idnits 2.17.1 draft-ietf-6tisch-msf-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (2 April 2020) is 1475 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 652 -- Looks like a reference, but probably isn't: '3' on line 652 -- Looks like a reference, but probably isn't: '4' on line 652 -- Looks like a reference, but probably isn't: '2' on line 652 -- Looks like a reference, but probably isn't: '0' on line 652 -- Looks like a reference, but probably isn't: '5' on line 652 -- Looks like a reference, but probably isn't: '6' on line 652 -- Looks like a reference, but probably isn't: '7' on line 652 -- Looks like a reference, but probably isn't: '9' on line 652 == Outdated reference: A later version (-15) exists of draft-ietf-6tisch-minimal-security-13 == Outdated reference: A later version (-14) exists of draft-ietf-6tisch-enrollment-enhanced-beacon-06 == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-28 ** Downref: Normative reference to an Informational draft: draft-ietf-6tisch-architecture (ref. 'I-D.ietf-6tisch-architecture') -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE802154' -- Possible downref: Non-RFC (?) normative reference: ref. 'SAX-DASFAA' Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6TiSCH T. Chang, Ed. 3 Internet-Draft M. Vucinic 4 Intended status: Standards Track Inria 5 Expires: 4 October 2020 X. Vilajosana 6 Universitat Oberta de Catalunya 7 S. Duquennoy 8 RISE SICS 9 D. Dujovne 10 Universidad Diego Portales 11 2 April 2020 13 6TiSCH Minimal Scheduling Function (MSF) 14 draft-ietf-6tisch-msf-16 16 Abstract 18 This specification defines the 6TiSCH Minimal Scheduling Function 19 (MSF). This Scheduling Function describes both the behavior of a 20 node when joining the network, and how the communication schedule is 21 managed in a distributed fashion. MSF is built upon the 6TiSCH 22 Operation Sublayer Protocol (6P) and the Minimal Security Framework 23 for 6TiSCH. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 29 "OPTIONAL" in this document are to be interpreted as described in BCP 30 14 [RFC2119] [RFC8174] when, and only when, they appear in all 31 capitals, as shown here. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on 4 October 2020. 50 Copyright Notice 52 Copyright (c) 2020 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 57 license-info) in effect on the date of publication of this document. 58 Please review these documents carefully, as they describe your rights 59 and restrictions with respect to this document. Code Components 60 extracted from this document must include Simplified BSD License text 61 as described in Section 4.e of the Trust Legal Provisions and are 62 provided without warranty as described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 2. Interface to the Minimal 6TiSCH Configuration . . . . . . . . 4 68 3. Autonomous Cells . . . . . . . . . . . . . . . . . . . . . . 5 69 4. Node Behavior at Boot . . . . . . . . . . . . . . . . . . . . 6 70 4.1. Start State . . . . . . . . . . . . . . . . . . . . . . . 6 71 4.2. Step 1 - Choosing Frequency . . . . . . . . . . . . . . . 7 72 4.3. Step 2 - Receiving EBs . . . . . . . . . . . . . . . . . 7 73 4.4. Step 3 - Setting up Autonomous Cells for the Join 74 Process . . . . . . . . . . . . . . . . . . . . . . . . . 7 75 4.5. Step 4 - Acquiring a RPL Rank . . . . . . . . . . . . . . 8 76 4.6. Step 5 - Setting up first Tx negotiated Cells . . . . . . 8 77 4.7. Step 6 - Send EBs and DIOs . . . . . . . . . . . . . . . 8 78 4.8. End State . . . . . . . . . . . . . . . . . . . . . . . . 8 79 5. Rules for Adding/Deleting Cells . . . . . . . . . . . . . . . 9 80 5.1. Adapting to Traffic . . . . . . . . . . . . . . . . . . . 9 81 5.2. Switching Parent . . . . . . . . . . . . . . . . . . . . 11 82 5.3. Handling Schedule Collisions . . . . . . . . . . . . . . 11 83 6. 6P SIGNAL command . . . . . . . . . . . . . . . . . . . . . . 13 84 7. Scheduling Function Identifier . . . . . . . . . . . . . . . 13 85 8. Rules for CellList . . . . . . . . . . . . . . . . . . . . . 13 86 9. 6P Timeout Value . . . . . . . . . . . . . . . . . . . . . . 14 87 10. Rule for Ordering Cells . . . . . . . . . . . . . . . . . . . 14 88 11. Meaning of the Metadata Field . . . . . . . . . . . . . . . . 14 89 12. 6P Error Handling . . . . . . . . . . . . . . . . . . . . . . 14 90 13. Schedule Inconsistency Handling . . . . . . . . . . . . . . . 15 91 14. MSF Constants . . . . . . . . . . . . . . . . . . . . . . . . 15 92 15. MSF Statistics . . . . . . . . . . . . . . . . . . . . . . . 16 93 16. Security Considerations . . . . . . . . . . . . . . . . . . . 16 94 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 95 17.1. MSF Scheduling Function Identifiers . . . . . . . . . . 17 96 18. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 97 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 98 19.1. Normative References . . . . . . . . . . . . . . . . . . 18 99 19.2. Informative References . . . . . . . . . . . . . . . . . 19 100 Appendix A. Example of Implementation of SAX hash function . . . 20 101 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 103 1. Introduction 105 The 6TiSCH Minimal Scheduling Function (MSF), defined in this 106 specification, is a 6TiSCH Scheduling Function (SF). The role of an 107 SF is entirely defined in [RFC8480]. This specification complements 108 [RFC8480] by providing the rules of when to add/delete cells in the 109 communication schedule. This specification satisfies all the 110 requirements for an SF listed in Section 4.2 of [RFC8480]. 112 MSF builds on top of the following specifications: the Minimal IPv6 113 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) Configuration 114 [RFC8180], the 6TiSCH Operation Sublayer Protocol (6P) [RFC8480], and 115 the Minimal Security Framework for 6TiSCH 116 [I-D.ietf-6tisch-minimal-security]. 118 MSF defines both the behavior of a node when joining the network, and 119 how the communication schedule is managed in a distributed fashion. 120 When a node running MSF boots up, it joins the network by following 121 the 6 steps described in Section 4. The end state of the join 122 process is that the node is synchronized to the network, has mutually 123 authenticated with the network, has identified a routing parent, and 124 has scheduled one negotiated Tx cell (defined in Section 5.1) to/from 125 its routing parent. After the join process, the node can 126 continuously add/delete/relocate cells, as described in Section 5. 127 It does so for 3 reasons: to match the link-layer resources to the 128 traffic, to handle changing parent and to handle a schedule 129 collision. 131 MSF works closely with the IPv6 Routing Protocol for Low-Power and 132 Lossy Networks (RPL), specifically the routing parent defined in 133 [RFC6550]. This specification only describes how MSF works with the 134 selected routing parent, which is phrased as "selected parent". The 135 activity of MSF towards the single routing parent is called a "MSF 136 session". Though the performance of MSF is evaluated only when the 137 "selected parent" represents the node's preferred parent, there 138 should be no restrictions to use multiple MSF sessions, one per 139 parent. The distribution of traffic over multiple parents is a 140 routing decision that is out of scope for MSF. 142 MSF is designed to operate in a wide range of application domains. 143 It is optimized for applications with regular upstream traffic, from 144 the nodes to the Destination-Oriented Directed Acyclic Graph (DODAG 145 [RFC6550]) root. 147 This specification follows the recommended structure of an SF 148 specification, given in Appendix A of [RFC8480], with the following 149 adaptations: 151 * We have reordered some sections, in particular to have the section 152 on the node behavior at boot (Section 4) appear early in this 153 specification. 154 * We added sections on the interface to the minimal 6TiSCH 155 configuration (Section 2), the use of the SIGNAL command 156 (Section 6), the MSF constants (Section 14) and the MSF statistics 157 (Section 15). 159 2. Interface to the Minimal 6TiSCH Configuration 161 In a TSCH network, time is sliced up into time slots. The time slots 162 are grouped as one or multiple slotframes which repeat over time. 163 The TSCH schedule instructs a node what to do at each time slots, 164 such as transmit, receive or sleep [RFC7554]. In case of a slot to 165 transmit or receive, a channel is assigned to the time slot. The 166 tuple (slot, channel) is indicated as a cell of TSCH schedule. MSF 167 is one of the policies defining how to manage the TSCH schedule. 169 A node implementing MSF SHOULD implement the Minimal 6TiSCH 170 Configuration [RFC8180], which defines the "minimal cell", a single 171 shared cell providing minimal connectivity between the nodes in the 172 network. The MSF implementation provided in this specification is 173 based on the implementation of the Minimal 6TiSCH Configuration. 174 However, an implementor MAY implement MSF based on other 175 specifications as long as the specification defines a way to 176 advertise the EB/DIO among the network. 178 MSF uses the minimal cell for broadcast frames such as Enhanced 179 Beacons (EBs) [IEEE802154] and broadcast DODAG Information Objects 180 (DIOs) [RFC6550]. Cells scheduled by MSF are meant to be used only 181 for unicast frames. 183 To ensure there is enough bandwidth available on the minimal cell, a 184 node implementing MSF SHOULD enforce some rules for limiting the 185 traffic of broadcast frames. For example, the overall broadcast 186 traffic among the node and its neighbors SHOULD NOT exceed 1/3 of the 187 bandwidth of minimal cell. One of the algorithms that fulfills this 188 requirement is the Trickle timer defined in [RFC6206] which is 189 applied on DIO messages [RFC6550]. However, any such algorithm of 190 limiting the broadcast traffic to meet those rules is implementation- 191 specific and is out of the scope of MSF. 193 3 slotframes are used in MSF. MSF schedules autonomous cells at 194 Slotframe 1 (Section 3) and 6P negotiated cells at Slotframe 2 195 (Section 5) ,wh ile Slotframe 0 is used for the bootstrap traffic as 196 defined in the Minimal 6TiSCH Configuration. The same slotframe 197 length for Slotframe 0, 1 and 2 is RECOMMENDED. Thus it is possible 198 to avoid the scheduling collision between the autonomous cells and 6P 199 negotiated cells (Section 3). The default slotframe length 200 (SLOTFRAME_LENGTH) is RECOMMENDED for Slotframe 0, 1 and 2, although 201 any value can be advertised in the EBs. 203 3. Autonomous Cells 205 MSF nodes initialize Slotframe 1 with a set of default cells for 206 unicast communication with their neighbors. These cells are called 207 'autonomous cells', because they are maintained autonomously by each 208 node without negotiation through 6P. Cells scheduled by 6P 209 transaction are called 'negotiated cells' which are reserved on 210 Slotframe 2. How to schedule negotiated cells is detailed in 211 Section 5. There are two types of autonomous cells: 213 * Autonomous Rx Cell (AutoRxCell), one cell at a 214 [slotOffset,channelOffset] computed as a hash of the EUI64 of the 215 node itself (detailed next). Its cell options bits are assigned 216 as TX=0, RX=1, SHARED=0. 217 * Autonomous Tx Cell (AutoTxCell), one cell at a 218 [slotOffset,channelOffset] computed as a hash of the layer 2 EUI64 219 destination address in the unicast frame to be transmitted 220 (detailed in Section 4.4). Its cell options bits are assigned as 221 TX=1, RX=0, SHARED=1. 223 To compute a [slotOffset,channelOffset] from an EUI64 address, nodes 224 MUST use the hash function SAX as defined in Section 2 of 225 [SAX-DASFAA] with consistent input parameters, for example, those 226 defined in Appendix A. The coordinates are computed to distribute 227 the cells across all channel offsets, and all but the first slot 228 offset of Slotframe 1. The first time offset is skipped to avoid 229 colliding with the minimal cell in Slotframe 0. The slot coordinates 230 derived from a given EUI64 address are computed as follows: 232 * slotOffset(MAC) = 1 + hash(EUI64, length(Slotframe_1) - 1) 233 * channelOffset(MAC) = hash(EUI64, NUM_CH_OFFSET) 235 The second input parameter defines the maximum return value of the 236 hash function. Other optional parameters defined in SAX determine 237 the performance of SAX hash function. Those parameters could be 238 broadcasted in EB frame or pre-configured. For interoperability 239 purposes, the values of those parameters can be referred from 240 Appendix A. 242 AutoTxCell is not permanently installed in the schedule but added/ 243 deleted on demand when there is a frame to sent. Throughout the 244 network lifetime, nodes maintain the autonomous cells as follows: 246 * Add an AutoTxCell to the layer 2 destination address which is 247 indicated in a frame when there is no 6P negotiated Tx cell in 248 schedule for that frame to transmit. 249 * Remove an AutoTxCell when: 250 - there is no frame to transmit on that cell, or 251 - there is at least one 6P negotiated Tx cell in the schedule for 252 the frames to transmit. 254 The AutoRxCell MUST always remain scheduled after synchronization. 255 6P CLEAR MUST NOT erase any autonomous cells. 257 Because of hash collisions, there will be cases that the AutoTxCell 258 and AutoRxCell are scheduled at the same slot offset and/or channel 259 offset. In such cases, AutoTxCell always take precedence over 260 AutoRxCell. Notice AutoTxCell is a shared type cell which applies 261 backs-off mechanism. When the AutoTxCell and AutoRxCell are 262 collided, AutoTxCell takes precedence if there is a packet to 263 transmit. In case in a backs-off period, AutoRxCell is used. In 264 case of conflicting with a negotiated cell, autonomous cells take 265 precedence over negotiated cell, which is stated in [IEEE802154]. 266 However, when the Slotframe 0, 1 and 2 use the same length value, it 267 is possible for negotiated cell to avoid the collision with 268 AutoRxCell. Hence, the same slotframe length for Slotframe 0, 1 and 269 2 is RECOMMENDED. 271 4. Node Behavior at Boot 273 This section details the behavior the node SHOULD follow from the 274 moment it is switched on, until it has successfully joined the 275 network. Alternative behaviors may be involved, for example, when 276 alternative security solutions are used for the network. Section 4.1 277 details the start state; Section 4.8 details the end state. The 278 other sections detail the 6 steps of the joining process. We use the 279 term "pledge" and "joined node", as defined in 280 [I-D.ietf-6tisch-minimal-security]. 282 4.1. Start State 284 A node implementing MSF SHOULD implement the Constrained Join 285 Protocol (CoJP) for 6TiSCH [I-D.ietf-6tisch-minimal-security]. As a 286 corollary, this means that a pledge, before being switched on, may be 287 pre-configured with the Pre-Shared Key (PSK) for joining, as well as 288 any other configuration detailed in 289 ([I-D.ietf-6tisch-minimal-security]). This is not necessary if the 290 node implements a security solution not based on PSKs, such as 291 ([I-D.ietf-6tisch-dtsecurity-zerotouch-join]). 293 4.2. Step 1 - Choosing Frequency 295 When switched on, the pledge randomly chooses a frequency from the 296 channels that the network cycles amongst, and starts listening for 297 EBs on that frequency. 299 4.3. Step 2 - Receiving EBs 301 Upon receiving the first EB, the pledge continue listening for 302 additional EBs to learn: 304 1. the number of neighbors N in its vicinity 305 2. which neighbor to choose as a Join Proxy (JP) for the joining 306 process 308 After having received the first EB, a node MAY keep listening for at 309 most MAX_EB_DELAY seconds or until it has received EBs from 310 NUM_NEIGHBOURS_TO_WAIT distinct neighbors. This behavior is defined 311 in [RFC8180]. 313 During this step, the pledge only gets synchronized when it received 314 enough EB from the network it wishes to join. How to decide whether 315 an EB originates from a node from the network it wishes to join is 316 implementation-specific, but MAY involve filtering EBs by the PAN ID 317 field it contains, the presence and contents of the IE defined in 318 [I-D.ietf-6tisch-enrollment-enhanced-beacon], or the key used to 319 authenticate it. 321 The decision of which neighbor to use as a JP is implementation- 322 specific, and discussed in [I-D.ietf-6tisch-minimal-security]. 324 4.4. Step 3 - Setting up Autonomous Cells for the Join Process 326 After selected a JP, a node generates a Join Request and installs an 327 AutoTxCell to the JP. The Join Request is then sent by the pledge to 328 its selected JP over the AutoTxCell. The AutoTxCell is removed by 329 the pledge when the Join Request is sent out. The JP receives the 330 Join Request through its AutoRxCell. Then it forwards the Join 331 Request to the join registrar/coordinator (JRC), possibly over 332 multiple hops, over the 6P negotiated Tx cells. Similarly, the JRC 333 sends the Join Response to the JP, possibly over multiple hops, over 334 AutoTxCells or the 6P negotiated Tx cells. When the JP received the 335 Join Response from the JRC, it installs an AutoTxCell to the pledge 336 and sends that Join Response to the pledge over AutoTxCell. The 337 AutoTxCell is removed by the JP when the Join Response is sent out. 338 The pledge receives the Join Response from its AutoRxCell, thereby 339 learns the keying material used in the network, as well as other 340 configuration settings, and becomes a "joined node". 342 When 6LoWPAN Neighbor Discovery ([RFC8505]) (ND) is implemented, the 343 unicast packets used by ND are sent on the AutoTxCell. The specific 344 process how the ND works during the Join process is detailed in 345 [I-D.ietf-6tisch-architecture]. 347 4.5. Step 4 - Acquiring a RPL Rank 349 Per [RFC6550], the joined node receives DIOs, computes its own Rank, 350 and selects a routing parent. 352 4.6. Step 5 - Setting up first Tx negotiated Cells 354 Once it has selected a routing parent, the joined node MUST generate 355 a 6P ADD Request and install an AutoTxCell to that parent. The 6P 356 ADD Request is sent out through the AutoTxCell, containing the 357 following fields: 359 * CellOptions: set to TX=1,RX=0,SHARED=0 360 * NumCells: set to 1 361 * CellList: at least 5 cells, chosen according to Section 8 363 The joined node removes the AutoTxCell to the selected parent when 364 the 6P Request is sent out. That parent receives the 6P ADD Request 365 from its AutoRxCell. Then it generates a 6P ADD Response and 366 installs an AutoTxCell to the joined node. When the parent sends out 367 the 6P ADD Response, it MUST remove that AutoTxCell. The joined node 368 receives the 6P ADD Response from its AutoRxCell and completes the 6P 369 transaction. In case the 6P ADD transaction failed, the node MUST 370 issue another 6P ADD Request and repeat until the Tx cell is 371 installed to the parent. 373 4.7. Step 6 - Send EBs and DIOs 375 The node starts sending EBs and DIOs on the minimal cell, while 376 following the transmit rules for broadcast frames from Section 2. 378 4.8. End State 380 For a new node, the end state of the joining process is: 382 * it is synchronized to the network 383 * it is using the link-layer keying material it learned through the 384 secure joining process 386 * it has selected one neighbor as its routing parent 387 * it has one AutRxCell 388 * it has one negotiated Tx cell to the selected parent 389 * it starts to send DIOs, potentially serving as a router for other 390 nodes' traffic 391 * it starts to send EBs, potentially serving as a JP for new pledge 393 5. Rules for Adding/Deleting Cells 395 Once a node has joined the 6TiSCH network, it adds/deletes/relocates 396 cells with the selected parent for three reasons: 398 * to match the link-layer resources to the traffic between the node 399 and the selected parent (Section 5.1) 400 * to handle switching parent or(Section 5.2) 401 * to handle a schedule collision (Section 5.3) 403 Those cells are called 'negotiated cells' as they are scheduled 404 through 6P, negotiated with the node's parent. Without specific 405 declaring, all cells mentioned in this section are negotiated cells 406 and they are installed at Slotframe 2. 408 5.1. Adapting to Traffic 410 A node implementing MSF MUST implement the behavior described in this 411 section. 413 The goal of MSF is to manage the communication schedule in the 6TiSCH 414 schedule in a distributed manner. For a node, this translates into 415 monitoring the current usage of the cells it has to one of its 416 neighbors, most cases to the selected parent. 418 * If the node determines that the number of link-layer frames it is 419 attempting to exchange with the selected parent per unit of time 420 is larger than the capacity offered by the TSCH negotiated cells 421 it has scheduled with it, the node issues a 6P ADD command to that 422 parent to add cells to the TSCH schedule. 423 * If the traffic is lower than the capacity, the node issues a 6P 424 DELETE command to that parent to delete cells from the TSCH 425 schedule. 427 The node MUST maintain two separate pairs of the following counters 428 for the selected parent, one for the negotiated Tx cells to that 429 parent and one for the negotiated Rx cells to that parent. 431 NumCellsElapsed : Counts the number of negotiated cells that have 432 elapsed since the counter was initialized. This counter is 433 initialized at 0. When the current cell is declared as a 434 negotiated cell to the selected parent, NumCellsElapsed is 435 incremented by exactly 1, regardless of whether the cell is used 436 to transmit/receive a frame. 437 NumCellsUsed: Counts the number of negotiated cells that have been 438 used. This counter is initialized at 0. NumCellsUsed is 439 incremented by exactly 1 when, during a negotiated cell to the 440 selected parent, either of the following happens: 441 * The node sends a frame to the parent. The counter increments 442 regardless of whether a link-layer acknowledgment was received 443 or not. 444 * The node receives a valid frame from the parent. The counter 445 increments only when the frame is a valid IEEE802.15.4 frame. 447 The cell option of cells listed in CellList in 6P Request frame 448 SHOULD be either (Tx=1, Rx=0) only or (Tx=0, Rx=1) only. Both 449 NumCellsElapsed and NumCellsUsed counters can be used to both type of 450 negotiated cells. 452 As there is no negotiated Rx Cell installed at initial time, the 453 AutoRxCell is taken into account as well for downstream traffic 454 adaptation. In this case: 456 * NumCellsElapsed is incremented by exactly 1 when the current cell 457 is AutoRxCell. 458 * NumCellsUsed is incremented by exactly 1 when the node receives a 459 frame from the selected parent on AutoRxCell. 461 Implementors MAY choose to create the same counters for each 462 neighbor, and add them as additional statistics in the neighbor 463 table. 465 The counters are used as follows: 467 1. Both NumCellsElapsed and NumCellsUsed are initialized to 0 when 468 the node boots. 469 2. When the value of NumCellsElapsed reaches MAX_NUM_CELLS: 470 * If NumCellsUsed > LIM_NUMCELLSUSED_HIGH, trigger 6P to add a 471 single cell to the selected parent 472 * If NumCellsUsed < LIM_NUMCELLSUSED_LOW, trigger 6P to remove a 473 single cell to the selected parent 474 * Reset both NumCellsElapsed and NumCellsUsed to 0 and go to 475 step 2. 477 The value of MAX_NUM_CELLS is chosen according to the traffic type of 478 the network. Generally speaking, the larger the value MAX_NUM_CELLS 479 is, the more accurate the cell usage is calculated. The 6P traffic 480 overhead using a larger value of MAX_NUM_CELLS could be reduced as 481 well. Meanwhile, the latency won't increase much by using a larger 482 value of MAX_NUM_CELLS for periodic traffic type. For burst traffic 483 type, larger value of MAX_NUM_CELLS indeed introduces higher latency. 484 The latency caused by slight changes of traffic load can be absolved 485 by the additional scheduled cells. In this sense, MSF is a 486 scheduling function trading latency with energy by scheduling more 487 cells than needed. It is recommended to set MAX_NUM_CELLS value at 488 least 4x of the maximum number of used cells in a slot frame in 489 recent history. For example, a 2 packets/slotframe traffic load 490 results an average 4 cells scheduled (2 cells are used), using at 491 least the value of double number of scheduled cells (which is 8) as 492 MAX_NUM_CELLS gives a good resolution on cell usage calculation. 494 In case that a node booted or disappeared from the network, the cell 495 reserved at the selected parent may be kept in the schedule forever. 496 A clean-up mechanism MUST be provided to resolve this issue. The 497 clean-up mechanism is implementation-specific. The goal is to 498 confirm those negotiated cells are not used anymore by the associated 499 neighbors and remove them from the schedule. 501 5.2. Switching Parent 503 A node implementing MSF SHOULD implement the behavior described in 504 this section. 506 Part of its normal operation, the RPL routing protocol can have a 507 node switch parent. The procedure for switching from the old parent 508 to the new parent is: 510 1. the node counts the number of negotiated cells it has per 511 slotframe to the old parent 512 2. the node triggers one or more 6P ADD commands to schedule the 513 same number of negotiated cells with same cell options to the new 514 parent 515 3. when that successfully completes, the node issues a 6P CLEAR 516 command to its old parent 518 For what type of negotiated cell should be installed first, it 519 depends on which traffic has the higher priority, upstream or 520 downstream, which is application-specific and out-of-scope of MSF. 522 5.3. Handling Schedule Collisions 524 A node implementing MSF SHOULD implement the behavior described in 525 this section. Other schedule collisions handling algorithm can be an 526 alternative of the algorithm proposed in this section. 528 Since scheduling is entirely distributed, there is a non-zero 529 probability that two pairs of nearby neighbor nodes schedule a 530 negotiated cell at the same [slotOffset,channelOffset] location in 531 the TSCH schedule. In that case, data exchanged by the two pairs may 532 collide on that cell. We call this case a "schedule collision". 534 The node MUST maintain the following counters for each negotiated Tx 535 cell to the selected parent: 537 NumTx: Counts the number of transmission attempts on that cell. 538 Each time the node attempts to transmit a frame on that cell, 539 NumTx is incremented by exactly 1. 540 NumTxAck: Counts the number of successful transmission attempts on 541 that cell. Each time the node receives an acknowledgment for a 542 transmission attempt, NumTxAck is incremented by exactly 1. 544 Since both NumTx and NumTxAck are initialized to 0, we necessarily 545 have NumTxAck <= NumTx. We call Packet Delivery Ratio (PDR) the 546 ratio NumTxAck/NumTx; and represent it as a percentage. A cell with 547 PDR=50% means that half of the frames transmitted are not 548 acknowledged. 550 Each time the node switches parent (or during the join process when 551 the node selects a parent for the first time), both NumTx and 552 NumTxAck MUST be reset to 0. They increment over time, as the 553 schedule is executed and the node sends frames to that parent. When 554 NumTx reaches MAX_NUMTX, both NumTx and NumTxAck MUST be divided by 555 2. MAX_NUMTX needs to be a power of two to avoid division error. 556 For example, when MAX_NUMTX is set to 256, from NumTx=255 and 557 NumTxAck=127, the counters become NumTx=128 and NumTxAck=64 if one 558 frame is sent to the parent with an Acknowledgment received. This 559 operation does not change the value of the PDR, but allows the 560 counters to keep incrementing. The value of MAX_NUMTX is 561 implementation-specific. 563 The key for detecting a schedule collision is that, if a node has 564 several cells to the selected parent, all cells should exhibit the 565 same PDR. A cell which exhibits a PDR significantly lower than the 566 others indicates than there are collisions on that cell. 568 Every HOUSEKEEPINGCOLLISION_PERIOD, the node executes the following 569 steps: 571 1. It computes, for each negotiated Tx cell with the parent (not for 572 the autonomous cell), that cell's PDR. 573 2. Any cell that hasn't yet had NumTx divided by 2 since it was last 574 reset is skipped in steps 3 and 4. This avoids triggering cell 575 relocation when the values of NumTx and NumTxAck are not 576 statistically significant yet. 577 3. It identifies the cell with the highest PDR. 579 4. For any other cell, it compares its PDR against that of the cell 580 with the highest PDR. If the subtraction difference between the 581 PDR of the cell and the highest PDR is larger than 582 RELOCATE_PDRTHRES, it triggers the relocation of that cell using 583 a 6P RELOCATE command. 585 The RELOCATION for negotiated Rx cells is not supported by MSF. 587 6. 6P SIGNAL command 589 The 6P SIGNAL command is not used by MSF. 591 7. Scheduling Function Identifier 593 The Scheduling Function Identifier (SFID) of MSF is 594 IANA_6TISCH_SFID_MSF. How the value of IANA_6TISCH_SFID_MSF is 595 chosen is described in Section 17. 597 8. Rules for CellList 599 MSF uses 2-step 6P Transactions exclusively. 6P transactions are 600 only initiated by a node towards its parent. As a result, the cells 601 to put in the CellList of a 6P ADD command, and in the candidate 602 CellList of a RELOCATE command, are chosen by the node initiating the 603 6P transaction. In both cases, the same rules apply: 605 * The CellList is RECOMMENDED to have 5 or more cells. 606 * Each cell in the CellList MUST have a different slotOffset value. 607 * For each cell in the CellList, the node MUST NOT have any 608 scheduled cell on the same slotOffset. 609 * The slotOffset value of any cell in the CellList MUST NOT be the 610 same as the slotOffset of the minimal cell (slotOffset=0). 611 * The slotOffset of a cell in the CellList SHOULD be randomly and 612 uniformly chosen among all the slotOffset values that satisfy the 613 restrictions above. 614 * The channelOffset of a cell in the CellList SHOULD be randomly and 615 uniformly chosen in [0..numFrequencies], where numFrequencies 616 represents the number of frequencies a node can communicate on. 618 As a consequence of randomly cell selection, there is a non-zero 619 chance that nodes in the vicinity installed cells with same 620 slotOffset and channelOffset. An implementer MAY implement a 621 strategy to monitor the candidate cells before adding them in 622 CellList to avoid collision. For example, a node MAY maintain a 623 candidate cell pool for the CellList. The candidate cells in the 624 pool are pre-configured as Rx cells to promiscuously listen to detect 625 transmissions on those cells. If IEEE802.15.4 transmissions are 626 observed on one cell over multiple iterations of the schedule, that 627 cell is probably used by a TSCH neighbor. It is moved out from the 628 pool and a new cell is selected as a candidate cell. The cells in 629 CellList are picked from the candidate pool directly when required. 631 9. 6P Timeout Value 633 The timeout value is calculated for the worst case that a 6P response 634 is received, which means the 6P response is sent out successfully at 635 the very latest retransmission. And for each retransmission, it 636 backs-off with largest value. Hence the 6P timeout value is 637 calculated as ((2^MAXBE)-1)*MAXRETRIES*SLOTFRAME_LENGTH, where: 639 * MAXBE, defined in IEEE802.15.4, is the maximum backoff exponent 640 used 641 * MAXRETRIES, define din IEEE802.15.4, is the maximum retransmission 642 times 643 * SLOTFRAME_LENGTH represents the length of slotframe 645 10. Rule for Ordering Cells 647 Cells are ordered slotOffset first, channelOffset second. 649 The following sequence is correctly ordered (each element represents 650 the [slottOffset,channelOffset] of a cell in the schedule): 652 [1,3],[1,4],[2,0],[5,3],[6,0],[6,3],[7,9] 654 11. Meaning of the Metadata Field 656 The Metadata field is not used by MSF. 658 12. 6P Error Handling 660 Section 6.2.4 of [RFC8480] lists the 6P Return Codes. Figure 1 lists 661 the same error codes, and the behavior a node implementing MSF SHOULD 662 follow. 664 +-----------------+----------------------+ 665 | Code | RECOMMENDED behavior | 666 +-----------------+----------------------+ 667 | RC_SUCCESS | nothing | 668 | RC_EOL | nothing | 669 | RC_ERR | quarantine | 670 | RC_RESET | quarantine | 671 | RC_ERR_VERSION | quarantine | 672 | RC_ERR_SFID | quarantine | 673 | RC_ERR_SEQNUM | clear | 674 | RC_ERR_CELLLIST | clear | 675 | RC_ERR_BUSY | waitretry | 676 | RC_ERR_LOCKED | waitretry | 677 +-----------------+----------------------+ 679 Figure 1: Recommended behavior for each 6P Error Code. 681 The meaning of each behavior from Figure 1 is: 683 nothing: Indicates that this Return Code is not an error. No error 684 handling behavior is triggered. 685 clear: Abort the 6P Transaction. Issue a 6P CLEAR command to that 686 neighbor (this command may fail at the link layer). Remove all 687 cells scheduled with that neighbor from the local schedule. 688 quarantine: Same behavior as for "clear". In addition, remove the 689 node from the neighbor and routing tables. Place the node's 690 identifier in a quarantine list for QUARANTINE_DURATION. When in 691 quarantine, drop all frames received from that node. 692 waitretry: Abort the 6P Transaction. Wait for a duration randomly 693 and uniformly chosen in [WAIT_DURATION_MIN,WAIT_DURATION_MAX]. 694 Retry the same transaction. 696 13. Schedule Inconsistency Handling 698 The behavior when schedule inconsistency is detected is explained in 699 Figure 1, for 6P Return Code RC_ERR_SEQNUM. 701 14. MSF Constants 703 Figure 2 lists MSF Constants and their RECOMMENDED values. 705 +------------------------------+-------------------+ 706 | Name | RECOMMENDED value | 707 +------------------------------+-------------------+ 708 | SLOTFRAME_LENGTH | 101 slots | 709 | NUM_CH_OFFSET | 16 | 710 | MAX_NUM_CELLS | 100 | 711 | LIM_NUMCELLSUSED_HIGH | 75 | 712 | LIM_NUMCELLSUSED_LOW | 25 | 713 | MAX_NUMTX | 256 | 714 | HOUSEKEEPINGCOLLISION_PERIOD | 1 min | 715 | RELOCATE_PDRTHRES | 50 % | 716 | QUARANTINE_DURATION | 5 min | 717 | WAIT_DURATION_MIN | 30 s | 718 | WAIT_DURATION_MAX | 60 s | 719 +------------------------------+-------------------+ 721 Figure 2: MSF Constants and their RECOMMENDED values. 723 15. MSF Statistics 725 Figure 3 lists MSF Statistics and their RECOMMENDED width. 727 +-----------------+-------------------+ 728 | Name | RECOMMENDED width | 729 +-----------------+-------------------+ 730 | NumCellsElapsed | 1 byte | 731 | NumCellsUsed | 1 byte | 732 | NumTx | 1 byte | 733 | NumTxAck | 1 byte | 734 +-----------------+-------------------+ 736 Figure 3: MSF Statistics and their RECOMMENDED width. 738 16. Security Considerations 740 MSF defines a series of "rules" for the node to follow. It triggers 741 several actions, that are carried out by the protocols defined in the 742 following specifications: the Minimal IPv6 over the TSCH Mode of IEEE 743 802.15.4e (6TiSCH) Configuration [RFC8180], the 6TiSCH Operation 744 Sublayer Protocol (6P) [RFC8480], and the Constrained Join Protocol 745 (CoJP) for 6TiSCH [I-D.ietf-6tisch-minimal-security]. The security 746 considrations of the specifications continue to apply in the MSF 747 scope. In particular, MSF does not define a new protocol or packet 748 format. 750 MSF uses autonomous cells for initial bootstrap and the transport of 751 join traffic. Autonomous cells are computed as a hash of nodes' 752 EUI64 addresses. This makes the coordinates of autonomous cell an 753 easy target for an attacker, as EUI64 addresses are visible on the 754 wire and are not encrypted by the link-layer security mechanism. 755 With the coordinates of autonomous cells available, the attacker can 756 launch a selective jamming attack against any nodes' AutoRxCell. If 757 the attacker targets a node acting as a JP, it can prevent pledges 758 from using that JP to join the network. The pledge detects such a 759 situation through the absence of a link-layer acknowledgment for its 760 Join Request. As it is expected that each pledge will have more than 761 one JP available to join the network, one available countermeasure 762 for the pledge is to pseudo-randomly select a new JP when the link to 763 the previous JP appears bad. Such strategy alleviates the issue of 764 the attacker randomly jamming to disturb the network but does not 765 help in case the attacker is targeting a particular pledge. In that 766 case, the attacker can jam the AutoRxCell of the pledge, in order to 767 prevent it from receiving the join response. This situation should 768 be detected through the absence of a particular node from the network 769 and handled by the network administrator through out-of-band means. 771 MSF adapts to traffic containing packets from the IP layer. It is 772 possible that the IP packet has a non-zero DSCP (Diffserv Code Point 773 [RFC2474]) value in its IPv6 header. The decision how to hand that 774 packet belongs to the upper layer and is out of scope of MSF. As 775 long as the decision is made to hand over to MAC layer to transmit, 776 MSF will take that packet into account when adapting to traffic. 778 Note that non-zero DSCP value may imply that the traffic is 779 originated at unauthenticated pledges, referring to 780 [I-D.ietf-6tisch-minimal-security]. The implementation at IPv6 layer 781 SHOULD rate-limit this join traffic before it is passed to 6top 782 sublayer where MSF can observe it. In case there is no rate limit 783 for join traffic, intermediate nodes in the 6TiSCH network may be 784 prone to a resource exhaustion attack, with the attacker injecting 785 unauthenticated traffic from the network edge. The assumption is 786 that the rate limiting function is aware of the available bandwidth 787 in the 6top L3 bundle(s) towards a next hop, not directly from MSF, 788 but from an interaction with the 6top sublayer that manages 789 ultimately the bundles under MSF's guidance. How this rate-limit is 790 implemented is out of scope of MSF. 792 17. IANA Considerations 794 17.1. MSF Scheduling Function Identifiers 796 This document adds the following number to the "6P Scheduling 797 Function Identifiers" sub-registry, part of the "IPv6 over the TSCH 798 mode of IEEE 802.15.4e (6TiSCH) parameters" registry, as defined by 799 [RFC8480]: 801 +----------------------+-----------------------------+-------------+ 802 | SFID | Name | Reference | 803 +----------------------+-----------------------------+-------------+ 804 | IANA_6TISCH_SFID_MSF | Minimal Scheduling Function | RFC_THIS | 805 | | (MSF) | | 806 +----------------------+-----------------------------+-------------+ 808 Figure 4: New SFID in 6P Scheduling Function Identifiers subregistry. 810 IANA_6TISCH_SFID_MSF is chosen from range 0-127, which is used for 811 IETF Review or IESG Approval. 813 18. Contributors 815 * Beshr Al Nahas (Chalmers University, beshr@chalmers.se) 816 * Olaf Landsiedel (Chalmers University, olafl@chalmers.se) 817 * Yasuyuki Tanaka (Inria-Paris, yasuyuki.tanaka@inria.fr) 819 19. References 821 19.1. Normative References 823 [RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal 824 IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH) 825 Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180, 826 May 2017, . 828 [RFC8480] Wang, Q., Ed., Vilajosana, X., and T. Watteyne, "6TiSCH 829 Operation Sublayer (6top) Protocol (6P)", RFC 8480, 830 DOI 10.17487/RFC8480, November 2018, 831 . 833 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 834 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 835 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 836 Low-Power and Lossy Networks", RFC 6550, 837 DOI 10.17487/RFC6550, March 2012, 838 . 840 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 841 Requirement Levels", BCP 14, RFC 2119, 842 DOI 10.17487/RFC2119, March 1997, 843 . 845 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 846 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 847 May 2017, . 849 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 850 "Definition of the Differentiated Services Field (DS 851 Field) in the IPv4 and IPv6 Headers", RFC 2474, 852 DOI 10.17487/RFC2474, December 1998, 853 . 855 [I-D.ietf-6tisch-minimal-security] 856 Vucinic, M., Simon, J., Pister, K., and M. Richardson, 857 "Minimal Security Framework for 6TiSCH", Work in Progress, 858 Internet-Draft, draft-ietf-6tisch-minimal-security-13, 28 859 October 2019, . 862 [I-D.ietf-6tisch-enrollment-enhanced-beacon] 863 Dujovne, D. and M. Richardson, "IEEE 802.15.4 Information 864 Element encapsulation of 6TiSCH Join and Enrollment 865 Information", Work in Progress, Internet-Draft, draft- 866 ietf-6tisch-enrollment-enhanced-beacon-06, 4 November 867 2019, . 870 [I-D.ietf-6tisch-architecture] 871 Thubert, P., "An Architecture for IPv6 over the TSCH mode 872 of IEEE 802.15.4", Work in Progress, Internet-Draft, 873 draft-ietf-6tisch-architecture-28, 29 October 2019, 874 . 877 [IEEE802154] 878 IEEE standard for Information Technology, "IEEE Std 879 802.15.4 Standard for Low-Rate Wireless Personal Area 880 Networks (WPANs)", DOI 10.1109/IEEE P802.15.4-REVd/D01, 881 . 883 [SAX-DASFAA] 884 Ramakrishna, M.V. and J. Zobel, "Performance in Practice 885 of String Hashing Functions", DASFAA , 886 DOI 10.1142/9789812819536_0023, 1997, 887 . 889 19.2. Informative References 891 [RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using 892 IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the 893 Internet of Things (IoT): Problem Statement", RFC 7554, 894 DOI 10.17487/RFC7554, May 2015, 895 . 897 [I-D.ietf-6tisch-dtsecurity-zerotouch-join] 898 Richardson, M., "6tisch Zero-Touch Secure Join protocol", 899 Work in Progress, Internet-Draft, draft-ietf-6tisch- 900 dtsecurity-zerotouch-join-04, 8 July 2019, 901 . 904 [RFC6206] Levis, P., Clausen, T., Hui, J., Gnawali, O., and J. Ko, 905 "The Trickle Algorithm", RFC 6206, DOI 10.17487/RFC6206, 906 March 2011, . 908 [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. 909 Perkins, "Registration Extensions for IPv6 over Low-Power 910 Wireless Personal Area Network (6LoWPAN) Neighbor 911 Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, 912 . 914 Appendix A. Example of Implementation of SAX hash function 916 Considering the interoperability, this section provides an example of 917 implemention SAX hash function [SAX-DASFAA]. The input parameters of 918 the function are: 920 * T, which is the hashing table length 921 * c, which is the characters of string s, to be hashed 923 In MSF, the T is replaced by the length of slotframe 1. String s is 924 replaced by the mote EUI64 address. The characters of the string c0, 925 c1, ..., c7 are the 8 bytes of EUI64 address. 927 The SAX hash function requires shift operation which is defined as 928 follow: 930 * L_shift(v,b), which refers to left shift variable v by b bits 931 * R_shift(v,b), which refers to right shift variable v by b bits 933 The steps to calculate the hash value of SAX hash function are: 935 1. initialize variable h to h0 and variable i to 0, where h is the 936 intermediate hash value and i is the index of the bytes of EUI64 937 address 938 2. sum the value of L_shift(h,l_bit), R_shift(h,r_bit) and ci 939 3. calculate the result of exclusive or between the sum value in 940 Step 2 and h 941 4. modulo the result of Step 3 by T 942 5. assign the result of Step 4 to h 943 6. increase i by 1 944 7. repeat Step2 to Step 6 until i reaches to 8 945 The value of variable h is the hash value of SAX hash function. 947 The values of h0, l_bit and r_bit in Step 1 and 2 are configured as: 949 * h0 = 0 950 * l_bit = 0 951 * r_bit = 1 953 The appropriate values of l_bit and r_bit could vary depending on the 954 the set of motes' EUI64 address. How to find those values is out of 955 the scope of this specification. 957 Authors' Addresses 959 Tengfei Chang (editor) 960 Inria 961 2 rue Simone Iff 962 75012 Paris 963 France 965 Email: tengfei.chang@inria.fr 967 Malisa Vucinic 968 Inria 969 2 rue Simone Iff 970 75012 Paris 971 France 973 Email: malisa.vucinic@inria.fr 975 Xavier Vilajosana 976 Universitat Oberta de Catalunya 977 156 Rambla Poblenou 978 08018 Barcelona Catalonia 979 Spain 981 Email: xvilajosana@uoc.edu 983 Simon Duquennoy 984 RISE SICS 985 Isafjordsgatan 22 986 SE- 164 29 Kista 987 Sweden 989 Email: simon.duquennoy@gmail.com 990 Diego Dujovne 991 Universidad Diego Portales 992 Escuela de Informatica y Telecomunicaciones 993 Av. Ejercito 441 994 Santiago 995 Region Metropolitana 996 Chile 998 Phone: +56 (2) 676-8121 999 Email: diego.dujovne@mail.udp.cl