idnits 2.17.00 (12 Aug 2021) /tmp/idnits6717/draft-ietf-roll-useofrplinfo-22.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 217 has weird spacing: '... act chg ...' == Line 255 has weird spacing: '... act chg ...' == Line 1754 has weird spacing: '... act chg ...' -- The document date (March 1, 2018) is 1542 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCXXXX' is mentioned on line 1757, but not defined == Outdated reference: draft-ietf-6lo-backbone-router has been published as RFC 8929 == Outdated reference: draft-ietf-6man-rfc6434-bis has been published as RFC 8504 == Outdated reference: draft-ietf-anima-autonomic-control-plane has been published as RFC 8994 == Outdated reference: draft-ietf-anima-bootstrapping-keyinfra has been published as RFC 8995 Summary: 0 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ROLL Working Group M. Robles 3 Internet-Draft Ericsson 4 Updates: 6553, 6550, 8138 (if approved) M. Richardson 5 Intended status: Standards Track SSW 6 Expires: September 2, 2018 P. Thubert 7 Cisco 8 March 1, 2018 10 When to use RFC 6553, 6554 and IPv6-in-IPv6 11 draft-ietf-roll-useofrplinfo-22 13 Abstract 15 This document looks at different data flows through LLN (Low-Power 16 and Lossy Networks) where RPL (IPv6 Routing Protocol for Low-Power 17 and Lossy Networks) is used to establish routing. The document 18 enumerates the cases where RFC 6553, RFC 6554 and IPv6-in-IPv6 19 encapsulation is required. This analysis provides the basis on which 20 to design efficient compression of these headers. This document 21 updates RFC 6553 adding a change to the RPL Option Type. 22 Additionally, this document updates RFC 6550 to indicate about this 23 change and updates RFC8138 as well to consider the new Option Type 24 when RPL Option is decompressed. 26 Status of This Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at https://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on September 2, 2018. 43 Copyright Notice 45 Copyright (c) 2018 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (https://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Terminology and Requirements Language . . . . . . . . . . . . 4 62 2.1. hop-by-hop IPv6-in-IPv6 headers . . . . . . . . . . . . . 5 63 3. Updates to RFC6553, RFC6550 and RFC 8138 . . . . . . . . . . 5 64 3.1. Updates to RFC 6553 . . . . . . . . . . . . . . . . . . . 5 65 3.2. Updates to RFC 8138 . . . . . . . . . . . . . . . . . . . 7 66 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 67 Configuration Option Flag. . . . . . . . . . . . . . . . 7 68 4. Sample/reference topology . . . . . . . . . . . . . . . . . . 8 69 5. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 11 70 6. Storing mode . . . . . . . . . . . . . . . . . . . . . . . . 13 71 6.1. Storing Mode: Interaction between Leaf and Root . . . . . 14 72 6.1.1. SM: Example of Flow from RPL-aware-leaf to root . . . 15 73 6.1.2. SM: Example of Flow from root to RPL-aware-leaf . . . 16 74 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf . 16 75 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root . 17 76 6.2. Storing Mode: Interaction between Leaf and Internet . . . 18 77 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet . 18 78 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf . 18 79 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to 80 Internet . . . . . . . . . . . . . . . . . . . . . . 19 81 6.2.4. SM: Example of Flow from Internet to non-RPL-aware- 82 leaf . . . . . . . . . . . . . . . . . . . . . . . . 20 83 6.3. Storing Mode: Interaction between Leaf and Leaf . . . . . 21 84 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware- 85 leaf . . . . . . . . . . . . . . . . . . . . . . . . 21 86 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL- 87 aware-leaf . . . . . . . . . . . . . . . . . . . . . 22 88 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL- 89 aware-leaf . . . . . . . . . . . . . . . . . . . . . 23 90 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not- 91 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 24 92 7. Non Storing mode . . . . . . . . . . . . . . . . . . . . . . 25 93 7.1. Non-Storing Mode: Interaction between Leaf and Root . . . 26 94 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root . 27 95 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf . 27 96 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware- 97 leaf . . . . . . . . . . . . . . . . . . . . . . . . 28 98 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 99 root . . . . . . . . . . . . . . . . . . . . . . . . 29 100 7.2. Non-Storing Mode: Interaction between Leaf and Internet . 30 101 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to 102 Internet . . . . . . . . . . . . . . . . . . . . . . 30 103 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware- 104 leaf . . . . . . . . . . . . . . . . . . . . . . . . 31 105 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 106 Internet . . . . . . . . . . . . . . . . . . . . . . 32 107 7.2.4. Non-SM: Example of Flow from Internet to not-RPL- 108 aware-leaf . . . . . . . . . . . . . . . . . . . . . 33 109 7.3. Non-Storing Mode: Interaction between Leafs . . . . . . . 34 110 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL- 111 aware-leaf . . . . . . . . . . . . . . . . . . . . . 34 112 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not- 113 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 36 114 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to 115 RPL-aware-leaf . . . . . . . . . . . . . . . . . . . 37 116 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to 117 not-RPL-aware-leaf . . . . . . . . . . . . . . . . . 38 118 8. Observations about the cases . . . . . . . . . . . . . . . . 38 119 8.1. Storing mode . . . . . . . . . . . . . . . . . . . . . . 38 120 8.2. Non-Storing mode . . . . . . . . . . . . . . . . . . . . 39 121 9. 6LoRH Compression cases . . . . . . . . . . . . . . . . . . . 39 122 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 123 11. Security Considerations . . . . . . . . . . . . . . . . . . . 40 124 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43 125 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 43 126 13.1. Normative References . . . . . . . . . . . . . . . . . . 43 127 13.2. Informative References . . . . . . . . . . . . . . . . . 44 128 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46 130 1. Introduction 132 RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) 133 [RFC6550] is a routing protocol for constrained networks. RFC 6553 134 [RFC6553] defines the "RPL option" (RPI), carried within the IPv6 135 Hop-by-Hop header to quickly identify inconsistencies (loops) in the 136 routing topology. RFC 6554 [RFC6554] defines the "RPL Source Route 137 Header" (RH3), an IPv6 Extension Header to deliver datagrams within a 138 RPL routing domain, particularly in non-storing mode. 140 These various items are referred to as RPL artifacts, and they are 141 seen on all of the data-plane traffic that occurs in RPL routed 142 networks; they do not in general appear on the RPL control plane 143 traffic at all which is mostly hop-by-hop traffic (one exception 144 being DAO messages in non-storing mode). 146 It has become clear from attempts to do multi-vendor 147 interoperability, and from a desire to compress as many of the above 148 artifacts as possible that not all implementors agree when artifacts 149 are necessary, or when they can be safely omitted, or removed. 151 An interim meeting went through the 24 cases defined here to discover 152 if there were any shortcuts, and this document is the result of that 153 discussion. This document clarifies what is the correct and the 154 incorrect behaviour. 156 The related document A Routing Header Dispatch for 6LoWPAN (6LoRH) 157 [RFC8138] defines a method to compress RPL Option information and 158 Routing Header type 3 [RFC6554], an efficient IP-in-IP technique, and 159 use cases proposed for the [Second6TischPlugtest] involving 6loRH. 161 2. Terminology and Requirements Language 163 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 164 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 165 document are to be interpreted as described in RFC 2119 [RFC2119]. 167 Terminology defined in [RFC7102] applies to this document: LBR, LLN, 168 RPL, RPL Domain and ROLL. 170 RPL-node: A device which implements RPL, thus we can say that the 171 device is RPL-capable or RPL-aware. Please note that the device can 172 be found inside the LLN or outside LLN. In this document a RPL-node 173 which is a leaf of a DODAG is called RPL-aware-leaf. 175 RPL-not-capable: A device which does not implement RPL, thus we can 176 say that the device is not-RPL-aware. Please note that the device 177 can be found inside the LLN. In this document a not-RPL-aware node 178 which is a leaf of a DODAG is called not-RPL-aware-leaf. 180 pledge: a new device which seeks admission to a network. (from 181 [I-D.ietf-anima-bootstrapping-keyinfra]) 183 Join Registrar and Coordinator (JRC): a device which brings new nodes 184 (pledges) into a network. (from 185 [I-D.ietf-anima-bootstrapping-keyinfra]) 187 Flag day: A "flag day" is a procedure in which the network, or a part 188 of it, is changed during a planned outage, or suddenly, causing an 189 outage while the network recovers [RFC4192] 191 2.1. hop-by-hop IPv6-in-IPv6 headers 193 The term "hop-by-hop IPv6-in-IPv6" header refers to: adding a header 194 that originates from a node to an adjacent node, using the addresses 195 (usually the GUA or ULA, but could use the link-local addresses) of 196 each node. If the packet must traverse multiple hops, then it must 197 be decapsulated at each hop, and then re-encapsulated again in a 198 similar fashion. 200 3. Updates to RFC6553, RFC6550 and RFC 8138 202 3.1. Updates to RFC 6553 204 This modification is required to be able to send, for example, IPv6 205 packets from a RPL-aware-leaf to a not-RPL-aware node through 206 Internet (see Section 6.2.1), without requiring IP-in-IP 207 encapsulation. 209 [RFC6553] states as showed below, that in the Option Type field of 210 the RPL Option header, the two high order bits MUST be set to '01' 211 and the third bit is equal to '1'. The first two bits indicate that 212 the IPv6 node MUST discard the packet if it doesn't recognize the 213 option type, and the third bit indicates that the Option Data may 214 change en route. The remaining bits serve as the option type. 216 Hex Value Binary Value 217 act chg rest Description Reference 218 --------- --- --- ------- ----------------- ---------- 219 0x63 01 1 00011 RPL Option [RFC6553] 221 Figure 1: Option Type in RPL Option. 223 Recent changes in [RFC8200] (section 4, page 8), states: "it is now 224 expected that nodes along a packet's delivery path only examine and 225 process the Hop-by-Hop Options header if explicitly configured to do 226 so". Processing of the Hop-by-Hop Options header (by IPv6 227 intermediate nodes) is now optional, but if they are configured to 228 process the header, and if such nodes encounter an option with the 229 first two bits set to 01, they will drop the packet (if they conform 230 to [RFC8200]). Host systems should do the same, irrespective of the 231 configuration. 233 Based on That, if an IPv6 (intermediate) node (RPL-not-capable) 234 receives a packet with an RPL Option, it should ignore the HBH RPL 235 option (skip over this option and continue processing the header). 237 This is relevant, as we mentioned previously, in the case that we 238 have a flow from RPL-aware-leaf to Internet (see Section 6.2.1). 240 Thus, this document updates the Option Type field to: the two high 241 order bits MUST be set to '00' and the third bit is equal to '1'. 242 The first two bits indicate that the IPv6 node MUST skip over this 243 option and continue processing the header ([RFC8200] Section 4.2) if 244 it doesn't recognize the option type, and the third bit continues to 245 be set to indicate that the Option Data may change en route. The 246 remaining bits serve as the option type and remain as 0x3. This 247 ensures that a packet that leaves the RPL domain of an LLN (or that 248 leaves the LLN entirely) will not be discarded when it contains the 249 [RFC6553] RPL Hop-by-Hop option known as RPI. 251 This is a significant update to [RFC6553]. [RFCXXXX] represents this 252 document. 254 Hex Value Binary Value 255 act chg rest Description Reference 256 --------- --- --- ------- ----------------- ---------- 257 0x23 00 1 00011 RPL Option [RFCXXXX] 259 Figure 2: Revised Option Type in RPL Option. 261 This change creates a flag day for existing networks which are 262 currently using 0x63 as the RPI value. A move to 0x23 will not be 263 understood by those networks. It is suggested that implementations 264 accept both 0x63 and 0x23 when processing. 266 When forwarding packets, implementations SHOULD use the same value as 267 it was received (This is required because, RPI type code can not be 268 changed by [RFC8200]). It allows to the network to be incrementally 269 upgraded, and for the DODAG root to know which parts of the network 270 are upgraded. 272 When originating new packets, implementations SHOULD have an option 273 to determine which value to originate with, this option is controlled 274 by the DIO option described below. 276 A network which is switching from straight 6lowpan compression 277 mechanism to those described in [RFC8138] will experience a flag day 278 in the data compression anyway, and if possible this change can be 279 deployed at the same time. 281 3.2. Updates to RFC 8138 283 RPI-6LoRH header provides a compressed form for the RPL RPI 284 [RFC8138]. It should be considered when the Option Type in RPL 285 Option is decompressed, should take the value of 0x23 instead of 286 0x63. 288 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG 289 Configuration Option Flag. 291 In order to avoid a flag day caused by lack of interoperation between 292 new RPI (0x23) and old RPI (0x63) nodes, when there is a mix of new 293 nodes and old nodes, the new nodes may be put into a compatibility 294 mode until all of the old nodes are replaced or upgraded. 296 This can be done via a DODAG Configuration Option flag which will 297 propogate through the network. Failure to receive this information 298 will cause new nodes to remain in compatibility mode, and originate 299 traffic with the old-RPI (0x63) value. 301 As stated in [RFC6550] the DODAG Configuration option is present in 302 DIO messages. The DODAG Configuration option distributes 303 configuration information. It is generally static, and does not 304 change within the DODAG. This information is configured at the DODAG 305 root and distributed throughout the DODAG with the DODAG 306 Configuration option. Nodes other than the DODAG root do not modify 307 this information when propagating the DODAG Configuration option. 309 The DODAG Configuration Option has a Flags field which is modified by 310 this document. Currently, the DODAG Configuration Option in 311 [RFC6550] is as follows. . 313 Flags: The 4-bits remaining unused in the Flags field are reserved 314 for flags. The field MUST be initialized to zero by the sender and 315 MUST be ignored by the receiver. 317 0 1 2 3 318 +-----------------+---------------------------------------------------+ 319 | Type = 0x04 | Opt Length = 14| Flags | A | PCS| DIOIntDoubl. | 320 +---------------------------------------------------------------------+ 321 | DIOIntMin. | DIORedund. | MaxRankIncrease | 322 +-----------------+---------------------------------------------------+ 323 | MinHopRankIncrease | OCP | 324 +-----------------+---------------------------------------------------+ 325 |Reserved | Def. Lifetime | Lifetime Unit | 326 +-----------------+-----------------+---------------------------------+ 328 Figure 3: DODAG Configuration Option. 330 Bit number three of flag field in the DODAG Configuration option is 331 to be used as follows: 333 +------------+-----------------+---------------+ 334 | Bit number | Description | Reference | 335 +------------+-----------------+---------------+ 336 | 3 | RPI 0x23 enable | This document | 337 +------------+-----------------+---------------+ 339 Figure 4: DODAG Configuration Option Flag to indicate the RPI-flag- 340 day. 342 In case of rebooting, the node does not remember the flag. Thus, the 343 DIO is sent with flag indicating the new RPI value. 345 4. Sample/reference topology 347 A RPL network in general is composed of a 6LBR (6LoWPAN Border 348 Router), Backbone Router (6BBR), 6LR (6LoWPAN Router) and 6LN 349 (6LoWPAN Node) as leaf logically organized in a DODAG structure. 350 (Destination Oriented Directed Acyclic Graph). 352 RPL defines the RPL Control messages (control plane), a new ICMPv6 353 [RFC4443] message with Type 155. DIS (DODAG Information 354 Solicitation), DIO (DODAG Information Object) and DAO (Destination 355 Advertisement Object) messages are all RPL Control messages but with 356 different Code values. A RPL Stack is showed in Figure 5. 358 RPL supports two modes of Downward traffic: in storing mode (RPL-SM), 359 it is fully stateful; in non-storing (RPL-NSM), it is fully source 360 routed. A RPL Instance is either fully storing or fully non-storing, 361 i.e. a RPL Instance with a combination of storing and non-storing 362 nodes is not supported with the current specifications at the time of 363 writing this document. 365 +--------------+ 366 | Upper Layers | 367 | | 368 +--------------+ 369 | RPL | 370 | | 371 +--------------+ 372 | ICMPv6 | 373 | | 374 +--------------+ 375 | IPv6 | 376 | | 377 +--------------+ 378 | 6LoWPAN | 379 | | 380 +--------------+ 381 | PHY-MAC | 382 | | 383 +--------------+ 385 Figure 5: RPL Stack. 387 +------------+ 388 | INTERNET ----------+ 389 | | | 390 +------------+ | 391 | 392 | 393 | 394 A | 395 +-------+ 396 |6LBR | 397 +-----------|(root) |-------+ 398 | +-------+ | 399 | | 400 | | 401 | | 402 | | 403 | B |C 404 +---|---+ +---|---+ 405 | 6LR | | 6LR | 406 +-------->| |--+ +--- ---+ 407 | +-------+ | | +-------+ | 408 | | | | 409 | | | | 410 | | | | 411 | | | | 412 | D | E | | 413 +-|-----+ +---|---+ | | 414 | 6LR | | 6LR | | | 415 | | +------ | | | 416 +---|---+ | +---|---+ | | 417 | | | | | 418 | | +--+ | | 419 | | | | | 420 | | | | | 421 | | | I | J | 422 F | | G | H | | 423 +-----+-+ +-|-----+ +---|--+ +---|---+ +---|---+ 424 | Raf | | ~Raf | | Raf | | Raf | | ~Raf | 425 | 6LN | | 6LN | | 6LN | | 6LN | | 6LN | 426 +-------+ +-------+ +------+ +-------+ +-------+ 428 Figure 6: A reference RPL Topology. 430 Figure 2 shows the reference RPL Topology for this document. The 431 letters above the nodes are there so that they may be referenced in 432 subsequent sections. In the figure, 6LR represents a full router 433 node. The 6LN is a RPL aware router, or host. 435 But, the 6LN leaves (Raf - "RPL aware leaf"-) marked as (F, H and I) 436 are RPL nodes with no children hosts. 438 The leafs marked as ~Raf "not-RPL aware leaf" (G and J) are devices 439 which do not speak RPL at all (not-RPL-aware), but uses Router- 440 Advertisements, 6LowPAN DAR/DAC and efficient-ND only to participate 441 in the network [RFC6775]. In the document these leafs (G and J) are 442 also refered to as an IPv6 node. 444 The 6LBR ("A") in the figure is the root of the Global DODAG. 446 5. Use cases 448 In the data plane a combination of RFC6553, RFC6554 and IPv6-in-IPv6 449 encapsulation are going to be analyzed for a number of representative 450 traffic flows. 452 This document assumes that the LLN is using the no-drop RPI option 453 (0x23). 455 The uses cases describe the communication between RPL-aware-nodes, 456 with the root (6LBR), and with Internet. This document also describe 457 the communication between nodes acting as leaves that do not 458 understand RPL, but are part of the LLN. We name these nodes as not- 459 RPL-aware-leaf. (e.g. Section 6.1.4 Flow from not-RPL-aware-leaf to 460 root) We describe also how is the communication inside of the LLN 461 when it has the final destination addressed outside of the LLN e.g. 462 with destination to Internet. (e.g. Section 6.2.3 Flow from not- 463 RPL-aware-leaf to Internet) 465 The uses cases comprise as follow: 467 Interaction between Leaf and Root: 469 RPL-aware-leaf to root 471 root to RPL-aware-leaf 473 not-RPL-aware-leaf to root 475 root to not-RPL-aware-leaf 477 Interaction between Leaf and Internet: 479 RPL-aware-leaf to Internet 480 Internet to RPL-aware-leaf 482 not-RPL-aware-leaf to Internet 484 Internet to not-RPL-aware-leaf 486 Interaction between Leafs: 488 RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) 490 RPL-aware-leaf to not-RPL-aware-leaf (non-storing) 492 not-RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) 494 not-RPL-aware-leaf to not-RPL-aware-leaf (non-storing) 496 This document is consistent with the rule that a Header cannot be 497 inserted or removed on the fly inside an IPv6 packet that is being 498 routed. This is a fundamental precept of the IPv6 architecture as 499 outlined in [RFC8200]. Extensions may not be added or removed except 500 by the sender or the receiver. 502 However, unlike [RFC6553], the Hop-by-Hop Option Header used for the 503 RPI artifact has the first two bits set to '00'. This means that the 504 RPI artifact will be ignored when received by a host or router that 505 does not understand that option ( Section 4.2 [RFC8200]). 507 This means that when the no-drop RPI option code 0x23 is used, a 508 packet that leaves the RPL domain of an LLN (or that leaves the LLN 509 entirely) will not be discarded when it contains the [RFC6553] RPL 510 Hop-by-Hop option known as RPI. Thus, the RPI Hop-by-Hop option MAY 511 be left in place even if the end host does not understand it. 513 NOTE: There is some possible security risk when the RPI information 514 is released to the Internet. At this point this is a theoretical 515 situation; no clear attack has been described. At worst, it is clear 516 that the RPI option would waste some network bandwidth when it 517 escapes. This is traded off against the savings in the LLN by not 518 having to encapsulate the packet in order to remove the artifact. 520 Despite being legal to leave the RPI artifact in place, an 521 intermediate router that needs to add an extension header (SHR3 or 522 RPI Option) MUST still encapsulate the packet in an (additional) 523 outer IP header. The new header is placed after this new outer IP 524 header. 526 A corollory is that an SHR3 or RPI Option can only be removed by an 527 intermediate router if it is placed in an encapsulating IPv6 Header, 528 which is addressed TO the intermediate router. When it does so, the 529 whole encapsulating header must be removed. (A replacement may be 530 added). This sometimes can result in outer IP headers being 531 addressed to the next hop router using link-local addresses. 533 Both RPI and RH3 headers may be modified in very specific ways by 534 routers on the path of the packet without the need to add to remove 535 an encapsulating header. Both headers were designed with this 536 modification in mind, and both the RPL RH and the RPL option are 537 marked mutable but recoverable: so an IPsec AH security header can be 538 applied across these headers, but it can not secure the values which 539 mutate. 541 RPI should be present in every single RPL data packet. There is one 542 exception in non-storing mode: when a packet is going down from the 543 root. In a downward non-storing mode, the entire route is written, 544 so there can be no loops by construction, nor any confusion about 545 which forwarding table to use (as the root has already made all 546 routing decisions). However, there are still cases, such as in 547 6tisch, where the instanceID portion of the RPI header may still be 548 needed to pick an appropriate priority or channel at each hop. 550 In the tables present in this document, the term "RPL aware leaf" is 551 has been shortened to "Raf", and "not-RPL aware leaf" has been 552 shortened to "~Raf" to make the table fit in available space. 554 The earlier examples are more extensive to make sure that the process 555 is clear, while later examples are more concise. 557 6. Storing mode 559 In storing mode (fully stateful), the sender can determine if the 560 destination is inside the LLN by looking if the destination address 561 is matched by the DIO's PIO option. 563 The following table itemizes which headers are needed in the 564 following scenarios, and indicates if the IP-in-IP header must be 565 inserted on a hop-by-hop basis, or when it can target the destination 566 node directly. There are these possible situations: hop-by-hop 567 necessary (indicated by "hop"), or destination address possible 568 (indicated by "dst"). In all cases hop by hop MAY be used. 570 In cases where no IP-in-IP header is needed, the column is left 571 blank. 573 In all cases the RPI headers are needed, since it identifies 574 inconsistencies (loops) in the routing topology. In all cases the 575 RH3 is not needed because we do not indicate the route in storing 576 mode. 578 In each case, 6LR_i are the intermediate routers from source to 579 destination. "1 <= i >= n", n is the number of routers (6LR) that 580 the packet go through from source (6LN) to destination. 582 The leaf can be a router 6LR or a host, both indicated as 6LN (see 583 Figure 6). 585 +---------------------+--------------+----------+--------------+ 586 | Interaction between | Use Case | IP-in-IP | IP-in-IP dst | 587 +---------------------+--------------+----------+--------------+ 588 | | Raf to root | No | -- | 589 + +--------------+----------+--------------+ 590 | Leaf - Root | root to Raf | No | -- | 591 + +--------------+----------+--------------+ 592 | | root to ~Raf | No | -- | 593 + +--------------+----------+--------------+ 594 | | ~Raf to root | Yes | root | 595 +---------------------+--------------+----------+--------------+ 596 | | Raf to Int | No | -- | 597 + +--------------+----------+--------------+ 598 | Leaf - Internet | Int to Raf | Yes | Raf | 599 + +--------------+----------+--------------+ 600 | | ~Raf to Int | Yes | root | 601 + +--------------+----------+--------------+ 602 | | Int to ~Raf | Yes | hop | 603 +---------------------+--------------+----------+--------------+ 604 | | Raf to Raf | No | -- | 605 + +--------------+----------+--------------+ 606 | | Raf to ~Raf | No | -- | 607 + Leaf - Leaf +--------------+----------+--------------+ 608 | | ~Raf to Raf | Yes | dst | 609 + +--------------+----------+--------------+ 610 | | ~Raf to ~Raf | Yes | hop | 611 +---------------------+--------------+----------+--------------+ 613 Figure 7: IP-in-IP encapsulation in Storing mode. 615 6.1. Storing Mode: Interaction between Leaf and Root 617 In this section we are going to describe the communication flow in 618 storing mode (SM) between, 619 RPL-aware-leaf to root 621 root to RPL-aware-leaf 623 not-RPL-aware-leaf to root 625 root to not-RPL-aware-leaf 627 6.1.1. SM: Example of Flow from RPL-aware-leaf to root 629 In storing mode, RFC 6553 (RPI) is used to send RPL Information 630 instanceID and rank information. 632 As stated in Section 16.2 of [RFC6550] an RPL-aware-leaf node does 633 not generally issue DIO messages; a leaf node accepts DIO messages 634 from upstream. (When the inconsistency in routing occurs, a leaf 635 node will generate a DIO with an infinite rank, to fix it). It may 636 issue DAO and DIS messages though it generally ignores DAO and DIS 637 messages. 639 In this case the flow comprises: 641 RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) 643 For example, a communication flow could be: Node F --> Node E --> 644 Node B --> Node A root(6LBR) 646 As it was mentioned in this document 6LRs, 6LBR are always full- 647 fledged RPL routers. 649 The 6LN (Node F) inserts the RPI header, and sends the packet to 6LR 650 (Node E) which decrements the rank in RPI and sends the packet up. 651 When the packet arrives at 6LBR (Node A), the RPI is removed and the 652 packet is processed. 654 No IP-in-IP header is required. 656 The RPI header can be removed by the 6LBR because the packet is 657 addressed to the 6LBR. The 6LN must know that it is communicating 658 with the 6LBR to make use of this scenario. The 6LN can know the 659 address of the 6LBR because it knows the address of the root via the 660 DODAGID in the DIO messages. 662 +-------------------+-----+-------+------+ 663 | Header | 6LN | 6LR_i | 6LBR | 664 +-------------------+-----+-------+------+ 665 | Inserted headers | RPI | -- | -- | 666 | Removed headers | -- | -- | RPI | 667 | Re-added headers | -- | -- | -- | 668 | Modified headers | -- | RPI | -- | 669 | Untouched headers | -- | -- | -- | 670 +-------------------+-----+-------+------+ 672 Storing: Summary of the use of headers from RPL-aware-leaf to root 674 6.1.2. SM: Example of Flow from root to RPL-aware-leaf 676 In this case the flow comprises: 678 root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 680 For example, a communication flow could be: Node A root(6LBR) --> 681 Node B --> Node D --> Node F 683 In this case the 6LBR inserts RPI header and sends the packet down, 684 the 6LR is going to increment the rank in RPI (it examines the 685 instanceID to identify the right forwarding table), the packet is 686 processed in the 6LN and the RPI removed. 688 No IP-in-IP header is required. 690 +-------------------+------+-------+------+ 691 | Header | 6LBR | 6LR_i | 6LN | 692 +-------------------+------+-------+------+ 693 | Inserted headers | RPI | -- | -- | 694 | Removed headers | -- | -- | RPI | 695 | Re-added headers | -- | -- | -- | 696 | Modified headers | -- | RPI | -- | 697 | Untouched headers | -- | -- | -- | 698 +-------------------+------+-------+------+ 700 Storing: Summary of the use of headers from root to RPL-aware-leaf 702 6.1.3. SM: Example of Flow from root to not-RPL-aware-leaf 704 In this case the flow comprises: 706 root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 708 For example, a communication flow could be: Node A root(6LBR) --> 709 Node B --> Node E --> Node G 710 As the RPI extension can be ignored by the not-RPL-aware leaf, this 711 situation is identical to the previous scenario. 713 +-------------------+------+-------+----------------+ 714 | Header | 6LBR | 6LR_i | IPv6 | 715 +-------------------+------+-------+----------------+ 716 | Inserted headers | RPI | -- | -- | 717 | Removed headers | -- | -- | -- | 718 | Re-added headers | -- | -- | -- | 719 | Modified headers | -- | RPI | -- | 720 | Untouched headers | -- | -- | RPI (Ignored) | 721 +-------------------+------+-------+----------------+ 723 Storing: Summary of the use of headers from root to not-RPL-aware- 724 leaf 726 6.1.4. SM: Example of Flow from not-RPL-aware-leaf to root 728 In this case the flow comprises: 730 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) 732 For example, a communication flow could be: Node G --> Node E --> 733 Node B --> Node A root(6LBR) 735 When the packet arrives from IPv6 node (Node G) to 6LR_1 (Node E), 736 the 6LR_1 will insert a RPI header, encapsuladed in a IPv6-in-IPv6 737 header. The IPv6-in-IPv6 header can be addressed to the next hop 738 (Node B), or to the root (Node A). The root removes the header and 739 processes the packet. 741 +------------+------+---------------+---------------+---------------+ 742 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | 743 +------------+------+---------------+---------------+---------------+ 744 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 745 | headers | | | | | 746 | Removed | -- | -- | -- | IP-in-IP(RPI) | 747 | headers | | | | | 748 | Re-added | -- | -- | -- | -- | 749 | headers | | | | | 750 | Modified | -- | -- | IP-in-IP(RPI) | -- | 751 | headers | | | | | 752 | Untouched | -- | -- | -- | -- | 753 | headers | | | | | 754 +------------+------+---------------+---------------+---------------+ 756 Storing: Summary of the use of headers from not-RPL-aware-leaf to 757 root 759 6.2. Storing Mode: Interaction between Leaf and Internet 761 In this section we are going to describe the communication flow in 762 storing mode (SM) between, 764 RPL-aware-leaf to Internet 766 Internet to RPL-aware-leaf 768 not-RPL-aware-leaf to Internet 770 Internet to not-RPL-aware-leaf 772 6.2.1. SM: Example of Flow from RPL-aware-leaf to Internet 774 RPL information from RFC 6553 MAY go out to Internet as it will be 775 ignored by nodes which have not been configured to be RPI aware. 777 In this case the flow comprises: 779 RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet 781 For example, the communication flow could be: Node F --> Node D --> 782 Node B --> Node A root(6LBR) --> Internet 784 No IP-in-IP header is required. 786 Note: In this use case we use a node as leaf, but this use case can 787 be also applicable to any RPL-node type (e.g. 6LR) 789 +-------------------+------+-------+------+----------------+ 790 | Header | 6LN | 6LR_i | 6LBR | Internet | 791 +-------------------+------+-------+------+----------------+ 792 | Inserted headers | RPI | -- | -- | -- | 793 | Removed headers | -- | -- | -- | -- | 794 | Re-added headers | -- | -- | -- | -- | 795 | Modified headers | -- | RPI | -- | -- | 796 | Untouched headers | -- | -- | RPI | RPI (Ignored) | 797 +-------------------+------+-------+------+----------------+ 799 Storing: Summary of the use of headers from RPL-aware-leaf to 800 Internet 802 6.2.2. SM: Example of Flow from Internet to RPL-aware-leaf 804 In this case the flow comprises: 806 Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 807 For example, a communication flow could be: Internet --> Node A 808 root(6LBR) --> Node B --> Node D --> Node F 810 When the packet arrives from Internet to 6LBR the RPI header is added 811 in a outer IPv6-in-IPv6 header and sent to 6LR, which modifies the 812 rank in the RPI. When the packet arrives at 6LN the RPI header is 813 removed and the packet processed. 815 +----------+---------+--------------+---------------+---------------+ 816 | Header | Interne | 6LBR | 6LR_i | 6LN | 817 | | t | | | | 818 +----------+---------+--------------+---------------+---------------+ 819 | Inserted | -- | IP-in- | -- | -- | 820 | headers | | IP(RPI) | | | 821 | Removed | -- | -- | -- | IP-in-IP(RPI) | 822 | headers | | | | | 823 | Re-added | -- | -- | -- | -- | 824 | headers | | | | | 825 | Modified | -- | -- | IP-in-IP(RPI) | -- | 826 | headers | | | | | 827 | Untouche | -- | -- | -- | -- | 828 | d | | | | | 829 | headers | | | | | 830 +----------+---------+--------------+---------------+---------------+ 832 Storing: Summary of the use of headers from Internet to RPL-aware- 833 leaf 835 6.2.3. SM: Example of Flow from not-RPL-aware-leaf to Internet 837 In this case the flow comprises: 839 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> 840 Internet 842 For example, a communication flow could be: Node G --> Node E --> 843 Node B --> Node A root(6LBR) --> Internet 845 The 6LR_1 (i=1) node will add an IP-in-IP(RPI) header addressed 846 either to the root, or hop-by-hop such that the root can remove the 847 RPI header before passing upwards. The IP-in-IP addressed to the 848 root cause less processing overhead. On the other hand, with hop-by- 849 hop the intermediate routers can check the routing tables for a 850 better routing path, thus it could be more efficient and faster. 851 Implementation should decide wich approach to take. 853 The originating node will ideally leave the IPv6 flow label as zero 854 so that the packet can be better compressed through the LLN. The 855 6LBR will set the flow label of the packet to a non-zero value when 856 sending to the Internet. 858 +---------+-----+-------------+-------------+-------------+---------+ 859 | Header | IPv | 6LR_1 | 6LR_i | 6LBR | Interne | 860 | | 6 | | [i=2,..,n]_ | | t | 861 +---------+-----+-------------+-------------+-------------+---------+ 862 | Inserte | -- | IP-in- | -- | -- | -- | 863 | d | | IP(RPI) | | | | 864 | headers | | | | | | 865 | Removed | -- | -- | -- | IP-in- | -- | 866 | headers | | | | IP(RPI) | | 867 | Re- | -- | -- | -- | -- | -- | 868 | added | | | | | | 869 | headers | | | | | | 870 | Modifie | -- | -- | IP-in- | -- | -- | 871 | d | | | IP(RPI) | | | 872 | headers | | | | | | 873 | Untouch | -- | -- | -- | -- | -- | 874 | ed | | | | | | 875 | headers | | | | | | 876 +---------+-----+-------------+-------------+-------------+---------+ 878 Storing: Summary of the use of headers from not-RPL-aware-leaf to 879 Internet 881 6.2.4. SM: Example of Flow from Internet to non-RPL-aware-leaf 883 In this case the flow comprises: 885 Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 887 For example, a communication flow could be: Internet --> Node A 888 root(6LBR) --> Node B --> Node E --> Node G 890 The 6LBR will have to add an RPI header within an IP-in-IP header. 891 The IP-in-IP is addressed to the not-RPL-aware-leaf, leaving the RPI 892 inside. 894 Note that there is a requirement that the final node be able to 895 remove one or more IPIP headers which are all addressed to it. 896 (EDNOTE: this should go into [I-D.ietf-6man-rfc6434-bis]) 898 The 6LBR MAY set the flow label on the inner IP-in-IP header to zero 899 in order to aid in compression. 901 +-----------+----------+---------------+---------------+------------+ 902 | Header | Internet | 6LBR | 6LR_i | IPv6 | 903 +-----------+----------+---------------+---------------+------------+ 904 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 905 | headers | | | | | 906 | Removed | -- | -- | -- | -- | 907 | headers | | | | | 908 | Re-added | -- | -- | -- | -- | 909 | headers | | | | | 910 | Modified | -- | -- | IP-in-IP(RPI) | -- | 911 | headers | | | | | 912 | Untouched | -- | -- | -- | RPI | 913 | headers | | | | (Ignored) | 914 +-----------+----------+---------------+---------------+------------+ 916 Storing: Summary of the use of headers from Internet to non-RPL- 917 aware-leaf 919 6.3. Storing Mode: Interaction between Leaf and Leaf 921 In this section we are going to describe the communication flow in 922 storing mode (SM) between, 924 RPL-aware-leaf to RPL-aware-leaf 926 RPL-aware-leaf to not-RPL-aware-leaf 928 not-RPL-aware-leaf to RPL-aware-leaf 930 not-RPL-aware-leaf to not-RPL-aware-leaf 932 6.3.1. SM: Example of Flow from RPL-aware-leaf to RPL-aware-leaf 934 In [RFC6550] RPL allows a simple one-hop optimization for both 935 storing and non-storing networks. A node may send a packet destined 936 to a one-hop neighbor directly to that node. See section 9 in 937 [RFC6550]. 939 When the nodes are not directly connected, then in storing mode, the 940 flow comprises: 942 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> 6LN 944 For example, a communication flow could be: Node F --> Node D --> 945 Node B --> Node E --> Node H 947 6LR_ia (Node D) are the intermediate routers from source to the 948 common parent (6LR_x) (Node B) In this case, "1 <= ia >= n", n is the 949 number of routers (6LR) that the packet go through from 6LN (Node F) 950 to the common parent (6LR_x). 952 6LR_id (Node E) are the intermediate routers from the common parent 953 (6LR_x) (Node B) to destination 6LN (Node H). In this case, "1 <= id 954 >= m", m is the number of routers (6LR) that the packet go through 955 from the common parent (6LR_x) to destination 6LN. 957 It is assume that the two nodes are in the same RPL Domain (that they 958 share the same DODAG root). At the common parent (Node B), the 959 direction of RPI is changed (from increasing to decreasing the rank). 961 While the 6LR nodes will update the RPI, no node needs to add or 962 remove the RPI, so no IP-in-IP headers are necessary. This may be 963 done regardless of where the destination is, as the included RPI will 964 be ignored by the receiver. 966 +---------------+--------+--------+---------------+--------+--------+ 967 | Header | 6LN | 6LR_ia | 6LR_x (common | 6LR_id | 6LN | 968 | | src | | parent) | | dst | 969 +---------------+--------+--------+---------------+--------+--------+ 970 | Inserted | RPI | -- | -- | -- | -- | 971 | headers | | | | | | 972 | Removed | -- | -- | -- | -- | RPI | 973 | headers | | | | | | 974 | Re-added | -- | -- | -- | -- | -- | 975 | headers | | | | | | 976 | Modified | -- | RPI | RPI | RPI | -- | 977 | headers | | | | | | 978 | Untouched | -- | -- | -- | -- | -- | 979 | headers | | | | | | 980 +---------------+--------+--------+---------------+--------+--------+ 982 Storing: Summary of the use of headers for RPL-aware-leaf to RPL- 983 aware-leaf 985 6.3.2. SM: Example of Flow from RPL-aware-leaf to non-RPL-aware-leaf 987 In this case the flow comprises: 989 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> not-RPL-aware 990 6LN (IPv6) 992 For example, a communication flow could be: Node F --> Node D --> 993 Node B --> Node E --> Node G 995 6LR_ia are the intermediate routers from source (6LN) to the common 996 parent (6LR_x) In this case, "1 <= ia >= n", n is the number of 997 routers (6LR) that the packet go through from 6LN to the common 998 parent (6LR_x). 1000 6LR_id (Node E) are the intermediate routers from the common parent 1001 (6LR_x) (Node B) to destination not-RPL-aware 6LN (IPv6) (Node G). 1002 In this case, "1 <= id >= m", m is the number of routers (6LR) that 1003 the packet go through from the common parent (6LR_x) to destination 1004 6LN. 1006 This situation is identical to the previous situation Section 6.3.1 1008 +-----------+------+--------+---------------+--------+--------------+ 1009 | Header | 6LN | 6LR_ia | 6LR_x(common | 6LR_id | IPv6 | 1010 | | src | | parent) | | | 1011 +-----------+------+--------+---------------+--------+--------------+ 1012 | Inserted | RPI | -- | -- | -- | -- | 1013 | headers | | | | | | 1014 | Removed | -- | -- | -- | -- | RPI | 1015 | headers | | | | | | 1016 | Re-added | -- | -- | -- | -- | -- | 1017 | headers | | | | | | 1018 | Modified | -- | RPI | RPI | RPI | -- | 1019 | headers | | | | | | 1020 | Untouched | -- | -- | -- | -- | RPI(Ignored) | 1021 | headers | | | | | | 1022 +-----------+------+--------+---------------+--------+--------------+ 1024 Storing: Summary of the use of headers for RPL-aware-leaf to non-RPL- 1025 aware-leaf 1027 6.3.3. SM: Example of Flow from not-RPL-aware-leaf to RPL-aware-leaf 1029 In this case the flow comprises: 1031 not-RPL-aware 6LN (IPv6) --> 6LR_ia --> common parent (6LR_x) --> 1032 6LR_id --> 6LN 1034 For example, a communication flow could be: Node G --> Node E --> 1035 Node B --> Node D --> Node F 1037 6LR_ia (Node E) are the intermediate routers from source (not-RPL- 1038 aware 6LN (IPv6)) (Node G) to the common parent (6LR_x) (Node B). In 1039 this case, "1 <= ia >= n", n is the number of routers (6LR) that the 1040 packet go through from source to the common parent. 1042 6LR_id (Node D) are the intermediate routers from the common parent 1043 (6LR_x) (Node B) to destination 6LN (Node F). In this case, "1 <= id 1044 >= m", m is the number of routers (6LR) that the packet go through 1045 from the common parent (6LR_x) to destination 6LN. 1047 The 6LR_ia (ia=1) (Node E) receives the packet from the the IPv6 node 1048 (Node G) and inserts and the RPI header encapsulated in IPv6-in-IPv6 1049 header. The IP-in-IP header is addressed to the destination 6LN 1050 (Node F). 1052 +--------+------+------------+------------+------------+------------+ 1053 | Header | IPv6 | 6LR_ia | common | 6LR_id | 6LN | 1054 | | | | parent | | | 1055 | | | | (6LRx) | | | 1056 +--------+------+------------+------------+------------+------------+ 1057 | Insert | -- | IP-in- | -- | -- | -- | 1058 | ed hea | | IP(RPI) | | | | 1059 | ders | | | | | | 1060 | Remove | -- | -- | -- | -- | IP-in- | 1061 | d head | | | | | IP(RPI) | 1062 | ers | | | | | | 1063 | Re- | -- | -- | -- | -- | -- | 1064 | added | | | | | | 1065 | header | | | | | | 1066 | s | | | | | | 1067 | Modifi | -- | -- | IP-in- | IP-in- | -- | 1068 | ed hea | | | IP(RPI) | IP(RPI) | | 1069 | ders | | | | | | 1070 | Untouc | -- | -- | -- | -- | -- | 1071 | hed he | | | | | | 1072 | aders | | | | | | 1073 +--------+------+------------+------------+------------+------------+ 1075 Storing: Summary of the use of headers from not-RPL-aware-leaf to 1076 RPL-aware-leaf 1078 6.3.4. SM: Example of Flow from not-RPL-aware-leaf to not-RPL-aware- 1079 leaf 1081 In this case the flow comprises: 1083 not-RPL-aware 6LN (IPv6 src)--> 6LR_1--> 6LR_ia --> 6LR_id --> not- 1084 RPL-aware 6LN (IPv6 dst) 1086 For example, a communication flow could be: Node G --> Node E --> 1087 Node B --> Node A (root) --> Node C --> Node J 1089 Internal nodes 6LR_ia (e.g: Node E or Node B) are the intermediate 1090 routers from the not-RPL-aware source (Node G) to the root (6LBR) 1091 (Node A). In this case, "1 < ia >= n", n is the number of routers 1092 (6LR) that the packet go through from IPv6 src to the root. 1094 6LR_id (C) are the intermediate routers from the root (Node A) to the 1095 destination Node J. In this case, "1 <= id >= m", m is the number of 1096 routers (6LR) that the packet go through from the root to destination 1097 (IPv6 dst). 1099 Note that this flow is identical to Section 6.3.3, except for where 1100 the IPIP header is inserted. 1102 The 6LR_1 (Node E) receives the packet from the the IPv6 node (Node 1103 G) and inserts the RPI header (RPIa), encapsulated in an IPv6-in-IPv6 1104 header. The IPv6-in-IPv6 header is addressed to the final 1105 destination. 1107 +----------+-----+-------------+--------------+--------------+------+ 1108 | Header | IPv | 6LR_1 | 6LR_ia | 6LR_m | IPv6 | 1109 | | 6 | | | | dst | 1110 | | src | | | | | 1111 +----------+-----+-------------+--------------+--------------+------+ 1112 | Inserted | -- | IP-in- | -- | -- | -- | 1113 | headers | | IP(RPI) | | | | 1114 | Removed | -- | -- | -- | -- | -- | 1115 | headers | | | | | | 1116 | Re-added | -- | -- | -- | -- | -- | 1117 | headers | | | | | | 1118 | Modified | -- | -- | IP-in- | IP-in- | -- | 1119 | headers | | | IP(RPI) | IP(RPI) | | 1120 | Untouche | -- | -- | -- | -- | -- | 1121 | d | | | | | | 1122 | headers | | | | | | 1123 +----------+-----+-------------+--------------+--------------+------+ 1125 Storing: Summary of the use of headers from not-RPL-aware-leaf to 1126 non-RPL-aware-leaf 1128 7. Non Storing mode 1130 In Non Storing Mode (Non SM) (fully source routed), the 6LBR (DODAG 1131 root) has complete knowledge about the connectivity of all DODAG 1132 nodes, and all traffic flows through the root node. Thus, there is 1133 no need for all nodes to know about the existence of non-RPL aware 1134 nodes. Only the 6LBR needs to act if compensation is necessary for 1135 non-RPL aware receivers. 1137 The following table summarizes what headers are needed in the 1138 following scenarios, and indicates when the RPI, RH3 and IP-in-IP 1139 header must be inserted. There are these possible situations: 1140 destination address possible (indicated by "dst"), to a 6LR, to a 6LN 1141 or to the root. In cases where no IP-in-IP header is needed, the 1142 column is left blank. 1144 The leaf can be a router 6LR or a host, both indicated as 6LN 1145 (Figure 3). 1147 +-----------------+--------------+-----+-----+----------+----------+ 1148 | Interaction | Use Case | RPI | RH3 | IP-in-IP | IP-in-IP | 1149 | between | | | | | dst | 1150 +-----------------+--------------+-----+-----+----------+----------+ 1151 | | Raf to root | Yes | No | No | -- | 1152 + +--------------+-----+-----+----------+----------+ 1153 | Leaf - Root | root to Raf | Opt | Yes | No | -- | 1154 + +--------------+-----+-----+----------+----------+ 1155 | | root to ~Raf |no(1)| Yes | Yes | 6LR | 1156 + +--------------+-----+-----+----------+----------+ 1157 | | ~Raf to root | Yes | No | Yes | root | 1158 +-----------------+--------------+-----+-----+----------+----------+ 1159 | | Raf to Int | Yes | No | Yes | root | 1160 + +--------------+-----+-----+----------+----------+ 1161 | Leaf - Internet | Int to Raf |no(1)| Yes | Yes | dst | 1162 + +--------------+-----+-----+----------+----------+ 1163 | | ~Raf to Int | Yes | No | Yes | root | 1164 + +--------------+-----+-----+----------+----------+ 1165 | | Int to ~Raf |no(1)| Yes | Yes | 6LR | 1166 +-----------------+--------------+-----+-----+----------+----------+ 1167 | | Raf to Raf | Yes | Yes | Yes | root/dst | 1168 + +--------------+-----+-----+----------+----------+ 1169 | | Raf to ~Raf | Yes | Yes | Yes | root/6LR | 1170 + Leaf - Leaf +--------------+-----+-----+----------+----------+ 1171 | | ~Raf to Raf | Yes | Yes | Yes | root/6LN | 1172 + +--------------+-----+-----+----------+----------+ 1173 | | ~Raf to ~Raf | Yes | Yes | Yes | root/6LR | 1174 +-----------------+--------------+-----+-----+----------+----------+ 1176 (1)-6tisch networks may need the RPI information. 1178 Figure 8: Headers needed in Non-Storing mode: RPI, RH3, IP-in-IP 1179 encapsulation. 1181 7.1. Non-Storing Mode: Interaction between Leaf and Root 1183 In this section we are going to describe the communication flow in 1184 Non Storing Mode (Non-SM) between, 1185 RPL-aware-leaf to root 1187 root to RPL-aware-leaf 1189 not-RPL-aware-leaf to root 1191 root to not-RPL-aware-leaf 1193 7.1.1. Non-SM: Example of Flow from RPL-aware-leaf to root 1195 In non-storing mode the leaf node uses default routing to send 1196 traffic to the root. The RPI header must be included to avoid/detect 1197 loops. 1199 RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) 1201 For example, a communication flow could be: Node F --> Node D --> 1202 Node B --> Node A (root) 1204 6LR_i are the intermediate routers from source to destination. In 1205 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1206 packet go through from source (6LN) to destination (6LBR). 1208 This situation is the same case as storing mode. 1210 +-------------------+-----+-------+------+ 1211 | Header | 6LN | 6LR_i | 6LBR | 1212 +-------------------+-----+-------+------+ 1213 | Inserted headers | RPI | -- | -- | 1214 | Removed headers | -- | -- | RPI | 1215 | Re-added headers | -- | -- | -- | 1216 | Modified headers | -- | RPI | -- | 1217 | Untouched headers | -- | -- | -- | 1218 +-------------------+-----+-------+------+ 1220 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1221 root 1223 7.1.2. Non-SM: Example of Flow from root to RPL-aware-leaf 1225 In this case the flow comprises: 1227 root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 1229 For example, a communication flow could be: Node A (root) --> Node B 1230 --> Node D --> Node F 1231 6LR_i are the intermediate routers from source to destination. In 1232 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1233 packet go through from source (6LBR) to destination (6LN). 1235 The 6LBR will insert an RH3, and may optionally insert an RPI header. 1236 No IP-in-IP header is necessary as the traffic originates with an RPL 1237 aware node, the 6LBR. The destination is known to RPL-aware because, 1238 the root knows the whole topology in non-storing mode. 1240 +-------------------+-----------------+-------+----------+ 1241 | Header | 6LBR | 6LR_i | 6LN | 1242 +-------------------+-----------------+-------+----------+ 1243 | Inserted headers | (opt: RPI), RH3 | -- | -- | 1244 | Removed headers | -- | -- | RH3,RPI | 1245 | Re-added headers | -- | -- | -- | 1246 | Modified headers | -- | RH3 | -- | 1247 | Untouched headers | -- | -- | -- | 1248 +-------------------+-----------------+-------+----------+ 1250 Non Storing: Summary of the use of headers from root to RPL-aware- 1251 leaf 1253 7.1.3. Non-SM: Example of Flow from root to not-RPL-aware-leaf 1255 In this case the flow comprises: 1257 root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 1259 For example, a communication flow could be: Node A (root) --> Node B 1260 --> Node E --> Node G 1262 6LR_i are the intermediate routers from source to destination. In 1263 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1264 packet go through from source (6LBR) to destination (IPv6). 1266 In 6LBR the RH3 is added, it is modified at each intermediate 6LR 1267 (6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n), 1268 but left there. If RPI is left present, the IPv6 node which does not 1269 understand it will ignore it (following RFC8200), thus encapsulation 1270 is not necesary. Due the complete knowledge of the topology at the 1271 root, the 6LBR may optionally address the IP-in-IP header to the last 1272 6LR, such that it is removed prior to the IPv6 node. 1274 +---------------+-------------+---------------+--------------+------+ 1275 | Header | 6LBR | 6LR_i(i=1) | 6LR_n(i=n) | IPv6 | 1276 +---------------+-------------+---------------+--------------+------+ 1277 | Inserted | (opt: RPI), | -- | -- | -- | 1278 | headers | RH3 | | | | 1279 | Removed | -- | RH3 | -- | -- | 1280 | headers | | | | | 1281 | Re-added | -- | -- | -- | -- | 1282 | headers | | | | | 1283 | Modified | -- | (opt: RPI), | (opt: RPI), | -- | 1284 | headers | | RH3 | RH3 | | 1285 | Untouched | -- | -- | -- | RPI | 1286 | headers | | | | | 1287 +---------------+-------------+---------------+--------------+------+ 1289 Non Storing: Summary of the use of headers from root to not-RPL- 1290 aware-leaf 1292 7.1.4. Non-SM: Example of Flow from not-RPL-aware-leaf to root 1294 In this case the flow comprises: 1296 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) 1298 For example, a communication flow could be: Node G --> Node E --> 1299 Node B --> Node A (root) 1301 6LR_i are the intermediate routers from source to destination. In 1302 this case, "1 < i >= n", n is the number of routers (6LR) that the 1303 packet go through from source (IPv6) to destination (6LBR). For 1304 example, 6LR_1 (i=1) is the router that receives the packets from the 1305 IPv6 node. 1307 In this case the RPI is added by the first 6LR (6LR1) (Node E), 1308 encapsulated in an IP-in-IP header, and is modified in the following 1309 6LRs. The RPI and entire packet is consumed by the root. 1311 +------------+------+---------------+---------------+---------------+ 1312 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | 1313 +------------+------+---------------+---------------+---------------+ 1314 | Inserted | -- | IP-in-IP(RPI) | -- | -- | 1315 | headers | | | | | 1316 | Removed | -- | -- | -- | IP-in-IP(RPI) | 1317 | headers | | | | | 1318 | Re-added | -- | -- | -- | -- | 1319 | headers | | | | | 1320 | Modified | -- | -- | IP-in-IP(RPI) | -- | 1321 | headers | | | | | 1322 | Untouched | -- | -- | -- | -- | 1323 | headers | | | | | 1324 +------------+------+---------------+---------------+---------------+ 1326 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1327 root 1329 7.2. Non-Storing Mode: Interaction between Leaf and Internet 1331 This section will describe the communication flow in Non Storing Mode 1332 (Non-SM) between: 1334 RPL-aware-leaf to Internet 1336 Internet to RPL-aware-leaf 1338 not-RPL-aware-leaf to Internet 1340 Internet to not-RPL-aware-leaf 1342 7.2.1. Non-SM: Example of Flow from RPL-aware-leaf to Internet 1344 In this case the flow comprises: 1346 RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet 1348 For example, a communication flow could be: Node F --> Node D --> 1349 Node B --> Node A --> Internet 1351 6LR_i are the intermediate routers from source to destination. In 1352 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1353 packet go through from source (6LN) to 6LBR. 1355 This case is identical to storing-mode case. 1357 The IPv6 flow label should be set to zero to aid in compression, and 1358 the 6LBR will set it to a non-zero value when sending towards the 1359 Internet. 1361 +-------------------+------+-------+------+----------------+ 1362 | Header | 6LN | 6LR_i | 6LBR | Internet | 1363 +-------------------+------+-------+------+----------------+ 1364 | Inserted headers | RPI | -- | -- | -- | 1365 | Removed headers | -- | -- | -- | -- | 1366 | Re-added headers | -- | -- | -- | -- | 1367 | Modified headers | -- | RPI | -- | -- | 1368 | Untouched headers | -- | -- | RPI | RPI (Ignored) | 1369 +-------------------+------+-------+------+----------------+ 1371 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1372 Internet 1374 7.2.2. Non-SM: Example of Flow from Internet to RPL-aware-leaf 1376 In this case the flow comprises: 1378 Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) 1380 For example, a communication flow could be: Internet --> Node A 1381 (root) --> Node B --> Node D --> Node F 1383 6LR_i are the intermediate routers from source to destination. In 1384 this case, "1 <= i >= n", n is the number of routers (6LR) that the 1385 packet go through from 6LBR to destination(6LN). 1387 The 6LBR must add an RH3 header. As the 6LBR will know the path and 1388 address of the target node, it can address the IP-in-IP header to 1389 that node. The 6LBR will zero the flow label upon entry in order to 1390 aid compression. 1392 The RPI may be added or not as required by networks such as 6tisch. 1393 The RPI is unnecessary for loop detection. 1395 +----------+---------+--------------+---------------+---------------+ 1396 | Header | Interne | 6LBR | 6LR_i | 6LN | 1397 | | t | | | | 1398 +----------+---------+--------------+---------------+---------------+ 1399 | Inserted | -- | IP-in-IP (RH | -- | -- | 1400 | headers | | 3,opt:RPI) | | | 1401 | Removed | -- | -- | -- | IP-in-IP | 1402 | headers | | | | (RH3,opt:RPI) | 1403 | Re-added | -- | -- | -- | -- | 1404 | headers | | | | | 1405 | Modified | -- | -- | IP-in-IP | -- | 1406 | headers | | | (RH3,opt:RPI) | | 1407 | Untouche | -- | -- | -- | -- | 1408 | d | | | | | 1409 | headers | | | | | 1410 +----------+---------+--------------+---------------+---------------+ 1412 Non Storing: Summary of the use of headers from Internet to RPL- 1413 aware-leaf 1415 7.2.3. Non-SM: Example of Flow from not-RPL-aware-leaf to Internet 1417 In this case the flow comprises: 1419 not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> 1420 Internet 1422 For example, a communication flow could be: Node G --> Node E --> 1423 Node B --> Node A --> Internet 1425 6LR_i are the intermediate routers from source to destination. In 1426 this case, "1 < i >= n", n is the number of routers (6LR) that the 1427 packet go through from source(IPv6) to 6LBR. e.g 6LR_1 (i=1). 1429 In this case the flow label is recommended to be zero in the IPv6 1430 node. As RPL headers are added in the IPv6 node, the first 6LR 1431 (6LR_1) will add an RPI header inside a new IP-in-IP header. The IP- 1432 in-IP header will be addressed to the root. This case is identical 1433 to the storing-mode case (see Section 6.2.3). 1435 +-----------+------+-----------+-------------+-----------+----------+ 1436 | Header | IPv6 | 6LR_1 | 6LR_i | 6LBR | Internet | 1437 | | | | [i=2,..,n]_ | | | 1438 +-----------+------+-----------+-------------+-----------+----------+ 1439 | Inserted | -- | IP-in-IP | -- | -- | -- | 1440 | headers | | (RPI) | | | | 1441 | Removed | -- | -- | -- | IP-in-IP | -- | 1442 | headers | | | | (RPI) | | 1443 | Re-added | -- | -- | -- | -- | -- | 1444 | headers | | | | | | 1445 | Modified | -- | -- | IP-in-IP | -- | -- | 1446 | headers | | | (RPI) | | | 1447 | Untouched | -- | -- | -- | -- | -- | 1448 | headers | | | | | | 1449 +-----------+------+-----------+-------------+-----------+----------+ 1451 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1452 Internet 1454 7.2.4. Non-SM: Example of Flow from Internet to not-RPL-aware-leaf 1456 In this case the flow comprises: 1458 Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) 1460 For example, a communication flow could be: Internet --> Node A 1461 (root) --> Node B --> Node E --> Node G 1463 6LR_i are the intermediate routers from source to destination. In 1464 this case, "1 < i >= n", n is the number of routers (6LR) that the 1465 packet go through from 6LBR to not-RPL-aware-leaf (IPv6). 1467 The 6LBR must add an RH3 header inside an IP-in-IP header. The 6LBR 1468 will know the path, and will recognize that the final node is not an 1469 RPL capable node as it will have received the connectivity DAO from 1470 the nearest 6LR. The 6LBR can therefore make the IP-in-IP header 1471 destination be the last 6LR. The 6LBR will set to zero the flow 1472 label upon entry in order to aid compression. 1474 +----------+---------+---------+-----------+-----------------+------+ 1475 | Header | Interne | 6LBR | 6LR_1 | 6LR_i(i=2,..,n) | IPv6 | 1476 | | t | | | | | 1477 +----------+---------+---------+-----------+-----------------+------+ 1478 | Inserted | -- | IP-in- | -- | -- | -- | 1479 | headers | | IP | | | | 1480 | | | (RH3, o | | | | 1481 | | | pt:RPI) | | | | 1482 | Removed | -- | -- | -- | IP-in-IP | -- | 1483 | headers | | | | (RH3,RPI) | | 1484 | Re-added | -- | -- | -- | -- | -- | 1485 | headers | | | | | | 1486 | Modified | -- | -- | IP-in-IP | IP-in-IP | -- | 1487 | headers | | | (RH3,RPI) | (RH3,RPI) | | 1488 | Untouche | -- | -- | -- | -- | RPI | 1489 | d | | | | | | 1490 | headers | | | | | | 1491 +----------+---------+---------+-----------+-----------------+------+ 1493 NonStoring: Summary of the use of headers from Internet to non-RPL- 1494 aware-leaf 1496 7.3. Non-Storing Mode: Interaction between Leafs 1498 In this section we are going to describe the communication flow in 1499 Non Storing Mode (Non-SM) between, 1501 RPL-aware-leaf to RPL-aware-leaf 1503 RPL-aware-leaf to not-RPL-aware-leaf 1505 not-RPL-aware-leaf to RPL-aware-leaf 1507 not-RPL-aware-leaf to not-RPL-aware-leaf 1509 7.3.1. Non-SM: Example of Flow from RPL-aware-leaf to RPL-aware-leaf 1511 In this case the flow comprises: 1513 6LN src --> 6LR_ia --> root (6LBR) --> 6LR_id --> 6LN dst 1515 For example, a communication flow could be: Node F --> Node D --> 1516 Node B --> Node A (root) --> Node B --> Node E --> Node H 1518 6LR_ia are the intermediate routers from source to the root In this 1519 case, "1 <= ia >= n", n is the number of routers (6LR) that the 1520 packet go through from 6LN to the root. 1522 6LR_id are the intermediate routers from the root to the destination. 1523 In this case, "1 <= ia >= m", m is the number of the intermediate 1524 routers (6LR). 1526 This case involves only nodes in same RPL Domain. The originating 1527 node will add an RPI header to the original packet, and send the 1528 packet upwards. 1530 The originating node SHOULD put the RPI into an IP-in-IP header 1531 addressed to the root, so that the 6LBR can remove that header. If 1532 it does not, then additional resources are wasted on the way down to 1533 carry the useless RPI option. 1535 The 6LBR will need to insert an RH3 header, which requires that it 1536 add an IP-in-IP header. It SHOULD be able to remove the RPI, as it 1537 was contained in an IP-in-IP header addressed to it. Otherwise, 1538 there MAY be an RPI header buried inside the inner IP header, which 1539 should get ignored. 1541 Networks that use the RPL P2P extension [RFC6997] are essentially 1542 non-storing DODAGs and fall into this scenario or scenario 1543 Section 7.1.2, with the originating node acting as 6LBR. 1545 +-----------+----------+--------+-------------+--------+------------+ 1546 | Header | 6LN src | 6LR_ia | 6LBR | 6LR_id | 6LN dst | 1547 +-----------+----------+--------+-------------+--------+------------+ 1548 | Inserted | IP-in-IP | -- | IP-in-IP | -- | -- | 1549 | headers | (RPI1) | | (RH3->6LN, | | | 1550 | | | | opt RPI2) | | | 1551 | Removed | -- | -- | IP-in-IP | -- | IP-in-IP | 1552 | headers | | | (RPI1) | | (RH3, opt | 1553 | | | | | | RPI2) | 1554 | Re-added | -- | -- | -- | -- | -- | 1555 | headers | | | | | | 1556 | Modified | -- | RPI1 | -- | RPI2 | -- | 1557 | headers | | | | | | 1558 | Untouched | -- | -- | -- | -- | -- | 1559 | headers | | | | | | 1560 +-----------+----------+--------+-------------+--------+------------+ 1562 Non Storing: Summary of the use of headers for RPL-aware-leaf to RPL- 1563 aware-leaf 1565 7.3.2. Non-SM: Example of Flow from RPL-aware-leaf to not-RPL-aware- 1566 leaf 1568 In this case the flow comprises: 1570 6LN --> 6LR_ia --> root (6LBR) --> 6LR_id --> not-RPL-aware (IPv6) 1572 For example, a communication flow could be: Node F --> Node D --> 1573 Node B --> Node A (root) --> Node B --> Node E --> Node G 1575 6LR_ia are the intermediate routers from source to the root In this 1576 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1578 6LR_id are the intermediate routers from the root to the destination. 1579 In this case, "1 <= ia >= m", m is the number of the intermediate 1580 routers (6LR). 1582 As in the previous case, the 6LN will insert an RPI (RPI_1) header 1583 which MUST be in an IP-in-IP header addressed to the root so that the 1584 6LBR can remove this RPI. The 6LBR will then insert an RH3 inside a 1585 new IP-in-IP header addressed to the 6LN destination node. The RPI 1586 is optional from 6LBR to 6LR_id (RPI_2). 1588 +-----------+----------+----------+------------+------------+-------+ 1589 | Header | 6LN | 6LR_1 | 6LBR | 6LR_id | IPv6 | 1590 +-----------+----------+----------+------------+------------+-------+ 1591 | Inserted | IP-in-IP | -- | IP-in-IP | -- | -- | 1592 | headers | (RPI1) | | (RH3, opt | | | 1593 | | | | RPI_2) | | | 1594 | Removed | -- | -- | IP-in-IP | IP-in-IP | -- | 1595 | headers | | | (RPI_1) | (RH3, opt | | 1596 | | | | | RPI_2) | | 1597 | Re-added | -- | -- | -- | -- | -- | 1598 | headers | | | | | | 1599 | Modified | -- | IP-in-IP | -- | IP-in-IP | -- | 1600 | headers | | (RPI_1) | | (RH3, opt | | 1601 | | | | | RPI_2) | | 1602 | Untouched | -- | -- | -- | -- | opt | 1603 | headers | | | | | RPI_2 | 1604 +-----------+----------+----------+------------+------------+-------+ 1606 Non Storing: Summary of the use of headers from RPL-aware-leaf to 1607 not-RPL-aware-leaf 1609 7.3.3. Non-SM: Example of Flow from not-RPL-aware-leaf to RPL-aware- 1610 leaf 1612 In this case the flow comprises: 1614 not-RPL-aware 6LN (IPv6) --> 6LR_ia --> root (6LBR) --> 6LR_id --> 1615 6LN 1617 For example, a communication flow could be: Node G --> Node E --> 1618 Node B --> Node A (root) --> Node B --> Node E --> Node H 1620 6LR_ia are the intermediate routers from source to the root. In this 1621 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1623 6LR_id are the intermediate routers from the root to the destination. 1624 In this case, "1 <= ia >= m", m is the number of the intermediate 1625 routers (6LR). 1627 This scenario is mostly identical to the previous one. The RPI is 1628 added by the first 6LR (6LR_1) inside an IP-in-IP header addressed to 1629 the root. The 6LBR will remove this RPI, and add it's own IP-in-IP 1630 header containing an RH3 header and optional RPI (RPI_2). 1632 +-----------+------+----------+-----------+------------+------------+ 1633 | Header | IPv6 | 6LR_1 | 6LBR | 6LR_id | 6LN | 1634 +-----------+------+----------+-----------+------------+------------+ 1635 | Inserted | -- | IP-in-IP | IP-in-IP | -- | -- | 1636 | headers | | (RPI_1) | (RH3, opt | | | 1637 | | | | RPI_2) | | | 1638 | Removed | -- | -- | IP-in-IP | -- | IP-in-IP | 1639 | headers | | | (RPI_1) | | (RH3, opt | 1640 | | | | | | RPI_2) | 1641 | Re-added | -- | -- | -- | -- | -- | 1642 | headers | | | | | | 1643 | Modified | -- | -- | -- | IP-in-IP | -- | 1644 | headers | | | | (RH3, opt | | 1645 | | | | | RPI_2) | | 1646 | Untouched | -- | -- | -- | -- | -- | 1647 | headers | | | | | | 1648 +-----------+------+----------+-----------+------------+------------+ 1650 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1651 RPL-aware-leaf 1653 7.3.4. Non-SM: Example of Flow from not-RPL-aware-leaf to not-RPL- 1654 aware-leaf 1656 In this case the flow comprises: 1658 not-RPL-aware 6LN (IPv6 src)--> 6LR_ia --> root (6LBR) --> 6LR_id --> 1659 not-RPL-aware (IPv6 dst) 1661 For example, a communication flow could be: Node G --> Node E --> 1662 Node B --> Node A (root) --> Node C --> Node J 1664 6LR_ia are the intermediate routers from source to the root. In this 1665 case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 1667 6LR_id are the intermediate routers from the root to the destination. 1668 In this case, "1 <= ia >= m", m is the number of the intermediate 1669 routers (6LR). 1671 This scenario is the combination of the previous two cases. 1673 +------------+-------+-----------+------------+-------------+-------+ 1674 | Header | IPv6 | 6LR_1 | 6LBR | 6LR_id | IPv6 | 1675 | | src | | | | dst | 1676 +------------+-------+-----------+------------+-------------+-------+ 1677 | Inserted | -- | IP-in-IP | IP-in-IP | -- | -- | 1678 | headers | | (RPI_1) | (RH3) | | | 1679 | Removed | -- | -- | IP-in-IP | IP-in-IP | -- | 1680 | headers | | | (RPI_1) | (RH3, opt | | 1681 | | | | | RPI_2) | | 1682 | Re-added | -- | -- | -- | -- | -- | 1683 | headers | | | | | | 1684 | Modified | -- | -- | -- | -- | -- | 1685 | headers | | | | | | 1686 | Untouched | -- | -- | -- | -- | -- | 1687 | headers | | | | | | 1688 +------------+-------+-----------+------------+-------------+-------+ 1690 Non Storing: Summary of the use of headers from not-RPL-aware-leaf to 1691 not-RPL-aware-leaf 1693 8. Observations about the cases 1695 8.1. Storing mode 1697 [RFC8138] shows that the hop-by-hop IP-in-IP header can be compressed 1698 using IP-in-IP 6LoRH (IP-in-IP-6LoRH) header as described in 1699 Section 7 of the document. 1701 There are potential significant advantages to having a single code 1702 path that always processes IP-in-IP headers with no options. 1704 Thanks to the change of the RPI option type from 0x63 to 0x23, there 1705 is no longer any uncertainty about when to use an IP-in-IP header in 1706 the storing mode. A Hop-by-Hop Options Header containing the RPI 1707 option SHOULD always be added when 6LRs originate packets (without 1708 IP-in-IP headers), and IP-in-IP headers should always be added 1709 (addressed to the root when on the way up, to the end-host when on 1710 the way down) when a 6LR find that it needs to insert a Hop-by-Hop 1711 Options Header containing the RPI option. 1713 8.2. Non-Storing mode 1715 In the non-storing case, dealing with non-RPL aware leaf nodes is 1716 much easier as the 6LBR (DODAG root) has complete knowledge about the 1717 connectivity of all DODAG nodes, and all traffic flows through the 1718 root node. 1720 The 6LBR can recognize non-RPL aware leaf nodes because it will 1721 receive a DAO about that node from the 6LN immediately above that 1722 node. This means that the non-storing mode case can avoid ever using 1723 hop-by-hop IP-in-IP headers for traffic originating from the root to 1724 leafs. 1726 The non-storing mode case does not require the type change from 0x63 1727 to 0x23, as the root can always create the right packet. The type 1728 change does not adversely affect the non-storing case. 1730 9. 6LoRH Compression cases 1732 The [RFC8138] proposes a compression method for RPI, RH3 and IPv6-in- 1733 IPv6. 1735 In Storing Mode, for the examples of Flow from RPL-aware-leaf to non- 1736 RPL-aware-leaf and non-RPL-aware-leaf to non-RPL-aware-leaf comprise 1737 an IP-in-IP and RPI compression headers. The type of this case is 1738 critical since IP-in-IP is encapsulating a RPI header. 1740 +--+-----+---+--------------+-----------+-------------+-------------+ 1741 |1 | 0|0 |TSE| 6LoRH Type 6 | Hop Limit | RPI - 6LoRH | LOWPAN IPHC | 1742 +--+-----+---+--------------+-----------+-------------+-------------+ 1744 Figure 9: Critical IP-in-IP (RPI). 1746 10. IANA Considerations 1748 This document updates the registration made in [RFC6553] Destination 1749 Options and Hop-by-Hop Options registry from 0x63 to 0x23. 1751 [RFCXXXX] represents this document. 1753 Hex Value Binary Value 1754 act chg rest Description Reference 1755 --------- --- --- ------- ----------------- ---------- 1756 0x23 00 1 00011 RPL Option [RFCXXXX] 1757 0x63 01 1 00011 RPL Option(DEPRECATED) [RFC6553][RFCXXXX] 1759 Figure 10: Option Type in RPL Option. 1761 The DODAG Configuration Option Flags in the DODAG Configuration 1762 option is updated as follows: 1764 +------------+-----------------+---------------+ 1765 | Bit number | Description | Reference | 1766 +------------+-----------------+---------------+ 1767 | 3 | RPI 0x23 enable | This document | 1768 +------------+-----------------+---------------+ 1770 Figure 11: DODAG Configuration Option Flag to indicate the RPI-flag- 1771 day. 1773 11. Security Considerations 1775 The security considerations covering of [RFC6553] and [RFC6554] apply 1776 when the packets get into RPL Domain. 1778 The IPIP mechanism described in this document is much more limited 1779 than the general mechanism described in [RFC2473]. The willingness 1780 of each node in the LLN to decapsulate packets and forward them could 1781 be exploited by nodes to disguise the origin of an attack. 1783 Nodes outside of the LLN will need to pass IPIP traffic through the 1784 RPL root to perform this attack. To counter, the RPL root SHOULD 1785 either restrict ingress of IPIP packets (the simpler solution), or it 1786 SHOULD do a deep packet inspection wherein it walks the IP header 1787 extension chain until it can inspect the upper-layer-payload as 1788 described in [RFC7045]. In particular, the RPL root SHOULD do BCP38 1789 ([RFC2827]) processing on the source addresses of all IP headers that 1790 it examines in both directions. 1792 Note: there are some situations where a prefix will spread across 1793 multiple LLNs via mechanisms such as described in 1794 [I-D.ietf-6lo-backbone-router]. In this case the BCP38 filtering 1795 needs to take this into account. 1797 Nodes with the LLN can use the IPIP mechanism to mount an attack on 1798 another part of the LLN, while disguising the origin of the attack. 1799 The mechanism can even be abused to make it appear that the attack is 1800 coming from outside the LLN, and unless countered, this could be used 1801 to mount a Distributed Denial Of Service attack upon nodes elsewhere 1802 in the Internet. See [DDOS-KREBS] for an example of such attacks 1803 already seen in the real world. 1805 While a typical LLN may be a very poor origin for attack traffic (as 1806 the networks tend to be very slow, and the nodes often have very low 1807 duty cycles) given enough nodes, they could still have a significant 1808 impact, particularly if the attack was on another LLN! Additionally, 1809 some uses of RPL involve large backbone ISP scale equipment 1810 [I-D.ietf-anima-autonomic-control-plane], which may be equipped with 1811 multiple 100Gb/s interfaces. 1813 Blocking or careful filtering of IPIP traffic entering the LLN as 1814 described above will make sure that any attack that is mounted must 1815 originate compromised nodes within the LLN. The use of BCP38 1816 filtering at the RPL root on egress traffic will both alert the 1817 operator to the existence of the attack, as well as drop the attack 1818 traffic. As the RPL network is typically numbered from a single 1819 prefix, which is itself assigned by RPL, BCP38 filtering involves a 1820 single prefix comparison and should be trivial to automatically 1821 configure. 1823 There are some scenarios where IPIP traffic SHOULD be allowed to pass 1824 through the RPL root, such as the IPIP mediated communications 1825 between a new Pledge and the Join Registrar/Coordinator (JRC) when 1826 using [I-D.ietf-anima-bootstrapping-keyinfra] and 1827 [I-D.ietf-6tisch-dtsecurity-secure-join]. This is the case for the 1828 RPL root to do careful filtering: it occurs only when the Join 1829 Coordinator is not co-located inside the RPL root. 1831 With the above precautions, an attack using IPIP tunnels will be by a 1832 node within the LLN on another node within the LLN. Such an attack 1833 could, of course, be done directly. An attack of this kind is 1834 meaningful only if the source addresses are either fake or if the 1835 point is to amplify return traffic. Such an attack, could also be 1836 done without the use of IPIP headers using forged source addresses. 1838 If the attack requires bi-directional communication, then IPIP 1839 provides no advantages. 1841 [RFC2473] suggests that tunnel entry and exit points can be secured, 1842 via the "Use IPsec". This solution has all the problems that 1843 [RFC5406] goes into. In an LLN such a solution would degenerate into 1844 every node having a tunnel with every other node. It would provide a 1845 small amount of origin address authentication at a very high cost; 1846 doing BCP38 at every node (linking layer-3 addresses to layer-2 1847 addresses, and to already present layer-2 cryptographic mechanisms) 1848 would be cheaper should RPL be run in an environment where hostile 1849 nodes are likely to be a part of the LLN. 1851 The RH3 header usage described here can be abused in equivalent ways 1852 with an IPIP header to add the needed RH3 header. As such, the 1853 attacker's RH3 header will not be seen by the network until it 1854 reaches the end host, which will decapsulate it. An end-host SHOULD 1855 be suspicious about a RH3 header which has additional hops which have 1856 not yet been processed, and SHOULD ignore such a second RH3 header. 1858 In addition, the LLN will likely use [RFC8138] to compress the IPIP 1859 and RH3 headers. As such, the compressor at the RPL-root will see 1860 the second RH3 header and MAY choose to discard the packet if the RH3 1861 header has not been completely consumed. A consumed (inert) RH3 1862 header could be present in a packet that flows from one LLN, crosses 1863 the Internet, and enters another LLN. As per the discussion in this 1864 document, such headers do not need to be removed. However, there is 1865 no case described in this document where an RH3 is inserted in a non- 1866 storing network on traffic that is leaving the LLN, but this document 1867 SHOULD NOT preclude such a future innovation. It should just be 1868 noted that an incoming RH3 must be fully consumed, or very carefully 1869 inspected. 1871 The RPI header, if permitted to enter the LLN, could be used by an 1872 attacker to change the priority of a packet by selecting a different 1873 RPL instanceID, perhaps one with a higher energy cost, for instance. 1874 It could also be that not all nodes are reachable in an LLN using the 1875 default instanceID, but a change of instanceID would permit an 1876 attacker to bypass such filtering. Like the RH3, an RPI header is to 1877 be inserted by the RPL root on traffic entering the LLN by first 1878 inserting an IPIP header. The attacker's RPI header therefore will 1879 not be seen by the network. Upon reaching the destination node the 1880 RPI header has no further meaning and is just skipped; the presence 1881 of a second RPI header will have no meaning to the end node as the 1882 packet has already been identified as being at it's final 1883 destination. 1885 The RH3 and RPI headers could be abused by an attacker inside of the 1886 network to route packets on non-obvious ways, perhaps eluding 1887 observation. This usage is in fact part of [RFC6997] and can not be 1888 restricted at all. This is a feature, not a bug. 1890 [RFC7416] deals with many other threats to LLNs not directly related 1891 to the use of IPIP headers, and this document does not change that 1892 analysis. 1894 12. Acknowledgments 1896 This work is partially funded by the FP7 Marie Curie Initial Training 1897 Network (ITN) METRICS project (grant agreement No. 607728). 1899 A special BIG thanks to C. M. Heard for the help with the 1900 Section 3. Much of the redaction in that section is based on his 1901 comments. 1903 Additionally, the authors would like to acknowledge the review, 1904 feedback, and comments of (alphabetical order): Robert Cragie, Simon 1905 Duquennoy, Ralph Droms, Cenk Guendogan, Rahul Jadhav, Matthias 1906 Kovatsch, Peter van der Stok, Xavier Vilajosana and Thomas Watteyne. 1908 13. References 1910 13.1. Normative References 1912 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1913 Requirement Levels", BCP 14, RFC 2119, 1914 DOI 10.17487/RFC2119, March 1997, 1915 . 1917 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1918 IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, 1919 December 1998, . 1921 [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: 1922 Defeating Denial of Service Attacks which employ IP Source 1923 Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, 1924 May 2000, . 1926 [RFC5406] Bellovin, S., "Guidelines for Specifying the Use of IPsec 1927 Version 2", BCP 146, RFC 5406, DOI 10.17487/RFC5406, 1928 February 2009, . 1930 [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., 1931 Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, 1932 JP., and R. Alexander, "RPL: IPv6 Routing Protocol for 1933 Low-Power and Lossy Networks", RFC 6550, 1934 DOI 10.17487/RFC6550, March 2012, 1935 . 1937 [RFC6553] Hui, J. and JP. Vasseur, "The Routing Protocol for Low- 1938 Power and Lossy Networks (RPL) Option for Carrying RPL 1939 Information in Data-Plane Datagrams", RFC 6553, 1940 DOI 10.17487/RFC6553, March 2012, 1941 . 1943 [RFC6554] Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6 1944 Routing Header for Source Routes with the Routing Protocol 1945 for Low-Power and Lossy Networks (RPL)", RFC 6554, 1946 DOI 10.17487/RFC6554, March 2012, 1947 . 1949 [RFC7045] Carpenter, B. and S. Jiang, "Transmission and Processing 1950 of IPv6 Extension Headers", RFC 7045, 1951 DOI 10.17487/RFC7045, December 2013, 1952 . 1954 [RFC8138] Thubert, P., Ed., Bormann, C., Toutain, L., and R. Cragie, 1955 "IPv6 over Low-Power Wireless Personal Area Network 1956 (6LoWPAN) Routing Header", RFC 8138, DOI 10.17487/RFC8138, 1957 April 2017, . 1959 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1960 (IPv6) Specification", STD 86, RFC 8200, 1961 DOI 10.17487/RFC8200, July 2017, 1962 . 1964 13.2. Informative References 1966 [DDOS-KREBS] 1967 Goodin, D., "Record-breaking DDoS reportedly delivered by 1968 >145k hacked cameras", September 2016, 1969 . 1972 [I-D.ietf-6lo-backbone-router] 1973 Thubert, P., "IPv6 Backbone Router", draft-ietf-6lo- 1974 backbone-router-06 (work in progress), February 2018. 1976 [I-D.ietf-6man-rfc6434-bis] 1977 Chown, T., Loughney, J., and T. Winters, "IPv6 Node 1978 Requirements", draft-ietf-6man-rfc6434-bis-05 (work in 1979 progress), February 2018. 1981 [I-D.ietf-6tisch-dtsecurity-secure-join] 1982 Richardson, M., "6tisch Secure Join protocol", draft-ietf- 1983 6tisch-dtsecurity-secure-join-01 (work in progress), 1984 February 2017. 1986 [I-D.ietf-anima-autonomic-control-plane] 1987 Eckert, T., Behringer, M., and S. Bjarnason, "An Autonomic 1988 Control Plane (ACP)", draft-ietf-anima-autonomic-control- 1989 plane-13 (work in progress), December 2017. 1991 [I-D.ietf-anima-bootstrapping-keyinfra] 1992 Pritikin, M., Richardson, M., Behringer, M., Bjarnason, 1993 S., and K. Watsen, "Bootstrapping Remote Secure Key 1994 Infrastructures (BRSKI)", draft-ietf-anima-bootstrapping- 1995 keyinfra-11 (work in progress), February 2018. 1997 [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for 1998 Renumbering an IPv6 Network without a Flag Day", RFC 4192, 1999 DOI 10.17487/RFC4192, September 2005, 2000 . 2002 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 2003 Control Message Protocol (ICMPv6) for the Internet 2004 Protocol Version 6 (IPv6) Specification", STD 89, 2005 RFC 4443, DOI 10.17487/RFC4443, March 2006, 2006 . 2008 [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. 2009 Bormann, "Neighbor Discovery Optimization for IPv6 over 2010 Low-Power Wireless Personal Area Networks (6LoWPANs)", 2011 RFC 6775, DOI 10.17487/RFC6775, November 2012, 2012 . 2014 [RFC6997] Goyal, M., Ed., Baccelli, E., Philipp, M., Brandt, A., and 2015 J. Martocci, "Reactive Discovery of Point-to-Point Routes 2016 in Low-Power and Lossy Networks", RFC 6997, 2017 DOI 10.17487/RFC6997, August 2013, 2018 . 2020 [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and 2021 Lossy Networks", RFC 7102, DOI 10.17487/RFC7102, January 2022 2014, . 2024 [RFC7416] Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., 2025 and M. Richardson, Ed., "A Security Threat Analysis for 2026 the Routing Protocol for Low-Power and Lossy Networks 2027 (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015, 2028 . 2030 [Second6TischPlugtest] 2031 "2nd 6Tisch Plugtest", . 2034 Authors' Addresses 2036 Maria Ines Robles 2037 Ericsson 2038 Hirsalantie 11 2039 Jorvas 02420 2040 Finland 2042 Email: maria.ines.robles@ericsson.com 2044 Michael C. Richardson 2045 Sandelman Software Works 2046 470 Dawson Avenue 2047 Ottawa, ON K1Z 5V7 2048 CA 2050 Email: mcr+ietf@sandelman.ca 2051 URI: http://www.sandelman.ca/mcr/ 2053 Pascal Thubert 2054 Cisco Systems, Inc 2055 Village d'Entreprises Green Side 400, Avenue de Roumanille 2056 Batiment T3, Biot - Sophia Antipolis 06410 2057 France 2059 Email: pthubert@cisco.com