idnits 2.17.1 draft-petrescu-ipv6-over-80211p-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 31, 2016) is 2728 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 868 -- Looks like a reference, but probably isn't: '16' on line 878 -- Looks like a reference, but probably isn't: '13' on line 876 -- Looks like a reference, but probably isn't: '14' on line 876 -- Looks like a reference, but probably isn't: '15' on line 878 == Missing Reference: 'V2V' is mentioned on line 1678, but not defined ** Downref: Normative reference to an Informational draft: draft-ietf-6man-ipv6-address-generation-privacy (ref. 'I-D.ietf-6man-ipv6-address-generation-privacy') ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Downref: Normative reference to an Informational RFC: RFC 5889 Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Petrescu 3 Internet-Draft CEA, LIST 4 Intended status: Standards Track N. Benamar 5 Expires: May 4, 2017 Moulay Ismail University 6 J. Haerri 7 Eurecom 8 C. Huitema 10 J. Lee 11 Sangmyung University 12 T. Ernst 13 YoGoKo 14 T. Li 15 Peloton Technology 16 October 31, 2016 18 Transmission of IP Packets over IEEE 802.11 in mode Outside the Context 19 of a Basic Service Set 20 draft-petrescu-ipv6-over-80211p-05.txt 22 Abstract 24 In order to transmit IPv6 packets on IEEE 802.11 networks run outside 25 the context of a basic service set (OCB, earlier "802.11p") there is 26 a need to define a few parameters such as the recommended Maximum 27 Transmission Unit size, the header format preceding the IPv6 header, 28 the Type value within it, and others. This document describes these 29 parameters for IPv6 and IEEE 802.11 OCB networks; it portrays the 30 layering of IPv6 on 802.11 OCB similarly to other known 802.11 and 31 Ethernet layers - by using an Ethernet Adaptation Layer. 33 In addition, the document attempts to list what is different in 34 802.11 OCB (802.11p) compared to more 'traditional' 802.11a/b/g/n 35 layers, layers over which IPv6 protocols operates without issues. 36 Most notably, the operation outside the context of a BSS (OCB) has 37 impact on IPv6 handover behaviour and on IPv6 security. 39 An example of an IPv6 packet captured while transmitted over an IEEE 40 802.11 OCB link (802.11p) is given. 42 Status of This Memo 44 This Internet-Draft is submitted in full conformance with the 45 provisions of BCP 78 and BCP 79. 47 Internet-Drafts are working documents of the Internet Engineering 48 Task Force (IETF). Note that other groups may also distribute 49 working documents as Internet-Drafts. The list of current Internet- 50 Drafts is at http://datatracker.ietf.org/drafts/current/. 52 Internet-Drafts are draft documents valid for a maximum of six months 53 and may be updated, replaced, or obsoleted by other documents at any 54 time. It is inappropriate to use Internet-Drafts as reference 55 material or to cite them other than as "work in progress." 57 This Internet-Draft will expire on May 4, 2017. 59 Copyright Notice 61 Copyright (c) 2016 IETF Trust and the persons identified as the 62 document authors. All rights reserved. 64 This document is subject to BCP 78 and the IETF Trust's Legal 65 Provisions Relating to IETF Documents 66 (http://trustee.ietf.org/license-info) in effect on the date of 67 publication of this document. Please review these documents 68 carefully, as they describe your rights and restrictions with respect 69 to this document. Code Components extracted from this document must 70 include Simplified BSD License text as described in Section 4.e of 71 the Trust Legal Provisions and are provided without warranty as 72 described in the Simplified BSD License. 74 Table of Contents 76 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 77 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 78 3. Communication Scenarios where IEEE 802.11p Links are Used . . 6 79 4. Aspects introduced by 802.11p to 802.11 . . . . . . . . . . . 6 80 5. Design Considerations . . . . . . . . . . . . . . . . . . . . 10 81 5.1. Vehicle ID . . . . . . . . . . . . . . . . . . . . . . . 10 82 5.2. Non IP Communications . . . . . . . . . . . . . . . . . . 10 83 5.3. Reliability Requirements . . . . . . . . . . . . . . . . 11 84 5.4. Privacy requirements . . . . . . . . . . . . . . . . . . 12 85 5.5. Authentication requirements . . . . . . . . . . . . . . . 13 86 5.6. Multiple interfaces . . . . . . . . . . . . . . . . . . . 13 87 5.7. MAC Address Generation . . . . . . . . . . . . . . . . . 14 88 5.8. Security Certificate Generation . . . . . . . . . . . . . 14 89 6. Layering of IPv4 and IPv6 over 802.11p as over Ethernet . . . 15 90 6.1. Maximum Transmission Unit (MTU) . . . . . . . . . . . . . 15 91 6.2. Frame Format . . . . . . . . . . . . . . . . . . . . . . 16 92 6.2.1. Ethernet Adaptation Layer . . . . . . . . . . . . . . 17 93 6.2.2. MAC Address Resolution . . . . . . . . . . . . . . . 18 94 6.3. Link-Local Addresses . . . . . . . . . . . . . . . . . . 19 95 6.4. Address Mapping . . . . . . . . . . . . . . . . . . . . . 19 96 6.4.1. Address Mapping -- Unicast . . . . . . . . . . . . . 19 97 6.4.2. Address Mapping -- Multicast . . . . . . . . . . . . 19 98 6.5. Stateless Autoconfiguration . . . . . . . . . . . . . . . 20 99 6.6. Subnet Structure . . . . . . . . . . . . . . . . . . . . 21 100 7. Handovers between OCB links . . . . . . . . . . . . . . . . . 22 101 8. Example IPv6 Packet captured over a IEEE 802.11p link . . . . 24 102 8.1. Capture in Monitor Mode . . . . . . . . . . . . . . . . . 25 103 8.2. Capture in Normal Mode . . . . . . . . . . . . . . . . . 27 104 9. Security Considerations . . . . . . . . . . . . . . . . . . . 29 105 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 106 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 30 107 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 108 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 109 13.1. Normative References . . . . . . . . . . . . . . . . . . 31 110 13.2. Informative References . . . . . . . . . . . . . . . . . 32 111 Appendix A. ChangeLog . . . . . . . . . . . . . . . . . . . . . 35 112 Appendix B. Explicit Prohibition of IPv6 on Channels 113 Related to ITS Scenarios using 802.11p Networks 114 - an Analysis . . . . . . . . . . . . . . . . . . . 37 115 B.1. Interpretation of FCC and ETSI documents with 116 respect to running IP on particular channels . . . . . . 37 117 B.2. Interpretations of Latencies of IP datagrams . . . . . . 38 118 Appendix C. Changes Needed on a software driver 802.11a to 119 become a 802.11p driver . . . 38 120 Appendix D. Use of IPv6 over 802.11p for distribution of 121 certificates . . . . . . . . . . . . . . . . . . . . 40 122 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 124 1. Introduction 126 This document describes the transmission of IPv6 packets on IEEE Std 127 802.11 OCB networks (earlier known as 802.11p). This involves the 128 layering of IPv6 networking on top of the IEEE 802.11 MAC layer (with 129 an LLC layer). Compared to running IPv6 over the Ethernet MAC layer, 130 there is no modification required to the standards: IPv6 works fine 131 directly over 802.11 OCB too (with an LLC layer). 133 The term "802.11p" is an earlier definition. As of year 2012, the 134 behaviour of "802.11p" networks has been rolled in the document IEEE 135 Std 802.11-2012. In this document the term 802.11p disappears. 136 Instead, each 802.11p feature is conditioned by a flag in the 137 Management Information Base. That flag is named "OCBActivated". 138 Whenever OCBActivated is set to true the feature it relates to 139 represents an earlier 802.11p feature. For example, an 802.11 140 STAtion operating outside the context of a basic service set has the 141 OCBActivated flag set. Such a station, when it has the flag set, it 142 uses a BSS identifier equal to ff:ff:ff:ff:ff:ff. 144 In the following text we use the term "802.11p" to mean 802.11-2012 145 OCB, and vice-versa. 147 As an overview, we illustrate how an IPv6 stack runs over 802.11p by 148 layering different protocols on top of each other. The IPv6 149 Networking is layered on top of the IEEE 802.2 Logical-Link Control 150 (LLC) layer; this is itself layered on top of the 802.11p MAC; this 151 layering illustration is similar to that of running IPv6 over 802.2 152 LLC over the 802.11 MAC, or over Ethernet MAC. 154 +-----------------+ +-----------------+ 155 | ... | | ... | 156 +-----------------+ +-----------------+ 157 | IPv6 Networking | | IPv6 Networking | 158 +-----------------+ +-----------------+ 159 | 802.2 LLC | vs. | 802.2 LLC | 160 +-----------------+ +-----------------+ 161 | 802.11p MAC | | 802.11b MAC | 162 +-----------------+ +-----------------+ 163 | 802.11p PHY | | 802.11b PHY | 164 +-----------------+ +-----------------+ 166 However, there are several deployment considerations to optimize the 167 performances of running IPv6 over 802.11p (e.g. in the case of 168 handovers between 802.11p Access Points, or the consideration of 169 using the IP security layer). 171 We briefly introduce the vehicular communication scenarios where IEEE 172 802.11-OCB links are used. This is followed by a description of 173 differences in specification terms, between 802.11p and 802.11a/b/g/n 174 (and the same differences expressed in terms of requirements to 175 software implementation are listed in Appendix C.) 177 The document then concentrates on the parameters of layering IP over 178 802.11p as over Ethernet: MTU, Frame Format, Interface Identifier, 179 Address Mapping, State-less Address Auto-configuration. The values 180 of these parameters are precisely the same as IPv6 over Ethernet 181 [RFC2464]: the recommended value of MTU to be 1500 octets, the Frame 182 Format containing the Type 0x86DD, the rules for forming an Interface 183 Identifier, the Address Mapping mechanism and the Stateless Address 184 Auto-Configuration. 186 Similarly, for IPv4, the values of these parameters are precisely the 187 same as IPv4 over Ethernet [RFC0894]: the recommended value of MTU to 188 be 1500 octets, and the Frame Format containing the Type 0x0800. For 189 IPv4, Address Resolution Protocol (ARP) [RFC0826] is used to 190 determine the MAC address used for an IPv4 address, exactly as is 191 done for Ethernet. 193 As an example, these characteristics of layering IPv6 straight over 194 LLC over 802.11p MAC are illustrated by dissecting an IPv6 packet 195 captured over a 802.11p link; this is described in the section titled 196 "Example of IPv6 Packet captured over an IEEE 802.11p link". 198 A couple of points can be considered as different, although they are 199 not required in order to have a working implementation of IPv6-over- 200 802.11p. These points are consequences of the OCB operation which is 201 particular to 802.11p (Outside the Context of a BSS). First, the 202 handovers between OCB links need specific behaviour for IP Router 203 Advertisements, or otherwise 802.11p's Time Advertisement, or of 204 higher layer messages such as the 'Basic Safety Message' (in the US) 205 or the 'Cooperative Awareness Message' (in the EU) or the 'WAVE 206 Routing Advertisement'; second, the IP security mechanisms are 207 necessary, since OCB means that 802.11p is stripped of all 802.11 208 link-layer security; a small additional security aspect which is 209 shared between 802.11p and other 802.11 links is the privacy concerns 210 related to the address formation mechanisms. The OCB handovers and 211 security are described each in section Section 7 and Section 9 212 respectively. 214 In standards, the operation of IPv6 as a 'data plane' over 802.11p is 215 specified at IEEE P1609 in [ieeep1609.3-D9-2010]. For example, it 216 mentions that "Networking services also specifies the use of the 217 Internet protocol IPv6, and supports transport protocols such as UDP 218 and TCP. [...] A Networking Services implementation shall support 219 either IPv6 or WSMP or both." and "IP traffic is sent and received 220 through the LLC sublayer as specified in [...]". The layered stacks 221 depicted in the "Architecture" document P1609.0 [ieeep1609.0-D2] 222 suggest that WSMP messages may not be transmitted as payload of IPv6 223 datagrams; WSMP and IPv6 are parallel (not stacked) layers. 225 Also, the operation of IPv6 over a GeoNetworking layer and over G5 is 226 described in [etsi-302663-v1.2.1p-2013]. 228 In the published literature, three documents describe aspects related 229 to running IPv6 over 802.11p: [vip-wave], [ipv6-80211p-its] and 230 [ipv6-wave]. 232 2. Terminology 234 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 235 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 236 document are to be interpreted as described in RFC 2119 [RFC2119]. 238 RSU: Road Side Unit. 240 OCB: Outside the Context of a Basic Service Set identifier. 242 OCB - Outside the Context of a Basic-Service Set ID (BSSID). 244 802.11-OCB - IEEE 802.11-2012 text flagged by "dot11OCBActivated". 245 This means: IEEE 802.11e for quality of service; 802.11j-2004 for 246 half-clocked operations; and 802.11p for operation in the 5.9 GHz 247 band and in mode OCB. 249 3. Communication Scenarios where IEEE 802.11p Links are Used 251 The IEEE 802.11p Networks are used for vehicular communications, as 252 'Wireless Access in Vehicular Environments'. The IP communication 253 scenarios for these environments have been described in several 254 documents, among which we refer the reader to one recently updated 255 [I-D.petrescu-its-scenarios-reqs], about scenarios and requirements 256 for IP in Intelligent Transportation Systems. 258 4. Aspects introduced by 802.11p to 802.11 260 In the IEEE 802.11 OCB mode, all nodes in the wireless range can 261 directly communicate with each other without authentication/ 262 association procedures. Briefly, the IEEE 802.11 OCB mode has the 263 following properties: 265 o Wildcard BSSID (i.e., all bits are set to 1) used by each node 267 o No beacons transmitted 269 o No authentication required 271 o No association needed 273 o No encryption provided 275 o dot11OCBActivated OID set to true 277 The link 802.11p is specified in IEEE Std 802.11p(TM)-2010 278 [ieee802.11p-2010] as an amendment to the 802.11 specifications, 279 titled "Amendment 6: Wireless Access in Vehicular Environments". 280 Since then, these 802.11p amendments have been included in IEEE 281 802.11(TM)-2012 [ieee802.11-2012], titled "IEEE Standard for 282 Information technology--Telecommunications and information exchange 283 between systems Local and metropolitan area networks--Specific 284 requirements Part 11: Wireless LAN Medium Access Control (MAC) and 285 Physical Layer (PHY) Specifications"; the modifications are diffused 286 throughout various sections (e.g. 802.11p's Time Advertisement 287 message is described in section 'Frame formats', and the operation 288 outside the context of a BSS described in section 'MLME'). 290 In document 802.11-2012, specifically anything referring 291 "OCBActivated", or "outside the context of a basic service set" is 292 actually referring to the 802.11p aspects introduced to 802.11. Note 293 in earlier 802.11p documents the term "OCBEnabled" was used instead. 295 In order to delineate the aspects introduced by 802.11p to 802.11, we 296 refer to the earlier [ieee802.11p-2010]. The amendment is concerned 297 with vehicular communications, where the wireless link is similar to 298 that of Wireless LAN (using a PHY layer specified by 802.11a/b/g/n), 299 but which needs to cope with the high mobility factor inherent in 300 scenarios of communications between moving vehicles, and between 301 vehicles and fixed infrastructure deployed along roads. While 'p' is 302 a letter just like 'a, b, g' and 'n' are, 'p' is concerned more with 303 MAC modifications, and a little with PHY modifications; the others 304 are mainly about PHY modifications. It is possible in practice to 305 combine a 'p' MAC with an 'a' PHY by operating outside the context of 306 a BSS with OFDM at 5.4GHz. 308 The 802.11p links are specified to be compatible as much as possible 309 with the behaviour of 802.11a/b/g/n and future generation IEEE WLAN 310 links. From the IP perspective, an 802.11p MAC layer offers 311 practically the same interface to IP as the WiFi and Ethernet layers 312 do (802.11a/b/g/n and 802.3). 314 To support this similarity statement (IPv6 is layered on top of LLC 315 on top of 802.11p similarly as on top of LLC on top of 802.11a/b/g/n, 316 and as on top of LLC on top of 802.3) it is useful to analyze the 317 differences between 802.11p and non-p 802.11 specifications. Whereas 318 the 802.11p amendment specifies relatively complex and numerous 319 changes to the MAC layer (and very little to the PHY layer), we note 320 there are only a few characteristics which may be important for an 321 implementation transmitting IPv6 packets on 802.11p links. 323 In the list below, the only 802.11p fundamental points which 324 influence IPv6 are the OCB operation and the 12Mbit/s maximum which 325 may be afforded by the IPv6 applications. 327 o Operation Outside the Context of a BSS (OCB): the 802.11p links 328 are operated without a Basic Service Set (BSS). This means that 329 the messages Beacon, Association Request/Response, Authentication 330 Request/Response, and similar, are not used. The used identifier 331 of BSS (BSSID) has a hexadecimal value always ff:ff:ff:ff:ff:ff 332 (48 '1' bits, or the 'wildcard' BSSID), as opposed to an arbitrary 333 BSSID value set by administrator (e.g. 'My-Home-AccessPoint'). 335 The OCB operation - namely the lack of beacon-based scanning and 336 lack of authentication - has a potentially strong impact on the 337 use of the Mobile IPv6 protocol and on the protocols for IP layer 338 security. 340 o Timing Advertisement: is a new message defined in 802.11p, which 341 does not exist in 802.11a/b/g/n. This message is used by stations 342 to inform other stations about the value of time. It is similar 343 to the time as delivered by a GNSS system (Galileo, GPS, ...) or 344 by a cellular system. This message is optional for 345 implementation. At the date of writing, an experienced reviewer 346 considers that currently no field testing has used this message. 347 Another implementor considers this feature implemented in an 348 initial manner. In the future, it is speculated that this message 349 may be useful for very simple devices which may not have their own 350 hardware source of time (Galileo, GPS, cellular network), or by 351 vehicular devices situated in areas not covered by such network 352 (in tunnels, underground, outdoors but shaded by foliage or 353 buildings, in remote areas, etc.) 355 o Frequency range: this is a characteristic of the PHY layer, with 356 almost no impact to the interface between MAC and IP. However, it 357 is worth considering that the frequency range is regulated by a 358 regional authority (ARCEP, ETSI, FCC, etc.); as part of the 359 regulation process, specific applications are associated with 360 specific frequency ranges. In the case of 802.11p, the regulator 361 associates a set of frequency ranges, or slots within a band, to 362 the use of applications of vehicular communications, in a band 363 known as "5.9GHz". This band is "5.9GHz" which is different from 364 the bands "2.4GHz" or "5GHz" used by Wireless LAN. However, as 365 with Wireless LAN, the operation of 802.11p in "5.9GHz" bands is 366 exempt from owning a license in EU (in US the 5.9GHz is a licensed 367 band of spectrum; for the the fixed infrastructure an explicit FCC 368 autorization is required; for an onboard device a 'licensed-by- 369 rule' concept applies: rule certification conformity is required); 370 however technical conditions are different than those of the bands 371 "2.4GHz" or "5GHz". On one hand, the allowed power levels, and 372 implicitly the maximum allowed distance between vehicles, is of 373 33dBm for 802.11p (in Europe), compared to 20 dBm for Wireless LAN 374 802.11a/b/g/n; this leads to a maximum distance of approximately 375 1km, compared to approximately 50m. On the hand, specific 376 conditions related to congestion avoidance, jamming avoidance, and 377 radar detection are imposed on the use of DSRC (in US) and on the 378 use of frequencies for Intelligent Transportation Systems (in EU), 379 compared to Wireless LAN (802.11a/b/g/n). 381 o Explicit prohibition of IPv6 on some channels relevant for the PHY 382 of IEEE 802.11p, as opposed to IPv6 not being prohibited on any 383 channel on which 802.11a/b/g/n runs; for example, IPv6 is 384 prohibited on the 'Control Channel' (number 178 at FCC/IEEE, and 385 180 at ETSI); for a detailed analysis of IEEE and ETSI prohibition 386 of IP in particular channels see Appendix B. 388 o 'Half-rate' encoding: as the frequency range, this parameter is 389 related to PHY, and thus has not much impact on the interface 390 between the IP layer and the MAC layer. The standard IEEE 802.11p 391 uses OFDM encoding at PHY, as other non-b 802.11 variants do. 392 This considers 20MHz encoding to be 'full-rate' encoding, as the 393 earlier 20MHz encoding which is used extensively by 802.11b. In 394 addition to the full-rate encoding, the OFDM rates also involve 395 5MHz and 10MHz. The 10MHz encoding is named 'half-rate'. The 396 encoding dictates the bandwidth and latency characteristics that 397 can be afforded by the higher-layer applications of IP 398 communications. The half-rate means that each symbol takes twice 399 the time to be transmitted; for this to work, all 802.11 software 400 timer values are doubled. With this, in certain channels of the 401 "5.9GHz" band, a maximum bandwidth of 12Mbit/s is possible, 402 whereas in other "5.9GHz" channels a minimal bandwidth of 1Mbit/s 403 may be used. It is worth mentioning the half-rate encoding is an 404 optional feature characteristic of OFDM PHY (compared to 802.11b's 405 full-rate 20MHz), used by 802.11a before 802.11p used it. In 406 addition to the half-rate (10MHz) used by 802.11p in some 407 channels, some other 802.11p channels may use full-rate (20MHz) or 408 quarter-rate(?) (5MHz) encoding instead. 410 o It is worth mentioning that more precise interpretations of the 411 'half-rate' term suggest that a maximum throughput be 27Mbit/s 412 (which is half of 802.11g's 54Mbit/s), whereas 6Mbit/s or 12Mbit/s 413 throughputs represent effects of further 802.11p-specific PHY 414 reductions in the throughput necessary to better accommodate 415 vehicle-class speeds and distance ranges. 417 o In vehicular communications using 802.11p links, there are strong 418 privacy concerns with respect to addressing. While the 802.11p 419 standard does not specify anything in particular with respect to 420 MAC addresses, in these settings there exists a strong need for 421 dynamic change of these addresses (as opposed to the non-vehicular 422 settings - real wall protection - where fixed MAC addresses do not 423 currently pose some privacy risks). This is further described in 424 section Section 9. 426 Other aspects particular to 802.11p which are also particular to 427 802.11 (e.g. the 'hidden node' operation) may have an influence on 428 the use of transmission of IPv6 packets on 802.11p networks. The 429 subnet structure which may be assumed in 802.11p networks is strongly 430 influenced by the mobility of vehicles. 432 5. Design Considerations 434 The networks defined by 802.11-OCB are in many ways similar to other 435 networks of the 802.11 family. In theory, the encapsulation of IPv6 436 over 802.11-OCB could be very similar to the operation of IPv6 over 437 other networks of the 802.11 family. However, the high mobility, 438 strong link asymetry and very short connection makes the 802.11-OCB 439 link significantly different from other 802.11 networks. Also, the 440 automotive applications have specific requirements for reliability, 441 security and privacy, which further add to the particularity of the 442 802.11-OCB link. 444 This section does not address safety-related applications, which are 445 done on non-IP communications. However, this section will consider 446 the transmission of such non IP communication in the design 447 specification of IPv6 over IEEE 802.11-OCB. 449 5.1. Vehicle ID 451 Automotive networks require the unique representation of each of 452 their node. Accordingly, a vehicle must be identified by at least 453 one unique ID. The current specification at ETSI and at IEEE 1609 454 identifies a vehicle by its MAC address uniquely obtained from the 455 802.11-OCB NIC. 457 A MAC address uniquely obtained from a IEEE 802.11-OCB NIC 458 implicitely generates multiple vehicle IDs in case of multiple 459 802.11-OCB NICs. A mechanims to uniquely identify a vehicle 460 irrespectively to the different NICs and/or technologies is required. 462 5.2. Non IP Communications 464 In IEEE 1609 and ETSI ITS, safety-related communications CANNOT be 465 used with IP datagrams. For example, Basic Safety Message (BSM, an 466 IEEE 1609 datagram) and Cooperative Awareness Message (CAM, an ETSI 467 ITS-G5 datagram), are each transmitted as a payload that is preceded 468 by link-layer headers, without an IP header. 470 Each vehicle taking part of traffic (i.e. having its engine turned on 471 and being located on a road) MUST use Non IP communication to 472 periodically broadcast its status information (ID, GPS position, 473 speed,..) in its immediate neighborhood. Using these mechanisms, 474 vehicles become 'aware' of the presence of other vehicles in their 475 immediate vicinity. Therefore, IP communication being transmitted by 476 vehicles taking part of traffic MUST co-exist with Non IP 477 communication and SHOULD NOT break any Non IP mechanism, including 478 'harmful' interference on the channel. 480 The ID of the vehicle transmitting Non IP communication is 481 transmitted in the src MAC address of the IEEE 1609 / ETSI-ITS-G5 482 datagrams. Accordingly, non-IP communications expose the ID of each 483 vehicle, which may be considered as a privacy breach. 485 IEEE 802.11-OCB bypasses the authentication mechanisms of IEEE 802.11 486 networks, in order to transmit non IP communications to without any 487 delay. This may be considered as a security breach. 489 IEEE 1609 and ETSI ITS provided strong security and privacy 490 mechanisms for Non IP Communications. Security (authentication, 491 encryption) is done by asymetric cryptography, where each vehicle 492 attaches its public key and its certificate to all of its non IP 493 messages. Privacy is enforced through the use of Pseudonymes. Each 494 vehicle will be pre-loaded with a large number (>1000s) of 495 pseudonymes generated by a PKI, which will uniquely assign a 496 pseudonyme to a certificate (and thus to a public/private key pair). 498 Non IP Communication being developped for safety-critical 499 applications, complex mechanisms have been provided for their 500 support. These mechanisms are OPTIONAL for IP Communication, but 501 SHOULD be used whenever possible. 503 5.3. Reliability Requirements 505 The dynamically changing topology, short connectivity, mobile 506 transmitter and receivers, different antenna heights, and many-to- 507 many communication types, make IEEE 802.11-OCB links significantly 508 different from other IEEE 802.11 links. Any IPv6 mechanism operating 509 on IEEE 802.11-OCB link MUST support strong link asymetry, spatio- 510 temporal link quality, fast address resolution and transmission. 512 IEEE 802.11-OCB strongly differs from other 802.11 systems to operate 513 outside of the context of a Basic Service Set. This means in 514 practice that IEEE 802.11-OCB does not rely on a Base Station for all 515 Basic Service Set management. In particular, IEEE 802.11-OCB SHALL 516 NOT use beacons. Any IPv6 mechanism requiring L2 services from IEEE 517 802.11 beacons MUST support an alternative service. 519 Channel scanning being disabled, IPv6 over IEEE 802.11-OCB MUST 520 implement a mechanism for transmitter and receiver to converge to a 521 common channel. 523 Authentication not being possible, IPv6 over IEEE 802.11-OCB MUST 524 implement an distributed mechanism to authenticate transmitters and 525 receivers without the support of a DHCP server. 527 Time synchronization not being available, IPv6 over IEEE 802.11-OCB 528 MUST implement a higher layer mechanism for time synchronization 529 between transmitters and receivers without the support of a NTP 530 server. 532 The IEEE 802.11-OCB link being asymetic, IPv6 over IEEE 802.11-OCB 533 MUST disable management mechanisms requesting acknowledgements or 534 replies. 536 The IEEE 802.11-OCB link having a short duration time, IPv6 over IEEE 537 802.11-OCB MUST implement fast IPv6 mobility management mechanisms. 539 5.4. Privacy requirements 541 Vehicles will move. As each vehicle moves, it needs to regularly 542 announce its network interface and reconfigure its local and global 543 view of its network. L2 mechanisms of IEEE 802.11-OCB MAY be 544 employed to assist IPv6 in discovering new network interfaces. L3 545 mechanisms over IEEE 802.11-OCB SHOULD be used to assist IPv6 in 546 discovering new network interfaces. 548 The headers of the L2 mechanisms of IEEE 802.11-OCB and L3 management 549 mechanisms of IPv6 are not encrypted, and as such expose at least the 550 src MAC address of the sender. In the absence of mitigations, 551 adversaries could monitor the L2 or L3 management headers, track the 552 MAC Addresses, and through that track the position of vehicles over 553 time; in some cases, it is possible to deduce the vehicle 554 manufacturer name from the OUI of the MAC address of the interface 555 (with help of additional databases). It is important that sniffers 556 along roads not be able to easily identify private information of 557 automobiles passing by. 559 Similary to Non IP safety-critical communications, the obvious 560 mitigation is to use some form of MAC Address Randomization. We can 561 assume that there will be "renumbering events" causing the MAC 562 Addresses to change. Clearly, a change of MAC Address should induce 563 a simultaneous change of IPv6 Addresses, to prevent linkage of the 564 old and new MAC Addresses through continuous use of the same IP 565 Addresses. 567 The change of an IPv6 address also implies the change of the network 568 prefix. Prefix delegation mechanisms should be available to vehicles 569 to obtain new prefixes during "renumbering events". 571 Changing MAC and IPv6 addresses will disrupt communications, which 572 goes against the reliability requirements expressed in [TS103097]. 573 We will assume that the renumbering events happen only during "safe" 574 periods, e.g. when the vehicle has come to a full stop. The 575 determination of such safe periods is the responsibility of 576 implementors. In automobile settings it is common to decide that 577 certain operations (e.g. software update, or map update) must happen 578 only during safe periods. 580 MAC Address randomization will not prevent tracking if the addresses 581 stay constant for long intervals. Suppose for example that a vehicle 582 only renumbers the addresses of its interface when leaving the 583 vehicle owner's garage in the morning. It would be trivial to 584 observe the "number of the day" at the known garage location, and to 585 associate that with the vehicle's identity. There is clearly a 586 tension there. If renumbering events are too infrequent, they will 587 not protect privacy, but if their are too frequent they will affect 588 reliability. We expect that implementors will eventually find the 589 right balance. 591 5.5. Authentication requirements 593 IEEE 802.11-OCB does not have L2 authentication mechanisms. 594 Accordingly, a vehicle receiving a IPv6 over IEEE 802.11-OCB packet 595 cannot check or be sure the legitimacy of the src MAC (and associated 596 ID). This is a significant breach of security. 598 Similarly to Non IP safety-critical communications, IPv6 over 599 802.11-OCB packets must contain a certificate, including at least the 600 public key of the sender, that will allow the receiver to 601 authenticate the packet, and guarantee its legitimacy. 603 To satisfy the privacy requiremrents of Section 5.4, the certificate 604 SHALL be changed at each 'renumbering event'. 606 5.6. Multiple interfaces 608 There are considerations for 2 or more IEEE 802.11-OCB interface 609 cards per vehicle. For each vehicle taking part in road traffic, one 610 IEEE 802.11-OCB interface card MUST be fully allocated for Non IP 611 safety-critical communication. Any other IEEE 802.11-OCB may be used 612 for other type of traffic. 614 The mode of operation of these other wireless interfaces is not 615 clearly defined yet. One possibility is to consider each card as an 616 independent network interface, with a specific MAC Address and a set 617 of IPv6 addresses. Another possibility is to consider the set of 618 these wireless interfaces as a single network interface (not 619 including the IEEE 802.11-OCB interface used by Non IP safety 620 critical communications). This will require specific logic to 621 ensure, for example, that packets meant for a vehicle in front are 622 actually sent by the radio in the front, or that multiple copies of 623 the same packet received by multiple interfaces are treated as a 624 single packet. Treating each wireless interface as a separate 625 network interface pushes such issues to the application layer. 627 The privacy requirements of Section 5.4 imply that if these multiple 628 interfaces are represented by many network interface, a single 629 renumbering event SHALL cause renumbering of all these interfaces. 630 If one MAC changed and another stayed constant, external observers 631 would be able to correlate old and new values, and the privacy 632 benefits of randomization would be lost. 634 The privacy requirements of Non IP safety-critical communications 635 imply that if a change of pseudonyme occurs, renumbering of all other 636 interfaces SHALL also occur. 638 5.7. MAC Address Generation 640 When designing the IPv6 over 802.11-OCB address mapping, we will 641 assume that the MAC Addresses will change during well defined 642 "renumbering events". The 48 bits randomized MAC addresses will have 643 the following characteristics: 645 o Bit "Local/Global" set to "locally admninistered". 647 o Bit "Unicast/Multicast" set to "Unicast". 649 o 46 remaining bits set to a random value, using a random number 650 generator that meets the requirements of [RFC4086]. 652 The way to meet the randomization requirements is to retain 46 bits 653 from the output of a strong hash function, such as SHA256, taking as 654 input a 256 bit local secret, the "nominal" MAC Address of the 655 interface, and a representation of the date and time of the 656 renumbering event. 658 5.8. Security Certificate Generation 660 When designing the IPv6 over 802.11-OCB address mapping, we will 661 assume that the MAC Addresses will change during well defined 662 "renumbering events". So MUST also the Security Certificates. 663 Unless unavailable, the Security Certificate Generation mechanisms 664 SHOULD follow the specification in IEEE 1609.2 [ieee16094] or ETSI TS 665 103 097 [TS103097]. These security mechanisms have the following 666 characteristics: 668 o Authentication - Elliptic Curve Digital Signature Algorithm 669 (ECDSA) - A Secured Hash Function (SHA-256) will sign the message 670 with the public key of the sender. 672 o Encryption - Elliptic Curve Integrated Encryption Scheme (ECIES) - 673 A Key Derivation Function (KDF) between the sender's public key 674 and the receiver's private key will generate a symetric key used 675 to encrypt a packet. 677 If the mechanisms described in IEEE 1609.2 [ieee16094] or ETSI TS 103 678 097 [TS103097] are either not supported or not capable of running on 679 the hardware, an alternative approach based on Pretty-Good-Privacy 680 (PGP) MAY be used as an alternative. 682 6. Layering of IPv4 and IPv6 over 802.11p as over Ethernet 684 6.1. Maximum Transmission Unit (MTU) 686 The default MTU for IP packets on 802.11p is 1500 octets. It is the 687 same value as IPv6 packets on Ethernet links, as specified in 688 [RFC2464]. This value of the MTU respects the recommendation that 689 every link in the Internet must have a minimum MTU of 1280 octets 690 (stated in [RFC2460], and the recommendations therein, especially 691 with respect to fragmentation). If IPv6 packets of size larger than 692 1500 bytes are sent on an 802.11-OCB interface then the IP stack will 693 fragment into more IP packets, depending on the initial size. In 694 case there are IP fragments, the field "Sequence number" of the 695 802.11 Data header containing the IP fragment field is increased. 697 It is possible to send IP packets of size bigger than the MTU of 1500 698 bytes without the IP fragmentation mechanism to be involved. 699 However, in such cases it is not safe to assume that the on-link 700 receiver understands it and does not send a "Packet too Big" ICMPv6 701 message back - it likely will. 703 It is possible to set the MTU value on an interface to a value 704 smaller than 1500 bytes, and thus trigger IP fragmentation for 705 packets larger than that value. For example, set the MTU to 500 706 bytes and the IP fragmentation will generate IP fragments as soon as 707 IP packets to be sent are larger than 500 bytes. However, the lowest 708 such limit is 255 bytes. It is not possible to set an MTU of 254 709 bytes or lower on an interface. 711 It is possible that the MAC layer fragments as well (in addition to 712 the IP layer performing fragmentation). The 802.11 Data Header 713 includes a "Fragment number" field and a "More Fragments" field. 714 This former is set to 0 usually. 716 It is possible that the application layer fragments. 718 Non-IP packets such as WAVE Short Message Protocol (WSMP) can be 719 delivered on 802.11-OCB links. Specifications of these packets are 720 out of scope of this document, and do not impose any limit on the MTU 721 size, allowing an arbitrary number of 'containers'. Non-IP packets 722 such as ETSI 'geonet' packets have an MTU of 1492 bytes. 724 The Equivalent Transmit Time on Channel is a concept that may be used 725 as an alternative to the MTU concept. A rate of transmission may be 726 specified as well. The ETTC, rate and MTU may be in direct 727 relationship. 729 6.2. Frame Format 731 IP packets are transmitted over 802.11p as standard Ethernet packets. 732 As with all 802.11 frames, an Ethernet adaptation layer is used with 733 802.11p as well. This Ethernet Adaptation Layer 802.11-to-Ethernet 734 is described in Section 6.2.1. The Ethernet Type code (EtherType) 735 for IPv6 is 0x86DD (hexadecimal 86DD, or otherwise #86DD). The 736 EtherType code for IPv4 is 0x0800. 738 The Frame format for transmitting IPv6 on 802.11p networks is the 739 same as transmitting IPv6 on Ethernet networks, and is described in 740 section 3 of [RFC2464]. The Frame format for transmitting IPv4 on 741 802.11p networks is the same as transmitting IPv4 on Ethernet 742 networks and is described in [RFC0894]. For sake of completeness, 743 the frame format for transmitting IPv6 over Ethernet is illustrated 744 below: 746 0 1 747 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 748 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 749 | Destination | 750 +- -+ 751 | Ethernet | 752 +- -+ 753 | Address | 754 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 755 | Source | 756 +- -+ 757 | Ethernet | 758 +- -+ 759 | Address | 760 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 761 |1 0 0 0 0 1 1 0 1 1 0 1 1 1 0 1| 762 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 763 | IPv6 | 764 +- -+ 765 | header | 766 +- -+ 767 | and | 768 +- -+ 769 / payload ... / 770 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 771 (Each tic mark represents one bit.) 773 6.2.1. Ethernet Adaptation Layer 775 In general, an 'adaptation' layer is inserted between a MAC layer and 776 the Networking layer. This is used to transform some parameters 777 between their form expected by the IP stack and the form provided by 778 the MAC layer. For example, an 802.15.4 adaptation layer may perform 779 fragmentation and reassembly operations on a MAC whose maximum Packet 780 Data Unit size is smaller than the minimum MTU recognized by the IPv6 781 Networking layer. Other examples involve link-layer address 782 transformation, packet header insertion/removal, and so on. 784 An Ethernet Adaptation Layer makes an 802.11 MAC look to IP 785 Networking layer as a more traditional Ethernet layer. At reception, 786 this layer takes as input the IEEE 802.11 Data Header and the 787 Logical-Link Layer Control Header and produces an Ethernet II Header. 788 At sending, the reverse operation is performed. 790 +--------------------+-------------+-------------+---------+ 791 | 802.11 Data Header | LLC Header | IPv6 Header | Payload | 792 +--------------------+-------------+-------------+---------+ 793 ^ 794 | 795 802.11-to-Ethernet Adaptation Layer 796 | 797 v 799 +---------------------+-------------+---------+ 800 | Ethernet II Header | IPv6 Header | Payload | 801 +---------------------+-------------+---------+ 803 The Receiver and Transmitter Address fields in the 802.11 Data Header 804 contain the same values as the Destination and the Source Address 805 fields in the Ethernet II Header, respectively. The value of the 806 Type field in the LLC Header is the same as the value of the Type 807 field in the Ethernet II Header. The other fields in the Data and 808 LLC Headers are not used by the IPv6 stack. 810 When the MTU value is smaller than the size of the IP packet to be 811 sent, the IP layer fragments the packet into multiple IP fragments. 812 During this operation, the "Sequence number" field of the 802.11 Data 813 Header is increased. 815 IPv6 packets can be transmitted as "IEEE 802.11 Data" or 816 alternatively as "IEEE 802.11 QoS Data". 818 IEEE 802.11 Data IEEE 802.11 QoS Data 819 Logical-Link Control Logical-Link Control 820 IPv6 Header IPv6 Header 822 The value of the field "Type/Subtype" in the 802.11 Data header is 823 0x0020. The value of the field "Type/Subtype" in the 802.11 QoS 824 header is 0x0028. 826 6.2.2. MAC Address Resolution 828 For IPv4, Address Resolution Protocol (ARP) [RFC0826] is used to 829 determine the MAC address used for an IPv4 address, exactly as is 830 done for Ethernet. 832 6.3. Link-Local Addresses 834 For IPv6, the link-local address of an 802.11p interface is formed in 835 the same manner as on an Ethernet interface. This manner is 836 described in section 5 of [RFC2464]. 838 For IPv4, link-local addressing is described in [RFC3927]. 840 6.4. Address Mapping 842 For unicast as for multicast, there is no change from the unicast and 843 multicast address mapping format of Ethernet interfaces, as defined 844 by sections 6 and 7 of [RFC2464]. 846 (however, there is discussion about geography, networking and IPv6 847 multicast addresses: geographical dissemination of IPv6 data over 848 802.11p may be useful in traffic jams, for example). 850 6.4.1. Address Mapping -- Unicast 852 6.4.2. Address Mapping -- Multicast 854 IPv6 protocols often make use of IPv6 multicast addresses in the 855 destination field of IPv6 headers. For example, an ICMPv6 link- 856 scoped Neighbor Advertisement is sent to the IPv6 address ff02::1 857 denoted "all-nodes" address. When transmitting these packets on 858 802.11-OCB links it is necessary to map the IPv6 address to a MAC 859 address. 861 The same mapping requirement applies to the link-scoped multicast 862 addresses of other IPv6 protocols as well. In DHCPv6, the 863 "All_DHCP_Servers" IPv6 multicast address ff02::1:2, and in OSPF the 864 "All_SPF_Routers" IPv6 multicast address ff02::5, need to be mapped 865 on a multicast MAC address. 867 An IPv6 packet with a multicast destination address DST, consisting 868 of the sixteen octets DST[1] through DST[16], is transmitted to the 869 IEEE 802.11-OCB MAC multicast address whose first two octets are the 870 value 0x3333 and whose last four octets are the last four octets of 871 DST. 873 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 874 |0 0 1 1 0 0 1 1|0 0 1 1 0 0 1 1| 875 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 876 | DST[13] | DST[14] | 877 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 878 | DST[15] | DST[16] | 879 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 881 Other than link-scope addressing, it may be possible to conceive 882 other IPv6 multicast addresses for specific use in vehicular 883 communication scenarios. For example, certain vehicle types (or road 884 infrastructure equipment) in a zone can be denoted by an IPv6 885 multicast address: "all-yellow-taxis-in-street", or "all-uber-cars". 886 This helps sending a message to these particular types of vehicles, 887 instead of sending to all vehicles in that same street. The 888 protocols SDP and LLDP could further be used in managing this as a 889 service. 891 It may be possible to map parts of other-than-link-scope IPv6 892 multicast address (e.g. parts of a global-scope IPv6 multicast 893 address) into parts of a 802.11-OCB MAC address. This may help 894 certain IPv6 operations. 896 A Group ID TBD of length 112bits may be requested from IANA; this 897 Group ID signifies "All 80211OCB Interfaces Address". Only the least 898 32 significant bits of this "All 80211OCB Interfaces Address" will be 899 mapped to and from a MAC multicast address. 901 Alternatively, instead of 0x3333 address other addresses reserved at 902 IEEE can be considered. The Group MAC addresses reserved at IEEE are 903 listed at https://standards.ieee.org/develop/regauth/grpmac/ 904 public.html (address browsed in July 2016). 906 6.5. Stateless Autoconfiguration 908 The Interface Identifier for an 802.11p interface is formed using the 909 same rules as the Interface Identifier for an Ethernet interface; 910 this is described in section 4 of [RFC2464]. No changes are needed, 911 but some care must be taken when considering the use of the SLAAC 912 procedure. 914 For example, the Interface Identifier for an 802.11p interface whose 915 built-in address is, in hexadecimal: 917 30-14-4A-D9-F9-6C 919 would be 921 32-14-4A-FF-FE-D9-F9-6C. 923 The bits in the the interface identifier have no generic meaning and 924 the identifier should be treated as an opaque value. The bits 925 'Universal' and 'Group' in the identifier of an 802.11p interface are 926 significant, as this is a IEEE link-layer address. The details of 927 this significance are described in [I-D.ietf-6man-ug]. 929 As with all Ethernet and 802.11 interface identifiers, the identifier 930 of an 802.11p interface may involve privacy risks. A vehicle 931 embarking an On-Board Unit whose egress interface is 802.11p may 932 expose itself to eavesdropping and subsequent correlation of data; 933 this may reveal data considered private by the vehicle owner. The 934 address generation mechanism should consider these aspects, as 935 described in [I-D.ietf-6man-ipv6-address-generation-privacy]. 937 6.6. Subnet Structure 939 In this section the subnet structure may be described: the addressing 940 model (are multi-link subnets considered?), address resolution, 941 multicast handling, packet forwarding between IP subnets. 942 Alternatively, this section may be spinned off into a separate 943 document. 945 The 802.11p networks, much like other 802.11 networks, may be 946 considered as 'ad-hoc' networks. The addressing model for such 947 networks is described in [RFC5889]. 949 The SLAAC procedure makes the assumption that if a packet is 950 retransmitted a fixed number of times (typically 3, but it is link 951 dependent), any connected host receives the packet with high 952 probability. On ad-hoc links (when 802.11p is operated in OCB mode, 953 the link can be considered as 'ad-hoc'), both the hidden terminal 954 problem and mobility-range considerations make this assumption 955 incorrect. Therefore, SLAAC should not be used when address 956 collisions can induce critical errors in upper layers. 958 Some aspects of multi-hop ad-hoc wireless communications which are 959 relevant to the use of 802.11p (e.g. the 'hidden' node) are described 960 in [I-D.baccelli-multi-hop-wireless-communication]. 962 When operating in OCB mode, it may be appropriate to use a 6LoWPAN 963 adaptation layer [RFC6775]. However, it should be noted that the use 964 6lowpan adaptation layer is comparable with the use of Ethernet to 965 802.11 adaptation layer. 967 7. Handovers between OCB links 969 A station operating IEEE 802.11p in the 5.9 GHz band in US or EU is 970 required to send data frames outside the context of a BSS. In this 971 case, the station does not utilize the IEEE 802.11 authentication, 972 association, or data confidentiality services. This avoids the 973 latency associated with establishing a BSS and is particularly suited 974 to communications between mobile stations or between a mobile station 975 and a fixed one playing the role of the default router (e.g. a fixed 976 Road-Side Unit a.k.a RSU acting as an infrastructure router). 978 The process of movement detection is described in section 11.5.1 of 979 [RFC6275]. In the context of 802.11p deployments, detecting 980 movements between two adjacent RSUs becomes harder for the moving 981 stations: they cannot rely on Layer-2 triggers (such as L2 982 association/de-association phases) to detect when they leave the 983 vicinity of an RSU and move within coverage of another RSU. In such 984 case, the movement detection algorithms require other triggers. We 985 detail below the potential other indications that can be used by a 986 moving station in order to detect handovers between OCB ("Outside the 987 Context of a BSS") links. 989 A movement detection mechanism may take advantage of positioning data 990 (latitude and longitude). 992 Mobile IPv6 [RFC6275] specifies a new Router Advertisement option 993 called the "Advertisement Interval Option". It can be used by an RSU 994 to indicate the maximum interval between two consecutive unsolicited 995 Router Advertisement messages sent by this RSU. With this option, a 996 moving station can learn when it is supposed to receive the next RA 997 from the same RSU. This can help movement detection: if the 998 specified amount of time elapses without the moving station receiving 999 any RA from that RSU, this means that the RA has been lost. It is up 1000 to the moving node to determine how many lost RAs from that RSU 1001 constitutes a handover trigger. 1003 In addition to the Mobile IPv6 "Advertisement Interval Option", the 1004 Neighbor Unreachability Detection (NUD) [RFC4861] can be used to 1005 determine whether the RSU is still reachable or not. In this 1006 context, reachability confirmation would basically consist in 1007 receiving a Neighbor Advertisement message from a RSU, in response to 1008 a Neighbor Solicitation message sent by the moving station. The RSU 1009 should also configure a low Reachable Time value in its RA in order 1010 to ensure that a moving station does not assume an RSU to be 1011 reachable for too long. 1013 The Mobile IPv6 "Advertisement Interval Option" as well as the NUD 1014 procedure only help knowing if the RSU is still reachable by the 1015 moving station. It does not provide the moving station with 1016 information about other potential RSUs that might be in range. For 1017 this purpose, increasing the RA frequency could reduce the delay to 1018 discover the next RSU. The Neighbor Discovery protocol [RFC4861] 1019 limits the unsolicited multicast RA interval to a minimum of 3 1020 seconds (the MinRtrAdvInterval variable). This value is too high for 1021 dense deployments of Access Routers deployed along fast roads. The 1022 protocol Mobile IPv6 [RFC6275] allows routers to send such RA more 1023 frequently, with a minimum possible of 0.03 seconds (the same 1024 MinRtrAdvInterval variable): this should be preferred to ensure a 1025 faster detection of the potential RSUs in range. 1027 If multiple RSUs are in the vicinity of a moving station at the same 1028 time, the station may not be able to choose the "best" one (i.e. the 1029 one that would afford the moving station spending the longest time in 1030 its vicinity, in order to avoid too frequent handovers). In this 1031 case, it would be helpful to base the decision on the signal quality 1032 (e.g. the RSSI of the received RA provided by the radio driver). A 1033 better signal would probably offer a longer coverage. If, in terms 1034 of RA frequency, it is not possible to adopt the recommendations of 1035 protocol Mobile IPv6 (but only the Neighbor Discovery specification 1036 ones, for whatever reason), then another message than the RA could be 1037 emitted periodically by the Access Router (provided its specification 1038 allows to send it very often), in order to help the Host determine 1039 the signal quality. One such message may be the 802.11p's Time 1040 Advertisement, or higher layer messages such as the "Basic Safety 1041 Message" (in the US) or the "Cooperative Awareness Message " (in the 1042 EU), that are usually sent several times per second. Another 1043 alternative replacement for the IPv6 Router Advertisement may be the 1044 message 'WAVE Routing Advertisement' (WRA), which is part of the WAVE 1045 Service Advertisement and which may contain optionally the 1046 transmitter location; this message is described in section 8.2.5 of 1047 [ieeep1609.3-D9-2010]. 1049 Once the choice of the default router has been performed by the 1050 moving node, it can be interesting to use Optimistic DAD [RFC4429] in 1051 order to speed-up the address auto-configuration and ensure the 1052 fastest possible Layer-3 handover. 1054 To summarize, efficient handovers between OCB links can be performed 1055 by using a combination of existing mechanisms. In order to improve 1056 the default router unreachability detection, the RSU and moving 1057 stations should use the Mobile IPv6 "Advertisement Interval Option" 1058 as well as rely on the NUD mechanism. In order to allow the moving 1059 station to detect potential default router faster, the RSU should 1060 also be able to be configured with a smaller minimum RA interval such 1061 as the one recommended by Mobile IPv6. When multiple RSUs are 1062 available at the same time, the moving station should perform the 1063 handover decision based on the signal quality. Finally, optimistic 1064 DAD can be used to reduce the handover delay. 1066 The Received Frame Power Level (RCPI) defined in IEEE Std 1067 802.11-2012, conditioned by the dotOCBActived flag, is an information 1068 element which contains a value expressing the power level at which 1069 that frame was received. This value may be used in comparing power 1070 levels when triggering IP handovers. 1072 8. Example IPv6 Packet captured over a IEEE 802.11p link 1074 We remind that a main goal of this document is to make the case that 1075 IPv6 works fine over 802.11p networks. Consequently, this section is 1076 an illustration of this concept and thus can help the implementer 1077 when it comes to running IPv6 over IEEE 802.11p. By way of example 1078 we show that there is no modification in the headers when transmitted 1079 over 802.11p networks - they are transmitted like any other 802.11 1080 and Ethernet packets. 1082 We describe an experiment of capturing an IPv6 packet captured on an 1083 802.11p link. In this experiment, the packet is an IPv6 Router 1084 Advertisement. This packet is emitted by a Router on its 802.11p 1085 interface. The packet is captured on the Host, using a network 1086 protocol analyzer (e.g. Wireshark); the capture is performed in two 1087 different modes: direct mode and 'monitor' mode. The topology used 1088 during the capture is depicted below. 1090 +--------+ +-------+ 1091 | | 802.11-OCB Link | | 1092 ---| Router |--------------------------------| Host | 1093 | | | | 1094 +--------+ +-------+ 1096 During several capture operations running from a few moments to 1097 several hours, no message relevant to the BSSID contexts were 1098 captured (no Association Request/Response, Authentication Req/Resp, 1099 Beacon). This shows that the operation of 802.11p is outside the 1100 context of a BSSID. 1102 Overall, the captured message is identical with a capture of an IPv6 1103 packet emitted on a 802.11b interface. The contents are precisely 1104 similar. 1106 The popular wireshark network protocol analyzer is a free software 1107 tool for Windows and Unix. It includes a dissector for 802.11p 1108 features along with all other 802.11 features (i.e. it displays these 1109 features in a human-readable format). 1111 8.1. Capture in Monitor Mode 1113 The IPv6 RA packet captured in monitor mode is illustrated below. 1114 The radio tap header provides more flexibility for reporting the 1115 characteristics of frames. The Radiotap Header is prepended by this 1116 particular stack and operating system on the Host machine to the RA 1117 packet received from the network (the Radiotap Header is not present 1118 on the air). The implementation-dependent Radiotap Header is useful 1119 for piggybacking PHY information from the chip's registers as data in 1120 a packet understandable by userland applications using Socket 1121 interfaces (the PHY interface can be, for example: power levels, data 1122 rate, ratio of signal to noise). 1124 The packet present on the air is formed by IEEE 802.11 Data Header, 1125 Logical Link Control Header, IPv6 Base Header and ICMPv6 Header. 1127 Radiotap Header v0 1128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1129 |Header Revision| Header Pad | Header length | 1130 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1131 | Present flags | 1132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1133 | Data Rate | Pad | 1134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1136 IEEE 802.11 Data Header 1137 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1138 | Type/Subtype and Frame Ctrl | Duration | 1139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1140 | Receiver Address... 1141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1142 ... Receiver Address | Transmitter Address... 1143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1144 ... Transmitter Address | 1145 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1146 | BSS Id... 1147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1148 ... BSS Id | Frag Number and Seq Number | 1149 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1151 Logical-Link Control Header 1152 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1153 | DSAP |I| SSAP |C| Control field | Org. code... 1154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1155 ... Organizational Code | Type | 1156 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1158 IPv6 Base Header 1159 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1160 |Version| Traffic Class | Flow Label | 1161 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1162 | Payload Length | Next Header | Hop Limit | 1163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1164 | | 1165 + + 1166 | | 1167 + Source Address + 1168 | | 1169 + + 1170 | | 1171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1172 | | 1173 + + 1174 | | 1175 + Destination Address + 1176 | | 1177 + + 1178 | | 1179 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1181 Router Advertisement 1182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1183 | Type | Code | Checksum | 1184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1185 | Cur Hop Limit |M|O| Reserved | Router Lifetime | 1186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1187 | Reachable Time | 1188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1189 | Retrans Timer | 1190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1191 | Options ... 1192 +-+-+-+-+-+-+-+-+-+-+-+- 1194 The value of the Data Rate field in the Radiotap header is set to 6 1195 Mb/s. This indicates the rate at which this RA was received. 1197 The value of the Transmitter address in the IEEE 802.11 Data Header 1198 is set to a 48bit value. The value of the destination address is 1199 33:33:00:00:00:1 (all-nodes multicast address). The value of the BSS 1200 Id field is ff:ff:ff:ff:ff:ff, which is recognized by the network 1201 protocol analyzer as being "broadcast". The Fragment number and 1202 sequence number fields are together set to 0x90C6. 1204 The value of the Organization Code field in the Logical-Link Control 1205 Header is set to 0x0, recognized as "Encapsulated Ethernet". The 1206 value of the Type field is 0x86DD (hexadecimal 86DD, or otherwise 1207 #86DD), recognized as "IPv6". 1209 A Router Advertisement is periodically sent by the router to 1210 multicast group address ff02::1. It is an icmp packet type 134. The 1211 IPv6 Neighbor Discovery's Router Advertisement message contains an 1212 8-bit field reserved for single-bit flags, as described in [RFC4861]. 1214 The IPv6 header contains the link local address of the router 1215 (source) configured via EUI-64 algorithm, and destination address set 1216 to ff02::1. Recent versions of network protocol analyzers (e.g. 1217 Wireshark) provide additional informations for an IP address, if a 1218 geolocalization database is present. In this example, the 1219 geolocalization database is absent, and the "GeoIP" information is 1220 set to unknown for both source and destination addresses (although 1221 the IPv6 source and destination addresses are set to useful values). 1222 This "GeoIP" can be a useful information to look up the city, 1223 country, AS number, and other information for an IP address. 1225 The Ethernet Type field in the logical-link control header is set to 1226 0x86dd which indicates that the frame transports an IPv6 packet. In 1227 the IEEE 802.11 data, the destination address is 33:33:00:00:00:01 1228 which is he corresponding multicast MAC address. The BSS id is a 1229 broadcast address of ff:ff:ff:ff:ff:ff. Due to the short link 1230 duration between vehicles and the roadside infrastructure, there is 1231 no need in IEEE 802.11p to wait for the completion of association and 1232 authentication procedures before exchanging data. IEEE 802.11p 1233 enabled nodes use the wildcard BSSID (a value of all 1s) and may 1234 start communicating as soon as they arrive on the communication 1235 channel. 1237 8.2. Capture in Normal Mode 1239 The same IPv6 Router Advertisement packet described above (monitor 1240 mode) is captured on the Host, in the Normal mode, and depicted 1241 below. 1243 Ethernet II Header 1244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1245 | Destination... 1246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1247 ...Destination | Source... 1248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1249 ...Source | 1250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1251 | Type | 1252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1254 IPv6 Base Header 1255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1256 |Version| Traffic Class | Flow Label | 1257 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1258 | Payload Length | Next Header | Hop Limit | 1259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1260 | | 1261 + + 1262 | | 1263 + Source Address + 1264 | | 1265 + + 1266 | | 1267 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1268 | | 1269 + + 1270 | | 1271 + Destination Address + 1272 | | 1273 + + 1274 | | 1275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1277 Router Advertisement 1278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1279 | Type | Code | Checksum | 1280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1281 | Cur Hop Limit |M|O| Reserved | Router Lifetime | 1282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1283 | Reachable Time | 1284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1285 | Retrans Timer | 1286 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1287 | Options ... 1288 +-+-+-+-+-+-+-+-+-+-+-+- 1290 One notices that the Radiotap Header is not prepended, and that the 1291 IEEE 802.11 Data Header and the Logical-Link Control Headers are not 1292 present. On another hand, a new header named Ethernet II Header is 1293 present. 1295 The Destination and Source addresses in the Ethernet II header 1296 contain the same values as the fields Receiver Address and 1297 Transmitter Address present in the IEEE 802.11 Data Header in the 1298 "monitor" mode capture. 1300 The value of the Type field in the Ethernet II header is 0x86DD 1301 (recognized as "IPv6"); this value is the same value as the value of 1302 the field Type in the Logical-Link Control Header in the "monitor" 1303 mode capture. 1305 The knowledgeable experimenter will no doubt notice the similarity of 1306 this Ethernet II Header with a capture in normal mode on a pure 1307 Ethernet cable interface. 1309 It may be interpreted that an Adaptation layer is inserted in a pure 1310 IEEE 802.11 MAC packets in the air, before delivering to the 1311 applications. In detail, this adaptation layer may consist in 1312 elimination of the Radiotap, 802.11 and LLC headers and insertion of 1313 the Ethernet II header. In this way, it can be stated that IPv6 runs 1314 naturally straight over LLC over the 802.11p MAC layer, as shown by 1315 the use of the Type 0x86DD, and assuming an adaptation layer 1316 (adapting 802.11 LLC/MAC to Ethernet II header). 1318 9. Security Considerations 1320 802.11p does not provide any cryptographic protection, because it 1321 operates outside the context of a BSS (no Association Request/ 1322 Response, no Challenge messages). Any attacker can therefore just 1323 sit in the near range of vehicles, sniff the network (just set the 1324 interface card's frequency to the proper range) and perform attacks 1325 without needing to physically break any wall. Such a link is way 1326 less protected than commonly used links (wired link or protected 1327 802.11). 1329 At the IP layer, IPsec can be used to protect unicast communications, 1330 and SeND can be used for multicast communications. If no protection 1331 is used by the IP layer, upper layers should be protected. 1332 Otherwise, the end-user or system should be warned about the risks 1333 they run. 1335 The WAVE protocol stack provides for strong security when using the 1336 WAVE Short Message Protocol and the WAVE Service Advertisement 1337 [ieeep1609.2-D17]. 1339 As with all Ethernet and 802.11 interface identifiers, there may 1340 exist privacy risks in the use of 802.11p interface identifiers. 1341 However, in outdoors vehicular settings, the privacy risks are more 1342 important than in indoors settings. New risks are induced by the 1343 possibility of attacker sniffers deployed along routes which listen 1344 for IP packets of vehicles passing by. For this reason, in the 1345 802.11p deployments, there is a strong necessity to use protection 1346 tools such as dynamically changing MAC addresses. This may help 1347 mitigate privacy risks to a certain level. On another hand, it may 1348 have an impact in the way typical IPv6 address auto-configuration is 1349 performed for vehicles (SLAAC would rely on MAC addresses amd would 1350 hence dynamically change the affected IP address), in the way the 1351 IPv6 Privacy addresses were used, and other effects. 1353 10. IANA Considerations 1355 11. Contributors 1357 Romain Kuntz contributed extensively the concepts described in 1358 Section 7 about IPv6 handovers between links running outside the 1359 context of a BSS (802.11p links). 1361 Tim Leinmueller contributed the idea of the use of IPv6 over 1362 802.11-OCB for distribution of certificates. 1364 Marios Makassikis, Jose Santa Lozano, Albin Severinson and Alexey 1365 Voronov provided significant feedback on the experience of using IPv4 1366 and IPv6 messages over 802.11-OCB in initial trials. 1368 12. Acknowledgements 1370 The authors would like to thank Witold Klaudel, Ryuji Wakikawa, 1371 Emmanuel Baccelli, John Kenney, John Moring, Francois Simon, Dan 1372 Romascanu, Konstantin Khait, Ralph Droms, Richard Roy, Ray Hunter, 1373 Tom Kurihara, Michelle Wetterwald, Michal Sojka, Jan de Jongh, Suresh 1374 Krishnan, Dino Farinacci, Vincent Park and Gloria Gwynne. Their 1375 valuable comments clarified certain issues and generally helped to 1376 improve the document. 1378 Pierre Pfister, Rostislav Lisovy, and others, wrote 802.11-OCB 1379 drivers for linux and described how. 1381 For the multicast discussion, the authors would like to thank Owen 1382 DeLong, Joe Touch, Jen Linkova, Erik Kline, Brian Haberman and 1383 participants to discussions in network working groups. 1385 The authours would like to thank participants to the Birds-of- 1386 a-Feather "Intelligent Transportation Systems" meetings held at IETF 1387 in 2016. 1389 13. References 1391 13.1. Normative References 1393 [I-D.ietf-6man-ipv6-address-generation-privacy] 1394 Cooper, A., Gont, F., and D. Thaler, "Privacy 1395 Considerations for IPv6 Address Generation Mechanisms", 1396 draft-ietf-6man-ipv6-address-generation-privacy-08 (work 1397 in progress), September 2015. 1399 [I-D.ietf-6man-ug] 1400 Carpenter, B. and S. Jiang, "Significance of IPv6 1401 Interface Identifiers", draft-ietf-6man-ug-06 (work in 1402 progress), December 2013. 1404 [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or 1405 Converting Network Protocol Addresses to 48.bit Ethernet 1406 Address for Transmission on Ethernet Hardware", STD 37, 1407 RFC 826, DOI 10.17487/RFC0826, November 1982, 1408 . 1410 [RFC0894] Hornig, C., "A Standard for the Transmission of IP 1411 Datagrams over Ethernet Networks", STD 41, RFC 894, 1412 DOI 10.17487/RFC0894, April 1984, 1413 . 1415 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1416 Requirement Levels", BCP 14, RFC 2119, 1417 DOI 10.17487/RFC2119, March 1997, 1418 . 1420 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1421 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 1422 December 1998, . 1424 [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet 1425 Networks", RFC 2464, DOI 10.17487/RFC2464, December 1998, 1426 . 1428 [RFC3927] Cheshire, S., Aboba, B., and E. Guttman, "Dynamic 1429 Configuration of IPv4 Link-Local Addresses", RFC 3927, 1430 DOI 10.17487/RFC3927, May 2005, 1431 . 1433 [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, 1434 "Randomness Requirements for Security", BCP 106, RFC 4086, 1435 DOI 10.17487/RFC4086, June 2005, 1436 . 1438 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 1439 for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006, 1440 . 1442 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1443 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1444 DOI 10.17487/RFC4861, September 2007, 1445 . 1447 [RFC5889] Baccelli, E., Ed. and M. Townsley, Ed., "IP Addressing 1448 Model in Ad Hoc Networks", RFC 5889, DOI 10.17487/RFC5889, 1449 September 2010, . 1451 [RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility 1452 Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 1453 2011, . 1455 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1456 Bormann, "Neighbor Discovery Optimization for IPv6 over 1457 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1458 RFC 6775, DOI 10.17487/RFC6775, November 2012, 1459 . 1461 13.2. Informative References 1463 [etsi-302663-v1.2.1p-2013] 1464 "Intelligent Transport Systems (ITS); Access layer 1465 specification for Intelligent Transport Systems operating 1466 in the 5 GHz frequency band, 2013-07, document 1467 en_302663v010201p.pdf, document freely available at URL 1468 http://www.etsi.org/deliver/etsi_en/302600_302699/302663/ 1469 01.02.01_60/en_302663v010201p.pdf downloaded on October 1470 17th, 2013.". 1472 [etsi-draft-102492-2-v1.1.1-2006] 1473 "Electromagnetic compatibility and Radio spectrum Matters 1474 (ERM); Intelligent Transport Systems (ITS); Part 2: 1475 Technical characteristics for pan European harmonized 1476 communications equipment operating in the 5 GHz frequency 1477 range intended for road safety and traffic management, and 1478 for non-safety related ITS applications; System Reference 1479 Document, Draft ETSI TR 102 492-2 V1.1.1, 2006-07, 1480 document tr_10249202v010101p.pdf freely available at URL 1481 http://www.etsi.org/deliver/etsi_tr/102400_102499/ 1482 10249202/01.01.01_60/tr_10249202v010101p.pdf downloaded on 1483 October 18th, 2013.". 1485 [fcc-cc] "'Report and Order, Before the Federal Communications 1486 Commission Washington, D.C. 20554', FCC 03-324, Released 1487 on February 10, 2004, document FCC-03-324A1.pdf, document 1488 freely available at URL 1489 http://www.its.dot.gov/exit/fcc_edocs.htm downloaded on 1490 October 17th, 2013.". 1492 [fcc-cc-172-184] 1493 "'Memorandum Opinion and Order, Before the Federal 1494 Communications Commission Washington, D.C. 20554', FCC 1495 06-10, Released on July 26, 2006, document FCC- 1496 06-110A1.pdf, document freely available at URL 1497 http://hraunfoss.fcc.gov/edocs_public/attachmatch/ 1498 FCC-06-110A1.pdf downloaded on June 5th, 2014.". 1500 [I-D.baccelli-multi-hop-wireless-communication] 1501 Baccelli, E. and C. Perkins, "Multi-hop Ad Hoc Wireless 1502 Communication", draft-baccelli-multi-hop-wireless- 1503 communication-06 (work in progress), July 2011. 1505 [I-D.petrescu-its-scenarios-reqs] 1506 Petrescu, A., Janneteau, C., Boc, M., and W. Klaudel, 1507 "Scenarios and Requirements for IP in Intelligent 1508 Transportation Systems", draft-petrescu-its-scenarios- 1509 reqs-03 (work in progress), October 2013. 1511 [ieee16094] 1512 "1609.2-2016 - IEEE Standard for Wireless Access in 1513 Vehicular Environments--Security Services for Applications 1514 and Management Messages; document freely available at URL 1515 https://standards.ieee.org/findstds/ 1516 standard/1609.2-2016.html retrieved on July 08th, 2016.". 1518 [ieee802.11-2012] 1519 "802.11-2012 - IEEE Standard for Information technology-- 1520 Telecommunications and information exchange between 1521 systems Local and metropolitan area networks--Specific 1522 requirements Part 11: Wireless LAN Medium Access Control 1523 (MAC) and Physical Layer (PHY) Specifications. Downloaded 1524 on October 17th, 2013, from IEEE Standards, document 1525 freely available at URL 1526 http://standards.ieee.org/findstds/ 1527 standard/802.11-2012.html retrieved on October 17th, 1528 2013.". 1530 [ieee802.11p-2010] 1531 "IEEE Std 802.11p(TM)-2010, IEEE Standard for Information 1532 Technology - Telecommunications and information exchange 1533 between systems - Local and metropolitan area networks - 1534 Specific requirements, Part 11: Wireless LAN Medium Access 1535 Control (MAC) and Physical Layer (PHY) Specifications, 1536 Amendment 6: Wireless Access in Vehicular Environments; 1537 document freely available at URL 1538 http://standards.ieee.org/getieee802/ 1539 download/802.11p-2010.pdf retrieved on September 20th, 1540 2013.". 1542 [ieeep1609.0-D2] 1543 "IEEE P1609.0/D2 Draft Guide for Wireless Access in 1544 Vehicular Environments (WAVE) Architecture. pdf, length 1545 879 Kb. Restrictions apply.". 1547 [ieeep1609.2-D17] 1548 "IEEE P1609.2(tm)/D17 Draft Standard for Wireless Access 1549 in Vehicular Environments - Security Services for 1550 Applications and Management Messages. pdf, length 2558 1551 Kb. Restrictions apply.". 1553 [ieeep1609.3-D9-2010] 1554 "IEEE P1609.3(tm)/D9, Draft Standard for Wireless Access 1555 in Vehicular Environments (WAVE) - Networking Services, 1556 August 2010. Authorized licensed use limited to: CEA. 1557 Downloaded on June 19, 2013 at 07:32:34 UTC from IEEE 1558 Xplore. Restrictions apply, document at persistent link 1559 http://ieeexplore.ieee.org/servlet/opac?punumber=5562705". 1561 [ieeep1609.4-D9-2010] 1562 "IEEE P1609.4(tm)/D9 Draft Standard for Wireless Access in 1563 Vehicular Environments (WAVE) - Multi-channel Operation. 1564 Authorized licensed use limited to: CEA. Downloaded on 1565 June 19, 2013 at 07:34:48 UTC from IEEE Xplore. 1566 Restrictions apply. Document at persistent link 1567 http://ieeexplore.ieee.org/servlet/opac?punumber=5551097". 1569 [ipv6-80211p-its] 1570 Shagdar, O., Tsukada, M., Kakiuchi, M., Toukabri, T., and 1571 T. Ernst, "Experimentation Towards IPv6 over IEEE 802.11p 1572 with ITS Station Architecture", International Workshop on 1573 IPv6-based Vehicular Networks, (colocated with IEEE 1574 Intelligent Vehicles Symposium), URL: 1575 http://hal.inria.fr/hal-00702923/en, Downloaded on: 24 1576 October 2013, Availability: free at some sites, paying at 1577 others, May 2012. 1579 [ipv6-wave] 1580 Clausen, T., Baccelli, E., and R. Wakikawa, "IPv6 1581 Operation for WAVE - Wireless Access in Vehicular 1582 Environments", Rapport de Recherche INRIA, number 7383, 1583 URL: http://hal.inria.fr/inria-00517909/, Downloaded on: 1584 24 October 2013, Availability: free at some sites, 1585 September 2010. 1587 [TS103097] 1588 "Intelligent Transport Systems (ITS); Security; Security 1589 header and certificate formats; document freely available 1590 at URL http://www.etsi.org/deliver/ 1591 etsi_ts/103000_103099/103097/01.01.01_60/ 1592 ts_103097v010101p.pdf retrieved on July 08th, 2016.". 1594 [vip-wave] 1595 Cespedes, S., Lu, N., and X. Shen, "VIP-WAVE: On the 1596 Feasibility of IP Communications in 802.11p Vehicular 1597 Networks", IEEE Transactions on Intelligent Transportation 1598 Systems, Volume 14, Issue 1, URL and Digital Object 1599 Identifier: http://dx.doi.org/10.1109/TITS.2012.2206387, 1600 Downloaded on: 24 October 2013, Availability: free at 1601 some sites, paying at others, March 2013. 1603 Appendix A. ChangeLog 1605 The changes are listed in reverse chronological order, most recent 1606 changes appearing at the top of the list. 1608 From draft-petrescu-ipv6-over-80211p-02.txt to draft-petrescu-ipv6- 1609 over-80211p-03.txt: 1611 o Added clarification about the "OCBActivated" qualifier in the the 1612 new IEEE 802.11-2012 document; this IEEE document integrates now 1613 all earlier 802.11p features; this also signifies the 1614 dissapearance of an IEEE IEEE 802.11p document altogether. 1616 o Added explanation about FCC not prohibiting IP on channels, and 1617 comments about engineering advice and reliability of IP messages. 1619 o Added possibility to use 6lowpan adaptation layer when in OCB 1620 mode. 1622 o Added appendix about the distribution of certificates to vehicles 1623 by using IPv6-over-802.11p single-hop communications. 1625 o Refined the explanation of 'half-rate' mode. 1627 o Added the privacy concerns and necessity of and potential effects 1628 of dynamically changing MAC addresses. 1630 From draft-petrescu-ipv6-over-80211p-01.txt to draft-petrescu-ipv6- 1631 over-80211p-02.txt: 1633 o updated authorship. 1635 o added explanation about FCC not prohibiting IP on channels, and 1636 comments about engineering advice and reliability of IP messages. 1638 o added possibility to use 6lowpan adaptation layer when in OCB 1639 mode. 1641 o added appendix about the distribution of certificates to vehicles 1642 by using IPv6-over-802.11p single-hop communications. 1644 o refined the explanation of 'half-rate' mode. 1646 o added the privacy concerns and necessity of and potential effects 1647 of dynamically changing MAC addresses. 1649 From draft-petrescu-ipv6-over-80211p-00.txt to draft-petrescu-ipv6- 1650 over-80211p-01.txt: 1652 o updated one author's affiliation detail. 1654 o added 2 more references to published literature about IPv6 over 1655 802.11p. 1657 From draft-petrescu-ipv6-over-80211p-00.txt to draft-petrescu-ipv6- 1658 over-80211p-00.txt: 1660 o first version. 1662 Appendix B. Explicit Prohibition of IPv6 on Channels Related to ITS 1663 Scenarios using 802.11p Networks - an Analysis 1665 B.1. Interpretation of FCC and ETSI documents with respect to running 1666 IP on particular channels 1668 o The FCC created the term "Control Channel" [fcc-cc]. For it, it 1669 defines the channel number to be 178 decimal, and positions it 1670 with a 10MHz width from 5885MHz to 5895MHz. The FCC rules point 1671 to standards document ASTM-E2213 (not freely available at the time 1672 of writing of this draft); in an interpretation of a reviewer of 1673 this document, this means not making any restrictions to the use 1674 of IP on the control channel. 1676 o The FCC created two more terms for particular channels 1677 [fcc-cc-172-184], among others. The channel 172 (5855MHz to 1678 5865MHz)) is designated "exclusively for [V2V] safety 1679 communications for accident avoidance and mitigation, and safety 1680 of life and property applications", and the channel 184 (5915MHz 1681 to 5925MHz) is designated "exclusively for high-power, longer- 1682 distance communications to be used for public-safety applications 1683 involving safety of life and property, including road-intersection 1684 collision mitigation". However, they are not named "control" 1685 channels, and the document does not mention any particular 1686 restriction on the use of IP on either of these channels. 1688 o On another hand, at IEEE, IPv6 is explicitely prohibited on 1689 channel number 178 decimal - the FCC's 'Control Channel'. The 1690 document [ieeep1609.4-D9-2010] prohibits upfront the use of IPv6 1691 traffic on the Control Channel: 'data frames containing IP 1692 datagrams are only allowed on service channels'. Other 'Service 1693 Channels' are allowed to use IP, but the Control Channel is not. 1695 o In Europe, basically ETSI considers FCC's "Control Channel" to be 1696 a "Service Channel", and defines a "Control Channel" to be in a 1697 slot considered by FCC as a "Service Channel". In detail, FCC's 1698 "Control Channel" number 178 decimal with 10MHz width (5885MHz to 1699 5895MHz) is defined by ETSI to be a "Service Channel", and is 1700 named 'G5-SCH2' [etsi-302663-v1.2.1p-2013]. This channel is 1701 dedicated to 'ITS Road Safety' by ETSI. Other channels are 1702 dedicated to 'ITS road traffic efficiency' by ETSI. The ETSI's 1703 "Control Channel" - the "G5-CCH" - number 180 decimal (not 178) is 1704 reserved as a 10MHz-width centered on 5900MHz (5895MHz to 5905MHz) 1705 (the 5895MHz-5905MHz channel is a Service Channel for FCC). 1706 Compared to IEEE, ETSI makes no upfront statement with respect to 1707 IP and particular channels; yet it relates the 'In car Internet' 1708 applications ('When nearby a stationary public internet access 1709 point (hotspot), application can use standard IP services for 1710 applications.') to the 'Non-safety-related ITS application' 1711 [etsi-draft-102492-2-v1.1.1-2006]. Under an interpretation of an 1712 author of this Internet Draft, this may mean ETSI may forbid IP on 1713 the 'ITS Road Safety' channels, but may allow IP on 'ITS road 1714 traffic efficiency' channels, or on other 5GHz channels re-used 1715 from BRAN (also dedicated to Broadband Radio Access Networks). 1717 o At EU level in ETSI (but not some countries in EU with varying 1718 adoption levels) the highest power of transmission of 33 dBm is 1719 allowed, but only on two separate 10Mhz-width channels centered on 1720 5900MHz and 5880MHz respectively. It may be that IPv6 is not 1721 allowed on these channels (in the other 'ITS' channels where IP 1722 may be allowed, the levels vary between 20dBm, 23 dBm and 30 dBm; 1723 in some of these channels IP is allowed). A high-power of 1724 transmission means that vehicles may be distanced more 1725 (intuitively, for 33 dBm approximately 2km is possible, and for 20 1726 dBm approximately 50meter). 1728 B.2. Interpretations of Latencies of IP datagrams 1730 IPv6 may be "allowed" on any channel. Certain interpretations 1731 consider that communicating IP datagrams may involve longer latencies 1732 than non-IP datagrams; this may make them little adapted for safety 1733 applications which require fast reaction. Certain other views 1734 disagree with this, arguing that IP datagrams are transmitted at the 1735 same speed as any other non-IP datagram and may thus offer same level 1736 of reactivity for safety applications. 1738 Appendix C. Changes Needed on a software driver 802.11a to become a 1739 802.11p driver 1741 The 802.11p amendment modifies both the 802.11 stack's physical and 1742 MAC layers but all the induced modifications can be quite easily 1743 obtained by modifying an existing 802.11a ad-hoc stack. 1745 Conditions for a 802.11a hardware to be 802.11p compliant: 1747 o The chip must support the frequency bands on which the regulator 1748 recommends the use of ITS communications, for example using IEEE 1749 802.11p layer, in France: 5875MHz to 5925MHz. 1751 o The chip must support the half-rate mode (the internal clock 1752 should be able to be divided by two). 1754 o The chip transmit spectrum mask must be compliant to the "Transmit 1755 spectrum mask" from the IEEE 802.11p amendment (but experimental 1756 environments tolerate otherwise). 1758 o The chip should be able to transmit up to 44.8 dBm when used by 1759 the US government in the United States, and up to 33 dBm in 1760 Europe; other regional conditions apply. 1762 Changes needed on the network stack in OCB mode: 1764 o Physical layer: 1766 * The chip must use the Orthogonal Frequency Multiple Access 1767 (OFDM) encoding mode. 1769 * The chip must be set in half-mode rate mode (the internal clock 1770 frequency is divided by two). 1772 * The chip must use dedicated channels and should allow the use 1773 of higher emission powers. This may require modifications to 1774 the regulatory domains rules, if used by the kernel to enforce 1775 local specific restrictions. Such modifications must respect 1776 the location-specific laws. 1778 MAC layer: 1780 * All management frames (beacons, join, leave, and others) 1781 emission and reception must be disabled except for frames of 1782 subtype Action and Timing Advertisement (defined below). 1784 * No encryption key or method must be used. 1786 * Packet emission and reception must be performed as in ad-hoc 1787 mode, using the wildcard BSSID (ff:ff:ff:ff:ff:ff). 1789 * The functions related to joining a BSS (Association Request/ 1790 Response) and for authentication (Authentication Request/Reply, 1791 Challenge) are not called. 1793 * The beacon interval is always set to 0 (zero). 1795 * Timing Advertisement frames, defined in the amendment, should 1796 be supported. The upper layer should be able to trigger such 1797 frames emission and to retrieve information contained in 1798 received Timing Advertisements. 1800 Appendix D. Use of IPv6 over 802.11p for distribution of certificates 1802 Security of vehicular communications is one of the challenging tasks 1803 in the Intelligent Transport Systems. The adoption of security 1804 procedures becomes an indispensable feature that cannot be neglected 1805 when designing new protocols. One of the interesting use cases of 1806 transmitting IPv6 packets over IEEE 802.11p links is the distribution 1807 of certificates between road side infrastructure and the vehicule 1808 (Figure below). 1810 ########### 1811 # # 1812 # Server # 1813 #(backend)# 1814 # # 1815 ########### 1816 | 1817 | 1818 | <-- link (depending on the infrastructure) 1819 | 1820 | 1821 | 1822 | 1823 ########## ############# 1824 # # # # 1825 # RSU # - - - - - - - - - -# Router # 1826 # # 802.11p Link # in-vehicle# 1827 ########## ############# 1828 o o 1830 Many security mechanisms have been proposed for the vehicular 1831 environment, mechanisms often relying on public key algorithms. 1832 Public key algorithms necessitate a public key infrastructure (PKI) 1833 to distribute and revoke certificates. The server backend in the 1834 figure can play the role of a Certification Authority which will send 1835 certificates and revocation lists to the RSU which in turn 1836 retransmits certificates in messages directed to passing-by vehicles. 1837 The initiation distribution of certificates as IPv6 messages over 1838 802.11p links may be realized by WSA messages (WAVE Service 1839 Announcement, a non-IP message). The certificate is sent as an IPv6 1840 messages over a single-hop 802.11p link. 1842 Authors' Addresses 1844 Alexandre Petrescu 1845 CEA, LIST 1846 CEA Saclay 1847 Gif-sur-Yvette , Ile-de-France 91190 1848 France 1850 Phone: +33169089223 1851 Email: Alexandre.Petrescu@cea.fr 1853 Nabil Benamar 1854 Moulay Ismail University 1855 Morocco 1857 Phone: +212670832236 1858 Email: benamar73@gmail.com 1860 Jerome Haerri 1861 Eurecom 1862 Sophia-Antipolis 06904 1863 France 1865 Phone: +33493008134 1866 Email: Jerome.Haerri@eurecom.fr 1868 Christian Huitema 1869 Friday Harbor, WA 98250 1870 U.S.A. 1872 Email: huitema@huitema.net 1874 Jong-Hyouk Lee 1875 Sangmyung University 1876 31, Sangmyeongdae-gil, Dongnam-gu 1877 Cheonan 31066 1878 Republic of Korea 1880 Email: jonghyouk@smu.ac.kr 1881 Thierry Ernst 1882 YoGoKo 1883 France 1885 Email: thierry.ernst@yogoko.fr 1887 Tony Li 1888 Peloton Technology 1889 1060 La Avenida St. 1890 Mountain View, California 94043 1891 United States 1893 Phone: +16503957356 1894 Email: tony.li@tony.li