idnits 2.17.1 draft-ietf-roll-efficient-npdao-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 29, 2018) is 2191 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-30) exists of draft-ietf-6tisch-architecture-13 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL R. Jadhav, Ed. 3 Internet-Draft Huawei 4 Intended status: Standards Track P. Thubert 5 Expires: September 30, 2018 Cisco 6 R. Sahoo 7 Z. Cao 8 Huawei 9 March 29, 2018 11 Efficient Route Invalidation 12 draft-ietf-roll-efficient-npdao-03 14 Abstract 16 This document describes the problems associated with the use of No- 17 Path DAO messaging in RPL and signaling changes to improve route 18 invalidation efficiency. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on September 30, 2018. 37 Copyright Notice 39 Copyright (c) 2018 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 1.1. Requirements Language and Terminology . . . . . . . . . . 3 56 1.2. Current No-Path DAO messaging . . . . . . . . . . . . . . 4 57 1.3. Cases when No-Path DAO may be used . . . . . . . . . . . 4 58 1.4. Why No-Path DAO is important? . . . . . . . . . . . . . . 5 59 2. Problems with current No-Path DAO messaging . . . . . 5 60 2.1. Lost NPDAO due to link break to the previous parent . . . 5 61 2.2. Invalidate routes to dependent nodes of the switching 62 node . . . . . . . . . . . . . . . . . . . . . . . . . . 6 63 2.3. Route downtime caused by asynchronous operation of 64 NPDAO and DAO . . . . . . . . . . . . . . . . . . . . . . 6 65 3. Requirements for the No-Path DAO Optimization . . . . . . . . 6 66 3.1. Req#1: Tolerant to link failures to the previous 67 parents . . . . . . . . . . . . . . . . . . . . . . . . . 6 68 3.2. Req#2: Dependent nodes route invalidation on parent 69 switching . . . . . . . . . . . . . . . . . . . . . . . . 6 70 3.3. Req#3: No impact on traffic while NPDAO operation in 71 progress . . . . . . . . . . . . . . . . . . . . . . . . 7 72 4. Proposed changes to RPL signaling . . . . . . . . . . . . . . 7 73 4.1. Change in RPL route invalidation semantics . . . . . . . 7 74 4.2. DAO message format changes . . . . . . . . . . . . . . . 7 75 4.3. Destination Cleanup Object (DCO) . . . . . . . . . . . . 8 76 4.3.1. Secure DCO . . . . . . . . . . . . . . . . . . . . . 10 77 4.3.2. DCO Options . . . . . . . . . . . . . . . . . . . . . 10 78 4.3.3. Path Sequence number in the DCO . . . . . . . . . . . 10 79 4.3.4. Destination Cleanup Option Acknowledgement (DCO-ACK) 10 80 4.3.5. Secure DCO-ACK . . . . . . . . . . . . . . . . . . . 11 81 4.4. Other considerations . . . . . . . . . . . . . . . . . . 11 82 4.4.1. Dependent Nodes invalidation . . . . . . . . . . . . 11 83 4.4.2. NPDAO and DCO in the same network . . . . . . . . . . 12 84 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 85 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 86 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 87 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 88 8.1. Normative References . . . . . . . . . . . . . . . . . . 13 89 8.2. Informative References . . . . . . . . . . . . . . . . . 13 90 Appendix A. Example DCO Messaging . . . . . . . . . . . . . . . 13 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 93 1. Introduction 95 RPL [RFC6550] specifies a proactive distance-vector based routing 96 scheme. The specification has an optional messaging in the form of 97 DAO messages using which the 6LBR can learn route towards any of the 98 nodes. In storing mode, DAO messages would result in routing entries 99 been created on all intermediate hops from the node's parent all the 100 way towards the 6LBR. 102 RPL allows use of No-Path DAO (NPDAO) messaging to invalidate a 103 routing path corresponding to the given target, thus releasing 104 resources utilized on that path. A No-Path DAO is a DAO message with 105 route lifetime of zero, originates at the target node and always 106 flows upstream towards the 6LBR, signaling route invalidation for the 107 given target. This document explains the problems associated with 108 the current use of NPDAO messaging and also discusses the 109 requirements for an optimized No-Path DAO messaging scheme. Further 110 a new pro-active route invalidation message called as "Destination 111 Cleanup Object (DCO)" is specified which fulfills all mentioned 112 requirements of an optimized route invalidation messaging. 114 6TiSCH architecture [I-D.ietf-6tisch-architecture] leverages RPL and 115 specifies use of non-storing and storing MOP for its routing 116 operation. Thus an improvement in route invalidation will help 117 optimize 6TiSCH based networks. 119 1.1. Requirements Language and Terminology 121 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 122 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 123 document are to be interpreted as described in RFC 2119 [RFC2119]. 125 The document only caters to the RPL's storing mode of operation 126 (MOP). The non-storing MOP does not require use of NPDAO for route 127 invalidation since routing entries are not maintained on 6LRs. 129 Common Ancestor node: 6LR node which is the first common node on the 130 old and new path for the child node. 132 NPDAO: No-Path DAO. A DAO message which has target with lifetime 0. 134 DCO: Destination Cleanup Object, A new RPL control message type 135 defined by this draft. 137 Regular DAO: A DAO message with non-zero lifetime. 139 This document also uses terminology described in [RFC6550]. 141 1.2. Current No-Path DAO messaging 143 RPL introduced No-Path DAO messaging in the storing mode so that the 144 node switching its current parent can inform its parents and 145 ancestors to invalidate the existing route. Subsequently parents or 146 ancestors would release any resources (such as the routing entry) it 147 maintains on behalf of target node. The NPDAO message always 148 traverses the RPL tree in upward direction, originating at the target 149 node itself. 151 For the rest of this document consider the following topology: 153 (6LBR) 154 | 155 | 156 | 157 (A) 158 / \ 159 / \ 160 / \ 161 (G) (H) 162 | | 163 | | 164 | | 165 (B) (C) 166 \ ; 167 \ ; 168 \ ; 169 (D) 170 / \ 171 / \ 172 / \ 173 (E) (F) 175 Figure 1: Sample topology 177 Node (D) is connected via preferred parent (B). (D) has an alternate 178 path via (C) towards the BR. Node (A) is the common ancestor for (D) 179 for paths through (B)-(G) and (C)-(H). When (D) switches from (B) to 180 (C), [RFC6550] suggests sending No-Path DAO to (B) and regular DAO to 181 (C). 183 1.3. Cases when No-Path DAO may be used 185 There are following cases in which a node switches its parent and may 186 employ No-Path DAO messaging: 188 Case I: Current parent becomes unavailable because of transient or 189 permanent link or parent node failure. 191 Case II: The node finds a better parent node i.e. the metrics of 192 another parent is better than its current parent. 194 Case III: The node switches to a new parent whom it "thinks" has a 195 better metric but does not in reality. 197 The usual steps of operation when the node switches the parent is 198 that the node sends a No-Path DAO message via its current parent to 199 invalidate its current route and subsequently it tries to establish a 200 new routing path by sending a new DAO via its new parent. 202 1.4. Why No-Path DAO is important? 204 Nodes in LLNs may be resource constrained. There is limited memory 205 available and routing entry records are the one of the primary 206 elements occupying dynamic memory in the nodes. Route invalidation 207 helps 6LR nodes to decide which entries could be discarded to better 208 achieve resource utilization in case of contention. Thus it becomes 209 necessary to have efficient route invalidation mechanism. Also note 210 that a single parent switch may result in a "sub-tree" switching from 211 one parent to another. Thus the route invalidation needs to be done 212 on behalf of the sub-tree and not the switching node alone. In the 213 above example, when Node (D) switches parent, the route invalidation 214 needs to be done for (D), (E) and (F). Thus without efficient route 215 invalidation, a 6LR may have to hold a lot of unwanted route entries. 217 2. Problems with current No-Path DAO messaging 219 2.1. Lost NPDAO due to link break to the previous parent 221 When a node switches its parent, the NPDAO is to be sent via its 222 previous parent and a regular DAO via its new parent. In cases where 223 the node switches its parent because of transient or permanent parent 224 link/node failure then the NPDAO message is bound to fail. RPL 225 assumes communication link with the previous parent for No-Path DAO 226 messaging. 228 RPL allows use of route lifetime to remove unwanted routes in case 229 the routes could not be refreshed. But route lifetimes in case of 230 LLNs could be substantially high and thus the route entries would be 231 stuck for longer times. 233 2.2. Invalidate routes to dependent nodes of the switching node 235 No-path DAO is sent by the node who has switched the parent but it 236 does not work for the dependent child nodes below it. The 237 specification does not specify how route invalidation will work for 238 sub-childs, resulting in stale routing entries on behalf of the sub- 239 childs on the previous route. The only way for 6LR to invalidate the 240 route entries for dependent nodes would be to use route lifetime 241 expiry which could be substantially high for LLNs. 243 In the example topology, when Node (D) switches its parent, Node (D) 244 generates an NPDAO on its behalf. Post switching, Node (D) transmits 245 a DIO with incremented DTSN so that child nodes, node (E) and (F), 246 generate DAOs to trigger route update on the new path for themselves. 247 There is no NPDAO generated by these child nodes through the previous 248 path resulting in stale entries on nodes (B) and (G) for nodes (E) 249 and (F). 251 2.3. Route downtime caused by asynchronous operation of NPDAO and DAO 253 A switching node may generate both an NPDAO and DAO via two different 254 paths at almost the same time. There is a possibility that an NPDAO 255 generated may invalidate the previous route and the regular DAO sent 256 via the new path gets lost on the way. This may result in route 257 downtime thus impacting downward traffic for the switching node. In 258 the example topology, consider Node (D) switches from parent (B) to 259 (C) because the metrics of the path via (C) are better. Note that 260 the previous path via (B) may still be available (albeit at 261 relatively bad metrics). An NPDAO sent from previous route may 262 invalidate the existing route whereas there is no way to determine 263 whether the new DAO has successfully updated the route entries on the 264 new path. 266 3. Requirements for the No-Path DAO Optimization 268 3.1. Req#1: Tolerant to link failures to the previous parents 270 When the switching node send the NPDAO message to the previous 271 parent, it is normal that the link to the previous parent is prone to 272 failure. Therefore, it is required that the NPDAO message MUST be 273 tolerant to the link failure during the switching. 275 3.2. Req#2: Dependent nodes route invalidation on parent switching 277 While switching the parent node and sending NPDAO message, it is 278 required that the routing entries to the dependent nodes of the 279 switching node will be updated accordingly on the previous parents 280 and other relevant upstream nodes. 282 3.3. Req#3: No impact on traffic while NPDAO operation in progress 284 While sending the NPDAO and DAO messages, it is possible that the 285 NPDAO successfully invalidates the previous path, while the newly 286 sent DAO gets lost (new path not set up successfully). This will 287 result into downstream unreachability to the current switching node. 288 Therefore, it is desirable that the NPDAO is synchronized with the 289 DAO to avoid the risk of route downtime. 291 4. Proposed changes to RPL signaling 293 4.1. Change in RPL route invalidation semantics 295 As described in Section 1.2, the NPDAO originates at the node 296 switching the parent and traverses upstream towards the root. In 297 order to solve the problems as mentioned in Section 2, the draft adds 298 new pro-active route invalidation message called as "Destination 299 Cleanup Object" (DCO) that originates at a common ancestor node 300 between the new and old path. The trigger for the common ancestor 301 node to generate this DCO is the change in the next hop for the 302 target on reception of an update message in the form of regular DAO 303 for the target. 305 In the Figure 1, when node D decides to switch the path from B to C, 306 it sends a regular DAO to node C with reachability information 307 containing target as address of D and a incremented path sequence 308 number. Node C will update the routing table based on the 309 reachability information in DAO and in turn generate another DAO with 310 the same reachability information and forward it to H. Node H also 311 follows the same procedure as Node C and forwards it to node A. When 312 node A receives the regular DAO, it finds that it already has a 313 routing table entry on behalf of the target address of node D. It 314 finds however that the next hop information for reaching node D has 315 changed i.e. the node D has decided to change the paths. In this 316 case, Node A which is the common ancestor node for node D along the 317 two paths (previous and new), may generate a DCO which traverses 318 downwards in the network. The document in the subsequent section 319 will explain the message format changes to handle this downward flow 320 of NPDAO. 322 4.2. DAO message format changes 324 Every RPL message is divided into base message fields and additional 325 Options. The base fields apply to the message as a whole and options 326 are appended to add message/use-case specific attributes. As an 327 example, a DAO message may be attributed by one or more "RPL Target" 328 options which specifies the reachability information for the given 329 targets. Similarly, a Transit Information option may be associated 330 with a set of RPL Target options. 332 The draft proposes a change in DAO message to contain "Invalidate 333 previous route" (I) bit. This I-bit which is carried in regular DAO 334 message, signals the common ancestor node to generate a DCO on behalf 335 of the target node. The I-bit is carried in the transit container 336 option which augments the reachability information for a given set of 337 RPL Target(s). 339 0 1 2 3 340 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | Type = 0x06 | Option Length |E|I| Flags | Path Control | 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 344 | Path Sequence | Path Lifetime | | 345 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 346 | | 347 + + 348 | | 349 + Parent Address* + 350 | | 351 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 | | 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 Figure 2: Updated Transit Information Option (New I flag added) 357 I (Invalidate previous route) bit: 1 bit flag. The 'I' flag is set 358 by the target node to indicate that it wishes to invalidate the 359 previous route by a common ancestor node between the two paths. 361 The common ancestor node SHOULD generate a DCO message in response to 362 this I-bit when it sees that the routing adjacencies have changed for 363 the target. I-bit governs the ownership of the DCO message in a way 364 that the target node is still in control of its own route 365 invalidation. 367 4.3. Destination Cleanup Object (DCO) 369 A new ICMPv6 RPL control message type is defined by this 370 specification called as "Destination Cleanup Object" (DCO), which is 371 used for proactive cleanup of state and routing information held on 372 behalf of the target node by 6LRs. The DCO message always traverses 373 downstream and cleans up route information and other state 374 information associated with the given target. 376 0 1 2 3 377 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 378 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 379 | RPLInstanceID |K|D| Flags | Reserved | DCOSequence | 380 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 381 | | 382 + + 383 | | 384 + DODAGID(optional) + 385 | | 386 + + 387 | | 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 | Option(s)... 390 +-+-+-+-+-+-+-+-+ 392 Figure 3: DCO base object 394 RPLInstanceID: 8-bit field indicating the topology instance 395 associated with the DODAG, as learned from the DIO. 397 K: The 'K' flag indicates that the recipient is expected to send a 398 DCO-ACK back. 400 D: The 'D' flag indicates that the DODAGID field is present. This 401 flag MUST be set when a local RPLInstanceID is used. 403 Flags: The 6 bits remaining unused in the Flags field are reserved 404 for flags. The field MUST be initialized to zero by the sender and 405 MUST be ignored by the receiver. 407 Reserved: 8-bit unused field. The field MUST be initialized to zero 408 by the sender and MUST be ignored by the receiver. 410 DCOSequence: Incremented at each unique DCO message from a node and 411 echoed in the DCO-ACK message. 413 DODAGID (optional): 128-bit unsigned integer set by a DODAG root that 414 uniquely identifies a DODAG. This field is only present when the 'D' 415 flag is set. This field is typically only present when a local 416 RPLInstanceID is in use, in order to identify the DODAGID that is 417 associated with the RPLInstanceID. When a global RPLInstanceID is in 418 use, this field need not be present. Unassigned bits of the DCO Base 419 are reserved. They MUST be set to zero on transmission and MUST be 420 ignored on reception. 422 4.3.1. Secure DCO 424 A Secure DCO message follows the format in [RFC6550] figure 7, where 425 the base message format is the DCO message shown in Figure 3. 427 4.3.2. DCO Options 429 The DCO message MAY carry valid options. This specification allows 430 for the DCO message to carry the following options: 432 0x00 Pad1 433 0x01 PadN 434 0x05 RPL Target 435 0x06 Transit Information 436 0x09 RPL Target Descriptor 438 The DCO carries a Target option and an associated Transit Information 439 option with a lifetime of 0x00000000 to indicate a loss of 440 reachability to that Target. 442 4.3.3. Path Sequence number in the DCO 444 A DCO message may contain a Path Sequence in the transit information 445 option to identify the freshness of the DCO message. The Path 446 Sequence in the DCO MUST use the same Path Sequence number present in 447 the regular DAO message when the DCO is generated in response to DAO 448 message. 450 4.3.4. Destination Cleanup Option Acknowledgement (DCO-ACK) 452 The DCO-ACK message may be sent as a unicast packet by a DCO 453 recipient in response to a unicast DCO message. 455 0 1 2 3 456 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 458 | RPLInstanceID |D| Reserved | DCOSequence | Status | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 | | 461 + + 462 | | 463 + DODAGID(optional) + 464 | | 465 + + 466 | | 467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 469 Figure 4: DCO-ACK base object 471 RPLInstanceID: 8-bit field indicating the topology instance 472 associated with the DODAG, as learned from the DIO. 474 D: The 'D' flag indicates that the DODAGID field is present. This 475 flag MUST be set when a local RPLInstanceID is used. 477 Reserved: 7-bit unused field. The field MUST be initialized to zero 478 by the sender and MUST be ignored by the receiver. 480 DCOSequence: Incremented at each unique DCO message from a node and 481 echoed in the DCO-ACK message. 483 Status: Indicates the completion. Status 0 is defined as unqualified 484 acceptance in this specification. The remaining status values are 485 reserved as rejection codes. 487 DODAGID (optional): 128-bit unsigned integer set by a DODAG root that 488 uniquely identifies a DODAG. This field is only present when the 'D' 489 flag is set. This field is typically only present when a local 490 RPLInstanceID is in use, in order to identify the DODAGID that is 491 associated with the RPLInstanceID. When a global RPLInstanceID is in 492 use, this field need not be present. Unassigned bits of the DCO-Ack 493 Base are reserved. They MUST be set to zero on transmission and MUST 494 be ignored on reception. 496 4.3.5. Secure DCO-ACK 498 A Secure DCO-ACK message follows the format in [RFC6550] figure 7, 499 where the base message format is the DCO-ACK message shown in 500 Figure 4. 502 4.4. Other considerations 504 4.4.1. Dependent Nodes invalidation 506 Current RPL [RFC6550] does not provide a mechanism for route 507 invalidation for dependent nodes. This document allows the dependent 508 nodes invalidation. Dependent nodes will generate their respective 509 DAOs to update their paths, and the previous route invalidation for 510 those nodes should work in the similar manner described for switching 511 node. The dependent node may set the I-bit in the transit 512 information container as part of regular DAO so as to request 513 invalidation of previous route from the common ancestor node. 515 4.4.2. NPDAO and DCO in the same network 517 Even with the changed semantics, the current NPDAO mechanism in 518 [RFC6550] can still be used. There are certain scenarios where 519 current NPDAO signalling may still be used, for example, when the 520 route lifetime expiry of the target happens or when the node simply 521 decides to gracefully terminate the RPL session on graceful node 522 shutdown. Moreover a deployment can have a mix of nodes supporting 523 the proposed DCO and the existing NPDAO mechanism. 525 5. Acknowledgements 527 We would like to thank Cenk Gundogan and Simon Duquennoy for their 528 review and comments. 530 6. IANA Considerations 532 IANA is requested to allocate new ICMPv6 RPL control codes in RPL 533 [RFC6550] for DCO and DCO-ACK messages. 535 +------+---------------------------------------------+--------------+ 536 | Code | Description | Reference | 537 +------+---------------------------------------------+--------------+ 538 | 0x04 | Destination Cleanup Object | This | 539 | | | document | 540 | 0x05 | Destination Cleanup Object Acknowledgement | This | 541 | | | document | 542 | 0x84 | Secure Destination Cleanup Object | This | 543 | | | document | 544 | 0x85 | Secure Destination Cleanup Object | This | 545 | | Acknowledgement | document | 546 +------+---------------------------------------------+--------------+ 548 IANA is requested to allocate bit 18 in the Transit Information 549 Option defined in RPL [RFC6550] section 6.7.8 for Invalidate route 550 'I' flag. 552 7. Security Considerations 554 This document handles security considerations inline to base RPL. 555 Secure versions of DCO and DCO-ACK are added similar to other RPL 556 messages. For general RPL security considerations, see [RFC6550]. 558 8. References 559 8.1. Normative References 561 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 562 Requirement Levels", BCP 14, RFC 2119, 563 DOI 10.17487/RFC2119, March 1997, 564 . 566 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 567 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 568 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 569 Low-Power and Lossy Networks", RFC 6550, 570 DOI 10.17487/RFC6550, March 2012, 571 . 573 8.2. Informative References 575 [I-D.ietf-6tisch-architecture] 576 Thubert, P., "An Architecture for IPv6 over the TSCH mode 577 of IEEE 802.15.4", draft-ietf-6tisch-architecture-13 (work 578 in progress), November 2017. 580 Appendix A. Example DCO Messaging 582 In Figure 1, node (D) switches its parent from (B) to (C). The 583 sequence of actions is as follows: 585 1. Node D switches its parent from node B to node C 586 2. D sends a regular DAO(tgt=D,pathseq=x+1,I_flag=1) in the updated 587 path to C 588 3. C checks for routing entry on behalf of D, since it cannot find 589 an entry on behalf of D it creates a new routing entry and 590 forwards the reachability information of the target D to H in a 591 DAO. 592 4. Similar to C, node H checks for routing entry on behalf of D, 593 cannot find an entry and hence creates a new routing entry and 594 forwards the reachability information of the target D to H in a 595 DAO. 596 5. Node A receives the DAO, and checks for routing entry on behalf 597 of D. It finds a routing entry but checks that the next hop for 598 target D is now changed. Node A checks the I_flag and generates 599 DCO(tgt=D,pathseq=pathseq(DAO)) to previous next hop for target D 600 which is G. Subsequently, A updates the routing entry and 601 forwards the reachability information of target D upstream 602 DAO(tgt=D,pathseq=x+1,I_flag=x) (the I_flag carries no 603 significance henceforth). 604 6. Node G receives the DCO and invalidates routing entry of target D 605 and forwards the (un)reachability information downstream to B. 607 7. Similarly, B processes the DCO by invalidating the routing entry 608 of target D and forwards the (un)reachability information 609 downstream to D. 610 8. D ignores the DCO since the target is itself. 611 9. The propagation of the DCO will stop at any node where the node 612 does not have an routing information associated with the target. 613 If the routing information is present and the pathseq associated 614 is not older, then still the DCO is dropped. 616 Authors' Addresses 618 Rahul Arvind Jadhav (editor) 619 Huawei 620 Kundalahalli Village, Whitefield, 621 Bangalore, Karnataka 560037 622 India 624 Phone: +91-080-49160700 625 Email: rahul.ietf@gmail.com 627 Pascal Thubert 628 Cisco Systems, Inc 629 Building D 630 45 Allee des Ormes - BP1200 631 MOUGINS - Sophia Antipolis 06254 632 France 634 Phone: +33 497 23 26 34 635 Email: pthubert@cisco.com 637 Rabi Narayan Sahoo 638 Huawei 639 Kundalahalli Village, Whitefield, 640 Bangalore, Karnataka 560037 641 India 643 Phone: +91-080-49160700 644 Email: rabinarayans@huawei.com 645 Zhen Cao 646 Huawei 647 W Chang'an Ave 648 Beijing 560037 649 China 651 Email: zhencao.ietf@gmail.com