idnits 2.17.1 draft-ietf-roll-useofrplinfo-23.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 217 has weird spacing: '... act chg ...' == Line 255 has weird spacing: '... act chg ...' == Line 1755 has weird spacing: '... act chg ...' -- The document date (May 1, 2018) is 2185 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCXXXX' is mentioned on line 1758, but not defined == Unused Reference: 'I-D.ietf-6man-rfc6434-bis' is defined on line 1977, but no explicit reference was found in the text == Outdated reference: A later version (-20) exists of draft-ietf-6lo-backbone-router-06 == Outdated reference: A later version (-09) exists of draft-ietf-6man-rfc6434-bis-08 == Outdated reference: A later version (-30) exists of draft-ietf-anima-autonomic-control-plane-13 == Outdated reference: A later version (-45) exists of draft-ietf-anima-bootstrapping-keyinfra-15 == Outdated reference: A later version (-07) exists of draft-thubert-roll-unaware-leaves-04 Summary: 0 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL Working Group M. Robles 3 Internet-Draft Ericsson 4 Updates: 6553, 6550, 8138 (if approved) M. Richardson 5 Intended status: Standards Track SSW 6 Expires: November 2, 2018 P. Thubert 7 Cisco 8 May 1, 2018 10 When to use RFC 6553, 6554 and IPv6-in-IPv6 11 draft-ietf-roll-useofrplinfo-23 13 Abstract 15 This document looks at different data flows through LLN (Low-Power 16 and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power 17 and Lossy Networks) is used to establish routing. The document 18 enumerates the cases where RFC 6553, RFC 6554 and IPv6-in-IPv6 19 encapsulation is required. This analysis provides the basis on which 20 to design efficient compression of these headers. This document 21 updates RFC 6553 adding a change to the RPL Option Type. 22 Additionally, this document updates RFC 6550 to indicate about this 23 change and updates RFC8138 as well to consider the new Option Type 24 when RPL Option is decompressed. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on November 2, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Terminology and Requirements Language . . . . . . . . . . . . 4 62 2.1. hop-by-hop IPv6-in-IPv6 headers . . . . . . . . . . . . . 5 63 3. Updates to RFC6553, RFC6550 and RFC 8138 . . . . . . . . . . 5 64 3.1. Updates to RFC 6553 . . . . . . . . . . . . . . . . . . . 5 65 3.2. Updates to RFC 8138 . . . . . . . . . . . . . . . . . . . 7 66 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 67 Configuration Option Flag. . . . . . . . . . . . . . . . 7 68 4. Sample/reference topology . . . . . . . . . . . . . . . . . . 8 69 5. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 11 70 6. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 13 71 6.1. Storing Mode: Interaction between Leaf and Root . . . . . 14 72 6.1.1. SM: Example of Flow from RPL-aware-leaf to root . . . 15 73 6.1.2. SM: Example of Flow from root to RPL-aware-leaf . . . 16 74 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf . 16 75 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root . 17 76 6.2. Storing Mode: Interaction between Leaf and Internet . . . 18 77 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet . 18 78 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf . 18 79 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to 80 Internet . . . . . . . . . . . . . . . . . . . . . . 19 81 6.2.4. SM: Example of Flow from Internet to non-RPL-aware- 82 leaf . . . . . . . . . . . . . . . . . . . . . . . . 20 83 6.3. Storing Mode: Interaction between Leaf and Leaf . . . . . 21 84 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware- 85 leaf . . . . . . . . . . . . . . . . . . . . . . . . 21 86 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL- 87 aware-leaf . . . . . . . . . . . . . . . . . . . . . 22 88 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL- 89 aware-leaf . . . . . . . . . . . . . . . . . . . . . 23 90 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not- 91 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 24 92 7. Non Storing mode . . . . . . . . . . . . . . . . . . . . . . 25 93 7.1. Non-Storing Mode: Interaction between Leaf and Root . . . 27 94 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root . 27 95 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf . 27 96 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware- 97 leaf . . . . . . . . . . . . . . . . . . . . . . . . 28 98 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 99 root . . . . . . . . . . . . . . . . . . . . . . . . 29 100 7.2. Non-Storing Mode: Interaction between Leaf and Internet . 30 101 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to 102 Internet . . . . . . . . . . . . . . . . . . . . . . 30 103 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware- 104 leaf . . . . . . . . . . . . . . . . . . . . . . . . 31 105 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 106 Internet . . . . . . . . . . . . . . . . . . . . . . 32 107 7.2.4. Non-SM: Example of Flow from Internet to not-RPL- 108 aware-leaf . . . . . . . . . . . . . . . . . . . . . 33 109 7.3. Non-Storing Mode: Interaction between Leafs . . . . . . . 34 110 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL- 111 aware-leaf . . . . . . . . . . . . . . . . . . . . . 34 112 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not- 113 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 36 114 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 115 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 37 116 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 117 not-RPL-aware-leaf . . . . . . . . . . . . . . . . . 38 118 8. Observations about the cases . . . . . . . . . . . . . . . . 38 119 8.1. Storing mode . . . . . . . . . . . . . . . . . . . . . . 38 120 8.2. Non-Storing mode . . . . . . . . . . . . . . . . . . . . 39 121 9. 6LoRH Compression cases . . . . . . . . . . . . . . . . . . . 39 122 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 123 11. Security Considerations . . . . . . . . . . . . . . . . . . . 40 124 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43 125 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 126 13.1. Normative References . . . . . . . . . . . . . . . . . . 43 127 13.2. Informative References . . . . . . . . . . . . . . . . . 44 128 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 130 1. Introduction 132 RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) 133 [RFC6550] is a routing protocol for constrained networks. RFC 6553 134 [RFC6553] defines the "RPL option" (RPI), carried within the IPv6 135 Hop-by-Hop header to quickly identify inconsistencies (loops) in the 136 routing topology. RFC 6554 [RFC6554] defines the "RPL Source Route 137 Header" (RH3), an IPv6 Extension Header to deliver datagrams within a 138 RPL routing domain, particularly in non-storing mode. 140 These various items are referred to as RPL artifacts, and they are 141 seen on all of the data-plane traffic that occurs in RPL routed 142 networks; they do not in general appear on the RPL control plane 143 traffic at all which is mostly hop-by-hop traffic (one exception 144 being DAO messages in non-storing mode). 146 It has become clear from attempts to do multi-vendor 147 interoperability, and from a desire to compress as many of the above 148 artifacts as possible that not all implementors agree when artifacts 149 are necessary, or when they can be safely omitted, or removed. 151 An interim meeting went through the 24 cases defined here to discover 152 if there were any shortcuts, and this document is the result of that 153 discussion. This document clarifies what is the correct and the 154 incorrect behaviour. 156 The related document A Routing Header Dispatch for 6LoWPAN (6LoRH) 157 [RFC8138] defines a method to compress RPL Option information and 158 Routing Header type 3 [RFC6554], an efficient IP-in-IP technique, and 159 use cases proposed for the [Second6TischPlugtest] involving 6loRH. 161 2. Terminology and Requirements Language 163 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 164 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 165 document are to be interpreted as described in RFC 2119 [RFC2119]. 167 Terminology defined in [RFC7102] applies to this document: LBR, LLN, 168 RPL, RPL Domain and ROLL. 170 RPL-node: A device which implements RPL, thus we can say that the 171 device is RPL-capable or RPL-aware. Please note that the device can 172 be found inside the LLN or outside LLN. In this document a RPL-node 173 which is a leaf of a DODAG is called RPL-aware-leaf. 175 RPL-not-capable: A device which does not implement RPL, thus we can 176 say that the device is not-RPL-aware. Please note that the device 177 can be found inside the LLN. In this document a not-RPL-aware node 178 which is a leaf of a DODAG is called not-RPL-aware-leaf. 180 pledge: a new device which seeks admission to a network. (from 181 [I-D.ietf-anima-bootstrapping-keyinfra]) 183 Join Registrar and Coordinator (JRC): a device which brings new nodes 184 (pledges) into a network. (from 185 [I-D.ietf-anima-bootstrapping-keyinfra]) 187 Flag day: A "flag day" is a procedure in which the network, or a part 188 of it, is changed during a planned outage, or suddenly, causing an 189 outage while the network recovers [RFC4192] 191 2.1. hop-by-hop IPv6-in-IPv6 headers 193 The term "hop-by-hop IPv6-in-IPv6" header refers to: adding a header 194 that originates from a node to an adjacent node, using the addresses 195 (usually the GUA or ULA, but could use the link-local addresses) of 196 each node. If the packet must traverse multiple hops, then it must 197 be decapsulated at each hop, and then re-encapsulated again in a 198 similar fashion. 200 3. Updates to RFC6553, RFC6550 and RFC 8138 202 3.1. Updates to RFC 6553 204 This modification is required to be able to send, for example, IPv6 205 packets from a RPL-aware-leaf to a not-RPL-aware node through 206 Internet (see Section 6.2.1), without requiring IP-in-IP 207 encapsulation. 209 [RFC6553] states as showed below, that in the Option Type field of 210 the RPL Option header, the two high order bits MUST be set to '01' 211 and the third bit is equal to '1'. The first two bits indicate that 212 the IPv6 node MUST discard the packet if it doesn't recognize the 213 option type, and the third bit indicates that the Option Data may 214 change en route. The remaining bits serve as the option type. 216 Hex Value Binary Value 217 act chg rest Description Reference 218 --------- --- --- ------- ----------------- ---------- 219 0x63 01 1 00011 RPL Option [RFC6553] 221 Figure 1: Option Type in RPL Option. 223 Recent changes in [RFC8200] (section 4, page 8), states: "it is now 224 expected that nodes along a packet's delivery path only examine and 225 process the Hop-by-Hop Options header if explicitly configured to do 226 so". Processing of the Hop-by-Hop Options header (by IPv6 227 intermediate nodes) is now optional, but if they are configured to 228 process the header, and if such nodes encounter an option with the 229 first two bits set to 01, they will drop the packet (if they conform 230 to [RFC8200]). Host systems should do the same, irrespective of the 231 configuration. 233 Based on That, if an IPv6 (intermediate) node (RPL-not-capable) 234 receives a packet with an RPL Option, it should ignore the HBH RPL 235 option (skip over this option and continue processing the header). 237 This is relevant, as we mentioned previously, in the case that we 238 have a flow from RPL-aware-leaf to Internet (see Section 6.2.1). 240 Thus, this document updates the Option Type field to: the two high 241 order bits MUST be set to '00' and the third bit is equal to '1'. 242 The first two bits indicate that the IPv6 node MUST skip over this 243 option and continue processing the header ([RFC8200] Section 4.2) if 244 it doesn't recognize the option type, and the third bit continues to 245 be set to indicate that the Option Data may change en route. The 246 remaining bits serve as the option type and remain as 0x3. This 247 ensures that a packet that leaves the RPL domain of an LLN (or that 248 leaves the LLN entirely) will not be discarded when it contains the 249 [RFC6553] RPL Hop-by-Hop option known as RPI. 251 This is a significant update to [RFC6553]. [RFCXXXX] represents this 252 document. 254 Hex Value Binary Value 255 act chg rest Description Reference 256 --------- --- --- ------- ----------------- ---------- 257 0x23 00 1 00011 RPL Option [RFCXXXX] 259 Figure 2: Revised Option Type in RPL Option. 261 This change creates a flag day for existing networks which are 262 currently using 0x63 as the RPI value. A move to 0x23 will not be 263 understood by those networks. It is suggested that implementations 264 accept both 0x63 and 0x23 when processing. 266 When forwarding packets, implementations SHOULD use the same value as 267 it was received (This is required because, RPI type code can not be 268 changed by [RFC8200]). It allows to the network to be incrementally 269 upgraded, and for the DODAG root to know which parts of the network 270 are upgraded. 272 When originating new packets, implementations SHOULD have an option 273 to determine which value to originate with, this option is controlled 274 by the DIO option described below. 276 A network which is switching from straight 6lowpan compression 277 mechanism to those described in [RFC8138] will experience a flag day 278 in the data compression anyway, and if possible this change can be 279 deployed at the same time. 281 3.2. Updates to RFC 8138 283 RPI-6LoRH header provides a compressed form for the RPL RPI 284 [RFC8138]. It should be considered when the Option Type in RPL 285 Option is decompressed, should take the value of 0x23 instead of 286 0x63. 288 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 289 Configuration Option Flag. 291 In order to avoid a flag day caused by lack of interoperation between 292 new RPI (0x23) and old RPI (0x63) nodes, when there is a mix of new 293 nodes and old nodes, the new nodes may be put into a compatibility 294 mode until all of the old nodes are replaced or upgraded. 296 This can be done via a DODAG Configuration Option flag which will 297 propogate through the network. Failure to receive this information 298 will cause new nodes to remain in compatibility mode, and originate 299 traffic with the old-RPI (0x63) value. 301 As stated in [RFC6550] the DODAG Configuration option is present in 302 DIO messages. The DODAG Configuration option distributes 303 configuration information. It is generally static, and does not 304 change within the DODAG. This information is configured at the DODAG 305 root and distributed throughout the DODAG with the DODAG 306 Configuration option. Nodes other than the DODAG root do not modify 307 this information when propagating the DODAG Configuration option. 309 The DODAG Configuration Option has a Flags field which is modified by 310 this document. Currently, the DODAG Configuration Option in 311 [RFC6550] is as follows. . 313 Flags: The 4-bits remaining unused in the Flags field are reserved 314 for flags. The field MUST be initialized to zero by the sender and 315 MUST be ignored by the receiver. 317 0 1 2 3 318 +-----------------+---------------------------------------------------+ 319 | Type = 0x04 | Opt Length = 14| Flags | A | PCS| DIOIntDoubl. | 320 +---------------------------------------------------------------------+ 321 | DIOIntMin. | DIORedund. | MaxRankIncrease | 322 +-----------------+---------------------------------------------------+ 323 | MinHopRankIncrease | OCP | 324 +-----------------+---------------------------------------------------+ 325 |Reserved | Def. Lifetime | Lifetime Unit | 326 +-----------------+-----------------+---------------------------------+ 328 Figure 3: DODAG Configuration Option. 330 Bit number three of flag field in the DODAG Configuration option is 331 to be used as follows: 333 +------------+-----------------+---------------+ 334 | Bit number | Description | Reference | 335 +------------+-----------------+---------------+ 336 | 3 | RPI 0x23 enable | This document | 337 +------------+-----------------+---------------+ 339 Figure 4: DODAG Configuration Option Flag to indicate the RPI-flag- 340 day. 342 In case of rebooting, the node does not remember the flag. Thus, the 343 DIO is sent with flag indicating the new RPI value. 345 4. Sample/reference topology 347 A RPL network in general is composed of a 6LBR (6LoWPAN Border 348 Router), Backbone Router (6BBR), 6LR (6LoWPAN Router) and 6LN 349 (6LoWPAN Node) as leaf logically organized in a DODAG structure. 350 (Destination Oriented Directed Acyclic Graph). 352 RPL defines the RPL Control messages (control plane), a new ICMPv6 353 [RFC4443] message with Type 155. DIS (DODAG Information 354 Solicitation), DIO (DODAG Information Object) and DAO (Destination 355 Advertisement Object) messages are all RPL Control messages but with 356 different Code values. A RPL Stack is showed in Figure 5. 358 RPL supports two modes of Downward traffic: in storing mode (RPL-SM), 359 it is fully stateful; in non-storing (RPL-NSM), it is fully source 360 routed. A RPL Instance is either fully storing or fully non-storing, 361 i.e. a RPL Instance with a combination of storing and non-storing 362 nodes is not supported with the current specifications at the time of 363 writing this document. 365 +--------------+ 366 | Upper Layers | 367 | | 368 +--------------+ 369 | RPL | 370 | | 371 +--------------+ 372 | ICMPv6 | 373 | | 374 +--------------+ 375 | IPv6 | 376 | | 377 +--------------+ 378 | 6LoWPAN | 379 | | 380 +--------------+ 381 | PHY-MAC | 382 | | 383 +--------------+ 385 Figure 5: RPL Stack. 387 +------------+ 388 | INTERNET ----------+ 389 | | | 390 +------------+ | 391 | 392 | 393 | 394 A | 395 +-------+ 396 |6LBR | 397 +-----------|(root) |-------+ 398 | +-------+ | 399 | | 400 | | 401 | | 402 | | 403 | B |C 404 +---|---+ +---|---+ 405 | 6LR | | 6LR | 406 +-------->| |--+ +--- ---+ 407 | +-------+ | | +-------+ | 408 | | | | 409 | | | | 410 | | | | 411 | | | | 412 | D | E | | 413 +-|-----+ +---|---+ | | 414 | 6LR | | 6LR | | | 415 | | +------ | | | 416 +---|---+ | +---|---+ | | 417 | | | | | 418 | | +--+ | | 419 | | | | | 420 | | | | | 421 | | | I | J | 422 F | | G | H | | 423 +-----+-+ +-|-----+ +---|--+ +---|---+ +---|---+ 424 | Raf | | ~Raf | | Raf | | Raf | | ~Raf | 425 | 6LN | | 6LN | | 6LN | | 6LN | | 6LN | 426 +-------+ +-------+ +------+ +-------+ +-------+ 428 Figure 6: A reference RPL Topology. 430 Figure 2 shows the reference RPL Topology for this document. The 431 letters above the nodes are there so that they may be referenced in 432 subsequent sections. In the figure, 6LR represents a full router 433 node. The 6LN is a RPL aware router, or host. 435 But, the 6LN leaves (Raf - "RPL aware leaf"-) marked as (F, H and I) 436 are RPL nodes with no children hosts. 438 The leafs marked as ~Raf "not-RPL aware leaf" (G and J) are devices 439 which do not speak RPL at all (not-RPL-aware), but uses Router- 440 Advertisements, 6LowPAN DAR/DAC and efficient-ND only to participate 441 in the network [RFC6775]. In the document these leafs (G and J) are 442 also refered to as an IPv6 node. 444 The 6LBR ("A") in the figure is the root of the Global DODAG. 446 5. Use cases 448 In the data plane a combination of RFC6553, RFC6554 and IPv6-in-IPv6 449 encapsulation are going to be analyzed for a number of representative 450 traffic flows. 452 This document assumes that the LLN is using the no-drop RPI option 453 (0x23). 455 The uses cases describe the communication between RPL-aware-nodes, 456 with the root (6LBR), and with Internet. This document also describe 457 the communication between nodes acting as leaves that do not 458 understand RPL, but are part of the LLN. We name these nodes as not- 459 RPL-aware-leaf. (e.g. Section 6.1.4 Flow from not-RPL-aware-leaf to 460 root) We describe also how is the communication inside of the LLN 461 when it has the final destination addressed outside of the LLN e.g. 462 with destination to Internet. (e.g. Section 6.2.3 Flow from not- 463 RPL-aware-leaf to Internet) 465 The uses cases comprise as follow: 467 Interaction between Leaf and Root: 469 RPL-aware-leaf to root 471 root to RPL-aware-leaf 473 not-RPL-aware-leaf to root 475 root to not-RPL-aware-leaf 477 Interaction between Leaf and Internet: 479 RPL-aware-leaf to Internet 480 Internet to RPL-aware-leaf 482 not-RPL-aware-leaf to Internet 484 Internet to not-RPL-aware-leaf 486 Interaction between Leafs: 488 RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) 490 RPL-aware-leaf to not-RPL-aware-leaf (non-storing) 492 not-RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) 494 not-RPL-aware-leaf to not-RPL-aware-leaf (non-storing) 496 This document is consistent with the rule that a Header cannot be 497 inserted or removed on the fly inside an IPv6 packet that is being 498 routed. This is a fundamental precept of the IPv6 architecture as 499 outlined in [RFC8200]. Extensions may not be added or removed except 500 by the sender or the receiver. 502 However, unlike [RFC6553], the Hop-by-Hop Option Header used for the 503 RPI artifact has the first two bits set to '00'. This means that the 504 RPI artifact will be ignored when received by a host or router that 505 does not understand that option ( Section 4.2 [RFC8200]). 507 This means that when the no-drop RPI option code 0x23 is used, a 508 packet that leaves the RPL domain of an LLN (or that leaves the LLN 509 entirely) will not be discarded when it contains the [RFC6553] RPL 510 Hop-by-Hop option known as RPI. Thus, the RPI Hop-by-Hop option MAY 511 be left in place even if the end host does not understand it. 513 NOTE: There is some possible security risk when the RPI information 514 is released to the Internet. At this point this is a theoretical 515 situation; no clear attack has been described. At worst, it is clear 516 that the RPI option would waste some network bandwidth when it 517 escapes. This is traded off against the savings in the LLN by not 518 having to encapsulate the packet in order to remove the artifact. 520 Despite being legal to leave the RPI artifact in place, an 521 intermediate router that needs to add an extension header (SHR3 or 522 RPI Option) MUST still encapsulate the packet in an (additional) 523 outer IP header. The new header is placed after this new outer IP 524 header. 526 A corollory is that an SHR3 or RPI Option can only be removed by an 527 intermediate router if it is placed in an encapsulating IPv6 Header, 528 which is addressed TO the intermediate router. When it does so, the 529 whole encapsulating header must be removed. (A replacement may be 530 added). This sometimes can result in outer IP headers being 531 addressed to the next hop router using link-local addresses. 533 Both RPI and RH3 headers may be modified in very specific ways by 534 routers on the path of the packet without the need to add to remove 535 an encapsulating header. Both headers were designed with this 536 modification in mind, and both the RPL RH and the RPL option are 537 marked mutable but recoverable: so an IPsec AH security header can be 538 applied across these headers, but it can not secure the values which 539 mutate. 541 RPI should be present in every single RPL data packet. There is one 542 exception in non-storing mode: when a packet is going down from the 543 root. In a downward non-storing mode, the entire route is written, 544 so there can be no loops by construction, nor any confusion about 545 which forwarding table to use (as the root has already made all 546 routing decisions). However, there are still cases, such as in 547 6tisch, where the instanceID portion of the RPI header may still be 548 needed to pick an appropriate priority or channel at each hop. 550 In the tables present in this document, the term "RPL aware leaf" is 551 has been shortened to "Raf", and "not-RPL aware leaf" has been 552 shortened to "~Raf" to make the table fit in available space. 554 The earlier examples are more extensive to make sure that the process 555 is clear, while later examples are more concise. 557 6. Storing mode 559 In storing mode (fully stateful), the sender can determine if the 560 destination is inside the LLN by looking if the destination address 561 is matched by the DIO's PIO option. 563 The following table itemizes which headers are needed in the 564 following scenarios, and indicates if the IP-in-IP header must be 565 inserted on a hop-by-hop basis, or when it can target the destination 566 node directly. There are these possible situations: hop-by-hop 567 necessary (indicated by "hop"), or destination address possible 568 (indicated by "dst"). In all cases hop by hop MAY be used. 570 In cases where no IP-in-IP header is needed, the column is left 571 blank. 573 In all cases the RPI headers are needed, since it identifies 574 inconsistencies (loops) in the routing topology. In all cases the 575 RH3 is not needed because we do not indicate the route in storing 576 mode. 578 In each case, 6LR_i are the intermediate routers from source to 579 destination. "1 <= i >= n", n is the number of routers (6LR) that 580 the packet go through from source (6LN) to destination. 582 The leaf can be a router 6LR or a host, both indicated as 6LN (see 583 Figure 6). 585 +---------------------+--------------+----------+--------------+ 586 | Interaction between | Use Case | IP-in-IP | IP-in-IP dst | 587 +---------------------+--------------+----------+--------------+ 588 | | Raf to root | No | -- | 589 + +--------------+----------+--------------+ 590 | Leaf - Root | root to Raf | No | -- | 591 + +--------------+----------+--------------+ 592 | | root to ~Raf | No | -- | 593 + +--------------+----------+--------------+ 594 | | ~Raf to root | Yes | root | 595 +---------------------+--------------+----------+--------------+ 596 | | Raf to Int | No | -- | 597 + +--------------+----------+--------------+ 598 | Leaf - Internet | Int to Raf | Yes | Raf | 599 + +--------------+----------+--------------+ 600 | | ~Raf to Int | Yes | root | 601 + +--------------+----------+--------------+ 602 | | Int to ~Raf | Yes | hop | 603 +---------------------+--------------+----------+--------------+ 604 | | Raf to Raf | No | -- | 605 + +--------------+----------+--------------+ 606 | | Raf to ~Raf | No | -- | 607 + Leaf - Leaf +--------------+----------+--------------+ 608 | | ~Raf to Raf | Yes | dst | 609 + +--------------+----------+--------------+ 610 | | ~Raf to ~Raf | Yes | hop | 611 +---------------------+--------------+----------+--------------+ 613 Figure 7: IP-in-IP encapsulation in Storing mode. 615 6.1. Storing Mode: Interaction between Leaf and Root 617 In this section we are going to describe the communication flow in 618 storing mode (SM) between, 619 RPL-aware-leaf to root 621 root to RPL-aware-leaf 623 not-RPL-aware-leaf to root 625 root to not-RPL-aware-leaf 627 6.1.1. SM: Example of Flow from RPL-aware-leaf to root 629 In storing mode, RFC 6553 (RPI) is used to send RPL Information 630 instanceID and rank information. 632 As stated in Section 16.2 of [RFC6550] an RPL-aware-leaf node does 633 not generally issue DIO messages; a leaf node accepts DIO messages 634 from upstream. (When the inconsistency in routing occurs, a leaf 635 node will generate a DIO with an infinite rank, to fix it). It may 636 issue DAO and DIS messages though it generally ignores DAO and DIS 637 messages. 639 In this case the flow comprises: 641 RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) 643 For example, a communication flow could be: Node F --> Node E --> 644 Node B --> Node A root(6LBR) 646 As it was mentioned in this document 6LRs, 6LBR are always full- 647 fledged RPL routers. 649 The 6LN (Node F) inserts the RPI header, and sends the packet to 6LR 650 (Node E) which decrements the rank in RPI and sends the packet up. 651 When the packet arrives at 6LBR (Node A), the RPI is removed and the 652 packet is processed. 654 No IP-in-IP header is required. 656 The RPI header can be removed by the 6LBR because the packet is 657 addressed to the 6LBR. The 6LN must know that it is communicating 658 with the 6LBR to make use of this scenario. The 6LN can know the 659 address of the 6LBR because it knows the address of the root via the 660 DODAGID in the DIO messages. 662 +-------------------+-----+-------+------+ 663 | Header | 6LN | 6LR_i | 6LBR | 664 +-------------------+-----+-------+------+ 665 | Inserted headers | RPI | -- | -- | 666 | Removed headers | -- | -- | RPI | 667 | Re-added headers | -- | -- | -- | 668 | Modified headers | -- | RPI | -- | 669 | Untouched headers | -- | -- | -- | 670 +-------------------+-----+-------+------+ 672 Storing: Summary of the use of headers from RPL-aware-leaf to root 674 6.1.2. SM: Example of Flow from root to RPL-aware-leaf 676 In this case the flow comprises: 678 root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 680 For example, a communication flow could be: Node A root(6LBR) --> 681 Node B --> Node D --> Node F 683 In this case the 6LBR inserts RPI header and sends the packet down, 684 the 6LR is going to increment the rank in RPI (it examines the 685 instanceID to identify the right forwarding table), the packet is 686 processed in the 6LN and the RPI removed. 688 No IP-in-IP header is required. 690 +-------------------+------+-------+------+ 691 | Header | 6LBR | 6LR_i | 6LN | 692 +-------------------+------+-------+------+ 693 | Inserted headers | RPI | -- | -- | 694 | Removed headers | -- | -- | RPI | 695 | Re-added headers | -- | -- | -- | 696 | Modified headers | -- | RPI | -- | 697 | Untouched headers | -- | -- | -- | 698 +-------------------+------+-------+------+ 700 Storing: Summary of the use of headers from root to RPL-aware-leaf 702 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf 704 In this case the flow comprises: 706 root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 708 For example, a communication flow could be: Node A root(6LBR) --> 709 Node B --> Node E --> Node G 710 As the RPI extension can be ignored by the not-RPL-aware leaf, this 711 situation is identical to the previous scenario. 713 +-------------------+------+-------+----------------+ 714 | Header | 6LBR | 6LR_i | IPv6 | 715 +-------------------+------+-------+----------------+ 716 | Inserted headers | RPI | -- | -- | 717 | Removed headers | -- | -- | -- | 718 | Re-added headers | -- | -- | -- | 719 | Modified headers | -- | RPI | -- | 720 | Untouched headers | -- | -- | RPI (Ignored) | 721 +-------------------+------+-------+----------------+ 723 Storing: Summary of the use of headers from root to not-RPL-aware- 724 leaf 726 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root 728 In this case the flow comprises: 730 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) 732 For example, a communication flow could be: Node G --> Node E --> 733 Node B --> Node A root(6LBR) 735 When the packet arrives from IPv6 node (Node G) to 6LR_1 (Node E), 736 the 6LR_1 will insert a RPI header, encapsuladed in a IPv6-in-IPv6 737 header. The IPv6-in-IPv6 header can be addressed to the next hop 738 (Node B), or to the root (Node A). The root removes the header and 739 processes the packet. 741 +------------+------+---------------+---------------+---------------+ 742 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | 743 +------------+------+---------------+---------------+---------------+ 744 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 745 | headers | | | | | 746 | Removed | -- | -- | -- | IP-in-IP(RPI) | 747 | headers | | | | | 748 | Re-added | -- | -- | -- | -- | 749 | headers | | | | | 750 | Modified | -- | -- | IP-in-IP(RPI) | -- | 751 | headers | | | | | 752 | Untouched | -- | -- | -- | -- | 753 | headers | | | | | 754 +------------+------+---------------+---------------+---------------+ 756 Storing: Summary of the use of headers from not-RPL-aware-leaf to 757 root 759 6.2. Storing Mode: Interaction between Leaf and Internet 761 In this section we are going to describe the communication flow in 762 storing mode (SM) between, 764 RPL-aware-leaf to Internet 766 Internet to RPL-aware-leaf 768 not-RPL-aware-leaf to Internet 770 Internet to not-RPL-aware-leaf 772 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet 774 RPL information from RFC 6553 MAY go out to Internet as it will be 775 ignored by nodes which have not been configured to be RPI aware. 777 In this case the flow comprises: 779 RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet 781 For example, the communication flow could be: Node F --> Node D --> 782 Node B --> Node A root(6LBR) --> Internet 784 No IP-in-IP header is required. 786 Note: In this use case we use a node as leaf, but this use case can 787 be also applicable to any RPL-node type (e.g. 6LR) 789 +-------------------+------+-------+------+----------------+ 790 | Header | 6LN | 6LR_i | 6LBR | Internet | 791 +-------------------+------+-------+------+----------------+ 792 | Inserted headers | RPI | -- | -- | -- | 793 | Removed headers | -- | -- | -- | -- | 794 | Re-added headers | -- | -- | -- | -- | 795 | Modified headers | -- | RPI | -- | -- | 796 | Untouched headers | -- | -- | RPI | RPI (Ignored) | 797 +-------------------+------+-------+------+----------------+ 799 Storing: Summary of the use of headers from RPL-aware-leaf to 800 Internet 802 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf 804 In this case the flow comprises: 806 Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 807 For example, a communication flow could be: Internet --> Node A 808 root(6LBR) --> Node B --> Node D --> Node F 810 When the packet arrives from Internet to 6LBR the RPI header is added 811 in a outer IPv6-in-IPv6 header and sent to 6LR, which modifies the 812 rank in the RPI. When the packet arrives at 6LN the RPI header is 813 removed and the packet processed. 815 +----------+---------+--------------+---------------+---------------+ 816 | Header | Interne | 6LBR | 6LR_i | 6LN | 817 | | t | | | | 818 +----------+---------+--------------+---------------+---------------+ 819 | Inserted | -- | IP-in- | -- | -- | 820 | headers | | IP(RPI) | | | 821 | Removed | -- | -- | -- | IP-in-IP(RPI) | 822 | headers | | | | | 823 | Re-added | -- | -- | -- | -- | 824 | headers | | | | | 825 | Modified | -- | -- | IP-in-IP(RPI) | -- | 826 | headers | | | | | 827 | Untouche | -- | -- | -- | -- | 828 | d | | | | | 829 | headers | | | | | 830 +----------+---------+--------------+---------------+---------------+ 832 Storing: Summary of the use of headers from Internet to RPL-aware- 833 leaf 835 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to Internet 837 In this case the flow comprises: 839 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> 840 Internet 842 For example, a communication flow could be: Node G --> Node E --> 843 Node B --> Node A root(6LBR) --> Internet 845 The 6LR_1 (i=1) node will add an IP-in-IP(RPI) header addressed 846 either to the root, or hop-by-hop such that the root can remove the 847 RPI header before passing upwards. The IP-in-IP addressed to the 848 root cause less processing overhead. On the other hand, with hop-by- 849 hop the intermediate routers can check the routing tables for a 850 better routing path, thus it could be more efficient and faster. 851 Implementation should decide wich approach to take. 853 The originating node will ideally leave the IPv6 flow label as zero 854 so that the packet can be better compressed through the LLN. The 855 6LBR will set the flow label of the packet to a non-zero value when 856 sending to the Internet. 858 +---------+-----+-------------+-------------+-------------+---------+ 859 | Header | IPv | 6LR_1 | 6LR_i | 6LBR | Interne | 860 | | 6 | | [i=2,..,n]_ | | t | 861 +---------+-----+-------------+-------------+-------------+---------+ 862 | Inserte | -- | IP-in- | -- | -- | -- | 863 | d | | IP(RPI) | | | | 864 | headers | | | | | | 865 | Removed | -- | -- | -- | IP-in- | -- | 866 | headers | | | | IP(RPI) | | 867 | Re- | -- | -- | -- | -- | -- | 868 | added | | | | | | 869 | headers | | | | | | 870 | Modifie | -- | -- | IP-in- | -- | -- | 871 | d | | | IP(RPI) | | | 872 | headers | | | | | | 873 | Untouch | -- | -- | -- | -- | -- | 874 | ed | | | | | | 875 | headers | | | | | | 876 +---------+-----+-------------+-------------+-------------+---------+ 878 Storing: Summary of the use of headers from not-RPL-aware-leaf to 879 Internet 881 6.2.4. SM: Example of Flow from Internet to non-RPL-aware-leaf 883 In this case the flow comprises: 885 Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 887 For example, a communication flow could be: Internet --> Node A 888 root(6LBR) --> Node B --> Node E --> Node G 890 The 6LBR will have to add an RPI header within an IP-in-IP header. 891 The IP-in-IP is addressed to the not-RPL-aware-leaf, leaving the RPI 892 inside. 894 Note that there is a requirement that the final node be able to 895 remove one or more IP-in-IP headers which are all addressed to it, 896 mentioned in [I-D.thubert-roll-unaware-leaves] : 898 "RPL data packets are often encapsulated using IP in IP. The 6LN 899 MUST be able to decapsulate a packet when it is the destination of 900 the outer header and process correctly the inner header." 901 The 6LBR MAY set the flow label on the inner IP-in-IP header to zero 902 in order to aid in compression. 904 +-----------+----------+---------------+---------------+------------+ 905 | Header | Internet | 6LBR | 6LR_i | IPv6 | 906 +-----------+----------+---------------+---------------+------------+ 907 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 908 | headers | | | | | 909 | Removed | -- | -- | -- | -- | 910 | headers | | | | | 911 | Re-added | -- | -- | -- | -- | 912 | headers | | | | | 913 | Modified | -- | -- | IP-in-IP(RPI) | -- | 914 | headers | | | | | 915 | Untouched | -- | -- | -- | RPI | 916 | headers | | | | (Ignored) | 917 +-----------+----------+---------------+---------------+------------+ 919 Storing: Summary of the use of headers from Internet to non-RPL- 920 aware-leaf 922 6.3. Storing Mode: Interaction between Leaf and Leaf 924 In this section we are going to describe the communication flow in 925 storing mode (SM) between, 927 RPL-aware-leaf to RPL-aware-leaf 929 RPL-aware-leaf to not-RPL-aware-leaf 931 not-RPL-aware-leaf to RPL-aware-leaf 933 not-RPL-aware-leaf to not-RPL-aware-leaf 935 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware-leaf 937 In [RFC6550] RPL allows a simple one-hop optimization for both 938 storing and non-storing networks. A node may send a packet destined 939 to a one-hop neighbor directly to that node. See section 9 in 940 [RFC6550]. 942 When the nodes are not directly connected, then in storing mode, the 943 flow comprises: 945 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> 6LN 947 For example, a communication flow could be: Node F --> Node D --> 948 Node B --> Node E --> Node H 949 6LR_ia (Node D) are the intermediate routers from source to the 950 common parent (6LR_x) (Node B) In this case, "1 <= ia >= n", n is the 951 number of routers (6LR) that the packet go through from 6LN (Node F) 952 to the common parent (6LR_x). 954 6LR_id (Node E) are the intermediate routers from the common parent 955 (6LR_x) (Node B) to destination 6LN (Node H). In this case, "1 <= id 956 >= m", m is the number of routers (6LR) that the packet go through 957 from the common parent (6LR_x) to destination 6LN. 959 It is assume that the two nodes are in the same RPL Domain (that they 960 share the same DODAG root). At the common parent (Node B), the 961 direction of RPI is changed (from increasing to decreasing the rank). 963 While the 6LR nodes will update the RPI, no node needs to add or 964 remove the RPI, so no IP-in-IP headers are necessary. This may be 965 done regardless of where the destination is, as the included RPI will 966 be ignored by the receiver. 968 +---------------+--------+--------+---------------+--------+--------+ 969 | Header | 6LN | 6LR_ia | 6LR_x (common | 6LR_id | 6LN | 970 | | src | | parent) | | dst | 971 +---------------+--------+--------+---------------+--------+--------+ 972 | Inserted | RPI | -- | -- | -- | -- | 973 | headers | | | | | | 974 | Removed | -- | -- | -- | -- | RPI | 975 | headers | | | | | | 976 | Re-added | -- | -- | -- | -- | -- | 977 | headers | | | | | | 978 | Modified | -- | RPI | RPI | RPI | -- | 979 | headers | | | | | | 980 | Untouched | -- | -- | -- | -- | -- | 981 | headers | | | | | | 982 +---------------+--------+--------+---------------+--------+--------+ 984 Storing: Summary of the use of headers for RPL-aware-leaf to RPL- 985 aware-leaf 987 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL-aware-leaf 989 In this case the flow comprises: 991 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> not-RPL-aware 992 6LN (IPv6) 994 For example, a communication flow could be: Node F --> Node D --> 995 Node B --> Node E --> Node G 996 6LR_ia are the intermediate routers from source (6LN) to the common 997 parent (6LR_x) In this case, "1 <= ia >= n", n is the number of 998 routers (6LR) that the packet go through from 6LN to the common 999 parent (6LR_x). 1001 6LR_id (Node E) are the intermediate routers from the common parent 1002 (6LR_x) (Node B) to destination not-RPL-aware 6LN (IPv6) (Node G). 1003 In this case, "1 <= id >= m", m is the number of routers (6LR) that 1004 the packet go through from the common parent (6LR_x) to destination 1005 6LN. 1007 This situation is identical to the previous situation Section 6.3.1 1009 +-----------+------+--------+---------------+--------+--------------+ 1010 | Header | 6LN | 6LR_ia | 6LR_x(common | 6LR_id | IPv6 | 1011 | | src | | parent) | | | 1012 +-----------+------+--------+---------------+--------+--------------+ 1013 | Inserted | RPI | -- | -- | -- | -- | 1014 | headers | | | | | | 1015 | Removed | -- | -- | -- | -- | -- | 1016 | headers | | | | | | 1017 | Re-added | -- | -- | -- | -- | -- | 1018 | headers | | | | | | 1019 | Modified | -- | RPI | RPI | RPI | -- | 1020 | headers | | | | | | 1021 | Untouched | -- | -- | -- | -- | RPI(Ignored) | 1022 | headers | | | | | | 1023 +-----------+------+--------+---------------+--------+--------------+ 1025 Storing: Summary of the use of headers for RPL-aware-leaf to non-RPL- 1026 aware-leaf 1028 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL-aware-leaf 1030 In this case the flow comprises: 1032 not-RPL-aware 6LN (IPv6) --> 6LR_ia --> common parent (6LR_x) --> 1033 6LR_id --> 6LN 1035 For example, a communication flow could be: Node G --> Node E --> 1036 Node B --> Node D --> Node F 1038 6LR_ia (Node E) are the intermediate routers from source (not-RPL- 1039 aware 6LN (IPv6)) (Node G) to the common parent (6LR_x) (Node B). In 1040 this case, "1 <= ia >= n", n is the number of routers (6LR) that the 1041 packet go through from source to the common parent. 1043 6LR_id (Node D) are the intermediate routers from the common parent 1044 (6LR_x) (Node B) to destination 6LN (Node F). In this case, "1 <= id 1045 >= m", m is the number of routers (6LR) that the packet go through 1046 from the common parent (6LR_x) to destination 6LN. 1048 The 6LR_ia (ia=1) (Node E) receives the packet from the the IPv6 node 1049 (Node G) and inserts and the RPI header encapsulated in IPv6-in-IPv6 1050 header. The IP-in-IP header is addressed to the destination 6LN 1051 (Node F). 1053 +--------+------+------------+------------+------------+------------+ 1054 | Header | IPv6 | 6LR_ia | common | 6LR_id | 6LN | 1055 | | | | parent | | | 1056 | | | | (6LRx) | | | 1057 +--------+------+------------+------------+------------+------------+ 1058 | Insert | -- | IP-in- | -- | -- | -- | 1059 | ed hea | | IP(RPI) | | | | 1060 | ders | | | | | | 1061 | Remove | -- | -- | -- | -- | IP-in- | 1062 | d head | | | | | IP(RPI) | 1063 | ers | | | | | | 1064 | Re- | -- | -- | -- | -- | -- | 1065 | added | | | | | | 1066 | header | | | | | | 1067 | s | | | | | | 1068 | Modifi | -- | -- | IP-in- | IP-in- | -- | 1069 | ed hea | | | IP(RPI) | IP(RPI) | | 1070 | ders | | | | | | 1071 | Untouc | -- | -- | -- | -- | -- | 1072 | hed he | | | | | | 1073 | aders | | | | | | 1074 +--------+------+------------+------------+------------+------------+ 1076 Storing: Summary of the use of headers from not-RPL-aware-leaf to 1077 RPL-aware-leaf 1079 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not-RPL-aware- 1080 leaf 1082 In this case the flow comprises: 1084 not-RPL-aware 6LN (IPv6 src)--> 6LR_1--> 6LR_ia --> 6LR_id --> not- 1085 RPL-aware 6LN (IPv6 dst) 1087 For example, a communication flow could be: Node G --> Node E --> 1088 Node B --> Node A (root) --> Node C --> Node J 1089 Internal nodes 6LR_ia (e.g: Node E or Node B) are the intermediate 1090 routers from the not-RPL-aware source (Node G) to the root (6LBR) 1091 (Node A). In this case, "1 < ia >= n", n is the number of routers 1092 (6LR) that the packet go through from IPv6 src to the root. 1094 6LR_id (C) are the intermediate routers from the root (Node A) to the 1095 destination Node J. In this case, "1 <= id >= m", m is the number of 1096 routers (6LR) that the packet go through from the root to destination 1097 (IPv6 dst). 1099 Note that this flow is identical to Section 6.3.3, except for where 1100 the IPIP header is inserted. 1102 The 6LR_1 (Node E) receives the packet from the the IPv6 node (Node 1103 G) and inserts the RPI header (RPIa), encapsulated in an IPv6-in-IPv6 1104 header. The IPv6-in-IPv6 header is addressed to the final 1105 destination. 1107 +----------+-----+-------------+--------------+--------------+------+ 1108 | Header | IPv | 6LR_1 | 6LR_ia | 6LR_m | IPv6 | 1109 | | 6 | | | | dst | 1110 | | src | | | | | 1111 +----------+-----+-------------+--------------+--------------+------+ 1112 | Inserted | -- | IP-in- | -- | -- | -- | 1113 | headers | | IP(RPI) | | | | 1114 | Removed | -- | -- | -- | -- | -- | 1115 | headers | | | | | | 1116 | Re-added | -- | -- | -- | -- | -- | 1117 | headers | | | | | | 1118 | Modified | -- | -- | IP-in- | IP-in- | -- | 1119 | headers | | | IP(RPI) | IP(RPI) | | 1120 | Untouche | -- | -- | -- | -- | -- | 1121 | d | | | | | | 1122 | headers | | | | | | 1123 +----------+-----+-------------+--------------+--------------+------+ 1125 Storing: Summary of the use of headers from not-RPL-aware-leaf to 1126 non-RPL-aware-leaf 1128 7. Non Storing mode 1130 In Non Storing Mode (Non SM) (fully source routed), the 6LBR (DODAG 1131 root) has complete knowledge about the connectivity of all DODAG 1132 nodes, and all traffic flows through the root node. Thus, there is 1133 no need for all nodes to know about the existence of non-RPL aware 1134 nodes. Only the 6LBR needs to act if compensation is necessary for 1135 non-RPL aware receivers. 1137 The following table summarizes what headers are needed in the 1138 following scenarios, and indicates when the RPI, RH3 and IP-in-IP 1139 header must be inserted. There are these possible situations: 1140 destination address possible (indicated by "dst"), to a 6LR, to a 6LN 1141 or to the root. In cases where no IP-in-IP header is needed, the 1142 column is left blank. 1144 The leaf can be a router 6LR or a host, both indicated as 6LN 1145 (Figure 3). 1147 +-----------------+--------------+-----+-----+----------+----------+ 1148 | Interaction | Use Case | RPI | RH3 | IP-in-IP | IP-in-IP | 1149 | between | | | | | dst | 1150 +-----------------+--------------+-----+-----+----------+----------+ 1151 | | Raf to root | Yes | No | No | -- | 1152 + +--------------+-----+-----+----------+----------+ 1153 | Leaf - Root | root to Raf | Opt | Yes | No | -- | 1154 + +--------------+-----+-----+----------+----------+ 1155 | | root to ~Raf |no(1)| Yes | Yes | 6LR | 1156 + +--------------+-----+-----+----------+----------+ 1157 | | ~Raf to root | Yes | No | Yes | root | 1158 +-----------------+--------------+-----+-----+----------+----------+ 1159 | | Raf to Int | Yes | No | Yes | root | 1160 + +--------------+-----+-----+----------+----------+ 1161 | Leaf - Internet | Int to Raf |no(1)| Yes | Yes | dst | 1162 + +--------------+-----+-----+----------+----------+ 1163 | | ~Raf to Int | Yes | No | Yes | root | 1164 + +--------------+-----+-----+----------+----------+ 1165 | | Int to ~Raf |no(1)| Yes | Yes | 6LR | 1166 +-----------------+--------------+-----+-----+----------+----------+ 1167 | | Raf to Raf | Yes | Yes | Yes | root/dst | 1168 + +--------------+-----+-----+----------+----------+ 1169 | | Raf to ~Raf | Yes | Yes | Yes | root/6LR | 1170 + Leaf - Leaf +--------------+-----+-----+----------+----------+ 1171 | | ~Raf to Raf | Yes | Yes | Yes | root/6LN | 1172 + +--------------+-----+-----+----------+----------+ 1173 | | ~Raf to ~Raf | Yes | Yes | Yes | root/6LR | 1174 +-----------------+--------------+-----+-----+----------+----------+ 1176 (1)-6tisch networks may need the RPI information. 1178 Figure 8: Headers needed in Non-Storing mode: RPI, RH3, IP-in-IP 1179 encapsulation. 1181 7.1. Non-Storing Mode: Interaction between Leaf and Root 1183 In this section we are going to describe the communication flow in 1184 Non Storing Mode (Non-SM) between, 1186 RPL-aware-leaf to root 1188 root to RPL-aware-leaf 1190 not-RPL-aware-leaf to root 1192 root to not-RPL-aware-leaf 1194 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root 1196 In non-storing mode the leaf node uses default routing to send 1197 traffic to the root. The RPI header must be included to avoid/detect 1198 loops. 1200 RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) 1202 For example, a communication flow could be: Node F --> Node D --> 1203 Node B --> Node A (root) 1205 6LR_i are the intermediate routers from source to destination. In 1206 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1207 packet go through from source (6LN) to destination (6LBR). 1209 This situation is the same case as storing mode. 1211 +-------------------+-----+-------+------+ 1212 | Header | 6LN | 6LR_i | 6LBR | 1213 +-------------------+-----+-------+------+ 1214 | Inserted headers | RPI | -- | -- | 1215 | Removed headers | -- | -- | RPI | 1216 | Re-added headers | -- | -- | -- | 1217 | Modified headers | -- | RPI | -- | 1218 | Untouched headers | -- | -- | -- | 1219 +-------------------+-----+-------+------+ 1221 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1222 root 1224 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf 1226 In this case the flow comprises: 1228 root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 1229 For example, a communication flow could be: Node A (root) --> Node B 1230 --> Node D --> Node F 1232 6LR_i are the intermediate routers from source to destination. In 1233 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1234 packet go through from source (6LBR) to destination (6LN). 1236 The 6LBR will insert an RH3, and may optionally insert an RPI header. 1237 No IP-in-IP header is necessary as the traffic originates with an RPL 1238 aware node, the 6LBR. The destination is known to RPL-aware because, 1239 the root knows the whole topology in non-storing mode. 1241 +-------------------+-----------------+-------+----------+ 1242 | Header | 6LBR | 6LR_i | 6LN | 1243 +-------------------+-----------------+-------+----------+ 1244 | Inserted headers | (opt: RPI), RH3 | -- | -- | 1245 | Removed headers | -- | -- | RH3,RPI | 1246 | Re-added headers | -- | -- | -- | 1247 | Modified headers | -- | RH3 | -- | 1248 | Untouched headers | -- | -- | -- | 1249 +-------------------+-----------------+-------+----------+ 1251 Non Storing: Summary of the use of headers from root to RPL-aware- 1252 leaf 1254 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware-leaf 1256 In this case the flow comprises: 1258 root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 1260 For example, a communication flow could be: Node A (root) --> Node B 1261 --> Node E --> Node G 1263 6LR_i are the intermediate routers from source to destination. In 1264 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1265 packet go through from source (6LBR) to destination (IPv6). 1267 In 6LBR the RH3 is added, it is modified at each intermediate 6LR 1268 (6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n), 1269 but left there. If RPI is left present, the IPv6 node which does not 1270 understand it will ignore it (following RFC8200), thus encapsulation 1271 is not necesary. Due the complete knowledge of the topology at the 1272 root, the 6LBR may optionally address the IP-in-IP header to the last 1273 6LR, such that it is removed prior to the IPv6 node. 1275 +---------------+-------------+---------------+--------------+------+ 1276 | Header | 6LBR | 6LR_i(i=1) | 6LR_n(i=n) | IPv6 | 1277 +---------------+-------------+---------------+--------------+------+ 1278 | Inserted | (opt: RPI), | -- | -- | -- | 1279 | headers | RH3 | | | | 1280 | Removed | -- | RH3 | -- | -- | 1281 | headers | | | | | 1282 | Re-added | -- | -- | -- | -- | 1283 | headers | | | | | 1284 | Modified | -- | (opt: RPI), | (opt: RPI), | -- | 1285 | headers | | RH3 | RH3 | | 1286 | Untouched | -- | -- | -- | RPI | 1287 | headers | | | | | 1288 +---------------+-------------+---------------+--------------+------+ 1290 Non Storing: Summary of the use of headers from root to not-RPL- 1291 aware-leaf 1293 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to root 1295 In this case the flow comprises: 1297 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) 1299 For example, a communication flow could be: Node G --> Node E --> 1300 Node B --> Node A (root) 1302 6LR_i are the intermediate routers from source to destination. In 1303 this case, "1 < i >= n", n is the number of routers (6LR) that the 1304 packet go through from source (IPv6) to destination (6LBR). For 1305 example, 6LR_1 (i=1) is the router that receives the packets from the 1306 IPv6 node. 1308 In this case the RPI is added by the first 6LR (6LR1) (Node E), 1309 encapsulated in an IP-in-IP header, and is modified in the following 1310 6LRs. The RPI and entire packet is consumed by the root. 1312 +------------+------+---------------+---------------+---------------+ 1313 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | 1314 +------------+------+---------------+---------------+---------------+ 1315 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 1316 | headers | | | | | 1317 | Removed | -- | -- | -- | IP-in-IP(RPI) | 1318 | headers | | | | | 1319 | Re-added | -- | -- | -- | -- | 1320 | headers | | | | | 1321 | Modified | -- | -- | IP-in-IP(RPI) | -- | 1322 | headers | | | | | 1323 | Untouched | -- | -- | -- | -- | 1324 | headers | | | | | 1325 +------------+------+---------------+---------------+---------------+ 1327 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1328 root 1330 7.2. Non-Storing Mode: Interaction between Leaf and Internet 1332 This section will describe the communication flow in Non Storing Mode 1333 (Non-SM) between: 1335 RPL-aware-leaf to Internet 1337 Internet to RPL-aware-leaf 1339 not-RPL-aware-leaf to Internet 1341 Internet to not-RPL-aware-leaf 1343 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to Internet 1345 In this case the flow comprises: 1347 RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet 1349 For example, a communication flow could be: Node F --> Node D --> 1350 Node B --> Node A --> Internet 1352 6LR_i are the intermediate routers from source to destination. In 1353 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1354 packet go through from source (6LN) to 6LBR. 1356 This case is identical to storing-mode case. 1358 The IPv6 flow label should be set to zero to aid in compression, and 1359 the 6LBR will set it to a non-zero value when sending towards the 1360 Internet. 1362 +-------------------+------+-------+------+----------------+ 1363 | Header | 6LN | 6LR_i | 6LBR | Internet | 1364 +-------------------+------+-------+------+----------------+ 1365 | Inserted headers | RPI | -- | -- | -- | 1366 | Removed headers | -- | -- | -- | -- | 1367 | Re-added headers | -- | -- | -- | -- | 1368 | Modified headers | -- | RPI | -- | -- | 1369 | Untouched headers | -- | -- | RPI | RPI (Ignored) | 1370 +-------------------+------+-------+------+----------------+ 1372 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1373 Internet 1375 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware-leaf 1377 In this case the flow comprises: 1379 Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 1381 For example, a communication flow could be: Internet --> Node A 1382 (root) --> Node B --> Node D --> Node F 1384 6LR_i are the intermediate routers from source to destination. In 1385 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1386 packet go through from 6LBR to destination(6LN). 1388 The 6LBR must add an RH3 header. As the 6LBR will know the path and 1389 address of the target node, it can address the IP-in-IP header to 1390 that node. The 6LBR will zero the flow label upon entry in order to 1391 aid compression. 1393 The RPI may be added or not as required by networks such as 6tisch. 1394 The RPI is unnecessary for loop detection. 1396 +----------+---------+--------------+---------------+---------------+ 1397 | Header | Interne | 6LBR | 6LR_i | 6LN | 1398 | | t | | | | 1399 +----------+---------+--------------+---------------+---------------+ 1400 | Inserted | -- | IP-in-IP (RH | -- | -- | 1401 | headers | | 3,opt:RPI) | | | 1402 | Removed | -- | -- | -- | IP-in-IP | 1403 | headers | | | | (RH3,opt:RPI) | 1404 | Re-added | -- | -- | -- | -- | 1405 | headers | | | | | 1406 | Modified | -- | -- | IP-in-IP | -- | 1407 | headers | | | (RH3,opt:RPI) | | 1408 | Untouche | -- | -- | -- | -- | 1409 | d | | | | | 1410 | headers | | | | | 1411 +----------+---------+--------------+---------------+---------------+ 1413 Non Storing: Summary of the use of headers from Internet to RPL- 1414 aware-leaf 1416 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to Internet 1418 In this case the flow comprises: 1420 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> 1421 Internet 1423 For example, a communication flow could be: Node G --> Node E --> 1424 Node B --> Node A --> Internet 1426 6LR_i are the intermediate routers from source to destination. In 1427 this case, "1 < i >= n", n is the number of routers (6LR) that the 1428 packet go through from source(IPv6) to 6LBR. e.g 6LR_1 (i=1). 1430 In this case the flow label is recommended to be zero in the IPv6 1431 node. As RPL headers are added in the IPv6 node, the first 6LR 1432 (6LR_1) will add an RPI header inside a new IP-in-IP header. The IP- 1433 in-IP header will be addressed to the root. This case is identical 1434 to the storing-mode case (see Section 6.2.3). 1436 +-----------+------+-----------+-------------+-----------+----------+ 1437 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | Internet | 1438 | | | | [i=2,..,n]_ | | | 1439 +-----------+------+-----------+-------------+-----------+----------+ 1440 | Inserted | -- | IP-in-IP | -- | -- | -- | 1441 | headers | | (RPI) | | | | 1442 | Removed | -- | -- | -- | IP-in-IP | -- | 1443 | headers | | | | (RPI) | | 1444 | Re-added | -- | -- | -- | -- | -- | 1445 | headers | | | | | | 1446 | Modified | -- | -- | IP-in-IP | -- | -- | 1447 | headers | | | (RPI) | | | 1448 | Untouched | -- | -- | -- | -- | -- | 1449 | headers | | | | | | 1450 +-----------+------+-----------+-------------+-----------+----------+ 1452 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1453 Internet 1455 7.2.4. Non-SM: Example of Flow from Internet to not-RPL-aware-leaf 1457 In this case the flow comprises: 1459 Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 1461 For example, a communication flow could be: Internet --> Node A 1462 (root) --> Node B --> Node E --> Node G 1464 6LR_i are the intermediate routers from source to destination. In 1465 this case, "1 < i >= n", n is the number of routers (6LR) that the 1466 packet go through from 6LBR to not-RPL-aware-leaf (IPv6). 1468 The 6LBR must add an RH3 header inside an IP-in-IP header. The 6LBR 1469 will know the path, and will recognize that the final node is not an 1470 RPL capable node as it will have received the connectivity DAO from 1471 the nearest 6LR. The 6LBR can therefore make the IP-in-IP header 1472 destination be the last 6LR. The 6LBR will set to zero the flow 1473 label upon entry in order to aid compression. 1475 +----------+---------+---------+-----------+-----------------+------+ 1476 | Header | Interne | 6LBR | 6LR_1 | 6LR_i(i=2,..,n) | IPv6 | 1477 | | t | | | | | 1478 +----------+---------+---------+-----------+-----------------+------+ 1479 | Inserted | -- | IP-in- | -- | -- | -- | 1480 | headers | | IP | | | | 1481 | | | (RH3, o | | | | 1482 | | | pt:RPI) | | | | 1483 | Removed | -- | -- | -- | IP-in-IP | -- | 1484 | headers | | | | (RH3,RPI) | | 1485 | Re-added | -- | -- | -- | -- | -- | 1486 | headers | | | | | | 1487 | Modified | -- | -- | IP-in-IP | IP-in-IP | -- | 1488 | headers | | | (RH3,RPI) | (RH3,RPI) | | 1489 | Untouche | -- | -- | -- | -- | RPI | 1490 | d | | | | | | 1491 | headers | | | | | | 1492 +----------+---------+---------+-----------+-----------------+------+ 1494 NonStoring: Summary of the use of headers from Internet to non-RPL- 1495 aware-leaf 1497 7.3. Non-Storing Mode: Interaction between Leafs 1499 In this section we are going to describe the communication flow in 1500 Non Storing Mode (Non-SM) between, 1502 RPL-aware-leaf to RPL-aware-leaf 1504 RPL-aware-leaf to not-RPL-aware-leaf 1506 not-RPL-aware-leaf to RPL-aware-leaf 1508 not-RPL-aware-leaf to not-RPL-aware-leaf 1510 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL-aware-leaf 1512 In this case the flow comprises: 1514 6LN src --> 6LR_ia --> root (6LBR) --> 6LR_id --> 6LN dst 1516 For example, a communication flow could be: Node F --> Node D --> 1517 Node B --> Node A (root) --> Node B --> Node E --> Node H 1519 6LR_ia are the intermediate routers from source to the root In this 1520 case, "1 <= ia >= n", n is the number of routers (6LR) that the 1521 packet go through from 6LN to the root. 1523 6LR_id are the intermediate routers from the root to the destination. 1524 In this case, "1 <= ia >= m", m is the number of the intermediate 1525 routers (6LR). 1527 This case involves only nodes in same RPL Domain. The originating 1528 node will add an RPI header to the original packet, and send the 1529 packet upwards. 1531 The originating node SHOULD put the RPI into an IP-in-IP header 1532 addressed to the root, so that the 6LBR can remove that header. If 1533 it does not, then additional resources are wasted on the way down to 1534 carry the useless RPI option. 1536 The 6LBR will need to insert an RH3 header, which requires that it 1537 add an IP-in-IP header. It SHOULD be able to remove the RPI, as it 1538 was contained in an IP-in-IP header addressed to it. Otherwise, 1539 there MAY be an RPI header buried inside the inner IP header, which 1540 should get ignored. 1542 Networks that use the RPL P2P extension [RFC6997] are essentially 1543 non-storing DODAGs and fall into this scenario or scenario 1544 Section 7.1.2, with the originating node acting as 6LBR. 1546 +-----------+----------+--------+-------------+--------+------------+ 1547 | Header | 6LN src | 6LR_ia | 6LBR | 6LR_id | 6LN dst | 1548 +-----------+----------+--------+-------------+--------+------------+ 1549 | Inserted | IP-in-IP | -- | IP-in-IP | -- | -- | 1550 | headers | (RPI1) | | (RH3->6LN, | | | 1551 | | | | opt RPI2) | | | 1552 | Removed | -- | -- | IP-in-IP | -- | IP-in-IP | 1553 | headers | | | (RPI1) | | (RH3, opt | 1554 | | | | | | RPI2) | 1555 | Re-added | -- | -- | -- | -- | -- | 1556 | headers | | | | | | 1557 | Modified | -- | RPI1 | -- | RPI2 | -- | 1558 | headers | | | | | | 1559 | Untouched | -- | -- | -- | -- | -- | 1560 | headers | | | | | | 1561 +-----------+----------+--------+-------------+--------+------------+ 1563 Non Storing: Summary of the use of headers for RPL-aware-leaf to RPL- 1564 aware-leaf 1566 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not-RPL-aware- 1567 leaf 1569 In this case the flow comprises: 1571 6LN --> 6LR_ia --> root (6LBR) --> 6LR_id --> not-RPL-aware (IPv6) 1573 For example, a communication flow could be: Node F --> Node D --> 1574 Node B --> Node A (root) --> Node B --> Node E --> Node G 1576 6LR_ia are the intermediate routers from source to the root In this 1577 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1579 6LR_id are the intermediate routers from the root to the destination. 1580 In this case, "1 <= ia >= m", m is the number of the intermediate 1581 routers (6LR). 1583 As in the previous case, the 6LN will insert an RPI (RPI_1) header 1584 which MUST be in an IP-in-IP header addressed to the root so that the 1585 6LBR can remove this RPI. The 6LBR will then insert an RH3 inside a 1586 new IP-in-IP header addressed to the 6LN destination node. The RPI 1587 is optional from 6LBR to 6LR_id (RPI_2). 1589 +-----------+----------+----------+------------+------------+-------+ 1590 | Header | 6LN | 6LR_1 | 6LBR | 6LR_id | IPv6 | 1591 +-----------+----------+----------+------------+------------+-------+ 1592 | Inserted | IP-in-IP | -- | IP-in-IP | -- | -- | 1593 | headers | (RPI1) | | (RH3, opt | | | 1594 | | | | RPI_2) | | | 1595 | Removed | -- | -- | IP-in-IP | IP-in-IP | -- | 1596 | headers | | | (RPI_1) | (RH3, opt | | 1597 | | | | | RPI_2) | | 1598 | Re-added | -- | -- | -- | -- | -- | 1599 | headers | | | | | | 1600 | Modified | -- | IP-in-IP | -- | IP-in-IP | -- | 1601 | headers | | (RPI_1) | | (RH3, opt | | 1602 | | | | | RPI_2) | | 1603 | Untouched | -- | -- | -- | -- | opt | 1604 | headers | | | | | RPI_2 | 1605 +-----------+----------+----------+------------+------------+-------+ 1607 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1608 not-RPL-aware-leaf 1610 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to RPL-aware- 1611 leaf 1613 In this case the flow comprises: 1615 not-RPL-aware 6LN (IPv6) --> 6LR_ia --> root (6LBR) --> 6LR_id --> 1616 6LN 1618 For example, a communication flow could be: Node G --> Node E --> 1619 Node B --> Node A (root) --> Node B --> Node E --> Node H 1621 6LR_ia are the intermediate routers from source to the root. In this 1622 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1624 6LR_id are the intermediate routers from the root to the destination. 1625 In this case, "1 <= ia >= m", m is the number of the intermediate 1626 routers (6LR). 1628 This scenario is mostly identical to the previous one. The RPI is 1629 added by the first 6LR (6LR_1) inside an IP-in-IP header addressed to 1630 the root. The 6LBR will remove this RPI, and add it's own IP-in-IP 1631 header containing an RH3 header and optional RPI (RPI_2). 1633 +-----------+------+----------+-----------+------------+------------+ 1634 | Header | IPv6 | 6LR_1 | 6LBR | 6LR_id | 6LN | 1635 +-----------+------+----------+-----------+------------+------------+ 1636 | Inserted | -- | IP-in-IP | IP-in-IP | -- | -- | 1637 | headers | | (RPI_1) | (RH3, opt | | | 1638 | | | | RPI_2) | | | 1639 | Removed | -- | -- | IP-in-IP | -- | IP-in-IP | 1640 | headers | | | (RPI_1) | | (RH3, opt | 1641 | | | | | | RPI_2) | 1642 | Re-added | -- | -- | -- | -- | -- | 1643 | headers | | | | | | 1644 | Modified | -- | -- | -- | IP-in-IP | -- | 1645 | headers | | | | (RH3, opt | | 1646 | | | | | RPI_2) | | 1647 | Untouched | -- | -- | -- | -- | -- | 1648 | headers | | | | | | 1649 +-----------+------+----------+-----------+------------+------------+ 1651 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1652 RPL-aware-leaf 1654 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to not-RPL- 1655 aware-leaf 1657 In this case the flow comprises: 1659 not-RPL-aware 6LN (IPv6 src)--> 6LR_ia --> root (6LBR) --> 6LR_id --> 1660 not-RPL-aware (IPv6 dst) 1662 For example, a communication flow could be: Node G --> Node E --> 1663 Node B --> Node A (root) --> Node C --> Node J 1665 6LR_ia are the intermediate routers from source to the root. In this 1666 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1668 6LR_id are the intermediate routers from the root to the destination. 1669 In this case, "1 <= ia >= m", m is the number of the intermediate 1670 routers (6LR). 1672 This scenario is the combination of the previous two cases. 1674 +------------+-------+-----------+------------+-------------+-------+ 1675 | Header | IPv6 | 6LR_1 | 6LBR | 6LR_id | IPv6 | 1676 | | src | | | | dst | 1677 +------------+-------+-----------+------------+-------------+-------+ 1678 | Inserted | -- | IP-in-IP | IP-in-IP | -- | -- | 1679 | headers | | (RPI_1) | (RH3) | | | 1680 | Removed | -- | -- | IP-in-IP | IP-in-IP | -- | 1681 | headers | | | (RPI_1) | (RH3, opt | | 1682 | | | | | RPI_2) | | 1683 | Re-added | -- | -- | -- | -- | -- | 1684 | headers | | | | | | 1685 | Modified | -- | -- | -- | -- | -- | 1686 | headers | | | | | | 1687 | Untouched | -- | -- | -- | -- | -- | 1688 | headers | | | | | | 1689 +------------+-------+-----------+------------+-------------+-------+ 1691 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1692 not-RPL-aware-leaf 1694 8. Observations about the cases 1696 8.1. Storing mode 1698 [RFC8138] shows that the hop-by-hop IP-in-IP header can be compressed 1699 using IP-in-IP 6LoRH (IP-in-IP-6LoRH) header as described in 1700 Section 7 of the document. 1702 There are potential significant advantages to having a single code 1703 path that always processes IP-in-IP headers with no options. 1705 Thanks to the change of the RPI option type from 0x63 to 0x23, there 1706 is no longer any uncertainty about when to use an IP-in-IP header in 1707 the storing mode. A Hop-by-Hop Options Header containing the RPI 1708 option SHOULD always be added when 6LRs originate packets (without 1709 IP-in-IP headers), and IP-in-IP headers should always be added 1710 (addressed to the root when on the way up, to the end-host when on 1711 the way down) when a 6LR find that it needs to insert a Hop-by-Hop 1712 Options Header containing the RPI option. 1714 8.2. Non-Storing mode 1716 In the non-storing case, dealing with non-RPL aware leaf nodes is 1717 much easier as the 6LBR (DODAG root) has complete knowledge about the 1718 connectivity of all DODAG nodes, and all traffic flows through the 1719 root node. 1721 The 6LBR can recognize non-RPL aware leaf nodes because it will 1722 receive a DAO about that node from the 6LN immediately above that 1723 node. This means that the non-storing mode case can avoid ever using 1724 hop-by-hop IP-in-IP headers for traffic originating from the root to 1725 leafs. 1727 The non-storing mode case does not require the type change from 0x63 1728 to 0x23, as the root can always create the right packet. The type 1729 change does not adversely affect the non-storing case. 1731 9. 6LoRH Compression cases 1733 The [RFC8138] proposes a compression method for RPI, RH3 and IPv6-in- 1734 IPv6. 1736 In Storing Mode, for the examples of Flow from RPL-aware-leaf to non- 1737 RPL-aware-leaf and non-RPL-aware-leaf to non-RPL-aware-leaf comprise 1738 an IP-in-IP and RPI compression headers. The type of this case is 1739 critical since IP-in-IP is encapsulating a RPI header. 1741 +--+-----+---+--------------+-----------+-------------+-------------+ 1742 |1 | 0|0 |TSE| 6LoRH Type 6 | Hop Limit | RPI - 6LoRH | LOWPAN IPHC | 1743 +--+-----+---+--------------+-----------+-------------+-------------+ 1745 Figure 9: Critical IP-in-IP (RPI). 1747 10. IANA Considerations 1749 This document updates the registration made in [RFC6553] Destination 1750 Options and Hop-by-Hop Options registry from 0x63 to 0x23. 1752 [RFCXXXX] represents this document. 1754 Hex Value Binary Value 1755 act chg rest Description Reference 1756 --------- --- --- ------- ----------------- ---------- 1757 0x23 00 1 00011 RPL Option [RFCXXXX] 1758 0x63 01 1 00011 RPL Option(DEPRECATED) [RFC6553][RFCXXXX] 1760 Figure 10: Option Type in RPL Option. 1762 The DODAG Configuration Option Flags in the DODAG Configuration 1763 option is updated as follows: 1765 +------------+-----------------+---------------+ 1766 | Bit number | Description | Reference | 1767 +------------+-----------------+---------------+ 1768 | 3 | RPI 0x23 enable | This document | 1769 +------------+-----------------+---------------+ 1771 Figure 11: DODAG Configuration Option Flag to indicate the RPI-flag- 1772 day. 1774 11. Security Considerations 1776 The security considerations covering of [RFC6553] and [RFC6554] apply 1777 when the packets get into RPL Domain. 1779 The IPIP mechanism described in this document is much more limited 1780 than the general mechanism described in [RFC2473]. The willingness 1781 of each node in the LLN to decapsulate packets and forward them could 1782 be exploited by nodes to disguise the origin of an attack. 1784 Nodes outside of the LLN will need to pass IPIP traffic through the 1785 RPL root to perform this attack. To counter, the RPL root SHOULD 1786 either restrict ingress of IPIP packets (the simpler solution), or it 1787 SHOULD do a deep packet inspection wherein it walks the IP header 1788 extension chain until it can inspect the upper-layer-payload as 1789 described in [RFC7045]. In particular, the RPL root SHOULD do BCP38 1790 ([RFC2827]) processing on the source addresses of all IP headers that 1791 it examines in both directions. 1793 Note: there are some situations where a prefix will spread across 1794 multiple LLNs via mechanisms such as described in 1795 [I-D.ietf-6lo-backbone-router]. In this case the BCP38 filtering 1796 needs to take this into account. 1798 Nodes with the LLN can use the IPIP mechanism to mount an attack on 1799 another part of the LLN, while disguising the origin of the attack. 1800 The mechanism can even be abused to make it appear that the attack is 1801 coming from outside the LLN, and unless countered, this could be used 1802 to mount a Distributed Denial Of Service attack upon nodes elsewhere 1803 in the Internet. See [DDOS-KREBS] for an example of such attacks 1804 already seen in the real world. 1806 While a typical LLN may be a very poor origin for attack traffic (as 1807 the networks tend to be very slow, and the nodes often have very low 1808 duty cycles) given enough nodes, they could still have a significant 1809 impact, particularly if the attack was on another LLN! Additionally, 1810 some uses of RPL involve large backbone ISP scale equipment 1811 [I-D.ietf-anima-autonomic-control-plane], which may be equipped with 1812 multiple 100Gb/s interfaces. 1814 Blocking or careful filtering of IPIP traffic entering the LLN as 1815 described above will make sure that any attack that is mounted must 1816 originate compromised nodes within the LLN. The use of BCP38 1817 filtering at the RPL root on egress traffic will both alert the 1818 operator to the existence of the attack, as well as drop the attack 1819 traffic. As the RPL network is typically numbered from a single 1820 prefix, which is itself assigned by RPL, BCP38 filtering involves a 1821 single prefix comparison and should be trivial to automatically 1822 configure. 1824 There are some scenarios where IPIP traffic SHOULD be allowed to pass 1825 through the RPL root, such as the IPIP mediated communications 1826 between a new Pledge and the Join Registrar/Coordinator (JRC) when 1827 using [I-D.ietf-anima-bootstrapping-keyinfra] and 1828 [I-D.ietf-6tisch-dtsecurity-secure-join]. This is the case for the 1829 RPL root to do careful filtering: it occurs only when the Join 1830 Coordinator is not co-located inside the RPL root. 1832 With the above precautions, an attack using IPIP tunnels will be by a 1833 node within the LLN on another node within the LLN. Such an attack 1834 could, of course, be done directly. An attack of this kind is 1835 meaningful only if the source addresses are either fake or if the 1836 point is to amplify return traffic. Such an attack, could also be 1837 done without the use of IPIP headers using forged source addresses. 1839 If the attack requires bi-directional communication, then IPIP 1840 provides no advantages. 1842 [RFC2473] suggests that tunnel entry and exit points can be secured, 1843 via the "Use IPsec". This solution has all the problems that 1844 [RFC5406] goes into. In an LLN such a solution would degenerate into 1845 every node having a tunnel with every other node. It would provide a 1846 small amount of origin address authentication at a very high cost; 1847 doing BCP38 at every node (linking layer-3 addresses to layer-2 1848 addresses, and to already present layer-2 cryptographic mechanisms) 1849 would be cheaper should RPL be run in an environment where hostile 1850 nodes are likely to be a part of the LLN. 1852 The RH3 header usage described here can be abused in equivalent ways 1853 with an IPIP header to add the needed RH3 header. As such, the 1854 attacker's RH3 header will not be seen by the network until it 1855 reaches the end host, which will decapsulate it. An end-host SHOULD 1856 be suspicious about a RH3 header which has additional hops which have 1857 not yet been processed, and SHOULD ignore such a second RH3 header. 1859 In addition, the LLN will likely use [RFC8138] to compress the IPIP 1860 and RH3 headers. As such, the compressor at the RPL-root will see 1861 the second RH3 header and MAY choose to discard the packet if the RH3 1862 header has not been completely consumed. A consumed (inert) RH3 1863 header could be present in a packet that flows from one LLN, crosses 1864 the Internet, and enters another LLN. As per the discussion in this 1865 document, such headers do not need to be removed. However, there is 1866 no case described in this document where an RH3 is inserted in a non- 1867 storing network on traffic that is leaving the LLN, but this document 1868 SHOULD NOT preclude such a future innovation. It should just be 1869 noted that an incoming RH3 must be fully consumed, or very carefully 1870 inspected. 1872 The RPI header, if permitted to enter the LLN, could be used by an 1873 attacker to change the priority of a packet by selecting a different 1874 RPL instanceID, perhaps one with a higher energy cost, for instance. 1875 It could also be that not all nodes are reachable in an LLN using the 1876 default instanceID, but a change of instanceID would permit an 1877 attacker to bypass such filtering. Like the RH3, an RPI header is to 1878 be inserted by the RPL root on traffic entering the LLN by first 1879 inserting an IPIP header. The attacker's RPI header therefore will 1880 not be seen by the network. Upon reaching the destination node the 1881 RPI header has no further meaning and is just skipped; the presence 1882 of a second RPI header will have no meaning to the end node as the 1883 packet has already been identified as being at it's final 1884 destination. 1886 The RH3 and RPI headers could be abused by an attacker inside of the 1887 network to route packets on non-obvious ways, perhaps eluding 1888 observation. This usage is in fact part of [RFC6997] and can not be 1889 restricted at all. This is a feature, not a bug. 1891 [RFC7416] deals with many other threats to LLNs not directly related 1892 to the use of IPIP headers, and this document does not change that 1893 analysis. 1895 12. Acknowledgments 1897 This work is partially funded by the FP7 Marie Curie Initial Training 1898 Network (ITN) METRICS project (grant agreement No. 607728). 1900 A special BIG thanks to C. M. Heard for the help with the 1901 Section 3. Much of the redaction in that section is based on his 1902 comments. 1904 Additionally, the authors would like to acknowledge the review, 1905 feedback, and comments of (alphabetical order): Robert Cragie, Simon 1906 Duquennoy, Ralph Droms, Cenk Guendogan, Rahul Jadhav, Matthias 1907 Kovatsch, Peter van der Stok, Xavier Vilajosana and Thomas Watteyne. 1909 13. References 1911 13.1. Normative References 1913 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1914 Requirement Levels", BCP 14, RFC 2119, 1915 DOI 10.17487/RFC2119, March 1997, 1916 . 1918 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1919 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 1920 December 1998, . 1922 [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: 1923 Defeating Denial of Service Attacks which employ IP Source 1924 Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, 1925 May 2000, . 1927 [RFC5406] Bellovin, S., "Guidelines for Specifying the Use of IPsec 1928 Version 2", BCP 146, RFC 5406, DOI 10.17487/RFC5406, 1929 February 2009, . 1931 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1932 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1933 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1934 Low-Power and Lossy Networks", RFC 6550, 1935 DOI 10.17487/RFC6550, March 2012, 1936 . 1938 [RFC6553] Hui, J. and JP. Vasseur, "The Routing Protocol for Low- 1939 Power and Lossy Networks (RPL) Option for Carrying RPL 1940 Information in Data-Plane Datagrams", RFC 6553, 1941 DOI 10.17487/RFC6553, March 2012, 1942 . 1944 [RFC6554] Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6 1945 Routing Header for Source Routes with the Routing Protocol 1946 for Low-Power and Lossy Networks (RPL)", RFC 6554, 1947 DOI 10.17487/RFC6554, March 2012, 1948 . 1950 [RFC7045] Carpenter, B. and S. Jiang, "Transmission and Processing 1951 of IPv6 Extension Headers", RFC 7045, 1952 DOI 10.17487/RFC7045, December 2013, 1953 . 1955 [RFC8138] Thubert, P., Ed., Bormann, C., Toutain, L., and R. Cragie, 1956 "IPv6 over Low-Power Wireless Personal Area Network 1957 (6LoWPAN) Routing Header", RFC 8138, DOI 10.17487/RFC8138, 1958 April 2017, . 1960 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1961 (IPv6) Specification", STD 86, RFC 8200, 1962 DOI 10.17487/RFC8200, July 2017, 1963 . 1965 13.2. Informative References 1967 [DDOS-KREBS] 1968 Goodin, D., "Record-breaking DDoS reportedly delivered by 1969 >145k hacked cameras", September 2016, 1970 . 1973 [I-D.ietf-6lo-backbone-router] 1974 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 1975 backbone-router-06 (work in progress), February 2018. 1977 [I-D.ietf-6man-rfc6434-bis] 1978 Chown, T., Loughney, J., and T. Winters, "IPv6 Node 1979 Requirements", draft-ietf-6man-rfc6434-bis-08 (work in 1980 progress), March 2018. 1982 [I-D.ietf-6tisch-dtsecurity-secure-join] 1983 Richardson, M., "6tisch Secure Join protocol", draft-ietf- 1984 6tisch-dtsecurity-secure-join-01 (work in progress), 1985 February 2017. 1987 [I-D.ietf-anima-autonomic-control-plane] 1988 Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic 1989 Control Plane (ACP)", draft-ietf-anima-autonomic-control- 1990 plane-13 (work in progress), December 2017. 1992 [I-D.ietf-anima-bootstrapping-keyinfra] 1993 Pritikin, M., Richardson, M., Behringer, M., Bjarnason, 1994 S., and K. Watsen, "Bootstrapping Remote Secure Key 1995 Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- 1996 keyinfra-15 (work in progress), April 2018. 1998 [I-D.thubert-roll-unaware-leaves] 1999 Thubert, P., "Routing for RPL Leaves", draft-thubert-roll- 2000 unaware-leaves-04 (work in progress), March 2018. 2002 [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for 2003 Renumbering an IPv6 Network without a Flag Day", RFC 4192, 2004 DOI 10.17487/RFC4192, September 2005, 2005 . 2007 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 2008 Control Message Protocol (ICMPv6) for the Internet 2009 Protocol Version 6 (IPv6) Specification", STD 89, 2010 RFC 4443, DOI 10.17487/RFC4443, March 2006, 2011 . 2013 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 2014 Bormann, "Neighbor Discovery Optimization for IPv6 over 2015 Low-Power Wireless Personal Area Networks (6LoWPANs)", 2016 RFC 6775, DOI 10.17487/RFC6775, November 2012, 2017 . 2019 [RFC6997] Goyal, M., Ed., Baccelli, E., Philipp, M., Brandt, A., and 2020 J. Martocci, "Reactive Discovery of Point-to-Point Routes 2021 in Low-Power and Lossy Networks", RFC 6997, 2022 DOI 10.17487/RFC6997, August 2013, 2023 . 2025 [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and 2026 Lossy Networks", RFC 7102, DOI 10.17487/RFC7102, January 2027 2014, . 2029 [RFC7416] Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., 2030 and M. Richardson, Ed., "A Security Threat Analysis for 2031 the Routing Protocol for Low-Power and Lossy Networks 2032 (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015, 2033 . 2035 [Second6TischPlugtest] 2036 "2nd 6Tisch Plugtest", . 2039 Authors' Addresses 2041 Maria Ines Robles 2042 Ericsson 2043 Hirsalantie 11 2044 Jorvas 02420 2045 Finland 2047 Email: maria.ines.robles@ericsson.com 2049 Michael C. Richardson 2050 Sandelman Software Works 2051 470 Dawson Avenue 2052 Ottawa, ON K1Z 5V7 2053 CA 2055 Email: mcr+ietf@sandelman.ca 2056 URI: http://www.sandelman.ca/mcr/ 2058 Pascal Thubert 2059 Cisco Systems, Inc 2060 Village d'Entreprises Green Side 400, Avenue de Roumanille 2061 Batiment T3, Biot - Sophia Antipolis 06410 2062 France 2064 Email: pthubert@cisco.com