idnits 2.17.1 draft-jadhav-lwig-nbr-mgmt-policy-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (January 17, 2017) is 2655 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 LWIG R. Jadhav, Ed. 3 Internet-Draft R. Sahoo 4 Intended status: Informational Huawei Tech 5 Expires: July 21, 2017 S. Duquennoy 6 Inria 7 J. Eriksson 8 Yanzi Networks 9 January 17, 2017 11 Neighbor Management Policy for 6LoWPAN 12 draft-jadhav-lwig-nbr-mgmt-policy-00 14 Abstract 16 This document describes the problems associated with neighbor cache 17 management in constrained multihop networks and a sample neighbor 18 management policy to deal with it. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on July 21, 2017. 37 Copyright Notice 39 Copyright (c) 2017 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 1.1. Requirements Language and Terminology . . . . . . . . . . 4 56 2. Neighbor Management . . . . . . . . . . . . . . . . . . . . . 4 57 2.1. Significance of Neighbor management policy . . . . . . . 4 58 2.2. Trivial neighbor management policies . . . . . . . . . . 5 59 2.3. Lifecycle of a NCE . . . . . . . . . . . . . . . . . . . 6 60 2.3.1. NCE Insertion . . . . . . . . . . . . . . . . . . . . 6 61 2.3.2. NCE Deletion . . . . . . . . . . . . . . . . . . . . 9 62 2.3.3. NCE Eviction . . . . . . . . . . . . . . . . . . . . 10 63 2.3.3.1. Eviction for directly connected routing entries . 10 64 2.3.4. NCE Reinforcement . . . . . . . . . . . . . . . . . . 11 65 2.4. Requirements of a good neighbor management policy . . . . 11 66 2.5. Approaches to neighbor management policy . . . . . . . . 11 67 2.5.1. Reactive Approach . . . . . . . . . . . . . . . . . . 12 68 2.5.2. Proactive Approach . . . . . . . . . . . . . . . . . 12 69 3. Reservation based Neighbor Management Policy . . . . . . . . 13 70 3.1. Limitations of such a policy . . . . . . . . . . . . . . 14 71 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 72 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 73 6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 74 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 75 7.1. Normative References . . . . . . . . . . . . . . . . . . 15 76 7.2. Informative References . . . . . . . . . . . . . . . . . 15 77 Appendix A. Additional Stuff . . . . . . . . . . . . . . . . . . 16 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 80 1. Introduction 82 In a wireless multihop network, the node densities (maximum number of 83 devices connected on a single hop) may vary significantly depending 84 upon deployments/scenarios. While there is some policy control 85 possible with regards to the network size in terms of maximum number 86 of devices connected, it is especially difficult to set a figure on 87 what will be the maximum node density given a deployment. For e.g. 88 A network can put an upper limit on max 1000 devices but it is 89 impossible to state what the node density will be in this 1000 node 90 network. 92 A neighbor cache is used for populating neighboring one-hop connected 93 nodes information such as MAC address, link local IP address and 94 other reachability state information. Node density has direct 95 implications on the neighbor cache and in constrained network 96 scenario the size of the neighbor cache will be limited. Thus there 97 are chances that a node may not be able to fit all the neighboring 98 nodes in its cache in which case it has to prioritize entries and 99 thus needs a neighbor management policy. 101 This draft presents problems related to neighbor management policies 102 by considering a security-enabled multi-hop 6lo network. This 103 document considers RPL [RFC6550] as a routing protocol and PANA (EAP- 104 PANA) [RFC5191] as a network access protocol. For RPL, both the 105 storing and non-storing mode of operations are considered. We also 106 provide a sample neighbor management policy which can be used in such 107 networks and its limitations. The aim of such a policy is to retain 108 set of neighbor cache entries with high quality links such that 109 routing adjacencies are stablized. 111 +--------+ 112 | PAA/ | 113 +------| Auth | 114 | | Server | 115 | +--------+ 116 +------------|-------------+ 117 | | | 118 | (BR) | 119 | / \ | 120 | / \ | 121 | / \ | 122 | (N1) (N2) | 123 | / : / \ | 124 | / : / \ | 125 | / : / \ | 126 | (N8) (N3) (N4) | 127 | : / \ : | 128 | : / \ : | 129 | : / \ : | 130 | (N5) (New) | 131 | / \ | 132 | / \ | 133 | / \ | 134 | (N6) (N7) | 135 | | 136 | 6Lo Network | 137 +--------------------------+ 139 Figure 1: Sample Topology 141 1.1. Requirements Language and Terminology 143 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 144 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 145 document are to be interpreted as described in RFC 2119 [RFC2119]. 147 PaC (PANA Client): New joining node which is yet to be authenticated. 149 PRE (PANA Relay Element): An already authenticated and network joined 150 node which is willing to act as a relay element for PaCs to complete 151 their authentication procedure on multi-hop networks. [RFC6345] 152 describes the details of PRE. 154 PAA (PANA Auth Agent): Auth server which hosts the credentials 155 database. PaC will handshake with PAA to complete authentication 156 procedure. 158 Routing Child: A downstream node who is part of the routing table of 159 the parent. For e.g. in the sample topology above N5 is the directly 160 connected routing child for N3. N6 and N7 are also part of N3 161 routing table, they are routing child nodes but not directly 162 connected. For N6 and N7 the document might alternatively use a term 163 grand-child. 165 Routing Parent: In Figure 1, N1 and N2 are possible routing parents 166 for N3. 168 Neighbor Cache Entry (NCE): A neighbor entry managed on behalf of 169 directly connected peer. 171 This document also uses terminology described in [RFC6550] and 172 [RFC6775]. 174 2. Neighbor Management 176 2.1. Significance of Neighbor management policy 178 Multihop mesh networks present unique challenges to neighbor 179 management especially with resource constrained nodes. In cases 180 where the node density is higher that the neighbor cache size, the 181 entries have to be prioritized. [Woo_et_al] and [Dawans_et_al] talk 182 about prioritization of neighbor entries by using link quality 183 estimation techniques. But prioritization alone may not necessarily 184 be optimal in all cases. The reason or function why neighbor entry 185 was added also needs to be taken in consideration. For example, 186 evicting a routing direct child might have a ripple effect in turn 187 impacting all the sub-childs as well. 189 In case of key management protocols deployed above MAC layer in 190 multihop network, the neighbor management kicks in early even before 191 the routing adjacencies are established. Since a new joining node 192 needs to discover/attach to a relay element for completing its 193 authentication procedure, the neighbor cache entries have to be 194 appropriately populated both on a PaC and on the PRE. If a neighbor 195 entry whose authentication is in progress is evicted, it will 196 negatively impact the authentication procedure. 198 Another important consideration is that with increased node density, 199 the prioritization based on link estimation parameters might not help 200 since there might be more well connected peers. In dense deployments 201 the number of directly attached neighbors with good quality links 202 might still be higher than the max entries in neighbor cache size. 204 2.2. Trivial neighbor management policies 206 This section investigates policies which are used by most of the 207 current operating systems for constrained nodes. While such policies 208 are trivial to implement they may not be able to deal with the 209 constrained network scenario. Note that such policies can still be 210 used if it is known apriori that the neighbor cache can hold entries 211 for maximum node density. 213 a. First Come First Serve (FCFS) policy 215 b. Least Recently Used (LRU) policy 217 The primary distinction between these policies is how it treats a new 218 entry when the neighbor cache is full. In case of FCFS policy, the 219 new entry is simply rejected while with LRU, the new entry replaces 220 the least recently used entry. 222 RPL works by initiating a downstream multicast DIO to establish 223 upstream network path. Subsequently DAO messages might be sent by 224 the nodes to establish downstream paths to the nodes. Thus the 225 network is flooded with multicast DIO messages initially and 226 similarly there are chances that the same node is ended up been 227 selected as a preferred parent by most of the child nodes and thus 228 receives a DAO message from all these child nodes. Note that once a 229 node establishes a parent entry or a routing entry on behalf of a 230 directly connected node then it has to also provision a neighbor 231 cache entry for it for subsequent unicast traffic. 233 In case of FCFS policy, a node might end up hosting all the neighbor 234 entries based on DIO or DAO messages. Once the cache is full all the 235 subsequent attempts to add an NCE will fail. 237 In case of LRU policy, a node might end up churning lot of neighbor 238 entries because once the cache gets full and there is a request for 239 new entry, it would result in evicting the least recently used (but 240 active) entry. If at later point of time, there is a traffic for the 241 evicted entry then the old entry has to be reinstated using IPv6 NDP 242 procedure. This would mean reinstating the entry by evicting another 243 least recently used entry. If the node density is very high, then 244 this churn would be substantially high to extent that it would 245 disrupt any routing adjacencies to be established in the network in a 246 stable way. 248 2.3. Lifecycle of a NCE 250 2.3.1. NCE Insertion 252 IPv6 NDP [RFC6775] defines signaling involved in resolving the IPv6 253 addresses to its corresponding MAC addresses which gets populated in 254 the neighbor cache. In case of constrained network, it is desired 255 that such control traffic is minimized and thus the neighbor cache 256 entries are populated as part of existing messaging. One example 257 would be when the node receives a DAO message from its immediate 258 child node, it not only makes an addition to the routing table but 259 also creates a neighbor cache entry for the node. Thus it eliminates 260 need for additional IPv6 NDP NS/NA messaging involved to resolve MAC 261 address. Similar hueristic is used to add neighbor entries in other 262 cases as well. Section 10.3.2 of [RFC6775] describes update and 263 addition of such NCEs based on roting information packets. 265 Following are the possible signaling scenarios in which case a 266 neighbor entry may get added. 268 Node Joining procedure: A new joinee node discovers a relay element 269 to initiate its auth procedure. At the end of the discovery phase 270 the new joinee node would have known the link local IP address of the 271 relay element. The joinee node will send an unsecured-NS to the 272 relay element to solicit its NA. The PRE may send a NA with the 273 suitable status code as defined in section 6.5.3 of [RFC6775]. 275 RPL 276 New PRE Parent PAA 277 | | | | 278 | PRE Disc | | | 279 |<----------->| | | 280 | | | | 281 | UNSEC-NS | | | 282 |------------>| | | 283 | | | | 284 | addNCE(new,reason=PANA)| | 285 | | | | 286 | UNSEC-NA(status) | | 287 |<------------| | | 288 | | | | 289 addNCE(PRE,reason=PANA) | | 290 | | | | 291 | PCI | | | 292 |------------>| | | 293 | | | | 294 | | AUTHPROC | | 295 |<----------->|<----------------------->| 296 | | | | 298 Figure 2: NCE creation between PaC and PRE during relay discovery 299 process 301 Relay element does not hold any state information on behalf of the 302 new joinee node except for its neighbor cache entry. Thus in the 303 Figure 1 the new joinee node may select node N3 as its PRE, in which 304 case N3 has to add a neighbor entry on behalf of the new joinee node. 306 Post authentication the node enters into network discovery phase. 307 The node selects one or more of its neighboring peer as its preferred 308 parent based on the DIO received from these peers. Note that the 309 node's selected relay element and its preferred parent may not be 310 same. The preferred parent serves as a default router node to which 311 all its upstream traffic is directed. Thus an NCE on behalf of 312 preferred parent needs to be added. In Figure 1 node N5 selects N3 313 as its preferred parent. N5 needs to add neighbor entry on behalf of 314 N3 which is its directly connected RPL preferred parent. 316 In case of RPL storing MOP (mode of operation), the node may send a 317 DAO message containing its reachability information to its preferred 318 parent. The parent node in turn may pass this information upstream 319 to its parent by generating a DAO retaining the child node's 320 reachability information, establishing a downstream routing path 321 towards the node who originated the DAO. The preferred parent has to 322 maintain a neighbor entry on behalf of the directly connected child 323 node. For example, in the Figure 1, node N3 needs to maintain a 324 neighbor entry on behalf of N5 which is its directly connected child 325 node. Nodes N6 and N7 are grand-child nodes for node N3 for whom no 326 neighbor entry is required. 328 As mentioned in Section 10.3.2 of [RFC6775], the NCEs on parent and 329 child can be added directly as a result of RPL DIO/DAO signalling 330 without any explicit NS/NA messaging. 332 RPL 333 New PRE Parent PAA 334 | | | | 335 | | AuthProc | | 336 |<----------->|<----------------------->| 337 | | | | 338 | | RPL-DIO | | 339 |<-------------------------| | 340 | | | | 341 addNCE(parent,reason=PARENT) | | 342 | | | | 343 | | RPL-DAO | | 344 |------------------------->| | 345 | | | | 346 | | addNCE(new,reason=CHILD) 347 | | | | 349 Figure 3: NCE creation call Flow for RPL storing MOP 351 In case of non-storing MOP, the parent node needs to know the global 352 IPv6 address of the immediate child nodes. This is needed since the 353 source routing header carries the global addresses and thus the NCE 354 of the child node should contain the global address. Secondly, the 355 RPL DAO is addressed directly to the root node in case of non-storing 356 mode. Thus RPL messaging cannot be used for creating NCE entries on 357 parent and child, unlike storing MOP. The child node may send a 358 secure unicast NS with ARO option containing its global address to be 359 registered on the parent node. The child node can still use RPL DIO 360 to create an NCE on behalf of the parent node. 362 RPL 363 New PRE Parent Root 364 | | | | 365 | | AuthProc | | 366 |<----------->|<----------------------->| 367 | | | | 368 | | RPL-DIO | | 369 |<-------------------------| | 370 | | | | 371 addNCE(parent,reason=PARENT) | | 372 | | | | 373 | sec-NS(ARO=GlobalIPv6) | | 374 |------------------------->| | 375 | | | | 376 | | addNCE(new,reason=CHILD) 377 | sec-NA(status) | | 378 |<-------------------------| | 379 | | | | 380 | | RPL-DAO | | 381 |-------------------------------------->| 382 | | | | 384 Figure 4: NCE creation call Flow for non-storing MOP 386 This document expects the neighbor management policy to remember the 387 reason why the neighbor entry is inserted. Secondly, the router may 388 remember whether the NS received was secured or unsecured and 389 accordingly use it to prioritize eviction entries. As described in 390 the next sections, this reason will help the policy to prioritize the 391 entries in case an eviction is required. 393 2.3.2. NCE Deletion 395 It is imperative that an unwanted neighbor entry be removed as soon 396 as possible. This section talks about different cases in which 397 neighbor entry can be deleted. 399 Route Invalidation: In case of storing MOP, when the child node 400 decides to switch its preferred parent, the RPL specifications allows 401 the node to send a no-path DAO message to invalidate the route along 402 the previous path(s). A directly connected parent node can use this 403 message to clear the NCE. While the entry can be immediately 404 cleared, usually the implementations choose to wait a small amount of 405 time before clearing the entry. This is to avoid any impact on the 406 in-transit traffic. Thus this also establishes the importance of 407 route invalidation to achieve optimized neighbor cache utilization. 409 In case of non-storing mode, the no-path DAO cannot be not employed 410 since the previous parent does not having any routing information to 411 be invalidated. But the previous parent may still contain the NCE on 412 behalf of the child node. This document recommends use of [RFC6775] 413 section 6.5.3. which allows sending a zero lifetime ARO option in NS 414 for deregistering the corresponding neighbor entry. 416 [RFC6775], ND optimizations for 6LoWPANs, section 5.5.3. talks about 417 deleting the entries in case the NUD (neighbor unreachability 418 detection) fails either due to no response to NS messages or due to 419 failure response. NCEs in such cases should be deleted. An example 420 where NUD NS would fail because of no response is the case where the 421 child node switches its parent due to link unavailability. The 422 parent in such a case would not receive the no-path DAO message or 423 any other traffic from the child node. Thus on NCE lifetime expiry, 424 the parent node would send NS which would fail with no response, thus 425 triggering entry deletion. 427 2.3.3. NCE Eviction 429 The eviction rules have a major impact on the neighbor management 430 policy. Eviction rules are used when the policy has to forcibly 431 remove an active neighbor entry from the cache to make space for the 432 new (hopefully higher priority) entry. The eviction policy may take 433 into account several considerations such as the reason why the entry 434 was made, is the entry in active use currently, how good (for e.g., 435 based on link estimation) the entry currently is. 437 2.3.3.1. Eviction for directly connected routing entries 439 This section talks about implications of an eviction in which a 440 parent node decides of evicting a directly connected routing child 441 NCE. In the sample topology Figure 1, lets assume N3 needs to evict 442 N5 from its neighbor cache. In case of RPL's storing MOP, eviction 443 of directly connected routing child NCE also has impact on all the 444 sub-children. Thus not only will it result in impacting N5 but also 445 nodes N6 and N7. It is important to note that such an eviction has 446 less impact on RPL's non-storing MOP i.e. in case of non-storing mode 447 N5 might end up selecting alternate parent N8 and does not result in 448 any additional control overhead for node N6 and N7. 450 Thus RPL's non-storing MOP provides additional eviction flexibility 451 for a neighbor management policy in terms evicting directly connected 452 child entries. 454 2.3.4. NCE Reinforcement 456 It is expected that the latest reachability state and metric 457 information be maintained in context to the NCE. With wireless 458 networks, the neighbor cache entries prioritization may change over a 459 period of time especially the link quality estimation parameters or 460 the routing metrics. Reinforcement refers to updating the parameters 461 in context to the NCEs which helps in prioritizing the entries when 462 it comes to handling eviction. In wireless networks, on reception of 463 incoming packet, the receiver node's physical and MAC layer may 464 derive certain signal reception parameters (such as RSSI, LQI) which 465 can be considered for reinforcement purpose if the corresponding 466 transmitter/source entry in neighbor cache is found. It should be 467 noted that the signal quality parameters may have high variance in 468 6lo networks and thus statistical techniques (such as weighted 469 averaging) are usually employed for deciding about a link quality 470 over a period of time. Reinforcement can be achieved using one or 471 more of the following techniques: 473 Passive Monitoring: Reinforcing the quality parameters using packets 474 received from the source. Trickled DIO, periodic beacons, 475 application traffic etc can be used for such monitoring. 477 Active Probing: A node may select subset of entries for active 478 probing wherein it sends a message to the neighbor entry's target 479 and can expect a response message back. An example of such 480 probing is [CONTIKI] where unicast DIS is sent to solicit a 481 unicast DIO without impacting the trickle timers. Though it adds 482 a control overhead on the link, periodic probing can help to 483 ascertain connectivity in the absence of any other traffic from 484 the neighboring node. 486 2.4. Requirements of a good neighbor management policy 488 Route Stability: Stable NCEs will result in stable routing 489 adjacencies. Thus it is important to avoid unnecessary NCE churn 490 for routing path stability. 492 Control overhead: A neighbor management policy may have to use 493 signalling messages for policy handling (such as rejection of 494 NCE). It is required that such overhead be kept as low as 495 possible. 497 2.5. Approaches to neighbor management policy 499 Neighbor management policy depends upon the neighbor cache space 500 availability and the same can be advertised proactively or can be 501 handled reactively. 503 2.5.1. Reactive Approach 505 In this approach, the nodes select their RPL parent or the relay 506 element purely based on link metrics and subsequently when they try 507 to allocate their NCE in the target node, it may fail due to 508 unavailability of the cache space. The failure can be communicated 509 depending upon the signaling involved: 511 NS failure: Section 6.5.3 of [RFC6775] defines a procedure for NS 512 failure handling in case the router's neighbor cache is full. It 513 results in a unicast NA with ARO status field set to two. 515 DAO NACK: Section 9.3 of RPL [RFC6550] specifies on how can the 516 parent node react to DAOs from child. In case the parent could 517 not make a NCE on behalf of the child node, a negative ACK with 518 status (between 127-255) should be sent to the child node. The 519 natural reaction of the child node would be to switch to an 520 alternate parent. 522 PANA Failure: PaC's auth session starts with a PaC discovering a 523 PRE. The discovery procedure is not standardized and can be based 524 upon various factors including signal strength of discovery 525 messages from PRE. Post discovery, the PaC needs to send an 526 unsecured unicast NS message with an ARO containings its link- 527 local IPv6 address. NS helps to determine whether the PRE can 528 allocate an NCE for the PaC. PRE accordingly sends a NA response 529 with appropriate status field. 531 2.5.2. Proactive Approach 533 Neighbor cache availability could be proactively advertised by the 534 parent nodes in the DIO messages and in the PRE discovery messages. 535 A child RPL node may additionally use this information from DIO as 536 part of parent selection process. In case of new joinee node, the 537 node may use PRE discovery messages with space availability 538 information to select an appropriate PRE. Proactive signaling of 539 neighbor cache space availability will help the nodes to select the 540 parent node or relay node such that the failure signaling due to 541 cache full event can be reduced. 543 Currently there is no standard way of signaling such neighbor cache 544 space availability information. RPL's DIO messages carry metric 545 information and can be augmented with neighbor cache space as an 546 additional metric. In case of PRE discovery however there is no 547 standard way of defining this information since the PRE discovery 548 procedure itself is not standardized. 550 In a wireless or shared bus network, a multicast DIO metric 551 advertisement may reach several child nodes eventually everyone 552 responding by selecting the same parent node causing neighbor cache 553 to be exhausted. Thus the failure handling approaches defined in the 554 Reactive Approach section applies here as well. But importantly the 555 failure signaling will be significantly reduced because of proactive 556 advertisement. 558 3. Reservation based Neighbor Management Policy 560 This section defines a sample neighbor management policy, with the 561 primary objective to reduce NCE churn and to ensure stability of 562 routing adjacencies. The scheme uses a reservation based policy to 563 reserve NCEs for: 565 +-----------------------------+----------------------------+--------+ 566 | NCE Entry for | MAX count | Reason | 567 +-----------------------------+----------------------------+--------+ 568 | Routing Parent | MAX_ROUTING_PARENT_NCE_NUM | PARENT | 569 | | | | 570 | Routing child | MAX_ROUTING_CHILD_NCE_NUM | CHILD | 571 | | | | 572 | Others such as pre-auth | MAX_OTHER_NCE_NUM | OTHER | 573 | sessions | | | 574 +-----------------------------+----------------------------+--------+ 576 Table 1: Neighbor Cache Entry reservation 578 Note that reservation policy depends upon identification of the 579 reason behind making an NCE . In case of pre-auth sessions, the 580 corresponding NCE is created based on the unsecured NS/NA. In case 581 of storing MOP, CHILD_ENT NCEs are created either based on DAO (as 582 shown in Figure 3) or based on secured NS/NA messaging (as shown in 583 Figure 4). In case of non-storing MOP, a secured NS/NA messaging as 584 shown in Figure 4 needs to be used. 586 <- - - - - - - - - - - Routing Parents - - - - - - - - - - - - -> 587 +---------------------------------------------------------------+ 588 | | | | 589 +-----------------------------------------------------+---------+ 590 Routing Child Routing Parents Other 592 Figure 5: Reservation of NCEs in neighbor table 594 As shown in the figure, the neighbor cache is partitioned into 595 different entry types. The routing parents can possibly occupy any 596 entry type if found vacant since in case an eviction is sought the 597 non-preferred routing parent could be evicted without much impact on 598 the functioning or on the control traffic. The eviction could be 599 done based on reasons specified in Section 2.3.3. 601 Routing Child entries are made in context to directly connected peers 602 and these entries are not deleted unless they are unreacable or there 603 is any reason for the parent node to believe that it is no longer the 604 preferred parent for the child node. Deletion may happen based on 605 reasons mentioned in Section 2.3.2. 607 Other entries (OTHER) may be made in response to temporary 608 requirement of making an NCE. One such case is the pre 609 authentication phase where in the relay node makes an entry of the 610 PaC temporarily till the time the authentication phase is completed. 611 The NCE made thus is garbage collected at the end of the lifetime. 612 Also an implementation may choose to keep a lower lifetime for such 613 NCEs depending upon the time taken to complete the authentication 614 process. 616 3.1. Limitations of such a policy 618 The reservation based policy mentioned in this section may result in 619 sub-optimal path selection due to lack of NCE resource on the parent 620 nodes. Also the restriction of maximum pre-auth sessions in the form 621 of MAX_OTHER_NCE_NUM limits the maximum relay sessions that can be 622 supported on the relay node. 624 The reservation policy allows the parent node to reject the child 625 node's DAO or NS. But the child node cannot remember this rejection 626 and may reattempt the same parent after some time depending upon 627 triggers such as reception of DIO from the same parent who rejected 628 it previously. One of the only way to stop the child node from 629 reattempting such parent selection would be to also include a 630 proactive approach wherein the parent node signals its resource 631 availability in the DIO message as mentioned in Section 2.5.2. Such 632 a scheme of signalling parent node's resource availability is 633 currently not standardized. 635 RPL's storing MOP imposes additional restrictions. One such case is 636 where a child node may have a given parent node as its only parent 637 and that parent node's NCE are all used up. In such a case, the 638 child node would keep on retrying and failing to send a DAO through 639 the parent node. Ideally the parent node could have evicted a least 640 used child node or a child node who has an alternate parent 641 available. Evicting such a child node is a complex process and may 642 increase the control overhead as described in Section 2.3.3.1. Thus 643 the reservation based policy requires that the minimum node density 644 is sufficiently high so that every child finds a parent node in its 645 vicinity with enough resources. 647 4. Acknowledgements 649 This template was derived from an initial version written by Pekka 650 Savola and contributed by him to the xml2rfc project. 652 5. IANA Considerations 654 This memo includes no request to IANA. 656 6. Security Considerations 658 Add DoS attacks possibility on NBR table on PRE and what are the 659 mechanisms already defined by standards (such as use of Enforcement 660 Point) 662 All drafts are required to have a security considerations section. 663 See RFC 3552 [RFC3552] for a guide. 665 7. References 667 7.1. Normative References 669 [CONTIKI] Thingsquare, "Contiki: The Open Source OS for IoT", 2012, 670 . 672 [Dawans_et_al] 673 Dawans, S., Duquennoy, S., and O. Bonaventure, "On Link 674 Estimation in Dense RPL Deployments", 2012. 676 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 677 Requirement Levels", BCP 14, RFC 2119, 678 DOI 10.17487/RFC2119, March 1997, 679 . 681 [Woo_et_al] 682 Woo, A., Tong, T., and D. Culler, "Taming the Underlying 683 Challenges of Reliable Multihop Routing in Sensor 684 Networks", 2003. 686 7.2. Informative References 688 [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC 689 Text on Security Considerations", BCP 72, RFC 3552, 690 DOI 10.17487/RFC3552, July 2003, 691 . 693 [RFC5191] Forsberg, D., Ohba, Y., Ed., Patil, B., Tschofenig, H., 694 and A. Yegin, "Protocol for Carrying Authentication for 695 Network Access (PANA)", RFC 5191, DOI 10.17487/RFC5191, 696 May 2008, . 698 [RFC6345] Duffy, P., Chakrabarti, S., Cragie, R., Ohba, Y., Ed., and 699 A. Yegin, "Protocol for Carrying Authentication for 700 Network Access (PANA) Relay Element", RFC 6345, 701 DOI 10.17487/RFC6345, August 2011, 702 . 704 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 705 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 706 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 707 Low-Power and Lossy Networks", RFC 6550, 708 DOI 10.17487/RFC6550, March 2012, 709 . 711 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 712 Bormann, "Neighbor Discovery Optimization for IPv6 over 713 Low-Power Wireless Personal Area Networks (6LoWPANs)", 714 RFC 6775, DOI 10.17487/RFC6775, November 2012, 715 . 717 Appendix A. Additional Stuff 719 This becomes an Appendix. 721 Authors' Addresses 723 Rahul Arvind Jadhav (editor) 724 Huawei Tech 725 Kundalahalli Village, Whitefield, 726 Bangalore, Karnataka 560037 727 India 729 Phone: +91-080-49160700 730 Email: rahul.ietf@gmail.com 732 Rabi Narayan Sahoo 733 Huawei Tech 734 Kundalahalli Village, Whitefield, 735 Bangalore, Karnataka 560037 736 India 738 Phone: +91-080-49160700 739 Email: rabinarayans@huawei.com 740 Simon Duquennoy 741 Inria 742 40 Avenue Halley 743 Building A 744 Villeneuve d'Ascq 745 France 747 Phone: +33 768227731 748 Email: simon.duquennoy@inria.fr 750 Joakim Eriksson 751 Yanzi Networks 753 Email: joakime@sics.se