One document matched: draft-thubert-6lo-rfc6775-update-reqs-04.xml
<?xml version="1.0" encoding="ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY RFC2460 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2460.xml">
<!ENTITY RFC3610 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3610.xml">
<!ENTITY RFC3775 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3775.xml">
<!ENTITY RFC3963 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3963.xml">
<!ENTITY RFC3971 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3971.xml">
<!ENTITY RFC3972 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3972.xml">
<!ENTITY RFC4291 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4291.xml">
<!ENTITY RFC4389 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4389.xml">
<!ENTITY RFC4429 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4429.xml">
<!ENTITY RFC4443 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4443.xml">
<!ENTITY RFC4861 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4861.xml">
<!ENTITY RFC4862 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4862.xml">
<!ENTITY RFC4919 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4919.xml">
<!ENTITY RFC4944 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4944.xml">
<!ENTITY RFC6282 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6282.xml">
<!ENTITY RFC6275 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6275.xml">
<!ENTITY RFC6550 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6550.xml">
<!ENTITY RFC6655 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6655.xml">
<!ENTITY RFC6775 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6775.xml">
<!ENTITY RFC6830 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6830.xml">
<!ENTITY RFC7102 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7102.xml">
<!ENTITY I-D.van-beijnum-multi-mtu SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.van-beijnum-multi-mtu.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<rfc category="std" ipr="trust200902" docName="draft-thubert-6lo-rfc6775-update-reqs-04">
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<front>
<title abbrev="6775bis reqs">Requirements for an update to 6LoWPAN ND</title>
<author fullname="Pascal Thubert" initials="P" role="editor" surname="Thubert">
<organization abbrev="cisco">Cisco Systems, Inc</organization>
<address>
<postal>
<street>Building D</street>
<street>45 Allee des Ormes - BP1200 </street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>FRANCE</country>
</postal>
<phone>+33 497 23 26 34</phone>
<email>pthubert@cisco.com</email>
</address>
</author>
<date/>
<area>Internet</area>
<workgroup>6Lo</workgroup>
<abstract>
<t>
Work presented at the ROLL, 6lo, 6TiSCH and 6MAN Working Groups suggest
that enhancements to the 6LoWPAN ND mechanism are now needed.
This document elaborates on those requirements and suggests approaches
to serve them.
</t>
</abstract>
</front>
<middle>
<section anchor="introduction" title="Introduction">
<t>
A number of use cases, including the Industrial Internet, require a
large scale deployment of sensors that can not be realized with wires
and is only feasible over wireless
Low power and Lossy Network (LLN) technologies.
When simpler hub-and-spoke topologies are not sufficient for the
expected throughput and density, mesh networks must be deployed, which
implies the concepts of hosts and routers, whether operated at Layer-2
or Layer-3.
</t>
<t>
The IETF has designed the LLN host-to-router and router-to-router
protocol that supports address assignment and the router-to-router
protocol that supports reachability across Route-Over LLNs in different
Areas. It was clear for both efforts that the scalability requirements
could only be met with <xref target="RFC2460">IPv6</xref>, and there
is no fundamental contradiction between those protocols to that regard.
</t>
<t> While DHCPv6 is still a viable option in LLNs, the new IETF standard
that supports address assignment specifically for LLNs is 6LoWPAN ND, the
<xref target="RFC6775">Neighbor Discovery Optimization for Low-power and
Lossy Networks</xref>. 6LoWPAN ND was designed as a stand-alone mechanism
separately from its IETF routing counterpart, the <xref target="RFC6550">
IPv6 Routing Protocol for Low power and Lossy Networks</xref> (RPL), and
the interaction between the 2 protocols was not defined.
</t>
<t>The 6TiSCH WG is now considering an
<xref target="I-D.ietf-6tisch-architecture">architecture</xref> whereby a
6LowPAN ND host could connect to the Internet via a RPL
Network, but this requires additions to the protocol to support mobility
and reachability in a secured and manageable environment.
</t>
<t>
At the same time, new work at 6MAN on
<xref target="I-D.chakrabarti-nordmark-6man-efficient-nd">
Efficiency aware IPv6 Neighbor Discovery Optimizations</xref> suggests
that 6LoWPAN ND can be extended to other types of networks on top of the
Low power and Lossy Networks (LLNs) for which it was already defined.
The value of such extension is especially apparent in the case of mobile
wireless devices, to reduce the multicast operations that are related
to classical ND (<xref target="RFC4861"/>, <xref target="RFC4862"/>) and
plague the wireless medium. In this context also, there is a need for
additions to the protocol.
</t>
<t>The <xref target="RFC4429">Optimistic Duplicate Address Detection</xref>
(ODAD) specification details how an address can be used before a
Duplicate Address Detection (DAD) is complete, and insists that an
address that is TENTATIVE should not be associated to a Source Link-Layer
Address Option in a Neighbor Solicitation message. As we expect the
6LoWPAN ND protocol for a more general use, it can make sense to keep
respecting that rule, which is another change to the specification.
</t>
<t>
This document suggests a limited evolution to <xref target="RFC6775"/> so
as to allow operation of a 6LoWPAN ND node as a leaf in a RPL network.
It also suggests a more generalized use of the information in the ARO
option outside of the strict LLN domain, for instance over a converged
backbone.
</t>
</section>
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in <xref target="RFC2119"/>.</t>
<t>Readers are expected to be familiar with all the terms and concepts
that are discussed in <xref target="RFC4861">"Neighbor Discovery for
IP version 6"</xref>, <xref target="RFC4862">"IPv6 Stateless Address
Autoconfiguration"</xref>, <xref target="RFC4919">"IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions,
Problem Statement, and Goals"</xref>,
<xref target="RFC6775">Neighbor Discovery Optimization
for Low-power and Lossy Networks</xref> and <xref target="RFC4944">
"Transmission of IPv6 Packets over IEEE 802.15.4 Networks"</xref>.
</t>
<t>Additionally, this document uses terminology from <xref
target="I-D.ietf-6tisch-terminology">6TiSCH</xref> and <xref
target="RFC7102">ROLL</xref>.
</t>
</section>
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<!-- **************************************************************** -->
<section anchor='overview' title="Overview">
<t>
The <xref target="I-D.ietf-6tisch-architecture">6TiSCH architecture
</xref> expects that a 6LoWPAN device can connect as a
leaf to a RPL network, where the leaf support is the minimal
functionality to connect as a host to a RPL network without the need to
participate to the full routing protocol.
The support of leaf can be implemented as a minor increment
to 6LoWPAN ND, with the additional capability to carry a sequence number
that is used to track the movements of the device, and optionally
some information about the RPL topology that this device will join.
</t>
<t> The scope of the 6TiSCH Architecture is a Backbone Link that
federates multiple LLNs as a single IPv6 Multi-Link Subnet.
Each LLN in the subnet is anchored at a Backbone Router (6BBR).
The Backbone Routers interconnect the LLNs over the Backbone Link and
emulate that the LLN nodes are present on the Backbone by proxy-ND
operations. An LLN node can move freely from an LLN Route-Over
mesh anchored at a Backbone Router to another anchored at a same or a
different Backbone Router inside the Multi-Link Subnet and conserve its
addresses.
<figure anchor='figNetwork'
title="6TiSCH architecture">
<artwork><![CDATA[
---+------------------------
| Plant Network
|
+-----+
| | Gateway
| |
+-----+
|
| Backbone Link (with VLANs)
+--------------------+------------------+
| | |
+-----+ +-----+ +-----+
| | Backbone | | Backbone | | Backbone
| | router | | router | | router
+-----+ +-----+ +-----+
| | | | | |
0 0 0 0 0 (6LBR == RPL root)
o o o o o o o o o o o o o o
o o o o o o o o o o (6LR == RPL router)
o o o o o o o z
o o o o o z
RPL Instances (6LoWPAN Host == RPL leaf)
]]></artwork>
</figure>
</t>
<t>
The root of the RPL topology is logically separated from the 6BBR that
is used to connect the RPL topology to the backbone. The RPL root
can use Efficient ND as the interface to register an LLN node in
its topology to the 6BBR for whatever operation the 6BBR performs, such
as ND proxy operations, or injection in a routing protocol. It results
that, as illustrated in <xref target='figReg'/>, the periodic signaling
could start at the leaf node with 6LoWPAN ND, then would be carried
over RPL to the RPL root, and then with Efficient-ND to the 6BBR.
Efficient ND being an adaptation of 6LoWPAN ND, it makes sense to keep
those two homogeneous in the way they use the source and the target
addresses in the Neighbor Solicitation (NS) messages for registration,
as well as in the options that they use for that process.
<figure anchor='figReg' suppress-title='false'
title="(Re-)Registration Flow over Multi-Link Subnet">
<artwork><![CDATA[
6LoWPAN Node 6LR 6LBR 6BBR
(RPL leaf) (router) (root)
| | | |
| 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND
| LLN link |Route-Over mesh| IPv6 link | Backbone
| | | |
| NS(ARO) | | |
|-------------->| | |
| 6LoWPAN ND | DAR (then DAO)| |
| |-------------->| |
| | | NS(ARO) |
| | |-------------->|
| | | | DAD
| | | |------>
| | | |
| | | NA(ARO) |
| | |<--------------|
| | DAC | |
| |<--------------| |
| NA(ARO) | | |
|<--------------| | |
]]></artwork>
</figure>
</t><t>As the network builds up, a node should start as a
leaf to join the RPL network, and may later turn into both a RPL-capable
router and a 6LR, so as to accept leaf nodes
to recursively join the network.
</t>
<section anchor='leaf' title="RPL Leaf Support in 6LoWPAN ND">
<t>RPL needs a set of information in order to advertise
a leaf node through a DAO message and establish reachability.
</t><t>
At the bare minimum the leaf device must provide a sequence
number that matches the RPL specification in section 7.
<xref target="I-D.chakrabarti-nordmark-6man-efficient-nd"/>
section "4.1. Address Registration Option" (ARO)
already incorporates that addition with a new
field in the option called the Transaction ID.
</t><t>
If for some reason the node is aware of RPL topologies, then
providing the RPL InstanceID for the instances to which the
node wishes to participate would be a welcome addition.
In the absence of such information, the RPL router must
infer the proper instanceID from external rules and policies.
</t><t>
On the backbone, the InstanceID is expected to be mapped
onto a VLANID. Neither WiFi nor Efficient ND do provide a mapping
to VLANIDs, and it is unclear, when a wireless node attaches to a
backbone where VLANs are defined, which VLAN the wireless device
attaches to. Considering that a VLAN is effectively the IP link on
the backbone, adding the InstanceID to both specifications could be
a welcome addition.
</t>
</section>
<section anchor='gone' title="registration Failures Due to Movement">
<t>Registration to the 6LBR through DAR/DAC messages <xref target="RFC6775"/>
may percolate slowly through an LLN mesh, and it might happen that in
the meantime, the 6LoWPAN node moves and registers somewhere else. Both RPL
and 6LoWPAN ND lack the capability to indicate that the same node is
registered elsewhere, so as to invalidate states down the deprecated path.
</t><t> In its current expression and functionality,
6LoWPAN ND considers that the registration is used for the purpose of DAD
only as opposed to that of achieving reachability, and as long as the same
node registers the IPv6 address, the protocol is functional. In order to
act as a RPL leaf registration protocol and achieve reachability, the
device must use the same TID for all its concurrent registrations, and
registrations with a past TID should be declined. The state for an obsolete
registration in the 6LR, as well as the RPL routers on the way, should be
invalidated. This can only be achieved with the addition of a new Status in
the DAC message, and a new error/clean-up flow in RPL.
</t>
</section>
<section anchor='prox' title="Proxy registration">
<t>The 6BBR provides the capability to defend an address that is owned by
a 6LoWPAN Node, and attract packets to that address, whether it is done by
proxying ND over a MultiLink Subnet, redistributing the address in a routing
protocol or advertising it through an alternate proxy registration such as
<xref target="RFC6830">the Locator/ID Separation Protocol</xref> (LISP) or
<xref target="RFC6275">Mobility Support in IPv6</xref> (MIPv6). In a LLN,
it makes sense to piggyback the request to proxy/defend an address with its
registration.
</t>
</section>
<section anchor='source' title="Target Registration">
<t>
In their current incarnations, both 6LoWPAN ND and Efficient ND expect
that the address being registered is the source of the NS(ARO) message and
thus impose that a Source Link-Layer Address (SLLA) option be present in the
message.
In a mesh scenario where the 6LBR is physically separated from the 6LoWPAN
Node, the 6LBR does not own the address being registered. This suggests that
<xref target="I-D.chakrabarti-nordmark-6man-efficient-nd"/> should evolve to
register the Target of the NS message as opposed to the Source Address.
From another perspective, it may happen, in the use case of a Star topology,
that the 6LR, 6LBR and 6BBR are effectively collapsed and should support
6LoWPAN ND clients. The convergence of efficient ND and 6LoWPAN ND into a
single protocol is thus highly desirable.
</t><t>
In any case, as long as the DAD process is not complete for the address
used as source of the packet, it is against the current practice to advertise
the SLLA, since this may corrupt the ND cache of the destination node, as
discussed in the <xref target="RFC4429">Optimistic DAD specification</xref>
with regards to the TENTATIVE state.
</t><t>
This may look like a chicken and an egg problem, but in fact 6LoWPAN ND
acknowledges that the Link-Local Address that is based on an EUI-64 address
of a LLN node may be autoconfigured without the need for DAD.
It results that a node could use that Address as source, with an SSLA
option in the message if required, to register any other addresses, either
Global or Unique-Local Addresses, which would be indicated in the Target.
</t>
<!--
If the some use cases, the client, the 6LR and the 6LBR and BBR are collapsed in a single box, be it
because the LLN client is one hop away from the Backbone. The burden of the
DAD operation falls on the BBR that needs to perform classical DAD over the
backbone
This configuration
is favored in some Industrial solutions because it reduces the chances of
loss as well as the latencies that are inherent to meshing.
-->
<t>
The suggested change is to register the target of the NS message, and use
Target Link-Layer Address (TLLA) in the NS as opposed to the SLLA in order to
install a Neighbor Cache Entry. This would apply to both Efficient ND
and 6LoWPAN ND in a very same manner, with the caveat that depending on the
nature of the link between the 6LBR and the 6BBR, the 6LBR may resort to
classical ND or DHCPv6 to obtain the address that it uses to source the NS
registration messages, whether for itself or on behalf of LLN nodes.
</t>
</section>
<section anchor='Rroot' title="RPL root vs. 6LBR">
<t>6LoWPAN ND is unclear on how the 6LBR is discovered, and how the liveliness
of the 6LBR is asserted over time. On the other hand, the discovery
and liveliness of the RPL root are obtained through the RPL protocol.
</t><t>
When 6LoWPAN ND is coupled with RPL, it makes sense to collocate the 6LBR
and the RPL root functionalities. The DAR/DAC exchange becomes a
preamble to the DAO messages that are used from then on to reconfirm the
registration, thus eliminating a duplication of functionality between DAO
and DAR messages.
</t>
</section>
<section anchor='Sec' title="Securing the Registration">
<t>
A typical attack against IPv6 ND is address spoofing, whereby a rogue node
claims the IPv6 Address of another node in and hijacks its traffic.
</t><t>
<xref target="RFC3971">SEcure Neighbor Discovery (SEND)</xref> is designed to
protect each individual ND lookup/advertisement in a peer to peer model where
each lookup may be between different parties.
This is not the case in a 6LoWPAN ND LLN where, as illustrated in
<xref target='figReg'/>, the 6LBR terminates all the flows and may store
security information for later validation.
</t><t>
Additionally SEND requires considerably enlarged ND messages to carry
cryptographic material, and requires that each protected address is generated
cryptographically, which implies the computation of a different key for
each Cryptographically Generated Address (CGA). SEND as defined in
<xref target="RFC3971"/> is thus largely unsuitable for application in a LLN.
</t><t>
Once an Address is registered,
the 6LBR maintains a state for that Address and is in position to bind
securely the first registration with the Node that placed it, whether the
Address is CGA or not. It should thus be possible to protect the ownership of
all the addresses of a 6LoWPAN Node with a single key, and there should not
be a need to carry the cryptographic material more than once to the 6LBR.
</t><t>
The energy constraint is usually a foremost factor, and attention should be
paid to minimize the burden on the CPU. Hardware-assisted support of variants
of the <xref target="RFC3610">Counter with CBC-MAC</xref> (CCM) authenticated
encryption block cipher mode such as CCM* are common in LowPower ship-set
implementations, and 6LoWPAN ND security mechanism should be capable to
reuse them when applicable.
</t><t>
Finally, the code footprint in the device being also an issue, the capability
to reuse not only hardware-assist mechanisms but also software across layers
has to be considered. For instance, if code has to be present for upper-layer
operations, e.g <xref target="RFC6655">AES-CCM Cipher Suites for Transport
Layer Security (TLS)</xref>, then the capability to reuse that code should be
considered.
</t>
</section>
</section>
<!--
The potential ones I know of are:
- Handling host movement better by being able to determine the most recent ARO
- Working on link-layers and devices that do not use/have EUI-64 identifiers
- Removing the dependency (from the privacy discussion) on having a link-local address which corresponds to the EUI-64
- There are use cases where it it useful to proxy registrations. We probably want to have explicit support for this.
- Secure? What threats would we be concerned about? Do we need the same protections as one would get with SeND? Or would it be
sufficient to secure the binding between the unique id in the ARO and the host which sent it?
- Handle constrained devices on links that are not necessarily low power? (Currently the assumption is that all the devices on the link are constrained devices that perform ARO).
-->
<section anchor='Reqes' title="Requirements">
<section anchor='Req1' title="Requirements Related to Mobility">
<t>
Due to the nature of LLN networks, even a fixed 6LoWPAN Node may change its
point of attachment (a 6LR) and may not be able to notify the 6LR that it has
disconnected from. It results that the previous 6LR may still attract traffic
that it cannot deliver any more. When the 6LR changes, there is thus a need
to identify stale states and restore reachability timely.
</t><t>
Req1.1: Upon a change of point of attachment, connectivity via a new 6LR MUST be
restored timely without the need to de-register from the previous 6LR.
</t><t>
Req1.2: For that purpose, the protocol MUST enable to differentiate multiple
registrations from a same 6LoWPAN Node from two different 6LoWPAN Nodes
claiming a same address.
</t><t>
Req1.3: This information MUST be passed from the 6LR to the 6LBR, and the 6LBR SHOULD
be able to clean up the stale state asynchronously in the previous 6LR.
</t><t>
Req1.4: A 6LoWPAN Node SHOULD also be capable to register a same Address to multiple
6LRs, and this, concurrently.
</t>
</section>
<section anchor='Req1b' title="Requirements Related to Routing Protocols">
<t> The point of attachment of a 6LoWPAN Node may be a 6LR in an LLN mesh.
An LLN route-over mesh is typically based on RPL, which is the routing
protocol that was defined at the IETF for this particular purpose.
It derives that in this scenario, the 6LR would classically support RPL.
One goal is that a 6LoWPAN Node attached via ND to a RPL-capable 6LR would
not need to participate to the RPL protocol to obtain reachability via the
6LR. An additional goal would be to obtain reachability via other routing
protocols through a same ND-based abstraction.
</t><t>
Related requirements are:
</t><t>
Req2.1: The ND registration method SHOULD be extended in such a fashion that the 6LR
MAY advertise the Address of a 6LoWPAN Node over RPL and obtain reachability
to that Address over the RPL domain.
</t><t>
Req2.2: The Address Registration Option that is used in the ND registration
SHOULD be extended to carry enough information to generate a DAO
message as specified in <xref target="RFC6550"/> section 6.4, in particular
the capability to compute a DAOSequence and, as an option, a RPLInstanceID.
</t><t>
Req2.3: Depending on their applicability to LLNs, other standard mesh/MANET
protocols MAY be considered as well.
</t>
</section>
<section anchor='Req2' title="Requirements Related to the Variety of Low-Power Link types">
<t>
<xref target="RFC6775">6LoWPAN ND</xref> was defined with a focus on
IEEE802.15.4 and in particular the capability to derive a unique Identifier
from a globally unique MAC-64 address. At this point, the 6lo Working
Group is extending the <xref target="RFC6282">6LoWPAN Header Compression (HC)
</xref> technique to other link types
<xref target="I-D.brandt-6man-lowpanz">ITU-T G.9959</xref>,
<xref target="I-D.ietf-6lo-6lobac">Master-Slave/Token-Passing</xref>,
<xref target="I-D.ietf-6lo-dect-ule">DECT Ultra Low Energy</xref>,
<xref target="I-D.hong-6lo-ipv6-over-nfc">Near Field Communication</xref>,
as well as <xref target="I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks">
IEEE1901.2 Narrowband Powerline Communication Networks</xref> and
<xref target="I-D.ietf-6lo-btle">BLUETOOTH(R) Low Energy</xref>.
</t><t>
Related requirements are:
</t><t>
Req3.1: The support of the registration mechanism SHOULD be extended to more LLN
links, matching at least the links that are considered by 6lo as well as
other popular Low-Power links such as Low-Power Wi-Fi.
</t><t>
Req3.2: As part of this extension, a mechanism to compute a unique Identifier should
be provided, with the capability to form a Link-Local Address that can not
be a duplicate. The Identifier SHOULD be unique at least to the domain where
an Address formed by this device may be advertised through ND mechanisms.
</t><t>
Req3.3: The Address Registration Option used in the ND registration SHOULD be
extended to carry the relevant forms of unique Identifier.
</t>
</section>
<section anchor='Req3' title="Requirements Related to Proxy Operations">
<t>
Sleeping devices may not be able to answer themselves to a lookup from a node
that uses classical ND on a backbone and may need a proxy operation by a
6BBR. Additionally, the device may need to rely on the 6LBR to perform that
registration to the 6BBR.
</t><t>
Related requirements are:
</t><t>
Req4.1: The registration mechanism SHOULD enable a third party to proxy register
an Address on behalf of a 6LoWPAN node that may be sleeping or located
deeper in an LLN mesh.
</t>
</section>
<section anchor='Req4' title="Requirements Related to Security">
<t> In order to guarantee the operations of the 6LoWPAN ND flows, the
spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a node
successfully registers an address, 6LoWPAN ND should provide energy-efficient
means to protect that ownership even if the node is sleeping. In particular,
the 6LR and the 6LBR then should be able to verify whether a subsequent
registration for a same Address comes from a same node or is a duplicate.
</t><t>
Related requirements are:
</t><t>
Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for the
6LR, 6LBR and 6BBR to authenticate and authorize one another for their
respective roles, as well as with the 6LoWPAN Node for the role of 6LR.
</t><t>
Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for the 6LR
and the 6LBR to validate whether a new registration corresponds to a same
6LoWPAN Node, and, if not, determine the rightful owner, and deny or clean-up
the registration that is deemed in excess.
</t><t>
Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet sizes. In
particular, the NS, NA, DAR and DAC messages for a re-registration flow
SHOULD NOT exceed 80 octets so as to fit in a secured IEEE802.15.4 frame.
</t><t>
Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be computationally
intensive on the LoWPAN Node CPU. When a Key hash calculation is employed, a
mechanism lighter than SHA-1 SHOULD be preferred.
</t><t>
Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate SHOULD
be minimized.
</t><t>
Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable CCM* for use at both
Layer 2 and Layer 3, and SHOULD enable the reuse of security code that has to
be present on the device for upper layer security such as TLS.
</t><t>
Req5.7: Public key and signature sizes SHOULD be minimized while maintaining
adequate confidentiality and data origin authentication for multiple types
of applications with various degrees of criticality.
</t>
</section>
<section anchor='Req5' title="Requirements Related to Low-Power devices">
<t>
The ND registration method is designed to save energy on Low-Power devices,
and in particular enable duty-cycled devices that are sleeping most of the
time and not capable to defend their own Addresses against always-on devices.
</t><t>
Related requirements are:
</t><t>
Req6.1: The registration mechanism SHOULD be applicable to a Low-Power device
regardless of the link type, and enable a 6BBR to operate as a proxy to
defend the registered Addresses on its behalf.
</t>
</section>
</section>
<section anchor='changes' title="Suggested Changes to Protocol Elements">
<section anchor='NS' title="ND Neighbor Solicitation (NS)">
<t>The NS message used for registration should use a source address that
respects the rules in <xref target="RFC6775"/>, <xref target="RFC4861"/>,
and <xref target="RFC4429"/> for DAD. The SLLA Option may be present but
only if the address passed DAD, and it is used to allow the 6LR to respond
as opposed to as a registration mechanism.
</t><t>
The address that is being registered is the target address in the NS message
and the TLLA Option must be present.
</t>
</section>
<section anchor='RA' title="ND Router Advertisement (RA)">
<t>
<xref target="I-D.chakrabarti-nordmark-6man-efficient-nd"/> adds an 'E'
bit in the Router Advertisement flag, as well as a new Registrar Address
Option (RAO). These fields are probably pertinent to LLNs inclusion into a
revised 6LoWPAN ND should be studied. If the new 6LoWPAN flows require
a change of behaviour (e.g. registering the Target of the NS message) then
the RA must indicate that the router supports the new capability, and the NS
must indicate that the Target is registered as opposed to the Source in an
unequivocal fashion.
</t><t>
There is some amount of duplication between the options in the RPL DIO
<xref target="RFC6550"/> and the options in the ND RA messages.
At the same time, there are a number of
options, including the 6LoWPAN Context Option (6CO) <xref target="RFC6775"/>,
the MTU and the SLLA Options <xref target="RFC4861"/> that can only
be found in the RA messages. Considering that these options are useful for
a joining node, the recommendation would be to associate the RA messages to
the join beacon, and make them rare when the network is stable. On the other
hand, the DIO message is to be used as the propagated heartbeat of the RPL
network and provide the sense of time and liveliness.
</t><t>
RAs should also be issued and the information therein propagated when a
change occurs in the information therein, such as a router or a prefix
lifetime.
</t>
</section>
<section anchor='DIO' title="RPL DODAG Information Object (DIO)">
<t>If the RPL root serves as 6LBR, it makes sense to add at least a bit of
information in the DIO to signal so. A Registrar Address Option (RAO) may
also be considered for addition.
</t>
</section>
<section anchor='trackingmess' title="ND Enhanced Address Registration Option (EARO)">
<t> The ARO option contains a Unique ID that is supposed to identify the
device across multiple registrations. It is envisioned that the
device could form a single CGA-based Unique Interface ID (CUID) to securely
bind all of its addresses.
The CUID would be used as Unique Interface Identifier in the ARO option and
to form a Link-Local address that would be deemed unique regardless of the
Link type.
Provided that the relevant cryptographic material is passed to the 6LBR upon
the first registration or on-demand at a later time, the 6LBR can validate
that a Node is effectively the owner of a CUID, and ensure that the
ownership of an Address stays with the CUID that registered it first.
</t><t> This option is designed to be used with standard NS and NA messages
between backbone Routers as well as between nodes and 6LRs over the LLN and
between the 6LBR and the 6BBR over whatever IP link they use to communicate.
<figure anchor='EARO' title="EARO">
<artwork>
<![CDATA[
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Status | RPLInstanceID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Res|P|N| IDS |T| TID | Registration Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Unique Interface Identifier (variable length) ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork>
</figure>
</t>
<!--
TID: 1-byte integer; a transaction id that is maintained by the device
and incremented with each transaction.
it is recommended that the device maintains the TID in a persistent storage.
T flag: Set if the next octet is a TID.
N flag: Set if the device moved. If not set, the router will refrain from sending NA(O) after DAD in mixed mode.
The TID is really a sequence counter, and it is managed as described in section 7.2. Sequence Counter Operation of [RFC 6550]
-->
<t> The representation above is based on
<xref target="I-D.chakrabarti-nordmark-6man-efficient-nd"/>. Only the
proposed changes from that specification are discussed below but the
expectation is that 6LoWPAN ND and Efficient ND converge on the ARO
format.
<list style='hanging'>
<t hangText="Status:">8-bit integer. A new value of 3 is suggested to
indicate a rejection due to an obsolete TID, typically an indication of
a movement.
</t>
<t hangText="RPLInstanceID:">8-bit integer. This field is set to 0 when
unused. Otherwise it contains the RPLInstanceID for which this address
is registered, as specified in RPL <xref target="RFC6550"/>, and
discussed in particular in section 3.1.2.
</t>
<t hangText="P:">One bit flag.
When the bit is set, the address being registered is Target of the NS as
opposed to the Source, for instance to enable ND proxy operation.
</t>
<t hangText="N:">One bit flag. Set if the device moved.
If not set, the 6BBR will refrain from sending gratuitous NA(O) or other
form of distributed ND cache clean-up over the backbone.
For instance, the flag should be reset after the DAD operation upon
address formation.
</t>
</list>
</t>
</section>
</section>
<section title="Security Considerations">
<t>
This specification expects that the link layer is sufficiently protected,
either by means of physical or IP security for the Backbone Link or MAC
sublayer cryptography.
In particular, it is expected that the LLN MAC provides secure unicast
to/from the Backbone Router and secure broadcast from the Backbone Router
in a way that prevents tempering with or replaying the RA messages.
Still, <xref target='Req4'/> has a requirement for a mutual authentication
and authorization for a role for 6LRs, 6LBRs and 6BBRs.
</t><t>
This documents also suggests in <xref target='trackingmess'/> that a
6LoWPAN Node could form a single Unique Interface ID (CUID)
based on cryptographic techniques similar to CGA.
The CUID would be used as Unique Interface Identifier in the ARO option
and new Secure ND procedures would be proposed to use it as opposed to the
source IPv6 address to secure the binding between an Address and its
owning Node, and enforce First/Come-First/Serve at the 6LBR.
</t>
</section>
<section title="IANA Considerations">
<t>A new type is requested for an ND option.</t>
</section>
<section title="Acknowledgments">
<t>The author wishes acknowledge the contributions by Samita Chakrabarti, Erik Normark,
JP Vasseur, Eric Levy-Abegnoli, Patrick Wetterwald, Thomas Watteyne, and Behcet Sarikaya.</t>
</section>
</middle>
<back>
<references title='Normative References'>
&RFC2119;
&RFC2460;
&RFC3775;
&RFC4291;
&RFC4429;
&RFC4443;
&RFC4861;
&RFC4862;
&RFC4944;
&RFC6282;
&RFC6275;
&RFC6550;
&RFC6655;
&RFC6775;
&RFC6830;
</references>
<references title='Informative References'>
&RFC3610;
&RFC3963;
&RFC3971;
&RFC3972;
&RFC4389;
&RFC4919;
&RFC7102;
<?rfc include='reference.I-D.ietf-6tisch-terminology.xml'?>
<?rfc include='reference.I-D.ietf-6tisch-architecture.xml'?>
<?rfc include='reference.I-D.ietf-6lo-6lobac.xml'?>
<?rfc include='reference.I-D.ietf-6lo-dect-ule.xml'?>
<?rfc include='reference.I-D.hong-6lo-ipv6-over-nfc.xml'?>
<?rfc include='reference.I-D.ietf-6lo-btle.xml'?>
<?rfc include='reference.I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks.xml'?>
<?rfc include='reference.I-D.brandt-6man-lowpanz.xml'?>
<?rfc include='reference.I-D.chakrabarti-nordmark-6man-efficient-nd.xml'?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-21 08:51:25 |