idnits 2.17.1 draft-ietf-roll-efficient-npdao-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: [RFC6550] allows parent address to be sent in the Transit Information Option depending on the mode of operation. In case of storing mode of operation the field is usually not needed. In case of DCO, the parent address field MUST not be included. -- The document date (May 25, 2019) is 1799 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL R. Jadhav, Ed. 3 Internet-Draft Huawei 4 Intended status: Standards Track P. Thubert 5 Expires: November 26, 2019 Cisco 6 R. Sahoo 7 Z. Cao 8 Huawei 9 May 25, 2019 11 Efficient Route Invalidation 12 draft-ietf-roll-efficient-npdao-11 14 Abstract 16 This document describes the problems associated with No-Path 17 Destination Advertisement Object (NPDAO) messaging used in Routing 18 Protocol for Low power and lossy networks (RPL) for route 19 invalidation and signaling changes to improve route invalidation 20 efficiency. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on November 26, 2019. 39 Copyright Notice 41 Copyright (c) 2019 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Requirements Language and Terminology . . . . . . . . . . 3 58 1.2. Current NPDAO messaging . . . . . . . . . . . . . . . . . 4 59 1.3. Why NPDAO is important? . . . . . . . . . . . . . . . . . 5 60 2. Problems with current NPDAO messaging . . . . . . . . . . . . 6 61 2.1. Lost NPDAO due to link break to the previous parent . . . 6 62 2.2. Invalidate routes of dependent nodes . . . . . . . . . . 6 63 2.3. Possible route downtime caused by async operation of 64 NPDAO and DAO . . . . . . . . . . . . . . . . . . . . . . 6 65 3. Requirements for the NPDAO Optimization . . . . . . . . . . . 6 66 3.1. Req#1: Remove messaging dependency on link to the 67 previous parent . . . . . . . . . . . . . . . . . . . . . 6 68 3.2. Req#2: Dependent nodes route invalidation on parent 69 switching . . . . . . . . . . . . . . . . . . . . . . . . 7 70 3.3. Req#3: Route invalidation should not impact data traffic 7 71 4. Changes to RPL signaling . . . . . . . . . . . . . . . . . . 7 72 4.1. Change in RPL route invalidation semantics . . . . . . . 7 73 4.2. Transit Information Option changes . . . . . . . . . . . 8 74 4.3. Destination Cleanup Object (DCO) . . . . . . . . . . . . 9 75 4.3.1. Secure DCO . . . . . . . . . . . . . . . . . . . . . 10 76 4.3.2. DCO Options . . . . . . . . . . . . . . . . . . . . . 10 77 4.3.3. Path Sequence number in the DCO . . . . . . . . . . . 10 78 4.3.4. Destination Cleanup Option Acknowledgment (DCO-ACK) . 10 79 4.3.5. Secure DCO-ACK . . . . . . . . . . . . . . . . . . . 11 80 4.4. DCO Base Rules . . . . . . . . . . . . . . . . . . . . . 12 81 4.5. Unsolicited DCO . . . . . . . . . . . . . . . . . . . . . 12 82 4.6. Other considerations . . . . . . . . . . . . . . . . . . 13 83 4.6.1. Dependent Nodes invalidation . . . . . . . . . . . . 13 84 4.6.2. NPDAO and DCO in the same network . . . . . . . . . . 13 85 4.6.3. DCO with multiple preferred parents . . . . . . . . . 14 86 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 87 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 88 6.1. New Registry for the Destination Cleanup Object (DCO) 89 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 15 90 6.2. New Registry for the Destination Cleanup Object 91 Acknowledgment (DCO-ACK) Status field . . . . . . . . . . 16 92 6.3. New Registry for the Destination Cleanup Object (DCO) 93 Acknowledgment Flags . . . . . . . . . . . . . . . . . . 16 94 7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 95 8. Normative References . . . . . . . . . . . . . . . . . . . . 18 96 Appendix A. Example Messaging . . . . . . . . . . . . . . . . . 18 97 A.1. Example DCO Messaging . . . . . . . . . . . . . . . . . . 18 98 A.2. Example DCO Messaging with multiple preferred parents . . 19 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 101 1. Introduction 103 RPL [RFC6550] (Routing Protocol for Low power and lossy networks) 104 specifies a proactive distance-vector based routing scheme. RPL has 105 an optional messaging in the form of DAO (Destination Advertisement 106 Object) messages, which the 6LBR (6Lo Border Router) and 6LR (6Lo 107 Router) can use to learn a route towards the downstream nodes. In 108 storing mode, DAO messages would result in routing entries being 109 created on all intermediate 6LRs from the node's parent all the way 110 towards the 6LBR. 112 RPL allows the use of No-Path DAO (NPDAO) messaging to invalidate a 113 routing path corresponding to the given target, thus releasing 114 resources utilized on that path. A NPDAO is a DAO message with route 115 lifetime of zero, originates at the target node and always flows 116 upstream towards the 6LBR. This document explains the problems 117 associated with the current use of NPDAO messaging and also discusses 118 the requirements for an optimized route invalidation messaging 119 scheme. Further a new pro-active route invalidation message called 120 as "Destination Cleanup Object" (DCO) is specified which fulfills 121 requirements of an optimized route invalidation messaging. 123 The document only caters to the RPL's storing mode of operation 124 (MOP). The non-storing MOP does not require use of NPDAO for route 125 invalidation since routing entries are not maintained on 6LRs. 127 1.1. Requirements Language and Terminology 129 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 130 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 131 "OPTIONAL" in this document are to be interpreted as described in BCP 132 14 [RFC2119] [RFC8174] when, and only when, they appear in all 133 capitals, as shown here. 135 This specification requires readers to be familiar with all the terms 136 and concepts that are discussed in "RPL: IPv6 Routing Protocol for 137 Low-Power and Lossy Networks" [RFC6550]. 139 6LoWPAN Router (6LR): 140 An intermediate router that is able to send and receive Router 141 Advertisements (RAs) and Router Solicitations (RSs) as well as 142 forward and route IPv6 packets. 143 Directed Acyclic Graph (DAG): 145 A directed graph having the property that all edges are oriented 146 in such a way that no cycles exist. 147 Destination-Oriented DAG (DODAG): 148 A DAG rooted at a single destination, i.e., at a single DAG root 149 with no outgoing edges. 150 6LoWPAN Border Router (6LBR): 151 A border router which is a DODAG root and is the edge node for 152 traffic flowing in and out of the 6LoWPAN network. 153 Destination Advertisement Object (DAO): 154 DAO messaging allows downstream routes to the nodes to be 155 established. 156 DODAG Information Object (DIO): 157 DIO messaging allows upstream routes to the 6LBR to be 158 established. DIO messaging is initiated at the DAO root. 159 Common Ancestor node 160 6LR/6LBR node which is the first common node between two paths of 161 a target node. 162 No-Path DAO (NPDAO): 163 A DAO message which has target with lifetime 0 used for the 164 purpose of route invalidation. 165 Destination Cleanup Object (DCO): 166 A new RPL control message type defined by this document. DCO 167 messaging improves proactive route invalidation in RPL. 168 Regular DAO: 169 A DAO message with non-zero lifetime. Routing adjacencies are 170 created or updated based on this message. 171 Target node: 172 The node switching its parent whose routing adjacencies are 173 updated (created/removed). 175 1.2. Current NPDAO messaging 177 RPL uses NPDAO messaging in the storing mode so that the node 178 changing it routing adjacencies can invalidate the previous route. 179 This is needed so that nodes along the previous path can release any 180 resources (such as the routing entry) it maintains on behalf of 181 target node. 183 For the rest of this document consider the following topology: 185 (6LBR) 186 | 187 | 188 | 189 (A) 190 / \ 191 / \ 192 / \ 193 (G) (H) 194 | | 195 | | 196 | | 197 (B) (C) 198 \ ; 199 \ ; 200 \ ; 201 (D) 202 / \ 203 / \ 204 / \ 205 (E) (F) 207 Figure 1: Sample topology 209 Node (D) is connected via preferred parent (B). (D) has an alternate 210 path via (C) towards the 6LBR. Node (A) is the common ancestor for 211 (D) for paths through (B)-(G) and (C)-(H). When (D) switches from 212 (B) to (C), RPL allows sending NPDAO to (B) and regular DAO to (C). 214 1.3. Why NPDAO is important? 216 Nodes in LLNs may be resource constrained. There is limited memory 217 available and routing entry records are one of the primary elements 218 occupying dynamic memory in the nodes. Route invalidation helps 6LR 219 nodes to decide which entries could be discarded to better achieve 220 resource utilization. Thus it becomes necessary to have an efficient 221 route invalidation mechanism. Also note that a single parent switch 222 may result in a "sub-tree" switching from one parent to another. 223 Thus the route invalidation needs to be done on behalf of the sub- 224 tree and not the switching node alone. In the above example, when 225 Node (D) switches parent, the route updates needs to be done for the 226 routing tables entries of (C),(H),(A),(G), and (B) with destination 227 (D),(E) and (F). Without efficient route invalidation, a 6LR may 228 have to hold a lot of stale route entries. 230 2. Problems with current NPDAO messaging 232 2.1. Lost NPDAO due to link break to the previous parent 234 When a node switches its parent, the NPDAO is to be sent to its 235 previous parent and a regular DAO to its new parent. In cases where 236 the node switches its parent because of transient or permanent parent 237 link/node failure then the NPDAO message is bound to fail. 239 2.2. Invalidate routes of dependent nodes 241 RPL does not specify how route invalidation will work for dependent 242 nodes rooted at the switching node, resulting in stale routing 243 entries of the dependent nodes. The only way for 6LR to invalidate 244 the route entries for dependent nodes would be to use route lifetime 245 expiry which could be substantially high for LLNs. 247 In the example topology, when Node (D) switches its parent, Node (D) 248 generates an NPDAO on its behalf. There is no NPDAO generated by the 249 dependent child nodes (E) and (F), through the previous path via (D) 250 to (B) and (G), resulting in stale entries on nodes (B) and (G) for 251 nodes (E) and (F). 253 2.3. Possible route downtime caused by async operation of NPDAO and DAO 255 A switching node may generate both an NPDAO and DAO via two different 256 paths at almost the same time. There is a possibility that an NPDAO 257 generated may invalidate the previous route and the regular DAO sent 258 via the new path gets lost on the way. This may result in route 259 downtime impacting downward traffic for the switching node. 261 In the example topology, consider Node (D) switches from parent (B) 262 to (C). An NPDAO sent via the previous route may invalidate the 263 previous route whereas there is no way to determine whether the new 264 DAO has successfully updated the route entries on the new path. 266 3. Requirements for the NPDAO Optimization 268 3.1. Req#1: Remove messaging dependency on link to the previous parent 270 When the switching node sends the NPDAO message to the previous 271 parent, it is normal that the link to the previous parent is prone to 272 failure (that's why the node decided to switch). Therefore, it is 273 required that the route invalidation does not depend on the previous 274 link which is prone to failure. The previous link referred here 275 represents the link between the node and its previous parent (from 276 whom the node is now disassociating). 278 3.2. Req#2: Dependent nodes route invalidation on parent switching 280 It should be possible to do route invalidation for dependent nodes 281 rooted at the switching node. 283 3.3. Req#3: Route invalidation should not impact data traffic 285 While sending the NPDAO and DAO messages, it is possible that the 286 NPDAO successfully invalidates the previous path, while the newly 287 sent DAO gets lost (new path not set up successfully). This will 288 result in downstream unreachability to the node switching paths. 289 Therefore, it is desirable that the route invalidation is 290 synchronized with the DAO to avoid the risk of route downtime. 292 4. Changes to RPL signaling 294 4.1. Change in RPL route invalidation semantics 296 As described in Section 1.2, the NPDAO originates at the node 297 changing to a new parent and traverses upstream towards the root. In 298 order to solve the problems as mentioned in Section 2, the document 299 adds a new pro-active route invalidation message called "Destination 300 Cleanup Object" (DCO) that originates at a common ancestor node and 301 flows downstream between the new and old path. The common ancestor 302 node generates a DCO in response to the change in the next-hop on 303 receiving a regular DAO with updated Path Sequence for the target. 305 The 6LRs in the path for DCO take action such as route invalidation 306 based on the DCO information and subsequently send another DCO with 307 the same information downstream to the next hop. This operation is 308 similar to how the DAOs are handled on intermediate 6LRs in storing 309 MOP in [RFC6550]. Just like DAO in storing MOP, the DCO is sent 310 using link-local unicast source and destination IPv6 address. Unlike 311 DAO, which always travels upstream, the DCO always travels 312 downstream. 314 In Figure 1, when node D decides to switch the path from B to C, it 315 sends a regular DAO to node C with reachability information 316 containing target as address of D and an incremented Path Sequence. 317 Node C will update the routing table based on the reachability 318 information in the DAO and in turn generate another DAO with the same 319 reachability information and forward it to H. Node H also follows 320 the same procedure as Node C and forwards it to node A. When node A 321 receives the regular DAO, it finds that it already has a routing 322 table entry on behalf of the target address of node D. It finds 323 however that the next hop information for reaching node D has changed 324 i.e., node D has decided to change the paths. In this case, Node A 325 which is the common ancestor node for node D along the two paths 326 (previous and new), should generate a DCO which traverses downwards 327 in the network. 329 4.2. Transit Information Option changes 331 Every RPL message is divided into base message fields and additional 332 Options as described in Section 6 of [RFC6550]. The base fields 333 apply to the message as a whole and options are appended to add 334 message/use-case specific attributes. As an example, a DAO message 335 may be attributed by one or more "RPL Target" options which specify 336 the reachability information for the given targets. Similarly, a 337 Transit Information option may be associated with a set of RPL Target 338 options. 340 This document specifies a change in the Transit Information Option to 341 contain the "Invalidate previous route" (I) flag. This I-flag 342 signals the common ancestor node to generate a DCO on behalf of the 343 target node. The I-flag is carried in the Transit Information Option 344 which augments the reachability information for a given set of RPL 345 Target(s). Transit Information Option should be carried in the DAO 346 message with I-flag set in case route invalidation is sought for the 347 corresponding target(s). 349 0 1 2 3 350 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 | Type = 0x06 | Option Length |E|I| Flags | Path Control | 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 | Path Sequence | Path Lifetime | 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 Figure 2: Updated Transit Information Option (New I flag added) 359 I (Invalidate previous route) flag: The 'I' flag is set by the target 360 node to indicate to the common ancestor node that it wishes to 361 invalidate any previous route between the two paths. 363 [RFC6550] allows parent address to be sent in the Transit Information 364 Option depending on the mode of operation. In case of storing mode 365 of operation the field is usually not needed. In case of DCO, the 366 parent address field MUST not be included. 368 The common ancestor node SHOULD generate a DCO message in response to 369 this I-flag when it sees that the routing adjacencies have changed 370 for the target. I-flag governs the ownership of the DCO message in a 371 way that the target node is still in control of its own route 372 invalidation. 374 4.3. Destination Cleanup Object (DCO) 376 A new ICMPv6 RPL control message type is defined by this 377 specification called as "Destination Cleanup Object" (DCO), which is 378 used for proactive cleanup of state and routing information held on 379 behalf of the target node by 6LRs. The DCO message always traverses 380 downstream and cleans up route information and other state 381 information associated with the given target. 383 0 1 2 3 384 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 385 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 386 | RPLInstanceID |K|D| Flags | Reserved | DCOSequence | 387 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 388 | | 389 + + 390 | | 391 + DODAGID(optional) + 392 | | 393 + + 394 | | 395 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 396 | Option(s)... 397 +-+-+-+-+-+-+-+-+ 399 Figure 3: DCO base object 401 RPLInstanceID: 8-bit field indicating the topology instance 402 associated with the DODAG, as learned from the DIO. 404 K: The 'K' flag indicates that the recipient of DCO message is 405 expected to send a DCO-ACK back. If the DCO-ACK is not received even 406 after setting the 'K' flag, an implementation may retry the DCO at a 407 later time. The number of retries are implementation and deployment 408 dependent. A node receiving a DCO message without the 'K' flag set 409 MAY respond with a DCO-ACK, especially to report an error condition. 410 An example error condition could be that the node sending the DCO-ACK 411 does not find the routing entry for the indicated target. 413 D: The 'D' flag indicates that the DODAGID field is present. This 414 flag MUST be set when a local RPLInstanceID is used. 416 Flags: The 6 bits remaining unused in the Flags field are reserved 417 for future use. These bits MUST be initialized to zero by the sender 418 and MUST be ignored by the receiver. 420 Reserved: 8-bit unused field. The field MUST be initialized to zero 421 by the sender and MUST be ignored by the receiver. 423 DCOSequence: Incremented at each unique DCO message from a node and 424 echoed in the DCO-ACK message. The initial DCOSequence can be chosen 425 randomly by the node. 427 DODAGID (optional): 128-bit unsigned integer set by a DODAG root that 428 uniquely identifies a DODAG. This field MUST be present when the 'D' 429 flag is set. DODAGID is used when a local RPLInstanceID is in use, 430 in order to identify the DODAGID that is associated with the 431 RPLInstanceID. 433 4.3.1. Secure DCO 435 A Secure DCO message follows the format in [RFC6550] Figure 7, where 436 the base message format is the DCO message shown in Figure 3. 438 4.3.2. DCO Options 440 The DCO message MUST carry at least one RPL Target and the Transit 441 Information Option and MAY carry other valid options. This 442 specification allows for the DCO message to carry the following 443 options: 445 0x00 Pad1 446 0x01 PadN 447 0x05 RPL Target 448 0x06 Transit Information 449 0x09 RPL Target Descriptor 451 The DCO carries an RPL Target Option and an associated Transit 452 Information Option with a lifetime of 0x00000000 to indicate a loss 453 of reachability to that Target. 455 4.3.3. Path Sequence number in the DCO 457 A DCO message may contain a Path Sequence in the Transit Information 458 Option to identify the freshness of the DCO message. The Path 459 Sequence in the DCO MUST use the same Path Sequence number present in 460 the regular DAO message when the DCO is generated in response to a 461 DAO message. Thus if a DCO is received by a 6LR and subsequently a 462 DAO is received with an old seqeunce number, then the DAO MUST be 463 ignored. 465 4.3.4. Destination Cleanup Option Acknowledgment (DCO-ACK) 467 The DCO-ACK message SHOULD be sent as a unicast packet by a DCO 468 recipient in response to a unicast DCO message with 'K' flag set. If 469 'K' flag is not set then the receiver of the DCO message MAY send a 470 DCO-ACK to signal an error condition. 472 0 1 2 3 473 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 474 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 475 | RPLInstanceID |D| Reserved | DCOSequence | Status | 476 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 477 | | 478 + + 479 | | 480 + DODAGID(optional) + 481 | | 482 + + 483 | | 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 486 Figure 4: DCO-ACK base object 488 RPLInstanceID: 8-bit field indicating the topology instance 489 associated with the DODAG, as learned from the DIO. 491 D: The 'D' flag indicates that the DODAGID field is present. This 492 flag MUST be set when a local RPLInstanceID is used. 494 Reserved: 7-bit unused field. The field MUST be initialized to zero 495 by the sender and MUST be ignored by the receiver. 497 DCOSequence: The DCOSequence in DCO-ACK is copied from the 498 DCOSequence received in the DCO message. 500 Status: Indicates the completion. Status 0 is defined as unqualified 501 acceptance in this specification. Status 1 is defined as "No 502 routing-entry for the Target found". The remaining status values are 503 reserved as rejection codes. 505 DODAGID (optional): 128-bit unsigned integer set by a DODAG root that 506 uniquely identifies a DODAG. This field MUST be present when the 'D' 507 flag is set. DODAGID is used when a local RPLInstanceID is in use, 508 in order to identify the DODAGID that is associated with the 509 RPLInstanceID. 511 4.3.5. Secure DCO-ACK 513 A Secure DCO-ACK message follows the format in [RFC6550] Figure 7, 514 where the base message format is the DCO-ACK message shown in 515 Figure 4. 517 4.4. DCO Base Rules 519 1. If a node sends a DCO message with newer or different information 520 than the prior DCO message transmission, it MUST increment the 521 DCOSequence field by at least one. A DCO message transmission 522 that is identical to the prior DCO message transmission MAY 523 increment the DCOSequence field. 524 2. The RPLInstanceID and DODAGID fields of a DCO message MUST be the 525 same value as that of the DAO message in response to which the 526 DCO is generated on the common ancestor node. 527 3. A node MAY set the 'K' flag in a unicast DCO message to solicit a 528 unicast DCO-ACK in response in order to confirm the attempt. 529 4. A node receiving a unicast DCO message with the 'K' flag set 530 SHOULD respond with a DCO-ACK. A node receiving a DCO message 531 without the 'K' flag set MAY respond with a DCO-ACK, especially 532 to report an error condition. 533 5. A node receiving a unicast DCO message MUST verify the stored 534 Path Sequence in context to the given target. If the stored Path 535 Sequence is more fresh i.e., newer than the Path Sequence 536 received in the DCO, then the DCO MUST be dropped. 537 6. A node that sets the 'K' flag in a unicast DCO message but does 538 not receive DCO-ACK in response MAY reschedule the DCO message 539 transmission for another attempt, up until an implementation 540 specific number of retries. 541 7. A node receiving a unicast DCO message with its own address in 542 the RPL Target Option MUST strip-off that Target Option. If this 543 Target Option is the only one in the DCO message then the DCO 544 message MUST be dropped. 546 The scope of DCOSequence values is unique to each node. 548 4.5. Unsolicited DCO 550 A 6LR may generate an unsolicited DCO to unilaterally cleanup the 551 path on behalf of the target entry. The 6LR has all the state 552 information namely, the Target address and the Path Sequence, 553 required for generating DCO in its routing table. The conditions why 554 6LR may generate an unsolicited DCO is beyond the scope of this 555 document but some possible reasons could be: 557 1. On route expiry of an entry, a 6LR may decide to gracious cleanup 558 the entry by initiating DCO. 559 2. 6LR needs to entertain higher priority entries in case the 560 routing table is full thus resulting in an eviction of existing 561 routing entry. In this case the eviction can be handled 562 graciously using DCO. 564 Note that if the 6LR initiates a unilateral path cleanup using DCO 565 and if it has the latest state for the target then the DCO would 566 finally reach the target node. Thus the target node would be 567 informed of its invalidation. 569 4.6. Other considerations 571 4.6.1. Dependent Nodes invalidation 573 Current RPL [RFC6550] does not provide a mechanism for route 574 invalidation for dependent nodes. This document allows the dependent 575 nodes invalidation. Dependent nodes will generate their respective 576 DAOs to update their paths, and the previous route invalidation for 577 those nodes should work in the similar manner described for switching 578 node. The dependent node may set the I-flag in the Transit 579 Information Option as part of regular DAO so as to request 580 invalidation of previous route from the common ancestor node. 582 Dependent nodes do not have any indication regarding if any of its 583 parent nodes in turn have decided to switch their parent. Thus for 584 route invalidation the dependent nodes may choose to always set the 585 'I' flag in all its DAO message's Transit Information Option. Note 586 that setting the I-flag is not counter productive even if there is no 587 previous route to be invalidated. 589 4.6.2. NPDAO and DCO in the same network 591 Even with the changed semantics, the current NPDAO mechanism in 592 [RFC6550] can still be used, for example, when the route lifetime 593 expiry of the target happens or when the node simply decides to 594 gracefully terminate the RPL session on graceful node shutdown. 595 Moreover a deployment can have a mix of nodes supporting the DCO and 596 the existing NPDAO mechanism. It is also possible that the same node 597 supports both the NPDAO and DCO signaling. 599 Section 9.8 of [RFC6550] states, "When a node removes a node from its 600 DAO parent set, it SHOULD send a No-Path DAO message to that removed 601 DAO parent to invalidate the existing router". This document 602 introduces an alternate and more optimized way of route invalidation 603 but it also allows existing NPDAO messaging to work. Thus an 604 implementation has two choices to make when a route invalidation is 605 to be initiated: 607 1. Use NPDAO to invalidate the previous route and send regular DAO 608 on the new path. 609 2. Send regular DAO on the new path with the 'I' flag set in the 610 Transit Information Option such that the common ancestor node 611 initiates the DCO message downstream to invalidate the previous 612 route. 614 This document recommends using option 2 for reasons specified in 615 Section 3 in this document. 617 4.6.3. DCO with multiple preferred parents 619 [RFC6550] allows a node to select multiple preferred parents for 620 route establishment. Section 9.2.1 of [RFC6550] specifies, "All DAOs 621 generated at the same time for the same Target MUST be sent with the 622 same Path Sequence in the Transit Information". Subsequently when 623 route invalidation has to be initiated, RPL mentions use of NPDAO 624 which can be initiated with an updated Path Sequence to all the 625 parent nodes through which the route is to be invalidated. 627 With DCO, the Target node itself does not initiate the route 628 invalidation and it is left to the common ancestor node. A common 629 ancestor node when it discovers an updated DAO from a new next-hop, 630 it initiates a DCO. With multiple preferred parents, this handling 631 does not change. But in this case it is recommended that an 632 implementation initiates a DCO after a time period (DelayDCO) such 633 that the common ancestor node may receive updated DAOs from all 634 possible next-hops. This will help to reduce DCO control overhead 635 i.e., the common ancestor can wait for updated DAOs from all possible 636 directions before initiating a DCO for route invalidation. After 637 timeout, the DCO needs to be generated for all the next-hops for whom 638 the route invalidation needs to be done. 640 This documents recommends using a DelayDCO timer value of 1sec. This 641 value is inspired by the default DelayDAO value of 1sec in [RFC6550]. 642 Here the hypothesis is that the DAOs from all possible parent set 643 would be received on the common ancestor within this time period. 645 Note that there is no requirement of synchronization between DCO and 646 DAOs. The DelayDCO timer simply ensures that the DCO control 647 overhead can be reduced and is only needed when the network contains 648 nodes using multiple preferred parent. 650 5. Acknowledgments 652 Many thanks to Alvaro Retana, Cenk Gundogan, Simon Duquennoy, 653 Georgios Papadopoulous, Peter Van Der Stok for their review and 654 comments. Alvaro Retana helped shape this document's final version 655 with critical review comments. 657 6. IANA Considerations 659 IANA is requested to allocate new codes for the DCO and DCO-ACK 660 messages from the RPL Control Codes registry. 662 +------+---------------------------------------------+--------------+ 663 | Code | Description | Reference | 664 +------+---------------------------------------------+--------------+ 665 | TBD1 | Destination Cleanup Object | This | 666 | | | document | 667 | TBD2 | Destination Cleanup Object Acknowledgment | This | 668 | | | document | 669 | TBD3 | Secure Destination Cleanup Object | This | 670 | | | document | 671 | TBD4 | Secure Destination Cleanup Object | This | 672 | | Acknowledgment | document | 673 +------+---------------------------------------------+--------------+ 675 IANA is requested to allocate bit 1 from the Transit Information 676 Option Flags registry for the I-flag (Section 4.2) 678 6.1. New Registry for the Destination Cleanup Object (DCO) Flags 680 IANA is requested to create a registry for the 8-bit Destination 681 Cleanup Object (DCO) Flags field. This registry should be located in 682 existing category of "Routing Protocol for Low Power and Lossy 683 Networks (RPL)". 685 New bit numbers may be allocated only by an IETF Review. Each bit is 686 tracked with the following qualities: 688 o Bit number (counting from bit 0 as the most significant bit) 689 o Capability description 690 o Defining RFC 692 The following bits are currently defined: 694 +------------+------------------------------+---------------+ 695 | Bit number | Description | Reference | 696 +------------+------------------------------+---------------+ 697 | 0 | DCO-ACK request (K) | This document | 698 | 1 | DODAGID field is present (D) | This document | 699 +------------+------------------------------+---------------+ 701 DCO Base Flags 703 6.2. New Registry for the Destination Cleanup Object Acknowledgment 704 (DCO-ACK) Status field 706 IANA is requested to create a registry for the 8-bit Destination 707 Cleanup Object Acknowledgment (DCO-ACK) Status field. This registry 708 should be located in existing category of "Routing Protocol for Low 709 Power and Lossy Networks (RPL)". 711 New Status values may be allocated only by an IETF Review. Each 712 value is tracked with the following qualities: 714 o Status Code 715 o Description 716 o Defining RFC 718 The following bits are currently defined: 720 +------------+----------------------------------------+-------------+ 721 | Status | Description | Reference | 722 | Code | | | 723 +------------+----------------------------------------+-------------+ 724 | 0 | Unqualified acceptance | This | 725 | | | document | 726 | 1 | No routing-entry for the indicated | This | 727 | | Target found | document | 728 +------------+----------------------------------------+-------------+ 730 DCO Status Codes 732 6.3. New Registry for the Destination Cleanup Object (DCO) 733 Acknowledgment Flags 735 IANA is requested to create a registry for the 8-bit Destination 736 Cleanup Object (DCO) Acknowledgment Flags field. This registry 737 should be located in existing category of "Routing Protocol for Low 738 Power and Lossy Networks (RPL)". 740 New bit numbers may be allocated only by an IETF Review. Each bit is 741 tracked with the following qualities: 743 o Bit number (counting from bit 0 as the most significant bit) 744 o Capability description 745 o Defining RFC 747 The following bits are currently defined: 749 +------------+------------------------------+---------------+ 750 | Bit number | Description | Reference | 751 +------------+------------------------------+---------------+ 752 | 0 | DODAGID field is present (D) | This document | 753 +------------+------------------------------+---------------+ 755 DCO-ACK Base Flags 757 7. Security Considerations 759 This document introduces the ability for a common ancestor node to 760 invalidate a route on behalf of the target node. The common ancestor 761 node is directed to do so by the target node using the 'I' flag in 762 DCO's Transit Information Option. However, the common ancestor node 763 is in a position to unilaterally initiate the route invalidation 764 since it possesses all the required state information, namely, the 765 Target address and the corresponding Path Sequence. Thus a rogue 766 common ancestor node could initiate such an invalidation and impact 767 the traffic to the target node. 769 This document also introduces an I-flag which is set by the target 770 node and used by the ancestor node to initiate a DCO if the ancestor 771 nodes sees an update in the route adjacency. However, this flag 772 could be spoofed by a malicious 6LR in the path and can cause 773 invalidation of an existing active path. Note that invalidation will 774 happen only if the other conditions such as Path Sequence condition 775 is also met. Having said that a malicious 6LR may spoof a DAO on 776 behalf of the (sub) child with the I-flag set and can cause route 777 invalidation on behalf of the (sub) child node. 779 This document assumes that the security mechanisms as defined in 780 [RFC6550] are followed, which means that the common ancestor node and 781 all the 6LRs are part of the RPL network because they have the 782 required credentials. A non-secure RPL network needs to take into 783 consideration the risks highlighted in this section. 785 All RPL messages support a secure version of messages which allows 786 integrity protection using either a MAC or a signature. Optionally, 787 secured RPL messages also have encryption protection for 788 confidentiality. 790 The document adds new messages (DCO, DCO-ACK) which are syntactically 791 similar to existing RPL messages such as DAO, DAO-ACK. Secure 792 versions of DCO and DCO-ACK are added similar to other RPL messages 793 (such as DAO, DAO-ACK). 795 RPL supports three security modes as mentioned in Section 10.1 of 796 [RFC6550]: 798 1. Unsecured: In this mode, it is expected that the RPL control 799 messages are secured by other security mechanisms, such as link- 800 layer security. In this mode, the RPL control messages, 801 including DCO, DCO-ACK, do not have Security sections. Also note 802 that unsecured mode does not imply that all messages are sent 803 without any protection. 804 2. Preinstalled: In this mode, RPL uses secure messages. Thus 805 secure versions of DCO, DCO-ACK MUST be used in this mode. 806 3. Authenticated: In this mode, RPL uses secure messages. Thus 807 secure versions of DCO, DCO-ACK MUST be used in this mode. 809 8. Normative References 811 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 812 Requirement Levels", BCP 14, RFC 2119, 813 DOI 10.17487/RFC2119, March 1997, 814 . 816 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 817 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 818 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 819 Low-Power and Lossy Networks", RFC 6550, 820 DOI 10.17487/RFC6550, March 2012, 821 . 823 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 824 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 825 May 2017, . 827 Appendix A. Example Messaging 829 A.1. Example DCO Messaging 831 In Figure 1, node (D) switches its parent from (B) to (C). This 832 example assumes that Node D has already established its own route via 833 Node B-G-A-6LBR using pathseq=x. The example uses DAO and DCO 834 messaging convention and specifies only the required parameters to 835 explain the example namely, the parameter 'tgt', which stands for 836 Target Option and value of this parameter specifies the address of 837 the target node. The parameter 'pathseq', which specifies the Path 838 Sequence value carried in the Transit Information Option. The 839 parameter 'I_flag' specifies the 'I' flag in the Transit Information 840 Option. sequence of actions is as follows: 842 1. Node D switches its parent from node B to node C 843 2. D sends a regular DAO(tgt=D,pathseq=x+1,I_flag=1) in the updated 844 path to C 846 3. C checks for a routing entry on behalf of D, since it cannot find 847 an entry on behalf of D it creates a new routing entry and 848 forwards the reachability information of the target D to H in a 849 DAO(tgt=D,pathseq=x+1,I_flag=1). 850 4. Similar to C, node H checks for a routing entry on behalf of D, 851 cannot find an entry and hence creates a new routing entry and 852 forwards the reachability information of the target D to A in a 853 DAO(tgt=D,pathseq=x+1,I_flag=1). 854 5. Node A receives the DAO(tgt=D,pathseq=x+1,I_flag=1), and checks 855 for a routing entry on behalf of D. It finds a routing entry but 856 checks that the next hop for target D is different (i.e., Node 857 G). Node A checks the I_flag and generates 858 DCO(tgt=D,pathseq=x+1) to previous next hop for target D which is 859 G. Subsequently, Node A updates the routing entry and forwards 860 the reachability information of target D upstream 861 DAO(tgt=D,pathseq=x+1,I_flag=1). 862 6. Node G receives the DCO(tgt=D,pathseq=x+1). It checks if the 863 received path sequence is latest as compared to the stored path 864 sequence. If it is latest, Node G invalidates routing entry of 865 target D and forwards the (un)reachability information downstream 866 to B in DCO(tgt=D,pathseq=x+1). 867 7. Similarly, B processes the DCO(tgt=D,pathseq=x+1) by invalidating 868 the routing entry of target D and forwards the (un)reachability 869 information downstream to D. 870 8. D ignores the DCO(tgt=D,pathseq=x+1) since the target is itself. 871 9. The propagation of the DCO will stop at any node where the node 872 does not have an routing information associated with the target. 873 If the routing information is present and its Path Sequence is 874 higher, then still the DCO is dropped. 876 A.2. Example DCO Messaging with multiple preferred parents 877 (6LBR) 878 | 879 | 880 | 881 (N11) 882 / \ 883 / \ 884 / \ 885 (N21) (N22) 886 / / \ 887 / / \ 888 / / \ 889 (N31) (N32) (N33) 890 : | / 891 : | / 892 : | / 893 (N41) 895 Figure 5: Sample topology 2 897 In Figure 5, node (N41) selects multiple preferred parents (N32) and 898 (N33). The sequence of actions is as follows: 900 1. (N41) sends DAO(tgt=N41,PS=x,I_flag=1) to (N32) and (N33). Here 901 I_flag refers to the Invalidation flag and PS refers to Path 902 Sequence in Transit Information option. 903 2. (N32) sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N33) also 904 sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N22) learns 905 multiple routes for the same destination (N41) through multiple 906 next-hops. (N22) may receive the DAOs from (N32) and (N33) in 907 any order with the I_flag set. The implementation should use 908 the DelayDCO timer to wait to initiate the DCO. If (N22) 909 receives an updated DAO from all the paths then the DCO need not 910 be initiated in this case. Thus the route table at N22 should 911 contain (Dst,NextHop,PS): { (N41,N32,x), (N41,N33,x) }. 912 3. (N22) sends DAO(tgt=N41,PS=x,I_flag=1) to (N11). 913 4. (N11) sends DAO(tgt=N41,PS=x,I_flag=1) to (6LBR). Thus the 914 complete path is established. 915 5. (N41) decides to change preferred parent set from { N32, N33 } 916 to { N31, N32 }. 917 6. (N41) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N32). (N41) sends 918 DAO(tgt=N41,PS=x+1,I_flag=1) to (N31). 919 7. (N32) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N22). (N22) has 920 multiple routes to destination (N41). It sees that a new Path 921 Sequence for Target=N41 is received and thus it waits for pre- 922 determined time period (DelayDCO time period) to invalidate 923 another route {(N41),(N33),x}. After time period, (N22) sends 924 DCO(tgt=N41,PS=x+1) to (N33). Also (N22) sends the regular 925 DAO(tgt=N41,PS=x+1,I_flag=1) to (N11). 926 8. (N33) receives DCO(tgt=N41,PS=x+1). The received Path Sequence 927 is latest and thus it invalidates the entry associated with 928 target (N41). (N33) then sends the DCO(tgt=N41,PS=x+1) to 929 (N41). (N41) sees itself as the target and drops the DCO. 930 9. From Step 6 above, (N31) receives the 931 DAO(tgt=N41,PS=x+1,I_flag=1). It creates a routing entry and 932 sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N21). Similarly 933 (N21) receives the DAO and subsequently sends the 934 DAO(tgt=N41,PS=x+1,I_flag=1) to (N11). 935 10. (N11) receives DAO(tgt=N41,PS=x+1,I_flag=1) from (N21). It 936 waits for DelayDCO timer since it has multiple routes to (N41). 937 (N41) will receive DAO(tgt=N41,PS=x+1,I_flag=1) from (N22) from 938 Step 7 above. Thus (N11) has received regular 939 DAO(tgt=N41,PS=x+1,I_flag=1) from all paths and thus does not 940 initiate DCO. 941 11. (N11) forwards the DAO(tgt=N41,PS=x+1,I_flag=1) to 6LBR and the 942 full path is established. 944 Authors' Addresses 946 Rahul Arvind Jadhav (editor) 947 Huawei 948 Kundalahalli Village, Whitefield, 949 Bangalore, Karnataka 560037 950 India 952 Phone: +91-080-49160700 953 Email: rahul.ietf@gmail.com 955 Pascal Thubert 956 Cisco Systems, Inc 957 Building D 958 45 Allee des Ormes - BP1200 959 MOUGINS - Sophia Antipolis 06254 960 France 962 Phone: +33 497 23 26 34 963 Email: pthubert@cisco.com 964 Rabi Narayan Sahoo 965 Huawei 966 Kundalahalli Village, Whitefield, 967 Bangalore, Karnataka 560037 968 India 970 Phone: +91-080-49160700 971 Email: rabinarayans@huawei.com 973 Zhen Cao 974 Huawei 975 W Chang'an Ave 976 Beijing 977 P.R. China 979 Email: zhencao.ietf@gmail.com