Internet-Draft | Prefix Registration | October 2022 |
Thubert | Expires 15 April 2023 | [Page] |
This document updates RFC 8505 to enable a node that owns or is directly connected to a prefix to register that prefix to neighbor routers. The registration indicates that the registered prefix can be reached via the advertising node without a loop. The prefix registration also provides a protocol-independant interface for the node to request neighbor router(s) to redistribute the prefix to the larger routing domain using their specific routing protocols. As an example, this document extends RFC 9010 to enable the 6LR to inject the registered prefix in RPL.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 15 April 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The design of Low Power and Lossy Networks (LLNs) is generally focused on saving energy, which is the most constrained resource of all. Other design constraints, such as a limited memory capacity, duty cycling of the LLN devices and low-power lossy transmissions, derive from that primary concern. The radio (both transmitting or simply listening) is a major energy drain and the LLN protocols must be adapted to allow the nodes to remain sleeping with the radio turned off at most times.¶
The "Routing Protocol for Low Power and Lossy Networks" [RFC6550] (RPL) provides IPv6 [RFC8200] routing services within such constraints. To save signaling and routing state in constrained networks, the RPL routing is only performed along a Destination-Oriented Directed Acyclic Graph (DODAG) that is optimized to reach a Root node, as opposed to along the shortest path between 2 peers, whatever that would mean in each LLN.¶
This trades the quality of peer-to-peer (P2P) paths for a vastly reduced amount of control traffic and routing state that would be required to operate an any-to-any shortest path protocol. Additionally, broken routes may be fixed lazily and on-demand, based on dataplane inconsistency discovery, which avoids wasting energy in the proactive repair of unused paths.¶
The classical "IPv6 Neighbor Discovery (IPv6 ND) Protocol" [RFC4861] [RFC4862] was defined for serial links and shared transit media such as Ethernet at a time when broadcast was cheap on those media while memory for neighbor cache was expensive. It was thus designed as a reactive protocol that relies on caching and multicast operations for the Address Discovery (aka Lookup) and Duplicate Address Detection (DAD) of IPv6 unicast addresses. Those multicast operations typically impact every node on-link when at most one is really targeted, which is a waste of energy, and imply that all nodes are awake to hear the request, which is inconsistent with power saving (sleeping) modes.¶
The original 6LoWPAN ND, "Neighbor Discovery Optimizations for 6LoWPAN networks" [RFC6775], was introduced to avoid the excessive use of multicast messages and enable IPv6 ND for operations over energy-constrained nodes. [RFC6775] changes the classical IPv6 ND model to proactively establish the Neighbor Cache Entry (NCE) associated to the unicast address of a 6LoWPAN Node (6LN) in the a 6LoWPAN Router(s) (6LR) that serves it. To that effect, [RFC6775] defines a new Address Registration Option (ARO) that is placed in unicast Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages between the 6LN and the 6LR.¶
"Registration Extensions for 6LoWPAN Neighbor Discovery" [RFC8505] updates [RFC6775] into a generic Address Registration mechanism that can be used to access services such as routing and ND proxy and introduces the Extended Address Registration Option (EARO) for that purpose. This provides a routing-agnostic interface for a host to request that the router injects a unicast IPv6 address in the local routing protocol and provide return reachability for that address.¶
"IPv6 Neighbor Discovery Multicast Address Listener Subscription" [I-D.ietf-6lo-multicast-registration] updates [RFC8505] to enable a listener to subscribe an IPv6 anycast or multicast address; the draft also extends [RFC9010] to enable the 6LR to inject the anycast and multicast addresses in RPL. Similarly, this specification extends [RFC8505] and [RFC9010] to add the capability for the 6LN to register prefixes as opposed to addresses, and to signal in a protocol-independant fashion to the 6LR that it is expected to redistribute the prefixes in their specific routing protocols.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
In addition, the terms "Extends" and "Amends" are used as per [I-D.kuehlewind-update-tag] section 3.¶
This document uses terms and concepts that are discussed in:¶
This document uses the following acronyms:¶
This document introduces the following terms:¶
This specification inherits from [RFC6550], [RFC8505], and [RFC9010] to register prefixes as opposed to addresses. Unless specified otherwise therein, the behavior of the 6LBR that acts as RPL Root, of the intermediate routers down the RPL graph, of the 6LR that act as access routers and of the 6LNs that are the RPL-unaware destinations, is the same as for unicast addresses. In particular, forwarding a packet happens as specified in section 11 of [RFC6550], including loop avoidance and detection, though in the case of multicast multiple copies might be generated.¶
[RFC8505] is a pre-requisite to this specification. A node that implements this MUST also implement [RFC8505]. This specification does not introduce a new option; it modifies existing options and updates the associated behaviors to enable the Registration for Multicast Addresses as an extension to [RFC8505].¶
This specification also extends [RFC6550] and [RFC9010] in the case of a route-over multilink subnet based on the RPL routing protocol, to add multicast ingress replication in Non-Storing Mode and anycast support in both Storing and Non-Storing modes. A 6LR that implements the RPL extensions specified therein MUST also implement [RFC9010].¶
Figure 1 illustrates the classical situation of an LLN as a single IPv6 Subnet, with a 6LoWPAN Border Router (6LBR) that acts as Root for RPL operations and maintains a registry of the active registrations as an abstract data structure called an Address Registrar for 6LoWPAN ND.¶
The LLN may be a hub-and-spoke access link such as (Low-Power) Wi-Fi [IEEE80211] and Bluetooth (Low Energy) [IEEE802151], or a Route-Over LLN such as the Wi-SUN and 6TiSCH meshes [I-D.heile-lpwan-wisun-overview] that leverages 6LoWPAN [RFC4919][RFC6282] and RPL [RFC6550] over [IEEE802154].¶
A leaf acting as a 6LN registers its unicast, multicast, and anycast addresses a RPL router acting as a 6LR, using a layer-2 unicast NS message with an EARO as specified in [RFC8505] and [I-D.ietf-6lo-multicast-registration]. The registration state is periodically renewed by the Registering Node, before the lifetime indicated in the EARO expires. As for unicast IPv6 addresses, the 6LR uses an EDAR/EDAC exchange with the 6LBR to notify the 6LBR of the presence of the listeners.¶
This specification updates the EARO with one new flag, the P flag for Prefix, as detailed in Section 7.1. The existing R flag that requests reachability for the registered address gets new behavior. With this extension the 6LNs can now attract the traffic for a full prefix, using the new P flag in the EARO to signal that the registration is for a prefix. Multiple 6LN may register the same prefix to the same 6LR or to different 6LRs.¶
If the R flag is set in the subscription of one or more 6LNs for the same address, the 6LR is requested to redistributes the prefix in other routing protocol (e.g., RPL), based on the longest subscription lifetime across the active subscriptions for the prefix.¶
It is possible to leverage this specification between the 6LN and the 6LR for the registration of prefixes in networks that are not necessarily LLNs, and/or where the routing protocol between the 6LR and above is not necessarily RPL.¶
[RFC4861] expects that the NS/NA exchange is for a unicast address, which is indicated in the Target Address field of the ND message. This specification Amends [RFC4861] by allowing to advertise a prefix in the Target Address field when the NS or NA message is used for a registration, per section 5.5 of [RFC8505]; in that case, the prefix length is indicated in the EARO of the NS message, overloading the field that is used in the NA response for the Status.¶
This specification Extends "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)" [RFC7400] by defining a new capability bit for use in the 6CIO. [RFC7400] was already extended by [RFC8505] for use in IPv6 ND messages.¶
The new "Registration for prefixes Supported" (F) flag indicates to the 6LN that the 6LR accepts IPv6 prefix registrations as specified in this document and will ensure that packets for the addresses that match this prefix will be routed to the 6LNs that registered the prefix, and the route to the prefix will be redistributed if the R flag is set to 1.¶
Figure 2 illustrates the X flag in its suggested position (8, counting 0 to 15 in network order in the 16-bit array), to be confirmed by IANA.¶
New Option Field:¶
[RFC6550] uses the Path Sequence in the Transit Information Option (TIO) to retain only the freshest unicast route and remove stale ones, e.g., in the case of mobility. [RFC9010] copies the TID from the EARO into the Path Sequence, and the ROVR field into the associated RPL Target Option (RTO). This way, it is possible to identify both the registering node and the order of registration in RPL for each individual advertisement, so the most recent path and lifetime values are used.¶
[I-D.ietf-6lo-multicast-registration] requires the use of the ROVR field as the indication of the origin of a Target advertisement in the RPL DAO messages, as specified in section 6.1 of [RFC9010]. For anycast and multicast advertisements (in NS or DAO messages), multiple origins may subscribe to the same address, in which case the multiple advertisements from the different or unknown origins are merged by the common parent; in that case, the common parent becomes the origin of the merged advertisements and uses its own ROVR value. On the other hand, a parent that propagates an advertisement from a single origin uses the original ROVR in the propagated RTO, as it does for unicast address advertisements, so the origin is recognised across multiple hops.¶
This specification Extends [RFC6550] to require that, for prefix routes, the Path Sequence is used between and only between advertisements for the same Target and from the same origin (i.e, with the same ROVR value); in that case, only the freshest advertisement is retained. But the freshness comparison cannot apply if the origin is not determined (i.e., the origin did not support this specification).¶
[RFC6550] uses the Path Lifetime in the TIO to indicate the remaining time for which the advertisement is valid for unicast route determination, and a Path Lifetime value of 0 invalidates that route. [RFC9010] maps the Address Registration lifetime in the EARO and the Path Lifetime in the TIO so they are comparable when both forms of advertisements are received.¶
The RPL router that merges multiple advertisement for the same prefix must use and advertise the longest remaining lifetime across all the origins of the advertisements for that prefix. When the lifetime expires, the router sends a no-path DAO (i.e. the lifetime is 0) using the same value for ROVR value as for the previous advertisements, that is either self or the single descendant that advertised the Target.¶
Note that the Registration Lifetime, TID and ROVR fields are also placed in the EDAR message so the state created by EDAR is also comparable with that created upon an NS(EARO) or a DAO message. For simplicity the text below mentions only NS(EARO) but applies also to EDAR.¶
Section 4.1 of [RFC8505] defines the EARO as an extension to the ARO option defined in [RFC6775].¶
This specification adds a new P flag to the EARO flags field to signal that the Registered Address is a prefix. The A (signaling an anycast address), M (signaling a multicast address), and P (signaling a prefix) flags are mutually exclusive.¶
Figure 3 illustrates the P flags in its suggested positions (1 counting 0 to 7 in network order in the 8-bit array), to be confirmed by IANA.¶
New and updated Option Fields:¶
Section 4 of [RFC6775] provides the same format for DAR and DAC messages but the status field is only used in DAC message and has to set to zero in DAC messages. [RFC8505] extends the DAC message as an EDAC but does not change the status field in the EDAR.¶
This specification repurposes the status field in the EDAR and a Flags field. It adds a new P flag to signal that a "Registration for an IPv6 Prefix". As for EARO, the A, M, and P flags are mutually exclusive.¶
Figure 4 illustrates the A and M flags in their suggested positions (0 and 1, respectively, counting 0 to 7 in network order in the 8-bit array), to be confirmed by IANA.¶
New and updated Option Fields:¶
This specification adds the following behavior, similar to that introduced by [I-D.ietf-6lo-multicast-registration] for multicast addresses:¶
The ARO Status indicating a "Registration Refresh Request" applies to prefixes as well.¶
This status is used in asynchronous NA(EARO) messages to indicate to peer 6LNs that they are requested to reregister all addresses and prefixes that were previously registered to the originating node. The NA message may be sent to a unicast or a multicast link-scope address and should be contained within the L2 range where nodes may effectively have registered/subscribed to this router, e.g., a radio broadcast domain.¶
A device that wishes to refresh its state, e.g., upon reboot if it may have lost some registration state, SHOULD send an asynchronous NA(EARO) with this new status value. That asynchronous NA(ARO) SHOULD be sent to the all-nodes link scope multicast address (FF02::1) and Target MUST be set to the link local address that was exposed previously by this node to accept registrations, and the TID MUST be set to 0.¶
In an unreliable environment, the multicast NA(EARO) message may be resent in a fast sequence, in which case the TID must be incremented each time. A 6LN that has recently processed the NA(ARO) ignores the NA(EARO) with a newer TID received within the duration of the fast sequence. That duration depends on the environent and has to be configured. By default, it is of 10 seconds.¶
This specification adds the following behavior:¶
Address-Protected Neighbor Discovery for Low-Power and Lossy Networks [RFC8928] was defined to protect the ownership of unicast IPv6 addresses that are registered with [RFC8505].¶
With [RFC8928], it is possible for a node to autoconfigure a pair of public and private keys and use them to sign the registration of addresses that are either autoconfigured or obtained through other methods.¶
The first hop router (the 6LR) may then validate a registration and perform source address validation on packets coming from the sender node (the 6LN).¶
Prefixes are not always owned by one node. Multiple nodes may register the same prefix. In that context, the method specified in [RFC8928] cannot be used with autoconfigured keypairs to protect a single ownership.¶
For a prefix, as for an anycast or a multicast address, it is still possible to leverage [RFC8928] to enforce the right to register. If [RFC8928] is used, a keypair MUST be associated with the prefix before it is deployed, and a ROVR MUST be generated from that keypair as specified in [RFC8928]. The prefix and the ROVR MUST then be installed in the 6LBR so it can recognize the prefix and compare the ROVR on the first registration to validate the right to register.¶
The keypair MUST then be provisioned in each node that needs to subscribe to the prefix or a prefix within, so the node can follow the steps in [RFC8928] to register the prefix.¶
This specification extends [RFC8505], and the security section of that document also applies to this document. In particular, the link layer SHOULD be sufficiently protected to prevent rogue access.¶
Section 9 leverages [RFC8928] to prevent an rogue node to register a unicast address that it does not own. The mechanism could be extended to anycast and multicast addresses if the values of the ROVR they use is known in advance, but how this is done is not in scope for this specification. One way would be to authorize in a advance the ROVR of the valid users. A less preferred way could be to synchronize the ROVR and TID values across the valid subscribers as a preshared key material.¶
In the latter case, it could be possible to update the keys associated to a prefix in all the 6LNs, but the flow is not clearly documented and may not complete in due time for all nodes in LLN use cases. It may be simpler to install a all-new address with new keys over a period of time, and switch the traffic to that address when the migration is complete.¶
A legacy 6LN will not register prefixess and the service will be the same when the network is upgraded. A legacy 6LR will not set the F flag in the 6CIO and an upgraded 6LN will not subscribe multicast addresses.¶
Upon an EDAR message, a legacy 6LBR may not realize that the address being registered is anycast or multicast, and return that it is duplicate in the EDAC status. The 6LR MUST ignore a duplicate status in the EDAR for anycast and multicast addresses.¶
Note to RFC Editor, to be removed: please replace "This RFC" throughout this document by the RFC number for this specification once it is allocated. Also, the I Field is defined in [RFC9010] but is missing from the registry, so the bit positions must be added for completeness.¶
IANA is requested to make changes under the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" [IANA.ICMP] and the "Routing Protocol for Low Power and Lossy Networks (RPL)" [IANA.RPL] registry groupings, as follows:¶
IANA is requested to create a new "EDAR Message Flags" registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 1:¶
Bit Number | Meaning | Reference |
2 (suggested) | P flag: Registration for an IPv6 Prefix | This RFC |
2..7 | Unassigned |
IANA is requested to make additions to the "Address Registration Option Flags" [IANA.ICMP.ARO.FLG] registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 2:¶
ARO flag | Meaning | Reference |
1 (suggested) | P flag: Registration for an IPv6 Prefix | This RFC |
3 (suggested) | M flag: Registration for Multicast Address | This RFC |
4 and 5 | "I" Field | RFC 8505 |
IANA is requested to make an addition to the "6LoWPAN Capability Bits" [IANA.ICMP.6CIO] registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 3:¶
Capability Bit | Meaning | Reference |
7 (suggested) | F flag: Registration for prefixes Supported (F) | This RFC |