idnits 2.17.1 draft-ietf-6tisch-msf-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (24 March 2020) is 1487 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 641 -- Looks like a reference, but probably isn't: '3' on line 641 -- Looks like a reference, but probably isn't: '4' on line 641 -- Looks like a reference, but probably isn't: '2' on line 641 -- Looks like a reference, but probably isn't: '0' on line 641 -- Looks like a reference, but probably isn't: '5' on line 641 -- Looks like a reference, but probably isn't: '6' on line 641 -- Looks like a reference, but probably isn't: '7' on line 641 -- Looks like a reference, but probably isn't: '9' on line 641 == Outdated reference: A later version (-15) exists of draft-ietf-6tisch-minimal-security-13 == Outdated reference: A later version (-14) exists of draft-ietf-6tisch-enrollment-enhanced-beacon-06 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-28 ** Downref: Normative reference to an Informational draft: draft-ietf-6tisch-architecture (ref. 'I-D.ietf-6tisch-architecture') -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE802154' -- Possible downref: Non-RFC (?) normative reference: ref. 'SAX-DASFAA' Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6TiSCH T. Chang, Ed. 3 Internet-Draft M. Vucinic 4 Intended status: Standards Track Inria 5 Expires: 25 September 2020 X. Vilajosana 6 Universitat Oberta de Catalunya 7 S. Duquennoy 8 RISE SICS 9 D. Dujovne 10 Universidad Diego Portales 11 24 March 2020 13 6TiSCH Minimal Scheduling Function (MSF) 14 draft-ietf-6tisch-msf-14 16 Abstract 18 This specification defines the 6TiSCH Minimal Scheduling Function 19 (MSF). This Scheduling Function describes both the behavior of a 20 node when joining the network, and how the communication schedule is 21 managed in a distributed fashion. MSF is built upon the 6TiSCH 22 Operation Sublayer Protocol (6P) and the Minimal Security Framework 23 for 6TiSCH. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in [RFC8174]. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on 25 September 2020. 48 Copyright Notice 50 Copyright (c) 2020 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 55 license-info) in effect on the date of publication of this document. 56 Please review these documents carefully, as they describe your rights 57 and restrictions with respect to this document. Code Components 58 extracted from this document must include Simplified BSD License text 59 as described in Section 4.e of the Trust Legal Provisions and are 60 provided without warranty as described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Interface to the Minimal 6TiSCH Configuration . . . . . . . . 4 66 3. Autonomous Cells . . . . . . . . . . . . . . . . . . . . . . 5 67 4. Node Behavior at Boot . . . . . . . . . . . . . . . . . . . . 6 68 4.1. Start State . . . . . . . . . . . . . . . . . . . . . . . 6 69 4.2. Step 1 - Choosing Frequency . . . . . . . . . . . . . . . 7 70 4.3. Step 2 - Receiving EBs . . . . . . . . . . . . . . . . . 7 71 4.4. Step 3 - Setting up Autonomous Cells for the Join 72 Process . . . . . . . . . . . . . . . . . . . . . . . . . 7 73 4.5. Step 4 - Acquiring a RPL Rank . . . . . . . . . . . . . . 8 74 4.6. Step 5 - Setting up first Tx negotiated Cells . . . . . . 8 75 4.7. Step 6 - Send EBs and DIOs . . . . . . . . . . . . . . . 8 76 4.8. End State . . . . . . . . . . . . . . . . . . . . . . . . 8 77 5. Rules for Adding/Deleting Cells . . . . . . . . . . . . . . . 9 78 5.1. Adapting to Traffic . . . . . . . . . . . . . . . . . . . 9 79 5.2. Switching Parent . . . . . . . . . . . . . . . . . . . . 11 80 5.3. Handling Schedule Collisions . . . . . . . . . . . . . . 11 81 6. 6P SIGNAL command . . . . . . . . . . . . . . . . . . . . . . 13 82 7. Scheduling Function Identifier . . . . . . . . . . . . . . . 13 83 8. Rules for CellList . . . . . . . . . . . . . . . . . . . . . 13 84 9. 6P Timeout Value . . . . . . . . . . . . . . . . . . . . . . 14 85 10. Rule for Ordering Cells . . . . . . . . . . . . . . . . . . . 14 86 11. Meaning of the Metadata Field . . . . . . . . . . . . . . . . 14 87 12. 6P Error Handling . . . . . . . . . . . . . . . . . . . . . . 14 88 13. Schedule Inconsistency Handling . . . . . . . . . . . . . . . 15 89 14. MSF Constants . . . . . . . . . . . . . . . . . . . . . . . . 15 90 15. MSF Statistics . . . . . . . . . . . . . . . . . . . . . . . 15 91 16. Security Considerations . . . . . . . . . . . . . . . . . . . 16 92 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 93 17.1. MSF Scheduling Function Identifiers . . . . . . . . . . 17 94 18. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 17 95 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 96 19.1. Normative References . . . . . . . . . . . . . . . . . . 17 97 19.2. Informative References . . . . . . . . . . . . . . . . . 19 98 Appendix A. Example of Implementation of SAX hash function . . . 19 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 101 1. Introduction 103 The 6TiSCH Minimal Scheduling Function (MSF), defined in this 104 specification, is a 6TiSCH Scheduling Function (SF). The role of an 105 SF is entirely defined in [RFC8480]. This specification complements 106 [RFC8480] by providing the rules of when to add/delete cells in the 107 communication schedule. This specification satisfies all the 108 requirements for an SF listed in Section 4.2 of [RFC8480]. 110 MSF builds on top of the following specifications: the Minimal IPv6 111 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) Configuration 112 [RFC8180], the 6TiSCH Operation Sublayer Protocol (6P) [RFC8480], and 113 the Minimal Security Framework for 6TiSCH 114 [I-D.ietf-6tisch-minimal-security]. 116 MSF defines both the behavior of a node when joining the network, and 117 how the communication schedule is managed in a distributed fashion. 118 When a node running MSF boots up, it joins the network by following 119 the 6 steps described in Section 4. The end state of the join 120 process is that the node is synchronized to the network, has mutually 121 authenticated with the network, has identified a routing parent, and 122 has scheduled one negotiated Tx cell (defined in Section 5.1) to/from 123 its routing parent. After the join process, the node can 124 continuously add/delete/relocate cells, as described in Section 5. 125 It does so for 3 reasons: to match the link-layer resources to the 126 traffic, to handle changing parent and to handle a schedule 127 collision. 129 MSF works closely with the IPv6 Routing Protocol for Low-Power and 130 Lossy Networks (RPL), specifically the routing parent defined in 131 [RFC6550]. This specification only describes how MSF works with the 132 selected routing parent, which is phrased as "selected parent". The 133 activity of MSF towards the single routing parent is called a "MSF 134 session". Though the performance of MSF is evaluated only when the 135 "selected parent" represents the node's preferred parent, there 136 should be no restrictions to use multiple MSF sessions, one per 137 parent. The distribution of traffic over multiple parents is a 138 routing decision that is out of scope for MSF. 140 MSF is designed to operate in a wide range of application domains. 141 It is optimized for applications with regular upstream traffic, from 142 the nodes to the Destination-Oriented Directed Acyclic Graph (DODAG 143 [RFC6550]) root. 145 This specification follows the recommended structure of an SF 146 specification, given in Appendix A of [RFC8480], with the following 147 adaptations: 149 * We have reordered some sections, in particular to have the section 150 on the node behavior at boot (Section 4) appear early in this 151 specification. 152 * We added sections on the interface to the minimal 6TiSCH 153 configuration (Section 2), the use of the SIGNAL command 154 (Section 6), the MSF constants (Section 14) and the MSF statistics 155 (Section 15). 157 2. Interface to the Minimal 6TiSCH Configuration 159 In a TSCH network, time is sliced up into time slots. The time slots 160 are grouped as one or multiple slotframes which repeat over time. 161 The TSCH schedule instructs a node what to do at each time slots, 162 such as transmit, receive or sleep [RFC7554]. In case of a slot to 163 transmit or receive, a channel is assigned to the time slot. The 164 tuple (slot, channel) is indicated as a cell of TSCH schedule. MSF 165 is one of the policies defining how to manage the TSCH schedule. 167 A node implementing MSF SHOULD implement the Minimal 6TiSCH 168 Configuration [RFC8180], which defines the "minimal cell", a single 169 shared cell providing minimal connectivity between the nodes in the 170 network. The MSF implementation provided in this specification is 171 based on the implementation of the Minimal 6TiSCH Configuration. 172 However, an implementor MAY implement MSF based on other 173 specifications as long as the specification defines a way to 174 advertise the EB/DIO among the network. 176 MSF uses the minimal cell for broadcast frames such as Enhanced 177 Beacons (EBs) [IEEE802154] and broadcast DODAG Information Objects 178 (DIOs) [RFC6550]. Cells scheduled by MSF are meant to be used only 179 for unicast frames. 181 To ensure there is enough bandwidth available on the minimal cell, a 182 node implementing MSF SHOULD enforce some rules for limiting the 183 traffic of broadcast frames. For example, the overall broadcast 184 traffic among the node and its neighbors SHOULD NOT exceed 1/3 of the 185 bandwidth of minimal cell. One of the algorithms that fulfills this 186 requirement is the Trickle timer defined in [RFC6206] which is 187 applied on DIO messages [RFC6550]. However, any such algorithm of 188 limiting the broadcast traffic to meet those rules is implementation- 189 specific and is out of the scope of MSF. 191 3 slotframes are used in MSF. MSF schedules autonomous cells at 192 Slotframe 1 (Section 3) and 6P negotiated cells at Slotframe 2 193 (Section 5) ,wh ile Slotframe 0 is used for the bootstrap traffic as 194 defined in the Minimal 6TiSCH Configuration. The same slotframe 195 length for Slotframe 0, 1 and 2 is RECOMMENDED. Thus it is possible 196 to avoid the scheduling collision between the autonomous cells and 6P 197 negotiated cells (Section 3). The default slotframe length 198 (SLOTFRAME_LENGTH) is RECOMMENDED for Slotframe 0, 1 and 2, although 199 any value can be advertised in the EBs. 201 3. Autonomous Cells 203 MSF nodes initialize Slotframe 1 with a set of default cells for 204 unicast communication with their neighbors. These cells are called 205 'autonomous cells', because they are maintained autonomously by each 206 node without negotiation through 6P. Cells scheduled by 6P 207 transaction are called 'negotiated cells' which are reserved on 208 Slotframe 2. How to schedule negotiated cells is detailed in 209 Section 5. There are two types of autonomous cells: 211 * Autonomous Rx Cell (AutoRxCell), one cell at a 212 [slotOffset,channelOffset] computed as a hash of the EUI64 of the 213 node itself (detailed next). Its cell options bits are assigned 214 as TX=0, RX=1, SHARED=0. 215 * Autonomous Tx Cell (AutoTxCell), one cell at a 216 [slotOffset,channelOffset] computed as a hash of the layer 2 EUI64 217 destination address in the unicast frame to be transmitted 218 (detailed in Section 4.4). Its cell options bits are assigned as 219 TX=1, RX=0, SHARED=1. 221 To compute a [slotOffset,channelOffset] from an EUI64 address, nodes 222 MUST use the hash function SAX as defined in Section 2 of 223 [SAX-DASFAA] with consistent input parameters, for example, those 224 defined in Appendix A. The coordinates are computed to distribute 225 the cells across all channel offsets, and all but the first slot 226 offset of Slotframe 1. The first time offset is skipped to avoid 227 colliding with the minimal cell in Slotframe 0. The slot coordinates 228 derived from a given EUI64 address are computed as follows: 230 * slotOffset(MAC) = 1 + hash(EUI64, length(Slotframe_1) - 1) 231 * channelOffset(MAC) = hash(EUI64, NUM_CH_OFFSET) 233 The second input parameter defines the maximum return value of the 234 hash function. Other optional parameters defined in SAX determine 235 the performance of SAX hash function. Those parameters could be 236 broadcasted in EB frame or pre-configured. For interoperability 237 purposes, the values of those parameters can be referred from 238 Appendix A. 240 AutoTxCell is not permanently installed in the schedule but added/ 241 deleted on demand when there is a frame to sent. Throughout the 242 network lifetime, nodes maintain the autonomous cells as follows: 244 * Add an AutoTxCell to the layer 2 destination address which is 245 indicated in a frame when there is no 6P negotiated Tx cell in 246 schedule for that frame to transmit. 247 * Remove an AutoTxCell when: 248 - there is no frame to transmit on that cell, or 249 - there is at least one 6P negotiated Tx cell in the schedule for 250 the frames to transmit. 252 The AutoRxCell MUST always remain scheduled after synchronization. 253 6P CLEAR MUST NOT erase any autonomous cells. 255 Because of hash collisions, there will be cases that the AutoTxCell 256 and AutoRxCell are scheduled at the same slot offset and/or channel 257 offset. In such cases, AutoTxCell always take precedence over 258 AutoRxCell. In case of conflicting with a negotiated cell, 259 autonomous cells take precedence over negotiated cell, which is 260 stated in [IEEE802154]. However, when the Slotframe 0, 1 and 2 use 261 the same length value, it is possible for negotiated cell to avoid 262 the collision with AutoRxCell. 264 4. Node Behavior at Boot 266 This section details the behavior the node SHOULD follow from the 267 moment it is switched on, until it has successfully joined the 268 network. Alternative behaviors may be involved, for example, when 269 alternative security solutions are used for the network. Section 4.1 270 details the start state; Section 4.8 details the end state. The 271 other sections detail the 6 steps of the joining process. We use the 272 term "pledge" and "joined node", as defined in 273 [I-D.ietf-6tisch-minimal-security]. 275 4.1. Start State 277 A node implementing MSF SHOULD implement the Constrained Join 278 Protocol (CoJP) for 6TiSCH [I-D.ietf-6tisch-minimal-security]. As a 279 corollary, this means that a pledge, before being switched on, may be 280 pre-configured with the Pre-Shared Key (PSK) for joining, as well as 281 any other configuration detailed in 282 ([I-D.ietf-6tisch-minimal-security]). This is not necessary if the 283 node implements a security solution not based on PSKs, such as 284 ([I-D.ietf-6tisch-dtsecurity-zerotouch-join]). 286 4.2. Step 1 - Choosing Frequency 288 When switched on, the pledge randomly chooses a frequency among the 289 available frequencies, and starts listening for EBs on that 290 frequency. 292 4.3. Step 2 - Receiving EBs 294 Upon receiving the first EB, the pledge continue listening for 295 additional EBs to learn: 297 1. the number of neighbors N in its vicinity 298 2. which neighbor to choose as a Join Proxy (JP) for the joining 299 process 301 After having received the first EB, a node MAY keep listening for at 302 most MAX_EB_DELAY seconds until it has received EBs from 303 NUM_NEIGHBOURS_TO_WAIT distinct neighbors. This behavior is defined 304 in [RFC8180]. 306 During this step, the pledge only gets synchronized when it received 307 enough EB from the network it wishes to join. How to decide whether 308 an EB originates from a node from the network it wishes to join is 309 implementation-specific, but MAY involve filtering EBs by the PAN ID 310 field it contains, the presence and contents of the IE defined in 311 [I-D.ietf-6tisch-enrollment-enhanced-beacon], or the key used to 312 authenticate it. 314 The decision of which neighbor to use as a JP is implementation- 315 specific, and discussed in [I-D.ietf-6tisch-minimal-security]. 317 4.4. Step 3 - Setting up Autonomous Cells for the Join Process 319 After selected a JP, a node generates a Join Request and installs an 320 AutoTxCell to the JP. The Join Request is then sent by the pledge to 321 its selected JP over the AutoTxCell. The AutoTxCell is removed by 322 the pledge when the Join Request is sent out. The JP receives the 323 Join Request through its AutoRxCell. Then it forwards the Join 324 Request to the join registrar/coordinator (JRC), possibly over 325 multiple hops, over the 6P negotiated Tx cells. Similarly, the JRC 326 sends the Join Response to the JP, possibly over multiple hops, over 327 AutoTxCells or the 6P negotiated Tx cells. When the JP received the 328 Join Response from the JRC, it installs an AutoTxCell to the pledge 329 and sends that Join Response to the pledge over AutoTxCell. The 330 AutoTxCell is removed by the JP when the Join Response is sent out. 331 The pledge receives the Join Response from its AutoRxCell, thereby 332 learns the keying material used in the network, as well as other 333 configuration settings, and becomes a "joined node". 335 When 6LoWPAN Neighbor Discovery ([RFC8505]) (ND) is implemented, the 336 unicast packets used by ND are sent on the AutoTxCell. The specific 337 process how the ND works during the Join process is detailed in 338 [I-D.ietf-6tisch-architecture]. 340 4.5. Step 4 - Acquiring a RPL Rank 342 Per [RFC6550], the joined node receives DIOs, computes its own Rank, 343 and selects a routing parent. 345 4.6. Step 5 - Setting up first Tx negotiated Cells 347 Once it has selected a routing parent, the joined node MUST generate 348 a 6P ADD Request and install an AutoTxCell to that parent. The 6P 349 ADD Request is sent out through the AutoTxCell, containing the 350 following fields: 352 * CellOptions: set to TX=1,RX=0,SHARED=0 353 * NumCells: set to 1 354 * CellList: at least 5 cells, chosen according to Section 8 356 The joined node removes the AutoTxCell to the selected parent when 357 the 6P Request is sent out. That parent receives the 6P ADD Request 358 from its AutoRxCell. Then it generates a 6P ADD Response and 359 installs an AutoTxCell to the joined node. When the parent sends out 360 the 6P ADD Response, it MUST remove that AutoTxCell. The joined node 361 receives the 6P ADD Response from its AutoRxCell and completes the 6P 362 transaction. In case the 6P ADD transaction failed, the node MUST 363 issue another 6P ADD Request and repeat until the Tx cell is 364 installed to the parent. 366 4.7. Step 6 - Send EBs and DIOs 368 The node starts sending EBs and DIOs on the minimal cell, while 369 following the transmit rules for broadcast frames from Section 2. 371 4.8. End State 373 For a new node, the end state of the joining process is: 375 * it is synchronized to the network 376 * it is using the link-layer keying material it learned through the 377 secure joining process 378 * it has selected one neighbor as its routing parent 379 * it has one AutRxCell 380 * it has one negotiated Tx cell to the selected parent 381 * it starts to send DIOs, potentially serving as a router for other 382 nodes' traffic 384 * it starts to send EBs, potentially serving as a JP for new pledge 386 5. Rules for Adding/Deleting Cells 388 Once a node has joined the 6TiSCH network, it adds/deletes/relocates 389 cells with the selected parent for three reasons: 391 * to match the link-layer resources to the traffic between the node 392 and the selected parent (Section 5.1) 393 * to handle switching parent or(Section 5.2) 394 * to handle a schedule collision (Section 5.3) 396 Those cells are called 'negotiated cells' as they are scheduled 397 through 6P, negotiated with the node's parent. Without specific 398 declaring, all cells mentioned in this section are negotiated cells 399 and they are installed at Slotframe 2. 401 5.1. Adapting to Traffic 403 A node implementing MSF MUST implement the behavior described in this 404 section. 406 The goal of MSF is to manage the communication schedule in the 6TiSCH 407 schedule in a distributed manner. For a node, this translates into 408 monitoring the current usage of the cells it has to the selected 409 parent: 411 * If the node determines that the number of link-layer frames it is 412 attempting to exchange with the selected parent per unit of time 413 is larger than the capacity offered by the TSCH negotiated cells 414 it has scheduled with it, the node issues a 6P ADD command to that 415 parent to add cells to the TSCH schedule. 416 * If the traffic is lower than the capacity, the node issues a 6P 417 DELETE command to that parent to delete cells from the TSCH 418 schedule. 420 The node MUST maintain two separate pairs of the following counters 421 for the selected parent, one for the negotiated Tx cells to that 422 parent and one for the negotiated Rx cells to that parent. 424 NumCellsElapsed : Counts the number of negotiated cells that have 425 elapsed since the counter was initialized. This counter is 426 initialized at 0. When the current cell is declared as a 427 negotiated cell to the selected parent, NumCellsElapsed is 428 incremented by exactly 1, regardless of whether the cell is used 429 to transmit/receive a frame. 430 NumCellsUsed: Counts the number of negotiated cells that have been 431 used. This counter is initialized at 0. NumCellsUsed is 432 incremented by exactly 1 when, during a negotiated cell to the 433 selected parent, either of the following happens: 434 * The node sends a frame to the parent. The counter increments 435 regardless of whether a link-layer acknowledgment was received 436 or not. 437 * The node receives a valid frame from the parent. The counter 438 increments only when the frame is a valid IEEE802.15.4 frame. 440 The cell option of cells listed in CellList in 6P Request frame 441 SHOULD be either (Tx=1, Rx=0) only or (Tx=0, Rx=1) only. Both 442 NumCellsElapsed and NumCellsUsed counters can be used to both type of 443 negotiated cells. 445 As there is no negotiated Rx Cell installed at initial time, the 446 AutoRxCell is taken into account as well for downstream traffic 447 adaptation. In this case: 449 * NumCellsElapsed is incremented by exactly 1 when the current cell 450 is AutoRxCell. 451 * NumCellsUsed is incremented by exactly 1 when the node receives a 452 frame from the selected parent on AutoRxCell. 454 Implementors MAY choose to create the same counters for each 455 neighbor, and add them as additional statistics in the neighbor 456 table. 458 The counters are used as follows: 460 1. Both NumCellsElapsed and NumCellsUsed are initialized to 0 when 461 the node boots. 462 2. When the value of NumCellsElapsed reaches MAX_NUM_CELLS: 463 * If NumCellsUsed > LIM_NUMCELLSUSED_HIGH, trigger 6P to add a 464 single cell to the selected parent 465 * If NumCellsUsed < LIM_NUMCELLSUSED_LOW, trigger 6P to remove a 466 single cell to the selected parent 467 * Reset both NumCellsElapsed and NumCellsUsed to 0 and go to 468 step 2. 470 The value of MAX_NUM_CELLS is chosen according to the traffic type of 471 the network. Generally speaking, the larger the value MAX_NUM_CELLS 472 is, the more accurate the cell usage is calculated. The 6P traffic 473 overhead using a larger value of MAX_NUM_CELLS could be reduced as 474 well. Meanwhile, the latency won't increase much by using a larger 475 value of MAX_NUM_CELLS for periodic traffic type. For burst traffic 476 type, larger value of MAX_NUM_CELLS indeed introduces higher latency. 477 The latency caused by slight changes of traffic load can be absolved 478 by the additional scheduled cells. In this sense, MSF is a 479 scheduling function trading latency with energy by scheduling more 480 cells than needed. It is recommended to set MAX_NUM_CELLS value at 481 least 4x of the maximum number of used cells in a slot frame in 482 recent history. For example, a 2 packets/slotframe traffic load 483 results an average 4 cells scheduled (2 cells are used), using at 484 least the value of double number of scheduled cells (which is 8) as 485 MAX_NUM_CELLS gives a good resolution on cell usage calculation. 487 In case that a node booted or disappeared from the network, the cell 488 reserved at the selected parent may be kept in the schedule forever. 489 A clean-up mechanism MUST be provided to resolve this issue. The 490 clean-up mechanism is implementation-specific. The goal is to 491 confirm those negotiated cells are not used anymore by the associated 492 neighbors and remove them from the schedule. 494 5.2. Switching Parent 496 A node implementing MSF SHOULD implement the behavior described in 497 this section. 499 Part of its normal operation, the RPL routing protocol can have a 500 node switch parent. The procedure for switching from the old parent 501 to the new parent is: 503 1. the node counts the number of negotiated cells it has per 504 slotframe to the old parent 505 2. the node triggers one or more 6P ADD commands to schedule the 506 same number of negotiated cells with same cell options to the new 507 parent 508 3. when that successfully completes, the node issues a 6P CLEAR 509 command to its old parent 511 For what type of negotiated cell should be installed first, it 512 depends on which traffic has the higher priority, upstream or 513 downstream, which is application-specific and out-of-scope of MSF. 515 5.3. Handling Schedule Collisions 517 A node implementing MSF SHOULD implement the behavior described in 518 this section. Other schedule collisions handling algorithm can be an 519 alternative of the algorithm proposed in this section. 521 Since scheduling is entirely distributed, there is a non-zero 522 probability that two pairs of nearby neighbor nodes schedule a 523 negotiated cell at the same [slotOffset,channelOffset] location in 524 the TSCH schedule. In that case, data exchanged by the two pairs may 525 collide on that cell. We call this case a "schedule collision". 527 The node MUST maintain the following counters for each negotiated Tx 528 cell to the selected parent: 530 NumTx: Counts the number of transmission attempts on that cell. 531 Each time the node attempts to transmit a frame on that cell, 532 NumTx is incremented by exactly 1. 533 NumTxAck: Counts the number of successful transmission attempts on 534 that cell. Each time the node receives an acknowledgment for a 535 transmission attempt, NumTxAck is incremented by exactly 1. 537 Since both NumTx and NumTxAck are initialized to 0, we necessarily 538 have NumTxAck <= NumTx. We call Packet Delivery Ratio (PDR) the 539 ratio NumTxAck/NumTx; and represent it as a percentage. A cell with 540 PDR=50% means that half of the frames transmitted are not 541 acknowledged. 543 Each time the node switches parent (or during the join process when 544 the node selects a parent for the first time), both NumTx and 545 NumTxAck MUST be reset to 0. They increment over time, as the 546 schedule is executed and the node sends frames to that parent. When 547 NumTx reaches MAX_NUMTX, both NumTx and NumTxAck MUST be divided by 548 2. MAX_NUMTX needs to be a power of two to avoid division error. 549 For example, when MAX_NUMTX is set to 256, from NumTx=255 and 550 NumTxAck=127, the counters become NumTx=128 and NumTxAck=64 if one 551 frame is sent to the parent with an Acknowledgment received. This 552 operation does not change the value of the PDR, but allows the 553 counters to keep incrementing. The value of MAX_NUMTX is 554 implementation-specific. 556 The key for detecting a schedule collision is that, if a node has 557 several cells to the selected parent, all cells should exhibit the 558 same PDR. A cell which exhibits a PDR significantly lower than the 559 others indicates than there are collisions on that cell. 561 Every HOUSEKEEPINGCOLLISION_PERIOD, the node executes the following 562 steps: 564 1. It computes, for each negotiated Tx cell with the parent (not for 565 the autonomous cell), that cell's PDR. 566 2. Any cell that hasn't yet had NumTx divided by 2 since it was last 567 reset is skipped in steps 3 and 4. This avoids triggering cell 568 relocation when the values of NumTx and NumTxAck are not 569 statistically significant yet. 570 3. It identifies the cell with the highest PDR. 571 4. For any other cell, it compares its PDR against that of the cell 572 with the highest PDR. If the difference is larger than 573 RELOCATE_PDRTHRES, it triggers the relocation of that cell using 574 a 6P RELOCATE command. 576 The RELOCATION for negotiated Rx cells is not supported by MSF. 578 6. 6P SIGNAL command 580 The 6P SIGNAL command is not used by MSF. 582 7. Scheduling Function Identifier 584 The Scheduling Function Identifier (SFID) of MSF is 585 IANA_6TISCH_SFID_MSF. How the value of IANA_6TISCH_SFID_MSF is 586 chosen is described in Section 17. 588 8. Rules for CellList 590 MSF uses 2-step 6P Transactions exclusively. 6P transactions are 591 only initiated by a node towards its parent. As a result, the cells 592 to put in the CellList of a 6P ADD command, and in the candidate 593 CellList of a RELOCATE command, are chosen by the node initiating the 594 6P transaction. In both cases, the same rules apply: 596 * The CellList is RECOMMENDED to have 5 or more cells. 597 * Each cell in the CellList MUST have a different slotOffset value. 598 * For each cell in the CellList, the node MUST NOT have any 599 scheduled cell on the same slotOffset. 600 * The slotOffset value of any cell in the CellList MUST NOT be the 601 same as the slotOffset of the minimal cell (slotOffset=0). 602 * The slotOffset of a cell in the CellList SHOULD be randomly and 603 uniformly chosen among all the slotOffset values that satisfy the 604 restrictions above. 605 * The channelOffset of a cell in the CellList SHOULD be randomly and 606 uniformly chosen in [0..numFrequencies], where numFrequencies 607 represents the number of frequencies a node can communicate on. 609 As a consequence of randomly cell selection, there is a non-zero 610 chance that nodes in the vicinity installed cells with same 611 slotOffset and channelOffset. An implementer MAY implement a 612 strategy to monitor the candidate cells before adding them in 613 CellList to avoid collision. For example, a node MAY maintain a 614 candidate cell pool for the CellList. The candidate cells in the 615 pool are pre-configured as Rx cells to promiscuously listen to detect 616 transmissions on those cells. If IEEE802.15.4 transmissions are 617 observed on one cell over multiple iterations of the schedule, that 618 cell is probably used by a TSCH neighbor. It is moved out from the 619 pool and a new cell is selected as a candidate cell. The cells in 620 CellList are picked from the candidate pool directly when required. 622 9. 6P Timeout Value 624 The timeout value is calculated for the worst case that a 6P response 625 is received, which means the 6P response is sent out successfully at 626 the very latest retransmission. And for each retransmission, it 627 backs-off with largest value. Hence the 6P timeout value is 628 calculated as ((2^MAXBE)-1)*MAXRETRIES*SLOTFRAME_LENGTH, where: 630 * MAXBE is the maximum backoff exponent used 631 * MAXRETRIES is the maximum retransmission times 632 * SLOTFRAME_LENGTH represents the length of slotframe 634 10. Rule for Ordering Cells 636 Cells are ordered slotOffset first, channelOffset second. 638 The following sequence is correctly ordered (each element represents 639 the [slottOffset,channelOffset] of a cell in the schedule): 641 [1,3],[1,4],[2,0],[5,3],[6,0],[6,3],[7,9] 643 11. Meaning of the Metadata Field 645 The Metadata field is not used by MSF. 647 12. 6P Error Handling 649 Section 6.2.4 of [RFC8480] lists the 6P Return Codes. Figure 1 lists 650 the same error codes, and the behavior a node implementing MSF SHOULD 651 follow. 653 +-----------------+----------------------+ 654 | Code | RECOMMENDED behavior | 655 +-----------------+----------------------+ 656 | RC_SUCCESS | nothing | 657 | RC_EOL | nothing | 658 | RC_ERR | quarantine | 659 | RC_RESET | quarantine | 660 | RC_ERR_VERSION | quarantine | 661 | RC_ERR_SFID | quarantine | 662 | RC_ERR_SEQNUM | clear | 663 | RC_ERR_CELLLIST | clear | 664 | RC_ERR_BUSY | waitretry | 665 | RC_ERR_LOCKED | waitretry | 666 +-----------------+----------------------+ 668 Figure 1: Recommended behavior for each 6P Error Code. 670 The meaning of each behavior from Figure 1 is: 672 nothing: Indicates that this Return Code is not an error. No error 673 handling behavior is triggered. 674 clear: Abort the 6P Transaction. Issue a 6P CLEAR command to that 675 neighbor (this command may fail at the link layer). Remove all 676 cells scheduled with that neighbor from the local schedule. 677 quarantine: Same behavior as for "clear". In addition, remove the 678 node from the neighbor and routing tables. Place the node's 679 identifier in a quarantine list for QUARANTINE_DURATION. When in 680 quarantine, drop all frames received from that node. 681 waitretry: Abort the 6P Transaction. Wait for a duration randomly 682 and uniformly chosen in [WAIT_DURATION_MIN,WAIT_DURATION_MAX]. 683 Retry the same transaction. 685 13. Schedule Inconsistency Handling 687 The behavior when schedule inconsistency is detected is explained in 688 Figure 1, for 6P Return Code RC_ERR_SEQNUM. 690 14. MSF Constants 692 Figure 2 lists MSF Constants and their RECOMMENDED values. 694 +------------------------------+-------------------+ 695 | Name | RECOMMENDED value | 696 +------------------------------+-------------------+ 697 | SLOTFRAME_LENGTH | 101 slots | 698 | NUM_CH_OFFSET | 16 | 699 | MAX_NUM_CELLS | 100 | 700 | LIM_NUMCELLSUSED_HIGH | 75 | 701 | LIM_NUMCELLSUSED_LOW | 25 | 702 | MAX_NUMTX | 256 | 703 | HOUSEKEEPINGCOLLISION_PERIOD | 1 min | 704 | RELOCATE_PDRTHRES | 50 % | 705 | QUARANTINE_DURATION | 5 min | 706 | WAIT_DURATION_MIN | 30 s | 707 | WAIT_DURATION_MAX | 60 s | 708 +------------------------------+-------------------+ 710 Figure 2: MSF Constants and their RECOMMENDED values. 712 15. MSF Statistics 714 Figure 3 lists MSF Statistics and their RECOMMENDED width. 716 +-----------------+-------------------+ 717 | Name | RECOMMENDED width | 718 +-----------------+-------------------+ 719 | NumCellsElapsed | 1 byte | 720 | NumCellsUsed | 1 byte | 721 | NumTx | 1 byte | 722 | NumTxAck | 1 byte | 723 +-----------------+-------------------+ 725 Figure 3: MSF Statistics and their RECOMMENDED width. 727 16. Security Considerations 729 MSF defines a series of "rules" for the node to follow. It triggers 730 several actions, that are carried out by the protocols defined in the 731 following specifications: the Minimal IPv6 over the TSCH Mode of IEEE 732 802.15.4e (6TiSCH) Configuration [RFC8180], the 6TiSCH Operation 733 Sublayer Protocol (6P) [RFC8480], and the Constrained Join Protocol 734 (CoJP) for 6TiSCH [I-D.ietf-6tisch-minimal-security]. The security 735 considrations of the specifications continue to apply in the MSF 736 scope. In particular, MSF does not define a new protocol or packet 737 format. 739 MSF uses autonomous cells for initial bootstrap and the transport of 740 join traffic. Autonomous cells are computed as a hash of nodes' 741 EUI64 addresses. This makes the coordinates of autonomous cell an 742 easy target for an attacker, as EUI64 addresses are visible on the 743 wire and are not encrypted by the link-layer security mechanism. 744 With the coordinates of autonomous cells available, the attacker can 745 launch a selective jamming attack against any nodes' AutoRxCell. If 746 the attacker targets a node acting as a JP, it can prevent pledges 747 from using that JP to join the network. The pledge detects such a 748 situation through the absence of a link-layer acknowledgment for its 749 Join Request. As it is expected that each pledge will have more than 750 one JP available to join the network, one available countermeasure 751 for the pledge is to pseudo-randomly select a new JP when the link to 752 the previous JP appears bad. Such strategy alleviates the issue of 753 the attacker randomly jamming to disturb the network but does not 754 help in case the attacker is targeting a particular pledge. In that 755 case, the attacker can jam the AutoRxCell of the pledge, in order to 756 prevent it from receiving the join response. This situation should 757 be detected through the absence of a particular node from the network 758 and handled by the network administrator through out-of-band means. 760 MSF adapts to traffic containing packet from the IP layer. It is 761 possible that the IP packet has a non-zero DSCP (Diffserv Code Point 762 [RFC2474]) value in its IPv6 header. The decision how to hand that 763 packet belongs to the upper layer and is out of scope of MSF. As 764 long as the decision is made to hand over to MAC layer to transmit, 765 MSF will take that packet into account when adapting to traffic. 767 Note that non-zero DSCP value may imply that the traffic is 768 originated at unauthenticated pledges, referring to 769 [I-D.ietf-6tisch-minimal-security]. The implementation at IPv6 layer 770 SHOULD rate-limit this join traffic before it is passed to 6top 771 sublayer where MSF can observe it. In case there is no rate limit 772 for join traffic, intermediate nodes in the 6TiSCH network may be 773 prone to a resource exhaustion attack, with the attacker injecting 774 unauthenticated traffic from the network edge. The assumption is 775 that the rate limiting function is aware of the available bandwidth 776 in the 6top L3 bundle(s) towards a next hop, not directly from MSF, 777 but from an interaction with the 6top sublayer that manages 778 ultimately the bundles under MSF's guidance. How this rate-limit is 779 implemented is out of scope of MSF. 781 17. IANA Considerations 783 17.1. MSF Scheduling Function Identifiers 785 This document adds the following number to the "6P Scheduling 786 Function Identifiers" sub-registry, part of the "IPv6 over the TSCH 787 mode of IEEE 802.15.4e (6TiSCH) parameters" registry, as defined by 788 [RFC8480]: 790 +----------------------+-----------------------------+-------------+ 791 | SFID | Name | Reference | 792 +----------------------+-----------------------------+-------------+ 793 | IANA_6TISCH_SFID_MSF | Minimal Scheduling Function | RFC_THIS | 794 | | (MSF) | | 795 +----------------------+-----------------------------+-------------+ 797 Figure 4: New SFID in 6P Scheduling Function Identifiers subregistry. 799 IANA_6TISCH_SFID_MSF is chosen from range 0-127, which is used for 800 IETF Review or IESG Approval. 802 18. Contributors 804 * Beshr Al Nahas (Chalmers University, beshr@chalmers.se) 805 * Olaf Landsiedel (Chalmers University, olafl@chalmers.se) 806 * Yasuyuki Tanaka (Inria-Paris, yasuyuki.tanaka@inria.fr) 808 19. References 810 19.1. Normative References 812 [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal 813 IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) 814 Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, 815 May 2017, . 817 [RFC8480] Wang, Q., Ed., Vilajosana, X., and T. Watteyne, "6TiSCH 818 Operation Sublayer (6top) Protocol (6P)", RFC 8480, 819 DOI 10.17487/RFC8480, November 2018, 820 . 822 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 823 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 824 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 825 Low-Power and Lossy Networks", RFC 6550, 826 DOI 10.17487/RFC6550, March 2012, 827 . 829 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 830 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 831 May 2017, . 833 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 834 "Definition of the Differentiated Services Field (DS 835 Field) in the IPv4 and IPv6 Headers", RFC 2474, 836 DOI 10.17487/RFC2474, December 1998, 837 . 839 [I-D.ietf-6tisch-minimal-security] 840 Vucinic, M., Simon, J., Pister, K., and M. Richardson, 841 "Minimal Security Framework for 6TiSCH", Work in Progress, 842 Internet-Draft, draft-ietf-6tisch-minimal-security-13, 28 843 October 2019, . 846 [I-D.ietf-6tisch-enrollment-enhanced-beacon] 847 Dujovne, D. and M. Richardson, "IEEE 802.15.4 Information 848 Element encapsulation of 6TiSCH Join and Enrollment 849 Information", Work in Progress, Internet-Draft, draft- 850 ietf-6tisch-enrollment-enhanced-beacon-06, 4 November 851 2019, . 854 [I-D.ietf-6tisch-architecture] 855 Thubert, P., "An Architecture for IPv6 over the TSCH mode 856 of IEEE 802.15.4", Work in Progress, Internet-Draft, 857 draft-ietf-6tisch-architecture-28, 29 October 2019, 858 . 861 [IEEE802154] 862 IEEE standard for Information Technology, "IEEE Std 863 802.15.4 Standard for Low-Rate Wireless Personal Area 864 Networks (WPANs)", DOI 10.1109/IEEE P802.15.4-REVd/D01, 865 . 867 [SAX-DASFAA] 868 Ramakrishna, M.V. and J. Zobel, "Performance in Practice 869 of String Hashing Functions", DASFAA , 870 DOI 10.1142/9789812819536_0023, 1997, 871 . 873 19.2. Informative References 875 [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using 876 IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the 877 Internet of Things (IoT): Problem Statement", RFC 7554, 878 DOI 10.17487/RFC7554, May 2015, 879 . 881 [I-D.ietf-6tisch-dtsecurity-zerotouch-join] 882 Richardson, M., "6tisch Zero-Touch Secure Join protocol", 883 Work in Progress, Internet-Draft, draft-ietf-6tisch- 884 dtsecurity-zerotouch-join-04, 8 July 2019, 885 . 888 [RFC6206] Levis, P., Clausen, T., Hui, J., Gnawali, O., and J. Ko, 889 "The Trickle Algorithm", RFC 6206, DOI 10.17487/RFC6206, 890 March 2011, . 892 [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. 893 Perkins, "Registration Extensions for IPv6 over Low-Power 894 Wireless Personal Area Network (6LoWPAN) Neighbor 895 Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, 896 . 898 Appendix A. Example of Implementation of SAX hash function 900 Considering the interoperability, this section provides an example of 901 implemention SAX hash function [SAX-DASFAA]. The input parameters of 902 the function are: 904 * T, which is the hashing table length 905 * c, which is the characters of string s, to be hashed 907 In MSF, the T is replaced by the length of slotframe 1. String s is 908 replaced by the mote EUI64 address. The characters of the string c0, 909 c1, ..., c7 are the 8 bytes of EUI64 address. 911 The SAX hash function requires shift operation which is defined as 912 follow: 914 * L_shift(v,b), which refers to left shift variable v by b bits 915 * R_shift(v,b), which refers to right shift variable v by b bits 917 The steps to calculate the hash value of SAX hash function are: 919 1. initialize variable h to h0 and variable i to 0, where h is the 920 intermediate hash value and i is the index of the bytes of EUI64 921 address 922 2. sum the value of L_shift(h,l_bit), R_shift(h,r_bit) and ci 923 3. calculate the result of exclusive or between the sum value in 924 Step 2 and h 925 4. modulo the result of Step 3 by T 926 5. assign the result of Step 4 to h 927 6. increase i by 1 928 7. repeat Step2 to Step 6 until i reaches to 8 930 The value of variable h is the hash value of SAX hash function. 932 The values of h0, l_bit and r_bit in Step 1 and 2 are configured as: 934 * h0 = 0 935 * l_bit = 0 936 * r_bit = 1 938 The appropriate values of l_bit and r_bit could vary depending on the 939 the set of motes' EUI64 address. How to find those values is out of 940 the scope of this specification. 942 Authors' Addresses 944 Tengfei Chang (editor) 945 Inria 946 2 rue Simone Iff 947 75012 Paris 948 France 950 Email: tengfei.chang@inria.fr 952 Malisa Vucinic 953 Inria 954 2 rue Simone Iff 955 75012 Paris 956 France 958 Email: malisa.vucinic@inria.fr 960 Xavier Vilajosana 961 Universitat Oberta de Catalunya 962 156 Rambla Poblenou 963 08018 Barcelona Catalonia 964 Spain 966 Email: xvilajosana@uoc.edu 968 Simon Duquennoy 969 RISE SICS 970 Isafjordsgatan 22 971 SE- 164 29 Kista 972 Sweden 974 Email: simon.duquennoy@gmail.com 976 Diego Dujovne 977 Universidad Diego Portales 978 Escuela de Informatica y Telecomunicaciones 979 Av. Ejercito 441 980 Santiago 981 Region Metropolitana 982 Chile 984 Phone: +56 (2) 676-8121 985 Email: diego.dujovne@mail.udp.cl