idnits 2.17.1 draft-watteyne-6lo-minimal-fragment-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 16, 2018) is 2254 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6lo T. Watteyne, Ed. 3 Internet-Draft Analog Devices 4 Intended status: Informational C. Bormann 5 Expires: August 20, 2018 Universitaet Bremen TZI 6 P. Thubert 7 Cisco 8 February 16, 2018 10 LLN Minimal Fragment Forwarding 11 draft-watteyne-6lo-minimal-fragment-00 13 Abstract 15 This document gives an overview of LLN Minimal Fragment Forwarding. 16 When employing adaptation layer fragmentation in 6LoWPAN, it may be 17 beneficial for a forwarder not to have to reassemble each packet in 18 its entirety before forwarding it. This has been always possible 19 with the original fragmentation design of RFC4944. This document 20 details the Virtual Reassembly Buffer (VRB) implementation technique 21 which reduces the latency and increases end-to-end reliability in 22 route-over forwarding, and discusses its limits. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on August 20, 2018. 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Overview of 6LoWPAN Fragmentation . . . . . . . . . . . . . . 2 59 2. Limits of Per-Hop Fragmentation and Reassembly . . . . . . . 3 60 2.1. Latency . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 2.2. Memory Management and Reliability . . . . . . . . . . . . 4 62 3. Virtual Reassembly Buffer (VRB) Implementation . . . . . . . 4 63 4. Critique of VRB . . . . . . . . . . . . . . . . . . . . . . . 6 64 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 65 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 66 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 67 8. Informative References . . . . . . . . . . . . . . . . . . . 8 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 70 1. Overview of 6LoWPAN Fragmentation 72 6LoWPAN fragmentation is defined in [RFC4944]. Although [RFC6282] 73 updates [RFC4944], it does not redefine 6LoWPAN fragmentation. 75 We use Figure 1 to illustrate 6LoWPAN fragmentation. We assume node 76 A forwards a packet to node B, possibly as part of a multi-hop route 77 between IPv6 source and destination nodes which are neither A nor B. 79 +---+ +---+ 80 ... ---| A |-------------------->| B |--- ... 81 +---+ +---+ 82 # (frag. 5) 84 123456789 123456789 85 +---------+ +---------+ 86 | # ###| |### # | 87 +---------+ +---------+ 88 outgoing incoming 89 fragmentation reassembly 90 buffer buffer 92 Figure 1: Fragmentation at node A, reassembly at node B. 94 Node A starts by compacting the IPv6 packet using header compression 95 defined in [RFC6282]. If the resulting 6LoWPAN packet does not fit 96 into a single link-layer frame, node A's 6LoWPAN sublayer cuts it 97 into multiple 6LoWPAN fragments, which it transmits as separate link- 98 layer frames to node B. Node B's 6LoWPAN sublayer reassembles these 99 fragments, inflates the compressed header fields back to the original 100 IPv6 header, and hands over the full IPv6 packet to its IPv6 layer. 101 In Figure 1, node A has sent fragments 1, 2, 3, 5, 6 to node B, node 102 B has received fragments 1, 2, 3, 6 from node A, fragment 5 is still 103 being transmitted at the link layer from node A to node B. 105 A reassembly buffer for 6LoWPAN contains: 107 o datagram_size, 108 o datagram_tag and link-layer sender and receiver addresses (to 109 which the datagram_tag is local), 110 o actual packet data from the fragments received so far, in a form 111 that makes it possible to detect when the whole packet has been 112 received and can be processed or forwarded, 113 o a timer that allows discarding the partial packet after a timeout. 115 A fragmentation header is added to each fragment; it indicates what 116 portion of the packet that fragment corresponds to. Section 5.3 of 117 [RFC4944] defines the format of the header for the first and 118 subsequent fragments. All fragments are tagged with a 16-bit 119 "datagram_tag", used to identify which packet each fragment belongs 120 to. Each fragment can be uniquely identified by the source and 121 destination link-layer addresses of the frame that carries it, and 122 the datagram_tag. The value of the datagram_tag only needs to be 123 locally unique to nodes A and B. 125 Node B's typical behavior, per [RFC4944], is as follows. Upon 126 receiving a fragment from node A with a datagram_tag previously 127 unseen from node A, node B allocates a buffer large enough to hold 128 the entire packet. The length of the packet is indicated in each 129 fragment (the datagram_size field), so node B can allocate the buffer 130 even if the first fragment it receives is not fragment 1. As 131 fragments come in, node B fills the buffer. When all fragments have 132 been received, node B inflates the compressed header fields into an 133 IPv6 header, and hands the resulting IPv6 packet to the IPv6 layer. 135 This behavior typically results in per-hop fragmentation and 136 reassembly. That is, the packet is fully reassembled, then 137 (re)fragmented, at every hop. 139 2. Limits of Per-Hop Fragmentation and Reassembly 141 There are at least 2 limits to doing per-hop fragmentation and 142 reassembly: 144 2.1. Latency 146 When reassembling, a node needs to wait for all the fragments to be 147 received before being able to generate the IPv6 packet, and possibly 148 forward it to the next hop. This repeats at every hop. 150 This may result in increased end-to-end latency compared to the case 151 where each fragment would be forwarded without per-hop reassembly. 153 2.2. Memory Management and Reliability 155 Constrained nodes have limited memory. Assuming 1 kB reassembly 156 buffers, typical nodes only have enough memory for 1-3 reassembly 157 buffers. 159 Assuming the topology from Figure 2, where nodes A, B, C and D all 160 send packets through node E. We further assume that node E's memory 161 can only hold 3 reassembly buffers. 163 +---+ +---+ 164 ... --->| A |------>| B | 165 +---+ +---+\ 166 \ 167 +---+ +---+ 168 | E |--->| F | ... 169 +---+ +---+ 170 / 171 / 172 +---+ +---+ 173 ... --->| C |------>| D | 174 +---+ +---+ 176 Figure 2: Illustrating the Memory Management Issue. 178 When nodes A, B and C concurrently send fragmented packets, all 3 179 reassembly buffers in node E are occupied. If, at that moment, node 180 D also sends a fragmented packet, node E has no option but to drop 181 one of the packets, lowering end-to-end reliability. 183 3. Virtual Reassembly Buffer (VRB) Implementation 185 One implementation of 6LoWPAN fragmentation overcomes the limits 186 listed in Section 2. The idea is for a node to immediately 187 retransmit a fragment it receives, without fully reassembling the 188 packet. This idea was introduced in Section 2.5.2 of [BOOK]. That 189 is, a node may attempt to send out the data for a fragment in the 190 form of a forwarded fragment, as soon as all necessary information 191 for that is available. 193 Obviously, all fragments need to be sent with the same outgoing 194 address (otherwise a full reassembly implementation would discard the 195 fragments) and the same datagram_tag. 197 We use Figure 3 to illustrate VRB, and focus on the behavior of node 198 E. With VRB, node E maintains a VRB table which functions similarly 199 to a switching table: when receiving a fragment from node B with 200 datagram_tag=2, forward it to node F with datagram_tag=8. 202 +---+ +---+ 203 | A |----->| B | +-------------+-------------+ 204 +---+ #(5) +---+\ #(2) | incoming | outgoing | 205 \ +-------+-----+-------+-----+ 206 +---+ #(8) +---+ |L2 src | tag |L2 dest| tag | 207 | E |----->| F | +=======+=====+=======+=====+ 208 +---+ %(5) +---+ | B | 2 | F | 8 | 209 / | D | 2 | F | 5 | 210 / %(2) | empty | 211 +---+ %(1) +---+ | empty | 212 | C |----->| D | +-------+-----+-------+-----+ 213 +---+ +---+ Node E's VRB table. 215 Figure 3: Illustrating VRB. #(5) and %(1) are fragments from packets 216 coming from nodes A and C, with datagram_tag set to 5 and 1, 217 respectively. 219 The VRB table is initially empty. An implementation might have for 220 example pre-allocate memory for a VRB table with 4 entries (as in 221 Figure 3), initially cleared. 223 When node E receives fragment 1 from node B with datagram_tag=2, it 224 inspects the contents of the fragment and reads out the destination 225 IPv6 address. When it is not destined to it, node E identifies the 226 next hop to send this fragment to. It then creates an entry in the 227 VRB table which contains 4 fields: (1) the link-layer address of the 228 sender of the fragment it received, (2) the datagram_tag of the 229 fragment it received, (3) the link-layer address of the next hop, (4) 230 a datagram_tag for the fragments it will send. The latter 231 datagram_tag must be locally unique. 233 Any subsequent fragment that matches the "incoming" columns in the 234 node's VRB table are immediately forwarded using the information in 235 the "outgoing" columns. Note that, while this results in a behavior 236 similar to link-layer switching, what is really happening is that the 237 node has a virtual reassembly buffer. That is, it operates as if the 238 packet were reassembled and fragmented, without ever actually holding 239 a fully reassembled packet in memory. 241 Upon forwarding the last fragment of a packet, the VRB table entry 242 can be cleared, and reused for a future packet. If the last fragment 243 of a packet is dropped, the VRB table entry can be invalidated by 244 timeout. Its timeout value is set to a maximum of 60 seconds as the 245 reassembly timeout defined in [RFC4944]. 247 A simple implementation may do away with any attempt to keep packet 248 data in the virtual reassembly buffer. It then has to discard all 249 non-first fragments for which a reassembly buffer is not already 250 available (penalizing reordering, which however may be rare). 252 Note that the decision to do local processing of a packet needs to be 253 taken with the first fragment - such packets of course do need to be 254 fully reassembled (unless transport and application also can cope 255 with fragments, which they rarely can in the presence of security). 257 [RFC6282] defines the header compression format for 6LoWPAN. One 258 important impact of header compression is that the header is no 259 longer of a fixed length. In particular, changes made by a forwarder 260 may gain or lose the ability to use a more highly compressed variant, 261 changing the length of the header in the packet. 262 If the change increases the size, the maximum frame size may be 263 exceeded, leading to the need to re-fragment in the forwarder. This 264 is less of a problem with full reassembly, but with virtual 265 reassembly can lead to the need for sending an additional frame for 266 each packet. 268 The well-known approach to minimize the probability of this need is 269 for the original sender to put all slack in the frame sizes into the 270 _first_ packet, making this the smallest fragment and not the last 271 one as would be done in a naive implementation. (This also has other 272 consequences related to delivery probability, which are not discussed 273 here.) This makes sure an additional fragment only needs to be sent 274 if the header expansion during forwarding would have created an 275 additional fragment with full reassembly as well. 277 4. Critique of VRB 279 VRB overcomes the limits listed in Section 2. Nodes don't wait for 280 the last fragment before forwarding, reducing end-to-end latency. 281 Similarly, the memory footprint of VRB is just the VRB table, 282 reducing the packet drop probability significantly. 284 It is possible for a network to be composed of some nodes that 285 implement VRB, and others that don't. Nodes that do not implement 286 VRB reassemble the packet. 288 There are, however, limits: 290 Non-zero Packet Drop Probability: Each VRB table entry can be 12 B 291 (assuming 16-bit link-layer addresses). This is a footprint 2 292 orders of magnitude smaller compared to needing a 1280-byte 293 reassembly buffer for each packet. Yet, the size of the VRB 294 table necessarily remains finite. In the extreme case where a 295 node is required to concurrently forward more packets that it has 296 entries in its VRB table, packets are dropped. 297 No Fragment Recovery: There is no mechanism in VRB for the node that 298 reassembles a packet to request a single missing fragment. 299 Dropping a fragment requires the whole packet to be resent. This 300 causes unnecessary traffic, as fragments are forwarded even when 301 the destination node can never construct the original IPv6 302 packet. 303 No Per-Fragment Routing: All subsequent fragments follow the same 304 sequence of hops from the source to the destination node as 305 fragment 1. 307 The severity and occurrence of these limits depends on the link-layer 308 used. Whether these limits are acceptable depends entirely on the 309 requirements the application places on the network. 311 If the limits are both present and not accepted by the application, 312 future specifications may define new protocols to overcome these 313 limits. One example is [I-D.thubert-6lo-forwarding-fragments] which 314 defines a protocol which allows fragment recovery. 316 5. Security Considerations 318 An attacker can perform a DoS attack on a node implementing VRB by 319 generating a large number of bogus "fragment 1" fragments without 320 sending subsequent fragments. This causes the VRB table to fill up. 322 Secure joining and the link-layer security that it sets up protects 323 against those attacks from network outsiders. 325 6. IANA Considerations 327 No requests to IANA are made by this document. 329 7. Acknowledgments 331 The authors would like to thank Yasuyuki Tanaka for his in-depth 332 review of this document. 334 8. Informative References 336 [BOOK] Shelby, Z. and C. Bormann, "6LoWPAN", John Wiley & Sons, 337 Ltd monograph, DOI 10.1002/9780470686218, November 2009. 339 [I-D.thubert-6lo-forwarding-fragments] 340 Thubert, P. and J. Hui, "LLN Fragment Forwarding and 341 Recovery", draft-thubert-6lo-forwarding-fragments-08 (work 342 in progress), January 2018. 344 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, 345 "Transmission of IPv6 Packets over IEEE 802.15.4 346 Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007, 347 . 349 [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 350 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 351 DOI 10.17487/RFC6282, September 2011, 352 . 354 Authors' Addresses 356 Thomas Watteyne (editor) 357 Analog Devices 358 32990 Alvarado-Niles Road, Suite 910 359 Union City, CA 94587 360 USA 362 Email: thomas.watteyne@analog.com 364 Carsten Bormann 365 Universitaet Bremen TZI 366 Postfach 330440 367 Bremen D-28359 368 Germany 370 Email: cabo@tzi.org 372 Pascal Thubert 373 Cisco Systems, Inc 374 Building D 375 45 Allee des Ormes - BP1200 376 MOUGINS - Sophia Antipolis 06254 377 France 379 Email: pthubert@cisco.com