idnits 2.17.00 (12 Aug 2021) /tmp/idnits3937/draft-ietf-roll-useofrplinfo-21.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 212 has weird spacing: '... act chg ...' == Line 247 has weird spacing: '... act chg ...' == Line 1746 has weird spacing: '... act chg ...' -- The document date (February 10, 2018) is 1561 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCXXXX' is mentioned on line 1749, but not defined == Outdated reference: draft-ietf-6lo-backbone-router has been published as RFC 8929 == Outdated reference: draft-ietf-6man-rfc6434-bis has been published as RFC 8504 == Outdated reference: draft-ietf-anima-autonomic-control-plane has been published as RFC 8994 == Outdated reference: draft-ietf-anima-bootstrapping-keyinfra has been published as RFC 8995 Summary: 0 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL Working Group M. Robles 3 Internet-Draft Ericsson 4 Updates: 6553, 6550, 8138 (if approved) M. Richardson 5 Intended status: Standards Track SSW 6 Expires: August 14, 2018 P. Thubert 7 Cisco 8 February 10, 2018 10 When to use RFC 6553, 6554 and IPv6-in-IPv6 11 draft-ietf-roll-useofrplinfo-21 13 Abstract 15 This document looks at different data flows through LLN (Low-Power 16 and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power 17 and Lossy Networks) is used to establish routing. The document 18 enumerates the cases where RFC 6553, RFC 6554 and IPv6-in-IPv6 19 encapsulation is required. This analysis provides the basis on which 20 to design efficient compression of these headers. This document 21 updates RFC 6553 adding a change to the RPL Option Type. 22 Additionally, this document updates RFC 6550 to indicate about this 23 change and updates RFC8138 as well to consider the new Option Type 24 when RPL Option is decompressed. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on August 14, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Terminology and Requirements Language . . . . . . . . . . . . 4 62 2.1. hop-by-hop IPv6-in-IPv6 headers . . . . . . . . . . . . . 5 63 3. Updates to RFC6553, RFC6550 and RFC 8138 . . . . . . . . . . 5 64 3.1. Updates to RFC 6553 . . . . . . . . . . . . . . . . . . . 5 65 3.2. Updates to RFC 8138 . . . . . . . . . . . . . . . . . . . 6 66 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 67 Configuration Option Flag. . . . . . . . . . . . . . . . 7 68 4. Sample/reference topology . . . . . . . . . . . . . . . . . . 8 69 5. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 11 70 6. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 13 71 6.1. Storing Mode: Interaction between Leaf and Root . . . . . 14 72 6.1.1. SM: Example of Flow from RPL-aware-leaf to root . . . 15 73 6.1.2. SM: Example of Flow from root to RPL-aware-leaf . . . 16 74 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf . 16 75 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root . 17 76 6.2. Storing Mode: Interaction between Leaf and Internet . . . 18 77 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet . 18 78 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf . 18 79 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to 80 Internet . . . . . . . . . . . . . . . . . . . . . . 19 81 6.2.4. SM: Example of Flow from Internet to non-RPL-aware- 82 leaf . . . . . . . . . . . . . . . . . . . . . . . . 20 83 6.3. Storing Mode: Interaction between Leaf and Leaf . . . . . 21 84 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware- 85 leaf . . . . . . . . . . . . . . . . . . . . . . . . 21 86 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL- 87 aware-leaf . . . . . . . . . . . . . . . . . . . . . 22 88 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL- 89 aware-leaf . . . . . . . . . . . . . . . . . . . . . 23 90 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not- 91 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 24 92 7. Non Storing mode . . . . . . . . . . . . . . . . . . . . . . 25 93 7.1. Non-Storing Mode: Interaction between Leaf and Root . . . 26 94 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root . 27 95 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf . 27 96 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware- 97 leaf . . . . . . . . . . . . . . . . . . . . . . . . 28 98 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 99 root . . . . . . . . . . . . . . . . . . . . . . . . 29 100 7.2. Non-Storing Mode: Interaction between Leaf and Internet . 30 101 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to 102 Internet . . . . . . . . . . . . . . . . . . . . . . 30 103 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware- 104 leaf . . . . . . . . . . . . . . . . . . . . . . . . 31 105 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 106 Internet . . . . . . . . . . . . . . . . . . . . . . 32 107 7.2.4. Non-SM: Example of Flow from Internet to not-RPL- 108 aware-leaf . . . . . . . . . . . . . . . . . . . . . 33 109 7.3. Non-Storing Mode: Interaction between Leafs . . . . . . . 34 110 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL- 111 aware-leaf . . . . . . . . . . . . . . . . . . . . . 34 112 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not- 113 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 36 114 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 115 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 37 116 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 117 not-RPL-aware-leaf . . . . . . . . . . . . . . . . . 38 118 8. Observations about the cases . . . . . . . . . . . . . . . . 38 119 8.1. Storing mode . . . . . . . . . . . . . . . . . . . . . . 38 120 8.2. Non-Storing mode . . . . . . . . . . . . . . . . . . . . 39 121 9. 6LoRH Compression cases . . . . . . . . . . . . . . . . . . . 39 122 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 123 11. Security Considerations . . . . . . . . . . . . . . . . . . . 40 124 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43 125 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 126 13.1. Normative References . . . . . . . . . . . . . . . . . . 43 127 13.2. Informative References . . . . . . . . . . . . . . . . . 44 128 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 130 1. Introduction 132 RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) 133 [RFC6550] is a routing protocol for constrained networks. RFC 6553 134 [RFC6553] defines the "RPL option" (RPI), carried within the IPv6 135 Hop-by-Hop header to quickly identify inconsistencies (loops) in the 136 routing topology. RFC 6554 [RFC6554] defines the "RPL Source Route 137 Header" (RH3), an IPv6 Extension Header to deliver datagrams within a 138 RPL routing domain, particularly in non-storing mode. 140 These various items are referred to as RPL artifacts, and they are 141 seen on all of the data-plane traffic that occurs in RPL routed 142 networks; they do not in general appear on the RPL control plane 143 traffic at all which is mostly hop-by-hop traffic (one exception 144 being DAO messages in non-storing mode). 146 It has become clear from attempts to do multi-vendor 147 interoperability, and from a desire to compress as many of the above 148 artifacts as possible that not all implementors agree when artifacts 149 are necessary, or when they can be safely omitted, or removed. 151 An interim meeting went through the 24 cases defined here to discover 152 if there were any shortcuts, and this document is the result of that 153 discussion. This document clarifies what is the correct and the 154 incorrect behaviour. 156 The related document A Routing Header Dispatch for 6LoWPAN (6LoRH) 157 [RFC8138] defines a method to compress RPL Option information and 158 Routing Header type 3 [RFC6554], an efficient IP-in-IP technique, and 159 use cases proposed for the [Second6TischPlugtest] involving 6loRH. 161 2. Terminology and Requirements Language 163 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 164 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 165 document are to be interpreted as described in RFC 2119 [RFC2119]. 167 Terminology defined in [RFC7102] applies to this document: LBR, LLN, 168 RPL, RPL Domain and ROLL. 170 RPL-node: A device which implements RPL, thus we can say that the 171 device is RPL-capable or RPL-aware. Please note that the device can 172 be found inside the LLN or outside LLN. In this document a RPL-node 173 which is a leaf of a DODAG is called RPL-aware-leaf. 175 RPL-not-capable: A device which does not implement RPL, thus we can 176 say that the device is not-RPL-aware. Please note that the device 177 can be found inside the LLN. In this document a not-RPL-aware node 178 which is a leaf of a DODAG is called not-RPL-aware-leaf. 180 pledge: a new device which seeks admission to a network. (from 181 [I-D.ietf-anima-bootstrapping-keyinfra]) 183 Join Registrar and Coordinator (JRC): a device which brings new nodes 184 (pledges) into a network. (from 185 [I-D.ietf-anima-bootstrapping-keyinfra]) 187 Flag day: A "flag day" is a procedure in which the network, or a part 188 of it, is changed during a planned outage, or suddenly, causing an 189 outage while the network recovers [RFC4192] 191 2.1. hop-by-hop IPv6-in-IPv6 headers 193 The term "hop-by-hop IPv6-in-IPv6" header refers to: adding a header 194 that originates from a node to an adjacent node, using the addresses 195 (usually the GUA or ULA, but could use the link-local addresses) of 196 each node. If the packet must traverse multiple hops, then it must 197 be decapsulated at each hop, and then re-encapsulated again in a 198 similar fashion. 200 3. Updates to RFC6553, RFC6550 and RFC 8138 202 3.1. Updates to RFC 6553 204 [RFC6553] states as showed below, that in the Option Type field of 205 the RPL Option header, the two high order bits MUST be set to '01' 206 and the third bit is equal to '1'. The first two bits indicate that 207 the IPv6 node MUST discard the packet if it doesn't recognize the 208 option type, and the third bit indicates that the Option Data may 209 change en route. The remaining bits serve as the option type. 211 Hex Value Binary Value 212 act chg rest Description Reference 213 --------- --- --- ------- ----------------- ---------- 214 0x63 01 1 00011 RPL Option [RFC6553] 216 Figure 1: Option Type in RPL Option. 218 Recent changes in [RFC8200] (section 4, page 8), states: "it is now 219 expected that nodes along a packet's delivery path only examine and 220 process the Hop-by-Hop Options header if explicitly configured to do 221 so". Processing of the Hop-by-Hop Options header (by IPv6 222 intermediate nodes) is now optional, but if they are configured to 223 process the header, and if such nodes encounter an option with the 224 first two bits set to 01, they will drop the packet (if they conform 225 to [RFC8200]). Host systems should do the same, irrespective of the 226 configuration. 228 Based on That, if an IPv6 (intermediate) node (RPL-not-capable) 229 receives a packet with an RPL Option, it should ignore the HBH RPL 230 option (skip over this option and continue processing the header). 232 Thus, this document updates the Option Type field to: the two high 233 order bits MUST be set to '00' and the third bit is equal to '1'. 234 The first two bits indicate that the IPv6 node MUST skip over this 235 option and continue processing the header ([RFC8200] Section 4.2) if 236 it doesn't recognize the option type, and the third bit continues to 237 be set to indicate that the Option Data may change en route. The 238 remaining bits serve as the option type and remain as 0x3. This 239 ensures that a packet that leaves the RPL domain of an LLN (or that 240 leaves the LLN entirely) will not be discarded when it contains the 241 [RFC6553] RPL Hop-by-Hop option known as RPI. 243 This is a significant update to [RFC6553]. [RFCXXXX] represents this 244 document. 246 Hex Value Binary Value 247 act chg rest Description Reference 248 --------- --- --- ------- ----------------- ---------- 249 0x23 00 1 00011 RPL Option [RFCXXXX] 251 Figure 2: Revised Option Type in RPL Option. 253 This change creates a flag day for existing networks which are 254 currently using 0x63 as the RPI value. A move to 0x23 will not be 255 understood by those networks. It is suggested that implementations 256 accept both 0x63 and 0x23 when processing. 258 When forwarding packets, implementations SHOULD use the same value as 259 it was received (This is required because, RPI type code can not be 260 changed by [RFC8200]). It allows to the network to be incrementally 261 upgraded, and for the DODAG root to know which parts of the network 262 are upgraded. 264 When originating new packets, implementations SHOULD have an option 265 to determine which value to originate with, this option is controlled 266 by the DIO option described below. 268 A network which is switching from straight 6lowpan compression 269 mechanism to those described in [RFC8138] will experience a flag day 270 in the data compression anyway, and if possible this change can be 271 deployed at the same time. 273 3.2. Updates to RFC 8138 275 RPI-6LoRH header provides a compressed form for the RPL RPI 276 [RFC8138]. It should be considered when the Option Type in RPL 277 Option is decompressed, should take the value of 0x23 instead of 278 0x63. 280 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 281 Configuration Option Flag. 283 In order to avoid a flag day caused by lack of interoperation between 284 new RPI (0x23) and old RPI (0x63) nodes, when there is a mix of new 285 nodes and old nodes, the new nodes may be put into a compatibility 286 mode until all of the old nodes are replaced or upgraded. 288 This can be done via a DODAG Configuration Option flag which will 289 propogate through the network. Failure to receive this information 290 will cause new nodes to remain in compatibility mode, and originate 291 traffic with the old-RPI (0x63) value. 293 As stated in [RFC6550] the DODAG Configuration option is present in 294 DIO messages. The DODAG Configuration option distributes 295 configuration information. It is generally static, and does not 296 change within the DODAG. This information is configured at the DODAG 297 root and distributed throughout the DODAG with the DODAG 298 Configuration option. Nodes other than the DODAG root do not modify 299 this information when propagating the DODAG Configuration option. 301 The DODAG Configuration Option has a Flags field which is modified by 302 this document. Currently, the DODAG Configuration Option in 303 [RFC6550] is as follows. . 305 Flags: The 4-bits remaining unused in the Flags field are reserved 306 for flags. The field MUST be initialized to zero by the sender and 307 MUST be ignored by the receiver. 309 0 1 2 3 310 +-----------------+---------------------------------------------------+ 311 | Type = 0x04 | Opt Length = 14| Flags | A | PCS| DIOIntDoubl. | 312 +---------------------------------------------------------------------+ 313 | DIOIntMin. | DIORedund. | MaxRankIncrease | 314 +-----------------+---------------------------------------------------+ 315 | MinHopRankIncrease | OCP | 316 +-----------------+---------------------------------------------------+ 317 |Reserved | Def. Lifetime | Lifetime Unit | 318 +-----------------+-----------------+---------------------------------+ 320 Figure 3: DODAG Configuration Option. 322 Bit number three of flag field in the DODAG Configuration option is 323 to be used as follows: 325 +------------+-----------------+---------------+ 326 | Bit number | Description | Reference | 327 +------------+-----------------+---------------+ 328 | 3 | RPI 0x23 enable | This document | 329 +------------+-----------------+---------------+ 331 Figure 4: DODAG Configuration Option Flag to indicate the RPI-flag- 332 day. 334 In case of rebooting, the node does not remember the flag. Thus, the 335 DIO is sent with flag indicating the new RPI value. 337 4. Sample/reference topology 339 A RPL network in general is composed of a 6LBR (6LoWPAN Border 340 Router), Backbone Router (6BBR), 6LR (6LoWPAN Router) and 6LN 341 (6LoWPAN Node) as leaf logically organized in a DODAG structure. 342 (Destination Oriented Directed Acyclic Graph). 344 RPL defines the RPL Control messages (control plane), a new ICMPv6 345 [RFC4443] message with Type 155. DIS (DODAG Information 346 Solicitation), DIO (DODAG Information Object) and DAO (Destination 347 Advertisement Object) messages are all RPL Control messages but with 348 different Code values. A RPL Stack is showed in Figure 5. 350 RPL supports two modes of Downward traffic: in storing mode (RPL-SM), 351 it is fully stateful; in non-storing (RPL-NSM), it is fully source 352 routed. A RPL Instance is either fully storing or fully non-storing, 353 i.e. a RPL Instance with a combination of storing and non-storing 354 nodes is not supported with the current specifications at the time of 355 writing this document. 357 +--------------+ 358 | Upper Layers | 359 | | 360 +--------------+ 361 | RPL | 362 | | 363 +--------------+ 364 | ICMPv6 | 365 | | 366 +--------------+ 367 | IPv6 | 368 | | 369 +--------------+ 370 | 6LoWPAN | 371 | | 372 +--------------+ 373 | PHY-MAC | 374 | | 375 +--------------+ 377 Figure 5: RPL Stack. 379 +------------+ 380 | INTERNET ----------+ 381 | | | 382 +------------+ | 383 | 384 | 385 | 386 A | 387 +-------+ 388 |6LBR | 389 +-----------|(root) |-------+ 390 | +-------+ | 391 | | 392 | | 393 | | 394 | | 395 | B |C 396 +---|---+ +---|---+ 397 | 6LR | | 6LR | 398 +-------->| |--+ +--- ---+ 399 | +-------+ | | +-------+ | 400 | | | | 401 | | | | 402 | | | | 403 | | | | 404 | D | E | | 405 +-|-----+ +---|---+ | | 406 | 6LR | | 6LR | | | 407 | | +------ | | | 408 +---|---+ | +---|---+ | | 409 | | | | | 410 | | +--+ | | 411 | | | | | 412 | | | | | 413 | | | I | J | 414 F | | G | H | | 415 +-----+-+ +-|-----+ +---|--+ +---|---+ +---|---+ 416 | Raf | | ~Raf | | Raf | | Raf | | ~Raf | 417 | 6LN | | 6LN | | 6LN | | 6LN | | 6LN | 418 +-------+ +-------+ +------+ +-------+ +-------+ 420 Figure 6: A reference RPL Topology. 422 Figure 2 shows the reference RPL Topology for this document. The 423 letters above the nodes are there so that they may be referenced in 424 subsequent sections. In the figure, 6LR represents a full router 425 node. The 6LN is a RPL aware router, or host. 427 But, the 6LN leaves (Raf - "RPL aware leaf"-) marked as (F, H and I) 428 are RPL nodes with no children hosts. 430 The leafs marked as ~Raf "not-RPL aware leaf" (G and J) are devices 431 which do not speak RPL at all (not-RPL-aware), but uses Router- 432 Advertisements, 6LowPAN DAR/DAC and efficient-ND only to participate 433 in the network [RFC6775]. In the document these leafs (G and J) are 434 also refered to as an IPv6 node. 436 The 6LBR ("A") in the figure is the root of the Global DODAG. 438 5. Use cases 440 In the data plane a combination of RFC6553, RFC6554 and IPv6-in-IPv6 441 encapsulation are going to be analyzed for a number of representative 442 traffic flows. 444 This document assumes that the LLN is using the no-drop RPI option 445 (0x23). 447 The uses cases describe the communication between RPL-aware-nodes, 448 with the root (6LBR), and with Internet. This document also describe 449 the communication between nodes acting as leaves that do not 450 understand RPL, but are part of the LLN. We name these nodes as not- 451 RPL-aware-leaf. (e.g. Section 6.1.4 Flow from not-RPL-aware-leaf to 452 root) We describe also how is the communication inside of the LLN 453 when it has the final destination addressed outside of the LLN e.g. 454 with destination to Internet. (e.g. Section 6.2.3 Flow from not- 455 RPL-aware-leaf to Internet) 457 The uses cases comprise as follow: 459 Interaction between Leaf and Root: 461 RPL-aware-leaf to root 463 root to RPL-aware-leaf 465 not-RPL-aware-leaf to root 467 root to not-RPL-aware-leaf 469 Interaction between Leaf and Internet: 471 RPL-aware-leaf to Internet 472 Internet to RPL-aware-leaf 474 not-RPL-aware-leaf to Internet 476 Internet to not-RPL-aware-leaf 478 Interaction between Leafs: 480 RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) 482 RPL-aware-leaf to not-RPL-aware-leaf (non-storing) 484 not-RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) 486 not-RPL-aware-leaf to not-RPL-aware-leaf (non-storing) 488 This document is consistent with the rule that a Header cannot be 489 inserted or removed on the fly inside an IPv6 packet that is being 490 routed. This is a fundamental precept of the IPv6 architecture as 491 outlined in [RFC8200]. Extensions may not be added or removed except 492 by the sender or the receiver. 494 However, unlike [RFC6553], the Hop-by-Hop Option Header used for the 495 RPI artifact has the first two bits set to '00'. This means that the 496 RPI artifact will be ignored when received by a host or router that 497 does not understand that option ( Section 4.2 [RFC8200]). 499 This means that when the no-drop RPI option code 0x23 is used, a 500 packet that leaves the RPL domain of an LLN (or that leaves the LLN 501 entirely) will not be discarded when it contains the [RFC6553] RPL 502 Hop-by-Hop option known as RPI. Thus, the RPI Hop-by-Hop option MAY 503 be left in place even if the end host does not understand it. 505 NOTE: There is some possible security risk when the RPI information 506 is released to the Internet. At this point this is a theoretical 507 situation; no clear attack has been described. At worst, it is clear 508 that the RPI option would waste some network bandwidth when it 509 escapes. This is traded off against the savings in the LLN by not 510 having to encapsulate the packet in order to remove the artifact. 512 Despite being legal to leave the RPI artifact in place, an 513 intermediate router that needs to add an extension header (SHR3 or 514 RPI Option) MUST still encapsulate the packet in an (additional) 515 outer IP header. The new header is placed after this new outer IP 516 header. 518 A corollory is that an SHR3 or RPI Option can only be removed by an 519 intermediate router if it is placed in an encapsulating IPv6 Header, 520 which is addressed TO the intermediate router. When it does so, the 521 whole encapsulating header must be removed. (A replacement may be 522 added). This sometimes can result in outer IP headers being 523 addressed to the next hop router using link-local addresses. 525 Both RPI and RH3 headers may be modified in very specific ways by 526 routers on the path of the packet without the need to add to remove 527 an encapsulating header. Both headers were designed with this 528 modification in mind, and both the RPL RH and the RPL option are 529 marked mutable but recoverable: so an IPsec AH security header can be 530 applied across these headers, but it can not secure the values which 531 mutate. 533 RPI should be present in every single RPL data packet. There is one 534 exception in non-storing mode: when a packet is going down from the 535 root. In a downward non-storing mode, the entire route is written, 536 so there can be no loops by construction, nor any confusion about 537 which forwarding table to use (as the root has already made all 538 routing decisions). However, there are still cases, such as in 539 6tisch, where the instanceID portion of the RPI header may still be 540 needed to pick an appropriate priority or channel at each hop. 542 In the tables present in this document, the term "RPL aware leaf" is 543 has been shortened to "Raf", and "not-RPL aware leaf" has been 544 shortened to "~Raf" to make the table fit in available space. 546 The earlier examples are more extensive to make sure that the process 547 is clear, while later examples are more concise. 549 6. Storing mode 551 In storing mode (fully stateful), the sender can determine if the 552 destination is inside the LLN by looking if the destination address 553 is matched by the DIO's PIO option. 555 The following table itemizes which headers are needed in the 556 following scenarios, and indicates if the IP-in-IP header must be 557 inserted on a hop-by-hop basis, or when it can target the destination 558 node directly. There are these possible situations: hop-by-hop 559 necessary (indicated by "hop"), or destination address possible 560 (indicated by "dst"). In all cases hop by hop MAY be used. 562 In cases where no IP-in-IP header is needed, the column is left 563 blank. 565 In all cases the RPI headers are needed, since it identifies 566 inconsistencies (loops) in the routing topology. In all cases the 567 RH3 is not needed because we do not indicate the route in storing 568 mode. 570 In each case, 6LR_i are the intermediate routers from source to 571 destination. "1 <= i >= n", n is the number of routers (6LR) that 572 the packet go through from source (6LN) to destination. 574 The leaf can be a router 6LR or a host, both indicated as 6LN (see 575 Figure 6). 577 +---------------------+--------------+----------+--------------+ 578 | Interaction between | Use Case | IP-in-IP | IP-in-IP dst | 579 +---------------------+--------------+----------+--------------+ 580 | | Raf to root | No | -- | 581 + +--------------+----------+--------------+ 582 | Leaf - Root | root to Raf | No | -- | 583 + +--------------+----------+--------------+ 584 | | root to ~Raf | No | -- | 585 + +--------------+----------+--------------+ 586 | | ~Raf to root | Yes | root | 587 +---------------------+--------------+----------+--------------+ 588 | | Raf to Int | No | -- | 589 + +--------------+----------+--------------+ 590 | Leaf - Internet | Int to Raf | Yes | Raf | 591 + +--------------+----------+--------------+ 592 | | ~Raf to Int | Yes | root | 593 + +--------------+----------+--------------+ 594 | | Int to ~Raf | Yes | hop | 595 +---------------------+--------------+----------+--------------+ 596 | | Raf to Raf | No | -- | 597 + +--------------+----------+--------------+ 598 | | Raf to ~Raf | No | -- | 599 + Leaf - Leaf +--------------+----------+--------------+ 600 | | ~Raf to Raf | Yes | dst | 601 + +--------------+----------+--------------+ 602 | | ~Raf to ~Raf | Yes | hop | 603 +---------------------+--------------+----------+--------------+ 605 Figure 7: IP-in-IP encapsulation in Storing mode. 607 6.1. Storing Mode: Interaction between Leaf and Root 609 In this section we are going to describe the communication flow in 610 storing mode (SM) between, 611 RPL-aware-leaf to root 613 root to RPL-aware-leaf 615 not-RPL-aware-leaf to root 617 root to not-RPL-aware-leaf 619 6.1.1. SM: Example of Flow from RPL-aware-leaf to root 621 In storing mode, RFC 6553 (RPI) is used to send RPL Information 622 instanceID and rank information. 624 As stated in Section 16.2 of [RFC6550] an RPL-aware-leaf node does 625 not generally issue DIO messages; a leaf node accepts DIO messages 626 from upstream. (When the inconsistency in routing occurs, a leaf 627 node will generate a DIO with an infinite rank, to fix it). It may 628 issue DAO and DIS messages though it generally ignores DAO and DIS 629 messages. 631 In this case the flow comprises: 633 RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) 635 For example, a communication flow could be: Node F --> Node E --> 636 Node B --> Node A root(6LBR) 638 As it was mentioned in this document 6LRs, 6LBR are always full- 639 fledged RPL routers. 641 The 6LN (Node F) inserts the RPI header, and sends the packet to 6LR 642 (Node E) which decrements the rank in RPI and sends the packet up. 643 When the packet arrives at 6LBR (Node A), the RPI is removed and the 644 packet is processed. 646 No IP-in-IP header is required. 648 The RPI header can be removed by the 6LBR because the packet is 649 addressed to the 6LBR. The 6LN must know that it is communicating 650 with the 6LBR to make use of this scenario. The 6LN can know the 651 address of the 6LBR because it knows the address of the root via the 652 DODAGID in the DIO messages. 654 +-------------------+-----+-------+------+ 655 | Header | 6LN | 6LR_i | 6LBR | 656 +-------------------+-----+-------+------+ 657 | Inserted headers | RPI | -- | -- | 658 | Removed headers | -- | -- | RPI | 659 | Re-added headers | -- | -- | -- | 660 | Modified headers | -- | RPI | -- | 661 | Untouched headers | -- | -- | -- | 662 +-------------------+-----+-------+------+ 664 Storing: Summary of the use of headers from RPL-aware-leaf to root 666 6.1.2. SM: Example of Flow from root to RPL-aware-leaf 668 In this case the flow comprises: 670 root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 672 For example, a communication flow could be: Node A root(6LBR) --> 673 Node B --> Node D --> Node F 675 In this case the 6LBR inserts RPI header and sends the packet down, 676 the 6LR is going to increment the rank in RPI (it examines the 677 instanceID to identify the right forwarding table), the packet is 678 processed in the 6LN and the RPI removed. 680 No IP-in-IP header is required. 682 +-------------------+------+-------+------+ 683 | Header | 6LBR | 6LR_i | 6LN | 684 +-------------------+------+-------+------+ 685 | Inserted headers | RPI | -- | -- | 686 | Removed headers | -- | -- | RPI | 687 | Re-added headers | -- | -- | -- | 688 | Modified headers | -- | RPI | -- | 689 | Untouched headers | -- | -- | -- | 690 +-------------------+------+-------+------+ 692 Storing: Summary of the use of headers from root to RPL-aware-leaf 694 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf 696 In this case the flow comprises: 698 root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 700 For example, a communication flow could be: Node A root(6LBR) --> 701 Node B --> Node E --> Node G 702 As the RPI extension can be ignored by the not-RPL-aware leaf, this 703 situation is identical to the previous scenario. 705 +-------------------+------+-------+----------------+ 706 | Header | 6LBR | 6LR_i | IPv6 | 707 +-------------------+------+-------+----------------+ 708 | Inserted headers | RPI | -- | -- | 709 | Removed headers | -- | -- | -- | 710 | Re-added headers | -- | -- | -- | 711 | Modified headers | -- | RPI | -- | 712 | Untouched headers | -- | -- | RPI (Ignored) | 713 +-------------------+------+-------+----------------+ 715 Storing: Summary of the use of headers from root to not-RPL-aware- 716 leaf 718 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root 720 In this case the flow comprises: 722 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) 724 For example, a communication flow could be: Node G --> Node E --> 725 Node B --> Node A root(6LBR) 727 When the packet arrives from IPv6 node (Node G) to 6LR_1 (Node E), 728 the 6LR_1 will insert a RPI header, encapsuladed in a IPv6-in-IPv6 729 header. The IPv6-in-IPv6 header can be addressed to the next hop 730 (Node B), or to the root (Node A). The root removes the header and 731 processes the packet. 733 +------------+------+---------------+---------------+---------------+ 734 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | 735 +------------+------+---------------+---------------+---------------+ 736 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 737 | headers | | | | | 738 | Removed | -- | -- | -- | IP-in-IP(RPI) | 739 | headers | | | | | 740 | Re-added | -- | -- | -- | -- | 741 | headers | | | | | 742 | Modified | -- | -- | IP-in-IP(RPI) | -- | 743 | headers | | | | | 744 | Untouched | -- | -- | -- | -- | 745 | headers | | | | | 746 +------------+------+---------------+---------------+---------------+ 748 Storing: Summary of the use of headers from not-RPL-aware-leaf to 749 root 751 6.2. Storing Mode: Interaction between Leaf and Internet 753 In this section we are going to describe the communication flow in 754 storing mode (SM) between, 756 RPL-aware-leaf to Internet 758 Internet to RPL-aware-leaf 760 not-RPL-aware-leaf to Internet 762 Internet to not-RPL-aware-leaf 764 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet 766 RPL information from RFC 6553 MAY go out to Internet as it will be 767 ignored by nodes which have not been configured to be RPI aware. 769 In this case the flow comprises: 771 RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet 773 For example, the communication flow could be: Node F --> Node D --> 774 Node B --> Node A root(6LBR) --> Internet 776 No IP-in-IP header is required. 778 Note: In this use case we use a node as leaf, but this use case can 779 be also applicable to any RPL-node type (e.g. 6LR) 781 +-------------------+------+-------+------+----------------+ 782 | Header | 6LN | 6LR_i | 6LBR | Internet | 783 +-------------------+------+-------+------+----------------+ 784 | Inserted headers | RPI | -- | -- | -- | 785 | Removed headers | -- | -- | -- | -- | 786 | Re-added headers | -- | -- | -- | -- | 787 | Modified headers | -- | RPI | -- | -- | 788 | Untouched headers | -- | -- | RPI | RPI (Ignored) | 789 +-------------------+------+-------+------+----------------+ 791 Storing: Summary of the use of headers from RPL-aware-leaf to 792 Internet 794 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf 796 In this case the flow comprises: 798 Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 799 For example, a communication flow could be: Internet --> Node A 800 root(6LBR) --> Node B --> Node D --> Node F 802 When the packet arrives from Internet to 6LBR the RPI header is added 803 in a outer IPv6-in-IPv6 header and sent to 6LR, which modifies the 804 rank in the RPI. When the packet arrives at 6LN the RPI header is 805 removed and the packet processed. 807 +----------+---------+--------------+---------------+---------------+ 808 | Header | Interne | 6LBR | 6LR_i | 6LN | 809 | | t | | | | 810 +----------+---------+--------------+---------------+---------------+ 811 | Inserted | -- | IP-in- | -- | -- | 812 | headers | | IP(RPI) | | | 813 | Removed | -- | -- | -- | IP-in-IP(RPI) | 814 | headers | | | | | 815 | Re-added | -- | -- | -- | -- | 816 | headers | | | | | 817 | Modified | -- | -- | IP-in-IP(RPI) | -- | 818 | headers | | | | | 819 | Untouche | -- | -- | -- | -- | 820 | d | | | | | 821 | headers | | | | | 822 +----------+---------+--------------+---------------+---------------+ 824 Storing: Summary of the use of headers from Internet to RPL-aware- 825 leaf 827 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to Internet 829 In this case the flow comprises: 831 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> 832 Internet 834 For example, a communication flow could be: Node G --> Node E --> 835 Node B --> Node A root(6LBR) --> Internet 837 The 6LR_1 (i=1) node will add an IP-in-IP(RPI) header addressed 838 either to the root, or hop-by-hop such that the root can remove the 839 RPI header before passing upwards. The IP-in-IP addressed to the 840 root cause less processing overhead. On the other hand, with hop-by- 841 hop the intermediate routers can check the routing tables for a 842 better routing path, thus it could be more efficient and faster. 843 Implementation should decide wich approach to take. 845 The originating node will ideally leave the IPv6 flow label as zero 846 so that the packet can be better compressed through the LLN. The 847 6LBR will set the flow label of the packet to a non-zero value when 848 sending to the Internet. 850 +---------+-----+-------------+-------------+-------------+---------+ 851 | Header | IPv | 6LR_1 | 6LR_i | 6LBR | Interne | 852 | | 6 | | [i=2,..,n]_ | | t | 853 +---------+-----+-------------+-------------+-------------+---------+ 854 | Inserte | -- | IP-in- | -- | -- | -- | 855 | d | | IP(RPI) | | | | 856 | headers | | | | | | 857 | Removed | -- | -- | -- | IP-in- | -- | 858 | headers | | | | IP(RPI) | | 859 | Re- | -- | -- | -- | -- | -- | 860 | added | | | | | | 861 | headers | | | | | | 862 | Modifie | -- | -- | IP-in- | -- | -- | 863 | d | | | IP(RPI) | | | 864 | headers | | | | | | 865 | Untouch | -- | -- | -- | -- | -- | 866 | ed | | | | | | 867 | headers | | | | | | 868 +---------+-----+-------------+-------------+-------------+---------+ 870 Storing: Summary of the use of headers from not-RPL-aware-leaf to 871 Internet 873 6.2.4. SM: Example of Flow from Internet to non-RPL-aware-leaf 875 In this case the flow comprises: 877 Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 879 For example, a communication flow could be: Internet --> Node A 880 root(6LBR) --> Node B --> Node E --> Node G 882 The 6LBR will have to add an RPI header within an IP-in-IP header. 883 The IP-in-IP is addressed to the not-RPL-aware-leaf, leaving the RPI 884 inside. 886 Note that there is a requirement that the final node be able to 887 remove one or more IPIP headers which are all addressed to it. 888 (EDNOTE: this should go into [I-D.ietf-6man-rfc6434-bis]) 890 The 6LBR MAY set the flow label on the inner IP-in-IP header to zero 891 in order to aid in compression. 893 +-----------+----------+---------------+---------------+------------+ 894 | Header | Internet | 6LBR | 6LR_i | IPv6 | 895 +-----------+----------+---------------+---------------+------------+ 896 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 897 | headers | | | | | 898 | Removed | -- | -- | -- | -- | 899 | headers | | | | | 900 | Re-added | -- | -- | -- | -- | 901 | headers | | | | | 902 | Modified | -- | -- | IP-in-IP(RPI) | -- | 903 | headers | | | | | 904 | Untouched | -- | -- | -- | RPI | 905 | headers | | | | (Ignored) | 906 +-----------+----------+---------------+---------------+------------+ 908 Storing: Summary of the use of headers from Internet to non-RPL- 909 aware-leaf 911 6.3. Storing Mode: Interaction between Leaf and Leaf 913 In this section we are going to describe the communication flow in 914 storing mode (SM) between, 916 RPL-aware-leaf to RPL-aware-leaf 918 RPL-aware-leaf to not-RPL-aware-leaf 920 not-RPL-aware-leaf to RPL-aware-leaf 922 not-RPL-aware-leaf to not-RPL-aware-leaf 924 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware-leaf 926 In [RFC6550] RPL allows a simple one-hop optimization for both 927 storing and non-storing networks. A node may send a packet destined 928 to a one-hop neighbor directly to that node. See section 9 in 929 [RFC6550]. 931 When the nodes are not directly connected, then in storing mode, the 932 flow comprises: 934 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> 6LN 936 For example, a communication flow could be: Node F --> Node D --> 937 Node B --> Node E --> Node H 939 6LR_ia (Node D) are the intermediate routers from source to the 940 common parent (6LR_x) (Node B) In this case, "1 <= ia >= n", n is the 941 number of routers (6LR) that the packet go through from 6LN (Node F) 942 to the common parent (6LR_x). 944 6LR_id (Node E) are the intermediate routers from the common parent 945 (6LR_x) (Node B) to destination 6LN (Node H). In this case, "1 <= id 946 >= m", m is the number of routers (6LR) that the packet go through 947 from the common parent (6LR_x) to destination 6LN. 949 It is assume that the two nodes are in the same RPL Domain (that they 950 share the same DODAG root). At the common parent (Node B), the 951 direction of RPI is changed (from increasing to decreasing the rank). 953 While the 6LR nodes will update the RPI, no node needs to add or 954 remove the RPI, so no IP-in-IP headers are necessary. This may be 955 done regardless of where the destination is, as the included RPI will 956 be ignored by the receiver. 958 +---------------+--------+--------+---------------+--------+--------+ 959 | Header | 6LN | 6LR_ia | 6LR_x (common | 6LR_id | 6LN | 960 | | src | | parent) | | dst | 961 +---------------+--------+--------+---------------+--------+--------+ 962 | Inserted | RPI | -- | -- | -- | -- | 963 | headers | | | | | | 964 | Removed | -- | -- | -- | -- | RPI | 965 | headers | | | | | | 966 | Re-added | -- | -- | -- | -- | -- | 967 | headers | | | | | | 968 | Modified | -- | RPI | RPI | RPI | -- | 969 | headers | | | | | | 970 | Untouched | -- | -- | -- | -- | -- | 971 | headers | | | | | | 972 +---------------+--------+--------+---------------+--------+--------+ 974 Storing: Summary of the use of headers for RPL-aware-leaf to RPL- 975 aware-leaf 977 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL-aware-leaf 979 In this case the flow comprises: 981 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> not-RPL-aware 982 6LN (IPv6) 984 For example, a communication flow could be: Node F --> Node D --> 985 Node B --> Node E --> Node G 987 6LR_ia are the intermediate routers from source (6LN) to the common 988 parent (6LR_x) In this case, "1 <= ia >= n", n is the number of 989 routers (6LR) that the packet go through from 6LN to the common 990 parent (6LR_x). 992 6LR_id (Node E) are the intermediate routers from the common parent 993 (6LR_x) (Node B) to destination not-RPL-aware 6LN (IPv6) (Node G). 994 In this case, "1 <= id >= m", m is the number of routers (6LR) that 995 the packet go through from the common parent (6LR_x) to destination 996 6LN. 998 This situation is identical to the previous situation Section 6.3.1 1000 +-----------+------+--------+---------------+--------+--------------+ 1001 | Header | 6LN | 6LR_ia | 6LR_x(common | 6LR_id | IPv6 | 1002 | | src | | parent) | | | 1003 +-----------+------+--------+---------------+--------+--------------+ 1004 | Inserted | RPI | -- | -- | -- | -- | 1005 | headers | | | | | | 1006 | Removed | -- | -- | -- | -- | RPI | 1007 | headers | | | | | | 1008 | Re-added | -- | -- | -- | -- | -- | 1009 | headers | | | | | | 1010 | Modified | -- | RPI | RPI | RPI | -- | 1011 | headers | | | | | | 1012 | Untouched | -- | -- | -- | -- | RPI(Ignored) | 1013 | headers | | | | | | 1014 +-----------+------+--------+---------------+--------+--------------+ 1016 Storing: Summary of the use of headers for RPL-aware-leaf to non-RPL- 1017 aware-leaf 1019 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL-aware-leaf 1021 In this case the flow comprises: 1023 not-RPL-aware 6LN (IPv6) --> 6LR_ia --> common parent (6LR_x) --> 1024 6LR_id --> 6LN 1026 For example, a communication flow could be: Node G --> Node E --> 1027 Node B --> Node D --> Node F 1029 6LR_ia (Node E) are the intermediate routers from source (not-RPL- 1030 aware 6LN (IPv6)) (Node G) to the common parent (6LR_x) (Node B). In 1031 this case, "1 <= ia >= n", n is the number of routers (6LR) that the 1032 packet go through from source to the common parent. 1034 6LR_id (Node D) are the intermediate routers from the common parent 1035 (6LR_x) (Node B) to destination 6LN (Node F). In this case, "1 <= id 1036 >= m", m is the number of routers (6LR) that the packet go through 1037 from the common parent (6LR_x) to destination 6LN. 1039 The 6LR_ia (ia=1) (Node E) receives the packet from the the IPv6 node 1040 (Node G) and inserts and the RPI header encapsulated in IPv6-in-IPv6 1041 header. The IP-in-IP header is addressed to the destination 6LN 1042 (Node F). 1044 +--------+------+------------+------------+------------+------------+ 1045 | Header | IPv6 | 6LR_ia | common | 6LR_id | 6LN | 1046 | | | | parent | | | 1047 | | | | (6LRx) | | | 1048 +--------+------+------------+------------+------------+------------+ 1049 | Insert | -- | IP-in- | -- | -- | -- | 1050 | ed hea | | IP(RPI) | | | | 1051 | ders | | | | | | 1052 | Remove | -- | -- | -- | -- | IP-in- | 1053 | d head | | | | | IP(RPI) | 1054 | ers | | | | | | 1055 | Re- | -- | -- | -- | -- | -- | 1056 | added | | | | | | 1057 | header | | | | | | 1058 | s | | | | | | 1059 | Modifi | -- | -- | IP-in- | IP-in- | -- | 1060 | ed hea | | | IP(RPI) | IP(RPI) | | 1061 | ders | | | | | | 1062 | Untouc | -- | -- | -- | -- | -- | 1063 | hed he | | | | | | 1064 | aders | | | | | | 1065 +--------+------+------------+------------+------------+------------+ 1067 Storing: Summary of the use of headers from not-RPL-aware-leaf to 1068 RPL-aware-leaf 1070 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not-RPL-aware- 1071 leaf 1073 In this case the flow comprises: 1075 not-RPL-aware 6LN (IPv6 src)--> 6LR_1--> 6LR_ia --> 6LR_id --> not- 1076 RPL-aware 6LN (IPv6 dst) 1078 For example, a communication flow could be: Node G --> Node E --> 1079 Node B --> Node A (root) --> Node C --> Node J 1081 Internal nodes 6LR_ia (e.g: Node E or Node B) are the intermediate 1082 routers from the not-RPL-aware source (Node G) to the root (6LBR) 1083 (Node A). In this case, "1 < ia >= n", n is the number of routers 1084 (6LR) that the packet go through from IPv6 src to the root. 1086 6LR_id (C) are the intermediate routers from the root (Node A) to the 1087 destination Node J. In this case, "1 <= id >= m", m is the number of 1088 routers (6LR) that the packet go through from the root to destination 1089 (IPv6 dst). 1091 Note that this flow is identical to Section 6.3.3, except for where 1092 the IPIP header is inserted. 1094 The 6LR_1 (Node E) receives the packet from the the IPv6 node (Node 1095 G) and inserts the RPI header (RPIa), encapsulated in an IPv6-in-IPv6 1096 header. The IPv6-in-IPv6 header is addressed to the final 1097 destination. 1099 +----------+-----+-------------+--------------+--------------+------+ 1100 | Header | IPv | 6LR_1 | 6LR_ia | 6LR_m | IPv6 | 1101 | | 6 | | | | dst | 1102 | | src | | | | | 1103 +----------+-----+-------------+--------------+--------------+------+ 1104 | Inserted | -- | IP-in- | -- | -- | -- | 1105 | headers | | IP(RPI) | | | | 1106 | Removed | -- | -- | -- | -- | -- | 1107 | headers | | | | | | 1108 | Re-added | -- | -- | -- | -- | -- | 1109 | headers | | | | | | 1110 | Modified | -- | -- | IP-in- | IP-in- | -- | 1111 | headers | | | IP(RPI) | IP(RPI) | | 1112 | Untouche | -- | -- | -- | -- | -- | 1113 | d | | | | | | 1114 | headers | | | | | | 1115 +----------+-----+-------------+--------------+--------------+------+ 1117 Storing: Summary of the use of headers from not-RPL-aware-leaf to 1118 non-RPL-aware-leaf 1120 7. Non Storing mode 1122 In Non Storing Mode (Non SM) (fully source routed), the 6LBR (DODAG 1123 root) has complete knowledge about the connectivity of all DODAG 1124 nodes, and all traffic flows through the root node. Thus, there is 1125 no need for all nodes to know about the existence of non-RPL aware 1126 nodes. Only the 6LBR needs to act if compensation is necessary for 1127 non-RPL aware receivers. 1129 The following table summarizes what headers are needed in the 1130 following scenarios, and indicates when the RPI, RH3 and IP-in-IP 1131 header must be inserted. There are these possible situations: 1132 destination address possible (indicated by "dst"), to a 6LR, to a 6LN 1133 or to the root. In cases where no IP-in-IP header is needed, the 1134 column is left blank. 1136 The leaf can be a router 6LR or a host, both indicated as 6LN 1137 (Figure 3). 1139 +-----------------+--------------+-----+-----+----------+----------+ 1140 | Interaction | Use Case | RPI | RH3 | IP-in-IP | IP-in-IP | 1141 | between | | | | | dst | 1142 +-----------------+--------------+-----+-----+----------+----------+ 1143 | | Raf to root | Yes | No | No | -- | 1144 + +--------------+-----+-----+----------+----------+ 1145 | Leaf - Root | root to Raf | Opt | Yes | No | -- | 1146 + +--------------+-----+-----+----------+----------+ 1147 | | root to ~Raf |no(1)| Yes | Yes | 6LR | 1148 + +--------------+-----+-----+----------+----------+ 1149 | | ~Raf to root | Yes | No | Yes | root | 1150 +-----------------+--------------+-----+-----+----------+----------+ 1151 | | Raf to Int | Yes | No | Yes | root | 1152 + +--------------+-----+-----+----------+----------+ 1153 | Leaf - Internet | Int to Raf |no(1)| Yes | Yes | dst | 1154 + +--------------+-----+-----+----------+----------+ 1155 | | ~Raf to Int | Yes | No | Yes | root | 1156 + +--------------+-----+-----+----------+----------+ 1157 | | Int to ~Raf |no(1)| Yes | Yes | 6LR | 1158 +-----------------+--------------+-----+-----+----------+----------+ 1159 | | Raf to Raf | Yes | Yes | Yes | root/dst | 1160 + +--------------+-----+-----+----------+----------+ 1161 | | Raf to ~Raf | Yes | Yes | Yes | root/6LR | 1162 + Leaf - Leaf +--------------+-----+-----+----------+----------+ 1163 | | ~Raf to Raf | Yes | Yes | Yes | root/6LN | 1164 + +--------------+-----+-----+----------+----------+ 1165 | | ~Raf to ~Raf | Yes | Yes | Yes | root/6LR | 1166 +-----------------+--------------+-----+-----+----------+----------+ 1168 (1)-6tisch networks may need the RPI information. 1170 Figure 8: Headers needed in Non-Storing mode: RPI, RH3, IP-in-IP 1171 encapsulation. 1173 7.1. Non-Storing Mode: Interaction between Leaf and Root 1175 In this section we are going to describe the communication flow in 1176 Non Storing Mode (Non-SM) between, 1177 RPL-aware-leaf to root 1179 root to RPL-aware-leaf 1181 not-RPL-aware-leaf to root 1183 root to not-RPL-aware-leaf 1185 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root 1187 In non-storing mode the leaf node uses default routing to send 1188 traffic to the root. The RPI header must be included to avoid/detect 1189 loops. 1191 RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) 1193 For example, a communication flow could be: Node F --> Node D --> 1194 Node B --> Node A (root) 1196 6LR_i are the intermediate routers from source to destination. In 1197 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1198 packet go through from source (6LN) to destination (6LBR). 1200 This situation is the same case as storing mode. 1202 +-------------------+-----+-------+------+ 1203 | Header | 6LN | 6LR_i | 6LBR | 1204 +-------------------+-----+-------+------+ 1205 | Inserted headers | RPI | -- | -- | 1206 | Removed headers | -- | -- | RPI | 1207 | Re-added headers | -- | -- | -- | 1208 | Modified headers | -- | RPI | -- | 1209 | Untouched headers | -- | -- | -- | 1210 +-------------------+-----+-------+------+ 1212 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1213 root 1215 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf 1217 In this case the flow comprises: 1219 root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 1221 For example, a communication flow could be: Node A (root) --> Node B 1222 --> Node D --> Node F 1223 6LR_i are the intermediate routers from source to destination. In 1224 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1225 packet go through from source (6LBR) to destination (6LN). 1227 The 6LBR will insert an RH3, and may optionally insert an RPI header. 1228 No IP-in-IP header is necessary as the traffic originates with an RPL 1229 aware node, the 6LBR. The destination is known to RPL-aware because, 1230 the root knows the whole topology in non-storing mode. 1232 +-------------------+-----------------+-------+----------+ 1233 | Header | 6LBR | 6LR_i | 6LN | 1234 +-------------------+-----------------+-------+----------+ 1235 | Inserted headers | (opt: RPI), RH3 | -- | -- | 1236 | Removed headers | -- | -- | RH3,RPI | 1237 | Re-added headers | -- | -- | -- | 1238 | Modified headers | -- | RH3 | -- | 1239 | Untouched headers | -- | -- | -- | 1240 +-------------------+-----------------+-------+----------+ 1242 Non Storing: Summary of the use of headers from root to RPL-aware- 1243 leaf 1245 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware-leaf 1247 In this case the flow comprises: 1249 root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 1251 For example, a communication flow could be: Node A (root) --> Node B 1252 --> Node E --> Node G 1254 6LR_i are the intermediate routers from source to destination. In 1255 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1256 packet go through from source (6LBR) to destination (IPv6). 1258 In 6LBR the RH3 is added, it is modified at each intermediate 6LR 1259 (6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n), 1260 but left there. If RPI is left present, the IPv6 node which does not 1261 understand it will ignore it (following RFC8200), thus encapsulation 1262 is not necesary. Due the complete knowledge of the topology at the 1263 root, the 6LBR may optionally address the IP-in-IP header to the last 1264 6LR, such that it is removed prior to the IPv6 node. 1266 +---------------+-------------+---------------+--------------+------+ 1267 | Header | 6LBR | 6LR_i(i=1) | 6LR_n(i=n) | IPv6 | 1268 +---------------+-------------+---------------+--------------+------+ 1269 | Inserted | (opt: RPI), | -- | -- | -- | 1270 | headers | RH3 | | | | 1271 | Removed | -- | RH3 | -- | -- | 1272 | headers | | | | | 1273 | Re-added | -- | -- | -- | -- | 1274 | headers | | | | | 1275 | Modified | -- | (opt: RPI), | (opt: RPI), | -- | 1276 | headers | | RH3 | RH3 | | 1277 | Untouched | -- | -- | -- | RPI | 1278 | headers | | | | | 1279 +---------------+-------------+---------------+--------------+------+ 1281 Non Storing: Summary of the use of headers from root to not-RPL- 1282 aware-leaf 1284 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to root 1286 In this case the flow comprises: 1288 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) 1290 For example, a communication flow could be: Node G --> Node E --> 1291 Node B --> Node A (root) 1293 6LR_i are the intermediate routers from source to destination. In 1294 this case, "1 < i >= n", n is the number of routers (6LR) that the 1295 packet go through from source (IPv6) to destination (6LBR). For 1296 example, 6LR_1 (i=1) is the router that receives the packets from the 1297 IPv6 node. 1299 In this case the RPI is added by the first 6LR (6LR1) (Node E), 1300 encapsulated in an IP-in-IP header, and is modified in the following 1301 6LRs. The RPI and entire packet is consumed by the root. 1303 +------------+------+---------------+---------------+---------------+ 1304 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | 1305 +------------+------+---------------+---------------+---------------+ 1306 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 1307 | headers | | | | | 1308 | Removed | -- | -- | -- | IP-in-IP(RPI) | 1309 | headers | | | | | 1310 | Re-added | -- | -- | -- | -- | 1311 | headers | | | | | 1312 | Modified | -- | -- | IP-in-IP(RPI) | -- | 1313 | headers | | | | | 1314 | Untouched | -- | -- | -- | -- | 1315 | headers | | | | | 1316 +------------+------+---------------+---------------+---------------+ 1318 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1319 root 1321 7.2. Non-Storing Mode: Interaction between Leaf and Internet 1323 This section will describe the communication flow in Non Storing Mode 1324 (Non-SM) between: 1326 RPL-aware-leaf to Internet 1328 Internet to RPL-aware-leaf 1330 not-RPL-aware-leaf to Internet 1332 Internet to not-RPL-aware-leaf 1334 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to Internet 1336 In this case the flow comprises: 1338 RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet 1340 For example, a communication flow could be: Node F --> Node D --> 1341 Node B --> Node A --> Internet 1343 6LR_i are the intermediate routers from source to destination. In 1344 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1345 packet go through from source (6LN) to 6LBR. 1347 This case is identical to storing-mode case. 1349 The IPv6 flow label should be set to zero to aid in compression, and 1350 the 6LBR will set it to a non-zero value when sending towards the 1351 Internet. 1353 +-------------------+------+-------+------+----------------+ 1354 | Header | 6LN | 6LR_i | 6LBR | Internet | 1355 +-------------------+------+-------+------+----------------+ 1356 | Inserted headers | RPI | -- | -- | -- | 1357 | Removed headers | -- | -- | -- | -- | 1358 | Re-added headers | -- | -- | -- | -- | 1359 | Modified headers | -- | RPI | -- | -- | 1360 | Untouched headers | -- | -- | RPI | RPI (Ignored) | 1361 +-------------------+------+-------+------+----------------+ 1363 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1364 Internet 1366 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware-leaf 1368 In this case the flow comprises: 1370 Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 1372 For example, a communication flow could be: Internet --> Node A 1373 (root) --> Node B --> Node D --> Node F 1375 6LR_i are the intermediate routers from source to destination. In 1376 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1377 packet go through from 6LBR to destination(6LN). 1379 The 6LBR must add an RH3 header. As the 6LBR will know the path and 1380 address of the target node, it can address the IP-in-IP header to 1381 that node. The 6LBR will zero the flow label upon entry in order to 1382 aid compression. 1384 The RPI may be added or not as required by networks such as 6tisch. 1385 The RPI is unnecessary for loop detection. 1387 +----------+---------+--------------+---------------+---------------+ 1388 | Header | Interne | 6LBR | 6LR_i | 6LN | 1389 | | t | | | | 1390 +----------+---------+--------------+---------------+---------------+ 1391 | Inserted | -- | IP-in-IP (RH | -- | -- | 1392 | headers | | 3,opt:RPI) | | | 1393 | Removed | -- | -- | -- | IP-in-IP | 1394 | headers | | | | (RH3,opt:RPI) | 1395 | Re-added | -- | -- | -- | -- | 1396 | headers | | | | | 1397 | Modified | -- | -- | IP-in-IP | -- | 1398 | headers | | | (RH3,opt:RPI) | | 1399 | Untouche | -- | -- | -- | -- | 1400 | d | | | | | 1401 | headers | | | | | 1402 +----------+---------+--------------+---------------+---------------+ 1404 Non Storing: Summary of the use of headers from Internet to RPL- 1405 aware-leaf 1407 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to Internet 1409 In this case the flow comprises: 1411 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> 1412 Internet 1414 For example, a communication flow could be: Node G --> Node E --> 1415 Node B --> Node A --> Internet 1417 6LR_i are the intermediate routers from source to destination. In 1418 this case, "1 < i >= n", n is the number of routers (6LR) that the 1419 packet go through from source(IPv6) to 6LBR. e.g 6LR_1 (i=1). 1421 In this case the flow label is recommended to be zero in the IPv6 1422 node. As RPL headers are added in the IPv6 node, the first 6LR 1423 (6LR_1) will add an RPI header inside a new IP-in-IP header. The IP- 1424 in-IP header will be addressed to the root. This case is identical 1425 to the storing-mode case (see Section 6.2.3). 1427 +-----------+------+-----------+-------------+-----------+----------+ 1428 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | Internet | 1429 | | | | [i=2,..,n]_ | | | 1430 +-----------+------+-----------+-------------+-----------+----------+ 1431 | Inserted | -- | IP-in-IP | -- | -- | -- | 1432 | headers | | (RPI) | | | | 1433 | Removed | -- | -- | -- | IP-in-IP | -- | 1434 | headers | | | | (RPI) | | 1435 | Re-added | -- | -- | -- | -- | -- | 1436 | headers | | | | | | 1437 | Modified | -- | -- | IP-in-IP | -- | -- | 1438 | headers | | | (RPI) | | | 1439 | Untouched | -- | -- | -- | -- | -- | 1440 | headers | | | | | | 1441 +-----------+------+-----------+-------------+-----------+----------+ 1443 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1444 Internet 1446 7.2.4. Non-SM: Example of Flow from Internet to not-RPL-aware-leaf 1448 In this case the flow comprises: 1450 Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 1452 For example, a communication flow could be: Internet --> Node A 1453 (root) --> Node B --> Node E --> Node G 1455 6LR_i are the intermediate routers from source to destination. In 1456 this case, "1 < i >= n", n is the number of routers (6LR) that the 1457 packet go through from 6LBR to not-RPL-aware-leaf (IPv6). 1459 The 6LBR must add an RH3 header inside an IP-in-IP header. The 6LBR 1460 will know the path, and will recognize that the final node is not an 1461 RPL capable node as it will have received the connectivity DAO from 1462 the nearest 6LR. The 6LBR can therefore make the IP-in-IP header 1463 destination be the last 6LR. The 6LBR will set to zero the flow 1464 label upon entry in order to aid compression. 1466 +----------+---------+---------+-----------+-----------------+------+ 1467 | Header | Interne | 6LBR | 6LR_1 | 6LR_i(i=2,..,n) | IPv6 | 1468 | | t | | | | | 1469 +----------+---------+---------+-----------+-----------------+------+ 1470 | Inserted | -- | IP-in- | -- | -- | -- | 1471 | headers | | IP | | | | 1472 | | | (RH3, o | | | | 1473 | | | pt:RPI) | | | | 1474 | Removed | -- | -- | -- | IP-in-IP | -- | 1475 | headers | | | | (RH3,RPI) | | 1476 | Re-added | -- | -- | -- | -- | -- | 1477 | headers | | | | | | 1478 | Modified | -- | -- | IP-in-IP | IP-in-IP | -- | 1479 | headers | | | (RH3,RPI) | (RH3,RPI) | | 1480 | Untouche | -- | -- | -- | -- | RPI | 1481 | d | | | | | | 1482 | headers | | | | | | 1483 +----------+---------+---------+-----------+-----------------+------+ 1485 NonStoring: Summary of the use of headers from Internet to non-RPL- 1486 aware-leaf 1488 7.3. Non-Storing Mode: Interaction between Leafs 1490 In this section we are going to describe the communication flow in 1491 Non Storing Mode (Non-SM) between, 1493 RPL-aware-leaf to RPL-aware-leaf 1495 RPL-aware-leaf to not-RPL-aware-leaf 1497 not-RPL-aware-leaf to RPL-aware-leaf 1499 not-RPL-aware-leaf to not-RPL-aware-leaf 1501 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL-aware-leaf 1503 In this case the flow comprises: 1505 6LN src --> 6LR_ia --> root (6LBR) --> 6LR_id --> 6LN dst 1507 For example, a communication flow could be: Node F --> Node D --> 1508 Node B --> Node A (root) --> Node B --> Node E --> Node H 1510 6LR_ia are the intermediate routers from source to the root In this 1511 case, "1 <= ia >= n", n is the number of routers (6LR) that the 1512 packet go through from 6LN to the root. 1514 6LR_id are the intermediate routers from the root to the destination. 1515 In this case, "1 <= ia >= m", m is the number of the intermediate 1516 routers (6LR). 1518 This case involves only nodes in same RPL Domain. The originating 1519 node will add an RPI header to the original packet, and send the 1520 packet upwards. 1522 The originating node SHOULD put the RPI into an IP-in-IP header 1523 addressed to the root, so that the 6LBR can remove that header. If 1524 it does not, then additional resources are wasted on the way down to 1525 carry the useless RPI option. 1527 The 6LBR will need to insert an RH3 header, which requires that it 1528 add an IP-in-IP header. It SHOULD be able to remove the RPI, as it 1529 was contained in an IP-in-IP header addressed to it. Otherwise, 1530 there MAY be an RPI header buried inside the inner IP header, which 1531 should get ignored. 1533 Networks that use the RPL P2P extension [RFC6997] are essentially 1534 non-storing DODAGs and fall into this scenario or scenario 1535 Section 7.1.2, with the originating node acting as 6LBR. 1537 +-----------+----------+--------+-------------+--------+------------+ 1538 | Header | 6LN src | 6LR_ia | 6LBR | 6LR_id | 6LN dst | 1539 +-----------+----------+--------+-------------+--------+------------+ 1540 | Inserted | IP-in-IP | -- | IP-in-IP | -- | -- | 1541 | headers | (RPI1) | | (RH3->6LN, | | | 1542 | | | | opt RPI2) | | | 1543 | Removed | -- | -- | IP-in-IP | -- | IP-in-IP | 1544 | headers | | | (RPI1) | | (RH3, opt | 1545 | | | | | | RPI2) | 1546 | Re-added | -- | -- | -- | -- | -- | 1547 | headers | | | | | | 1548 | Modified | -- | RPI1 | -- | RPI2 | -- | 1549 | headers | | | | | | 1550 | Untouched | -- | -- | -- | -- | -- | 1551 | headers | | | | | | 1552 +-----------+----------+--------+-------------+--------+------------+ 1554 Non Storing: Summary of the use of headers for RPL-aware-leaf to RPL- 1555 aware-leaf 1557 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not-RPL-aware- 1558 leaf 1560 In this case the flow comprises: 1562 6LN --> 6LR_ia --> root (6LBR) --> 6LR_id --> not-RPL-aware (IPv6) 1564 For example, a communication flow could be: Node F --> Node D --> 1565 Node B --> Node A (root) --> Node B --> Node E --> Node G 1567 6LR_ia are the intermediate routers from source to the root In this 1568 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1570 6LR_id are the intermediate routers from the root to the destination. 1571 In this case, "1 <= ia >= m", m is the number of the intermediate 1572 routers (6LR). 1574 As in the previous case, the 6LN will insert an RPI (RPI_1) header 1575 which MUST be in an IP-in-IP header addressed to the root so that the 1576 6LBR can remove this RPI. The 6LBR will then insert an RH3 inside a 1577 new IP-in-IP header addressed to the 6LN destination node. The RPI 1578 is optional from 6LBR to 6LR_id (RPI_2). 1580 +-----------+----------+----------+------------+------------+-------+ 1581 | Header | 6LN | 6LR_1 | 6LBR | 6LR_id | IPv6 | 1582 +-----------+----------+----------+------------+------------+-------+ 1583 | Inserted | IP-in-IP | -- | IP-in-IP | -- | -- | 1584 | headers | (RPI1) | | (RH3, opt | | | 1585 | | | | RPI_2) | | | 1586 | Removed | -- | -- | IP-in-IP | IP-in-IP | -- | 1587 | headers | | | (RPI_1) | (RH3, opt | | 1588 | | | | | RPI_2) | | 1589 | Re-added | -- | -- | -- | -- | -- | 1590 | headers | | | | | | 1591 | Modified | -- | IP-in-IP | -- | IP-in-IP | -- | 1592 | headers | | (RPI_1) | | (RH3, opt | | 1593 | | | | | RPI_2) | | 1594 | Untouched | -- | -- | -- | -- | opt | 1595 | headers | | | | | RPI_2 | 1596 +-----------+----------+----------+------------+------------+-------+ 1598 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1599 not-RPL-aware-leaf 1601 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to RPL-aware- 1602 leaf 1604 In this case the flow comprises: 1606 not-RPL-aware 6LN (IPv6) --> 6LR_ia --> root (6LBR) --> 6LR_id --> 1607 6LN 1609 For example, a communication flow could be: Node G --> Node E --> 1610 Node B --> Node A (root) --> Node B --> Node E --> Node H 1612 6LR_ia are the intermediate routers from source to the root. In this 1613 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1615 6LR_id are the intermediate routers from the root to the destination. 1616 In this case, "1 <= ia >= m", m is the number of the intermediate 1617 routers (6LR). 1619 This scenario is mostly identical to the previous one. The RPI is 1620 added by the first 6LR (6LR_1) inside an IP-in-IP header addressed to 1621 the root. The 6LBR will remove this RPI, and add it's own IP-in-IP 1622 header containing an RH3 header and optional RPI (RPI_2). 1624 +-----------+------+----------+-----------+------------+------------+ 1625 | Header | IPv6 | 6LR_1 | 6LBR | 6LR_id | 6LN | 1626 +-----------+------+----------+-----------+------------+------------+ 1627 | Inserted | -- | IP-in-IP | IP-in-IP | -- | -- | 1628 | headers | | (RPI_1) | (RH3, opt | | | 1629 | | | | RPI_2) | | | 1630 | Removed | -- | -- | IP-in-IP | -- | IP-in-IP | 1631 | headers | | | (RPI_1) | | (RH3, opt | 1632 | | | | | | RPI_2) | 1633 | Re-added | -- | -- | -- | -- | -- | 1634 | headers | | | | | | 1635 | Modified | -- | -- | -- | IP-in-IP | -- | 1636 | headers | | | | (RH3, opt | | 1637 | | | | | RPI_2) | | 1638 | Untouched | -- | -- | -- | -- | -- | 1639 | headers | | | | | | 1640 +-----------+------+----------+-----------+------------+------------+ 1642 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1643 RPL-aware-leaf 1645 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to not-RPL- 1646 aware-leaf 1648 In this case the flow comprises: 1650 not-RPL-aware 6LN (IPv6 src)--> 6LR_ia --> root (6LBR) --> 6LR_id --> 1651 not-RPL-aware (IPv6 dst) 1653 For example, a communication flow could be: Node G --> Node E --> 1654 Node B --> Node A (root) --> Node C --> Node J 1656 6LR_ia are the intermediate routers from source to the root. In this 1657 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1659 6LR_id are the intermediate routers from the root to the destination. 1660 In this case, "1 <= ia >= m", m is the number of the intermediate 1661 routers (6LR). 1663 This scenario is the combination of the previous two cases. 1665 +------------+-------+-----------+------------+-------------+-------+ 1666 | Header | IPv6 | 6LR_1 | 6LBR | 6LR_id | IPv6 | 1667 | | src | | | | dst | 1668 +------------+-------+-----------+------------+-------------+-------+ 1669 | Inserted | -- | IP-in-IP | IP-in-IP | -- | -- | 1670 | headers | | (RPI_1) | (RH3) | | | 1671 | Removed | -- | -- | IP-in-IP | IP-in-IP | -- | 1672 | headers | | | (RPI_1) | (RH3, opt | | 1673 | | | | | RPI_2) | | 1674 | Re-added | -- | -- | -- | -- | -- | 1675 | headers | | | | | | 1676 | Modified | -- | -- | -- | -- | -- | 1677 | headers | | | | | | 1678 | Untouched | -- | -- | -- | -- | -- | 1679 | headers | | | | | | 1680 +------------+-------+-----------+------------+-------------+-------+ 1682 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1683 not-RPL-aware-leaf 1685 8. Observations about the cases 1687 8.1. Storing mode 1689 [RFC8138] shows that the hop-by-hop IP-in-IP header can be compressed 1690 using IP-in-IP 6LoRH (IP-in-IP-6LoRH) header as described in 1691 Section 7 of the document. 1693 There are potential significant advantages to having a single code 1694 path that always processes IP-in-IP headers with no options. 1696 Thanks to the change of the RPI option type from 0x63 to 0x23, there 1697 is no longer any uncertainty about when to use an IP-in-IP header in 1698 the storing mode. A Hop-by-Hop Options Header containing the RPI 1699 option SHOULD always be added when 6LRs originate packets (without 1700 IP-in-IP headers), and IP-in-IP headers should always be added 1701 (addressed to the root when on the way up, to the end-host when on 1702 the way down) when a 6LR find that it needs to insert a Hop-by-Hop 1703 Options Header containing the RPI option. 1705 8.2. Non-Storing mode 1707 In the non-storing case, dealing with non-RPL aware leaf nodes is 1708 much easier as the 6LBR (DODAG root) has complete knowledge about the 1709 connectivity of all DODAG nodes, and all traffic flows through the 1710 root node. 1712 The 6LBR can recognize non-RPL aware leaf nodes because it will 1713 receive a DAO about that node from the 6LN immediately above that 1714 node. This means that the non-storing mode case can avoid ever using 1715 hop-by-hop IP-in-IP headers for traffic originating from the root to 1716 leafs. 1718 The non-storing mode case does not require the type change from 0x63 1719 to 0x23, as the root can always create the right packet. The type 1720 change does not adversely affect the non-storing case. 1722 9. 6LoRH Compression cases 1724 The [RFC8138] proposes a compression method for RPI, RH3 and IPv6-in- 1725 IPv6. 1727 In Storing Mode, for the examples of Flow from RPL-aware-leaf to non- 1728 RPL-aware-leaf and non-RPL-aware-leaf to non-RPL-aware-leaf comprise 1729 an IP-in-IP and RPI compression headers. The type of this case is 1730 critical since IP-in-IP is encapsulating a RPI header. 1732 +--+-----+---+--------------+-----------+-------------+-------------+ 1733 |1 | 0|0 |TSE| 6LoRH Type 6 | Hop Limit | RPI - 6LoRH | LOWPAN IPHC | 1734 +--+-----+---+--------------+-----------+-------------+-------------+ 1736 Figure 9: Critical IP-in-IP (RPI). 1738 10. IANA Considerations 1740 This document updates the registration made in [RFC6553] Destination 1741 Options and Hop-by-Hop Options registry from 0x63 to 0x23. 1743 [RFCXXXX] represents this document. 1745 Hex Value Binary Value 1746 act chg rest Description Reference 1747 --------- --- --- ------- ----------------- ---------- 1748 0x23 00 1 00011 RPL Option [RFCXXXX] 1749 0x63 01 1 00011 RPL Option(DEPRECATED) [RFC6553][RFCXXXX] 1751 Figure 10: Option Type in RPL Option. 1753 The DODAG Configuration Option Flags in the DODAG Configuration 1754 option is updated as follows: 1756 +------------+-----------------+---------------+ 1757 | Bit number | Description | Reference | 1758 +------------+-----------------+---------------+ 1759 | 3 | RPI 0x23 enable | This document | 1760 +------------+-----------------+---------------+ 1762 Figure 11: DODAG Configuration Option Flag to indicate the RPI-flag- 1763 day. 1765 11. Security Considerations 1767 The security considerations covering of [RFC6553] and [RFC6554] apply 1768 when the packets get into RPL Domain. 1770 The IPIP mechanism described in this document is much more limited 1771 than the general mechanism described in [RFC2473]. The willingness 1772 of each node in the LLN to decapsulate packets and forward them could 1773 be exploited by nodes to disguise the origin of an attack. 1775 Nodes outside of the LLN will need to pass IPIP traffic through the 1776 RPL root to perform this attack. To counter, the RPL root SHOULD 1777 either restrict ingress of IPIP packets (the simpler solution), or it 1778 SHOULD do a deep packet inspection wherein it walks the IP header 1779 extension chain until it can inspect the upper-layer-payload as 1780 described in [RFC7045]. In particular, the RPL root SHOULD do BCP38 1781 ([RFC2827]) processing on the source addresses of all IP headers that 1782 it examines in both directions. 1784 Note: there are some situations where a prefix will spread across 1785 multiple LLNs via mechanisms such as described in 1786 [I-D.ietf-6lo-backbone-router]. In this case the BCP38 filtering 1787 needs to take this into account. 1789 Nodes with the LLN can use the IPIP mechanism to mount an attack on 1790 another part of the LLN, while disguising the origin of the attack. 1791 The mechanism can even be abused to make it appear that the attack is 1792 coming from outside the LLN, and unless countered, this could be used 1793 to mount a Distributed Denial Of Service attack upon nodes elsewhere 1794 in the Internet. See [DDOS-KREBS] for an example of such attacks 1795 already seen in the real world. 1797 While a typical LLN may be a very poor origin for attack traffic (as 1798 the networks tend to be very slow, and the nodes often have very low 1799 duty cycles) given enough nodes, they could still have a significant 1800 impact, particularly if the attack was on another LLN! Additionally, 1801 some uses of RPL involve large backbone ISP scale equipment 1802 [I-D.ietf-anima-autonomic-control-plane], which may be equipped with 1803 multiple 100Gb/s interfaces. 1805 Blocking or careful filtering of IPIP traffic entering the LLN as 1806 described above will make sure that any attack that is mounted must 1807 originate compromised nodes within the LLN. The use of BCP38 1808 filtering at the RPL root on egress traffic will both alert the 1809 operator to the existence of the attack, as well as drop the attack 1810 traffic. As the RPL network is typically numbered from a single 1811 prefix, which is itself assigned by RPL, BCP38 filtering involves a 1812 single prefix comparison and should be trivial to automatically 1813 configure. 1815 There are some scenarios where IPIP traffic SHOULD be allowed to pass 1816 through the RPL root, such as the IPIP mediated communications 1817 between a new Pledge and the Join Registrar/Coordinator (JRC) when 1818 using [I-D.ietf-anima-bootstrapping-keyinfra] and 1819 [I-D.ietf-6tisch-dtsecurity-secure-join]. This is the case for the 1820 RPL root to do careful filtering: it occurs only when the Join 1821 Coordinator is not co-located inside the RPL root. 1823 With the above precautions, an attack using IPIP tunnels will be by a 1824 node within the LLN on another node within the LLN. Such an attack 1825 could, of course, be done directly. An attack of this kind is 1826 meaningful only if the source addresses are either fake or if the 1827 point is to amplify return traffic. Such an attack, could also be 1828 done without the use of IPIP headers using forged source addresses. 1830 If the attack requires bi-directional communication, then IPIP 1831 provides no advantages. 1833 [RFC2473] suggests that tunnel entry and exit points can be secured, 1834 via the "Use IPsec". This solution has all the problems that 1835 [RFC5406] goes into. In an LLN such a solution would degenerate into 1836 every node having a tunnel with every other node. It would provide a 1837 small amount of origin address authentication at a very high cost; 1838 doing BCP38 at every node (linking layer-3 addresses to layer-2 1839 addresses, and to already present layer-2 cryptographic mechanisms) 1840 would be cheaper should RPL be run in an environment where hostile 1841 nodes are likely to be a part of the LLN. 1843 The RH3 header usage described here can be abused in equivalent ways 1844 with an IPIP header to add the needed RH3 header. As such, the 1845 attacker's RH3 header will not be seen by the network until it 1846 reaches the end host, which will decapsulate it. An end-host SHOULD 1847 be suspicious about a RH3 header which has additional hops which have 1848 not yet been processed, and SHOULD ignore such a second RH3 header. 1850 In addition, the LLN will likely use [RFC8138] to compress the IPIP 1851 and RH3 headers. As such, the compressor at the RPL-root will see 1852 the second RH3 header and MAY choose to discard the packet if the RH3 1853 header has not been completely consumed. A consumed (inert) RH3 1854 header could be present in a packet that flows from one LLN, crosses 1855 the Internet, and enters another LLN. As per the discussion in this 1856 document, such headers do not need to be removed. However, there is 1857 no case described in this document where an RH3 is inserted in a non- 1858 storing network on traffic that is leaving the LLN, but this document 1859 SHOULD NOT preclude such a future innovation. It should just be 1860 noted that an incoming RH3 must be fully consumed, or very carefully 1861 inspected. 1863 The RPI header, if permitted to enter the LLN, could be used by an 1864 attacker to change the priority of a packet by selecting a different 1865 RPL instanceID, perhaps one with a higher energy cost, for instance. 1866 It could also be that not all nodes are reachable in an LLN using the 1867 default instanceID, but a change of instanceID would permit an 1868 attacker to bypass such filtering. Like the RH3, an RPI header is to 1869 be inserted by the RPL root on traffic entering the LLN by first 1870 inserting an IPIP header. The attacker's RPI header therefore will 1871 not be seen by the network. Upon reaching the destination node the 1872 RPI header has no further meaning and is just skipped; the presence 1873 of a second RPI header will have no meaning to the end node as the 1874 packet has already been identified as being at it's final 1875 destination. 1877 The RH3 and RPI headers could be abused by an attacker inside of the 1878 network to route packets on non-obvious ways, perhaps eluding 1879 observation. This usage is in fact part of [RFC6997] and can not be 1880 restricted at all. This is a feature, not a bug. 1882 [RFC7416] deals with many other threats to LLNs not directly related 1883 to the use of IPIP headers, and this document does not change that 1884 analysis. 1886 12. Acknowledgments 1888 This work is partially funded by the FP7 Marie Curie Initial Training 1889 Network (ITN) METRICS project (grant agreement No. 607728). 1891 The authors would like to acknowledge the review, feedback, and 1892 comments of (alphabetical order): Robert Cragie, Simon Duquennoy, 1893 Ralph Droms, Cenk Guendogan, C. M. Heard, Rahul Jadhav, Matthias 1894 Kovatsch, Peter van der Stok, Xavier Vilajosana and Thomas Watteyne. 1896 13. References 1898 13.1. Normative References 1900 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1901 Requirement Levels", BCP 14, RFC 2119, 1902 DOI 10.17487/RFC2119, March 1997, 1903 . 1905 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1906 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 1907 December 1998, . 1909 [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: 1910 Defeating Denial of Service Attacks which employ IP Source 1911 Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, 1912 May 2000, . 1914 [RFC5406] Bellovin, S., "Guidelines for Specifying the Use of IPsec 1915 Version 2", BCP 146, RFC 5406, DOI 10.17487/RFC5406, 1916 February 2009, . 1918 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1919 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1920 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1921 Low-Power and Lossy Networks", RFC 6550, 1922 DOI 10.17487/RFC6550, March 2012, 1923 . 1925 [RFC6553] Hui, J. and JP. Vasseur, "The Routing Protocol for Low- 1926 Power and Lossy Networks (RPL) Option for Carrying RPL 1927 Information in Data-Plane Datagrams", RFC 6553, 1928 DOI 10.17487/RFC6553, March 2012, 1929 . 1931 [RFC6554] Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6 1932 Routing Header for Source Routes with the Routing Protocol 1933 for Low-Power and Lossy Networks (RPL)", RFC 6554, 1934 DOI 10.17487/RFC6554, March 2012, 1935 . 1937 [RFC7045] Carpenter, B. and S. Jiang, "Transmission and Processing 1938 of IPv6 Extension Headers", RFC 7045, 1939 DOI 10.17487/RFC7045, December 2013, 1940 . 1942 [RFC8138] Thubert, P., Ed., Bormann, C., Toutain, L., and R. Cragie, 1943 "IPv6 over Low-Power Wireless Personal Area Network 1944 (6LoWPAN) Routing Header", RFC 8138, DOI 10.17487/RFC8138, 1945 April 2017, . 1947 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1948 (IPv6) Specification", STD 86, RFC 8200, 1949 DOI 10.17487/RFC8200, July 2017, 1950 . 1952 13.2. Informative References 1954 [DDOS-KREBS] 1955 Goodin, D., "Record-breaking DDoS reportedly delivered by 1956 >145k hacked cameras", September 2016, 1957 . 1960 [I-D.ietf-6lo-backbone-router] 1961 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 1962 backbone-router-05 (work in progress), January 2018. 1964 [I-D.ietf-6man-rfc6434-bis] 1965 Chown, T., Loughney, J., and T. Winters, "IPv6 Node 1966 Requirements", draft-ietf-6man-rfc6434-bis-03 (work in 1967 progress), February 2018. 1969 [I-D.ietf-6tisch-dtsecurity-secure-join] 1970 Richardson, M., "6tisch Secure Join protocol", draft-ietf- 1971 6tisch-dtsecurity-secure-join-01 (work in progress), 1972 February 2017. 1974 [I-D.ietf-anima-autonomic-control-plane] 1975 Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic 1976 Control Plane (ACP)", draft-ietf-anima-autonomic-control- 1977 plane-13 (work in progress), December 2017. 1979 [I-D.ietf-anima-bootstrapping-keyinfra] 1980 Pritikin, M., Richardson, M., Behringer, M., Bjarnason, 1981 S., and K. Watsen, "Bootstrapping Remote Secure Key 1982 Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- 1983 keyinfra-09 (work in progress), October 2017. 1985 [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for 1986 Renumbering an IPv6 Network without a Flag Day", RFC 4192, 1987 DOI 10.17487/RFC4192, September 2005, 1988 . 1990 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 1991 Control Message Protocol (ICMPv6) for the Internet 1992 Protocol Version 6 (IPv6) Specification", STD 89, 1993 RFC 4443, DOI 10.17487/RFC4443, March 2006, 1994 . 1996 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 1997 Bormann, "Neighbor Discovery Optimization for IPv6 over 1998 Low-Power Wireless Personal Area Networks (6LoWPANs)", 1999 RFC 6775, DOI 10.17487/RFC6775, November 2012, 2000 . 2002 [RFC6997] Goyal, M., Ed., Baccelli, E., Philipp, M., Brandt, A., and 2003 J. Martocci, "Reactive Discovery of Point-to-Point Routes 2004 in Low-Power and Lossy Networks", RFC 6997, 2005 DOI 10.17487/RFC6997, August 2013, 2006 . 2008 [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and 2009 Lossy Networks", RFC 7102, DOI 10.17487/RFC7102, January 2010 2014, . 2012 [RFC7416] Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., 2013 and M. Richardson, Ed., "A Security Threat Analysis for 2014 the Routing Protocol for Low-Power and Lossy Networks 2015 (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015, 2016 . 2018 [Second6TischPlugtest] 2019 "2nd 6Tisch Plugtest", . 2022 Authors' Addresses 2024 Maria Ines Robles 2025 Ericsson 2026 Hirsalantie 11 2027 Jorvas 02420 2028 Finland 2030 Email: maria.ines.robles@ericsson.com 2032 Michael C. Richardson 2033 Sandelman Software Works 2034 470 Dawson Avenue 2035 Ottawa, ON K1Z 5V7 2036 CA 2038 Email: mcr+ietf@sandelman.ca 2039 URI: http://www.sandelman.ca/mcr/ 2041 Pascal Thubert 2042 Cisco Systems, Inc 2043 Village d'Entreprises Green Side 400, Avenue de Roumanille 2044 Batiment T3, Biot - Sophia Antipolis 06410 2045 France 2047 Email: pthubert@cisco.com