idnits 2.17.1 draft-ietf-roll-unaware-leaves-24.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC8505, but the abstract doesn't seem to directly say this. It does mention RFC8505 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (9 December 2020) is 1232 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Informational RFC: RFC 7102 == Outdated reference: A later version (-44) exists of draft-ietf-roll-useofrplinfo-42 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL P. Thubert, Ed. 3 Internet-Draft Cisco Systems 4 Updates: 6550, 6775, 8505 (if approved) M. Richardson 5 Intended status: Standards Track Sandelman 6 Expires: 12 June 2021 9 December 2020 8 Routing for RPL Leaves 9 draft-ietf-roll-unaware-leaves-24 11 Abstract 13 This specification updates RFC6550, RFC6775, and RFC8505, to provide 14 routing services to RPL Unaware Leaves that implement 6LoWPAN ND and 15 the extensions therein. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on 12 June 2021. 34 Copyright Notice 36 Copyright (c) 2020 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 41 license-info) in effect on the date of publication of this document. 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. Code Components 44 extracted from this document must include Simplified BSD License text 45 as described in Section 4.e of the Trust Legal Provisions and are 46 provided without warranty as described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 52 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 5 53 2.2. Glossary . . . . . . . . . . . . . . . . . . . . . . . . 5 54 2.3. References . . . . . . . . . . . . . . . . . . . . . . . 6 55 3. RPL External Routes and Dataplane Artifacts . . . . . . . . . 7 56 4. 6LoWPAN Neighbor Discovery . . . . . . . . . . . . . . . . . 8 57 4.1. RFC 6775 Address Registration . . . . . . . . . . . . . . 8 58 4.2. RFC 8505 Extended Address Registration . . . . . . . . . 9 59 4.2.1. R Flag . . . . . . . . . . . . . . . . . . . . . . . 9 60 4.2.2. TID, "I" Field and Opaque Fields . . . . . . . . . . 10 61 4.2.3. ROVR . . . . . . . . . . . . . . . . . . . . . . . . 10 62 4.3. RFC 8505 Extended DAR/DAC . . . . . . . . . . . . . . . . 10 63 4.3.1. RFC 7400 Capability Indication Option . . . . . . . . 11 64 5. Requirements on the RPL-Unware Leaf . . . . . . . . . . . . . 12 65 5.1. Support of 6LoWPAN ND . . . . . . . . . . . . . . . . . . 12 66 5.2. Support of IPv6 Encapsulation . . . . . . . . . . . . . . 12 67 5.3. Support of the HbH Header . . . . . . . . . . . . . . . . 13 68 5.4. Support of the Routing Header . . . . . . . . . . . . . . 13 69 6. Enhancements to RFC 6550 . . . . . . . . . . . . . . . . . . 13 70 6.1. Updated RPL Target Option . . . . . . . . . . . . . . . . 14 71 6.2. New Flag in the RPL DODAG Configuration Option . . . . . 15 72 6.3. Updated RPL Status . . . . . . . . . . . . . . . . . . . 16 73 7. Enhancements to draft-ietf-roll-efficient-npdao . . . . . . . 17 74 8. Enhancements to RFC 6775 and RFC8505 . . . . . . . . . . . . 18 75 9. Protocol Operations for Unicast Addresses . . . . . . . . . . 18 76 9.1. General Flow . . . . . . . . . . . . . . . . . . . . . . 19 77 9.2. Detailed Operation . . . . . . . . . . . . . . . . . . . 21 78 9.2.1. Perspective of the 6LN Acting as RUL . . . . . . . . 22 79 9.2.2. Perspective of the 6LR Acting as Border Router . . . 23 80 9.2.3. Perspective of the RPL Root . . . . . . . . . . . . . 27 81 9.2.4. Perspective of the 6LBR . . . . . . . . . . . . . . . 28 82 10. Protocol Operations for Multicast Addresses . . . . . . . . . 28 83 11. Security Considerations . . . . . . . . . . . . . . . . . . . 31 84 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 85 12.1. Fixing the Address Registration Option Flags . . . . . . 32 86 12.2. Resizing the ARO Status values . . . . . . . . . . . . . 32 87 12.3. New RPL DODAG Configuration Option Flag . . . . . . . . 33 88 12.4. RPL Target Option Registry . . . . . . . . . . . . . . . 33 89 12.5. New Subregistry for RPL Non-Rejection Status values . . 33 90 12.6. New Subregistry for RPL Rejection Status values . . . . 34 91 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 34 92 14. Normative References . . . . . . . . . . . . . . . . . . . . 34 93 15. Informative References . . . . . . . . . . . . . . . . . . . 36 94 Appendix A. Example Compression . . . . . . . . . . . . . . . . 38 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 97 1. Introduction 99 The design of Low Power and Lossy Networks (LLNs) is generally 100 focused on saving energy, which is the most constrained resource of 101 all. Other design constraints, such as a limited memory capacity, 102 duty cycling of the LLN devices and low-power lossy transmissions, 103 derive from that primary concern. 105 The IETF produced the "Routing Protocol for Low Power and Lossy 106 Networks" [RFC6550] (RPL) to provide IPv6 [RFC8200] routing services 107 within such constraints. RPL belongs to the class of Distance-Vector 108 protocols, which, compared to link-state protocols, limit the amount 109 of topological knowledge that needs to be installed and maintained in 110 each node, and does not require convergence to avoid micro-loops. 112 To save signaling and routing state in constrained networks, RPL 113 allows a path stretch (see [RFC6687]), whereby routing is only 114 performed along a Destination-Oriented Directed Acyclic Graph (DODAG) 115 that is optimized to reach a Root node, as opposed to along the 116 shortest path between 2 peers, whatever that would mean in a given 117 LLN. This trades the quality of peer-to-peer (P2P) paths for a 118 vastly reduced amount of control traffic and routing state that would 119 be required to operate an any-to-any shortest path protocol. 120 Additionally, broken routes may be fixed lazily and on-demand, based 121 on dataplane inconsistency discovery, which avoids wasting energy in 122 the proactive repair of unused paths. 124 For many of the nodes, though not all, the DODAG provides multiple 125 forwarding solutions towards the Root of the topology via so-called 126 parents. RPL is designed to adapt to fuzzy connectivity, whereby the 127 physical topology cannot be expected to reach a stable state, with a 128 lazy control that creates the routes proactively, but may only fix 129 them reactively, upon actual traffic. The result is that RPL 130 provides reachability for most of the LLN nodes, most of the time, 131 but may not converge in the classical sense. 133 RPL can be deployed in conjunction with IPv6 Neighbor Discovery (ND) 134 [RFC4861] [RFC4862] and 6LoWPAN ND [RFC6775] [RFC8505] to maintain 135 reachability within a Non-Broadcast Multiple-Access (NBMA) Multi-Link 136 subnet. 138 In that mode, IPv6 addresses are advertised individually as Host 139 routes. Some nodes may act as Routers and participate in the 140 forwarding operations whereas others will only terminate packets, 141 acting as Hosts in the data-plane. In [RFC6550] terms, an IPv6 Host 142 [RFC8504] that is reachable over the RPL network is called a Leaf. 144 Section 2 of [USEofRPLinfo] defines the terms RPL Leaf, RPL-Aware- 145 Leaf (RAL) and RPL-Unaware Leaf (RUL). A RPL Leaf is a Host attached 146 to one or more RPL router(s); as such, it relies on the RPL router(s) 147 to forward its traffic across the RPL domain but does not forward 148 traffic from another node. As opposed to the RAL, the RUL does not 149 participate to RPL, and relies on its RPL router(s) also to inject 150 the routes to its IPv6 addresses in the RPL domain. 152 A RUL may be unable to participate because it is very energy- 153 constrained, code-space constrained, or because it would be unsafe to 154 let it inject routes in RPL. Using 6LoWPAN ND as opposed to RPL as 155 the Host-to-Router interface limits the surface of the possible 156 attacks by the RUL against the RPL domain, and can protect RUL for 157 its address ownership. 159 This document specifies how the Router injects the Host routes in the 160 RPL domain on behalf of the RUL. Section 5 details how the RUL can 161 leverage 6LoWPAN ND to obtain the routing services from the router. 162 In that model, the RUL is also a 6LoWPAN Node (6LN) and the RPL-Aware 163 router is also a 6LoWPAN Router (6LR). Using the 6LoWPAN ND Address 164 Registration mechanism, the RUL signals that the router must inject a 165 Host route for the Registered Address. 167 The RPL Non-Storing Mode mechanism is used to extend the routing 168 state with connectivity to the RULs even when the DODAG is operated 169 in Storing Mode. The unicast packet forwarding operation by the 6LR 170 serving a RUL is described in section 4.1 of [USEofRPLinfo]. 172 Examples of possible RULs include severely energy constrained sensors 173 such as window smash sensor (alarm system), and kinetically powered 174 light switches. Other applications of this specification may include 175 a smart grid network that controls appliances - such as washing 176 machines or the heating system - in the home. Appliances may not 177 participate to the RPL protocol operated in the Smartgrid network but 178 can still interact with the Smartgrid for control and/or metering. 180 This document is organized as follows: 182 * Section 3 and Section 4 present in a non-normative fashion the 183 salient aspects of RPL and 6LoWPAN ND, respectively, that are 184 leveraged in this specification to provide connectivity to a 6LN 185 acting as a RUL across a RPL network. 187 * Section 5 lists the expectations that a RUL needs to match in 188 order to be served by a RPL router that complies with this 189 specification. 191 * Section 6 presents the changes made to [RFC6550]; a new behavior 192 is introduced whereby the 6LR advertises the 6LN's addresses in a 193 RPL DAO message based on the ND registration by the 6LN, and the 194 RPL root performs the EDAR/EDAC exchange with the 6LBR on behalf 195 of the 6LR; modifications are introduced to some RPL options and 196 to the RPL Status to facilitate the integration of the protocols. 198 * Section 7 presents the changes made to [EFFICIENT-NPDAO]; the use 199 of the DCO message is extended to the Non-Storing MOP to report 200 asynchronous issues from the Root to the 6LR. 202 * Section 8 presents the changes made to [RFC6775] and [RFC8505]; 203 The range of the ND status codes is reduced down to 64 values, and 204 the remaining bits in the original status field are now reserved. 206 * Section 9 and Section 10 present the operation of this 207 specification for unicast and multicast flows, respectively, and 208 Section 11 presents associated security considerations. 210 2. Terminology 212 2.1. Requirements Language 214 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 215 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 216 "OPTIONAL" in this document are to be interpreted as described in BCP 217 14 [RFC2119] [RFC8174] when, and only when, they appear in all 218 capitals, as shown here. 220 2.2. Glossary 222 This document uses the following acronyms: 224 AR: Address Resolution (aka Address Lookup) 225 ARQ: Automatic Repeat reQuest 226 6CIO: 6LoWPAN Capability Indication Option 227 6LN: 6LoWPAN Node (a Low Power Host or Router) 228 6LR: 6LoWPAN Router 229 (E)ARO: (Extended) Address Registration Option 230 (E)DAR: (Extended) Duplicate Address Request 231 (E)DAC: (Extended) Duplicate Address Confirmation 232 DAD: Duplicate Address Detection 233 DAO: Destination Advertisement Object (a RPL message) 234 DCO: Destination Cleanup Object (a RPL message) 235 DIS: DODAG Information solicitation (a RPL message) 236 DIO: DODAG Information Object (a RPL message) 237 DODAG: Destination-Oriented Directed Acyclic Graph 238 LLN: Low-Power and Lossy Network 239 NA: Neighbor Advertisement 240 NCE: Neighbor Cache Entry 241 ND: Neighbor Discovery 242 NS: Neighbor solicitation 243 RA: Router Advertisement 244 ROVR: Registration Ownership Verifier 245 RPI: RPL Packet Information 246 RAL: RPL-Aware Leaf 247 RAN: RPL-Aware Node (either a RPL Router or a RPL-Aware Leaf) 248 RUL: RPL-Unaware Leaf 249 TID: Transaction ID (a sequence counter in the EARO) 251 2.3. References 253 The Terminology used in this document is consistent with and 254 incorporates that described in "Terms Used in Routing for Low-Power 255 and Lossy Networks (LLNs)" [RFC7102]. A glossary of classical 256 6LoWPAN acronyms is given in Section 2.2. Other terms in use in LLNs 257 are found in "Terminology for Constrained-Node Networks" [RFC7228]. 258 This specification uses the terms 6LN and 6LR to refer specifically 259 to nodes that implement the 6LN and 6LR roles in 6LoWPAN ND and does 260 not expect other functionality such as 6LoWPAN Header Compression 261 [RFC6282] from those nodes. 263 "RPL", the "RPL Packet Information" (RPI), "RPL Instance" (indexed by 264 a RPLInstanceID) are defined in "RPL: IPv6 Routing Protocol for 265 Low-Power and Lossy Networks" [RFC6550]. The RPI is the abstract 266 information that RPL defines to be placed in data packets, e.g., as 267 the RPL Option [RFC6553] within the IPv6 Hop-By-Hop Header. By 268 extension, the term "RPI" is often used to refer to the RPL Option 269 itself. The DODAG Information solicitation (DIS), Destination 270 Advertisement Object (DAO) and DODAG Information Object (DIO) 271 messages are also specified in [RFC6550]. The Destination Cleanup 272 Object (DCO) message is defined in [EFFICIENT-NPDAO]. 274 This document uses the terms RPL-Unaware Leaf (RUL) and RPL Aware 275 Leaf (RAL) consistently with [USEofRPLinfo]. The term RPL-Aware Node 276 (RAN) is introduced to refer to a node that is either an RAL or a RPL 277 Router. As opposed to a RUL, a RAN manages the reachability of its 278 addresses and prefixes by injecting them in RPL by itself. 280 In this document, readers will encounter terms and concepts that are 281 discussed in the following documents: 283 Classical IPv6 ND: "Neighbor Discovery for IP version 6" [RFC4861] 284 and "IPv6 Stateless Address Autoconfiguration" [RFC4862], 286 6LoWPAN: "Problem Statement and Requirements for IPv6 over Low-Power 287 Wireless Personal Area Network (6LoWPAN) Routing" [RFC6606] and 288 "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 289 Overview, Assumptions, Problem Statement, and Goals" [RFC4919], 290 and 292 6LoWPAN ND: Neighbor Discovery Optimization for Low-Power and Lossy 293 Networks [RFC6775], "Registration Extensions for 6LoWPAN Neighbor 294 Discovery" [RFC8505], and "Address Protected Neighbor Discovery 295 for Low-power and Lossy Networks" [RFC8928]. 297 3. RPL External Routes and Dataplane Artifacts 299 Section 4.1 of [USEofRPLinfo] provides a set of rules detailed below 300 that must be followed for routing packets from and to a RUL. 302 A 6LR that acts as a border Router for external routes advertises 303 them using Non-Storing Mode DAO messages that are unicast directly to 304 the Root, even if the DODAG is operated in Storing Mode. Non-Storing 305 Mode routes are not visible inside the RPL domain and all packets are 306 routed via the Root. The RPL Root tunnels the packets directly to 307 the 6LR that advertised the external route, which decapsulates and 308 forwards the original (inner) packet. 310 The RPL Non-Storing MOP signaling and the associated IP-in-IP 311 encapsulated packets appear as normal traffic to the intermediate 312 Routers. The support of external routes only impacts the Root and 313 the 6LR. It can be operated with legacy intermediate Routers and 314 does not add to the amount of state that must be maintained in those 315 Routers. A RUL is an example of a destination that is reachable via 316 an external route that happens to be also a Host route. 318 The RPL data packets always carry a Hop-by-Hop Header to transport a 319 RPL Packet Information (RPI) [RFC6550]. So unless the RUL originates 320 its packets with an RPI, the 6LR needs to tunnel them to the Root to 321 add the RPI. As a rule of a thumb and except for the very special 322 case above, the packets from and to a RUL are always encapsulated 323 using an IP-in-IP tunnel between the Root and the 6LR that serves the 324 RUL (see sections 7 and 8 of [USEofRPLinfo] for details). If the 325 packet from the RUL has an RPI, the 6LR as a RPL border router SHOULD 326 rewrite the RPI to indicate the selected Instance and set the flags, 327 but it does not need to encapsulate the packet. 329 In Non-Storing Mode, packets going down carry a Source Routing Header 330 (SRH). The IP-in-IP encapsulation, the RPI and the SRH are 331 collectively called the "RPL artifacts" and can be compressed using 332 [RFC8138]. Appendix A presents an example compressed format for a 333 packet forwarded by the Root to a RUL in a Storing Mode DODAG. 335 The inner packet that is forwarded to the RUL may carry some RPL 336 artifacts, e.g., an RPI if the original packet was generated with it, 337 and an SRH in a Non-Storing Mode DODAG. [USEofRPLinfo] expects the 338 RUL to support the basic "IPv6 Node Requirements" [RFC8504]. In 339 particular the RUL is expected to ignore the RPL artifacts that are 340 either consumed or not applicable to a Host. 342 A RUL is not expected to support the compression method defined in 343 [RFC8138]. For that reason, the border router uncompresses the 344 packet before forwarding over an external route to a RUL 345 [USEofRPLinfo]. 347 4. 6LoWPAN Neighbor Discovery 349 This section goes through the 6LoWPAN ND mechanisms that this 350 specification leverages, as a non-normative reference to the reader. 351 The full normative text is to be found in [RFC6775], [RFC8505], and 352 [RFC8928]. 354 4.1. RFC 6775 Address Registration 356 The classical "IPv6 Neighbor Discovery (IPv6 ND) Protocol" [RFC4861] 357 [RFC4862] was defined for serial links and transit media such as 358 Ethernet. It is a reactive protocol that relies heavily on multicast 359 operations for Address Discovery (aka Lookup) and Duplicate Address 360 Detection (DAD). 362 "Neighbor Discovery Optimizations for 6LoWPAN networks" [RFC6775] 363 adapts IPv6 ND for operations over energy-constrained LLNs. The main 364 functions of [RFC6775] are to proactively establish the Neighbor 365 Cache Entry (NCE) in the 6LR and to prevent address duplication. To 366 that effect, [RFC6775] introduces a new unicast Address Registration 367 mechanism that contributes to reducing the use of multicast messages 368 compared to the classical IPv6 ND protocol. 370 [RFC6775] defines a new Address Registration Option (ARO) that is 371 carried in the unicast Neighbor solicitation (NS) and Neighbor 372 Advertisement (NA) messages between the 6LoWPAN Node (6LN) and the 373 6LoWPAN Router (6LR). It also defines the Duplicate Address Request 374 (DAR) and Duplicate Address Confirmation (DAC) messages between the 375 6LR and the 6LoWPAN Border Router (6LBR). In an LLN, the 6LBR is the 376 central repository of all the Registered Addresses in its domain and 377 the source of truth for uniqueness and ownership. 379 4.2. RFC 8505 Extended Address Registration 381 "Registration Extensions for 6LoWPAN Neighbor Discovery" [RFC8505] 382 updates the behavior of RFC 6775 to enable a generic Address 383 Registration to services such as routing and ND proxy, and defines 384 the Extended Address Registration Option (EARO) as shown in Figure 1: 386 0 1 2 3 387 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 | Type | Length | Status | Opaque | 390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 391 | Rsvd | I |R|T| TID | Registration Lifetime | 392 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 393 | | 394 ... Registration Ownership Verifier ... 395 | | 396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 398 Figure 1: EARO Option Format 400 4.2.1. R Flag 402 [RFC8505] introduces the R Flag in the EARO. The Registering Node 403 sets the R Flag to indicate whether the 6LR should ensure 404 reachability for the Registered Address. If the R Flag is set to 0, 405 then the Registering Node handles the reachability of the Registered 406 Address by other means. In a RPL network, this means that either it 407 is a RAN that injects the route by itself or that it uses another RPL 408 Router for reachability services. 410 This document specifies how the R Flag is used in the context of RPL. 411 A RPL Leaf that implements the 6LN functionality in [RFC8505] 412 requires reachability services for an IPv6 address if and only if it 413 sets the R Flag in the NS(EARO) used to register the address to a 6LR 414 acting as a RPL border Router. Upon receiving the NS(EARO), the RPL 415 Router generates a DAO message for the Registered Address if and only 416 if the R flag is set to 1. 418 Section 9.2 specifies additional operations when R flag is set to 1 419 in an EARO that is placed either in an NS or an NA message. 421 4.2.2. TID, "I" Field and Opaque Fields 423 When the T Flag is set to 1, the EARO includes a sequence counter 424 called Transaction ID (TID), that is needed to fill the Path Sequence 425 Field in the RPL Transit Option. This is the reason why the support 426 of [RFC8505] by the RUL, as opposed to only [RFC6775] is a 427 prerequisite for this specification (more in Section 5.1). The EARO 428 also transports an Opaque field and an associated "I" field that 429 describes what the Opaque field transports and how to use it. 431 Section 9.2.1 specifies the use of the "I" field and the Opaque field 432 by a RUL. 434 4.2.3. ROVR 436 Section 5.3 of [RFC8505] introduces the Registration Ownership 437 Verifier (ROVR) field of variable length from 64 to 256 bits. The 438 ROVR is a replacement of the EUI-64 in the ARO [RFC6775] that was 439 used to identify uniquely an Address Registration with the Link-Layer 440 address of the owner but provided no protection against spoofing. 442 "Address Protected Neighbor Discovery for Low-power and Lossy 443 Networks" [RFC8928] leverages the ROVR field as a cryptographic proof 444 of ownership to prevent a rogue third party from registering an 445 address that is already owned. The use of ROVR field enable the 6LR 446 to block traffic that is not sourced at an owned address. 448 This specification does not address how the protection by [RFC8928] 449 could be extended for use in RPL. On the other hand, it adds the 450 ROVR to the DAO to build the proxied EDAR at the Root (see 451 Section 6.1), which means that nodes that are aware of the Host route 452 are also aware of the ROVR associated to the Target Address. 454 4.3. RFC 8505 Extended DAR/DAC 456 [RFC8505] updates the DAR/DAC messages into the Extended DAR/DAC to 457 carry the ROVR field. The EDAR/EDAC exchange takes place between the 458 6LR and the 6LBR. It is triggered by an NS(EARO) message from a 6LN 459 to create, refresh, and delete the corresponding state in the 6LBR. 460 The exchange is protected by the retry mechanism (ARQ) specified in 461 8.2.6 of [RFC6775], though in an LLN, a duration longer than the 462 RETRANS_TIMER [RFC4861] of 1 second may be necessary to cover the 463 Turn Around Trip delay between the 6LR and the 6LBR. 465 RPL [RFC6550] specifies a periodic DAO from the 6LN all the way to 466 the Root that maintains the routing state in the RPL network for the 467 lifetime indicated by the source of the DAO. This means that for 468 each address, there are two keep-alive messages that traverse the 469 whole network, one to the Root and one to the 6LBR. 471 This specification avoids the periodic EDAR/EDAC exchange across the 472 LLN. The 6LR turns the periodic NS(EARO) from the RUL into a DAO 473 message to the Root on every refresh, but it only generates the EDAR 474 upon the first registration, for the purpose of DAD, which must be 475 verified before the address is injected in RPL. Upon the DAO 476 message, the Root proxies the EDAR exchange to refresh the state at 477 the 6LBR on behalf of the 6LR, as illustrated in Figure 7. 479 4.3.1. RFC 7400 Capability Indication Option 481 "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power 482 Wireless Personal Area Networks (6LoWPANs)" [RFC7400] defines the 483 6LoWPAN Capability Indication Option (6CIO) that enables a node to 484 expose its capabilities in Router Advertisement (RA) messages. 486 [RFC8505] defines a number of bits in the 6CIO, in particular: 488 L: Node is a 6LR. 489 E: Node is an IPv6 ND Registrar -- i.e., it supports registrations 490 based on EARO. 491 P: Node is a Routing Registrar, -- i.e., an IPv6 ND Registrar that 492 also provides reachability services for the Registered Address. 494 0 1 2 3 495 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 496 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 497 | Type | Length = 1 | Reserved |D|L|B|P|E|G| 498 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 499 | Reserved | 500 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 502 Figure 2: 6CIO flags 504 A 6LR that provides reachability services for a RUL in a RPL network 505 as specified in this document includes a 6CIO in its RA messages and 506 set the L, P and E flags to 1 as prescribed by [RFC8505], more in 507 Section 9.2. 509 5. Requirements on the RPL-Unware Leaf 511 This document provides RPL routing for a RUL. This section describes 512 the minimal RPL-independent functionality that the RUL needs to 513 implement to obtain routing services for its addresses. 515 5.1. Support of 6LoWPAN ND 517 To obtain routing services from a Router that implements this 518 specification, a RUL needs to implement [RFC8505] and set the "R" and 519 "T" flags in the EARO to 1 as discussed in Section 4.2.1 and 520 Section 4.2.3, respectively. Section 9.2.1 specifies new behaviors 521 for the RUL, e.g., when the R Flag set to 1 in a NS(EARO) is not 522 echoed in the NA(EARO), which indicates that the route injection 523 failed. 525 The RUL is expected to request routing services from a Router only if 526 that router originates RA messages with a CIO that has the L, P, and 527 E flags all set to 1 as discussed in Section 4.3.1, unless configured 528 to do so. It is suggested that the RUL also implements [RFC8928] to 529 protect the ownership of its addresses. 531 A RUL that may attach to multiple 6LRs is expected to prefer those 532 that provide routing services. The RUL needs to register to all the 533 6LRs from which it desires routing services. 535 Parallel Address Registrations to several 6LRs should be performed in 536 a rapid sequence, using the same EARO for the same Address. Gaps 537 between the Address Registrations will invalidate some of the routes 538 till the Address Registration finally shows on those routes. 540 [RFC8505] introduces error Status values in the NA(EARO) which can be 541 received synchronously upon an NS(EARO) or asynchronously. The RUL 542 needs to support both cases and refrain from using the address when 543 the Status value indicates a rejection (see Section 6.3). 545 5.2. Support of IPv6 Encapsulation 547 Section 2.1 of [USEofRPLinfo] defines the rules for tunneling either 548 to the final destination (e.g., a RUL) or to its attachment Router 549 (designated as 6LR). In order to terminate the IP-in-IP tunnel, the 550 RUL, as an IPv6 Host, would have to be capable of decapsulating the 551 tunneled packet and either drop the encapsulated packet if it is not 552 the final destination, or pass it to the upper layer for further 553 processing. As indicated in section 4.1 of [USEofRPLinfo], this is 554 not mandated by [RFC8504], so the Root typically terminates the IP- 555 in-IP tunnel at the parent 6LR. It is thus not necessary for a RUL 556 to support IP-in-IP decapsulation. 558 5.3. Support of the HbH Header 560 A RUL is expected to process an Option Type in a Hop-by-Hop Header as 561 prescribed by section 4.2 of [RFC8200]. An RPI with an Option Type 562 of 0x23 [USEofRPLinfo] is thus skipped when not recognized. 564 5.4. Support of the Routing Header 566 A RUL is expected to process an unknown Routing Header Type as 567 prescribed by section 4.4 of [RFC8200]. This implies that the Source 568 Routing Header with a Routing Type of 3 [RFC6554] is ignored when the 569 Segments Left is zero, and the packet is dropped otherwise. 571 6. Enhancements to RFC 6550 573 This document specifies a new behavior whereby a 6LR injects DAO 574 messages for unicast addresses (see Section 9) and multicast 575 addresses (see Section 10) on behalf of leaves that are not aware of 576 RPL. The RUL addresses are exposed as external targets [RFC6550]. 577 Conforming to [USEofRPLinfo], an IP-in-IP encapsulation between the 578 6LR and the RPL Root is used to carry the RPL artifacts and remove 579 them when forwarding outside the RPL domain, e.g., to a RUL. 581 This document also synchronizes the liveness monitoring at the Root 582 and the 6LBR. The same value of lifetime is used for both, and a 583 single keep-alive message, the RPL DAO, traverses the RPL network. A 584 new behavior is introduced whereby the RPL Root proxies the EDAR 585 message to the 6LBR on behalf of the 6LR (more in Section 8), for any 586 Leaf node that implements the 6LN functionality in [RFC8505]. 588 Section 6.7.7 of [RFC6550] introduces the RPL Target Option, which 589 can be used in RPL Control messages such as the DAO message to signal 590 a destination prefix. This document adds the capabilities to 591 transport the ROVR field (see Section 4.2.3) and the IPv6 Address of 592 the prefix advertiser when the Target is a shorter prefix. Their use 593 is signaled respectively by a new ROVR Size field being non-zero and 594 a new "Advertiser address in Full" 'F' flag set to 1, more in 595 Section 6.1. 597 This specification defines the new "Root Proxies EDAR/EDAC" (P) flag 598 and encodes it in one of these reserved flags of the RPL DODAG 599 Configuration option, more in Section 6.2. 601 The RPL Status defined in section 6.5.1 of [RFC6550] for use in the 602 DAO-ACK message is extended to be placed in DCO messages 603 [EFFICIENT-NPDAO] as well. Furthermore, this specification enables 604 to carry the EARO Status defined for 6LoWPAN ND in RPL DAO and DCO 605 messages, embedded in a RPL Status, more in Section 6.3. 607 Section 12 of [RFC6550] details the RPL support for multicast flows 608 when the RPLInstance is operated in the MOP of 3 ("Storing Mode of 609 Operation with multicast support"). This specification extends the 610 RPL Root operation to proxy-relay the MLDv2 [RFC3810] operation 611 between the RUL and the 6LR, more in Section 10. 613 6.1. Updated RPL Target Option 615 This specification updates the RPL Target Option to transport the 616 ROVR that was also defined for 6LoWPAN ND messages. This enables the 617 RPL Root to generate the proxied EDAR message to the 6LBR. 619 The new 'F' flag is set to 1 to indicate that the Target Prefix field 620 contains the IPv6 address of the advertising node, in which case the 621 length of the Target Prefix field is 128 bits regardless of the value 622 of the Prefix Length field. If the 'F' flag is set to 0, the Target 623 Prefix field MUST be aligned to the next byte boundary after the size 624 (expressed in bits) indicated by the Prefix Length field. Padding 625 bits are reserved and set to 0 per section 6.7.7 of [RFC6550]. 627 With this specification the ROVR is the remainder of the RPL Target 628 Option. The size of the ROVR is indicated in a new ROVR Size field 629 that is encoded to map one-to-one with the Code Suffix in the EDAR 630 message (see table 4 of [RFC8505]). The ROVR Size field is taken 631 from the flags field, which is an update to the RPL Target Option 632 Flags IANA registry. 634 The updated format is illustrated in Figure 3. It is backward 635 compatible with the Target Option in [RFC6550]. It is recommended 636 that the updated format be used as a replacement in new 637 implementations in all MOPs in preparation for upcoming Route 638 Ownership Validation mechanisms based on the ROVR, unless the device 639 or the network is so constrained that this is not feasible. 641 0 1 2 3 642 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 643 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 644 | Type = 0x05 | Option Length |ROVRsz |F|Flags| Prefix Length | 645 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 646 | | 647 | Target Prefix (Variable Length) | 648 . . 649 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 650 | | 651 ... Registration Ownership Verifier (ROVR) ... 652 | | 653 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 654 Figure 3: Updated Target Option 656 New fields: 658 ROVRsz (ROVR Size): Indicates the Size of the ROVR. It SHOULD be 1, 659 2, 3, or 4, indicating a ROVR size of 64, 128, 192, or 256 bits, 660 respectively. If a legacy Target Option is used, then the value 661 must remain 0, as specified in [RFC6550]. In case of a value 662 above 4, the size of the ROVR is undetermined and this node cannot 663 validate the ROVR; an implementation SHOULD propagate the whole 664 Target Option upwards as received to enable the verification by an 665 ancestor that would support the upgraded ROVR. 667 F: 1-bit flag. Set to 1 to indicate that Target Prefix field 668 contains the complete (128 bit) IPv6 address of the advertising 669 node. 671 Flags: The 4 bits remaining unused in the Flags field are reserved 672 for flags. The field MUST be initialized to zero by the sender 673 and MUST be ignored by the receiver. 675 Registration Ownership Verifier (ROVR): This is the same field as in 676 the EARO, see [RFC8505] 678 6.2. New Flag in the RPL DODAG Configuration Option 680 The DODAG Configuration Option is defined in Section 6.7.6 of 681 [RFC6550]. Its purpose is extended to distribute configuration 682 information affecting the construction and maintenance of the DODAG, 683 as well as operational parameters for RPL on the DODAG, through the 684 DODAG. This Option was originally designed with 4 bit positions 685 reserved for future use as Flags. 687 0 1 2 3 688 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 689 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 690 | Type = 0x04 |Opt Length = 14| |P| | |A| ... | 691 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 692 |4 bits | 694 Figure 4: DODAG Configuration Option (Partial View) 696 This specification defines a new flag "Root Proxies EDAR/EDAC" (P). 697 The 'P' flag is encoded in bit position 1 of the reserved Flags in 698 the DODAG Configuration Option (counting from bit 0 as the most 699 significant bit) and it is set to 0 in legacy implementations as 700 specified respectively in Sections 20.14 and 6.7.6 of [RFC6550]. 702 The 'P' flag is set to 1 to indicate that the Root performs the proxy 703 operation, which implies that it supports this specification and the 704 updated RPL Target Option (see Section 6.1). 706 Section 4.3 of [USEofRPLinfo] updates [RFC6550] to indicate that the 707 definition of the Flags applies to Mode of Operation (MOP) values 708 zero (0) to six (6) only. For a MOP value of 7, the implementation 709 MUST consider that the Root performs the proxy operation. 711 The RPL DODAG Configuration Option is typically placed in a DODAG 712 Information Object (DIO) message. The DIO message propagates down 713 the DODAG to form and then maintain its structure. The DODAG 714 Configuration Option is copied unmodified from parents to children. 715 [RFC6550] states that "Nodes other than the DODAG Root MUST NOT 716 modify this information when propagating the DODAG Configuration 717 option". Therefore, a legacy parent propagates the 'P' Flag as set 718 to 1 by the Root, and when the 'P' Flag is set to 1, it is 719 transparently flooded to all the nodes in the DODAG. 721 6.3. Updated RPL Status 723 The RPL Status is defined in section 6.5.1 of [RFC6550] for use in 724 the DAO-ACK message and values are assigned as follows: 726 +---------+--------------------------------+ 727 | Range | Meaning | 728 +---------+--------------------------------+ 729 | 0 | Success/Unqualified acceptance | 730 +---------+--------------------------------+ 731 | 1-127 | Not an outright rejection | 732 +---------+--------------------------------+ 733 | 128-255 | Rejection | 734 +---------+--------------------------------+ 736 Table 1: RPL Status per RFC 6550 738 The 6LoWPAN ND Status was defined for use in the EARO, see section 739 4.1 of [RFC8505]. This specification enables to carry the 6LoWPAN ND 740 Status values in RPL DAO and DCO messages, embedded in the RPL Status 741 field. 743 To achieve this, the range of the ARO/EARO Status values is reduced 744 to 0-63, which updates the IANA registry created for [RFC6775]. This 745 reduction ensures that the values fit within a RPL Status as shown in 746 Figure 5. See Section 12.2, Section 12.5, and Section 12.6 for the 747 respective IANA declarations. 749 0 1 2 3 4 5 6 7 750 +-+-+-+-+-+-+-+-+ 751 |E|A|StatusValue| 752 +-+-+-+-+-+-+-+-+ 754 Figure 5: RPL Status Format 756 This specification updates the RPL Status with subfields as indicated 757 below: 759 E: 1-bit flag. set to 1 to indicate a rejection. When set to 0, a 760 Status value of 0 indicates Success/Unqualified acceptance and 761 other values indicate "not an outright rejection" as per RFC 6550. 763 A: 1-bit flag. Indicates the type of the RPL Status value. 765 Status Value: 6-bit unsigned integer. If the 'A' flag is set to 1 766 this field transports a Status value defined for IPv6 ND EARO. 767 When the 'A' flag is set to 0, the Status value is defined for 768 RPL. 770 When building a DCO or a DAO-ACK message upon an IPv6 ND NA or a EDAC 771 message, the RPL Root MUST copy the 6LoWPAN ND status code unchanged 772 in the RPL Status value and set the 'A' flag to 1. The RPL Root MUST 773 set the 'E' flag to 1 for all rejection and unknown status codes. 774 The status codes in the 1-10 range [RFC8505] are all considered 775 rejections. 777 Reciprocally, upon a DCO or a DAO-ACK message from the RPL Root with 778 a RPL Status that has the 'A' flag set, the 6LR MUST copy the RPL 779 Status value unchanged in the Status field of the EARO when 780 generating an NA to the RUL. 782 7. Enhancements to draft-ietf-roll-efficient-npdao 784 [EFFICIENT-NPDAO] defines the DCO message for RPL Storing Mode only, 785 with a link-local scope. All nodes in the RPL network are expected 786 to support the specification since the message is processed hop by 787 hop along the path that is being cleaned up. 789 This specification extends the use of the DCO message to the Non- 790 Storing MOP, whereby the DCO is sent end-to-end by the Root directly 791 to the RAN that injected the DAO message for the considered target. 792 In that case, intermediate nodes do not need to support 793 [EFFICIENT-NPDAO]; they forward the DCO message as a plain IPv6 794 packet between the Root and the RAN. 796 In the case of a RUL, the 6LR that serves the RUL acts as the RAN 797 that receives the Non-Storing DCO. This specification leverages the 798 Non-Storing DCO between the Root and the 6LR that serves as 799 attachment Router for a RUL. A 6LR and a Root that support this 800 specification MUST implement the Non-Storing DCO. 802 8. Enhancements to RFC 6775 and RFC8505 804 This document updates [RFC6775] and [RFC8505] to reduce the range of 805 the ND status codes down to 64 values. The two most significant 806 (leftmost) bits if the original ND status field are now reserved, 807 they MUST be set to zero by the sender and ignored by the receiver. 809 This document also changes the behavior of a 6LR acting as RPL Router 810 and of a 6LN acting as RUL in the 6LoWPAN ND Address Registration as 811 follows: 813 * If the RPL Root advertises the capability to proxy the EDAR/EDAC 814 exchange to the 6LBR, the 6LR refrains from sending the keep-alive 815 EDAR message. If it is separated from the 6LBR, the Root 816 regenerates the EDAR message to the 6LBR periodically, upon a DAO 817 message that signals the liveliness of the address. 819 * The use of the R Flag is extended to the NA(EARO) to confirm 820 whether the route was installed. 822 9. Protocol Operations for Unicast Addresses 824 The description below assumes that the Root sets the 'P' flag in the 825 DODAG Configuration Option and performs the EDAR proxy operation. 827 If the 'P' flag is set to 0, the 6LR MUST generate the periodic EDAR 828 messages and process the returned status as specified in [RFC8505]. 829 If the EDAC indicates success, the rest of the flow takes place as 830 presented but without the proxied EDAR/EDAC exchange. 832 Section 9.1 provides an overview of the route injection in RPL, 833 whereas Section 9.2 offers more details from the perspective of the 834 different nodes involved in the flow. 836 9.1. General Flow 838 This specification eliminates the need to exchange keep-alive 839 Extended Duplicate Address messages, EDAR and EDAC, all the way from 840 a 6LN to the 6LBR across a RPL mesh. Instead, the EDAR/EDAC exchange 841 with the 6LBR is proxied by the RPL Root upon the DAO message that 842 refreshes the RPL routing state. The first EDAR upon a new 843 Registration cannot be proxied, though, as it serves for the purpose 844 of DAD, which must be verified before the address is injected in RPL. 846 In a RPL network where the function is enabled, refreshing the state 847 in the 6LBR is the responsibility of the Root. Consequently, only 848 addresses that are injected in RPL will be kept alive at the 6LBR by 849 the RPL Root. Since RULs are advertised using Non-Storing Mode, the 850 DAO message flow and the keep alive EDAR/EDAC can be nested within 851 the Address (re)Registration flow. Figure 6 illustrates that, for 852 the first Registration, both the DAD and the keep-alive EDAR/EDAC 853 exchanges happen in the same sequence. 855 6LN/RUL 6LR <6LR*> Root 6LBR 856 | | | | 857 |<------ND------>|<----RPL----->|<-------ND-------->| 858 | |<----------------ND-------------->| 859 | | | | 860 | NS(EARO) | | | 861 |--------------->| | 862 | | Extended DAR | 863 | |--------------------------------->| 864 | | | 865 | | Extended DAC | 866 | |<---------------------------------| 867 | | DAO | | 868 | |------------->| | 869 | | | EDAR | 870 | | |------------------>| 871 | | | EDAC | 872 | | |<------------------| 873 | | DAO-ACK | | 874 | |<-------------| | 875 | NA(EARO) | | | 876 |<---------------| | | 877 | | | | 879 Figure 6: First RUL Registration Flow 881 This flow requires that the lifetimes and sequence counters in 882 6LoWPAN ND and RPL are aligned. 884 To achieve this, the Path Sequence and the Path Lifetime in the DAO 885 message are taken from the Transaction ID and the Address 886 Registration lifetime in the NS(EARO) message from the 6LN. 888 On the first Address Registration, illustrated in Figure 6 for RPL 889 Non-Storing Mode, the Extended Duplicate Address exchange takes place 890 as prescribed by [RFC8505]. If the exchange fails, the 6LR returns 891 an NA message with a negative status to the 6LN, the NCE is not 892 created, and the address is not injected in RPL. Otherwise, the 6LR 893 creates an NCE and injects the Registered Address in the RPL routing 894 using a DAO/DAO-ACK exchange with the RPL DODAG Root. 896 An Address Registration refresh is performed by the 6LN to maintain 897 the NCE in the 6LR alive before the lifetime expires. Upon the 898 refresh of a registration, the 6LR reinjects the corresponding route 899 in RPL before it expires, as illustrated in Figure 7. 901 6LN/RUL <-ND-> 6LR <-RPL-> Root <-ND-> 6LBR 902 | | | | 903 | NS(EARO) | | | 904 |--------------->| | | 905 | | DAO | | 906 | |------------->| | 907 | | | EDAR | 908 | | |------------------>| 909 | | | EDAC | 910 | | |<------------------| 911 | | DAO-ACK | | 912 | |<-------------| | 913 | NA(EARO) | | | 914 |<---------------| | | 916 Figure 7: Next RUL Registration Flow 918 This is what causes the RPL Root to refresh the state in the 6LBR, 919 using an EDAC message. In case of an error in the proxied EDAR flow, 920 the error is returned in the DAO-ACK using a RPL Status with the 'A' 921 flag set to 1 that imbeds a 6LoWPAN Status value as discussed in 922 Section 6.3. 924 The 6LR may receive a requested DAO-ACK after it received an 925 asynchronous Non-Storing DCO, but the negative Status in the DCO 926 supersedes a positive Status in the DAO-ACK regardless of the order 927 in which they are received. Upon the DAO-ACK - or the DCO if one 928 arrives first - the 6LR responds to the RUL with an NA(EARO). 930 An issue may be detected later, e.g., the address moves to a 931 different DODAG with the 6LBR attached to a different 6LoWPAN 932 Backbone Router (6BBR), see Figure 5 in section 3.3 of [RFC8929]. 933 The 6BBR may send a negative ND status, e.g., in an asynchronous 934 NA(EARO) to the 6LBR. 936 [RFC8929] expects that the 6LBR is collocated with the RPL Root, but 937 if not, the 6LBR MUST forward the status code to the originator of 938 the EDAR, either the 6LR or the RPL Root that proxies for it. The ND 939 status code is mapped in a RPL Status value by the RPL Root, and then 940 back by the 6LR. 942 Figure 8 illustrates this in the case where the 6LBR and the Root are 943 not collocated, and the Root proxies the EDAR messages. 945 6LN/RUL <-ND-> 6LR <-RPL-> Root <-ND-> 6LBR <-ND-> 6BBR 946 | | | | | 947 | | | | NA(EARO) | 948 | | | |<------------| 949 | | | EDAC | | 950 | | |<-------------| | 951 | | DCO | | | 952 | |<------------| | | 953 | NA(EARO) | | | | 954 |<-------------| | | | 955 | | | | | 957 Figure 8: Asynchronous Issue 959 If the Root does not proxy, then the EDAC with a negative status 960 reaches the 6LR directly. In that case, the 6LR MUST clean up the 961 route using a DAO with a Lifetime of zero, and it MUST propagate the 962 status back to the RUL in a NA(EARO) with the R Flag set to 0. 964 The RUL may terminate the registration at any time by using a 965 Registration Lifetime of 0. This specification requires that the RPL 966 Target Option transports the ROVR. This way, the same flow as the 967 heartbeat flow is sufficient to inform the 6LBR using the Root as 968 proxy, as illustrated in Figure 7. 970 Any combination of the logical functions of 6LR, Root, and 6LBR might 971 be collapsed in a single node. 973 9.2. Detailed Operation 974 9.2.1. Perspective of the 6LN Acting as RUL 976 This specification does not alter the operation of a 6LoWPAN ND- 977 compliant 6LN/RUL, which is expected to operate as follows: 979 1. The 6LN selects a 6LR that provides reachability services for a 980 RUL. This is signaled a 6CIO in the RA messages with the L, P 981 and E flags set to 1 as prescribed by [RFC8505]. 983 2. The 6LN obtains an IPv6 global address, either using Stateless 984 Address Autoconfiguration (SLAAC) [RFC4862] based on a Prefix 985 Information Option (PIO) [RFC4861] found in an RA message, or 986 some other means, such as DHCPv6 [RFC8415]. 988 3. Once it has formed an address, the 6LN registers its address and 989 refreshes its registration periodically, early enough within the 990 Lifetime of the previous Address Registration, as prescribed by 991 [RFC6775], to refresh the NCE before the lifetime indicated in 992 the EARO expires. It sets the T Flag to 1 as prescribed in 993 [RFC8505]. The TID is incremented each time and wraps in a 994 lollipop fashion (see section 5.2.1 of [RFC8505], which is fully 995 compatible with section 7.2 of [RFC6550]). 997 4. As stated in section 5.2 of [RFC8505], the 6LN can register to 998 more than one 6LR at the same time. In that case, it uses the 999 same EARO for all of the parallel Address Registrations, with the 1000 exception of the Registration Lifetime field and the setting of 1001 the R flag that may differ. The 6LN may cancel a subset of its 1002 registrations, or transfer a registration from one or more old 1003 6LR(s) to one or more new 6LR(s). To do so, the 6LN sends a 1004 series of NS(EARO) messages, all with the same TID, with a zero 1005 Registration Lifetime to the old 6LR(s) and with a non-zero 1006 Registration Lifetime to the new 6LR(s). In that process, the 1007 6LN SHOULD send the NS(EARO) with a non-zero Registration 1008 Lifetime and ensure that at least one succeeds before it sends an 1009 NS(EARO) that terminates another registration. This avoids the 1010 churn related to transient route invalidation in the RPL network 1011 above the common parent of the involved 6LRs. 1013 5. Following section 5.1 of [RFC8505], a 6LN acting as a RUL sets 1014 the R Flag in the EARO of its registration(s) for which it 1015 requires routing services. If the R Flag is not echoed in the 1016 NA, the RUL SHOULD attempt to use another 6LR. The RUL SHOULD 1017 ensure that one registration succeeds before setting the R Flag 1018 to 0. In case of a conflict with the preceding rule on lifetime, 1019 the rule on lifetime has precedence. 1021 6. The 6LN may use any of the 6LRs to which it registered as the 1022 default gateway. Using a 6LR to which the 6LN is not registered 1023 may result in packets dropped at the 6LR by a Source Address 1024 Validation function (SAVI) [RFC7039] so it is not recommended. 1026 Even without support for RPL, the RUL may be configured with an 1027 opaque value to be provided to the routing protocol. If the RUL has 1028 knowledge of the RPL Instance the packet should be injected into, 1029 then it SHOULD set the Opaque field in the EARO to the RPLInstanceID, 1030 else it MUST leave the Opaque field to zero. 1032 Regardless of the setting of the Opaque field, the 6LN MUST set the 1033 "I" field to zero to signal "topological information to be passed to 1034 a routing process", as specified in section 5.1 of [RFC8505]. 1036 A RUL is not expected to produce RPL artifacts in the data packets, 1037 but it may do so. For instance, if the RUL has minimal awareness of 1038 the RPL Instance then it can build an RPI. A RUL that places an RPI 1039 in a data packet SHOULD indicate the RPLInstanceID of the RPL 1040 Instance where the packet should be forwarded. It is up to the 6LR 1041 (e.g., by policy) to use the RPLInstanceID information provided by 1042 the RUL or rewrite it to the selected RPLInstanceID for forwarding 1043 inside the RPL domain. All the flags and the Rank field are set to 0 1044 as specified by section 11.2 of [RFC6550]. 1046 9.2.2. Perspective of the 6LR Acting as Border Router 1048 A 6LR that provides reachability services for a RUL in a RPL network 1049 as specified in this document MUST include a 6CIO in its RA messages 1050 and set the L, P and E flags to 1 as prescribed by [RFC8505]. 1052 As prescribed by [RFC8505], the 6LR generates an EDAR message upon 1053 reception of a valid NS(EARO) message for the registration of a new 1054 IPv6 address by a 6LN. If the initial EDAR/EDAC exchange succeeds, 1055 then the 6LR installs an NCE for the Registration Lifetime. For the 1056 registration refreshes, if the RPL Root has indicated that it proxies 1057 the keep-alive EDAR/EDAC exchange with the 6LBR (see Section 6), the 1058 6LR MUST refrain from sending the keep-alive EDAR. 1060 If the R Flag is set to 1 in the NS(EARO), the 6LR SHOULD inject the 1061 Host route in RPL, unless this is barred for other reasons, such as 1062 the saturation of the RPL parents. The 6LR MUST use a RPL Non- 1063 Storing Mode signaling and the updated Target Option (see 1064 Section 6.1). The 6LR MUST request a DAO-ACK by setting the 'K' flag 1065 in the DAO message. Success injecting the route to the RUL's address 1066 is indicated by the 'E' flag set to 0 in the RPL status of the DAO- 1067 ACK message. 1069 The Opaque field in the EARO provides a mean to signal which RPL 1070 Instance is to be used for the DAO advertisements and the forwarding 1071 of packets sourced at the Registered Address when there is no RPI in 1072 the packet. 1074 As described in [RFC8505], if the "I" field is zero, then the Opaque 1075 field is expected to carry the RPLInstanceID suggested by the 6LN; 1076 otherwise, there is no suggested Instance. If the 6LR participates 1077 in the suggested RPL Instance, then the 6LR MUST use that RPL 1078 Instance for the Registered Address. 1080 If there is no suggested RPL Instance or else if the 6LR does not 1081 participate to the suggested Instance, it is expected that the 1082 packets coming from the 6LN "can unambiguously be associated to at 1083 least one RPL Instance" [RFC6550] by the 6LR, e.g., using a policy 1084 that maps the 6-tuple into an Instance. 1086 The DAO message advertising the Registered Address MUST be 1087 constructed as follows: 1089 1. The Registered Address is signaled as the Target Prefix in the 1090 updated Target Option in the DAO message; the Prefix Length is 1091 set to 128 but the 'F' flag is set to 0 since the advertiser is 1092 not the RUL. The ROVR field is copied unchanged from the EARO 1093 (see Section 6.1). 1095 2. The 6LR indicates one of its global or unique-local IPv6 unicast 1096 addresses as the Parent Address in the RPL Transit Information 1097 Option (TIO) associated with the Target Option 1099 3. The 6LR sets the External 'E' flag in the TIO to indicate that it 1100 is redistributing an external target into the RPL network 1102 4. the Path Lifetime in the TIO is computed from the Registration 1103 Lifetime in the EARO. This operation converts seconds to the 1104 Lifetime Units used in the RPL operation. This creates the 1105 deployment constraint that the Lifetime Unit is reasonably 1106 compatible with the expression of the Registration Lifetime. 1107 e.g., a Lifetime Unit of 0x4000 maps the most significant byte of 1108 the Registration Lifetime to the Path Lifetime. 1110 In that operation, the Path Lifetime must be rounded, if needed, 1111 to the upper value to ensure that the path has a longer lifetime 1112 than the registration. 1114 Note that if the Registration Lifetime is 0, then the Path 1115 Lifetime is also 0 and the DAO message becomes a No-Path DAO, 1116 which cleans up the routes down to the RUL's address; this also 1117 causes the Root as a proxy to send an EDAR message to the 6LBR 1118 with a Lifetime of 0. 1120 5. the Path Sequence in the TIO is set to the TID value found in the 1121 EARO option. 1123 Upon receiving or timing out the DAO-ACK after an implementation- 1124 specific number of retries, the 6LR MUST send the corresponding 1125 NA(EARO) to the RUL. Upon receiving an asynchronous DCO message, if 1126 a DAO-ACK is pending then the 6LR MUST wait for the DAO-ACK to send 1127 the NA(EARO) and deliver the status found in the DCO, else it MUST 1128 send an asynchronous NA(EARO) to the RUL immediately. 1130 The 6LR MUST set the R Flag to 1 in the NA(EARO) back if and only if 1131 the 'E' flag is set to 0, indicating that the 6LR injected the 1132 Registered Address in the RPL routing successfully and that the EDAR 1133 proxy operation succeeded. 1135 If the 'A' flag in the RPL Status is set to 1, the embedded Status 1136 value is passed back to the RUL in the EARO Status. If the 'E' flag 1137 is also set to 1, the registration failed for 6LoWPAN ND related 1138 reasons, and the NCE is removed. 1140 An error injecting the route causes the 'E' flag to be set to 1. If 1141 the error is not related to ND, the 'A' flag is set to 0. In that 1142 case, the registration succeeds, but the RPL route is not installed. 1143 So the NA(EARO) is returned with a positive status but the R Flag set 1144 to 0, which means that the 6LN obtained a binding but no route. 1146 If the 'A' flag is set to 0 in the RPL Status of the DAO-ACK, then 1147 the 6LoWPAN ND operation succeeded, and an EARO Status of 0 (Success) 1148 MUST be returned to the 6LN. The EARO Status of 0 MUST also be used 1149 if the 6LR did not attempt to inject the route but could create the 1150 binding after a successful EDAR/EDAC exchange or refresh it. 1152 If the 'E' flag is set to 1 in the RPL Status of the DAO-ACK, then 1153 the route was not installed and the R flag MUST be set to 0 in the 1154 NA(EARO). The R flag MUST be set to 0 if the 6LR did not attempt to 1155 inject the route. 1157 In a network where Address Protected Neighbor Discovery (AP-ND) is 1158 enabled, in case of a DAO-ACK or a DCO indicating transporting an 1159 EARO Status value of 5 (Validation Requested), the 6LR MUST challenge 1160 the 6LN for ownership of the address, as described in section 6.1 of 1161 [RFC8928], before the Registration is complete. This flow, 1162 illustrated in Figure 9, ensures that the address is validated before 1163 it is injected in the RPL routing. 1165 If the challenge succeeds, then the operations continue as normal. 1166 In particular, a DAO message is generated upon the NS(EARO) that 1167 proves the ownership of the address. If the challenge failed, the 1168 6LR rejects the registration as prescribed by AP-ND and may take 1169 actions to protect itself against DoS attacks by a rogue 6LN, see 1170 Section 11. 1172 6LN 6LR Root 6LBR 1173 | | | | 1174 |<--------------- RA ---------------------| | | 1175 | | | | 1176 |------ NS EARO (ROVR=Crypto-ID) -------->| | | 1177 | | | | 1178 |<- NA EARO(status=Validation Requested) -| | | 1179 | | | | 1180 |----- NS EARO and Proof-of-ownership -->| | 1181 | |--------- EDAR ------->| 1182 | | | 1183 | |<-------- EDAC --------| 1184 | | | 1185 | | | | 1186 | |-- DAO --->| | 1187 | | |-- EDAR -->| 1188 | | | | 1189 | | |<-- EDAC --| 1190 | |<- DAO-ACK-| | 1191 | | | | 1192 |<----------- NA EARO (status=0)----------| | | 1193 | | | | 1194 ... 1195 | | | | 1196 |------ NS EARO (ROVR=Crypto-ID) -------->| | | 1197 | |-- DAO --->| | 1198 | | |-- EDAR -->| 1199 | | | | 1200 | | |<-- EDAC --| 1201 | |<- DAO-ACK-| | 1202 |<----------- NA EARO (status=0)----------| | | 1203 | | | | 1204 ... 1206 Figure 9: Address Protection 1208 The 6LR may at any time send a unicast asynchronous NA(EARO) with the 1209 R Flag set to 0 to signal that it stops providing routing services, 1210 and/or with the EARO Status 2 "Neighbor Cache full" to signal that it 1211 removes the NCE. It may also send a final RA, unicast or multicast, 1212 with a Router Lifetime field of zero, to signal that it stops serving 1213 as Router, as specified in section 6.2.5 of [RFC4861]. This may 1214 happen upon a DCO or a DAO-ACK message indicating the path is already 1215 removed; else the 6LR MUST remove the Host route to the 6LN using a 1216 DAO message with a Path Lifetime of zero. 1218 A valid NS(EARO) message with the R Flag set to 0 and a Registration 1219 Lifetime that is not zero signals that the 6LN wishes to maintain the 1220 binding but does not require the routing services from the 6LR (any 1221 more). Upon this message, if, due to previous NS(EARO) with the R 1222 Flag set to 1, the 6LR was injecting the Host route to the Registered 1223 Address in RPL using DAO messages, then the 6LR MUST invalidate the 1224 Host route in RPL using a DAO with a Path Lifetime of zero. It is up 1225 to the Registering 6LN to maintain the corresponding route from then 1226 on, either keeping it active via a different 6LR or by acting as a 1227 RAN and managing its own reachability. 1229 9.2.3. Perspective of the RPL Root 1231 A RPL Root MUST set the 'P' flag to 1 in the RPL DODAG Configuration 1232 Option of the DIO messages that it generates (see Section 6) to 1233 signal that it proxies the EDAR/EDAC exchange and supports the 1234 Updated RPL Target option. 1236 Upon reception of a DAO message, for each updated RPL Target Option 1237 (see Section 6.1) that creates or updates an existing RPL state, the 1238 Root MUST notify the 6LBR by using a proxied EDAR/EDAC exchange. If 1239 if the RPL Root and the 6LBR are integrated, an internal API can be 1240 used. 1242 The EDAR message MUST be constructed as follows: 1244 1. The Target IPv6 address from the RPL Target Option is placed in 1245 the Registered Address field of the EDAR message; 1247 2. the Registration Lifetime is adapted from the Path Lifetime in 1248 the TIO by converting the Lifetime Units used in RPL into units 1249 of 60 seconds used in the 6LoWPAN ND messages; 1251 3. the TID value is set to the Path Sequence in the TIO and 1252 indicated with an ICMP code of 1 in the EDAR message; 1254 4. The ROVR in the RPL Target Option is copied as is in the EDAR and 1255 the ICMP Code Suffix is set to the appropriate value as shown in 1256 Table 4 of [RFC8505] depending on the size of the ROVR field. 1258 Upon receiving an EDAC message from the 6LBR, if a DAO is pending, 1259 then the Root MUST send a DAO-ACK back to the 6LR. Else, if the 1260 Status in the EDAC message is not "Success", then it MUST send an 1261 asynchronous DCO to the 6LR. 1263 In either case, the EDAC Status is embedded in the RPL Status with 1264 the 'A' flag set to 1. 1266 The proxied EDAR/EDAC exchange MUST be protected with a timer of an 1267 appropriate duration and a number of retries, that are 1268 implementation-dependent, and SHOULD be configurable since the Root 1269 and the 6LBR are typically nodes with a higher capacity and 1270 manageability than 6LRs. Upon timing out, the Root MUST send an 1271 error back to the 6LR as above, either using a DAO-ACK or a DCO, as 1272 appropriate, with the 'A' and 'E' flags set to 1 in the RPL status, 1273 and a RPL Status value of of "6LBR Registry Saturated" [RFC8505]. 1275 9.2.4. Perspective of the 6LBR 1277 The 6LBR is unaware that the RPL Root is not the new attachment 6LR 1278 of the RUL, so it is not impacted by this specification. 1280 Upon reception of an EDAR message, the 6LBR acts as prescribed by 1281 [RFC8505] and returns an EDAC message to the sender. 1283 10. Protocol Operations for Multicast Addresses 1285 Section 12 of [RFC6550] details the RPL support for multicast flows. 1286 This support is activated by the MOP of 3 ("Storing Mode of Operation 1287 with multicast support") in the DIO messages that form the DODAG. 1288 This section also applies if and only if the MOP of the RPLInstance 1289 is 3. 1291 The RPL support of multicast is not source-specific and only operates 1292 as an extension to the Storing Mode of Operation for unicast packets. 1293 Note that it is the RPL model that the multicast packet is passed as 1294 a Layer-2 unicast to each of the interested children. This remains 1295 true when forwarding between the 6LR and the listener 6LN. 1297 "Multicast Listener Discovery Version 2 (MLDv2) for IPv6" [RFC3810] 1298 provides an interface for a listener to register to multicast flows. 1299 In the MLD model, the Router is a "querier", and the Host is a 1300 multicast listener that registers to the querier to obtain copies of 1301 the particular flows it is interested in. 1303 The equivalent of the first Address Registration happens as 1304 illustrated in Figure 10. The 6LN, as an MLD listener, sends an 1305 unsolicited Report to the 6LR. This enables it to start receiving 1306 the flow immediately, and causes the 6LR to inject the multicast 1307 route in RPL. 1309 This specification does not change MLD but will operate more 1310 efficiently if the asynchronous messages for unsolicited Report and 1311 Done are sent by the 6LN as Layer-2 unicast to the 6LR, in particular 1312 on wireless. 1314 The 6LR acts as a generic MLD querier and generates a DAO with the 1315 Multicast Address as the Target Prefix as described in section 12 of 1316 [RFC6550]. As for the Unicast Host routes, the Path Lifetime 1317 associated to the Target is mapped from the Query Interval, and set 1318 to be larger to account for variable propagation delays to the Root. 1319 The Root proxies the MLD exchange as a listener with the 6LBR acting 1320 as the querier, so as to get packets from a source external to the 1321 RPL domain. 1323 Upon a DAO with a Target option for a multicast address, the RPL Root 1324 checks if it is already registered as a listener for that address, 1325 and if not, it performs its own unsolicited Report for the multicast 1326 address as described in section 5.1 of [RFC3810]. The report is 1327 source independent, so there is no Source Address listed. 1329 6LN/RUL 6LR Root 6LBR 1330 | | | | 1331 | unsolicited Report | | | 1332 |------------------->| | | 1333 | | DAO | | 1334 | |-------------->| | 1335 | | DAO-ACK | | 1336 | |<--------------| | 1337 | | | | 1338 | | | unsolicited Report | 1339 | | |---------------------->| 1340 | | | | 1342 Figure 10: First Multicast Registration Flow 1344 The equivalent of the registration refresh is pulled periodically by 1345 the 6LR acting as querier. Upon the timing out of the Query 1346 Interval, the 6LR sends a Multicast Address Specific Query to each of 1347 its listeners, for each Multicast Address, and gets a Report back 1348 that is mapped into a DAO one by one. Optionally, the 6LR MAY send a 1349 General Query, where the Multicast Address field is set to zero. In 1350 that case, the multicast packet is passed as a Layer-2 unicast to 1351 each of the interested children. . 1353 Upon a Report, the 6LR generates a DAO with as many Target Options as 1354 there are Multicast Address Records in the Report message, copying 1355 the Multicast Address field in the Target Prefix of the RPL Target 1356 Option. The DAO message is a Storing Mode DAO, passed to a selection 1357 of the 6LR's parents. 1359 Asynchronously to this, a similar procedure happens between the Root 1360 and a router such as the 6LBR that serves multicast flows on the Link 1361 where the Root is located. Again the Query and Report messages are 1362 source independent. The Root lists exactly once each Multicast 1363 Address for which it has at least one active multicast DAO state, 1364 copying the multicast address in the DAO state in the Multicast 1365 Address field of the Multicast Address Records in the Report message. 1367 This is illustrated in Figure 11: 1369 6LN/RUL 6LR Root 6LBR 1370 | | | | 1371 | Query | | | 1372 |<-------------------| | | 1373 | Report | | | 1374 |------------------->| | | 1375 | | DAO | | 1376 | |-------------->| | 1377 | | DAO-ACK | | 1378 | |<--------------| | 1379 | | | Query | 1380 | | |<-------------------| 1381 | | | Report | 1382 | | |------------------->| 1383 | | | | 1385 Figure 11: Next Registration Flow 1387 Note that any of the functions 6LR, Root and 6LBR might be collapsed 1388 in a single node, in which case the flow above happens internally, 1389 and possibly through internal API calls as opposed to messaging. 1391 11. Security Considerations 1393 It is worth noting that with [RFC6550], every node in the LLN is RPL- 1394 aware and can inject any RPL-based attack in the network. This 1395 specification isolates edge nodes that can only interact with the RPL 1396 Routers using 6LoWPAN ND, meaning that they cannot perform RPL 1397 insider attacks. 1399 The LLN nodes depend on the 6LBR and the RPL participants for their 1400 operation. A trust model must be put in place to ensure that the 1401 right devices are acting in these roles, so as to avoid threats such 1402 as black-holing, (see [RFC7416] section 7), Denial-Of-Service attacks 1403 whereby a rogue 6LR creates a high churn in the RPL network by 1404 advertising and removing many forged addresses, or bombing attack 1405 whereby an impersonated 6LBR would destroy state in the network by 1406 using the status code of 4 ("Removed"). 1408 This trust model could be at a minimum based on a Layer-2 Secure 1409 joining and the Link-Layer security. This is a generic 6LoWPAN 1410 requirement, see Req5.1 in Appendix of [RFC8505]. 1412 In a general manner, the Security Considerations in [RFC7416] 1413 [RFC6775], and [RFC8505] apply to this specification as well. 1415 The Link-Layer security is needed in particular to prevent Denial-Of- 1416 Service attacks whereby a rogue 6LN creates a high churn in the RPL 1417 network by constantly registering and deregistering addresses with 1418 the R Flag set to 1 in the EARO. 1420 [RFC8928] updated 6LoWPAN ND with the called Address-Protected 1421 Neighbor Discovery (AP-ND). AP-ND protects the owner of an address 1422 against address theft and impersonation attacks in a Low-Power and 1423 Lossy Network (LLN). Nodes supporting th extension compute a 1424 cryptographic identifier (Crypto-ID), and use it with one or more of 1425 their Registered Addresses. The Crypto-ID identifies the owner of 1426 the Registered Address and can be used to provide proof of ownership 1427 of the Registered Addresses. Once an address is registered with the 1428 Crypto-ID and a proof of ownership is provided, only the owner of 1429 that address can modify the registration information, thereby 1430 enforcing Source Address Validation. [RFC8928] reduces even more the 1431 attack perimeter that is available to the edge nodes and its use is 1432 suggested in this specification. 1434 Additionally, the trust model could include a role validation to 1435 ensure that the node that claims to be a 6LBR or a RPL Root is 1436 entitled to do so. 1438 The Opaque field in the EARO enables the RUL to suggest a 1439 RPLInstanceID where its traffic is placed. It is also possible for 1440 an attacker RUL to include an RPI in the packet. This opens to 1441 attacks where a RPL instance would be reserved for critical traffic, 1442 e.g., with a specific bandwidth reservation, that the additional 1443 traffic generated by a rogue may disrupt. The attack may be 1444 alleviated by traditional access control and traffic shaping 1445 mechanisms where the 6LR controls the incoming traffic from the 6LN. 1446 More importantly, the 6LR is the node that injects the traffic in the 1447 RPL domain, so it has the final word on which RPLInstance is to be 1448 used for the traffic coming from the RUL, per its own policy. 1450 At the time of this writing, RPL does not have a Route Ownership 1451 Validation model whereby it is possible to validate the origin of an 1452 address that is injected in a DAO. This specification makes a first 1453 step in that direction by allowing the Root to challenge the RUL via 1454 the 6LR that serves it. 1456 Section 6.1 indicates that when the length of the ROVR field is 1457 unknown, the RPL Target Option must be passed on as received in RPL 1458 storing Mode. This creates a possible opening for using DAO messages 1459 as a covert channel. Note that DAO messages are rare and the 1460 overusing that channel could be detected. An implementation SHOULD 1461 notify the network management when a RPL Target Option is receives 1462 with an unknown ROVR field size, to ensure that the situation is 1463 known to the network administrator. 1465 [EFFICIENT-NPDAO] introduces the ability for a rogue common ancestor 1466 node to invalidate a route on behalf of the target node. In this 1467 case, the RPL Status in the DCO has the 'A' flag set to 0, and a 1468 NA(EARO) is returned to the 6LN with the R flag set to 0. This 1469 encourages the 6LN to try another 6LR. If a 6LR exists that does not 1470 use the rogue common ancestor, then the 6LN will eventually succeed 1471 gaining reachability over the RPL network in spite of the rogue node. 1473 12. IANA Considerations 1475 12.1. Fixing the Address Registration Option Flags 1477 Section 9.1 of [RFC8505] creates a Registry for the 8-bit Address 1478 Registration Option Flags field. IANA is requested to rename the 1479 first column of the table from "ARO Status" to "Bit number". 1481 12.2. Resizing the ARO Status values 1483 Section 12 of [RFC6775] creates the Address Registration Option 1484 Status values Registry with a range 0-255. 1486 This specification reduces that range to 0-63, see Section 6.3. 1488 IANA is requested to modify the Address Registration Option Status 1489 values Registry so that the upper bound of the unassigned values is 1490 63. This document should be added as a reference. The registration 1491 procedure does not change. 1493 12.3. New RPL DODAG Configuration Option Flag 1495 IANA is requested to assign a flag from the "DODAG Configuration 1496 Option Flags for MOP 0..6" [USEofRPLinfo] registry as follows: 1498 +---------------+----------------------------+-----------+ 1499 | Bit Number | Capability Description | Reference | 1500 +---------------+----------------------------+-----------+ 1501 | 1 (suggested) | Root Proxies EDAR/EDAC (P) | THIS RFC | 1502 +---------------+----------------------------+-----------+ 1504 Table 2: New DODAG Configuration Option Flag 1506 It is suggested to IANA to indicate that the Flag fields in RPL 1507 options are indexed starting counting from bit 0 as the most 1508 significant bit. 1510 12.4. RPL Target Option Registry 1512 This document modifies the "RPL Target Option Flags" registry 1513 initially created in Section 20.15 of [RFC6550] . The registry now 1514 includes only 4 bits (Section 6.1) and should point to this document 1515 as an additional reference. The registration procedure doesn't 1516 change. 1518 Section 6.1 also defines a new entry in the Registry as follows: 1520 +---------------+--------------------------------+-----------+ 1521 | Bit Number | Capability Description | Reference | 1522 +---------------+--------------------------------+-----------+ 1523 | 0 (suggested) | Advertiser address in Full (F) | THIS RFC | 1524 +---------------+--------------------------------+-----------+ 1526 Table 3: RPL Target Option Registry 1528 12.5. New Subregistry for RPL Non-Rejection Status values 1530 This specification creates a new Subregistry for the RPL Non- 1531 Rejection Status values for use in the RPL DAO-ACK, DCO, and DCO-ACK 1532 messages with the 'A' flag set to 0, under the RPL registry. 1534 * Possible values are 6-bit unsigned integers (0..63). 1536 * Registration procedure is "IETF Review" [RFC8126]. 1538 * Initial allocation is as indicated in Table 4: 1540 +-------+------------------------+---------------------+ 1541 | Value | Meaning | Reference | 1542 +-------+------------------------+---------------------+ 1543 | 0 | Unqualified acceptance | THIS RFC / RFC 6550 | 1544 +-------+------------------------+---------------------+ 1545 | 1..63 | Unassigned | | 1546 +-------+------------------------+---------------------+ 1548 Table 4: Acceptance values of the RPL Status 1550 12.6. New Subregistry for RPL Rejection Status values 1552 This specification creates a new Subregistry for the RPL Rejection 1553 Status values for use in the RPL DAO-ACK and DCO messages with the 1554 'A' flag set to 0, under the RPL registry. 1556 * Possible values are 6-bit unsigned integers (0..63). 1558 * Registration procedure is "IETF Review" [RFC8126]. 1560 * Initial allocation is as indicated in Table 5: 1562 +-------+-----------------------+-----------+ 1563 | Value | Meaning | Reference | 1564 +-------+-----------------------+-----------+ 1565 | 0 | Unqualified rejection | THIS RFC | 1566 +-------+-----------------------+-----------+ 1567 | 1..63 | Unassigned | | 1568 +-------+-----------------------+-----------+ 1570 Table 5: Rejection values of the RPL Status 1572 13. Acknowledgments 1574 The authors wish to thank Ines Robles, Georgios Papadopoulos and 1575 especially Rahul Jadhav and Alvaro Retana for their reviews and 1576 contributions to this document. Also many thanks to Peter Van der 1577 Stok and Carl Wallace for their reviews and useful comments during 1578 the IETF Last Call and the IESG review sessions. 1580 14. Normative References 1582 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1583 Requirement Levels", BCP 14, RFC 2119, 1584 DOI 10.17487/RFC2119, March 1997, 1585 . 1587 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 1588 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 1589 DOI 10.17487/RFC3810, June 2004, 1590 . 1592 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1593 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1594 DOI 10.17487/RFC4861, September 2007, 1595 . 1597 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1598 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1599 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1600 Low-Power and Lossy Networks", RFC 6550, 1601 DOI 10.17487/RFC6550, March 2012, 1602 . 1604 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1605 Bormann, "Neighbor Discovery Optimization for IPv6 over 1606 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1607 RFC 6775, DOI 10.17487/RFC6775, November 2012, 1608 . 1610 [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and 1611 Lossy Networks", RFC 7102, DOI 10.17487/RFC7102, January 1612 2014, . 1614 [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for 1615 IPv6 over Low-Power Wireless Personal Area Networks 1616 (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 1617 2014, . 1619 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1620 Writing an IANA Considerations Section in RFCs", BCP 26, 1621 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1622 . 1624 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1625 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1626 May 2017, . 1628 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1629 (IPv6) Specification", STD 86, RFC 8200, 1630 DOI 10.17487/RFC8200, July 2017, 1631 . 1633 [RFC8504] Chown, T., Loughney, J., and T. Winters, "IPv6 Node 1634 Requirements", BCP 220, RFC 8504, DOI 10.17487/RFC8504, 1635 January 2019, . 1637 [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. 1638 Perkins, "Registration Extensions for IPv6 over Low-Power 1639 Wireless Personal Area Network (6LoWPAN) Neighbor 1640 Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, 1641 . 1643 [RFC8928] Thubert, P., Ed., Sarikaya, B., Sethi, M., and R. Struik, 1644 "Address-Protected Neighbor Discovery for Low-Power and 1645 Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November 1646 2020, . 1648 [USEofRPLinfo] 1649 Robles, I., Richardson, M., and P. Thubert, "Using RPI 1650 Option Type, Routing Header for Source Routes and IPv6-in- 1651 IPv6 encapsulation in the RPL Data Plane", Work in 1652 Progress, Internet-Draft, draft-ietf-roll-useofrplinfo-42, 1653 12 November 2020, . 1656 [EFFICIENT-NPDAO] 1657 Jadhav, R., Thubert, P., Sahoo, R., and Z. Cao, "Efficient 1658 Route Invalidation", Work in Progress, Internet-Draft, 1659 draft-ietf-roll-efficient-npdao-18, 15 April 2020, 1660 . 1663 15. Informative References 1665 [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 1666 over Low-Power Wireless Personal Area Networks (6LoWPANs): 1667 Overview, Assumptions, Problem Statement, and Goals", 1668 RFC 4919, DOI 10.17487/RFC4919, August 2007, 1669 . 1671 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1672 Address Autoconfiguration", RFC 4862, 1673 DOI 10.17487/RFC4862, September 2007, 1674 . 1676 [RFC6553] Hui, J. and JP. Vasseur, "The Routing Protocol for Low- 1677 Power and Lossy Networks (RPL) Option for Carrying RPL 1678 Information in Data-Plane Datagrams", RFC 6553, 1679 DOI 10.17487/RFC6553, March 2012, 1680 . 1682 [RFC6554] Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6 1683 Routing Header for Source Routes with the Routing Protocol 1684 for Low-Power and Lossy Networks (RPL)", RFC 6554, 1685 DOI 10.17487/RFC6554, March 2012, 1686 . 1688 [RFC6606] Kim, E., Kaspar, D., Gomez, C., and C. Bormann, "Problem 1689 Statement and Requirements for IPv6 over Low-Power 1690 Wireless Personal Area Network (6LoWPAN) Routing", 1691 RFC 6606, DOI 10.17487/RFC6606, May 2012, 1692 . 1694 [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., 1695 "Source Address Validation Improvement (SAVI) Framework", 1696 RFC 7039, DOI 10.17487/RFC7039, October 2013, 1697 . 1699 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for 1700 Constrained-Node Networks", RFC 7228, 1701 DOI 10.17487/RFC7228, May 2014, 1702 . 1704 [RFC8138] Thubert, P., Ed., Bormann, C., Toutain, L., and R. Cragie, 1705 "IPv6 over Low-Power Wireless Personal Area Network 1706 (6LoWPAN) Routing Header", RFC 8138, DOI 10.17487/RFC8138, 1707 April 2017, . 1709 [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., 1710 Richardson, M., Jiang, S., Lemon, T., and T. Winters, 1711 "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", 1712 RFC 8415, DOI 10.17487/RFC8415, November 2018, 1713 . 1715 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 1716 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 1717 DOI 10.17487/RFC6282, September 2011, 1718 . 1720 [RFC6687] Tripathi, J., Ed., de Oliveira, J., Ed., and JP. Vasseur, 1721 Ed., "Performance Evaluation of the Routing Protocol for 1722 Low-Power and Lossy Networks (RPL)", RFC 6687, 1723 DOI 10.17487/RFC6687, October 2012, 1724 . 1726 [RFC7416] Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., 1727 and M. Richardson, Ed., "A Security Threat Analysis for 1728 the Routing Protocol for Low-Power and Lossy Networks 1729 (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015, 1730 . 1732 [RFC8025] Thubert, P., Ed. and R. Cragie, "IPv6 over Low-Power 1733 Wireless Personal Area Network (6LoWPAN) Paging Dispatch", 1734 RFC 8025, DOI 10.17487/RFC8025, November 2016, 1735 . 1737 [RFC8929] Thubert, P., Ed., Perkins, C.E., and E. Levy-Abegnoli, 1738 "IPv6 Backbone Router", RFC 8929, DOI 10.17487/RFC8929, 1739 November 2020, . 1741 Appendix A. Example Compression 1743 Figure 12 illustrates the case in Storing Mode where the packet is 1744 received from the Internet, then the Root encapsulates the packet to 1745 insert the RPI and deliver to the 6LR that is the parent and last hop 1746 to the final destination, which is not known to support [RFC8138]. 1748 +-+ ... -+-+ ... +-+- ... -+-+ ... -+-+-+ ... +-+-+ ... -+ ... +-... 1749 |11110001|SRH-6LoRH| RPI- |IP-in-IP| NH=1 |11110CPP| UDP | UDP 1750 |Page 1 |Type1 S=0| 6LoRH | 6LoRH |LOWPAN_IPHC| UDP | hdr |Payld 1751 +-+ ... -+-+ ... +-+- ... -+-+ ... -+-+-+ ... +-+-+ ... -+ ... +-... 1752 <-4 bytes-> <- RFC 6282 -> 1753 <- No RPL artifact ... 1755 Figure 12: Encapsulation to Parent 6LR in Storing Mode 1757 The difference with the example presented in Figure 19 of [RFC8138] 1758 is the addition of a SRH-6LoRH before the RPI-6LoRH to transport the 1759 compressed address of the 6LR as the destination address of the outer 1760 IPv6 header. In the [RFC8138] example the destination IP of the 1761 outer header was elided and was implicitly the same address as the 1762 destination of the inner header. Type 1 was arbitrarily chosen, and 1763 the size of 0 denotes a single address in the SRH. 1765 In Figure 12, the source of the IP-in-IP encapsulation is the Root, 1766 so it is elided in the IP-in-IP 6LoRH. The destination is the parent 1767 6LR of the destination of the encapsulated packet so it cannot be 1768 elided. If the DODAG is operated in Storing Mode, it is the single 1769 entry in the SRH-6LoRH and the SRH-6LoRH Size is encoded as 0. The 1770 SRH-6LoRH is the first 6LoRH in the chain. In this particular 1771 example, the 6LR address can be compressed to 2 bytes so a Type of 1 1772 is used. It results that the total length of the SRH-6LoRH is 4 1773 bytes. 1775 In Non-Storing Mode, the encapsulation from the Root would be similar 1776 to that represented in Figure 12 with possibly more hops in the SRH- 1777 6LoRH and possibly multiple SRH-6LoRHs if the various addresses in 1778 the routing header are not compressed to the same format. Note that 1779 on the last hop to the parent 6LR, the RH3 is consumed and removed 1780 from the compressed form, so the use of Non-Storing Mode vs. Storing 1781 Mode is indistinguishable from the packet format. 1783 The SRH-6LoRHs are followed by RPI-6LoRH and then the IP-in-IP 6LoRH. 1784 When the IP-in-IP 6LoRH is removed, all the 6LoRH Headers that 1785 precede it are also removed. The Paging Dispatch [RFC8025] may also 1786 be removed if there was no previous Page change to a Page other than 1787 0 or 1, since the LOWPAN_IPHC is encoded in the same fashion in the 1788 default Page 0 and in Page 1. The resulting packet to the 1789 destination is the encapsulated packet compressed with [RFC6282]. 1791 Authors' Addresses 1793 Pascal Thubert (editor) 1794 Cisco Systems, Inc 1795 Building D 1796 45 Allee des Ormes - BP1200 1797 06254 Mougins - Sophia Antipolis 1798 France 1800 Phone: +33 497 23 26 34 1801 Email: pthubert@cisco.com 1803 Michael C. Richardson 1804 Sandelman Software Works 1806 Email: mcr+ietf@sandelman.ca 1807 URI: http://www.sandelman.ca/