idnits 2.17.1 draft-ietf-roll-efficient-npdao-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: 1. Unsecured: In this mode, it is expected that the RPL control messages are secured by other security mechanisms, such as link-layer security. In this mode, the RPL control messages, including DCO, DCO-ACK, do not have Security sections. A DCO and DCO-ACK message which is not encrypted at link-layer MUST not be handled by the RPL layer. Also all the DCO and DCO-ACK messages that are transmitted MUST be link-layer encrypted. 2. Preinstalled: In this mode, RPL uses secure messages. Thus secure versions of DCO, DCO-ACK MUST be used in this mode. 3. Authenticated: In this mode, RPL uses secure messages. Thus secure versions of DCO, DCO-ACK MUST be used in this mode. -- The document date (April 27, 2019) is 1826 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL R. Jadhav, Ed. 3 Internet-Draft Huawei 4 Intended status: Standards Track P. Thubert 5 Expires: October 29, 2019 Cisco 6 R. Sahoo 7 Z. Cao 8 Huawei 9 April 27, 2019 11 Efficient Route Invalidation 12 draft-ietf-roll-efficient-npdao-10 14 Abstract 16 This document describes the problems associated with No-Path 17 Destination Advertisement Object (NPDAO) messaging used in Routing 18 Protocol for Low power and lossy networks (RPL) for route 19 invalidation and signaling changes to improve route invalidation 20 efficiency. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on October 29, 2019. 39 Copyright Notice 41 Copyright (c) 2019 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Requirements Language and Terminology . . . . . . . . . . 3 58 1.2. Current NPDAO messaging . . . . . . . . . . . . . . . . . 4 59 1.3. Why NPDAO is important? . . . . . . . . . . . . . . . . . 5 60 2. Problems with current NPDAO messaging . . . . . . . . 6 61 2.1. Lost NPDAO due to link break to the previous parent . . . 6 62 2.2. Invalidate routes of dependent nodes . . . . . . . . . . 6 63 2.3. Possible route downtime caused by async operation of 64 NPDAO and DAO . . . . . . . . . . . . . . . . . . . . . . 6 65 3. Requirements for the NPDAO Optimization . . . . . . . . . . . 6 66 3.1. Req#1: Remove messaging dependency on link to the 67 previous parent . . . . . . . . . . . . . . . 6 68 3.2. Req#2: Dependent nodes route invalidation on parent 69 switching . . . . . . . . . . . . . . . . . . . . . . . . 7 70 3.3. Req#3: Route invalidation should not impact data traffic 7 71 4. Changes to RPL signaling . . . . . . . . . . . . . . . . . . 7 72 4.1. Change in RPL route invalidation semantics . . . . . . . 7 73 4.2. Transit Information Option changes . . . . . . . . . . . 8 74 4.3. Destination Cleanup Object (DCO) . . . . . . . . . . . . 9 75 4.3.1. Secure DCO . . . . . . . . . . . . . . . . . . . . . 10 76 4.3.2. DCO Options . . . . . . . . . . . . . . . . . . . . . 10 77 4.3.3. Path Sequence number in the DCO . . . . . . . . . . . 10 78 4.3.4. Destination Cleanup Option Acknowledgement (DCO-ACK) 11 79 4.3.5. Secure DCO-ACK . . . . . . . . . . . . . . . . . . . 12 80 4.4. DCO Base Rules . . . . . . . . . . . . . . . . . . . . . 12 81 4.5. Other considerations . . . . . . . . . . . . . . . . . . 12 82 4.5.1. Dependent Nodes invalidation . . . . . . . . . . . . 12 83 4.5.2. NPDAO and DCO in the same network . . . . . . . . . . 13 84 4.5.3. DCO with multiple preferred parents . . . . . . . . . 13 85 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 86 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 87 6.1. New Registry for the Destination Cleanup Object (DCO) 88 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 15 89 6.2. New Registry for the Destination Cleanup Object 90 Acknowledgement (DCO-ACK) Status field . . . . . . . . . 15 91 6.3. New Registry for the Destination Cleanup Object (DCO) 92 Acknowledgement Flags . . . . . . . . . . . . . . . . . . 16 93 7. Security Considerations . . . . . . . . . . . . . . . . . . . 16 94 8. Normative References . . . . . . . . . . . . . . . . . . . . 17 95 Appendix A. Example Messaging . . . . . . . . . . . . . . . . . 18 96 A.1. Example DCO Messaging . . . . . . . . . . . . . . . . . . 18 97 A.2. Example DCO Messaging with multiple preferred parents . . 19 98 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 100 1. Introduction 102 RPL [RFC6550] (Routing Protocol for Low power and lossy networks) 103 specifies a proactive distance-vector based routing scheme. RPL has 104 an optional messaging in the form of DAO (Destination Advertisement 105 Object) messages, which the 6LBR (6Lo Border Router) and 6LR (6Lo 106 Router) can use to learn a route towards the downstream nodes. In 107 storing mode, DAO messages would result in routing entries being 108 created on all intermediate 6LRs from the node's parent all the way 109 towards the 6LBR. 111 RPL allows the use of No-Path DAO (NPDAO) messaging to invalidate a 112 routing path corresponding to the given target, thus releasing 113 resources utilized on that path. A NPDAO is a DAO message with route 114 lifetime of zero, originates at the target node and always flows 115 upstream towards the 6LBR. This document explains the problems 116 associated with the current use of NPDAO messaging and also discusses 117 the requirements for an optimized route invalidation messaging 118 scheme. Further a new pro-active route invalidation message called 119 as "Destination Cleanup Object" (DCO) is specified which fulfills 120 requirements of an optimized route invalidation messaging. 122 The document only caters to the RPL's storing mode of operation 123 (MOP). The non-storing MOP does not require use of NPDAO for route 124 invalidation since routing entries are not maintained on 6LRs. 126 1.1. Requirements Language and Terminology 128 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 129 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 130 "OPTIONAL" in this document are to be interpreted as described in BCP 131 14 [RFC2119] [RFC8174] when, and only when, they appear in all 132 capitals, as shown here. 134 This specification requires readers to be familiar with all the terms 135 and concepts that are discussed in "RPL: IPv6 Routing Protocol for 136 Low-Power and Lossy Networks" [RFC6550]. 138 6LoWPAN Router (6LR): 139 An intermediate router that is able to send and receive Router 140 Advertisements (RAs) and Router Solicitations (RSs) as well as 141 forward and route IPv6 packets. 142 Directed Acyclic Graph (DAG): 143 A directed graph having the property that all edges are oriented 144 in such a way that no cycles exist. 146 Destination-Oriented DAG (DODAG): 147 A DAG rooted at a single destination, i.e., at a single DAG root 148 with no outgoing edges. 149 6LoWPAN Border Router (6LBR): 150 A border router which is a DODAG root and is the edge node for 151 traffic flowing in and out of the 6LoWPAN network. 152 Destination Advertisement Object (DAO): 153 DAO messaging allows downstream routes to the nodes to be 154 established. 155 DODAG Information Object (DIO): 156 DIO messaging allows upstream routes to the 6LBR to be 157 established. DIO messaging is initiated at the DAO root. 158 Common Ancestor node 159 6LR/6LBR node which is the first common node between two paths of 160 a target node. 161 No-Path DAO (NPDAO): 162 A DAO message which has target with lifetime 0 used for the 163 purpose of route invalidation. 164 Destination Cleanup Object (DCO): 165 A new RPL control message type defined by this document. DCO 166 messaging improves proactive route invalidation in RPL. 167 Regular DAO: 168 A DAO message with non-zero lifetime. Routing adjacencies are 169 created or updated based on this message. 170 Target node: 171 The node switching its parent whose routing adjacencies are 172 updated (created/removed). 174 1.2. Current NPDAO messaging 176 RPL uses NPDAO messaging in the storing mode so that the node 177 changing it routing adjacencies can invalidate the previous route. 178 This is needed so that nodes along the previous path can release any 179 resources (such as the routing entry) it maintains on behalf of 180 target node. 182 For the rest of this document consider the following topology: 184 (6LBR) 185 | 186 | 187 | 188 (A) 189 / \ 190 / \ 191 / \ 192 (G) (H) 193 | | 194 | | 195 | | 196 (B) (C) 197 \ ; 198 \ ; 199 \ ; 200 (D) 201 / \ 202 / \ 203 / \ 204 (E) (F) 206 Figure 1: Sample topology 208 Node (D) is connected via preferred parent (B). (D) has an alternate 209 path via (C) towards the 6LBR. Node (A) is the common ancestor for 210 (D) for paths through (B)-(G) and (C)-(H). When (D) switches from 211 (B) to (C), RPL allows sending NPDAO to (B) and regular DAO to (C). 213 1.3. Why NPDAO is important? 215 Nodes in LLNs may be resource constrained. There is limited memory 216 available and routing entry records are one of the primary elements 217 occupying dynamic memory in the nodes. Route invalidation helps 6LR 218 nodes to decide which entries could be discarded to better achieve 219 resource utilization. Thus it becomes necessary to have an efficient 220 route invalidation mechanism. Also note that a single parent switch 221 may result in a "sub-tree" switching from one parent to another. 222 Thus the route invalidation needs to be done on behalf of the sub- 223 tree and not the switching node alone. In the above example, when 224 Node (D) switches parent, the route updates needs to be done for the 225 routing tables entries of (C),(H),(A),(G), and (B) with destination 226 (D),(E) and (F). Without efficient route invalidation, a 6LR may 227 have to hold a lot of stale route entries. 229 2. Problems with current NPDAO messaging 231 2.1. Lost NPDAO due to link break to the previous parent 233 When a node switches its parent, the NPDAO is to be sent to its 234 previous parent and a regular DAO to its new parent. In cases where 235 the node switches its parent because of transient or permanent parent 236 link/node failure then the NPDAO message is bound to fail. 238 2.2. Invalidate routes of dependent nodes 240 RPL does not specify how route invalidation will work for dependent 241 nodes rooted at the switching node, resulting in stale routing 242 entries of the dependent nodes. The only way for 6LR to invalidate 243 the route entries for dependent nodes would be to use route lifetime 244 expiry which could be substantially high for LLNs. 246 In the example topology, when Node (D) switches its parent, Node (D) 247 generates an NPDAO on its behalf. There is no NPDAO generated by the 248 dependent child nodes (E) and (F), through the previous path via (D) 249 to (B) and (G), resulting in stale entries on nodes (B) and (G) for 250 nodes (E) and (F). 252 2.3. Possible route downtime caused by async operation of NPDAO and DAO 254 A switching node may generate both an NPDAO and DAO via two different 255 paths at almost the same time. There is a possibility that an NPDAO 256 generated may invalidate the previous route and the regular DAO sent 257 via the new path gets lost on the way. This may result in route 258 downtime impacting downward traffic for the switching node. 260 In the example topology, consider Node (D) switches from parent (B) 261 to (C). An NPDAO sent via the previous route may invalidate the 262 previous route whereas there is no way to determine whether the new 263 DAO has successfully updated the route entries on the new path. 265 3. Requirements for the NPDAO Optimization 267 3.1. Req#1: Remove messaging dependency on link to the previous parent 269 When the switching node sends the NPDAO message to the previous 270 parent, it is normal that the link to the previous parent is prone to 271 failure (that's why the node decided to switch). Therefore, it is 272 required that the route invalidation does not depend on the previous 273 link which is prone to failure. The previous link referred here 274 represents the link between the node and its previous parent (from 275 whom the node is now disassociating). 277 3.2. Req#2: Dependent nodes route invalidation on parent switching 279 It should be possible to do route invalidation for dependent nodes 280 rooted at the switching node. 282 3.3. Req#3: Route invalidation should not impact data traffic 284 While sending the NPDAO and DAO messages, it is possible that the 285 NPDAO successfully invalidates the previous path, while the newly 286 sent DAO gets lost (new path not set up successfully). This will 287 result in downstream unreachability to the node switching paths. 288 Therefore, it is desirable that the route invalidation is 289 synchronized with the DAO to avoid the risk of route downtime. 291 4. Changes to RPL signaling 293 4.1. Change in RPL route invalidation semantics 295 As described in Section 1.2, the NPDAO originates at the node 296 changing to a new parent and traverses upstream towards the root. In 297 order to solve the problems as mentioned in Section 2, the document 298 adds a new pro-active route invalidation message called "Destination 299 Cleanup Object" (DCO) that originates at a common ancestor node and 300 flows downstream between the new and old path. The common ancestor 301 node generates a DCO in response to the change in the next-hop on 302 receiving a regular DAO with updated Path Sequence for the target. 304 The 6LRs in the path for DCO take action such as route invalidation 305 based on the DCO information and subsequently send another DCO with 306 the same information downstream to the next hop. This operation is 307 similar to how the DAOs are handled on intermediate 6LRs in storing 308 MOP in [RFC6550]. Just like DAO in storing MOP, the DCO is sent 309 using link-local unicast source and destination IPv6 address. Unlike 310 DAO, which always travels upstream, the DCO always travels 311 downstream. 313 In Figure 1, when node D decides to switch the path from B to C, it 314 sends a regular DAO to node C with reachability information 315 containing target as address of D and an incremented Path Sequence. 316 Node C will update the routing table based on the reachability 317 information in the DAO and in turn generate another DAO with the same 318 reachability information and forward it to H. Node H also follows 319 the same procedure as Node C and forwards it to node A. When node A 320 receives the regular DAO, it finds that it already has a routing 321 table entry on behalf of the target address of node D. It finds 322 however that the next hop information for reaching node D has changed 323 i.e. node D has decided to change the paths. In this case, Node A 324 which is the common ancestor node for node D along the two paths 325 (previous and new), should generate a DCO which traverses downwards 326 in the network. 328 4.2. Transit Information Option changes 330 Every RPL message is divided into base message fields and additional 331 Options as described in Section 6 of [RFC6550]. The base fields 332 apply to the message as a whole and options are appended to add 333 message/use-case specific attributes. As an example, a DAO message 334 may be attributed by one or more "RPL Target" options which specify 335 the reachability information for the given targets. Similarly, a 336 Transit Information option may be associated with a set of RPL Target 337 options. 339 This document specifies a change in the Transit Information Option to 340 contain the "Invalidate previous route" (I) bit. This I-bit signals 341 the common ancestor node to generate a DCO on behalf of the target 342 node. The I-bit is carried in the Transit Information Option which 343 augments the reachability information for a given set of RPL 344 Target(s). Transit Information Option should be carried in the DAO 345 message with I-bit set in case route invalidation is sought for the 346 corresponding target(s). 348 0 1 2 3 349 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 350 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 351 | Type = 0x06 | Option Length |E|I| Flags | Path Control | 352 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 | Path Sequence | Path Lifetime | | 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 355 | | 356 + + 357 | | 358 + Parent Address + 359 | | 360 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 361 | | 362 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 Figure 2: Updated Transit Information Option (New I flag added) 366 I (Invalidate previous route) bit: The 'I' flag is set by the target 367 node to indicate to the common ancestor node that it wishes to 368 invalidate any previous route between the two paths. 370 The common ancestor node SHOULD generate a DCO message in response to 371 this I-bit when it sees that the routing adjacencies have changed for 372 the target. I-bit governs the ownership of the DCO message in a way 373 that the target node is still in control of its own route 374 invalidation. 376 4.3. Destination Cleanup Object (DCO) 378 A new ICMPv6 RPL control message type is defined by this 379 specification called as "Destination Cleanup Object" (DCO), which is 380 used for proactive cleanup of state and routing information held on 381 behalf of the target node by 6LRs. The DCO message always traverses 382 downstream and cleans up route information and other state 383 information associated with the given target. 385 0 1 2 3 386 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 387 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 388 | RPLInstanceID |K|D| Flags | Reserved | DCOSequence | 389 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 390 | | 391 + + 392 | | 393 + DODAGID(optional) + 394 | | 395 + + 396 | | 397 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 398 | Option(s)... 399 +-+-+-+-+-+-+-+-+ 401 Figure 3: DCO base object 403 RPLInstanceID: 8-bit field indicating the topology instance 404 associated with the DODAG, as learned from the DIO. 406 K: The 'K' flag indicates that the recipient of DCO message is 407 expected to send a DCO-ACK back. If the DCO-ACK is not received even 408 after setting the 'K' flag, an implementation may retry the DCO at a 409 later time. The number of retries are implementation and deployment 410 dependent. A node receiving a DCO message without the 'K' flag set 411 MAY respond with a DCO-ACK, especially to report an error condition. 412 An example error condition could be that the node sending the DCO-ACK 413 does not find the routing entry for the indicated target. 415 D: The 'D' flag indicates that the DODAGID field is present. This 416 flag MUST be set when a local RPLInstanceID is used. 418 Flags: The 6 bits remaining unused in the Flags field are reserved 419 for future use. These bits MUST be initialized to zero by the sender 420 and MUST be ignored by the receiver. 422 Reserved: 8-bit unused field. The field MUST be initialized to zero 423 by the sender and MUST be ignored by the receiver. 425 DCOSequence: Incremented at each unique DCO message from a node and 426 echoed in the DCO-ACK message. The initial DCOSequence can be chosen 427 randomly by the node. 429 DODAGID (optional): 128-bit unsigned integer set by a DODAG root that 430 uniquely identifies a DODAG. This field MUST be present when the 'D' 431 flag is set. DODAGID is used when a local RPLInstanceID is in use, 432 in order to identify the DODAGID that is associated with the 433 RPLInstanceID. 435 4.3.1. Secure DCO 437 A Secure DCO message follows the format in [RFC6550] Figure 7, where 438 the base message format is the DCO message shown in Figure 3. 440 4.3.2. DCO Options 442 The DCO message MUST carry atleast one RPL Target and the Transit 443 Information Option and MAY carry other valid options. This 444 specification allows for the DCO message to carry the following 445 options: 447 0x00 Pad1 448 0x01 PadN 449 0x05 RPL Target 450 0x06 Transit Information 451 0x09 RPL Target Descriptor 453 The DCO carries an RPL Target Option and an associated Transit 454 Information Option with a lifetime of 0x00000000 to indicate a loss 455 of reachability to that Target. The lifetime indicated in the 456 Transit Information Option of the DCO message MUST be set to 457 0x00000000. 459 4.3.3. Path Sequence number in the DCO 461 A DCO message may contain a Path Sequence in the Transit Information 462 Option to identify the freshness of the DCO message. The Path 463 Sequence in the DCO MUST use the same Path Sequence number present in 464 the regular DAO message when the DCO is generated in response to a 465 DAO message. The Path Sequence present in the Transit Information 466 Option of the DAO and the correspondingly triggered DCO MUST be same. 467 Thus if a DCO is received by a 6LR and subsequently a DAO is received 468 with an old seqeunce number, then the DAO MUST be ignored. 470 4.3.4. Destination Cleanup Option Acknowledgement (DCO-ACK) 472 The DCO-ACK message SHOULD be sent as a unicast packet by a DCO 473 recipient in response to a unicast DCO message with 'K' flag set. If 474 'K' flag is not set then the receiver of the DCO message MAY send a 475 DCO-ACK to signal an error condition. 477 0 1 2 3 478 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 479 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 480 | RPLInstanceID |D| Reserved | DCOSequence | Status | 481 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 | | 483 + + 484 | | 485 + DODAGID(optional) + 486 | | 487 + + 488 | | 489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 491 Figure 4: DCO-ACK base object 493 RPLInstanceID: 8-bit field indicating the topology instance 494 associated with the DODAG, as learned from the DIO. 496 D: The 'D' flag indicates that the DODAGID field is present. This 497 flag MUST be set when a local RPLInstanceID is used. 499 Reserved: 7-bit unused field. The field MUST be initialized to zero 500 by the sender and MUST be ignored by the receiver. 502 DCOSequence: The DCOSequence in DCO-ACK is copied from the 503 DCOSequence received in the DCO message. 505 Status: Indicates the completion. Status 0 is defined as unqualified 506 acceptance in this specification. Status 1 is defined as "No 507 routing-entry for the Target found". The remaining status values are 508 reserved as rejection codes. 510 DODAGID (optional): 128-bit unsigned integer set by a DODAG root that 511 uniquely identifies a DODAG. This field MUST be present when the 'D' 512 flag is set. DODAGID is used when a local RPLInstanceID is in use, 513 in order to identify the DODAGID that is associated with the 514 RPLInstanceID. 516 4.3.5. Secure DCO-ACK 518 A Secure DCO-ACK message follows the format in [RFC6550] Figure 7, 519 where the base message format is the DCO-ACK message shown in 520 Figure 4. 522 4.4. DCO Base Rules 524 1. If a node sends a DCO message with newer or different information 525 than the prior DCO message transmission, it MUST increment the 526 DCOSequence field by at least one. A DCO message transmission 527 that is identical to the prior DCO message transmission MAY 528 increment the DCOSequence field. 529 2. The RPLInstanceID and DODAGID fields of a DCO message MUST be the 530 same value as that of the DAO message in response to which the 531 DCO is generated on the common ancestor node. 532 3. A node MAY set the 'K' flag in a unicast DCO message to solicit a 533 unicast DCO-ACK in response in order to confirm the attempt. 534 4. A node receiving a unicast DCO message with the 'K' flag set 535 SHOULD respond with a DCO-ACK. A node receiving a DCO message 536 without the 'K' flag set MAY respond with a DCO-ACK, especially 537 to report an error condition. 538 5. A node receiving a unicast DCO message MUST verify the stored 539 Path Sequence in context to the given target. If the stored Path 540 Sequence is more fresh i.e. newer than the Path Sequence received 541 in the DCO, then the DCO MUST be dropped. 542 6. A node that sets the 'K' flag in a unicast DCO message but does 543 not receive DCO-ACK in response MAY reschedule the DCO message 544 transmission for another attempt, up until an implementation 545 specific number of retries. 546 7. A node receiving a unicast DCO message with its own address in 547 the RPL Target Option MUST strip-off that Target Option. If this 548 Target Option is the only one in the DCO message then the DCO 549 message MUST be dropped. 551 The scope of DCOSequence values is unique to each node. 553 4.5. Other considerations 555 4.5.1. Dependent Nodes invalidation 557 Current RPL [RFC6550] does not provide a mechanism for route 558 invalidation for dependent nodes. This document allows the dependent 559 nodes invalidation. Dependent nodes will generate their respective 560 DAOs to update their paths, and the previous route invalidation for 561 those nodes should work in the similar manner described for switching 562 node. The dependent node may set the I-bit in the Transit 563 Information Option as part of regular DAO so as to request 564 invalidation of previous route from the common ancestor node. 566 Dependent nodes do not have any indication regarding if any of its 567 parent nodes in turn have decided to switch their parent. Thus for 568 route invalidation the dependent nodes may choose to always set the 569 'I' bit in all its DAO message's Transit Information Option. Note 570 that setting the I-bit is not counter productive even if there is no 571 previous route to be invalidated. 573 4.5.2. NPDAO and DCO in the same network 575 Even with the changed semantics, the current NPDAO mechanism in 576 [RFC6550] can still be used, for example, when the route lifetime 577 expiry of the target happens or when the node simply decides to 578 gracefully terminate the RPL session on graceful node shutdown. 579 Moreover a deployment can have a mix of nodes supporting the DCO and 580 the existing NPDAO mechanism. It is also possible that the same node 581 supports both the NPDAO and DCO signalling. 583 Section 9.8 of [RFC6550] states, "When a node removes a node from its 584 DAO parent set, it SHOULD send a No-Path DAO message to that removed 585 DAO parent to invalidate the existing router". This document 586 introduces an alternate and more optimized way of route invalidation 587 but it also allows existing NPDAO messaging to work. Thus an 588 implementation has two choices to make when a route invalidation is 589 to be initiated: 591 1. Use NPDAO to invalidate the previous route and send regular DAO 592 on the new path. 593 2. Send regular DAO on the new path with the 'I' bit set in the 594 Transit Information Option such that the common ancestor node 595 initiates the DCO message downstream to invalidate the previous 596 route. 598 This document recommends using option 2 for reasons specified in 599 Section 3 in this document. 601 4.5.3. DCO with multiple preferred parents 603 [RFC6550] allows a node to select multiple preferred parents for 604 route establishment. Section 9.2.1 of [RFC6550] specifies, "All DAOs 605 generated at the same time for the same Target MUST be sent with the 606 same Path Sequence in the Transit Information". Subsequently when 607 route invalidation has to be initiated, RPL mentions use of NPDAO 608 which can be initiated with an updated Path Sequence to all the 609 parent nodes through which the route is to be invalidated. 611 With DCO, the Target node itself does not initiate the route 612 invalidation and it is left to the common ancestor node. A common 613 ancestor node when it discovers an updated DAO from a new next-hop, 614 it initiates a DCO. With multiple preferred parents, this handling 615 does not change. But in this case it is recommended that an 616 implementation initiates a DCO after a time period (DelayDCO) such 617 that the common ancestor node may receive updated DAOs from all 618 possible next-hops. This will help to reduce DCO control overhead 619 i.e., the common ancestor can wait for updated DAOs from all possible 620 directions before initiating a DCO for route invalidation. After 621 timeout, the DCO needs to be generated for all the next-hops for whom 622 the route invalidation needs to be done. 624 This documents recommends using a DelayDCO timer value of 1sec. This 625 value is inspired by the default DelayDAO value of 1sec in [RFC6550]. 626 Here the hypothesis is that the DAOs from all possible parent set 627 would be received on the common ancestor within this time period. 629 Note that there is no requirement of synchronization between DCO and 630 DAOs. The DelayDCO timer simply ensures that the DCO control 631 overhead can be reduced and is only needed when the network contains 632 nodes using multiple preferred parent. 634 5. Acknowledgements 636 Many thanks to Alvaro Retana, Cenk Gundogan, Simon Duquennoy, 637 Georgios Papadopoulous, Peter Van Der Stok for their review and 638 comments. Alvaro Retana helped shape this document's final version 639 with critical review comments. 641 6. IANA Considerations 643 IANA is requested to allocate new codes for the DCO and DCO-ACK 644 messages from the RPL Control Codes registry. 646 +------+---------------------------------------------+--------------+ 647 | Code | Description | Reference | 648 +------+---------------------------------------------+--------------+ 649 | TBD1 | Destination Cleanup Object | This | 650 | | | document | 651 | TBD2 | Destination Cleanup Object Acknowledgement | This | 652 | | | document | 653 | TBD3 | Secure Destination Cleanup Object | This | 654 | | | document | 655 | TBD4 | Secure Destination Cleanup Object | This | 656 | | Acknowledgement | document | 657 +------+---------------------------------------------+--------------+ 658 IANA is requested to allocate bit 1 from the Transit Information 659 Option Flags registry for the I-bit (Section 4.2) 661 6.1. New Registry for the Destination Cleanup Object (DCO) Flags 663 IANA has created a registry for the 8-bit Destination Cleanup Object 664 (DCO) Flags field. 666 New bit numbers may be allocated only by an IETF Review. Each bit is 667 tracked with the following qualities: 669 oBit number (counting from bit 0 as the most significant bit) 670 oCapability description 671 oDefining RFC 673 The following bits are currently defined: 675 +------------+------------------------------+---------------+ 676 | Bit number | Description | Reference | 677 +------------+------------------------------+---------------+ 678 | 0 | DCO-ACK request (K) | This document | 679 | 1 | DODAGID field is present (D) | This document | 680 +------------+------------------------------+---------------+ 682 DCO Base Flags 684 6.2. New Registry for the Destination Cleanup Object Acknowledgement 685 (DCO-ACK) Status field 687 IANA has created a registry for the 8-bit Destination Cleanup Object 688 Acknowledgement (DCO-ACK) Status field. 690 New Status values may be allocated only by an IETF Review. Each 691 value is tracked with the following qualities: 693 oStatus Code 694 oDescription 695 oDefining RFC 697 The following bits are currently defined: 699 +------------+----------------------------------------+-------------+ 700 | Status | Description | Reference | 701 | Code | | | 702 +------------+----------------------------------------+-------------+ 703 | 0 | Unqualified acceptance | This | 704 | | | document | 705 | 1 | No routing-entry for the indicated | This | 706 | | Target found | document | 707 +------------+----------------------------------------+-------------+ 709 DCO Status Codes 711 6.3. New Registry for the Destination Cleanup Object (DCO) 712 Acknowledgement Flags 714 IANA has created a registry for the 8-bit Destination Cleanup Object 715 (DCO) Acknowledgement Flags field. 717 New bit numbers may be allocated only by an IETF Review. Each bit is 718 tracked with the following qualities: 720 oBit number (counting from bit 0 as the most significant bit) 721 oCapability description 722 oDefining RFC 724 The following bits are currently defined: 726 +------------+------------------------------+---------------+ 727 | Bit number | Description | Reference | 728 +------------+------------------------------+---------------+ 729 | 0 | DODAGID field is present (D) | This document | 730 +------------+------------------------------+---------------+ 732 DCO-ACK Base Flags 734 7. Security Considerations 736 This document introduces the ability for a common ancestor node to 737 invalidate a route on behalf of the target node. The common ancestor 738 node is directed to do so by the target node using the 'I' bit in 739 DCO's Transit Information Option. However, the common ancestor node 740 is in a position to unilaterally initiate the route invalidation 741 since it possesses all the required state information namely, the 742 Target address and the correspond Path Sequence. Thus a rogue common 743 ancestor node could initiate such an invalidation and impact the 744 traffic to the target node. This document assumes that the security 745 mechanisms as defined in [RFC6550] are followed, which means that the 746 common ancestor node is part of the RPL network because it has the 747 required credentials. 749 All RPL messages support a secure version of messages which allows 750 integrity protection using either a MAC or a signature. Optionally, 751 secured RPL messages also have encryption protection for 752 confidentiality. 754 The document adds new messages (DCO, DCO-ACK) which are syntactically 755 similar to existing RPL messages such as DAO, DAO-ACK. Secure 756 versions of DCO and DCO-ACK are added similar to other RPL messages 757 (such as DAO, DAO-ACK). 759 RPL supports three security modes as mentioned in Section 10.1 of 760 [RFC6550]: 762 1. Unsecured: In this mode, it is expected that the RPL control 763 messages are secured by other security mechanisms, such as link- 764 layer security. In this mode, the RPL control messages, 765 including DCO, DCO-ACK, do not have Security sections. A DCO and 766 DCO-ACK message which is not encrypted at link-layer MUST not be 767 handled by the RPL layer. Also all the DCO and DCO-ACK messages 768 that are transmitted MUST be link-layer encrypted. 769 2. Preinstalled: In this mode, RPL uses secure messages. Thus 770 secure versions of DCO, DCO-ACK MUST be used in this mode. 771 3. Authenticated: In this mode, RPL uses secure messages. Thus 772 secure versions of DCO, DCO-ACK MUST be used in this mode. 774 8. Normative References 776 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 777 Requirement Levels", BCP 14, RFC 2119, 778 DOI 10.17487/RFC2119, March 1997, 779 . 781 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 782 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 783 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 784 Low-Power and Lossy Networks", RFC 6550, 785 DOI 10.17487/RFC6550, March 2012, 786 . 788 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 789 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 790 May 2017, . 792 Appendix A. Example Messaging 794 A.1. Example DCO Messaging 796 In Figure 1, node (D) switches its parent from (B) to (C). This 797 example assumes that Node D has already established its own route via 798 Node B-G-A-6LBR using pathseq=x. The example uses DAO and DCO 799 messaging convention and specifies only the required parameters to 800 explain the example namely, the parameter 'tgt', which stands for 801 Target Option and value of this parameter specifies the address of 802 the target node. The parameter 'pathseq', which specifies the Path 803 Sequence value carried in the Transit Information Option. The 804 parameter 'I_flag' specifies the 'I' bit in the Transit Information 805 Option. sequence of actions is as follows: 807 1. Node D switches its parent from node B to node C 808 2. D sends a regular DAO(tgt=D,pathseq=x+1,I_flag=1) in the updated 809 path to C 810 3. C checks for a routing entry on behalf of D, since it cannot find 811 an entry on behalf of D it creates a new routing entry and 812 forwards the reachability information of the target D to H in a 813 DAO(tgt=D,pathseq=x+1,I_flag=1). 814 4. Similar to C, node H checks for a routing entry on behalf of D, 815 cannot find an entry and hence creates a new routing entry and 816 forwards the reachability information of the target D to A in a 817 DAO(tgt=D,pathseq=x+1,I_flag=1). 818 5. Node A receives the DAO(tgt=D,pathseq=x+1,I_flag=1), and checks 819 for a routing entry on behalf of D. It finds a routing entry but 820 checks that the next hop for target D is different (i.e. Node 821 G). Node A checks the I_flag and generates 822 DCO(tgt=D,pathseq=x+1) to previous next hop for target D which is 823 G. Subsequently, Node A updates the routing entry and forwards 824 the reachability information of target D upstream 825 DAO(tgt=D,pathseq=x+1,I_flag=1). 826 6. Node G receives the DCO(tgt=D,pathseq=x+1). It checks if the 827 received path sequence is latest as compared to the stored path 828 sequence. If it is latest, Node G invalidates routing entry of 829 target D and forwards the (un)reachability information downstream 830 to B in DCO(tgt=D,pathseq=x+1). 831 7. Similarly, B processes the DCO(tgt=D,pathseq=x+1) by invalidating 832 the routing entry of target D and forwards the (un)reachability 833 information downstream to D. 834 8. D ignores the DCO(tgt=D,pathseq=x+1) since the target is itself. 835 9. The propagation of the DCO will stop at any node where the node 836 does not have an routing information associated with the target. 837 If the routing information is present and its Path Sequence is 838 higher, then still the DCO is dropped. 840 A.2. Example DCO Messaging with multiple preferred parents 842 (6LBR) 843 | 844 | 845 | 846 (N11) 847 / \ 848 / \ 849 / \ 850 (N21) (N22) 851 / / \ 852 / / \ 853 / / \ 854 (N31) (N32) (N33) 855 : | / 856 : | / 857 : | / 858 (N41) 860 Figure 5: Sample topology 2 862 In Figure 5, node (N41) selects multiple preferred parents (N32) and 863 (N33). The sequence of actions is as follows: 865 1. (N41) sends DAO(tgt=N41,PS=x,I_flag=1) to (N32) and (N33). Here 866 I_flag refers to the Invalidation flag and PS refers to Path 867 Sequence in Transit Information option. 868 2. (N32) sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N33) also 869 sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N22) learns 870 multiple routes for the same destination (N41) through multiple 871 next-hops. (N22) may receive the DAOs from (N32) and (N33) in 872 any order with the I_flag set. The implementation should use 873 the DelayDCO timer to wait to initiate the DCO. If (N22) 874 receives an updated DAO from all the paths then the DCO need not 875 be initiated in this case. Thus the route table at N22 should 876 contain (Dst,NextHop,PS): { (N41,N32,x), (N41,N33,x) }. 877 3. (N22) sends DAO(tgt=N41,PS=x,I_flag=1) to (N11). 878 4. (N11) sends DAO(tgt=N41,PS=x,I_flag=1) to (6LBR). Thus the 879 complete path is established. 880 5. (N41) decides to change preferred parent set from { N32, N33 } 881 to { N31, N32 }. 882 6. (N41) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N32). (N41) sends 883 DAO(tgt=N41,PS=x+1,I_flag=1) to (N31). 884 7. (N32) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N22). (N22) has 885 multiple routes to destination (N41). It sees that a new Path 886 Sequence for Target=N41 is received and thus it waits for pre- 887 determined time period (DelayDCO time period) to invalidate 888 another route {(N41),(N33),x}. After time period, (N22) sends 889 DCO(tgt=N41,PS=x+1) to (N33). Also (N22) sends the regular 890 DAO(tgt=N41,PS=x+1,I_flag=1) to (N11). 891 8. (N33) receives DCO(tgt=N41,PS=x+1). The received Path Sequence 892 is latest and thus it invalidates the entry associated with 893 target (N41). (N33) then sends the DCO(tgt=N41,PS=x+1) to 894 (N41). (N41) sees itself as the target and drops the DCO. 895 9. From Step 6 above, (N31) receives the 896 DAO(tgt=N41,PS=x+1,I_flag=1). It creates a routing entry and 897 sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N21). Similarly 898 (N21) receives the DAO and subsequently sends the 899 DAO(tgt=N41,PS=x+1,I_flag=1) to (N11). 900 10. (N11) receives DAO(tgt=N41,PS=x+1,I_flag=1) from (N21). It 901 waits for DelayDCO timer since it has multiple routes to (N41). 902 (N41) will receive DAO(tgt=N41,PS=x+1,I_flag=1) from (N22) from 903 Step 7 above. Thus (N11) has received regular 904 DAO(tgt=N41,PS=x+1,I_flag=1) from all paths and thus does not 905 initiate DCO. 906 11. (N11) forwards the DAO(tgt=N41,PS=x+1,I_flag=1) to 6LBR and the 907 full path is established. 909 Authors' Addresses 911 Rahul Arvind Jadhav (editor) 912 Huawei 913 Kundalahalli Village, Whitefield, 914 Bangalore, Karnataka 560037 915 India 917 Phone: +91-080-49160700 918 Email: rahul.ietf@gmail.com 920 Pascal Thubert 921 Cisco Systems, Inc 922 Building D 923 45 Allee des Ormes - BP1200 924 MOUGINS - Sophia Antipolis 06254 925 France 927 Phone: +33 497 23 26 34 928 Email: pthubert@cisco.com 929 Rabi Narayan Sahoo 930 Huawei 931 Kundalahalli Village, Whitefield, 932 Bangalore, Karnataka 560037 933 India 935 Phone: +91-080-49160700 936 Email: rabinarayans@huawei.com 938 Zhen Cao 939 Huawei 940 W Chang'an Ave 941 Beijing 942 China 944 Email: zhencao.ietf@gmail.com