithms that fulfills this 186 requirement is the Trickle timer defined in [RFC6206] which is 187 applied on DIO messages [RFC6550]. However, any such algorithm of 188 limiting the broadcast traffic to meet those rules is implementation- 189 specific and is out of the scope of MSF. 191 3 slotframes are used in MSF. MSF schedules autonomous cells at 192 Slotframe 1 (Section 3) and 6P negotiated cells at Slotframe 2 193 (Section 5) ,wh ile Slotframe 0 is used for the bootstrap traffic as 194 defined in the Minimal 6TiSCH Configuration. The same slotframe 195 length for Slotframe 0, 1 and 2 is RECOMMENDED. Thus it is possible 196 to avoid the scheduling collision between the autonomous cells and 6P 197 negotiated cells (Section 3). The default slotframe length 198 (SLOTFRAME_LENGTH) is RECOMMENDED for Slotframe 0, 1 and 2, although 199 any value can be advertised in the EBs. 201 3. Autonomous Cells 203 MSF nodes initialize Slotframe 1 with a set of default cells for 204 unicast communication with their neighbors. These cells are called 205 'autonomous cells', because they are maintained autonomously by each 206 node without negotiation through 6P. Cells scheduled by 6P 207 transaction are called 'negotiated cells' which are reserved on 208 Slotframe 2. How to schedule negotiated cells is detailed in 209 Section 5. There are two types of autonomous cells: 211 * Autonomous Rx Cell (AutoRxCell), one cell at a 212 [slotOffset,channelOffset] computed as a hash of the EUI64 of the 213 node itself (detailed next). Its cell options bits are assigned 214 as TX=0, RX=1, SHARED=0. 215 * Autonomous Tx Cell (AutoTxCell), one cell at a 216 [slotOffset,channelOffset] computed as a hash of the layer 2 EUI64 217 destination address in the unicast frame to be transmitted 218 (detailed in Section 4.4). Its cell options bits are assigned as 219 TX=1, RX=0, SHARED=1. 221 To compute a [slotOffset,channelOffset] from an EUI64 address, nodes 222 MUST use the hash function SAX [SAX-DASFAA]. The coordinates are 223 computed to distribute the cells across all channel offsets, and all 224 but the first slot offset of Slotframe 1. The first time offset is 225 skipped to avoid colliding with the minimal cell in Slotframe 0. The 226 slot coordinates derived from a given EUI64 address are computed as 227 follows: 229 * slotOffset(MAC) = 1 + hash(EUI64, length(Slotframe_1) - 1) 230 * channelOffset(MAC) = hash(EUI64, NUM_CH_OFFSET) 232 The second input parameter defines the maximum return value of the 233 hash function. Other optional parameters defined in SAX determine 234 the performance of SAX hash function. Those parameters could be 235 broadcasted in EB frame or pre-configured. For interoperability 236 purposes, an example how the hash function is implemented is detailed 237 in Appendix A. 239 AutoTxCell is not permanently installed in the schedule but added/ 240 deleted on demand when there is a frame to sent. Throughout the 241 network lifetime, nodes maintain the autonomous cells as follows: 243 * Add an AutoTxCell to the layer 2 destination address which is 244 indicated in a frame when there is no 6P negotiated Tx cell in 245 schedule for that frame to transmit. 246 * Remove an AutoTxCell when: 247 - there is no frame to transmit on that cell, or 248 - there is at least one 6P negotiated Tx cell in the schedule for 249 the frames to transmit. 251 The AutoRxCell MUST always remain scheduled after synchronization. 252 6P CLEAR MUST NOT erase any autonomous cells. 254 Because of hash collisions, there will be cases that the AutoTxCell 255 and AutoRxCell are scheduled at the same slot offset and/or channel 256 offset. In such cases, AutoTxCell always take precedence over 257 AutoRxCell. In case of conflicting with a negotiated cell, 258 autonomous cells take precedence over negotiated cell, which is 259 stated in [IEEE802154]. However, when the Slotframe 0, 1 and 2 use 260 the same length value, it is possible for negotiated cell to avoid 261 the collision with AutoRxCell. 263 4. Node Behavior at Boot 265 This section details the behavior the node SHOULD follow from the 266 moment it is switched on, until it has successfully joined the 267 network. Alternative behaviors may be involved, for example, when 268 alternative security solutions are used for the network. Section 4.1 269 details the start state; Section 4.8 details the end state. The 270 other sections detail the 6 steps of the joining process. We use the 271 term "pledge" and "joined node", as defined in 272 [I-D.ietf-6tisch-minimal-security]. 274 4.1. Start State 276 A node implementing MSF SHOULD implement the Constrained Join 277 Protocol (CoJP) for 6TiSCH [I-D.ietf-6tisch-minimal-security]. As a 278 corollary, this means that a pledge, before being switched on, may be 279 pre-configured with the Pre-Shared Key (PSK) for joining, as well as 280 any other configuration detailed in 281 ([I-D.ietf-6tisch-minimal-security]). This is not necessary if the 282 node implements a security solution not based on PSKs, such as 283 ([I-D.ietf-6tisch-dtsecurity-zerotouch-join]). 285 4.2. Step 1 - Choosing Frequency 287 When switched on, the pledge randomly chooses a frequency among the 288 available frequencies, and starts listening for EBs on that 289 frequency. 291 4.3. Step 2 - Receiving EBs 293 Upon receiving the first EB, the pledge continue listening for 294 additional EBs to learn: 296 1. the number of neighbors N in its vicinity 297 2. which neighbor to choose as a Join Proxy (JP) for the joining 298 process 300 After having received the first EB, a node MAY keep listening for at 301 most MAX_EB_DELAY seconds until it has received EBs from 302 NUM_NEIGHBOURS_TO_WAIT distinct neighbors. This behavior is defined 303 in [RFC8180]. 305 During this step, the pledge only gets synchronized when it received 306 enough EB from the network it wishes to join. How to decide whether 307 an EB originates from a node from the network it wishes to join is 308 implementation-specific, but MAY involve filtering EBs by the PAN ID 309 field it contains, the presence and contents of the IE defined in 310 [I-D.ietf-6tisch-enrollment-enhanced-beacon], or the key used to 311 authenticate it. 313 The decision of which neighbor to use as a JP is implementation- 314 specific, and discussed in [I-D.ietf-6tisch-minimal-security]. 316 4.4. Step 3 - Setting up Autonomous Cells for the Join Process 318 After selected a JP, a node generates a Join Request and installs an 319 AutoTxCell to the JP. The Join Request is then sent by the pledge to 320 its selected JP over the AutoTxCell. The AutoTxCell is removed by 321 the pledge when the Join Request is sent out. The JP receives the 322 Join Request through its AutoRxCell. Then it forwards the Join 323 Request to the join registrar/coordinator (JRC), possibly over 324 multiple hops, over the 6P negotiated Tx cells. Similarly, the JRC 325 sends the Join Response to the JP, possibly over multiple hops, over 326 AutoTxCells or the 6P negotiated Tx cells. When the JP received the 327 Join Response from the JRC, it installs an AutoTxCell to the pledge 328 and sends that Join Response to the pledge over AutoTxCell. The 329 AutoTxCell is removed by the JP when the Join Response is sent out. 330 The pledge receives the Join Response from its AutoRxCell, thereby 331 learns the keying material used in the network, as well as other 332 configuration settings, and becomes a "joined node". 334 When 6LoWPAN Neighbor Discovery ([RFC8505]) (ND) is implemented, the 335 unicast packets used by ND are sent on the AutoTxCell. The specific 336 process how the ND works during the Join process is detailed in 337 [I-D.ietf-6tisch-architecture]. 339 4.5. Step 4 - Acquiring a RPL Rank 341 Per [RFC6550], the joined node receives DIOs, computes its own Rank, 342 and selects a routing parent. 344 4.6. Step 5 - Setting up first Tx negotiated Cells 346 Once it has selected a routing parent, the joined node MUST generate 347 a 6P ADD Request and install an AutoTxCell to that parent. The 6P 348 ADD Request is sent out through the AutoTxCell, containing the 349 following fields: 351 * CellOptions: set to TX=1,RX=0,SHARED=0 352 * NumCells: set to 1 353 * CellList: at least 5 cells, chosen according to Section 8 355 The joined node removes the AutoTxCell to the selected parent when 356 the 6P Request is sent out. That parent receives the 6P ADD Request 357 from its AutoRxCell. Then it generates a 6P ADD Response and 358 installs an AutoTxCell to the joined node. When the parent sends out 359 the 6P ADD Response, it MUST remove that AutoTxCell. The joined node 360 receives the 6P ADD Response from its AutoRxCell and completes the 6P 361 transaction. In case the 6P ADD transaction failed, the node MUST 362 issue another 6P ADD Request and repeat until the Tx cell is 363 installed to the parent. 365 4.7. Step 6 - Send EBs and DIOs 367 The node starts sending EBs and DIOs on the minimal cell, while 368 following the transmit rules for broadcast frames from Section 2. 370 4.8. End State 372 For a new node, the end state of the joining process is: 374 * it is synchronized to the network 375 * it is using the link-layer keying material it learned through the 376 secure joining process 377 * it has selected one neighbor as its routing parent 378 * it has one AutRxCell 379 * it has one negotiated Tx cell to the selected parent 380 * it starts to send DIOs, potentially serving as a router for other 381 nodes' traffic 383 * it starts to send EBs, potentially serving as a JP for new pledge 385 5. Rules for Adding/Deleting Cells 387 Once a node has joined the 6TiSCH network, it adds/deletes/relocates 388 cells with the selected parent for three reasons: 390 * to match the link-layer resources to the traffic between the node 391 and the selected parent (Section 5.1) 392 * to handle switching parent or(Section 5.2) 393 * to handle a schedule collision (Section 5.3) 395 Those cells are called 'negotiated cells' as they are scheduled 396 through 6P, negotiated with the node's parent. Without specific 397 declaring, all cells mentioned in this section are negotiated cells 398 and they are installed at Slotframe 2. 400 5.1. Adapting to Traffic 402 A node implementing MSF MUST implement the behavior described in this 403 section. 405 The goal of MSF is to manage the communication schedule in the 6TiSCH 406 schedule in a distributed manner. For a node, this translates into 407 monitoring the current usage of the cells it has to the selected 408 parent: 410 * If the node determines that the number of link-layer frames it is 411 attempting to exchange with the selected parent per unit of time 412 is larger than the capacity offered by the TSCH negotiated cells 413 it has scheduled with it, the node issues a 6P ADD command to that 414 parent to add cells to the TSCH schedule. 415 * If the traffic is lower than the capacity, the node issues a 6P 416 DELETE command to that parent to delete cells from the TSCH 417 schedule. 419 The node MUST maintain two separate pairs of the following counters 420 for the selected parent, one for the negotiated Tx cells to that 421 parent and one for the negotiated Rx cells to that parent. 423 NumCellsElapsed : Counts the number of negotiated cells that have 424 elapsed since the counter was initialized. This counter is 425 initialized at 0. When the current cell is declared as a 426 negotiated cell to the selected parent, NumCellsElapsed is 427 incremented by exactly 1, regardless of whether the cell is used 428 to transmit/receive a frame. 429 NumCellsUsed: Counts the number of negotiated cells that have been 430 used. This counter is initialized at 0. NumCellsUsed is 431 incremented by exactly 1 when, during a negotiated cell to the 432 selected parent, either of the following happens: 433 * The node sends a frame to the parent. The counter increments 434 regardless of whether a link-layer acknowledgment was received 435 or not. 436 * The node receives a valid frame from the parent. The counter 437 increments only when the frame is a valid IEEE802.15.4 frame. 439 The cell option of cells listed in CellList in 6P Request frame 440 SHOULD be either (Tx=1, Rx=0) only or (Tx=0, Rx=1) only. Both 441 NumCellsElapsed and NumCellsUsed counters can be used to both type of 442 negotiated cells. 444 As there is no negotiated Rx Cell installed at initial time, the 445 AutoRxCell is taken into account as well for downstream traffic 446 adaptation. In this case: 448 * NumCellsElapsed is incremented by exactly 1 when the current cell 449 is AutoRxCell. 450 * NumCellsUsed is incremented by exactly 1 when the node receives a 451 frame from the selected parent on AutoRxCell. 453 Implementors MAY choose to create the same counters for each 454 neighbor, and add them as additional statistics in the neighbor 455 table. 457 The counters are used as follows: 459 1. Both NumCellsElapsed and NumCellsUsed are initialized to 0 when 460 the node boots. 461 2. When the value of NumCellsElapsed reaches MAX_NUM_CELLS: 462 * If NumCellsUsed > LIM_NUMCELLSUSED_HIGH, trigger 6P to add a 463 single cell to the selected parent 464 * If NumCellsUsed < LIM_NUMCELLSUSED_LOW, trigger 6P to remove a 465 single cell to the selected parent 466 * Reset both NumCellsElapsed and NumCellsUsed to 0 and go to 467 step 2. 469 The value of MAX_NUM_CELLS is chosen according to the traffic type of 470 the network. Generally speaking, the larger the value MAX_NUM_CELLS 471 is, the more accurate the cell usage is calculated. The 6P traffic 472 overhead using a larger value of MAX_NUM_CELLS could be reduced as 473 well. Meanwhile, the latency won't increase much by using a larger 474 value of MAX_NUM_CELLS for periodic traffic type. For burst traffic 475 type, larger value of MAX_NUM_CELLS indeed introduces higher latency. 476 The latency caused by slight changes of traffic load can be absolved 477 by the additional scheduled cells. In this sense, MSF is a 478 scheduling function trading latency with energy by scheduling more 479 cells than needed. It is recommended to set MAX_NUM_CELLS value at 480 least 4x of the maximum number of used cells in a slot frame in 481 recent history. For example, a 2 packets/slotframe traffic load 482 results an average 4 cells scheduled (2 cells are used), using at 483 least the value of double number of scheduled cells (which is 8) as 484 MAX_NUM_CELLS gives a good resolution on cell usage calculation. 486 In case that a node booted or disappeared from the network, the cell 487 reserved at the selected parent may be kept in the schedule forever. 488 A clean-up mechanism MUST be provided to resolve this issue. The 489 clean-up mechanism is implementation-specific. The goal is to 490 confirm those negotiated cells are not used anymore by the associated 491 neighbors and remove them from the schedule. 493 5.2. Switching Parent 495 A node implementing MSF SHOULD implement the behavior described in 496 this section. 498 Part of its normal operation, the RPL routing protocol can have a 499 node switch parent. The procedure for switching from the old parent 500 to the new parent is: 502 1. the node counts the number of negotiated cells it has per 503 slotframe to the old parent 504 2. the node triggers one or more 6P ADD commands to schedule the 505 same number of negotiated cells with same cell options to the new 506 parent 507 3. when that successfully completes, the node issues a 6P CLEAR 508 command to its old parent 510 For what type of negotiated cell should be installed first, it 511 depends on which traffic has the higher priority, upstream or 512 downstream, which is application-specific and out-of-scope of MSF. 514 5.3. Handling Schedule Collisions 516 A node implementing MSF SHOULD implement the behavior described in 517 this section. Other schedule collisions handling algorithm can be an 518 alternative of the algorithm proposed in this section. 520 Since scheduling is entirely distributed, there is a non-zero 521 probability that two pairs of nearby neighbor nodes schedule a 522 negotiated cell at the same [slotOffset,channelOffset] location in 523 the TSCH schedule. In that case, data exchanged by the two pairs may 524 collide on that cell. We call this case a "schedule collision". 526 The node MUST maintain the following counters for each negotiated Tx 527 cell to the selected parent: 529 NumTx: Counts the number of transmission attempts on that cell. 530 Each time the node attempts to transmit a frame on that cell, 531 NumTx is incremented by exactly 1. 532 NumTxAck: Counts the number of successful transmission attempts on 533 that cell. Each time the node receives an acknowledgment for a 534 transmission attempt, NumTxAck is incremented by exactly 1. 536 Since both NumTx and NumTxAck are initialized to 0, we necessarily 537 have NumTxAck <= NumTx. We call Packet Delivery Ratio (PDR) the 538 ratio NumTxAck/NumTx; and represent it as a percentage. A cell with 539 PDR=50% means that half of the frames transmitted are not 540 acknowledged. 542 Each time the node switches parent (or during the join process when 543 the node selects a parent for the first time), both NumTx and 544 NumTxAck MUST be reset to 0. They increment over time, as the 545 schedule is executed and the node sends frames to that parent. When 546 NumTx reaches MAX_NUMTX, both NumTx and NumTxAck MUST be divided by 547 2. MAX_NUMTX needs to be a power of two to avoid division error. 548 For example, when MAX_NUMTX is set to 256, from NumTx=255 and 549 NumTxAck=127, the counters become NumTx=128 and NumTxAck=64 if one 550 frame is sent to the parent with an Acknowledgment received. This 551 operation does not change the value of the PDR, but allows the 552 counters to keep incrementing. The value of MAX_NUMTX is 553 implementation-specific. 555 The key for detecting a schedule collision is that, if a node has 556 several cells to the selected parent, all cells should exhibit the 557 same PDR. A cell which exhibits a PDR significantly lower than the 558 others indicates than there are collisions on that cell. 560 Every HOUSEKEEPINGCOLLISION_PERIOD, the node executes the following 561 steps: 563 1. It computes, for each negotiated Tx cell with the parent (not for 564 the autonomous cell), that cell's PDR. 565 2. Any cell that hasn't yet had NumTx divided by 2 since it was last 566 reset is skipped in steps 3 and 4. This avoids triggering cell 567 relocation when the values of NumTx and NumTxAck are not 568 statistically significant yet. 569 3. It identifies the cell with the highest PDR. 570 4. For any other cell, it compares its PDR against that of the cell 571 with the highest PDR. If the difference is larger than 572 RELOCATE_PDRTHRES, it triggers the relocation of that cell using 573 a 6P RELOCATE command. 575 The RELOCATION for negotiated Rx cells is not supported by MSF. 577 6. 6P SIGNAL command 579 The 6P SIGNAL command is not used by MSF. 581 7. Scheduling Function Identifier 583 The Scheduling Function Identifier (SFID) of MSF is 584 IANA_6TISCH_SFID_MSF. How the value of IANA_6TISCH_SFID_MSF is 585 chosen is described in Section 17. 587 8. Rules for CellList 589 MSF uses 2-step 6P Transactions exclusively. 6P transactions are 590 only initiated by a node towards its parent. As a result, the cells 591 to put in the CellList of a 6P ADD command, and in the candidate 592 CellList of a RELOCATE command, are chosen by the node initiating the 593 6P transaction. In both cases, the same rules apply: 595 * The CellList is RECOMMENDED to have 5 or more cells. 596 * Each cell in the CellList MUST have a different slotOffset value. 597 * For each cell in the CellList, the node MUST NOT have any 598 scheduled cell on the same slotOffset. 599 * The slotOffset value of any cell in the CellList MUST NOT be the 600 same as the slotOffset of the minimal cell (slotOffset=0). 601 * The slotOffset of a cell in the CellList SHOULD be randomly and 602 uniformly chosen among all the slotOffset values that satisfy the 603 restrictions above. 604 * The channelOffset of a cell in the CellList SHOULD be randomly and 605 uniformly chosen in [0..numFrequencies], where numFrequencies 606 represents the number of frequencies a node can communicate on. 608 As a consequence of randomly cell selection, there is a non-zero 609 chance that nodes in the vicinity installed cells with same 610 slotOffset and channelOffset. An implementer MAY implement a 611 strategy to monitor the candidate cells before adding them in 612 CellList to avoid collision. For example, a node MAY maintain a 613 candidate cell pool for the CellList. The candidate cells in the 614 pool are pre-configured as Rx cells to promiscuously listen to detect 615 transmissions on those cells. If IEEE802.15.4 transmissions are 616 observed on one cell over multiple iterations of the schedule, that 617 cell is probably used by a TSCH neighbor. It is moved out from the 618 pool and a new cell is selected as a candidate cell. The cells in 619 CellList are picked from the candidate pool directly when required. 621 9. 6P Timeout Value 623 The timeout value is calculated for the worst case that a 6P response 624 is received, which means the 6P response is sent out successfully at 625 the very latest retransmission. And for each retransmission, it 626 backs-off with largest value. Hence the 6P timeout value is 627 calculated as ((2^MAXBE)-1)*MAXRETRIES*SLOTFRAME_LENGTH, where: 629 * MAXBE is the maximum backoff exponent used 630 * MAXRETRIES is the maximum retransmission times 631 * SLOTFRAME_LENGTH represents the length of slotframe 633 10. Rule for Ordering Cells 635 Cells are ordered slotOffset first, channelOffset second. 637 The following sequence is correctly ordered (each element represents 638 the [slottOffset,channelOffset] of a cell in the schedule): 640 [1,3],[1,4],[2,0],[5,3],[6,0],[6,3],[7,9] 642 11. Meaning of the Metadata Field 644 The Metadata field is not used by MSF. 646 12. 6P Error Handling 648 Section 6.2.4 of [RFC8480] lists the 6P Return Codes. Figure 1 lists 649 the same error codes, and the behavior a node implementing MSF SHOULD 650 follow. 652 +-----------------+----------------------+ 653 | Code | RECOMMENDED behavior | 654 +-----------------+----------------------+ 655 | RC_SUCCESS | nothing | 656 | RC_EOL | nothing | 657 | RC_ERR | quarantine | 658 | RC_RESET | quarantine | 659 | RC_ERR_VERSION | quarantine | 660 | RC_ERR_SFID | quarantine | 661 | RC_ERR_SEQNUM | clear | 662 | RC_ERR_CELLLIST | clear | 663 | RC_ERR_BUSY | waitretry | 664 | RC_ERR_LOCKED | waitretry | 665 +-----------------+----------------------+ 667 Figure 1: Recommended behavior for each 6P Error Code. 669 The meaning of each behavior from Figure 1 is: 671 nothing: Indicates that this Return Code is not an error. No error 672 handling behavior is triggered. 673 clear: Abort the 6P Transaction. Issue a 6P CLEAR command to that 674 neighbor (this command may fail at the link layer). Remove all 675 cells scheduled with that neighbor from the local schedule. 676 quarantine: Same behavior as for "clear". In addition, remove the 677 node from the neighbor and routing tables. Place the node's 678 identifier in a quarantine list for QUARANTINE_DURATION. When in 679 quarantine, drop all frames received from that node. 680 waitretry: Abort the 6P Transaction. Wait for a duration randomly 681 and uniformly chosen in [WAIT_DURATION_MIN,WAIT_DURATION_MAX]. 682 Retry the same transaction. 684 13. Schedule Inconsistency Handling 686 The behavior when schedule inconsistency is detected is explained in 687 Figure 1, for 6P Return Code RC_ERR_SEQNUM. 689 14. MSF Constants 691 Figure 2 lists MSF Constants and their RECOMMENDED values. 693 +------------------------------+-------------------+ 694 | Name | RECOMMENDED value | 695 +------------------------------+-------------------+ 696 | SLOTFRAME_LENGTH | 101 slots | 697 | NUM_CH_OFFSET | 16 | 698 | MAX_NUM_CELLS | 100 | 699 | LIM_NUMCELLSUSED_HIGH | 75 | 700 | LIM_NUMCELLSUSED_LOW | 25 | 701 | MAX_NUMTX | 256 | 702 | HOUSEKEEPINGCOLLISION_PERIOD | 1 min | 703 | RELOCATE_PDRTHRES | 50 % | 704 | QUARANTINE_DURATION | 5 min | 705 | WAIT_DURATION_MIN | 30 s | 706 | WAIT_DURATION_MAX | 60 s | 707 +------------------------------+-------------------+ 709 Figure 2: MSF Constants and their RECOMMENDED values. 711 15. MSF Statistics 713 Figure 3 lists MSF Statistics and their RECOMMENDED width. 715 +-----------------+-------------------+ 716 | Name | RECOMMENDED width | 717 +-----------------+-------------------+ 718 | NumCellsElapsed | 1 byte | 719 | NumCellsUsed | 1 byte | 720 | NumTx | 1 byte | 721 | NumTxAck | 1 byte | 722 +-----------------+-------------------+ 724 Figure 3: MSF Statistics and their RECOMMENDED width. 726 16. Security Considerations 728 MSF defines a series of "rules" for the node to follow. It triggers 729 several actions, that are carried out by the protocols defined in the 730 following specifications: the Minimal IPv6 over the TSCH Mode of IEEE 731 802.15.4e (6TiSCH) Configuration [RFC8180], the 6TiSCH Operation 732 Sublayer Protocol (6P) [RFC8480], and the Constrained Join Protocol 733 (CoJP) for 6TiSCH [I-D.ietf-6tisch-minimal-security]. The security 734 considrations of the specifications continue to apply in the MSF 735 scope. In particular, MSF does not define a new protocol or packet 736 format. 738 MSF uses autonomous cells for initial bootstrap and the transport of 739 join traffic. Autonomous cells are computed as a hash of nodes' 740 EUI64 addresses. This makes the coordinates of autonomous cell an 741 easy target for an attacker, as EUI64 addresses are visible on the 742 wire and are not encrypted by the link-layer security mechanism. 743 With the coordinates of autonomous cells available, the attacker can 744 launch a selective jamming attack against any nodes' AutoRxCell. If 745 the attacker targets a node acting as a JP, it can prevent pledges 746 from using that JP to join the network. The pledge detects such a 747 situation through the absence of a link-layer acknowledgment for its 748 Join Request. As it is expected that each pledge will have more than 749 one JP available to join the network, one available countermeasure 750 for the pledge is to pseudo-randomly select a new JP when the link to 751 the previous JP appears bad. Such strategy alleviates the issue of 752 the attacker randomly jamming to disturb the network but does not 753 help in case the attacker is targeting a particular pledge. In that 754 case, the attacker can jam the AutoRxCell of the pledge, in order to 755 prevent it from receiving the join response. This situation should 756 be detected through the absence of a particular node from the network 757 and handled by the network administrator through out-of-band means. 759 MSF adapts to traffic containing packet from the IP layer. It is 760 possible that the IP packet has a non-zero DSCP (Diffserv Code Point 761 [RFC2474]) value in its IPv6 header. The decision how to hand that 762 packet belongs to the upper layer and is out of scope of MSF. As 763 long as the decision is made to hand over to MAC layer to transmit, 764 MSF will take that packet into account when adapting to traffic. 766 Note that non-zero DSCP value may imply that the traffic is 767 originated at unauthenticated pledges, referring to 768 [I-D.ietf-6tisch-minimal-security]. The implementation at IPv6 layer 769 SHOULD rate-limit this join traffic before it is passed to 6top 770 sublayer where MSF can observe it. In case there is no rate limit 771 for join traffic, intermediate nodes in the 6TiSCH network may be 772 prone to a resource exhaustion attack, with the attacker injecting 773 unauthenticated traffic from the network edge. The assumption is 774 that the rate limiting function is aware of the available bandwidth 775 in the 6top L3 bundle(s) towards a next hop, not directly from MSF, 776 but from an interaction with the 6top sublayer that manages 777 ultimately the bundles under MSF's guidance. How this rate-limit is 778 implemented is out of scope of MSF. 780 17. IANA Considerations 782 17.1. MSF Scheduling Function Identifiers 784 This document adds the following number to the "6P Scheduling 785 Function Identifiers" sub-registry, part of the "IPv6 over the TSCH 786 mode of IEEE 802.15.4e (6TiSCH) parameters" registry, as defined by 787 [RFC8480]: 789 +----------------------+-----------------------------+-------------+ 790 | SFID | Name | Reference | 791 +----------------------+-----------------------------+-------------+ 792 | IANA_6TISCH_SFID_MSF | Minimal Scheduling Function | RFC_THIS | 793 | | (MSF) | | 794 +----------------------+-----------------------------+-------------+ 796 Figure 4: New SFID in 6P Scheduling Function Identifiers subregistry. 798 IANA_6TISCH_SFID_MSF is chosen from range 0-127, which is used for 799 IETF Review or IESG Approval. 801 18. Contributors 803 * Beshr Al Nahas (Chalmers University, beshr@chalmers.se) 804 * Olaf Landsiedel (Chalmers University, olafl@chalmers.se) 805 * Yasuyuki Tanaka (Inria-Paris, yasuyuki.tanaka@inria.fr) 807 19. References 809 19.1. Normative References 811 [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal 812 IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) 813 Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, 814 May 2017, . 816 [RFC8480] Wang, Q., Ed., Vilajosana, X., and T. Watteyne, "6TiSCH 817 Operation Sublayer (6top) Protocol (6P)", RFC 8480, 818 DOI 10.17487/RFC8480, November 2018, 819 . 821 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 822 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 823 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 824 Low-Power and Lossy Networks", RFC 6550, 825 DOI 10.17487/RFC6550, March 2012, 826 . 828 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 829 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 830 May 2017, . 832 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 833 "Definition of the Differentiated Services Field (DS 834 Field) in the IPv4 and IPv6 Headers", RFC 2474, 835 DOI 10.17487/RFC2474, December 1998, 836 . 838 [I-D.ietf-6tisch-minimal-security] 839 Vucinic, M., Simon, J., Pister, K., and M. Richardson, 840 "Minimal Security Framework for 6TiSCH", Work in Progress, 841 Internet-Draft, draft-ietf-6tisch-minimal-security-13, 28 842 October 2019, . 845 [I-D.ietf-6tisch-enrollment-enhanced-beacon] 846 Dujovne, D. and M. Richardson, "IEEE 802.15.4 Information 847 Element encapsulation of 6TiSCH Join and Enrollment 848 Information", Work in Progress, Internet-Draft, draft- 849 ietf-6tisch-enrollment-enhanced-beacon-06, 4 November 850 2019, . 853 [I-D.ietf-6tisch-architecture] 854 Thubert, P., "An Architecture for IPv6 over the TSCH mode 855 of IEEE 802.15.4", Work in Progress, Internet-Draft, 856 draft-ietf-6tisch-architecture-28, 29 October 2019, 857 . 860 [IEEE802154] 861 IEEE standard for Information Technology, "IEEE Std 862 802.15.4 Standard for Low-Rate Wireless Personal Area 863 Networks (WPANs)", DOI 10.1109/IEEE P802.15.4-REVd/D01, 864 . 866 [SAX-DASFAA] 867 Ramakrishna, M.V. and J. Zobel, "Performance in Practice 868 of String Hashing Functions", DASFAA , 869 DOI 10.1142/9789812819536_0023, 1997, 870 . 872 19.2. Informative References 874 [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using 875 IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the 876 Internet of Things (IoT): Problem Statement", RFC 7554, 877 DOI 10.17487/RFC7554, May 2015, 878 . 880 [I-D.ietf-6tisch-dtsecurity-zerotouch-join] 881 Richardson, M., "6tisch Zero-Touch Secure Join protocol", 882 Work in Progress, Internet-Draft, draft-ietf-6tisch- 883 dtsecurity-zerotouch-join-04, 8 July 2019, 884 . 887 [RFC6206] Levis, P., Clausen, T., Hui, J., Gnawali, O., and J. Ko, 888 "The Trickle Algorithm", RFC 6206, DOI 10.17487/RFC6206, 889 March 2011, . 891 [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. 892 Perkins, "Registration Extensions for IPv6 over Low-Power 893 Wireless Personal Area Network (6LoWPAN) Neighbor 894 Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, 895 . 897 Appendix A. Example of Implementation of SAX hash function 899 Considering the interoperability, this section provides an example of 900 implemention SAX hash function [SAX-DASFAA]. The input parameters of 901 the function are: 903 * T, which is the hashing table length 904 * c, which is the characters of string s, to be hashed 906 In MSF, the T is replaced by the length of slotframe 1. String s is 907 replaced by the mote EUI64 address. The characters of the string c0, 908 c1, ..., c7 are the 8 bytes of EUI64 address. 910 The SAX hash function requires shift operation which is defined as 911 follow: 913 * L_shift(v,b), which refers to left shift variable v by b bits 914 * R_shift(v,b), which refers to right shift variable v by b bits 916 The steps to calculate the hash value of SAX hash function are: 918 1. initialize variable h to h0 and variable i to 0, where h is the 919 intermediate hash value and i is the index of the bytes of EUI64 920 address 921 2. sum the value of L_shift(h,l_bit), R_shift(h,r_bit) and ci 922 3. calculate the result of exclusive or between the sum value in 923 Step 2 and h 924 4. modulo the result of Step 3 by T 925 5. assign the result of Step 4 to h 926 6. increase i by 1 927 7. repeat Step2 to Step 6 until i reaches to 8 929 The value of variable h is the hash value of SAX hash function. 931 The values of h0, l_bit and r_bit in Step 1 and 2 are configured as: 933 * h0 = 0 934 * l_bit = 0 935 * r_bit = 1 937 The appropriate values of l_bit and r_bit could vary depending on the 938 the set of motes' EUI64 address. How to find those values is out of 939 the scope of this specification. 941 Authors' Addresses 943 Tengfei Chang (editor) 944 Inria 945 2 rue Simone Iff 946 75012 Paris 947 France 949 Email: tengfei.chang@inria.fr 951 Malisa Vucinic 952 Inria 953 2 rue Simone Iff 954 75012 Paris 955 France 957 Email: malisa.vucinic@inria.fr 959 Xavier Vilajosana 960 Universitat Oberta de Catalunya 961 156 Rambla Poblenou 962 08018 Barcelona Catalonia 963 Spain 965 Email: xvilajosana@uoc.edu 967 Simon Duquennoy 968 RISE SICS 969 Isafjordsgatan 22 970 SE- 164 29 Kista 971 Sweden 973 Email: simon.duquennoy@gmail.com 975 Diego Dujovne 976 Universidad Diego Portales 977 Escuela de Informatica y Telecomunicaciones 978 Av. Ejercito 441 979 Santiago 980 Region Metropolitana 981 Chile 983 Phone: +56 (2) 676-8121 984 Email: diego.dujovne@mail.udp.cl