idnits 2.17.00 (12 Aug 2021) /tmp/idnits17168/draft-ietf-6lo-btle-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 25, 2015) is 2522 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'IPSP' == Outdated reference: draft-ietf-6man-default-iids has been published as RFC 8064 -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3633 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 4941 (Obsoleted by RFC 8981) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6Lo Working Group J. Nieminen 3 Internet-Draft T. Savolainen 4 Intended status: Standards Track M. Isomaki 5 Expires: December 27, 2015 Nokia 6 B. Patil 7 AT&T 8 Z. Shelby 9 Arm 10 C. Gomez 11 Universitat Politecnica de Catalunya/i2CAT 12 June 25, 2015 14 IPv6 over BLUETOOTH(R) Low Energy 15 draft-ietf-6lo-btle-14 17 Abstract 19 Bluetooth Smart is the brand name for the Bluetooth low energy 20 feature in the Bluetooth specification defined by the Bluetooth 21 Special Interest Group. The standard Bluetooth radio has been widely 22 implemented and available in mobile phones, notebook computers, audio 23 headsets and many other devices. The low power version of Bluetooth 24 is a specification that enables the use of this air interface with 25 devices such as sensors, smart meters, appliances, etc. The low 26 power variant of Bluetooth has been standardized since revision 4.0 27 of the Bluetooth specifications, although version 4.1 or newer is 28 required for IPv6. This document describes how IPv6 is transported 29 over Bluetooth low energy using IPv6 over Low-power Wireless Personal 30 Area Network (6LoWPAN) techniques. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on December 27, 2015. 49 Copyright Notice 51 Copyright (c) 2015 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.1. Terminology and Requirements Language . . . . . . . . . . 3 68 2. Bluetooth Low Energy . . . . . . . . . . . . . . . . . . . . 3 69 2.1. Bluetooth LE stack . . . . . . . . . . . . . . . . . . . 4 70 2.2. Link layer roles and topology . . . . . . . . . . . . . . 5 71 2.3. Bluetooth LE device addressing . . . . . . . . . . . . . 6 72 2.4. Bluetooth LE packet sizes and MTU . . . . . . . . . . . . 6 73 3. Specification of IPv6 over Bluetooth Low Energy . . . . . . . 6 74 3.1. Protocol stack . . . . . . . . . . . . . . . . . . . . . 7 75 3.2. Link model . . . . . . . . . . . . . . . . . . . . . . . 8 76 3.2.1. IPv6 Subnet Model . . . . . . . . . . . . . . . . . . 9 77 3.2.2. Stateless address autoconfiguration . . . . . . . . . 9 78 3.2.3. Neighbor discovery . . . . . . . . . . . . . . . . . 11 79 3.2.4. Header compression . . . . . . . . . . . . . . . . . 11 80 3.2.4.1. Remote destination example . . . . . . . . . . . 13 81 3.2.4.2. Example of registration of multiple-addresses . . 14 82 3.2.5. Unicast and Multicast address mapping . . . . . . . . 14 83 3.3. Subnets and Internet connectivity scenarios . . . . . . . 15 84 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 85 5. Security Considerations . . . . . . . . . . . . . . . . . . . 16 86 6. Additional contributors . . . . . . . . . . . . . . . . . . . 17 87 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 88 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 89 8.1. Normative References . . . . . . . . . . . . . . . . . . 17 90 8.2. Informative References . . . . . . . . . . . . . . . . . 18 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 93 1. Introduction 95 Bluetooth Smart is the brand name for the Bluetooth low energy 96 feature (hereinafter, Bluetooth LE) in the Bluetooth specification 97 defined by the Bluetooth Special Interest Group. Bluetooth LE is a 98 radio technology targeted for devices that operate with very low 99 capacity (e.g., coin cell) batteries or minimalistic power sources, 100 which means that low power consumption is essential. Bluetooth LE is 101 especially attractive technology for Internet of Things applications, 102 such as health monitors, environmental sensing, proximity 103 applications and many others. 105 Considering the potential for the exponential growth in the number of 106 sensors and Internet connected devices, IPv6 is an ideal protocol for 107 communication with such devices due to the large address space it 108 provides. In addition, IPv6 provides tools for stateless address 109 autoconfiguration, which is particularly suitable for sensor network 110 applications and nodes which have very limited processing power or 111 lack a full-fledged operating system. 113 This document describes how IPv6 is transported over Bluetooth LE 114 connections using IPv6 over Low power Wireless Personal Area Networks 115 (6LoWPAN) techniques. RFCs 4944, 6282, and 6775 116 [RFC4944][RFC6282][RFC6775] developed for 6LoWPAN specify the 117 transmission of IPv6 over IEEE 802.15.4 [fifteendotfour]. The 118 Bluetooth LE link in many respects has similar characteristics to 119 that of IEEE 802.15.4 and many of the mechanisms defined for the IPv6 120 over IEEE 802.15.4 can be applied to the transmission of IPv6 on 121 Bluetooth LE links. This document specifies the details of IPv6 122 transmission over Bluetooth LE links. 124 1.1. Terminology and Requirements Language 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 128 document are to be interpreted as described in RFC 2119 [RFC2119]. 130 The terms 6LoWPAN Node (6LN), 6LoWPAN Router (6LR) and 6LoWPAN Border 131 Router (6LBR) are defined as in [RFC6775], with an addition that 132 Bluetooth LE central and Bluetooth LE peripheral (see Section 2.2) 133 can both be either 6LN or 6LBR. 135 2. Bluetooth Low Energy 137 Bluetooth LE is designed for transferring small amounts of data 138 infrequently at modest data rates with a very small energy 139 expenditure per bit. Bluetooth Special Interest Group (Bluetooth 140 SIG) has introduced two trademarks, Bluetooth Smart for single-mode 141 devices (a device that only supports Bluetooth LE) and Bluetooth 142 Smart Ready for dual-mode devices (devices that support both 143 Bluetooth and Bluetooth LE; note that Bluetooth and Bluetooth LE are 144 different, non-interoperable radio technologies). In the rest of the 145 document, the term Bluetooth LE is used regardless of whether this 146 technology is supported by a single-mode or dual-mode device. 148 Bluetooth LE was introduced in Bluetooth 4.0, enhanced in Bluetooth 149 4.1 [BTCorev4.1], and developed even further in successive versions. 150 Bluetooth SIG has also published the Internet Protocol Support 151 Profile (IPSP) [IPSP], which includes the Internet Protocol Support 152 Service (IPSS). The IPSP enables discovery of IP-enabled devices and 153 establishment of a link layer connection for transporting IPv6 154 packets. IPv6 over Bluetooth LE is dependent on both Bluetooth 4.1 155 and IPSP 1.0 or more recent versions of either specification to 156 provide necessary capabilities. 158 Devices such as mobile phones, notebooks, tablets and other handheld 159 computing devices that incorporate chipsets implementing Bluetooth 160 4.1 or later will also have the low-energy functionality of 161 Bluetooth. Bluetooth LE is also expected to be included in many 162 different types of accessories that collaborate with mobile devices 163 such as phones, tablets and notebook computers. An example of a use 164 case for a Bluetooth LE accessory is a heart rate monitor that sends 165 data via the mobile phone to a server on the Internet. 167 2.1. Bluetooth LE stack 169 The lower layer of the Bluetooth LE stack consists of the Physical 170 (PHY), the Link Layer (LL), and a test interface called the Direct 171 Test Mode (DTM). The Physical Layer transmits and receives the 172 actual packets. The Link Layer is responsible for providing medium 173 access, connection establishment, error control and flow control. 174 The Direct Test Mode is only used for testing purposes. The upper 175 layer consists of the Logical Link Control and Adaptation Protocol 176 (L2CAP), Attribute Protocol (ATT), Security Manager (SM), Generic 177 Attribute Profile (GATT) and Generic Access Profile (GAP) as shown in 178 Figure 1. The Host Controller Interface (HCI) separates the lower 179 layers, often implemented in the Bluetooth controller, from higher 180 layers, often implemented in the host stack. GATT and Bluetooth LE 181 profiles together enable the creation of applications in a 182 standardized way without using IP. L2CAP provides multiplexing 183 capability by multiplexing the data channels from the above layers. 184 L2CAP also provides fragmentation and reassembly for large data 185 packets. The Security Manager defines a protocol and mechanisms for 186 pairing, key distribution and a security toolbox for the Bluetooth LE 187 device. 189 +-------------------------------------------------+ 190 | Applications | 191 +---------------------------------------+---------+ 192 | Generic Attribute Profile | Generic | 193 +--------------------+------------------+ Access | 194 | Attribute Protocol | Security Manager | Profile | 195 +--------------------+------------------+---------+ 196 | Logical Link Control and Adaptation Protocol | 197 - - -+-----------------------+-------------------------+- - - HCI 198 | Link Layer | Direct Test Mode | 199 +-------------------------------------------------+ 200 | Physical Layer | 201 +-------------------------------------------------+ 203 Figure 1: Bluetooth LE Protocol Stack 205 As shown in Section 3.1, IPv6 over Bluetooth LE requires an adapted 206 6LoWPAN layer which runs on top of Bluetooth LE L2CAP. 208 2.2. Link layer roles and topology 210 Bluetooth LE defines two GAP roles of relevance herein: the Bluetooth 211 LE central role and the Bluetooth LE peripheral role. A device in 212 the central role, which is called central from now on, has 213 traditionally been able to manage multiple simultaneous connections 214 with a number of devices in the peripheral role, called peripherals 215 from now on. A peripheral is commonly connected to a single central, 216 but with versions of Bluetooth from 4.1 onwards it can also connect 217 to multiple centrals at the same time. In this document for IPv6 218 networking purposes the Bluetooth LE network (i.e., a Bluetooth LE 219 piconet) follows a star topology shown in the Figure 2, where a 220 router typically implements the Bluetooth LE central role and the 221 rest of nodes implement the Bluetooth LE peripheral role. In the 222 future mesh networking and/or parallel connectivity to multiple 223 centrals at a time may be defined for IPv6 over Bluetooth LE. 225 Peripheral --. .-- Peripheral 226 \ / 227 Peripheral ---- Central ---- Peripheral 228 / \ 229 Peripheral --' '-- Peripheral 231 Figure 2: Bluetooth LE Star Topology 233 In Bluetooth LE, direct wireless communication only takes place 234 between a central and a peripheral. This means that inherently the 235 Bluetooth LE star represents a hub and spokes link model. 237 Nevertheless, two peripherals may communicate through the central by 238 using IP routing functionality per this specification. 240 2.3. Bluetooth LE device addressing 242 Every Bluetooth LE device is identified by a 48-bit device address. 243 The Bluetooth specification describes the device address of a 244 Bluetooth LE device as:"Devices are identified using a device 245 address. Device addresses may be either a public device address or a 246 random device address." [BTCorev4.1]. The public device addresses 247 are based on the IEEE 802-2001 standard [IEEE802-2001]. The random 248 device addresses are generated as defined in the Bluetooth 249 specification. New addresses are typically generated each time a 250 device is powered on. In random addresses all 48 bits are 251 randomized. Bluetooth LE does not support device address collision 252 avoidance or detection. However, these 48 bit random device 253 addresses have a very small probability of being in conflict within a 254 typical deployment. 256 2.4. Bluetooth LE packet sizes and MTU 258 The optimal MTU defined for L2CAP fixed channels over Bluetooth LE is 259 27 octets including the L2CAP header of 4 octets. The default MTU 260 for Bluetooth LE is hence defined to be 27 octets. Therefore, 261 excluding the L2CAP header of 4 octets, a protocol data unit (PDU) 262 size of 23 octets is available for upper layers. In order to be able 263 to transmit IPv6 packets of 1280 octets or larger, a link layer 264 fragmentation and reassembly solution is provided by the L2CAP layer. 265 The IPSP defines means for negotiating up a link layer connection 266 that provides an MTU of 1280 octets or higher for the IPv6 layer 267 [IPSP]. The link layer MTU is negotiated separately for each 268 direction. Implementations that require an equal link layer MTU for 269 the two directions SHALL use the smallest of the possibly different 270 MTU values. 272 3. Specification of IPv6 over Bluetooth Low Energy 274 Bluetooth LE technology sets strict requirements for low power 275 consumption and thus limits the allowed protocol overhead. 6LoWPAN 276 standards [RFC6775], and [RFC6282] provide useful functionality for 277 reducing overhead, which are applied to Bluetooth LE. This 278 functionality is comprised of link-local IPv6 addresses and stateless 279 IPv6 address autoconfiguration (see Section 3.2.2), Neighbor 280 Discovery (see Section 3.2.3), and header compression (see 281 Section 3.2.4). Fragmentation features from 6LoWPAN standards are 282 not used due to Bluetooth LE's link layer fragmentation support (see 283 Section 2.4). 285 A significant difference between IEEE 802.15.4 and Bluetooth LE is 286 that the former supports both star and mesh topologies (and requires 287 a routing protocol), whereas Bluetooth LE does not currently support 288 the formation of multihop networks at the link layer. However, 289 inter-peripheral communication through the central is enabled by 290 using IP routing functionality per this specification. 292 In Bluetooth LE a central node is assumed to be less resource 293 constrained than a peripheral node. Hence, in the primary deployment 294 scenario central and peripheral will act as 6LoWPAN Border Router 295 (6LBR) and a 6LoWPAN Node (6LN), respectively. 297 Before any IP-layer communications can take place over Bluetooth LE, 298 Bluetooth LE enabled nodes such as 6LNs and 6LBRs have to find each 299 other and establish a suitable link layer connection. The discovery 300 and Bluetooth LE connection setup procedures are documented by the 301 Bluetooth SIG in the IPSP specification [IPSP]. 303 In the rare case of Bluetooth LE random device address conflict, a 304 6LBR can detect multiple 6LNs with the same Bluetooth LE device 305 address, as well as a 6LN with the same Bluetooth LE address as the 306 6LBR. The 6LBR MUST ignore 6LNs with the same device address the 307 6LBR has, and the 6LBR MUST have at most one connection for a given 308 Bluetooth LE device address at any given moment. This will avoid 309 addressing conflicts within a Bluetooth LE network. 311 3.1. Protocol stack 313 Figure 3 illustrates how the IPv6 stack works in parallel to the GATT 314 stack on top of Bluetooth LE L2CAP layer. The GATT stack is needed 315 herein for discovering nodes supporting the Internet Protocol Support 316 Service. UDP and TCP are provided as examples of transport 317 protocols, but the stack can be used by any other upper layer 318 protocol capable of running atop of IPv6. 320 +---------+ +----------------------------+ 321 | IPSS | | UDP/TCP/other | 322 +---------+ +----------------------------+ 323 | GATT | | IPv6 | 324 +---------+ +----------------------------+ 325 | ATT | | 6LoWPAN for Bluetooth LE | 326 +---------+--+----------------------------+ 327 | Bluetooth LE L2CAP | 328 - - +-----------------------------------------+- - - HCI 329 | Bluetooth LE Link Layer | 330 +-----------------------------------------+ 331 | Bluetooth LE Physical | 332 +-----------------------------------------+ 334 Figure 3: IPv6 and IPSS on the Bluetooth LE Stack 336 3.2. Link model 338 The distinct concepts of the IPv6 link (layer 3) and the physical 339 link (combination of PHY and MAC) need to be clear and their 340 relationship has to be well understood in order to specify the 341 addressing scheme for transmitting IPv6 packets over the Bluetooth LE 342 link. RFC 4861 [RFC4861] defines a link as "a communication facility 343 or medium over which nodes can communicate at the link layer, i.e., 344 the layer immediately below IPv6." 346 In the case of Bluetooth LE, the 6LoWPAN layer is adapted to support 347 transmission of IPv6 packets over Bluetooth LE. The IPSP defines all 348 steps required for setting up the Bluetooth LE connection over which 349 6LoWPAN can function [IPSP], including handling the link layer 350 fragmentation required on Bluetooth LE, as described in Section 2.4. 351 Even though MTUs larger than 1280 octets can be supported, use of a 352 1280 octet MTU is RECOMMENDED in order to avoid need for Path MTU 353 discovery procedures. 355 While Bluetooth LE protocols, such as L2CAP, utilize little-endian 356 byte orderering, IPv6 packets MUST be transmitted in big endian order 357 (network byte order). 359 Per this specification, the IPv6 header compression format specified 360 in RFC 6282 MUST be used [RFC6282]. The IPv6 payload length can be 361 derived from the L2CAP header length and the possibly elided IPv6 362 address can be reconstructed from the link layer address, used at the 363 time of Bluetooth LE connection establishment, from the HCI 364 Connection Handle during connection, compression context if any, and 365 from address registration information (see Section 3.2.3). 367 Bluetooth LE connections used to build a star topology are point-to- 368 point in nature, as Bluetooth broadcast features are not used for 369 IPv6 over Bluetooth LE (except for discovery of nodes supporting 370 IPSS). After the peripheral and central have connected at the 371 Bluetooth LE level, the link can be considered up and IPv6 address 372 configuration and transmission can begin. 374 3.2.1. IPv6 Subnet Model 376 In the Bluetooth LE piconet model (see Section 2.2) peripherals each 377 have a separate link to the central and the central acts as an IPv6 378 router rather than a link layer switch. As discussed in [RFC4903], 379 conventional usage of IPv6 anticipates IPv6 subnets spanning a single 380 link at the link layer. As IPv6 over Bluetooth LE is intended for 381 constrained nodes, and for Internet of Things use cases and 382 environments, the complexity of implementing a separate subnet on 383 each peripheral-central link and routing between the subnets appears 384 to be excessive. In the Bluetooth LE case, the benefits of treating 385 the collection of point-to-point links between a central and its 386 connected peripherals as a single multilink subnet rather than a 387 multiplicity of separate subnets are considered to outweigh the 388 multilink model's drawbacks as described in [RFC4903]. 390 Hence a multilink model has been chosen, as further illustrated in 391 Section 3.3 Because of this, link-local multicast communications can 392 happen only within a single Bluetooth LE connection, and thus 6LN-to- 393 6LN communications using link-local addresses are not possible. 6LNs 394 connected to the same 6LBR have to communicate with each other by 395 using the shared prefix used on the subnet. The 6LBR ensures address 396 collisions do not occur (see Section 3.2.3) and forwards packets sent 397 by one 6LN to another. 399 3.2.2. Stateless address autoconfiguration 401 At network interface initialization, both 6LN and 6LBR SHALL generate 402 and assign to the Bluetooth LE network interface IPv6 link-local 403 addresses [RFC4862] based on the 48-bit Bluetooth device addresses 404 (see Section 2.3) that were used for establishing the underlying 405 Bluetooth LE connection. Following the guidance of [RFC7136], a 406 64-bit Interface Identifier (IID) is formed from the 48-bit Bluetooth 407 device address by inserting two octets, with hexadecimal values of 408 0xFF and 0xFE in the middle of the 48-bit Bluetooth device address as 409 shown in Figure 4. In the Figure letter 'b' represents a bit from 410 the Bluetooth device address, copied as is without any changes on any 411 bit. This means that no bit in the IID indicates whether the 412 underlying Bluetooth device address is public or random. 414 |0 1|1 3|3 4|4 6| 415 |0 5|6 1|2 7|8 3| 416 +----------------+----------------+----------------+----------------+ 417 |bbbbbbbbbbbbbbbb|bbbbbbbb11111111|11111110bbbbbbbb|bbbbbbbbbbbbbbbb| 418 +----------------+----------------+----------------+----------------+ 420 Figure 4: Formation of IID from Bluetooth device adddress 422 The IID is then prepended with the prefix fe80::/64, as described in 423 RFC 4291 [RFC4291] and as depicted in Figure 5. The same link-local 424 address SHALL be used for the lifetime of the Bluetooth LE L2CAP 425 channel. (After a Bluetooth LE logical link has been established, it 426 is referenced with a Connection Handle in HCI. Thus possibly 427 changing device addresses do not impact data flows within existing 428 L2CAP channels. Hence there is no need to change IPv6 link-local 429 addresses even if devices change their random device addresses during 430 L2CAP channel lifetime). 432 10 bits 54 bits 64 bits 433 +----------+-----------------+----------------------+ 434 |1111111010| zeros | Interface Identifier | 435 +----------+-----------------+----------------------+ 437 Figure 5: IPv6 link-local address in Bluetooth LE 439 A 6LN MUST join the all-nodes multicast address. There is no need 440 for 6LN to join the solicited-node multicast address, since 6LBR will 441 know device addresses and hence link-local addresses of all connected 442 6LNs. The 6LBR will ensure no two devices with the same Bluetooth LE 443 device address are connected at the same time. Detection of 444 duplicate link-local addresses is performed by the process on the 445 6LBR responsible for the discovery of IP-enabled Bluetooth LE nodes 446 and for starting Bluetooth LE connection establishment procedures. 447 This approach increases the complexity of 6LBR, but reduces power 448 consumption on both 6LN and 6LBR in the link establishment phase by 449 reducing the number of mandatory packet transmissions. 451 After link-local address configuration, the 6LN sends Router 452 Solicitation messages as described in [RFC4861] Section 6.3.7. 454 For non-link-local addresses a 64-bit IID MAY be formed by utilizing 455 the 48-bit Bluetooth device address. A 6LN can also use a randomly 456 generated IID (see Section 3.2.3), for example, as discussed in 457 [I-D.ietf-6man-default-iids], or use alternative schemes such as 458 Cryptographically Generated Addresses (CGA) [RFC3972], privacy 459 extensions [RFC4941], Hash-Based Addresses (HBA, [RFC5535]), or 460 DHCPv6 [RFC3315]. The non-link-local addresses that a 6LN generates 461 MUST be registered with the 6LBR as described in Section 3.2.3. 463 The tool for a 6LBR to obtain an IPv6 prefix for numbering the 464 Bluetooth LE network is out of scope of this document, but can be, 465 for example, accomplished via DHCPv6 Prefix Delegation [RFC3633] or 466 by using Unique Local IPv6 Unicast Addresses (ULA) [RFC4193]. Due to 467 the link model of the Bluetooth LE (see Section 3.2.1) the 6LBR MUST 468 set the "on-link" flag (L) to zero in the Prefix Information Option 469 in Neighbor Discovery messages[RFC4861] (see Section 3.2.2). This 470 will cause 6LNs to always send packets to the 6LBR, including the 471 case when the destination is another 6LN using the same prefix. 473 3.2.3. Neighbor discovery 475 'Neighbor Discovery Optimization for IPv6 over Low-Power Wireless 476 Personal Area Networks (6LoWPANs)' [RFC6775] describes the neighbor 477 discovery approach as adapted for use in several 6LoWPAN topologies, 478 including the mesh topology. Bluetooth LE does not support mesh 479 networks and hence only those aspects that apply to a star topology 480 are considered. 482 The following aspects of the Neighbor Discovery optimizations 483 [RFC6775] are applicable to Bluetooth LE 6LNs: 485 1. A Bluetooth LE 6LN MUST NOT register its link-local address. A 486 Bluetooth LE 6LN MUST register its non-link-local addresses with the 487 6LBR by sending a Neighbor Solicitation (NS) message with the Address 488 Registration Option (ARO) and process the Neighbor Advertisement (NA) 489 accordingly. The NS with the ARO option MUST be sent irrespective of 490 the method used to generate the IID. If the 6LN registers for a same 491 compression context multiple addresses that are not based on 492 Bluetooth device address, the header compression efficiency will 493 decrease (see Section 3.2.4). 495 2. For sending Router Solicitations and processing Router 496 Advertisements the Bluetooth LE 6LNs MUST, respectively, follow 497 Sections 5.3 and 5.4 of the [RFC6775]. 499 3.2.4. Header compression 501 Header compression as defined in RFC 6282 [RFC6282], which specifies 502 the compression format for IPv6 datagrams on top of IEEE 802.15.4, is 503 REQUIRED in this document as the basis for IPv6 header compression on 504 top of Bluetooth LE. All headers MUST be compressed according to RFC 505 6282 [RFC6282] encoding formats. 507 The Bluetooth LE's star topology structure and ARO can be exploited 508 in order to provide a mechanism for address compression. The 509 following text describes the principles of IPv6 address compression 510 on top of Bluetooth LE. 512 The ARO option requires use of an EUI-64 identifier [RFC6775]. In 513 the case of Bluetooth LE, the field SHALL be filled with the 48-bit 514 device address used by the Bluetooth LE node converted into 64-bit 515 Modified EUI-64 format [RFC4291]. 517 To enable efficient header compression, when the 6LBR sends a Router 518 Advertisement it MUST include a 6LoWPAN Context Option (6CO) 519 [RFC6775] matching each address prefix advertised via a Prefix 520 Information Option (PIO) [RFC4861] for use in stateless address 521 autoconfiguration. 523 When a 6LN is sending a packet to or through a 6LBR, it MUST fully 524 elide the source address if it is a link-local address. A non-link- 525 local source address 6LN has registered with ARO to the 6LBR for the 526 indicated prefix MUST be fully elided if the source address is the 527 latest address 6LN has registered for the indicated prefix. If a 528 source non-link-local address is not the latest registered, then the 529 64-bits of the IID SHALL be fully carried in-line (SAM=01) or if the 530 first 48-bits of the IID match with the latest registered address, 531 then the last 16-bits of the IID SHALL be carried in-line (SAM=10). 532 That is, if SAC=0 and SAM=11 the 6LN MUST be using the link-local 533 IPv6 address derived from Bluetooth LE device address, and if SAC=1 534 and SAM=11 the 6LN MUST have registered the source IPv6 address with 535 the prefix related to the compression context and the 6LN MUST be 536 referring to the latest registered address related to the compression 537 context. The IPv6 address MUST be considered to be registered only 538 after the 6LBR has sent a Neighbor Advertisement with an ARO having 539 its status field set to success. The destination IPv6 address MUST 540 be fully elided if the destination address is 6LBR's link-local- 541 address based on the 6LBR's Bluetooth device address (DAC=0, DAM=11). 542 The destination IPv6 address MUST be fully or partially elided if 543 context has been set up for the destination address. For example, 544 DAC=0 and DAM=01 when destination prefix is link-local, and DAC=1 and 545 DAM=01 if compression context has been configured for the destination 546 prefix used. 548 When a 6LBR is transmitting packets to a 6LN, it MUST fully elide the 549 source IID if the source IPv6 address is the link-local address based 550 on the 6LBR's Bluetooth device address (SAC=0, SAM=11), and it MUST 551 elide the source prefix or address if a compression context related 552 to the IPv6 source address has been set up. The 6LBR also MUST fully 553 elide the destination IPv6 address if it is the link-local-address 554 based on the 6LN's Bluetooth device address (DAC=0, DAM=11), or if 555 the destination address is the latest registered by the 6LN with ARO 556 for the indicated context (DAC=1, DAM=11). If the destination 557 address is a non-link-local address and not the latest registered, 558 then the 6LN MUST either include the IID part fully in-line (DAM=01) 559 or, if the first 48-bits of the IID match to the latest registered 560 address, then elide those 48-bits (DAM=10). 562 3.2.4.1. Remote destination example 564 When a 6LN transmits an IPv6 packet to a remote destination using 565 global Unicast IPv6 addresses, if a context is defined for the 6LN's 566 global IPv6 address, the 6LN has to indicate this context in the 567 corresponding source fields of the compressed IPv6 header as per 568 Section 3.1 of RFC 6282 [RFC6282], and has to elide the full IPv6 569 source address previously registered with ARO (if using the latest 570 registered address, otherwise part or all of the IID may have to be 571 transmitted in-line). For this, the 6LN MUST use the following 572 settings in the IPv6 compressed header: SAC=1 and SAM=11. The CID 573 may be set 0 or 1, depending on which context is used. In this case, 574 the 6LBR can infer the elided IPv6 source address since 1) the 6LBR 575 has previously assigned the prefix to the 6LNs; and 2) the 6LBR 576 maintains a Neighbor Cache that relates the Device Address and the 577 IID the device has registered with ARO. If a context is defined for 578 the IPv6 destination address, the 6LN has to also indicate this 579 context in the corresponding destination fields of the compressed 580 IPv6 header, and elide the prefix of or the full destination IPv6 581 address. For this, the 6LN MUST set the DAM field of the compressed 582 IPv6 header as DAM=01 (if the context covers a 64-bit prefix) or as 583 DAM=11 (if the context covers a full, 128-bit address). DAC MUST be 584 set to 1. Note that when a context is defined for the IPv6 585 destination address, the 6LBR can infer the elided destination prefix 586 by using the context. 588 When a 6LBR receives an IPv6 packet sent by a remote node outside the 589 Bluetooth LE network, and the destination of the packet is a 6LN, if 590 a context is defined for the prefix of the 6LN's global IPv6 address, 591 the 6LBR has to indicate this context in the corresponding 592 destination fields of the compressed IPv6 header. The 6LBR has to 593 elide the IPv6 destination address of the packet before forwarding 594 it, if the IPv6 destination address is inferable by the 6LN. For 595 this, the 6LBR will set the DAM field of the IPv6 compressed header 596 as DAM=11 (if the address is the latest 6LN has registered). DAC 597 needs to be set to 1. If a context is defined for the IPv6 source 598 address, the 6LBR needs to indicate this context in the source fields 599 of the compressed IPv6 header, and elide that prefix as well. For 600 this, the 6LBR needs to set the SAM field of the IPv6 compressed 601 header as SAM=01 (if the context covers a 64-bit prefix) or SAM=11 602 (if the context covers a full, 128-bit address). SAC is to be set to 603 1. 605 3.2.4.2. Example of registration of multiple-addresses 607 As described above, a 6LN can register multiple non-link-local 608 addresses that map to a same compression context. From the multiple 609 address registered, only the latest address can be fully elided 610 (SAM=11, DAM=11), and the IIDs of previously registered addresses 611 have to be transmitted fully in-line (SAM=01, DAM=01) or in the best 612 case can be partially elided (SAM=10, DAM=10). This is illustred in 613 an example below. 615 1) A 6LN registers first address 2001:db8::1111:2222:3333:4444 to a 616 6LBR. At this point the address can be fully elided using SAC=1/ 617 SAM=11 or DAC=1/DAM=11. 619 2) The 6LN registers second address 2001:db8::1111:2222:3333:5555 to 620 the 6LBR. As the second address is now the latest registered, it can 621 be fully elided using SAC=1/SAM=11 or DAC=1/DAM=11. The first 622 address can now be partially elided using SAC=1/SAM=10 or DAC=1/ 623 DAM=10, as the first 112 bits of the address are the same between the 624 first and the second registered addresses. 626 3) Expiration of registration time for the first or the second 627 address has no impact on the compression. Hence even if most 628 recently registered address expires, the first address can only be 629 partially elided (SAC=1/SAM=10, DAC=1/DAM=10). The 6LN can register 630 a new address, or re-register an expired address, to become able to 631 again fully elide an address. 633 3.2.5. Unicast and Multicast address mapping 635 The Bluetooth LE link layer does not support multicast. Hence 636 traffic is always unicast between two Bluetooth LE nodes. Even in 637 the case where a 6LBR is attached to multiple 6LNs, the 6LBR cannot 638 do a multicast to all the connected 6LNs. If the 6LBR needs to send 639 a multicast packet to all its 6LNs, it has to replicate the packet 640 and unicast it on each link. However, this may not be energy- 641 efficient and particular care must be taken if the central is 642 battery-powered. In the opposite direction, a 6LN always has to send 643 packets to or through 6LBR. Hence, when a 6LN needs to transmit an 644 IPv6 multicast packet, the 6LN will unicast the corresponding 645 Bluetooth LE packet to the 6LBR. 647 3.3. Subnets and Internet connectivity scenarios 649 In a typical scenario, the Bluetooth LE network is connected to the 650 Internet as shown in the Figure 6. In this scenario, the Bluetooth 651 LE star is deployed as one subnet, using one /64 IPv6 prefix, with 652 each spoke representing individual link. The 6LBR is acting as 653 router and forwarding packets between 6LNs and to and from Internet. 655 / 656 .---------------. / 657 / 6LN \ / 658 / \ \ / 659 | \ | / 660 | 6LN ----------- 6LBR ----- | Internet 661 | <--Link--> / | \ 662 \ / / \ 663 \ 6LN / \ 664 '---------------' \ 665 \ 667 <------ Subnet -----><-- IPv6 connection --> 668 to Internet 670 Figure 6: Bluetooth LE network connected to the Internet 672 In some scenarios, the Bluetooth LE network may transiently or 673 permanently be an isolated network as shown in the Figure 7. In this 674 case the whole star consist of a single subnet with multiple links, 675 where 6LBR is at central routing packets between 6LNs. 677 .-------------------. 678 / \ 679 / 6LN 6LN \ 680 / \ / \ 681 | \ / | 682 | 6LN --- 6LBR --- 6LN | 683 | / \ | 684 \ / \ / 685 \ 6LN 6LN / 686 \ / 687 '-------------------' 688 <--------- Subnet ----------> 690 Figure 7: Isolated Bluetooth LE network 692 It is also possible to have point-to-point connection between two 693 6LNs, one of which being central and another being peripheral. 694 Similarly, it is possible to have point-to-point connections between 695 two 6LBRs, one of which being central and another being peripheral. 697 At this point in time mesh networking with Bluetooth LE is not 698 specified. 700 4. IANA Considerations 702 There are no IANA considerations related to this document. 704 5. Security Considerations 706 The transmission of IPv6 over Bluetooth LE links has similar 707 requirements and concerns for security as for IEEE 802.15.4. 708 Bluetooth LE Link Layer security considerations are covered by the 709 IPSP [IPSP]. 711 Bluetooth LE Link Layer supports encryption and authentication by 712 using the Counter with CBC-MAC (CCM) mechanism [RFC3610] and a 713 128-bit AES block cipher. Upper layer security mechanisms may 714 exploit this functionality when it is available. (Note: CCM does not 715 consume octets from the maximum per-packet L2CAP data size, since the 716 link layer data unit has a specific field for them when they are 717 used.) 719 Key management in Bluetooth LE is provided by the Security Manager 720 Protocol (SMP), as defined in [BTCorev4.1]. 722 The Direct Test Mode offers two setup alternatives: with and without 723 accessible HCI. In designs with accessible HCI, the so called upper 724 tester communicates through the HCI (which may be supported by UART, 725 USB and Secure Digital transports), with the Physical and Link Layers 726 of the Bluetooth LE device under test. In designs without accessible 727 HCI, the upper tester communicates with the device under test through 728 a two-wire UART interface. The Bluetooth specification does not 729 provide security mechanisms for the communication between the upper 730 tester and the device under test in either case. Nevertheless, an 731 attacker needs to physically connect a device (via one of the wired 732 HCI types) to the device under test to be able to interact with the 733 latter. 735 The IPv6 link-local address configuration described in Section 3.2.2 736 strictly binds the privacy level of IPv6 link-local address to the 737 privacy level device has selected for the Bluetooth LE. This means 738 that a device using Bluetooth privacy features will retain the same 739 level of privacy with generated IPv6 link-local addresses. 741 Respectively, device not using privacy at Bluetooth level will not 742 have privacy at IPv6 link-local address either. For non-link local 743 addresses implementations have a choice to support, for example, 744 [I-D.ietf-6man-default-iids], [RFC3972], [RFC4941] or [RFC5535]. 746 A malicious 6LN may attempt to perform a denial of service attacks on 747 the Bluetooth LE network, for example, by flooding packets. This 748 sort of attack is mitigated by the fact that link-local multicast is 749 not bridged between Bluetooth LE links and by 6LBR being able to rate 750 limit packets sent by each 6LN by making smart use of Bluetooth LE 751 L2CAP credit-based flow control mechanism. 753 6. Additional contributors 755 Kanji Kerai, Jari Mutikainen, David Canfeng-Chen and Minjun Xi from 756 Nokia have contributed significantly to this document. 758 7. Acknowledgements 760 The Bluetooth, Bluetooth Smart and Bluetooth Smart Ready marks are 761 registred trademarks owned by Bluetooth SIG, Inc. 763 Samita Chakrabarti, Brian Haberman, Marcel De Kogel, Jouni Korhonen, 764 Erik Nordmark, Erik Rivard, Dave Thaler, Pascal Thubert, Xavi 765 Vilajosana and Victor Zhodzishsky have provided valuable feedback for 766 this draft. 768 Authors would like to give special acknowledgements for Krishna 769 Shingala, Frank Berntsen, and Bluetooth SIG's Internet Working Group 770 for providing significant feedback and improvement proposals for this 771 document. 773 8. References 775 8.1. Normative References 777 [BTCorev4.1] 778 Bluetooth Special Interest Group, "Bluetooth Core 779 Specification Version 4.1", December 2013, 780 . 783 [IPSP] Bluetooth Special Interest Group, "Bluetooth Internet 784 Protocol Support Profile Specification Version 1.0.0", 785 December 2014, . 788 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 789 Requirement Levels", BCP 14, RFC 2119, March 1997. 791 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 792 Architecture", RFC 4291, February 2006. 794 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 795 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 796 September 2007. 798 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 799 Address Autoconfiguration", RFC 4862, September 2007. 801 [RFC6282] Hui, J. and P. Thubert, "Compression Format for IPv6 802 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 803 September 2011. 805 [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann, 806 "Neighbor Discovery Optimization for IPv6 over Low-Power 807 Wireless Personal Area Networks (6LoWPANs)", RFC 6775, 808 November 2012. 810 [RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6 811 Interface Identifiers", RFC 7136, February 2014. 813 8.2. Informative References 815 [fifteendotfour] 816 IEEE Computer Society, "IEEE Std. 802.15.4-2011 IEEE 817 Standard for Local and metropolitan area networks--Part 818 15.4: Low-Rate Wireless Personal Area Networks (LR- 819 WPANs)", June 2011. 821 [I-D.ietf-6man-default-iids] 822 Gont, F., Cooper, A., Thaler, D., and S. LIU, 823 "Recommendation on Stable IPv6 Interface Identifiers", 824 draft-ietf-6man-default-iids-03 (work in progress), May 825 2015. 827 [IEEE802-2001] 828 Institute of Electrical and Electronics Engineers (IEEE), 829 "IEEE 802-2001 Standard for Local and Metropolitan Area 830 Networks: Overview and Architecture", 2002. 832 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 833 and M. Carney, "Dynamic Host Configuration Protocol for 834 IPv6 (DHCPv6)", RFC 3315, July 2003. 836 [RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with 837 CBC-MAC (CCM)", RFC 3610, September 2003. 839 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 840 Host Configuration Protocol (DHCP) version 6", RFC 3633, 841 December 2003. 843 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 844 RFC 3972, March 2005. 846 [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 847 Addresses", RFC 4193, October 2005. 849 [RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903, June 850 2007. 852 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 853 Extensions for Stateless Address Autoconfiguration in 854 IPv6", RFC 4941, September 2007. 856 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, 857 "Transmission of IPv6 Packets over IEEE 802.15.4 858 Networks", RFC 4944, September 2007. 860 [RFC5535] Bagnulo, M., "Hash-Based Addresses (HBA)", RFC 5535, June 861 2009. 863 Authors' Addresses 865 Johanna Nieminen 866 Nokia 868 Email: johannamaria.nieminen@gmail.com 870 Teemu Savolainen 871 Nokia 872 Visiokatu 3 873 Tampere 33720 874 Finland 876 Email: teemu.savolainen@nokia.com 877 Markus Isomaki 878 Nokia 879 Otaniementie 19 880 Espoo 02150 881 Finland 883 Email: markus.isomaki@nokia.com 885 Basavaraj Patil 886 AT&T 887 1410 E. Renner Road 888 Richardson, TX 75082 889 USA 891 Email: basavaraj.patil@att.com 893 Zach Shelby 894 Arm 895 Hallituskatu 13-17D 896 Oulu 90100 897 Finland 899 Email: zach.shelby@arm.com 901 Carles Gomez 902 Universitat Politecnica de Catalunya/i2CAT 903 C/Esteve Terradas, 7 904 Castelldefels 08860 905 Spain 907 Email: carlesgo@entel.upc.edu