idnits 2.17.00 (12 Aug 2021) /tmp/idnits23061/draft-thubert-6lo-rfc6775-update-reqs-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 2) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 20, 2014) is 2831 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC3775' is defined on line 627, but no explicit reference was found in the text == Unused Reference: 'RFC4291' is defined on line 630, but no explicit reference was found in the text == Unused Reference: 'RFC4443' is defined on line 636, but no explicit reference was found in the text == Unused Reference: 'I-D.hong-6lo-ipv6-over-nfc' is defined on line 685, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-6tisch-terminology' is defined on line 708, but no explicit reference was found in the text == Unused Reference: 'I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks' is defined on line 724, but no explicit reference was found in the text == Unused Reference: 'RFC3963' is defined on line 730, but no explicit reference was found in the text == Unused Reference: 'RFC3972' is defined on line 737, but no explicit reference was found in the text == Unused Reference: 'RFC4389' is defined on line 740, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3775 (Obsoleted by RFC 6275) ** Downref: Normative reference to an Experimental RFC: RFC 6830 == Outdated reference: A later version (-07) exists of draft-chakrabarti-nordmark-6man-efficient-nd-04 == Outdated reference: A later version (-03) exists of draft-hong-6lo-ipv6-over-nfc-01 == Outdated reference: draft-ietf-6lo-btle has been published as RFC 7668 == Outdated reference: draft-ietf-6tisch-architecture has been published as RFC 9030 == Outdated reference: A later version (-10) exists of draft-ietf-6tisch-terminology-00 == Outdated reference: draft-ietf-roll-terminology has been published as RFC 7102 Summary: 3 errors (**), 0 flaws (~~), 17 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6Lo P. Thubert, Ed. 3 Internet-Draft cisco 4 Intended status: Standards Track August 20, 2014 5 Expires: February 19, 2015 7 Requirements for an update to 6LoWPAN ND 8 draft-thubert-6lo-rfc6775-update-reqs-03 10 Abstract 12 Work presented at the ROLL, 6lo, 6TiSCH and 6MAN Working Groups 13 suggest that enhancements to the 6LoWPAN ND mechanism are now needed. 14 This document elaborates on those requirements and suggests 15 approaches to serve them. 17 Status of this Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at http://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on February 19, 2015. 34 Copyright Notice 36 Copyright (c) 2014 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents (http://trustee.ietf.org/ 41 license-info) in effect on the date of publication of this document. 42 Please review these documents carefully, as they describe your rights 43 and restrictions with respect to this document. Code Components 44 extracted from this document must include Simplified BSD License text 45 as described in Section 4.e of the Trust Legal Provisions and are 46 provided without warranty as described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 53 3.1. RPL Leaf Support in 6LoWPAN ND . . . . . . . . . . . . . . 5 54 3.2. registration Failures Due to Movement . . . . . . . . . . 6 55 3.3. Proxy registration . . . . . . . . . . . . . . . . . . . . 6 56 3.4. Target Registration . . . . . . . . . . . . . . . . . . . 6 57 3.5. RPL root vs. 6LBR . . . . . . . . . . . . . . . . . . . . 7 58 3.6. Securing the Registration . . . . . . . . . . . . . . . . 7 59 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 8 60 4.1. Requirements Related to Mobility . . . . . . . . . . . . . 8 61 4.2. Requirements Related to Routing Protocols . . . . . . . . 8 62 4.3. Requirements Related to the Variety of Low-Power Link types 9 63 4.4. Requirements Related to Proxy Operations . . . . . . . . . 10 64 4.5. Requirements Related to Security . . . . . . . . . . . . . 10 65 4.6. Requirements Related to Low-Power devices . . . . . . . . 10 66 5. Suggested Changes to Protocol Elements . . . . . . . . . . . . 10 67 5.1. ND Neighbor Solicitation (NS) . . . . . . . . . . . . . . 10 68 5.2. ND Router Advertisement (RA) . . . . . . . . . . . . . . . 11 69 5.3. RPL DODAG Information Object (DIO) . . . . . . . . . . . . 11 70 5.4. ND Enhanced Address Registration Option (EARO) . . . . . . 11 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 72 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 73 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 74 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 9.1. Normative References . . . . . . . . . . . . . . . . . . . 13 76 9.2. Informative References . . . . . . . . . . . . . . . . . . 14 77 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 79 1. Introduction 81 A number of use cases, including the Industrial Internet, require a 82 large scale deployment of sensors that can not be realized with wires 83 and is only feasible over wireless Low power and Lossy Network (LLN) 84 technologies. When simpler hub-and-spoke topologies are not 85 sufficient for the expected throughput and density, mesh networks 86 must be deployed, which implies the concepts of hosts and routers, 87 whether operated at Layer-2 or Layer-3. 89 The IETF has designed the LLN host-to-router and router-to-router 90 protocol that supports address assignment and the router-to-router 91 protocol that supports reachability across Route-Over LLNs in 92 different Areas. It was clear for both efforts that the scalability 93 requirements could only be met with IPv6 [RFC2460], and there is no 94 fundamental contradiction between those protocols to that regard. 96 While DHCPv6 is still a viable option in LLNs, the new IETF standard 97 that supports address assignment specifically for LLNs is 6LoWPAN ND, 98 the Neighbor Discovery Optimization for Low-power and Lossy Networks 99 [RFC6775]. 6LoWPAN ND was designed as a stand-alone mechanism 100 separately from its IETF routing counterpart, the IPv6 Routing 101 Protocol for Low power and Lossy Networks [RFC6550] (RPL), and the 102 interaction between the 2 protocols was not defined. 104 The 6TiSCH WG is now considering an architecture [I-D.ietf-6tisch- 105 architecture] whereby a 6LowPAN ND host could connect to the Internet 106 via a RPL Network, but this requires additions to the protocol to 107 support mobility and reachability in a secured and manageable 108 environment. 110 At the same time, new work at 6MAN on Efficiency aware IPv6 Neighbor 111 Discovery Optimizations [I-D.chakrabarti-nordmark-6man-efficient-nd] 112 suggests that 6LoWPAN ND can be extended to other types of networks 113 on top of the Low power and Lossy Networks (LLNs) for which it was 114 already defined. The value of such extension is especially apparent 115 in the case of mobile wireless devices, to reduce the multicast 116 operations that are related to classical ND ([RFC4861], [RFC4862]) 117 and plague the wireless medium. In this context also, there is a 118 need for additions to the protocol. 120 The Optimistic Duplicate Address Detection [RFC4429] (ODAD) 121 specification details how an address can be used before a Duplicate 122 Address Detection (DAD) is complete, and insists that an address that 123 is TENTATIVE should not be associated to a Source Link-Layer Address 124 Option in a Neighbor Solicitation message. As we expect the 6LoWPAN 125 ND protocol for a more general use, it can make sense to keep 126 respecting that rule, which is another change to the specification. 128 This document suggests a limited evolution to [RFC6775] so as to 129 allow operation of a 6LoWPAN ND node as a leaf in a RPL network. It 130 also suggests a more generalized use of the information in the ARO 131 option outside of the strict LLN domain, for instance over a 132 converged backbone. 134 2. Terminology 136 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 137 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 138 document are to be interpreted as described in [RFC2119]. 140 Readers are expected to be familiar with all the terms and concepts 141 that are discussed in "Neighbor Discovery for IP version 6" 142 [RFC4861], "IPv6 Stateless Address Autoconfiguration" [RFC4862], 143 "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 144 Overview, Assumptions, Problem Statement, and Goals" [RFC4919], 145 Neighbor Discovery Optimization for Low-power and Lossy Networks 146 [RFC6775] and "Transmission of IPv6 Packets over IEEE 802.15.4 147 Networks" [RFC4944]. 149 Additionally, this document uses terminology from 6TiSCH [I-D.ietf- 150 6tisch-terminology] and ROLL [I-D.ietf-roll-terminology]. 152 3. Overview 154 The 6TiSCH architecture [I-D.ietf-6tisch-architecture] expects that 155 a 6LoWPAN device can connect as a leaf to a RPL network, where the 156 leaf support is the minimal functionality to connect as a host to a 157 RPL network without the need to participate to the full routing 158 protocol. The support of leaf can be implemented as a minor 159 increment to 6LoWPAN ND, with the additional capability to carry a 160 sequence number that is used to track the movements of the device, 161 and optionally some information about the RPL topology that this 162 device will join. 164 The scope of the 6TiSCH Architecture is a Backbone Link that 165 federates multiple LLNs as a single IPv6 Multi-Link Subnet. Each LLN 166 in the subnet is anchored at a Backbone Router (6BBR). The Backbone 167 Routers interconnect the LLNs over the Backbone Link and emulate that 168 the LLN nodes are present on the Backbone by proxy-ND operations. An 169 LLN node can move freely from an LLN Route-Over mesh anchored at a 170 Backbone Router to another anchored at a same or a different Backbone 171 Router inside the Multi-Link Subnet and conserve its addresses. 173 ---+------------------------ 174 | Plant Network 175 | 176 +-----+ 177 | | Gateway 178 | | 179 +-----+ 180 | 181 | Backbone Link (with VLANs) 182 +--------------------+------------------+ 183 | | | 184 +-----+ +-----+ +-----+ 185 | | Backbone | | Backbone | | Backbone 186 | | router | | router | | router 187 +-----+ +-----+ +-----+ 188 | | | | | | 189 0 0 0 0 0 (6LBR == RPL root) 190 o o o o o o o o o o o o o o 191 o o o o o o o o o o (6LR == RPL router) 192 o o o o o o o z 193 o o o o o z 194 RPL Instances (6LoWPAN Host == RPL leaf) 196 The root of the RPL topology is logically separated from the 6BBR 197 that is used to connect the RPL topology to the backbone. The RPL 198 root can use Efficient ND as the interface to register an LLN node in 199 its topology to the 6BBR for whatever operation the 6BBR performs, 200 such as ND proxy operations, or injection in a routing protocol. It 201 results that, as illustrated in Figure 2, the periodic signaling 202 could start at the leaf node with 6LoWPAN ND, then would be carried 203 over RPL to the RPL root, and then with Efficient-ND to the 6BBR. 205 Efficient ND being an adaptation of 6LoWPAN ND, it makes sense to 206 keep those two homogeneous in the way they use the source and the 207 target addresses in the Neighbor Solicitation (NS) messages for 208 registration, as well as in the options that they use for that 209 process. 211 6LoWPAN Node 6LR 6LBR 6BBR 212 (RPL leaf) (router) (root) 213 | | | | 214 | 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND 215 | LLN link |Route-Over mesh| IPv6 link | Backbone 216 | | | | 217 | NS(ARO) | | | 218 |-------------->| | | 219 | 6LoWPAN ND | DAR (then DAO)| | 220 | |-------------->| | 221 | | | NS(ARO) | 222 | | |-------------->| 223 | | | | DAD 224 | | | |------> 225 | | | | 226 | | | NA(ARO) | 227 | | |<--------------| 228 | | DAC | | 229 | |<--------------| | 230 | NA(ARO) | | | 231 |<--------------| | | 233 As the network builds up, a node should start as a leaf to join the 234 RPL network, and may later turn into both a RPL-capable router and a 235 6LR, so as to accept leaf nodes to recursively join the network. 237 3.1. RPL Leaf Support in 6LoWPAN ND 239 RPL needs a set of information in order to advertise a leaf node 240 through a DAO message and establish reachability. 242 At the bare minimum the leaf device must provide a sequence number 243 that matches the RPL specification in section 7. [I-D.chakrabarti- 244 nordmark-6man-efficient-nd] section "4.1. Address Registration 245 Option" (ARO) already incorporates that addition with a new field in 246 the option called the Transaction ID. 248 If for some reason the node is aware of RPL topologies, then 249 providing the RPL InstanceID for the instances to which the node 250 wishes to participate would be a welcome addition. In the absence of 251 such information, the RPL router must infer the proper instanceID 252 from external rules and policies. 254 On the backbone, the InstanceID is expected to be mapped onto a 255 VLANID. Neither WiFi nor Efficient ND do provide a mapping to 256 VLANIDs, and it is unclear, when a wireless node attaches to a 257 backbone where VLANs are defined, which VLAN the wireless device 258 attaches to. Considering that a VLAN is effectively the IP link on 259 the backbone, adding the InstanceID to both specifications could be a 260 welcome addition. 262 3.2. registration Failures Due to Movement 264 Registration to the 6LBR through DAR/DAC messages [RFC6775] may 265 percolate slowly through an LLN mesh, and it might happen that in the 266 meantime, the 6LoWPAN node moves and registers somewhere else. Both 267 RPL and 6LoWPAN ND lack the capability to indicate that the same node 268 is registered elsewhere, so as to invalidate states down the 269 deprecated path. 271 In its current expression and functionality, 6LoWPAN ND considers 272 that the registration is used for the purpose of DAD only as opposed 273 to that of achieving reachability, and as long as the same node 274 registers the IPv6 address, the protocol is functional. In order to 275 act as a RPL leaf registration protocol and achieve reachability, the 276 device must use the same TID for all its concurrent registrations, 277 and registrations with a past TID should be declined. The state for 278 an obsolete registration in the 6LR, as well as the RPL routers on 279 the way, should be invalidated. This can only be achieved with the 280 addition of a new Status in the DAC message, and a new error/clean-up 281 flow in RPL. 283 3.3. Proxy registration 285 The 6BBR provides the capability to defend an address that is owned 286 by a 6LoWPAN Node, and attract packets to that address, whether it is 287 done by proxying ND over a MultiLink Subnet, redistributing the 288 address in a routing protocol or advertising it through an alternate 289 proxy registration such as the Locator/ID Separation Protocol 290 [RFC6830] (LISP) or Mobility Support in IPv6 [RFC6275] (MIPv6). In a 291 LLN, it makes sense to piggyback the request to proxy/defend an 292 address with its registration. 294 3.4. Target Registration 295 In their current incarnations, both 6LoWPAN ND and Efficient ND 296 expect that the address being registered is the source of the NS(ARO) 297 message and thus impose that a Source Link-Layer Address (SLLA) 298 option be present in the message. In a mesh scenario where the 6LBR 299 is physically separated from the 6LoWPAN Node, the 6LBR does not own 300 the address being registered. This suggests that [I-D.chakrabarti- 301 nordmark-6man-efficient-nd] should evolve to register the Target of 302 the NS message as opposed to the Source Address. From another 303 perspective, it may happen, in the use case of a Star topology, that 304 the 6LR, 6LBR and 6BBR are effectively collapsed and should support 305 6LoWPAN ND clients. The convergence of efficient ND and 6LoWPAN ND 306 into a single protocol is thus highly desirable. 308 In any case, as long as the DAD process is not complete for the 309 address used as source of the packet, it is against the current 310 practice to advertise the SLLA, since this may corrupt the ND cache 311 of the destination node, as discussed in the Optimistic DAD 312 specification [RFC4429] with regards to the TENTATIVE state. 314 This may look like a chicken and an egg problem, but in fact 6LoWPAN 315 ND acknowledges that the Link-Local Address that is based on an 316 EUI-64 address of a LLN node may be autoconfigured without the need 317 for DAD. It results that a node could use that Address as source, 318 with an SSLA option in the message if required, to register any other 319 addresses, either Global or Unique-Local Addresses, which would be 320 indicated in the Target. 322 The suggested change is to register the target of the NS message, and 323 use Target Link-Layer Address (TLLA) in the NS as opposed to the SLLA 324 in order to install a Neighbor Cache Entry. This would apply to both 325 Efficient ND and 6LoWPAN ND in a very same manner, with the caveat 326 that depending on the nature of the link between the 6LBR and the 327 6BBR, the 6LBR may resort to classical ND or DHCPv6 to obtain the 328 address that it uses to source the NS registration messages, whether 329 for itself or on behalf of LLN nodes. 331 3.5. RPL root vs. 6LBR 333 6LoWPAN ND is unclear on how the 6LBR is discovered, and how the 334 liveliness of the 6LBR is asserted over time. On the other hand, the 335 discovery and liveliness of the RPL root are obtained through the RPL 336 protocol. 338 When 6LoWPAN ND is coupled with RPL, it makes sense to collocate the 339 6LBR and the RPL root functionalities. The DAR/DAC exchange becomes 340 a preamble to the DAO messages that are used from then on to 341 reconfirm the registration, thus eliminating a duplication of 342 functionality between DAO and DAR messages. 344 3.6. Securing the Registration 345 A typical attack against IPv6 ND is address spoofing, whereby a rogue 346 node claims the IPv6 Address of another node in and hijacks its 347 traffic. 349 SEcure Neighbor Discovery (SEND) [RFC3971] is designed to protect 350 each individual ND lookup/advertisement in a peer to peer model where 351 each lookup may be between different parties. This is not the case 352 in a 6LoWPAN ND LLN where, as illustrated in Figure 2, the 6LBR 353 terminates all the flows and may store security information for later 354 validation. 356 Additionally SEND requires considerably enlarged ND messages to carry 357 cryptographic material, and requires that each protected address is 358 generated cryptographically, which implies the computation of a 359 different key for each Cryptographically Generated Address (CGA). 360 Once an Address is registered, the 6LBR maintains a state for that 361 Address and is in position to bind securely the first registration 362 with the Node that placed it, whether the Address is CGA or not. It 363 should thus be possible to protect the ownership of all the addresses 364 of a 6LoWPAN Node with a single key, and there should not be a need 365 to carry the cryptographic material more than once to the 6LBR. 367 4. Requirements 369 4.1. Requirements Related to Mobility 371 Due to the nature of LLN networks, even a fixed 6LoWPAN Node may 372 change its point of attachment (a 6LR) and may not be able to notify 373 the 6LR that it has disconnected from. It results that the previous 374 6LR may still attract traffic that it cannot deliver any more. When 375 the 6LR changes, there is thus a need to identify stale states and 376 restore reachability timely. 378 Req1.1: Upon a change of point of attachment, connectivity via a new 379 6LR MUST be restored timely without the need to de-register from the 380 previous 6LR. 382 Req1.2: For that purpose, the protocol MUST enable to differentiate 383 multiple registrations from a same 6LoWPAN Node from two different 384 6LoWPAN Nodes claiming a same address. 386 Req1.3: This information MUST be passed from the 6LR to the 6LBR, and 387 the 6LBR SHOULD be able to clean up the stale state asynchronously in 388 the previous 6LR. 390 Req1.4: A 6LoWPAN Node SHOULD also be capable to register a same 391 Address to multiple 6LRs, and this, concurrently. 393 4.2. Requirements Related to Routing Protocols 394 The point of attachment of a 6LoWPAN Node may be a 6LR in an LLN 395 mesh. An LLN route-over mesh is typically based on RPL, which is the 396 routing protocol that was defined at the IETF for this particular 397 purpose. It derives that in this scenario, the 6LR would classically 398 support RPL. One goal is that a 6LoWPAN Node attached via ND to a 399 RPL-capable 6LR would not need to participate to the RPL protocol to 400 obtain reachability via the 6LR. An additional goal would be to 401 obtain reachability via other routing protocols through a same ND- 402 based abstraction. 404 Related requirements are: 406 Req2.1: The ND registration method SHOULD be extended in such a 407 fashion that the 6LR MAY advertise the Address of a 6LoWPAN Node over 408 RPL and obtain reachability to that Address over the RPL domain. 410 Req2.2: The Address Registration Option that is used in the ND 411 registration SHOULD be extended to carry enough information to 412 generate a DAO message as specified in [RFC6550] section 6.4, in 413 particular the capability to compute a DAOSequence and, as an option, 414 a RPLInstanceID. 416 Req2.3: Depending on their applicability to LLNs, other standard mesh 417 /MANET protocols MAY be considered as well. 419 4.3. Requirements Related to the Variety of Low-Power Link types 421 6LoWPAN ND [RFC6775] was defined with a focus on IEEE802.15.4 and in 422 particular the capability to derive a unique Identifier from a 423 globally unique MAC-64 address. At this point, the 6lo Working Group 424 is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique 425 to other link types ITU-T G.9959 [I-D.brandt-6man-lowpanz], Master- 426 Slave/Token-Passing [I-D.ietf-6man-6lobac], DECT Ultra Low Energy 427 [I-D.mariager-6lowpan-v6over-dect-ule], Near Field Communication [I-D 428 .hong-6lo-ipv6-over-nfc], as well as IEEE1901.2 Narrowband Powerline 429 Communication Networks [I-D.popa-6lo-6loplc-ipv6-over- 430 ieee19012-networks] and BLUETOOTH(R) Low Energy [I-D.ietf-6lo-btle]. 432 Related requirements are: 434 Req3.1: The support of the registration mechanism SHOULD be extended 435 to more LLN links, matching at least the links that are considered by 436 6lo as well as other popular Low-Power links such as Low-Power Wi-Fi. 438 Req3.2: As part of this extension, a mechanism to compute a unique 439 Identifier should be provided, with the capability to form a Link- 440 Local Address that can not be a duplicate. The Identifier SHOULD be 441 unique at least to the domain where an Address formed by this device 442 may be advertised through ND mechanisms. 444 Req3.3: The Address Registration Option used in the ND registration 445 SHOULD be extended to carry the relevant forms of unique Identifier. 447 4.4. Requirements Related to Proxy Operations 449 Sleeping devices may not be able to answer themselves to a lookup 450 from a node that uses classical ND on a backbone and may need a proxy 451 operation by a 6BBR. Additionally, the device may need to rely on the 452 6LBR to perform that registration to the 6BBR. 454 Related requirements are: 456 Req4.1: The registration mechanism SHOULD enable a third party to 457 proxy register an Address on behalf of a 6LoWPAN node that may be 458 sleeping or located deeper in an LLN mesh. 460 4.5. Requirements Related to Security 462 In order to guarantee the operations of the 6LoWPAN ND flows, the 463 spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a 464 node successfully registers an address, 6LoWPAN ND should provide the 465 means to protect that ownership even if the node is sleeping. In 466 particular, the 6LR and the 6LBR then should be able to verify 467 whether a subsequent registration for a same Address comes from a 468 same node or is a duplicate. 470 Related requirements are: 472 Req5.1: 6LoWPAN ND SHOULD provide a mechanism for the 6LR, 6LBR and 473 6BBR to authenticate and authorize one another for their respective 474 roles, as well as with the 6LoWPAN Node for the role of 6LR. 476 Req5.2: 6LoWPAN ND SHOULD provide a mechanism for the 6LR and the 477 6LBR to validate whether a new registration corresponds to a same 478 6LoWPAN Node, and, if not, determine the rightful owner, and deny or 479 clean-up the registration that is deemed in excess. 481 4.6. Requirements Related to Low-Power devices 483 The ND registration method is designed to save energy on Low-Power 484 devices, and in particular enable duty-cycled devices that are 485 sleeping most of the time and not capable to defend their own 486 Addresses against always-on devices. 488 Related requirements are: 490 Req6.1: The registration mechanism SHOULD be applicable to a Low- 491 Power device regardless of the link type, and enable a 6BBR to 492 operate as a proxy to defend the registered Addresses on its behalf. 494 5. Suggested Changes to Protocol Elements 496 5.1. ND Neighbor Solicitation (NS) 497 The NS message used for registration should use a source address that 498 respects the rules in [RFC6775], [RFC4861], and [RFC4429] for DAD. 499 The SLLA Option may be present but only if the address passed DAD, 500 and it is used to allow the 6LR to respond as opposed to as a 501 registration mechanism. 503 The address that is being registered is the target address in the NS 504 message and the TLLA Option must be present. 506 5.2. ND Router Advertisement (RA) 508 [I-D.chakrabarti-nordmark-6man-efficient-nd] adds an 'E' bit in the 509 Router Advertisement flag, as well as a new Registrar Address Option 510 (RAO). These fields are probably pertinent to LLNs inclusion into a 511 revised 6LoWPAN ND should be studied. 513 There is some amount of duplication between the options in the RPL 514 DIO [RFC6550] and the options in the ND RA messages. At the same 515 time, there are a number of options, including the 6LoWPAN Context 516 Option (6CO) [RFC6775], the MTU and the SLLA Options [RFC4861] that 517 can only be found in the RA messages. Considering that these options 518 are useful for a joining node, the recommendation would be to 519 associate the RA messages to the join beacon, and make them rare when 520 the network is stable. On the other hand, the DIO message is to be 521 used as the propagated heartbeat of the RPL network and provide the 522 sense of time and liveliness. 524 RAs should also be issued and the information therein propagated when 525 a change occurs in the information therein, such as a router or a 526 prefix lifetime. 528 5.3. RPL DODAG Information Object (DIO) 530 If the RPL root serves as 6LBR, it makes sense to add at least a bit 531 of information in the DIO to signal so. A Registrar Address Option 532 (RAO) may also be considered for addition. 534 5.4. ND Enhanced Address Registration Option (EARO) 536 The ARO option contains a Unique ID that is supposed to identify the 537 device across multiple registrations. It is envisioned that the 538 device could form a single CGA-based Unique Interface ID (CUID) to 539 securely bind all of its addresses. The CUID would be used as Unique 540 Interface Identifier in the ARO option and to form a Link-Local 541 address that would be deemed unique regardless of the Link type. 542 Provided that the relevant cryptographic material is passed to the 543 6LBR upon the first registration or on-demand at a later time, the 544 6LBR can validate that a Node is effectively the owner of a CUID, and 545 ensure that the ownership of an Address stays with the CUID that 546 registered it first. 548 This option is designed to be used with standard NS and NA messages 549 between backbone Routers as well as between nodes and 6LRs over the 550 LLN and between the 6LBR and the 6BBR over whatever IP link they use 551 to communicate. 553 0 1 2 3 554 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 555 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 556 | Type | Length | Status | RPLInstanceID | 557 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 558 |Res|P|N| IDS |T| TID | Registration Lifetime | 559 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 560 | | 561 ~ Unique Interface Identifier (variable length) ~ 562 | | 563 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 565 The representation above is based on [I-D.chakrabarti-nordmark-6man- 566 efficient-nd]. Only the proposed changes from that specification are 567 discussed below but the expectation is that 6LoWPAN ND and Efficient 568 ND converge on the ARO format. 570 Status: 8-bit integer. A new value of 3 is suggested to indicate a 571 rejection due to an obsolete TID, typically an indication of a 572 movement. 574 RPLInstanceID: 8-bit integer. This field is set to 0 when unused. 575 Otherwise it contains the RPLInstanceID for which this address is 576 registered, as specified in RPL [RFC6550], and discussed in 577 particular in section 3.1.2. 579 P: One bit flag. Indicates that the address is to be redistributed 580 to obtain reachability, e.g. into the RPL protocol, or for ND 581 proxy operation. 583 N: One bit flag. Set if the device moved. If not set, the 6BBR will 584 refrain from sending gratuitous NA(O) or other form of distributed 585 ND cache clean-up over the backbone. For instance, the flag 586 should be reset after the DAD operation upon address formation. 588 6. Security Considerations 590 This specification expects that the link layer is sufficiently 591 protected, either by means of physical or IP security for the 592 Backbone Link or MAC sublayer cryptography. In particular, it is 593 expected that the LLN MAC provides secure unicast to/from the 594 Backbone Router and secure broadcast from the Backbone Router in a 595 way that prevents tempering with or replaying the RA messages. 596 Still, Section 4.5 has a requirement for a mutual authentication and 597 authorization for a role for 6LRs, 6LBRs and 6BBRs. 599 This documents also suggests in Section 5.4 that a 6LoWPAN Node could 600 form a single Unique Interface ID (CUID) based on cryptographic 601 techniques similar to CGA. The CUID would be used as Unique 602 Interface Identifier in the ARO option and new Secure ND procedures 603 would be proposed to use it as opposed to the source IPv6 address to 604 secure the binding between an Address and its owning Node, and 605 enforce First/Come-First/Serve at the 6LBR. 607 7. IANA Considerations 609 A new type is requested for an ND option. 611 8. Acknowledgments 613 The author wishes acknowledge the contributions by Samita 614 Chakrabarti, Erik Normark, JP Vasseur, Eric Levy-Abegnoli, Patrick 615 Wetterwald, Thomas Watteyne, and Behcet Sarikaya. 617 9. References 619 9.1. Normative References 621 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 622 Requirement Levels", BCP 14, RFC 2119, March 1997. 624 [RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version 625 6 (IPv6) Specification", RFC 2460, December 1998. 627 [RFC3775] Johnson, D., Perkins, C. and J. Arkko, "Mobility Support 628 in IPv6", RFC 3775, June 2004. 630 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 631 Architecture", RFC 4291, February 2006. 633 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 634 for IPv6", RFC 4429, April 2006. 636 [RFC4443] Conta, A., Deering, S. and M. Gupta, "Internet Control 637 Message Protocol (ICMPv6) for the Internet Protocol 638 Version 6 (IPv6) Specification", RFC 4443, March 2006. 640 [RFC4861] Narten, T., Nordmark, E., Simpson, W. and H. Soliman, 641 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 642 September 2007. 644 [RFC4862] Thomson, S., Narten, T. and T. Jinmei, "IPv6 Stateless 645 Address Autoconfiguration", RFC 4862, September 2007. 647 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J. and D. Culler, 648 "Transmission of IPv6 Packets over IEEE 802.15.4 649 Networks", RFC 4944, September 2007. 651 [RFC6275] Perkins, C., Johnson, D. and J. Arkko, "Mobility Support 652 in IPv6", RFC 6275, July 2011. 654 [RFC6282] Hui, J. and P. Thubert, "Compression Format for IPv6 655 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 656 September 2011. 658 [RFC6550] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., 659 Levis, P., Pister, K., Struik, R., Vasseur, JP. and R. 660 Alexander, "RPL: IPv6 Routing Protocol for Low-Power and 661 Lossy Networks", RFC 6550, March 2012. 663 [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E. and C. Bormann, 664 "Neighbor Discovery Optimization for IPv6 over Low-Power 665 Wireless Personal Area Networks (6LoWPANs)", RFC 6775, 666 November 2012. 668 [RFC6830] Farinacci, D., Fuller, V., Meyer, D. and D. Lewis, "The 669 Locator/ID Separation Protocol (LISP)", RFC 6830, January 670 2013. 672 9.2. Informative References 674 [I-D.brandt-6man-lowpanz] 675 Brandt, A. and J. Buron, "Transmission of IPv6 packets 676 over ITU-T G.9959 Networks", Internet-Draft draft-brandt- 677 6man-lowpanz-02, June 2013. 679 [I-D.chakrabarti-nordmark-6man-efficient-nd] 680 Chakrabarti, S., Nordmark, E., Thubert, P. and M. 681 Wasserman, "Wired and Wireless IPv6 Neighbor Discovery 682 Optimizations", Internet-Draft draft-chakrabarti-nordmark- 683 6man-efficient-nd-04, October 2013. 685 [I-D.hong-6lo-ipv6-over-nfc] 686 Hong, Y., Choi, Y., Youn, J., Kim, D. and J. Choi, 687 "Transmission of IPv6 Packets over Near Field 688 Communication", Internet-Draft draft-hong-6lo-ipv6-over- 689 nfc-01, August 2014. 691 [I-D.ietf-6lo-btle] 692 Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 693 Shelby, Z. and C. Gomez, "Transmission of IPv6 Packets 694 over BLUETOOTH(R) Low Energy", Internet-Draft draft-ietf- 695 6lo-btle-02, June 2014. 697 [I-D.ietf-6man-6lobac] 698 Lynn, K., Martocci, J., Neilson, C. and S. Donaldson, 699 "Transmission of IPv6 over MS/TP Networks", Internet-Draft 700 draft-ietf-6man-6lobac-01, March 2012. 702 [I-D.ietf-6tisch-architecture] 703 Thubert, P., Watteyne, T. and R. Assimiti, "An 704 Architecture for IPv6 over the TSCH mode of IEEE 705 802.15.4e", Internet-Draft draft-ietf-6tisch- 706 architecture-01, February 2014. 708 [I-D.ietf-6tisch-terminology] 709 Palattella, M., Thubert, P., Watteyne, T. and Q. Wang, 710 "Terminology in IPv6 over the TSCH mode of IEEE 711 802.15.4e", Internet-Draft draft-ietf-6tisch- 712 terminology-00, November 2013. 714 [I-D.ietf-roll-terminology] 715 Vasseur, J., "Terms used in Routing for Low power And 716 Lossy Networks", Internet-Draft draft-ietf-roll- 717 terminology-13, October 2013. 719 [I-D.mariager-6lowpan-v6over-dect-ule] 720 Mariager, P., Petersen, J. and Z. Shelby, "Transmission of 721 IPv6 Packets over DECT Ultra Low Energy", Internet-Draft 722 draft-mariager-6lowpan-v6over-dect-ule-03, July 2013. 724 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] 725 Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets 726 over IEEE 1901.2 Narrowband Powerline Communication 727 Networks", Internet-Draft draft-popa-6lo-6loplc-ipv6-over- 728 ieee19012-networks-00, March 2014. 730 [RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A. and P. 731 Thubert, "Network Mobility (NEMO) Basic Support Protocol", 732 RFC 3963, January 2005. 734 [RFC3971] Arkko, J., Kempf, J., Zill, B. and P. Nikander, "SEcure 735 Neighbor Discovery (SEND)", RFC 3971, March 2005. 737 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 738 RFC 3972, March 2005. 740 [RFC4389] Thaler, D., Talwar, M. and C. Patel, "Neighbor Discovery 741 Proxies (ND Proxy)", RFC 4389, April 2006. 743 [RFC4919] Kushalnagar, N., Montenegro, G. and C. Schumacher, "IPv6 744 over Low-Power Wireless Personal Area Networks (6LoWPANs): 745 Overview, Assumptions, Problem Statement, and Goals", RFC 746 4919, August 2007. 748 Author's Address 749 Pascal Thubert, editor 750 Cisco Systems, Inc 751 Building D 752 45 Allee des Ormes - BP1200 753 MOUGINS - Sophia Antipolis, 06254 754 FRANCE 756 Phone: +33 497 23 26 34 757 Email: pthubert@cisco.com