rfc8929xml2.original.xml   rfc8929.xml 
<?xml version='1.0' encoding='utf-8'?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" version="3" category="std" conse
nsus="true" docName="draft-ietf-6lo-backbone-router-20" indexInclude="true" ipr=
"trust200902" number="8929" prepTime="2020-11-18T13:03:13" scripts="Common,Latin
" sortRefs="true" submissionType="IETF" symRefs="true" tocDepth="3" tocInclude="
true" updates="6775, 8505" xml:lang="en">
<link href="https://datatracker.ietf.org/doc/draft-ietf-6lo-backbone-router-20
" rel="prev"/>
<link href="https://dx.doi.org/10.17487/rfc8929" rel="alternate"/>
<link href="urn:issn:2070-1721" rel="alternate"/>
<front>
<title>IPv6 Backbone Router</title>
<seriesInfo name="RFC" value="8929" stream="IETF"/>
<author fullname="Pascal Thubert" initials="P." role="editor" surname="Thube
rt">
<organization abbrev="Cisco Systems" showOnFrontPage="true">Cisco Systems,
Inc.</organization>
<address>
<postal>
<extaddr>Building D</extaddr>
<street>45 Allee des Ormes - BP1200</street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>France</country>
</postal>
<phone>+33 497 23 26 34</phone>
<email>pthubert@cisco.com</email>
</address>
</author>
<author fullname="Charles E. Perkins" initials="C.E." surname="Perkins">
<organization showOnFrontPage="true">Blue Meadow Networking</organization>
<address>
<postal>
<street/>
<city>Saratoga</city>
<region>CA</region>
<code>95070</code>
<country>United States of America</country>
</postal>
<phone/>
<email>charliep@computer.org</email>
</address>
</author>
<author fullname="Eric Levy-Abegnoli" initials="E." surname="Levy-Abegnoli">
<organization abbrev="Cisco Systems" showOnFrontPage="true">Cisco Systems,
Inc.</organization>
<address>
<postal>
<extaddr>Building D</extaddr>
<street>45 Allee des Ormes - BP1200</street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>France</country>
</postal>
<phone>+33 497 23 26 20</phone>
<email>elevyabe@cisco.com</email>
</address>
</author>
<date month="11" year="2020"/>
<area>Internet</area>
<workgroup>6lo</workgroup>
<abstract pn="section-abstract">
<t indent="0" pn="section-abstract-1">
This document updates RFCs 6775 and 8505 in order to enable
proxy services for IPv6 Neighbor Discovery by Routing Registrars
called "Backbone Routers".
Backbone Routers are placed along the wireless edge of a backbone and
federate multiple wireless links to form a single Multi-Link
Subnet (MLSN).
</t>
</abstract>
<boilerplate>
<section anchor="status-of-memo" numbered="false" removeInRFC="false" toc=
"exclude" pn="section-boilerplate.1">
<name slugifiedName="name-status-of-this-memo">Status of This Memo</name
>
<t indent="0" pn="section-boilerplate.1-1">
This is an Internet Standards Track document.
</t>
<t indent="0" pn="section-boilerplate.1-2">
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by
the Internet Engineering Steering Group (IESG). Further
information on Internet Standards is available in Section 2 of
RFC 7841.
</t>
<t indent="0" pn="section-boilerplate.1-3">
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
<eref target="https://www.rfc-editor.org/info/rfc8929" brackets="non
e"/>.
</t>
</section>
<section anchor="copyright" numbered="false" removeInRFC="false" toc="excl
ude" pn="section-boilerplate.2">
<name slugifiedName="name-copyright-notice">Copyright Notice</name>
<t indent="0" pn="section-boilerplate.2-1">
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
</t>
<t indent="0" pn="section-boilerplate.2-2">
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<eref target="https://trustee.ietf.org/license-info" brackets="none
"/>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
</t>
</section>
</boilerplate>
<toc>
<section anchor="toc" numbered="false" removeInRFC="false" toc="exclude" p
n="section-toc.1">
<name slugifiedName="name-table-of-contents">Table of Contents</name>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="section-to
c.1-1">
<li pn="section-toc.1-1.1">
<t indent="0" keepWithNext="true" pn="section-toc.1-1.1.1"><xref der
ivedContent="1" format="counter" sectionFormat="of" target="section-1"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-introduction">
Introduction</xref></t>
</li>
<li pn="section-toc.1-1.2">
<t indent="0" pn="section-toc.1-1.2.1"><xref derivedContent="2" form
at="counter" sectionFormat="of" target="section-2"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-terminology">Terminology</xref></t
>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.2.2">
<li pn="section-toc.1-1.2.2.1">
<t indent="0" keepWithNext="true" pn="section-toc.1-1.2.2.1.1"><
xref derivedContent="2.1" format="counter" sectionFormat="of" target="section-2.
1"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-re
quirements-language">Requirements Language</xref></t>
</li>
<li pn="section-toc.1-1.2.2.2">
<t indent="0" keepWithNext="true" pn="section-toc.1-1.2.2.2.1"><
xref derivedContent="2.2" format="counter" sectionFormat="of" target="section-2.
2"/>.  <xref derivedContent="" format="title" sectionFormat="of" target="name-ne
w-terms">New Terms</xref></t>
</li>
<li pn="section-toc.1-1.2.2.3">
<t indent="0" pn="section-toc.1-1.2.2.3.1"><xref derivedContent=
"2.3" format="counter" sectionFormat="of" target="section-2.3"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-abbreviations">Abbrevi
ations</xref></t>
</li>
<li pn="section-toc.1-1.2.2.4">
<t indent="0" pn="section-toc.1-1.2.2.4.1"><xref derivedContent=
"2.4" format="counter" sectionFormat="of" target="section-2.4"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-background">Background
</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.3">
<t indent="0" pn="section-toc.1-1.3.1"><xref derivedContent="3" form
at="counter" sectionFormat="of" target="section-3"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-overview">Overview</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.3.2">
<li pn="section-toc.1-1.3.2.1">
<t indent="0" pn="section-toc.1-1.3.2.1.1"><xref derivedContent=
"3.1" format="counter" sectionFormat="of" target="section-3.1"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-updating-rfcs-6775-and
-8505">Updating RFCs 6775 and 8505</xref></t>
</li>
<li pn="section-toc.1-1.3.2.2">
<t indent="0" pn="section-toc.1-1.3.2.2.1"><xref derivedContent=
"3.2" format="counter" sectionFormat="of" target="section-3.2"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-access-link">Access Li
nk</xref></t>
</li>
<li pn="section-toc.1-1.3.2.3">
<t indent="0" pn="section-toc.1-1.3.2.3.1"><xref derivedContent=
"3.3" format="counter" sectionFormat="of" target="section-3.3"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-route-over-mesh">Route
-Over Mesh</xref></t>
</li>
<li pn="section-toc.1-1.3.2.4">
<t indent="0" pn="section-toc.1-1.3.2.4.1"><xref derivedContent=
"3.4" format="counter" sectionFormat="of" target="section-3.4"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-the-binding-table">The
Binding Table</xref></t>
</li>
<li pn="section-toc.1-1.3.2.5">
<t indent="0" pn="section-toc.1-1.3.2.5.1"><xref derivedContent=
"3.5" format="counter" sectionFormat="of" target="section-3.5"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-primary-and-secondary-
6bbrs">Primary and Secondary 6BBRs</xref></t>
</li>
<li pn="section-toc.1-1.3.2.6">
<t indent="0" pn="section-toc.1-1.3.2.6.1"><xref derivedContent=
"3.6" format="counter" sectionFormat="of" target="section-3.6"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-using-optimistic-dad">
Using Optimistic DAD</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.4">
<t indent="0" pn="section-toc.1-1.4.1"><xref derivedContent="4" form
at="counter" sectionFormat="of" target="section-4"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-multi-link-subnet-considera">Multi
-Link Subnet Considerations</xref></t>
</li>
<li pn="section-toc.1-1.5">
<t indent="0" pn="section-toc.1-1.5.1"><xref derivedContent="5" form
at="counter" sectionFormat="of" target="section-5"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-optional-6lbr-serving-the-m">Optio
nal 6LBR Serving the Multi-Link Subnet</xref></t>
</li>
<li pn="section-toc.1-1.6">
<t indent="0" pn="section-toc.1-1.6.1"><xref derivedContent="6" form
at="counter" sectionFormat="of" target="section-6"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-using-ipv6-nd-over-the-back">Using
IPv6 ND over the Backbone Link</xref></t>
</li>
<li pn="section-toc.1-1.7">
<t indent="0" pn="section-toc.1-1.7.1"><xref derivedContent="7" form
at="counter" sectionFormat="of" target="section-7"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-routing-proxy-operations">Routing
Proxy Operations</xref></t>
</li>
<li pn="section-toc.1-1.8">
<t indent="0" pn="section-toc.1-1.8.1"><xref derivedContent="8" form
at="counter" sectionFormat="of" target="section-8"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-bridging-proxy-operations">Bridgin
g Proxy Operations</xref></t>
</li>
<li pn="section-toc.1-1.9">
<t indent="0" pn="section-toc.1-1.9.1"><xref derivedContent="9" form
at="counter" sectionFormat="of" target="section-9"/>.  <xref derivedContent="" f
ormat="title" sectionFormat="of" target="name-creating-and-maintaining-a-">Creat
ing and Maintaining a Binding</xref></t>
<ul bare="true" empty="true" indent="2" spacing="compact" pn="sectio
n-toc.1-1.9.2">
<li pn="section-toc.1-1.9.2.1">
<t indent="0" pn="section-toc.1-1.9.2.1.1"><xref derivedContent=
"9.1" format="counter" sectionFormat="of" target="section-9.1"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-operations-on-a-bindin
g-in-">Operations on a Binding in Tentative State</xref></t>
</li>
<li pn="section-toc.1-1.9.2.2">
<t indent="0" pn="section-toc.1-1.9.2.2.1"><xref derivedContent=
"9.2" format="counter" sectionFormat="of" target="section-9.2"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-operations-on-a-bindin
g-in-r">Operations on a Binding in Reachable State</xref></t>
</li>
<li pn="section-toc.1-1.9.2.3">
<t indent="0" pn="section-toc.1-1.9.2.3.1"><xref derivedContent=
"9.3" format="counter" sectionFormat="of" target="section-9.3"/>.  <xref derived
Content="" format="title" sectionFormat="of" target="name-operations-on-a-bindin
g-in-s">Operations on a Binding in Stale State</xref></t>
</li>
</ul>
</li>
<li pn="section-toc.1-1.10">
<t indent="0" pn="section-toc.1-1.10.1"><xref derivedContent="10" fo
rmat="counter" sectionFormat="of" target="section-10"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-registering-node-considerat">Reg
istering Node Considerations</xref></t>
</li>
<li pn="section-toc.1-1.11">
<t indent="0" pn="section-toc.1-1.11.1"><xref derivedContent="11" fo
rmat="counter" sectionFormat="of" target="section-11"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-security-considerations">Securit
y Considerations</xref></t>
</li>
<li pn="section-toc.1-1.12">
<t indent="0" pn="section-toc.1-1.12.1"><xref derivedContent="12" fo
rmat="counter" sectionFormat="of" target="section-12"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-protocol-constants">Protocol Con
stants</xref></t>
</li>
<li pn="section-toc.1-1.13">
<t indent="0" pn="section-toc.1-1.13.1"><xref derivedContent="13" fo
rmat="counter" sectionFormat="of" target="section-13"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-iana-considerations">IANA Consid
erations</xref></t>
</li>
<li pn="section-toc.1-1.14">
<t indent="0" pn="section-toc.1-1.14.1"><xref derivedContent="14" fo
rmat="counter" sectionFormat="of" target="section-14"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-normative-references">Normative
References</xref></t>
</li>
<li pn="section-toc.1-1.15">
<t indent="0" pn="section-toc.1-1.15.1"><xref derivedContent="15" fo
rmat="counter" sectionFormat="of" target="section-15"/>. <xref derivedContent=""
format="title" sectionFormat="of" target="name-informative-references">Informat
ive References</xref></t>
</li>
<li pn="section-toc.1-1.16">
<t indent="0" pn="section-toc.1-1.16.1"><xref derivedContent="Append
ix A" format="default" sectionFormat="of" target="section-appendix.a"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-possible-future
-extensions">Possible Future Extensions</xref></t>
</li>
<li pn="section-toc.1-1.17">
<t indent="0" pn="section-toc.1-1.17.1"><xref derivedContent="Append
ix B" format="default" sectionFormat="of" target="section-appendix.b"/>.  <xref
derivedContent="" format="title" sectionFormat="of" target="name-applicability-a
nd-requireme">Applicability and Requirements Served</xref></t>
</li>
<li pn="section-toc.1-1.18">
<t indent="0" pn="section-toc.1-1.18.1"><xref derivedContent="" form
at="none" sectionFormat="of" target="section-appendix.c"/><xref derivedContent="
" format="title" sectionFormat="of" target="name-acknowledgments">Acknowledgment
s</xref></t>
</li>
<li pn="section-toc.1-1.19">
<t indent="0" pn="section-toc.1-1.19.1"><xref derivedContent="" form
at="none" sectionFormat="of" target="section-appendix.d"/><xref derivedContent="
" format="title" sectionFormat="of" target="name-authors-addresses">Authors' Add
resses</xref></t>
</li>
</ul>
</section>
</toc>
</front>
<middle>
<section anchor="introduction" numbered="true" removeInRFC="false" toc="incl
ude" pn="section-1">
<name slugifiedName="name-introduction">Introduction</name>
<t indent="0" pn="section-1-1">
Ethernet bridging per IEEE Std 802.1 <xref target="IEEEstd8021Q" format="
default" sectionFormat="of" derivedContent="IEEEstd8021Q"/>
provides an efficient and reliable broadcast service for wired
networks; applications and protocols have been built that heavily
depend on that feature for their core operation. Unfortunately,
Low-Power and Lossy Networks (LLNs) and local wireless networks generally
do not provide the broadcast capabilities of Ethernet bridging in an
economical fashion.
</t>
<t indent="0" pn="section-1-2">
As a result, protocols designed for bridged networks that rely
on multicast and broadcast often exhibit disappointing behaviors
when employed unmodified on a local wireless medium (see
<xref target="I-D.ietf-mboned-ieee802-mcast-problems" format="default" se
ctionFormat="of" derivedContent="MCAST-PROBLEMS"/>).
</t>
<t indent="0" pn="section-1-3">
Wi-Fi <xref target="IEEEstd80211" format="default" sectionFormat="of" der
ivedContent="IEEEstd80211"/> Access Points (APs)
deployed in an Extended Service Set (ESS) act as Ethernet bridges
<xref target="IEEEstd8021Q" format="default" sectionFormat="of" derivedCo
ntent="IEEEstd8021Q"/>, with the property that the bridging
state is established at the time of association. This ensures
connectivity to the end node (the Wi-Fi Station (STA)) and protects the w
ireless medium
against broadcast-intensive transparent bridging <xref target="IEEEstd802
1Q" format="default" sectionFormat="of" derivedContent="IEEEstd8021Q"/> reactive
lookups.
In other words, the association process is used to register the link-laye
r
address of the STA to the AP. The AP subsequently proxies the
bridging operation and does not need to forward the broadcast lookups
over the radio.
</t>
<t indent="0" pn="section-1-4">
In the same way as transparent bridging, the IPv6 <xref target="RFC8200"
format="default" sectionFormat="of" derivedContent="RFC8200"/>
Neighbor Discovery (IPv6 ND) protocol <xref target="RFC4861" format="def
ault" sectionFormat="of" derivedContent="RFC4861"/> <xref target="RFC4862" forma
t="default" sectionFormat="of" derivedContent="RFC4862"/>
is a reactive protocol, based on multicast
transmissions to locate an on-link correspondent and ensure the
uniqueness of an IPv6 address. The mechanism for Duplicate Address
Detection (DAD) <xref target="RFC4862" format="default" sectionFormat="of
" derivedContent="RFC4862"/> was designed for
the efficient broadcast operation of Ethernet bridging.
Since broadcast can be unreliable over wireless media, DAD often
fails to discover duplications
<xref target="I-D.yourtchenko-6man-dad-issues" format="default" sectionFo
rmat="of" derivedContent="DAD-ISSUES"/>. In practice, the fact that IPv6 addres
ses very rarely conflict is mostly attributable to the entropy of the 64-bit Int
erface IDs as opposed to the successful operation of the IPv6 ND DAD and resolut
ion mechanisms.</t>
<t indent="0" pn="section-1-5">
The IPv6 ND Neighbor Solicitation (NS) <xref target="RFC4861" format="def
ault" sectionFormat="of" derivedContent="RFC4861"/> message
is used for DAD and address lookup when a node moves or wakes up and
reconnects to the wireless network. The NS message is targeted to a
Solicited-Node Multicast Address (SNMA) <xref target="RFC4291" format="de
fault" sectionFormat="of" derivedContent="RFC4291"/> and
should, in theory, only reach a very small group of nodes. But, in
reality, IPv6 multicast messages are typically broadcast on the
wireless medium, so they
are processed by most of the wireless nodes over the subnet (e.g., the
ESS fabric) regardless of how few of the nodes are subscribed to the
SNMA. As a result, IPv6 ND address lookups and DADs over a large
wireless network and/or LLN can consume enough
bandwidth to cause a substantial degradation to the unicast traffic
service.</t>
<t indent="0" pn="section-1-6">
Because IPv6 ND messages sent to the SNMA group are broadcast at the
radio link layer, wireless nodes that do not belong to the SNMA group
still have to keep their radio turned on to listen to multicast NS
messages, which is a waste of energy for them. In order to
reduce their power consumption, certain battery-operated devices such
as Internet of Things (IoT) sensors and smartphones ignore some of the br
oadcasts, making
IPv6 ND operations even less reliable.
</t>
<t indent="0" pn="section-1-7">
These problems can be alleviated by reducing the IPv6 ND broadcasts
over wireless access links. This has been done by splitting the broadcas
t
domains and routing between subnets. At the extreme, this can be done by ass
igning
a /64 prefix to each wireless node (see <xref target="RFC8273" format="de
fault" sectionFormat="of" derivedContent="RFC8273"/>).
But deploying a single large subnet can still be attractive to avoid
renumbering in situations that involve large numbers of devices and mobility
within a bounded area.
</t>
<t indent="0" pn="section-1-8">
A way to reduce the propagation of IPv6 ND broadcast in the wireless doma
in
while preserving a large single subnet is to form a Multi-Link Subnet (MLSN)
.
Each link in the MLSN, including the backbone, is its own broadcast domain.
A key property of MLSNs is that link-local unicast traffic, link-scope multi
cast, and traffic with a hop limit of 1 will not transit to nodes in the same su
bnet on a different link, which is something that may produce unexpected behavio
r in software that expects a subnet to be entirely contained within a single lin
k.
</t>
<t indent="0" pn="section-1-9">
This specification considers a special type of MLSN with a central backbone
that federates edge (LLN) links, with each link providing its own protection aga
inst rogue access and tempering or replaying packets. In particular, the use of
classical IPv6 ND on the backbone requires that the all nodes are trusted and th
at rogue access
to the backbone is prevented at all times (see <xref target="sec" format="de
fault" sectionFormat="of" derivedContent="Section 11"/>).
</t>
<t indent="0" pn="section-1-10">
In that particular topology, ND proxies can be placed at the boundary of the
edge links and the backbone to handle IPv6 ND on behalf of Registered Nodes and
to forward IPv6 packets back and forth.
The ND proxy enables the continuity of IPv6 ND operations beyond the backbon
e and enables communication using Global or Unique Local Addresses between any p
air of nodes in the MLSN.
</t>
<t indent="0" pn="section-1-11">
The 6LoWPAN Backbone Router (6BBR) is a Routing Registrar <xref target="RFC8
505" format="default" sectionFormat="of" derivedContent="RFC8505"/> that provide
s ND proxy services.
A 6BBR acting as a Bridging Proxy provides an ND proxy function with Layer 2
continuity and can be
collocated with a Wi-Fi AP as prescribed by IEEE Std 802.11 <xref target="IE
EEstd80211" format="default" sectionFormat="of" derivedContent="IEEEstd80211"/>.
A 6BBR acting as a Routing Proxy is applicable to any type of LLN, including LL
Ns that cannot be bridged onto the backbone, such as IEEE Std 802.15.4 <xref tar
get="IEEEstd802154" format="default" sectionFormat="of" derivedContent="IEEEstd8
02154"/>.
</t>
<t indent="0" pn="section-1-12">
Knowledge of which address to proxy can be obtained by snooping the
IPv6 ND protocol (see <xref target="I-D.bi-savi-wlan" format="default" se
ctionFormat="of" derivedContent="SAVI-WLAN"/>), but it has been found to be unre
liable.
An IPv6 address may not be discovered immediately due to a packet loss or if
a "silent" node
is not currently using one of its addresses. A change of state (e.g.,
due to movement) may be missed or misordered, leading to unreliable
connectivity and incomplete knowledge of the state of the network.
</t>
<t indent="0" pn="section-1-13">
With this specification, the address to be proxied is signaled explicitly th
rough a registration process.
A 6LoWPAN Node (6LN) registers all of its IPv6 addresses using NS messages w
ith an Extended Address Registration Option (EARO) as specified in <xref target=
"RFC8505" format="default" sectionFormat="of" derivedContent="RFC8505"/> to a 6L
oWPAN Router (6LR) to which it is directly attached.
If the 6LR is a 6BBR, then the 6LN is both the Registered Node and the Regis
tering Node. If not, then the 6LoWPAN Border Router (6LBR) that serves the LLN p
roxies the registration to the 6BBR. In that case, the 6LN is the Registered Nod
e and the 6LBR is the Registering Node.
The 6BBR performs IPv6 ND operations on its backbone interface on behalf of
the 6LNs that have Registered Addresses on its LLN interfaces, without the need
of a broadcast over the wireless medium.
</t>
<t indent="0" pn="section-1-14">
A Registering Node that resides on the backbone does not register to the SNM
A groups associated to its Registered Addresses and defers to the 6BBR to answer
or preferably forward the corresponding multicast packets to it as unicast.
</t>
</section>
<section numbered="true" removeInRFC="false" toc="include" pn="section-2">
<name slugifiedName="name-terminology">Terminology</name>
<section anchor="bcp" numbered="true" removeInRFC="false" toc="include" pn
="section-2.1">
<name slugifiedName="name-requirements-language">Requirements Language</
name>
<t indent="0" pn="section-2.1-1">
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOUL
D</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>N
OT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
be interpreted as
described in BCP 14 <xref target="RFC2119" format="default" sectionFormat="o
f" derivedContent="RFC2119"/> <xref target="RFC8174" format="default" sectionFor
mat="of" derivedContent="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t>
</section>
<section anchor="new" numbered="true" removeInRFC="false" toc="include" pn
="section-2.2">
<name slugifiedName="name-new-terms">New Terms</name>
<t indent="0" pn="section-2.2-1">
This document introduces the following terminology:
</t>
<dl indent="3" newline="false" spacing="normal" pn="section-2.2-2">
<dt pn="section-2.2-2.1">Federated:</dt>
<dd pn="section-2.2-2.2">
A subnet that comprises a backbone, and one or more (wireless)
access links, is said to be federated into one MLSN.
The ND proxy operation of 6BBRs over the backbone extends IPv6 ND ope
ration over the access links.
</dd>
<dt pn="section-2.2-2.3">Sleep Proxy:</dt>
<dd pn="section-2.2-2.4">
A 6BBR acts as a Sleep Proxy if it answers IPv6 ND NSs over the backbon
e on behalf of the Registering
Node that is in a sleep state and that cannot answer in due time.
</dd>
<dt pn="section-2.2-2.5">Routing Proxy:</dt>
<dd pn="section-2.2-2.6">
A Routing Proxy provides IPv6 ND proxy functions and enables the
MLSN operation over federated links that may not be compatible for
bridging. The Routing Proxy advertises its own link-layer
address as the Target Link-Layer Address (TLLA) in the proxied Neighbor
Advertisements (NAs)
over the backbone and routes
at the network layer between the federated links.
</dd>
<dt pn="section-2.2-2.7">Bridging Proxy:</dt>
<dd pn="section-2.2-2.8">
A Bridging Proxy provides IPv6 ND proxy functions while preserving
forwarding continuity at the link layer.
In
that case, the link-layer address and the mobility of the Registering No
de is
visible across the bridged backbone. The Bridging Proxy advertises
the link-layer address of the Registering Node in the TLLAO in the proxi
ed NAs
over the backbone, and it proxies ND for all unicast addresses including
link-local addresses.
Instead of replying on behalf of the Registering Node, a Bridging Proxy
will preferably forward the NS(Lookup) and Neighbor Unreachability Detec
tion (NUD) messages that target the
Registered Address to the Registering Node as unicast frames, so it can
respond in its own.
</dd>
<dt pn="section-2.2-2.9">Binding Table:</dt>
<dd pn="section-2.2-2.10">
The Binding Table is an abstract database that is maintained by the
6BBR to store the state associated with its registrations.
</dd>
<dt pn="section-2.2-2.11">Binding:</dt>
<dd pn="section-2.2-2.12">
A Binding is an abstract state associated to one registration; in
other words, it's associated to one entry in the Binding Table.
</dd>
</dl>
</section>
<section anchor="acronyms" numbered="true" removeInRFC="false" toc="includ
e" pn="section-2.3">
<name slugifiedName="name-abbreviations">Abbreviations</name>
<t indent="0" pn="section-2.3-1"> This document uses the following abbre
viations:
</t>
<dl spacing="compact" indent="12" newline="false" pn="section-2.3-2">
<dt pn="section-2.3-2.1">6BBR:</dt>
<dd pn="section-2.3-2.2">6LoWPAN Backbone Router </dd>
<dt pn="section-2.3-2.3">6LBR:</dt>
<dd pn="section-2.3-2.4">6LoWPAN Border Router </dd>
<dt pn="section-2.3-2.5">6LN:</dt>
<dd pn="section-2.3-2.6">6LoWPAN Node </dd>
<dt pn="section-2.3-2.7">6LR:</dt>
<dd pn="section-2.3-2.8">6LoWPAN Router </dd>
<dt pn="section-2.3-2.9">AP:</dt>
<dd pn="section-2.3-2.10">Access Point </dd>
<dt pn="section-2.3-2.11">ARO:</dt>
<dd pn="section-2.3-2.12">Address Registration Option</dd>
<dt pn="section-2.3-2.13">DAC:</dt>
<dd pn="section-2.3-2.14">Duplicate Address Confirmation </dd>
<dt pn="section-2.3-2.15">DAD:</dt>
<dd pn="section-2.3-2.16">Duplicate Address Detection </dd>
<dt pn="section-2.3-2.17">DAR:</dt>
<dd pn="section-2.3-2.18">Duplicate Address Request</dd>
<dt pn="section-2.3-2.19">DODAG:</dt>
<dd pn="section-2.3-2.20">Destination-Oriented Directed Acyclic Graph
</dd>
<dt pn="section-2.3-2.21">EARO:</dt>
<dd pn="section-2.3-2.22">Extended Address Registration Option</dd>
<dt pn="section-2.3-2.23">EDAC:</dt>
<dd pn="section-2.3-2.24">Extended Duplicate Address Confirmation </d
d>
<dt pn="section-2.3-2.25">EDAR:</dt>
<dd pn="section-2.3-2.26">Extended Duplicate Address Request</dd>
<dt pn="section-2.3-2.27">ESS:</dt>
<dd pn="section-2.3-2.28">Extended Service Set </dd>
<dt pn="section-2.3-2.29">LLA:</dt>
<dd pn="section-2.3-2.30">Link-Layer Address</dd>
<dt pn="section-2.3-2.31">LLN:</dt>
<dd pn="section-2.3-2.32">Low-Power and Lossy Network </dd>
<dt pn="section-2.3-2.33">MLSN:</dt>
<dd pn="section-2.3-2.34">Multi-Link Subnet</dd>
<dt pn="section-2.3-2.35">MTU:</dt>
<dd pn="section-2.3-2.36">Maximum Transmission Unit </dd>
<dt pn="section-2.3-2.37">NA:</dt>
<dd pn="section-2.3-2.38">Neighbor Advertisement </dd>
<dt pn="section-2.3-2.39">NCE:</dt>
<dd pn="section-2.3-2.40">Neighbor Cache Entry </dd>
<dt pn="section-2.3-2.41">ND:</dt>
<dd pn="section-2.3-2.42">Neighbor Discovery </dd>
<dt pn="section-2.3-2.43">NS:</dt>
<dd pn="section-2.3-2.44">Neighbor Solicitation </dd>
<dt pn="section-2.3-2.45">NUD:</dt>
<dd pn="section-2.3-2.46">Neighbor Unreachability Detection</dd>
<dt pn="section-2.3-2.47">ODAD:</dt>
<dd pn="section-2.3-2.48">Optimistic DAD</dd>
<dt pn="section-2.3-2.49">RA:</dt>
<dd pn="section-2.3-2.50">Router Advertisement </dd>
<dt pn="section-2.3-2.51">ROVR:</dt>
<dd pn="section-2.3-2.52">Registration Ownership Verifier </dd>
<dt pn="section-2.3-2.53">RPL:</dt>
<dd pn="section-2.3-2.54">Routing Protocol for LLNs </dd>
<dt pn="section-2.3-2.55">RS:</dt>
<dd pn="section-2.3-2.56">Router Solicitation </dd>
<dt pn="section-2.3-2.57">SLLAO:</dt>
<dd pn="section-2.3-2.58">Source Link-Layer Address Option</dd>
<dt pn="section-2.3-2.59">SNMA:</dt>
<dd pn="section-2.3-2.60">Solicited-Node Multicast Address </dd>
<dt pn="section-2.3-2.61">STA:</dt>
<dd pn="section-2.3-2.62">Station</dd>
<dt pn="section-2.3-2.63">TID:</dt>
<dd pn="section-2.3-2.64">Transaction ID </dd>
<dt pn="section-2.3-2.65">TLLAO:</dt>
<dd pn="section-2.3-2.66">Target Link-Layer Address Option</dd>
</dl>
</section>
<section anchor="lo" numbered="true" removeInRFC="false" toc="include" pn=
"section-2.4">
<name slugifiedName="name-background">Background</name>
<t indent="0" pn="section-2.4-1">
In this document, readers will encounter terms and concepts
that are discussed in the following documents:
</t>
<dl indent="3" newline="false" spacing="normal" pn="section-2.4-2">
<dt pn="section-2.4-2.1">Classical IPv6 ND:</dt>
<dd pn="section-2.4-2.2">"Neighbor Discovery for IP version 6 (IPv6)"
<xref target="RFC4861" format="default" sectionFormat="of" derivedContent="RFC48
61"/>,
"IPv6 Stateless Address Autoconfiguration" <xref target="RFC4862" for
mat="default" sectionFormat="of" derivedContent="RFC4862"/>, and
"Optimistic Duplicate Address Detection (DAD) for IPv6" <xref target=
"RFC4429" format="default" sectionFormat="of" derivedContent="RFC4429"/>;</dd>
<dt pn="section-2.4-2.3">IPv6 ND over multiple links:</dt>
<dd pn="section-2.4-2.4"> "Neighbor Discovery Proxies (ND Proxy)"
<xref target="RFC4389" format="default" sectionFormat="of" derive
dContent="RFC4389"/> and
"Multi-Link Subnet Issues" <xref target="RFC4903" format="default" sec
tionFormat="of" derivedContent="RFC4903"/>;</dd>
<dt pn="section-2.4-2.5">6LoWPAN:</dt>
<dd pn="section-2.4-2.6">"Problem Statement and Requirements for
IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN)
Routing" <xref target="RFC6606" format="default" sectionFormat="
of" derivedContent="RFC6606"/>; and</dd>
<dt pn="section-2.4-2.7">6LoWPAN ND:</dt>
<dd pn="section-2.4-2.8">Neighbor Discovery Optimization for IPv6 over
Low-Power
Wireless Personal Area Networks (6LoWPANs) <xref target="RFC6775"
format="default" sectionFormat="of" derivedContent="RFC6775"/>,
"Registration Extensions for IPv6 over Low-Power Wireless Persona
l Area Network (6LoWPAN) Neighbor Discovery" <xref target="RFC8505" format="defa
ult" sectionFormat="of" derivedContent="RFC8505"/>,
and
"Address-Protected Neighbor Discovery for Low-Power and Lossy Networks"
<xref target="RFC8928" format="default" sectionFormat="of" derivedConten
t="RFC8928"/>.</dd>
</dl>
</section>
</section>
<section anchor="overview" numbered="true" removeInRFC="false" toc="include"
pn="section-3">
<name slugifiedName="name-overview">Overview</name>
<t indent="0" pn="section-3-1"> This section and its subsections present a
non-normative high-level view of
the operation of the 6BBR. The following sections cover the normative part.
</t>
<t indent="0" pn="section-3-2">
<xref target="figBackbone" format="default" sectionFormat="of" derivedConten
t="Figure 1"/> illustrates a Backbone Link that federates a
collection of LLNs as a single IPv6 subnet, with a number of 6BBRs
providing ND proxy services to their attached LLNs.
</t>
<figure anchor="figBackbone" align="left" suppress-title="false" pn="figur
e-1">
<name slugifiedName="name-backbone-link-and-backbone-">Backbone Link and
Backbone Routers</name>
<artwork align="left" pn="section-3-3.1">
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
| | | | | |
+------+ +------+ +------+
o Wireless Side o o o o o o
o o o o o o o o o o o o o o o o o o o o
o o o o o o o o o o o o o o o o o o o
o o o o o o o o o LLN o o o o o o o o o
o o o o o o o o o o o o o o
o o o
</artwork>
</figure>
<t indent="0" pn="section-3-4">
The LLN may be a hub-and-spoke access link such as (Low-Power)
IEEE Std 802.11 (Wi-Fi) <xref target="IEEEstd80211" format="default" section
Format="of" derivedContent="IEEEstd80211"/>
and IEEE Std 802.15.1 (Bluetooth) <xref target="IEEEstd802151" format="de
fault" sectionFormat="of" derivedContent="IEEEstd802151"/>
or a mesh-under or a route-over network <xref target="RFC8505" format="defau
lt" sectionFormat="of" derivedContent="RFC8505"/>.
The proxy state can be distributed across multiple 6BBRs attached to
the same backbone.
</t>
<t indent="0" pn="section-3-5">
The main features of a 6BBR are as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-3-6
">
<li pn="section-3-6.1">
MLSN functions (provided by the 6BBR on the
backbone) performed on behalf of Registered Nodes
</li>
<li pn="section-3-6.2">
<t indent="0" pn="section-3-6.2.1">
Routing Registrar services that reduce multicast within the LLN:
</t>
<ul spacing="compact" empty="true" bare="false" indent="3" pn="section
-3-6.2.2">
<li pn="section-3-6.2.2.1">- Binding Table management
</li>
<li pn="section-3-6.2.2.2">- failover, e.g., due to mobility
</li>
</ul>
</li>
</ul>
<t indent="0" pn="section-3-7">
Each Backbone Router (6BBR) maintains a data structure for its
Registered Addresses called a Binding Table. The abstract data that
is stored in the Binding Table includes the Registered Address; anchor infor
mation on the Registering Node such as the connecting interface, link-local addr
ess, and link-layer address (LLA) of the Registering Node on that interface; the
EARO including ROVR and TID; a state that can be either Reachable, Tentative, o
r Stale; and other information such as a trust level that may be configured, e.g
., to protect a server. The combined Binding Tables
of all the 6BBRs on a backbone form a distributed database of Registered
Nodes
that reside in the LLNs or on the IPv6 Backbone.
</t>
<t indent="0" pn="section-3-8">
Unless otherwise configured, a 6BBR does the following:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-3-9
">
<li pn="section-3-9.1">Creates a new entry in a Binding Table for a newl
y
Registered Address and ensures that the address is not
duplicated over the backbone.
</li>
<li pn="section-3-9.2">Advertises a Registered Address over the backbone
using an NA message as
either unsolicited or a response to an NS message. This includes
joining the multicast group associated to the SNMA derived from the
Registered Address, as specified in
<xref target="RFC4861" sectionFormat="of" section="7.2.1" format="defaul
t" derivedLink="https://rfc-editor.org/rfc/rfc4861#section-7.2.1" derivedContent
="RFC4861"/>, over the backbone.
</li>
<li pn="section-3-9.3">
<t indent="0" pn="section-3-9.3.1">
The 6BBR <bcp14>MAY</bcp14> respond immediately as a proxy in lieu of the
Registering Node, e.g., if the Registering Node has a sleep cycle that the 6BBR
does not want to interrupt or if the 6BBR has a recent state that is deemed fres
h enough to permit the proxied response. It is preferred, though, that the 6BBR
checks whether the Registering Node is still responsive on the Registered Addres
s. To that effect:
</t>
<dl spacing="compact" newline="true" indent="3" pn="section-3-9.3.2">
<dt pn="section-3-9.3.2.1"> - as a Bridging Proxy:</dt>
<dd pn="section-3-9.3.2.2">the 6BBR forwards the multicast DAD and a
ddress lookup messages as a unicast link-layer frame to the link-layer address o
f the Registering Node that matches the target in the ND message; the Neighbor U
nreachability Detection (NUD) message is unicast and is forwarded as is. In all
cases, the goal is to let the Registering Node answer with the ND Message and op
tions that it sees fit.</dd>
<dt pn="section-3-9.3.2.3"> - as a Routing Proxy:</dt>
<dd pn="section-3-9.3.2.4">the 6BBR checks the liveliness of the Reg
istering Node, e.g., using a NUD verification, before answering on its behalf.</
dd>
</dl>
</li>
<li pn="section-3-9.4"> Delivers packets arriving from the LLN, using Ne
ighbor Solicitation
messages to look up the destination over the backbone. </li>
<li pn="section-3-9.5"> Forwards or bridges packets between the LLN and
the backbone. </li>
<li pn="section-3-9.6"> Verifies liveness for a registration, when neede
d. </li>
</ul>
<t indent="0" pn="section-3-10">
The first of these functions enables the 6BBR to fulfill its
role as a Routing Registrar for each of its attached LLNs.
The remaining functions fulfill the role of the 6BBRs as the
border routers that federate the Multi-Link IPv6 Subnet.
</t>
<t indent="0" pn="section-3-11">
The operation of IPv6 ND and ND proxy are not mutually exclusive on the back
bone, meaning that nodes attached to the backbone and using IPv6 ND can transpar
ently interact with 6LNs that rely on a 6BBR to ND proxy for them, whether the 6
LNs are reachable over an LLN or directly attached to the backbone.
</t>
<t indent="0" pn="section-3-12">
The registration mechanism <xref target="RFC8505" format="default" sectionFo
rmat="of" derivedContent="RFC8505"/> used to learn addresses to be proxied may
coexist in a 6BBR with a proprietary snooping or the traditional bridging fu
nctionality of an AP, in order to support legacy LLN nodes that do not support t
his specification.
</t>
<t indent="0" pn="section-3-13">
The registration to a proxy service uses an NS/NA exchange with EARO.
The 6BBR operation resembles that of a
Mobile IPv6 (MIPv6) <xref target="RFC6275" format="default" sectionFormat
="of" derivedContent="RFC6275"/> Home Agent (HA).
The combination of a 6BBR and a MIPv6 HA enables full mobility
support for 6LNs, inside and outside the links that form the subnet.
</t>
<t indent="0" pn="section-3-14">
6BBRs perform IPv6 ND functions over the backbone as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-3-1
5">
<li pn="section-3-15.1">
The EARO <xref target="RFC8505" format="default" sectionFormat="of" d
erivedContent="RFC8505"/> is used in IPv6 ND exchanges over
the backbone between the 6BBRs to help distinguish duplication from move
ment.
Extended Duplicate Address Messages (EDAR and EDAC) may also be
used to communicate with a 6LBR, if one is present.
Address duplication is detected using the ROVR field.
Conflicting registrations to different 6BBRs for the same
Registered Address are resolved using the TID field, which forms an o
rder
of registrations.
</li>
<li pn="section-3-15.2">
The LLA that the 6BBR advertises for the
Registered Address on behalf of the Registered Node over the
backbone can belong to the Registering Node; in that case, the 6BBR
(acting as a Bridging Proxy (see <xref target="bridge_proxy" format="
default" sectionFormat="of" derivedContent="Section 8"/>))
bridges the unicast packets. Alternatively, the LLA can be that
of the 6BBR on the backbone interface, in which case, the 6BBR
(acting as a Routing Proxy (see <xref target="rtr_proxy" format="defa
ult" sectionFormat="of" derivedContent="Section 7"/>))
receives the unicast packets at Layer 3 and routes over.
</li>
</ul>
<section anchor="updating" numbered="true" removeInRFC="false" toc="includ
e" pn="section-3.1">
<name slugifiedName="name-updating-rfcs-6775-and-8505">Updating RFCs 677
5 and 8505</name>
<t indent="0" pn="section-3.1-1">
This specification adds the EARO as a possible option in RS, NS(DAD),
and NA messages over the backbone.
This document specifies the use of those ND messages by 6BBRs
over the backbone, at a high level in <xref target="bbrbb" format="defaul
t" sectionFormat="of" derivedContent="Section 6"/> and in more
detail in <xref target="crea" format="default" sectionFormat="of" derivedCon
tent="Section 9"/>.
</t>
<aside pn="section-3.1-2">
<t indent="0" pn="section-3.1-2.1">
Note: <xref target="RFC8505" format="default" sectionFormat="of" derivedCont
ent="RFC8505"/> requires
that the registration NS(EARO) contain a Source Link-Layer Address Option
(SLLAO). <xref target="RFC4862" format="default" sectionFormat="of" derivedC
ontent="RFC4862"/> requires that
the NS(DAD) be sent from the unspecified address for which there cannot be a
n
SLLAO. Consequently, an NS(DAD) cannot be confused with a registration.
</t>
</aside>
<t indent="0" pn="section-3.1-3">
This specification allows the deployment of a 6LBR on the backbone where EDA
R and
EDAC messages coexist with classical ND. It also adds the capability to ins
ert IPv6 ND options in the EDAR and EDAC messages.
A 6BBR acting as a 6LR
for the Registered Address can insert an SLLAO in the EDAR to the 6LB
R in
order to avoid causing a multicast NS(lookup) back. This enables the 6LBR
to store the link-layer
address associated with the Registered Address on a link and to serve as a
mapping server as described in
<xref target="I-D.thubert-6lo-unicast-lookup" format="default" sectionFormat
="of" derivedContent="UNICAST-LOOKUP"/>.
</t>
<t indent="0" pn="section-3.1-4">
This specification allows an address to be registered to more than one
6BBR. Consequently, a 6LBR that is deployed on the backbone <bcp14>MUST</bcp
14> be capable
of maintaining state for each of the 6BBRs that have registered with the sam
e
TID and same ROVR.
</t>
</section>
<section anchor="WAL" numbered="true" removeInRFC="false" toc="include" pn
="section-3.2">
<name slugifiedName="name-access-link">Access Link</name>
<t indent="0" pn="section-3.2-1">
The simplest MLSN topology from the Layer 3 perspective occurs
when the wireless network appears as a single-hop hub-and-spoke network as
shown in <xref target="figBackbone1" format="default" sectionFormat="of" deri
vedContent="Figure 2"/>. The Layer 2 operation may effectively
be hub-and-spoke (e.g., Wi-Fi) or mesh-under, with a Layer 2 protocol
handling the complex topology.
</t>
<figure anchor="figBackbone1" align="left" suppress-title="false" pn="fi
gure-2">
<name slugifiedName="name-access-link-use-case">Access Link Use Case</
name>
<artwork align="left" pn="section-3.2-2.1">
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
| 6LR | | 6LR | | 6LR |
+------+ +------+ +------+
(6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN)
</artwork>
</figure>
<t indent="0" pn="section-3.2-3">
<xref target="figReg2" format="default" sectionFormat="of" derivedContent
="Figure 3"/> illustrates a flow where 6LN forms an IPv6
address and registers it to a 6BBR acting as a 6LR
<xref target="RFC8505" format="default" sectionFormat="of" derivedContent
="RFC8505"/>. The 6BBR applies Optimistic Duplicate Address Detection (ODAD) (se
e
<xref target="odad" format="default" sectionFormat="of" derivedContent="S
ection 3.6"/>) to the Registered Address to enable
connectivity while the message flow is still in progress.
</t>
<figure anchor="figReg2" suppress-title="false" align="left" pn="figure-
3">
<name slugifiedName="name-initial-registration-flow-t">Initial Registr
ation Flow to a 6BBR Acting as a Routing Proxy</name>
<artwork align="left" pn="section-3.2-4.1">
6LN(STA) 6BBR(AP) 6LBR default GW
| | | |
| LLN Access Link | IPv6 Backbone (e.g., Ethernet) |
| | | |
| RS(multicast) | | |
|----------------&gt;| | |
| RA(PIO, Unicast)| | |
|&lt;----------------| | |
| NS(EARO) | | |
|----------------&gt;| | |
| | Extended DAR | |
| |---------------&gt;| |
| | Extended DAC | |
| |&lt;---------------| |
| | |
| | NS-DAD(EARO, multicast) |
| |--------&gt; |
| |-----------------------------------&gt;|
| | |
| | RS(no SLLAO, for ODAD) |
| |-----------------------------------&gt;|
| | if (no fresher Binding) NS(Lookup) |
| | &lt;----------------|
| |&lt;-----------------------------------|
| | NA(SLLAO, not(O), EARO) |
| |-----------------------------------&gt;|
| | RA(unicast) |
| |&lt;-----------------------------------|
| | |
| IPv6 Packets in Optimistic Mode |
|&lt;----------------------------------------------------&gt;|
| | |
| |
| NA(EARO) |&lt;DAD timeout&gt;
|&lt;----------------|
| |</artwork>
</figure>
<t indent="0" pn="section-3.2-5">
In this example, a 6LBR is deployed on the Backbone Link to serve the whole
subnet, and EDAR/EDAC messages are used in combination with DAD to enable
coexistence with IPv6 ND over the backbone.
</t>
<t indent="0" pn="section-3.2-6">
The RS sent initially by the 6LN (e.g., a Wi-Fi STA) is transmitted as a mul
ticast, but
since it is intercepted by the 6BBR, it is never effectively broadcast.
The multiple arrows associated to the ND messages on the backbone denote a
real Layer 2 broadcast.
</t>
</section>
<section anchor="ROM" numbered="true" removeInRFC="false" toc="include" pn
="section-3.3">
<name slugifiedName="name-route-over-mesh">Route-Over Mesh</name>
<t indent="0" pn="section-3.3-1">
A more complex MLSN topology occurs when the wireless network
appears as a Layer 3 mesh network as shown in <xref target="figBackbone2" for
mat="default" sectionFormat="of" derivedContent="Figure 4"/>.
A so-called route-over routing protocol exposes routes between 6LRs towards
both 6LRs and 6LNs, and a 6LBR acts as the Root of the Layer 3 mesh network a
nd
proxy-registers the LLN addresses to the 6BBR.
</t>
<figure anchor="figBackbone2" align="left" suppress-title="false" pn="fi
gure-4">
<name slugifiedName="name-route-over-mesh-use-case">Route-Over Mesh Us
e Case</name>
<artwork align="left" pn="section-3.3-2.1">
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
+------+ +------+ +------+
| | |
+------+ +------+ +------+
| 6LBR | | 6LBR | | 6LBR |
+------+ +------+ +------+
(6LN) (6LR) (6LN) (6LR) (6LN) (6LR) (6LR) (6LR)(6LN)
(6LN)(6LR) (6LR) (6LN) (6LN) (6LR)(6LN) (6LR) (6LR) (6LR) (6LN)
(6LR)(6LR) (6LR) (6LR) (6LR)(6LN) (6LR) (6LR)(6LR)
(6LR) (6LR) (6LR) (6LR) (6LN)(6LR) (6LR) (6LR) (6LR) (6LR)
(6LN) (6LN)(6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN)
</artwork>
</figure>
<t indent="0" pn="section-3.3-3">
<xref target="figReg" format="default" sectionFormat="of" derivedContent=
"Figure 5"/> illustrates IPv6 signaling that
enables a 6LN (the Registered Node) to form a Global or a Unique Local Ad
dress and register it to the 6LBR that serves its LLN using <xref target="RFC850
5" format="default" sectionFormat="of" derivedContent="RFC8505"/> and a neighbor
ing 6LR as relay.
The 6LBR (the Registering Node) then proxies the registration <xref target="
RFC8505" format="default" sectionFormat="of" derivedContent="RFC8505"/> to the 6
BBR to obtain ND proxy services from the 6BBR.
</t>
<t indent="0" pn="section-3.3-4">
The RS sent initially by the 6LN is transmitted as a multicast and contained
within 1-hop broadcast range where hopefully a 6LR is found. The 6LR is expecte
d to be already connected to the LLN and capable of reaching the 6LBR, which is
possibly multiple hops away, using unicast messages.
</t>
<figure anchor="figReg" suppress-title="false" align="left" pn="figure-5
">
<name slugifiedName="name-initial-registration-flow-o">Initial Registr
ation Flow over Route-Over Mesh</name>
<artwork align="left" pn="section-3.3-5.1">
6LoWPAN Node 6LR 6LBR 6BBR
(mesh leaf) (mesh router) (mesh root)
| | | |
| 6LoWPAN ND |6LoWPAN ND | 6LoWPAN ND | IPv6 ND
| LLN Link |Route-Over Mesh|Ethernet/Serial| Backbone
| | |/Internal Call |
| IPv6 ND RS | | |
|--------------&gt;| | |
|-----------&gt; | | |
|------------------&gt; | |
| IPv6 ND RA | | |
|&lt;--------------| | |
| | | |
| NS(EARO) | | |
|--------------&gt;| | |
| 6LoWPAN ND | Extended DAR | |
| |--------------&gt;| |
| | | NS(EARO) |
| | |--------------&gt;|
| | | (proxied) | NS-DAD
| | | |------&gt;
| | | | (EARO)
| | | |
| | | NA(EARO) |&lt;timeout&gt;
| | |&lt;--------------|
| | Extended DAC | |
| |&lt;--------------| |
| NA(EARO) | | |
|&lt;--------------| | |
| | | |
</artwork>
</figure>
<t indent="0" pn="section-3.3-6">
As a non-normative example of a route-over mesh, the
IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) architecture <xref tar
get="I-D.ietf-6tisch-architecture" format="default" sectionFormat="of" derivedCo
ntent="6TiSCH"/>
suggests using the RPL <xref target="RFC6550" format="default" sectionFor
mat="of" derivedContent="RFC6550"/> and collocating the RPL
root with a 6LBR that serves the LLN. The 6LBR is also either collocated
with or directly connected to the 6BBR over an IPv6 link.
</t>
</section>
<section anchor="Binding" numbered="true" removeInRFC="false" toc="include
" pn="section-3.4">
<name slugifiedName="name-the-binding-table">The Binding Table</name>
<t indent="0" pn="section-3.4-1">
Addresses in an LLN that are reachable from the backbone by way of the 6BBR
function must be registered to that 6BBR, using an NS(EARO) with the R flag
set <xref target="RFC8505" format="default" sectionFormat="of" derivedConten
t="RFC8505"/>. The 6BBR answers with an NA(EARO)
and maintains a state for the registration in an abstract
Binding Table.
</t>
<t indent="0" pn="section-3.4-2">
An entry in the Binding Table is called a "Binding".
A Binding may be in Tentative, Reachable, or Stale state.
</t>
<t indent="0" pn="section-3.4-3">
The 6BBR uses a combination of <xref target="RFC8505" format="default" secti
onFormat="of" derivedContent="RFC8505"/> and IPv6 ND over the
backbone to advertise the registration and avoid a duplication.
Conflicting registrations are solved by the 6BBRs transparently to the
Registering Nodes.
</t>
<t indent="0" pn="section-3.4-4">
Only one 6LN may register a given address, but the address may be registe
red
to multiple 6BBRs for higher availability.
</t>
<t indent="0" pn="section-3.4-5">
Over the LLN, Binding Table management is as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-3
.4-6">
<li pn="section-3.4-6.1"> De-registrations (newer TID, same ROVR, null
Lifetime) are
accepted with a status code of 4 ("Removed"); the entry is deleted. <
/li>
<li pn="section-3.4-6.2"> Newer registrations (newer TID, same ROVR, n
on-null Lifetime) are
accepted with a status code of 0 ("Success"); the Binding is updated
with the new TID, the Registration Lifetime, and the Registering
Node. In Tentative state, the EDAC response
is held and may be overwritten; in other states, the
Registration Lifetime timer is restarted, and the entry is placed
in Reachable state. </li>
<li pn="section-3.4-6.3"> Identical registrations (same TID, same ROVR
) from the same
Registering Node are accepted with a status code of 0 ("Success").
In Tentative state, the response is held and may be overwritten,
but the response is eventually produced, carrying
the result of the DAD process. </li>
<li pn="section-3.4-6.4"> Older registrations (older TID, same ROVR) f
rom the same
Registering Node are discarded. </li>
<li pn="section-3.4-6.5"> Identical and older registrations (not-newer
TID, same ROVR) from
a different Registering Node are rejected with a status code of 3
("Moved"); this may be rate-limited to avoid undue interference. </li
>
<li pn="section-3.4-6.6"> Any registration for the same address but wi
th a different
ROVR is rejected with a status code of 1 ("Duplicate Address").</li>
</ul>
<t indent="0" pn="section-3.4-7">The operation of the Binding Table is s
pecified in detail in <xref target="crea" format="default" sectionFormat="of" de
rivedContent="Section 9"/>.
</t>
</section>
<section anchor="primary" numbered="true" removeInRFC="false" toc="include
" pn="section-3.5">
<name slugifiedName="name-primary-and-secondary-6bbrs">Primary and Secon
dary 6BBRs</name>
<t indent="0" pn="section-3.5-1">
A Registering Node <bcp14>MAY</bcp14> register the same address to more than
one 6BBR,
in which case, the Registering Node uses the same EARO in all the parallel
registrations.
On the other hand, there is no provision in 6LoWPAN ND for a 6LN (acting
as Registered Node) to select its 6LBR (acting as Registering Node), so it
cannot select more than one either.
To allow for this, NS(DAD) and NA messages with an EARO received over the
backbone that indicate an identical Binding in another 6BBR (same Registered
Address, same TID, same ROVR) are silently ignored except for the purpose of
selecting the primary 6BBR for that registration.
</t>
<t indent="0" pn="section-3.5-2">
A 6BBR may be either primary or secondary. The primary is the 6BBR
that has the highest 64-bit Extended Unique Identifier (EUI-64)
address of all the 6BBRs that share a registration for the same
Registered Address, with the same ROVR and same Transaction ID, and the
EUI-64 address is considered an unsigned 64-bit integer.
A given 6BBR can be primary for a given address and secondary for another
address, regardless of whether or not the addresses belong to the same 6
LN.
</t>
<t indent="0" pn="section-3.5-3">
In the following sections, it is expected that an NA will be sent over the
backbone only if the node is primary or does not support the concept of
primary. More than one 6BBR claiming or defending an address generates
unwanted traffic, but there is no reachability issue since all 6BBRs provide
reachability from the backbone to the 6LN.
</t>
<t indent="0" pn="section-3.5-4">
If a Registering Node loses connectivity to its 6BBR or one of the 6BBRs to
which
it registered an address, it retries the registration to the (one or more)
available 6BBR(s). When doing that, the Registering Node <bcp14>MUST</bcp14>
increment the
TID in order to force the migration of the state to the new 6BBR and
the reselection of the primary 6BBR if it is the node that was lost.
</t>
</section>
<section anchor="odad" numbered="true" removeInRFC="false" toc="include" p
n="section-3.6">
<name slugifiedName="name-using-optimistic-dad">Using Optimistic DAD</na
me>
<t indent="0" pn="section-3.6-1">
ODAD <xref target="RFC4429" format="default" sectionFormat="of" derivedCo
ntent="RFC4429"/> specifies how an IPv6 address can be used before completion of
DAD. ODAD guarantees that this behavior
will not cause harm if the new address is a duplicate. </t>
<t indent="0" pn="section-3.6-2">
Support for ODAD avoids delays in installing the Neighbor Cache Entry (NC
E)
in the 6BBRs and the default router, enabling immediate connectivity
to the Registered Node. As shown in <xref target="figReg2" format="defau
lt" sectionFormat="of" derivedContent="Figure 3"/>, if the
6BBR is aware of the LLA of a router, then the
6BBR sends a Router Solicitation (RS), using the Registered Address as
the IP Source Address, to the known router(s). The RS is sent
without an SLLAO, to avoid invalidating a
preexisting NCE in the router.
</t>
<t indent="0" pn="section-3.6-3">
Following ODAD, the router may then send a unicast RA to the Registered
Address, and it may resolve that address using an NS(Lookup) message.
In response, the 6BBR sends an NA with an EARO and the Override flag
<xref target="RFC4861" format="default" sectionFormat="of" derivedContent="R
FC4861"/> that is not set.
The router can then determine the freshest EARO in case of
conflicting NA(EARO) messages, using the method described in
<xref target="RFC8505" sectionFormat="of" section="5.2.1" format="default" d
erivedLink="https://rfc-editor.org/rfc/rfc8505#section-5.2.1" derivedContent="RF
C8505"/>.
If the NA(EARO) is the freshest answer, the default router creates a
Binding with the SLLAO of the 6BBR (in Routing Proxy mode) or that of the
Registering Node (in Bridging Proxy mode), so traffic from/to the
Registered Address can flow immediately.
</t>
</section>
</section>
<section anchor="sn" numbered="true" removeInRFC="false" toc="include" pn="s
ection-4">
<name slugifiedName="name-multi-link-subnet-considera">Multi-Link Subnet C
onsiderations</name>
<t indent="0" pn="section-4-1">
The backbone and the federated LLN links are considered to be different
links in the MLSN, even if multiple LLNs are attached to
the same 6BBR. ND messages are link-scoped and are not forwarded by the
6BBR between the backbone and the LLNs, though some packets may be
reinjected in Bridging Proxy mode (see <xref target="bridge_proxy" format="d
efault" sectionFormat="of" derivedContent="Section 8"/>).
</t>
<t indent="0" pn="section-4-2">
Legacy nodes located on the backbone expect that the subnet is deployed
within a single link and that there is a common Maximum Transmission Unit
(MTU) for intra-subnet communication: the Link MTU.
They will not perform the IPv6 Path MTU Discovery <xref target="RFC8201" for
mat="default" sectionFormat="of" derivedContent="RFC8201"/>
for a destination within the subnet. For that reason, the MTU <bcp14>MUST</
bcp14> have
the same value on the backbone and on all federated LLNs in the MLSN. As
a
consequence, the 6BBR <bcp14>MUST</bcp14> use the same MTU value in RAs over
the backbone
and in the RAs that it transmits toward the LLN links.
</t>
</section>
<section anchor="lbr" numbered="true" removeInRFC="false" toc="include" pn="
section-5">
<name slugifiedName="name-optional-6lbr-serving-the-m">Optional 6LBR Servi
ng the Multi-Link Subnet</name>
<t indent="0" pn="section-5-1">
A 6LBR can be deployed to serve the whole MLSN as shown in <xref target="
figBackbone2" format="default" sectionFormat="of" derivedContent="Figure 4"/>. I
t may be attached to the
backbone, in which case it can be discovered by its capability advertisement
(see <xref target="RFC8505" sectionFormat="of" section="4.3" format="default
" derivedLink="https://rfc-editor.org/rfc/rfc8505#section-4.3" derivedContent="R
FC8505"/>) in RA messages.
</t>
<t indent="0" pn="section-5-2">
When a 6LBR is present, the 6BBR uses an EDAR/EDAC message
exchange with the 6LBR to check if the new registration corresponds to a dup
lication or a movement.
This is done prior to the NS(DAD) process, which may be avoided if
the 6LBR already maintains a conflicting state for the Registered Address.
</t>
<t indent="0" pn="section-5-3">
If this registration is a duplicate or not the freshest, then the 6LBR
replies with an EDAC message with a status code of 1 ("Duplicate Address") o
r 3 ("Moved"), respectively.
If this registration is the freshest, then the 6LBR replies with a status
code of 0 ("Success"). In that case, if this registration is fresher than a
n existing
registration for another 6BBR, then the 6LBR also sends an asynchronous
EDAC with a status code of 4 ("Removed") to the older 6BBR.
</t>
<t indent="0" pn="section-5-4">
The EDAR message <bcp14>SHOULD</bcp14> carry the SLLAO used in NS messages b
y the 6BBR
for that Binding, and the EDAC message <bcp14>SHOULD</bcp14> carry the Targe
t Link-Layer
Address Option (TLLAO) associated with the currently accepted registration.
This enables a 6BBR to locate
the new position of a mobile 6LN in the case of a Routing Proxy operation
and opens the capability for the 6LBR to serve as a mapping server in the
future.
</t>
<t indent="0" pn="section-5-5">
Note that if link-local addresses are registered, then the scope of
uniqueness on which the address duplication is checked is the total
collection of links that the 6LBR serves, as opposed to the sole link on
which the link-local address is assigned.
</t>
</section>
<section anchor="bbrbb" numbered="true" removeInRFC="false" toc="include" pn
="section-6">
<name slugifiedName="name-using-ipv6-nd-over-the-back">Using IPv6 ND over
the Backbone Link</name>
<t indent="0" pn="section-6-1">
On the backbone side, the 6BBR <bcp14>MUST</bcp14> join the SNMA group co
rresponding
to a Registered Address as soon as it creates a Binding for that
address and maintain that SNMA membership as long as it maintains the
registration.
The 6BBR uses either the SNMA or plain unicast to
defend the Registered Addresses in its Binding Table over the
backbone (as specified in <xref target="RFC4862" format="default" section
Format="of" derivedContent="RFC4862"/>).
The 6BBR advertises and defends the Registered Addresses over the
Backbone Link using RS, NS(DAD), and NA messages with the Registered
Address as the Source or Target Address.
</t>
<t indent="0" pn="section-6-2">
The 6BBR <bcp14>MUST</bcp14> place an EARO in the IPv6 ND messages that it g
enerates
on behalf of the Registered Node. Note that an NS(DAD) does not
contain an SLLAO and cannot be confused with a proxy registration such as
performed by a 6LBR.
</t>
<t indent="0" pn="section-6-3">
IPv6 ND operates as follows on the backbone:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-6-4
">
<li pn="section-6-4.1">
<xref target="RFC4861" sectionFormat="of" section="7.2.8" format="defa
ult" derivedLink="https://rfc-editor.org/rfc/rfc4861#section-7.2.8" derivedConte
nt="RFC4861"/> specifies that an NA message generated as a proxy does not have t
he Override flag set in order to ensure that if the real owner is present on the
link, its own NA will take precedence, and this NA does not update the NCE for
the real owner if one exists.
</li>
<li pn="section-6-4.2">
A node that receives multiple NA messages updates an existing NCE only if th
e Override flag is set; otherwise, the node will probe the cached address.
</li>
<li pn="section-6-4.3">
When an NS(DAD) is received for a tentative address, which means that two no
des form the same address at nearly the same time, the node that first claimed t
he address cannot be detected per <xref target="RFC4862" sectionFormat="of" sect
ion="5.4.3" format="default" derivedLink="https://rfc-editor.org/rfc/rfc4862#sec
tion-5.4.3" derivedContent="RFC4862"/>, and the address is abandoned.
</li>
<li pn="section-6-4.4">
In any case, <xref target="RFC4862" format="default" sectionFormat="of" der
ivedContent="RFC4862"/> indicates that a node never responds to a Neighbor Solic
itation for a tentative address.
</li>
</ul>
<t indent="0" pn="section-6-5">
This specification adds information about proxied addresses that helps to so
rt out a duplication (different ROVR) from a movement (same ROVR, different TID)
; in the latter case, the older registration is sorted out from the fresher one
(by comparing TIDs).
</t>
<t indent="0" pn="section-6-6">
When a Registering Node moves from one 6BBR to the next, the 6BBRs send NA messa
ges over the backbone to update existing NCEs. A node that receives multiple NA
messages with an EARO option and the same ROVR <bcp14>MUST</bcp14> favor the NA
with the freshest EARO over the others.
</t>
<t indent="0" pn="section-6-7">
The new 6BBR <bcp14>MAY</bcp14> set the Override flag in the NA messages if it d
oes not compete with the Registering Node for the NCE in backbone nodes. This is
assured if the Registering Node is attached via an interface that cannot be bri
dged onto the backbone, making it impossible for the Registering Node to defend
its own addresses there. This may also be signaled by the Registering Node throu
gh a protocol extension that is not in scope for this specification.
</t>
<t indent="0" pn="section-6-8">
When the Binding is in Tentative state, the 6BBR acts as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-6-9
">
<li pn="section-6-9.1">
an NS(DAD) that indicates a duplication can still not be asserted for first
come, but the situation can be avoided using a 6LBR on the backbone that will se
rialize the order of appearance of the address and ensure first-come, first-serv
ed.
</li>
<li pn="section-6-9.2">
an NS or an NA that denotes an older registration for the same Registered No
de is not interpreted as a duplication as specified in Sections <xref target="RF
C4862" section="5.4.3" sectionFormat="bare" format="default" derivedLink="https:
//rfc-editor.org/rfc/rfc4862#section-5.4.3" derivedContent="RFC4862"/> and <xref
target="RFC4862" section="5.4.4" sectionFormat="bare" format="default" derivedL
ink="https://rfc-editor.org/rfc/rfc4862#section-5.4.4" derivedContent="RFC4862"/
> of <xref target="RFC4862" format="default" sectionFormat="of" derivedContent="
RFC4862"/>, respectively.
</li>
</ul>
<t indent="0" pn="section-6-10">
When the Binding is no longer in Tentative state, the 6BBR acts as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-6-1
1">
<li pn="section-6-11.1">
an NS or an NA with an EARO that denotes a duplicate registration
(different ROVR) is answered with an NA message that carries an
EARO with a status code of 1 ("Duplicate Address"), unless the received
message is an NA that carries an EARO with a status code of 1
("Duplicate Address").
</li>
</ul>
<t indent="0" pn="section-6-12">
In any state, the 6BBR acts as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-6-1
3">
<li pn="section-6-13.1">
an NS or an NA with an EARO that denotes an older registration (same ROVR) i
s answered with an NA message that carries an EARO with a status code of 3 ("Mov
ed") to ensure that the Stale state is removed rapidly.
</li>
</ul>
<t indent="0" pn="section-6-14">
This behavior is specified in more detail in <xref target="crea" format="def
ault" sectionFormat="of" derivedContent="Section 9"/>.
</t>
<t indent="0" pn="section-6-15">
This specification enables proxy operation for the IPv6 ND resolution of
LLN devices, and a prefix that is used across an MLSN <bcp14>MAY</bcp14> be
advertised as on-link over the backbone. This is done for backward
compatibility with existing IPv6 hosts by setting the L flag in the Prefix
Information Option (PIO) of RA messages <xref target="RFC4861" format="defau
lt" sectionFormat="of" derivedContent="RFC4861"/>.
</t>
<t indent="0" pn="section-6-16">
For movement involving a slow reattachment, the NUD procedure
defined in <xref target="RFC4861" format="default" sectionFormat="of" derive
dContent="RFC4861"/> may timeout too
quickly. Nodes on the backbone <bcp14>SHOULD</bcp14> support <xref targe
t="RFC7048" format="default" sectionFormat="of" derivedContent="RFC7048"/>
whenever possible.
</t>
</section>
<section anchor="rtr_proxy" numbered="true" removeInRFC="false" toc="include
" pn="section-7">
<name slugifiedName="name-routing-proxy-operations">Routing Proxy Operatio
ns</name>
<t indent="0" pn="section-7-1">
A Routing Proxy provides IPv6 ND proxy functions for Global and Unique
Local Addresses between the LLN and the backbone, but not for link-local
addresses. It operates as an IPv6 border router and provides a full
link-layer isolation.
</t>
<t indent="0" pn="section-7-2">
In this mode, it is not required that the link-layer addresses of the 6LNs b
e
visible at Layer 2 over the backbone. Thus, it is useful when the messaging
over the backbone that is associated with wireless mobility becomes
expensive, e.g., when the Layer 2 topology is virtualized over a wide area
IP underlay.
</t>
<t indent="0" pn="section-7-3">
This mode is definitely required when the LLN uses a link-layer address form
at
that is different from that on the backbone (e.g., EUI-64 versus EUI-48).
Since a 6LN may not be able to resolve an arbitrary destination in the
MLSN directly, a prefix that is used across a MLSN <bcp14>MUST NOT</bcp14> b
e advertised as
on-link in RA messages sent towards the LLN.
</t>
<t indent="0" pn="section-7-4">
In order to maintain IP connectivity, the 6BBR installs a connected
host route to the Registered Address on the LLN interface, via the
Registering Node as identified by the source address and the SLLAO
in the NS(EARO) messages.
</t>
<t indent="0" pn="section-7-5">
When operating as a Routing Proxy, the 6BBR <bcp14>MUST</bcp14> use its Laye
r 2
address on its backbone interface in the SLLAO of the RS messages and
the TLLAO of the NA messages that it generates to advertise the
Registered Addresses.
</t>
<t indent="0" pn="section-7-6">
For each Registered Address, multiple peers on the backbone may
have resolved the address with the 6BBR link-layer address, maintaining t
hat
mapping in their Neighbor Cache. The 6BBR <bcp14>SHOULD</bcp14> maintain
a list of
the peers on the backbone that have associated its link-layer address wit
h
the Registered Address. If that Registered Address moves to another 6BBR,
the previous 6BBR <bcp14>SHOULD</bcp14> unicast a gratuitous NA to each s
uch peer, to supply the LLA of the new 6BBR in the TLLAO for the address.
A 6BBR that does not maintain this list <bcp14>MAY</bcp14> multicast a
gratuitous NA message; this NA
will possibly hit all the nodes on the backbone, whether or not
they maintain an NCE for the Registered Address.
In either case, the 6BBR <bcp14>MAY</bcp14> set the Override flag if it is k
nown that the Registered Node cannot attach to the backbone; this will avoid int
erruptions and save probing flows in the future.
</t>
<t indent="0" pn="section-7-7">
If a correspondent fails to receive the gratuitous NA, it will keep
sending traffic to a 6BBR to which the node was previously registered.
Since the previous 6BBR removed its host route to the Registered Address,
it will look up the address over the backbone, resolve the address
with the LLA of the new 6BBR, and forward the packet to the correct
6BBR. The previous 6BBR <bcp14>SHOULD</bcp14> also issue a redirect mess
age
<xref target="RFC4861" format="default" sectionFormat="of" derivedContent
="RFC4861"/> to update the cache of the correspondent.
</t>
</section>
<section anchor="bridge_proxy" numbered="true" removeInRFC="false" toc="incl
ude" pn="section-8">
<name slugifiedName="name-bridging-proxy-operations">Bridging Proxy Operat
ions</name>
<t indent="0" pn="section-8-1">
A Bridging Proxy provides IPv6 ND proxy functions between the LLN and the
backbone while preserving the forwarding continuity at the link layer.
It acts as a Layer 2 bridge for all types of unicast packets including
link-scoped, and it appears as an IPv6 Host on the backbone.
</t>
<t indent="0" pn="section-8-2">
The Bridging Proxy registers any Binding, including a link-local
address to the 6LBR (if present), and defends it over the backbone in IPv6
ND procedures.
</t>
<t indent="0" pn="section-8-3">
To achieve this, the Bridging Proxy intercepts the IPv6 ND messages
and may reinject them on the other side, respond directly, or drop them.
For instance, an NS(Lookup) from the backbone that matches a Binding can be
responded to directly or turned into a unicast on the LLN side to let the
6LN respond.
</t>
<t indent="0" pn="section-8-4">
As a Bridging Proxy, the 6BBR <bcp14>MUST</bcp14> use the Registering Nod
e's Layer 2
address in the SLLAO of the NS/RS messages and the TLLAO of the NA
messages that it generates to advertise the Registered Addresses.
The Registering Node's Layer 2 address is found in the SLLAO of the
registration NS(EARO) and maintained in the Binding Table.
</t>
<t indent="0" pn="section-8-5">
The MLSN prefix <bcp14>SHOULD NOT</bcp14> be advertised as on-link in RA
messages sent towards the LLN.
If a destination address is seen as on-link, then a 6LN may use NS(Lookup)
messages to resolve that address. In that case, the 6BBR <bcp14>MUST</bcp14>
either answer the NS(Lookup) message directly or reinject the message on the
backbone, as either a Layer 2 unicast or a multicast.
</t>
<t indent="0" pn="section-8-6">
If the Registering Node owns the Registered Address, meaning that the Regist
ering Node is the Registered Node, then its mobility does not impact exis
ting NCEs over the backbone.
In a network where proxy registrations are used, meaning that the Registerin
g Node acts on behalf of the Registered Node, if the Registered Node selects a n
ew Registering Node, then the existing NCEs across the backbone pointing at the
old Registering Node must be updated.
In that case, the 6BBR <bcp14>SHOULD</bcp14> attempt to fix the existing NCE
s across the backbone pointing at other 6BBRs using NA messages as described in
<xref target="rtr_proxy" format="default" sectionFormat="of" derivedContent="Sec
tion 7"/>.
</t>
<t indent="0" pn="section-8-7">
This method can fail if the multicast message is not received; one or
more
correspondent nodes on the backbone might maintain a stale NCE,
and packets to the Registered Address may be lost.
When this condition happens, it is eventually discovered and
resolved using NUD as
defined in <xref target="RFC4861" format="default" sectionFormat="of" der
ivedContent="RFC4861"/>.
</t>
</section>
<section anchor="crea" numbered="true" removeInRFC="false" toc="include" pn=
"section-9">
<name slugifiedName="name-creating-and-maintaining-a-">Creating and Mainta
ining a Binding</name>
<t indent="0" pn="section-9-1">
Upon receiving a registration for a new address (i.e., an NS(EARO) with
the R flag set), the 6BBR creates a Binding and operates as a 6LR accordi
ng
to <xref target="RFC8505" format="default" sectionFormat="of" derivedContent
="RFC8505"/>, interacting with the 6LBR if one is present.
</t>
<t indent="0" pn="section-9-2">
An implementation of a Routing Proxy that creates a Binding <bcp14>MUST</bcp
14> also create an associated host route pointing to the Registering Node in the
LLN
interface from which the registration was received.
</t>
<t indent="0" pn="section-9-3">
Acting as a 6BBR, the 6LR operation is modified as follows:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-9-4
">
<li pn="section-9-4.1">
Acting as a Bridging Proxy, the 6LR <bcp14>MUST</bcp14> ND proxy over th
e
backbone for registered link-local addresses.
</li>
<li pn="section-9-4.2">
EDAR and EDAC messages <bcp14>SHOULD</bcp14> carry an SLLAO and a TLLAO,
respectively.
</li>
<li pn="section-9-4.3">
An EDAC message with a status code of 9 ("6LBR Registry Saturated") is
assimilated as a status code of 0 ("Success") if a following DAD process
protects the
address against duplication.
</li>
</ul>
<t indent="0" pn="section-9-5">
This specification enables nodes on a Backbone Link to coexist along
with nodes implementing IPv6 ND <xref target="RFC4861" format="default" sect
ionFormat="of" derivedContent="RFC4861"/> as well as other
non-normative specifications such as <xref target="I-D.bi-savi-wlan" format=
"default" sectionFormat="of" derivedContent="SAVI-WLAN"/>.
It is possible that not all IPv6 addresses on the backbone are registered
and known to the 6LBR, and an EDAR/EDAC exchange with the 6LBR might
succeed even for a duplicate address.
Consequently, the 6BBR still
needs to perform IPv6 ND DAD over the backbone after an EDAC with a
status code of 0 ("Success") or 9 ("6LBR Registry Saturated").
</t>
<t indent="0" pn="section-9-6">
For the DAD operation, the Binding is placed in Tentative state for a
duration of TENTATIVE_DURATION (<xref target="const" format="default" sectio
nFormat="of" derivedContent="Section 12"/>),
and an NS(DAD) message is sent as a multicast
message over the backbone to the SNMA associated with the Registered Address
<xref target="RFC4862" format="default" sectionFormat="of" derivedContent="R
FC4862"/>.
The EARO from the registration <bcp14>MUST</bcp14> be placed unchanged in th
e NS(DAD)
message.
</t>
<t indent="0" pn="section-9-7">
If a registration is received for an existing Binding with a non-null
Registration Lifetime and the registration is fresher (same ROVR, fresher TI
D), then the Binding is updated with the new Registration Lifetime,
TID, and possibly Registering Node. In Tentative state
(see <xref target="tent" format="default" sectionFormat="of" derivedContent=
"Section 9.1"/>), the current DAD operation continues unaltered.
In other states (see Sections <xref target="defend" format="counter" section
Format="of" derivedContent="9.2"/> and <xref target="stale" format="counter" sec
tionFormat="of" derivedContent="9.3"/> ),
the Binding is placed in Reachable state for the Registration Lifetime, and
the 6BBR returns an NA(EARO) to the Registering Node with a status code of 0
("Success").
</t>
<t indent="0" pn="section-9-8">
Upon a registration that is identical (same ROVR, TID, and Registering
Node), the 6BBR does not alter its current state. In Reachable state, it ret
urns an NA(EARO) back to the Registering Node with a status code of 0 ("Success"
).
A registration that is not as fresh (same ROVR, older TID) is ignored.
</t>
<t indent="0" pn="section-9-9">
If a registration is received for an existing Binding and a Registration
Lifetime of 0, then the Binding is removed, and the 6BBR returns an
NA(EARO) back to the Registering Node with a status code of 0 ("Success").
An implementation of a Routing Proxy that removes a Binding <bcp14>MUST</bcp
14> remove the
associated host route pointing on the Registering Node.
</t>
<t indent="0" pn="section-9-10">
The old 6BBR removes its Binding Table entry and notifies the Registering No
de with a status code of 3 ("Moved") if a new 6BBR claims a fresher registration
(same ROVR, fresher TID) for the same address.
The old 6BBR <bcp14>MAY</bcp14> preserve a temporary state in order to forwa
rd packets in
flight.
The state may be, for instance, an NCE that was formed when an NA message wa
s received. It may also be a Binding Table entry in Stale state, pointing at the
new 6BBR on the backbone or any other abstract cache entry that can be used to
resolve the link-layer address of the new 6BBR.
The old 6BBR <bcp14>SHOULD</bcp14> also use REDIRECT messages pointing at th
e new 6BBR to update the correspondents of the Registered Address, as specified
in <xref target="RFC4861" format="default" sectionFormat="of" derivedContent="RF
C4861"/>.
</t>
<section anchor="tent" numbered="true" removeInRFC="false" toc="include" p
n="section-9.1">
<name slugifiedName="name-operations-on-a-binding-in-">Operations on a B
inding in Tentative State</name>
<t indent="0" pn="section-9.1-1">The Tentative state covers a DAD period
over the backbone during which
an address being registered is checked for duplication using the procedures
defined in <xref target="RFC4862" format="default" sectionFormat="of" derive
dContent="RFC4862"/>.
</t>
<t indent="0" pn="section-9.1-2">
For a Binding in Tentative state:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-9
.1-3">
<li pn="section-9.1-3.1">
The Binding <bcp14>MUST</bcp14> be removed if an NA message is received o
ver the
backbone for the Registered Address with no EARO or with an EARO that in
dicates an existing registration owned by a different Registering Node (differen
t ROVR). In that case, an NA is
sent back to the Registering Node with a status code of 1
("Duplicate Address") to indicate that the Binding has been rejected. Thi
s behavior might be overridden by policy, in particular
if the registration is trusted, e.g., based on the validation of the
ROVR field (see <xref target="RFC8928" format="default" sectionFormat="o
f" derivedContent="RFC8928"/>).
</li>
<li pn="section-9.1-3.2">
The Binding <bcp14>MUST</bcp14> be removed if an NS(DAD) message is recei
ved over the
backbone for the Registered Address with no EARO or with an EARO that ha
s a different ROVR that indicates a tentative registration by a different Regist
ering Node. In that case, an NA is
sent back to the Registering Node with a status code of 1
("Duplicate Address"). This behavior might be overridden by policy, in p
articular
if the registration is trusted, e.g., based on the validation of the
ROVR field (see <xref target="RFC8928" format="default" sectionFormat="o
f" derivedContent="RFC8928"/>).
</li>
<li pn="section-9.1-3.3">
The Binding <bcp14>MUST</bcp14> be removed if an NA or an NS(DAD) messag
e is received over the backbone for the Registered Address and contains an EARO
that indicates a fresher registration <xref target="RFC8505" format="default" se
ctionFormat="of" derivedContent="RFC8505"/> for the same Registering Node (same
ROVR). In that case, an NA <bcp14>MUST</bcp14> be sent back to the Registering N
ode with a status code of 3 ("Moved").
</li>
<li pn="section-9.1-3.4">
The Binding <bcp14>MUST</bcp14> be kept unchanged if an NA or an NS(DAD)
message is received over the backbone for the Registered Address and contains a
n EARO that indicates an older registration <xref target="RFC8505" format="defau
lt" sectionFormat="of" derivedContent="RFC8505"/> for the same Registering Node
(same ROVR). The message is answered with an NA that carries an EARO with a stat
us code of 3 ("Moved") and the Override flag not set. This behavior might be ove
rridden by policy, in particular if the registration is not trusted.
</li>
<li pn="section-9.1-3.5"> Other NS(DAD) and NA messages from the backb
one are ignored.
</li>
<li pn="section-9.1-3.6"> NS(Lookup) and NS(NUD) messages <bcp14>SHOUL
D</bcp14> be optimistically answered with
an NA message containing an EARO with a status code of 0
("Success") and the Override
flag not set (see <xref target="odad" format="default" sectionFormat="of
" derivedContent="Section 3.6"/>).
If optimistic DAD is disabled, then they <bcp14>SHOULD</bcp14> be queued
to be answered
when the Binding goes to Reachable state.
</li>
</ul>
<t indent="0" pn="section-9.1-4"> When the TENTATIVE_DURATION (<xref tar
get="const" format="default" sectionFormat="of" derivedContent="Section 12"/>) t
imer elapses,
the Binding is placed in
Reachable state for the Registration Lifetime, and the 6BBR returns
an NA(EARO) to the Registering Node with a status code of 0 ("Success").
</t>
<t indent="0" pn="section-9.1-5">
The 6BBR also attempts to take over any existing Binding from other
6BBRs and to update existing NCEs in backbone nodes. This is done by
sending an NA message with an EARO and the Override flag not set over
the backbone
(see Sections <xref target="rtr_proxy" format="counter" sectionFormat="o
f" derivedContent="7"/> and <xref target="bridge_proxy" format="counter" section
Format="of" derivedContent="8"/>).
</t>
</section>
<section anchor="defend" numbered="true" removeInRFC="false" toc="include"
pn="section-9.2">
<name slugifiedName="name-operations-on-a-binding-in-r">Operations on a
Binding in Reachable State</name>
<t indent="0" pn="section-9.2-1">
The Reachable state covers an active registration after a successful DAD
process.
</t>
<t indent="0" pn="section-9.2-2">
If the Registration Lifetime is of a long duration,
an implementation might be configured to reassess the availability of the
Registering Node at a lower period, using a NUD procedure as specified in
<xref target="RFC7048" format="default" sectionFormat="of" derivedContent="R
FC7048"/>. If the NUD procedure fails, the Binding <bcp14>SHOULD</bcp14> be
placed in Stale state immediately.
</t>
<t indent="0" pn="section-9.2-3">
For a Binding in Reachable state:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-9
.2-4">
<li pn="section-9.2-4.1">
The Binding <bcp14>MUST</bcp14> be removed if an NA or an NS(DAD) messag
e is received
over the backbone for the Registered Address and contains an EARO that
indicates a fresher registration <xref target="RFC8505" format="default"
sectionFormat="of" derivedContent="RFC8505"/> for the same
Registered Node (i.e., same ROVR but fresher TID).
A status code of 4 ("Removed") is returned in an asynchronous NA(EARO) t
o the
Registering Node.
Based on configuration, an implementation may delay this operation by a
timer with a short setting, e.g., a few seconds to a minute, in order
to allow for a parallel registration to reach this node, in which case
the NA might be ignored.
</li>
<li pn="section-9.2-4.2"> NS(DAD) and NA messages containing an EARO t
hat indicates a
registration for the same Registered Node that is not as fresh as this
Binding <bcp14>MUST</bcp14> be answered with an NA message containing an
EARO with a
status code of 3 ("Moved").
</li>
<li pn="section-9.2-4.3"> An NS(DAD) with no EARO or with an EARO that
indicates a duplicate
registration (i.e., different ROVR) <bcp14>MUST</bcp14> be answered with
an NA message
containing an EARO with a status code of 1 ("Duplicate Address") and the
Override flag
not set, unless the received message is an NA that carries an
EARO with a status code of 1 ("Duplicate Address"), in which case the nod
e refrains from answering.
</li>
<li pn="section-9.2-4.4"> Other NS(DAD) and NA messages from the backb
one are ignored.
</li>
<li pn="section-9.2-4.5"> NS(Lookup) and NS(NUD) messages <bcp14>SHOUL
D</bcp14> be answered with
an NA message containing an EARO with a status code of 0
("Success") and the Override
flag not set. The 6BBR <bcp14>MAY</bcp14> check whether
the Registering Node is still available using a NUD procedure over the
LLN prior to answering;
this behavior depends on the use case and is subject to configuration.
</li>
</ul>
<t indent="0" pn="section-9.2-5"> When the Registration Lifetime timer e
lapses, the Binding is placed in
Stale state for a duration of STALE_DURATION (<xref target="const" forma
t="default" sectionFormat="of" derivedContent="Section 12"/>).
</t>
</section>
<section anchor="stale" numbered="true" removeInRFC="false" toc="include"
pn="section-9.3">
<name slugifiedName="name-operations-on-a-binding-in-s">Operations on a
Binding in Stale State</name>
<t indent="0" pn="section-9.3-1">
The Stale state enables tracking of the backbone peers that have a
NCE pointing to this 6BBR in case the Registered Address shows up later.
</t>
<t indent="0" pn="section-9.3-2">
If the Registered Address is claimed by another 6LN on the backbone, with an
NS(DAD) or an NA, the 6BBR does not defend the address.
</t>
<t indent="0" pn="section-9.3-3">
For a Binding in Stale state:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-9
.3-4">
<li pn="section-9.3-4.1">
The Binding <bcp14>MUST</bcp14> be removed if an NA or an NS(DAD) message
is received
over the backbone for the Registered Address with no EARO or with
an EARO that indicates either a fresher registration for the same
Registered Node or a duplicate registration.
A status code of 4 ("Removed") <bcp14>MAY</bcp14> be returned in an asyn
chronous NA(EARO) to
the Registering Node.
</li>
<li pn="section-9.3-4.2"> NS(DAD) and NA messages containing an EARO t
hat indicates a
registration for the same Registered Node that is not as fresh as this
<bcp14>MUST</bcp14> be answered with an NA message containing an EARO wi
th a
status code of 3 ("Moved").
</li>
<li pn="section-9.3-4.3"> If the 6BBR receives an NS(Lookup) or an NS(
NUD) message for the
Registered Address, the 6BBR <bcp14>MUST</bcp14> attempt a NUD procedure
as specified
in <xref target="RFC7048" format="default" sectionFormat="of" derivedCon
tent="RFC7048"/> to the Registering Node, targeting
the Registered Address, prior to answering. If the NUD procedure
succeeds, the operation in Reachable state applies. If the NUD fails,
the 6BBR refrains from answering. </li>
<li pn="section-9.3-4.4"> Other NS(DAD) and NA messages from the backb
one are ignored.
</li>
</ul>
<t indent="0" pn="section-9.3-5"> When the STALE_DURATION (<xref target=
"const" format="default" sectionFormat="of" derivedContent="Section 12"/>) timer
elapses, the
Binding <bcp14>MUST</bcp14> be removed.
</t>
</section>
</section>
<section anchor="lln_proxy" numbered="true" removeInRFC="false" toc="include
" pn="section-10">
<name slugifiedName="name-registering-node-considerat">Registering Node Co
nsiderations</name>
<t indent="0" pn="section-10-1">
A Registering Node <bcp14>MUST</bcp14> implement <xref target="RFC8505" f
ormat="default" sectionFormat="of" derivedContent="RFC8505"/> in order to
interact with a 6BBR (which acts as a Routing Registrar). Following
<xref target="RFC8505" format="default" sectionFormat="of" derivedContent="R
FC8505"/>, the Registering Node signals that it requires IPv6
ND proxy services from a 6BBR by registering the corresponding IPv6 address
using an NS(EARO) message with the R flag set.
</t>
<t indent="0" pn="section-10-2">
The Registering Node may be the 6LN owning the IPv6 address or a 6LBR tha
t
performs the registration on its behalf in a route-over mesh.
</t>
<t indent="0" pn="section-10-3">
A 6LN <bcp14>MUST</bcp14> register all of its IPv6 addresses to its 6LR,
which is the 6BBR when they are connected at Layer 2. Failure to register an
address may result in the address being unreachable by other parties. Thi
s
would happen, for instance, if the 6BBR propagates the NS(Lookup) from the b
ackbone only to the LLN nodes that do not register their addresses.
</t>
<t indent="0" pn="section-10-4">
The Registering Node <bcp14>MUST</bcp14> refrain from using multicast NS(Loo
kup) when the
destination is not known as on-link, e.g., if the prefix is advertised
in a PIO with the L flag not set. In that case, the Registering
Node sends its packets directly to its 6LR.
</t>
<t indent="0" pn="section-10-5">
The Registering Node <bcp14>SHOULD</bcp14> also follow <xref target="RFC7
772" format="default" sectionFormat="of" derivedContent="RFC7772">BCP 202</xref>
in order to
limit the use of multicast RAs. It <bcp14>SHOULD</bcp14> also implement
"Simple Procedures for Detecting Network Attachment
in IPv6" <xref target="RFC6059" format="default" sectionFormat="of" derivedC
ontent="RFC6059"/> (DNA procedures) to detect movements and
support
"Packet-Loss Resiliency for Router Solicitations" <xref target="RFC7559"
format="default" sectionFormat="of" derivedContent="RFC7559"/> in order to
improve reliability for the unicast RS messages.
</t>
</section>
<section anchor="sec" numbered="true" removeInRFC="false" toc="include" pn="
section-11">
<name slugifiedName="name-security-considerations">Security Considerations
</name>
<t indent="0" pn="section-11-1">
The procedures in this document modify the mechanisms used for IPv6 ND
and DAD and should not affect other aspects of IPv6 or
higher-level-protocol operation. As such, the main classes of attacks
that are in play are those that work to block Neighbor Discovery or to
forcibly claim an address that another node is attempting to use. In the
absence of cryptographic protection at higher layers, the latter class of
attacks can have significant consequences, with the attacker being able
to read all the "stolen" traffic that was directed to the target of the
attack.
</t>
<t indent="0" pn="section-11-2">
This specification applies to LLNs and a backbone in which the individual
links are protected against rogue access on the LLN by authenticating a node th
at attaches to the network and encrypting the transmissions at the link layer an
d on the backbone side, using the physical security and access control measures
that are typically applied there; thus, packets may neither be forged nor overhe
ard.
</t>
<t indent="0" pn="section-11-3">
In particular, the LLN link layer is required to provide secure unicast t
o/from the
Backbone Router and secure broadcast from the routers
in a way that prevents tampering with or replaying the ND messages.
</t>
<t indent="0" pn="section-11-4">
For the IPv6 ND operation over the backbone, and unless the classical ND
is disabled (e.g., by configuration), the classical ND messages are
interpreted as emitted by the address owner and have precedence over the
6BBR that is only a proxy.
</t>
<t indent="0" pn="section-11-5">
As a result, the security threats that are
detailed in <xref target="RFC4861" sectionFormat="of" section="11.1" format=
"default" derivedLink="https://rfc-editor.org/rfc/rfc4861#section-11.1" derivedC
ontent="RFC4861"/> fully apply to this
specification as well. In short:
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-11-
6">
<li pn="section-11-6.1">
Any node that can send a packet on the backbone can take over any address,
including addresses of LLN nodes, by
claiming it with an NA message and the Override bit set. This means that the
real owner will stop receiving its packets.
</li>
<li pn="section-11-6.2">
Any node that can send a packet on the backbone can forge traffic and
pretend it is issued from an address that it does not own, even if it did
not claim the address using ND.
</li>
<li pn="section-11-6.3">
Any node that can send a packet on the backbone can present itself as a
preferred router to intercept all traffic outgoing on the subnet. It may eve
n
expose a prefix on the subnet as "not-on-link" and intercept all the traffic
within the subnet.
</li>
<li pn="section-11-6.4">If the rogue can receive a packet from the backb
one, it can also snoop
all the intercepted traffic, by stealing an address or the role of a
router.
</li>
</ul>
<t indent="0" pn="section-11-7">
This means that any rogue access to the backbone must be prevented
at all times, and nodes that are attached to the backbone must be fully
trusted / never compromised.
</t>
<t indent="0" pn="section-11-8">
Using address registration as the sole ND mechanism on a link and coupling
it with <xref target="RFC8928" format="default" sectionFormat="of" derivedCo
ntent="RFC8928"/> guarantees the ownership of a Registered Address within that l
ink.
</t>
<ul bare="false" empty="false" indent="3" spacing="normal" pn="section-11-
9">
<li pn="section-11-9.1">
The protection is based on a proof of ownership encoded in the ROVR field, a
nd it protects against address theft and impersonation by a 6LN, because the 6LR
can challenge the Registered Node for a proof of ownership.
</li>
<li pn="section-11-9.2">
The protection extends to the full LLN in the case of an LLN link, but it do
es not extend over the backbone since the 6BBR cannot provide the proof of owner
ship
when it defends the address.
</li>
</ul>
<t indent="0" pn="section-11-10">
A possible attack over the backbone can be done by sending an NS with
an EARO and expecting the NA(EARO) back to contain the TID and ROVR
fields of the existing state. With that information, the attacker can
easily increase the TID and take over the Binding.
</t>
<t indent="0" pn="section-11-11">
If the classical ND is disabled on the backbone and the use of <xref target=
"RFC8928" format="default" sectionFormat="of" derivedContent="RFC8928"/> and a 6
LBR are mandated, the network will benefit from
the following new advantages:
</t>
<dl indent="3" newline="false" spacing="normal" pn="section-11-12">
<dt pn="section-11-12.1">Zero-trust security for ND flows within the who
le subnet:</dt>
<dd pn="section-11-12.2">
the increased security that <xref target="RFC8928" format="default" sectionF
ormat="of" derivedContent="RFC8928"/> provides on the LLN will also apply to the
backbone; it becomes impossible for an attached node to claim an address that b
elongs to another node using ND, and the network can filter packets that are not
originated by the owner of the source address (Source Address Validation Improv
ement (SAVI)), as long as the routers are known and trusted.
</dd>
<dt pn="section-11-12.3">Remote ND DoS attack avoidance:</dt>
<dd pn="section-11-12.4">the complete list of addresses in the network w
ill be known to the 6LBR and available to the default router; with that informat
ion, the router does not need to send a multicast NS(Lookup) in case of a Neighb
or Cache miss for an incoming packet, which is a source of remote DoS attack aga
inst the network.
</dd>
<dt pn="section-11-12.5">Less IPv6 ND-related multicast on the backbone:
</dt>
<dd pn="section-11-12.6">
DAD and NS(Lookup) become unicast queries to the 6LBR.
</dd>
<dt pn="section-11-12.7">Better DAD operation on wireless:</dt>
<dd pn="section-11-12.8">
DAD has been found to fail to detect duplications on large Wi-Fi infrastruct
ures due to the unreliable broadcast operation on wireless; using a 6LBR enables
a unicast lookup.
</dd>
<dt pn="section-11-12.9">Less Layer 2 churn on the backbone:</dt>
<dd pn="section-11-12.10">
Using the Routing Proxy approach, the link-layer address of the LLN devices
and their mobility are not visible in the backbone; only the link-Layer addresse
s of the 6BBR and backbone nodes are visible at Layer 2 on the backbone. This is
mandatory for LLNs that cannot be bridged on the backbone and useful in any cas
e to scale down, stabilize the forwarding tables at Layer 2, and avoid the gratu
itous frames that are typically broadcasted to fix the transparent bridging tabl
es when a wireless node roams from an AP to the next.
</dd>
</dl>
<t indent="0" pn="section-11-13">
This specification introduces a 6BBR that is a router on the path of the LLN
traffic and a 6LBR that is used for the lookup. They could be interesting
targets for an attacker. A compromised 6BBR can accept a registration but
block the traffic or refrain from proxying. A compromised 6LBR may
unduly accept the transfer of ownership of an address or block a newcomer by
faking that its address is a duplicate. But those attacks are possible
in a classical network from a compromised default router and a DHCP
server, respectively, and can be prevented using the same methods.
</t>
<t indent="0" pn="section-11-14">
A possible attack over the LLN can still be done by compromising a 6LR.
A compromised 6LR may modify the ROVR of EDAR messages in flight and transfe
r
the ownership of the Registered Address to itself or a tier. It may also cla
im
that a ROVR was validated when it really wasn't and reattribute an address
to itself or to an attached 6LN. This means that 6LRs, as well as 6LBRs and
6BBRS, must still be fully trusted / never compromised.
</t>
<t indent="0" pn="section-11-15">
This specification mandates checking on the 6LBR on the backbone before doin
g
the classical DAD, in case the address already exists. This may delay the DA
D
operation and should be protected by a short timer, in the order of 100 ms o
r
less, which will only represent a small extra delay versus the 1 s wait of t
he
DAD operation.
</t>
</section>
<section anchor="const" numbered="true" removeInRFC="false" toc="include" pn
="section-12">
<name slugifiedName="name-protocol-constants">Protocol Constants</name>
<t indent="0" pn="section-12-1">
This specification uses the following constants:
</t>
<dl indent="3" newline="false" spacing="normal" pn="section-12-2">
<dt pn="section-12-2.1">TENTATIVE_DURATION:</dt>
<dd pn="section-12-2.2">800 milliseconds</dd>
</dl>
<t indent="0" pn="section-12-3">
In LLNs with long-lived addresses such as Low-Power WAN (LPWANs), STALE_D
URATION
<bcp14>SHOULD</bcp14> be configured with a relatively long value to cover
an interval when the address may be reused and before it is safe to expect that
the address was definitively released. A good default value is 24 hours.
In LLNs where addresses are renewed rapidly, e.g., for privacy reasons,
STALE_DURATION <bcp14>SHOULD</bcp14> be configured with a relatively shor
ter value -- 5 minutes by default.
</t>
</section>
<section numbered="true" removeInRFC="false" toc="include" pn="section-13">
<name slugifiedName="name-iana-considerations">IANA Considerations</name>
<t indent="0" pn="section-13-1"> This document has no IANA actions.</t>
</section>
</middle>
<back>
<displayreference target="I-D.yourtchenko-6man-dad-issues" to="DAD-ISSUES"/>
<displayreference target="I-D.nordmark-6man-dad-approaches" to="DAD-APPROACH
ES"/>
<displayreference target="I-D.ietf-6man-rs-refresh" to="RS-REFRESH"/>
<displayreference target="I-D.ietf-mboned-ieee802-mcast-problems" to="MCAST-
PROBLEMS"/>
<displayreference target="I-D.bi-savi-wlan" to="SAVI-WLAN"/>
<displayreference target="I-D.thubert-6lo-unicast-lookup" to="UNICAST-LOOKUP
"/>
<displayreference target="I-D.ietf-6tisch-architecture" to="6TiSCH"/>
<displayreference target="I-D.ietf-rift-rift" to="RIFT"/>
<displayreference target="I-D.ietf-roll-unaware-leaves" to="RPL-LEAVES"/>
<references pn="section-14">
<name slugifiedName="name-normative-references">Normative References</name
>
<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc211
9" quoteTitle="true" derivedAnchor="RFC2119">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title
>
<author initials="S." surname="Bradner" fullname="S. Bradner">
<organization showOnFrontPage="true"/>
</author>
<date year="1997" month="March"/>
<abstract>
<t indent="0">In many standards track documents several words are us
ed to signify the requirements in the specification. These words are often capi
talized. This document defines these words as they should be interpreted in IETF
documents. This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for improvements.</t
>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC4291" target="https://www.rfc-editor.org/info/rfc429
1" quoteTitle="true" derivedAnchor="RFC4291">
<front>
<title>IP Version 6 Addressing Architecture</title>
<author initials="R." surname="Hinden" fullname="R. Hinden">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Deering" fullname="S. Deering">
<organization showOnFrontPage="true"/>
</author>
<date year="2006" month="February"/>
<abstract>
<t indent="0">This specification defines the addressing architecture
of the IP Version 6 (IPv6) protocol. The document includes the IPv6 addressing
model, text representations of IPv6 addresses, definition of IPv6 unicast addre
sses, anycast addresses, and multicast addresses, and an IPv6 node's required ad
dresses.</t>
<t indent="0">This document obsoletes RFC 3513, "IP Version 6 Addres
sing Architecture". [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4291"/>
<seriesInfo name="DOI" value="10.17487/RFC4291"/>
</reference>
<reference anchor="RFC4429" target="https://www.rfc-editor.org/info/rfc442
9" quoteTitle="true" derivedAnchor="RFC4429">
<front>
<title>Optimistic Duplicate Address Detection (DAD) for IPv6</title>
<author initials="N." surname="Moore" fullname="N. Moore">
<organization showOnFrontPage="true"/>
</author>
<date year="2006" month="April"/>
<abstract>
<t indent="0">Optimistic Duplicate Address Detection is an interoper
able modification of the existing IPv6 Neighbor Discovery (RFC 2461) and Statele
ss Address Autoconfiguration (RFC 2462) processes. The intention is to minimize
address configuration delays in the successful case, to reduce disruption as fa
r as possible in the failure case, and to remain interoperable with unmodified h
osts and routers. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4429"/>
<seriesInfo name="DOI" value="10.17487/RFC4429"/>
</reference>
<reference anchor="RFC4861" target="https://www.rfc-editor.org/info/rfc486
1" quoteTitle="true" derivedAnchor="RFC4861">
<front>
<title>Neighbor Discovery for IP version 6 (IPv6)</title>
<author initials="T." surname="Narten" fullname="T. Narten">
<organization showOnFrontPage="true"/>
</author>
<author initials="E." surname="Nordmark" fullname="E. Nordmark">
<organization showOnFrontPage="true"/>
</author>
<author initials="W." surname="Simpson" fullname="W. Simpson">
<organization showOnFrontPage="true"/>
</author>
<author initials="H." surname="Soliman" fullname="H. Soliman">
<organization showOnFrontPage="true"/>
</author>
<date year="2007" month="September"/>
<abstract>
<t indent="0">This document specifies the Neighbor Discovery protoco
l for IP Version 6. IPv6 nodes on the same link use Neighbor Discovery to disco
ver each other's presence, to determine each other's link-layer addresses, to fi
nd routers, and to maintain reachability information about the paths to active n
eighbors. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4861"/>
<seriesInfo name="DOI" value="10.17487/RFC4861"/>
</reference>
<reference anchor="RFC4862" target="https://www.rfc-editor.org/info/rfc486
2" quoteTitle="true" derivedAnchor="RFC4862">
<front>
<title>IPv6 Stateless Address Autoconfiguration</title>
<author initials="S." surname="Thomson" fullname="S. Thomson">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Narten" fullname="T. Narten">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Jinmei" fullname="T. Jinmei">
<organization showOnFrontPage="true"/>
</author>
<date year="2007" month="September"/>
<abstract>
<t indent="0">This document specifies the steps a host takes in deci
ding how to autoconfigure its interfaces in IP version 6. The autoconfiguration
process includes generating a link-local address, generating global addresses v
ia stateless address autoconfiguration, and the Duplicate Address Detection proc
edure to verify the uniqueness of the addresses on a link. [STANDARDS-TRACK]</t
>
</abstract>
</front>
<seriesInfo name="RFC" value="4862"/>
<seriesInfo name="DOI" value="10.17487/RFC4862"/>
</reference>
<reference anchor="RFC6059" target="https://www.rfc-editor.org/info/rfc605
9" quoteTitle="true" derivedAnchor="RFC6059">
<front>
<title>Simple Procedures for Detecting Network Attachment in IPv6</tit
le>
<author initials="S." surname="Krishnan" fullname="S. Krishnan">
<organization showOnFrontPage="true"/>
</author>
<author initials="G." surname="Daley" fullname="G. Daley">
<organization showOnFrontPage="true"/>
</author>
<date year="2010" month="November"/>
<abstract>
<t indent="0">Detecting Network Attachment allows hosts to assess if
its existing addressing or routing configuration is valid for a newly connected
network. This document provides simple procedures for Detecting Network Attach
ment in IPv6 hosts, and procedures for routers to support such services. [STAND
ARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6059"/>
<seriesInfo name="DOI" value="10.17487/RFC6059"/>
</reference>
<reference anchor="RFC6775" target="https://www.rfc-editor.org/info/rfc677
5" quoteTitle="true" derivedAnchor="RFC6775">
<front>
<title>Neighbor Discovery Optimization for IPv6 over Low-Power Wireles
s Personal Area Networks (6LoWPANs)</title>
<author initials="Z." surname="Shelby" fullname="Z. Shelby" role="edit
or">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Chakrabarti" fullname="S. Chakrabarti">
<organization showOnFrontPage="true"/>
</author>
<author initials="E." surname="Nordmark" fullname="E. Nordmark">
<organization showOnFrontPage="true"/>
</author>
<author initials="C." surname="Bormann" fullname="C. Bormann">
<organization showOnFrontPage="true"/>
</author>
<date year="2012" month="November"/>
<abstract>
<t indent="0">The IETF work in IPv6 over Low-power Wireless Personal
Area Network (6LoWPAN) defines 6LoWPANs such as IEEE 802.15.4. This and other
similar link technologies have limited or no usage of multicast signaling due to
energy conservation. In addition, the wireless network may not strictly follow
the traditional concept of IP subnets and IP links. IPv6 Neighbor Discovery wa
s not designed for non- transitive wireless links, as its reliance on the tradit
ional IPv6 link concept and its heavy use of multicast make it inefficient and s
ometimes impractical in a low-power and lossy network. This document describes
simple optimizations to IPv6 Neighbor Discovery, its addressing mechanisms, and
duplicate address detection for Low- power Wireless Personal Area Networks and s
imilar networks. The document thus updates RFC 4944 to specify the use of the o
ptimizations defined here. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6775"/>
<seriesInfo name="DOI" value="10.17487/RFC6775"/>
</reference>
<reference anchor="RFC7048" target="https://www.rfc-editor.org/info/rfc704
8" quoteTitle="true" derivedAnchor="RFC7048">
<front>
<title>Neighbor Unreachability Detection Is Too Impatient</title>
<author initials="E." surname="Nordmark" fullname="E. Nordmark">
<organization showOnFrontPage="true"/>
</author>
<author initials="I." surname="Gashinsky" fullname="I. Gashinsky">
<organization showOnFrontPage="true"/>
</author>
<date year="2014" month="January"/>
<abstract>
<t indent="0">IPv6 Neighbor Discovery includes Neighbor Unreachabili
ty Detection. That function is very useful when a host has an alternative neighb
or -- for instance, when there are multiple default routers -- since it allows t
he host to switch to the alternative neighbor in a short time. By default, this
time is 3 seconds after the node starts probing. However, if there are no alte
rnative neighbors, this timeout behavior is far too impatient. This document sp
ecifies relaxed rules for Neighbor Discovery retransmissions that allow an imple
mentation to choose different timeout behavior based on whether or not there are
alternative neighbors. This document updates RFC 4861.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7048"/>
<seriesInfo name="DOI" value="10.17487/RFC7048"/>
</reference>
<reference anchor="RFC7559" target="https://www.rfc-editor.org/info/rfc755
9" quoteTitle="true" derivedAnchor="RFC7559">
<front>
<title>Packet-Loss Resiliency for Router Solicitations</title>
<author initials="S." surname="Krishnan" fullname="S. Krishnan">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Anipko" fullname="D. Anipko">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Thaler" fullname="D. Thaler">
<organization showOnFrontPage="true"/>
</author>
<date year="2015" month="May"/>
<abstract>
<t indent="0">When an interface on a host is initialized, the host t
ransmits Router Solicitations in order to minimize the amount of time it needs t
o wait until the next unsolicited multicast Router Advertisement is received. I
n certain scenarios, these Router Solicitations transmitted by the host might be
lost. This document specifies a mechanism for hosts to cope with the loss of t
he initial Router Solicitations.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7559"/>
<seriesInfo name="DOI" value="10.17487/RFC7559"/>
</reference>
<reference anchor="RFC7772" target="https://www.rfc-editor.org/info/rfc777
2" quoteTitle="true" derivedAnchor="RFC7772">
<front>
<title>Reducing Energy Consumption of Router Advertisements</title>
<author initials="A." surname="Yourtchenko" fullname="A. Yourtchenko">
<organization showOnFrontPage="true"/>
</author>
<author initials="L." surname="Colitti" fullname="L. Colitti">
<organization showOnFrontPage="true"/>
</author>
<date year="2016" month="February"/>
<abstract>
<t indent="0">Frequent Router Advertisement messages can severely im
pact host power consumption. This document recommends operational practices to
avoid such impact.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="202"/>
<seriesInfo name="RFC" value="7772"/>
<seriesInfo name="DOI" value="10.17487/RFC7772"/>
</reference>
<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc817
4" quoteTitle="true" derivedAnchor="RFC8174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</titl
e>
<author initials="B." surname="Leiba" fullname="B. Leiba">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="May"/>
<abstract>
<t indent="0">RFC 2119 specifies common key words that may be used i
n protocol specifications. This document aims to reduce the ambiguity by clari
fying that only UPPERCASE usage of the key words have the defined special meani
ngs.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
<reference anchor="RFC8200" target="https://www.rfc-editor.org/info/rfc820
0" quoteTitle="true" derivedAnchor="RFC8200">
<front>
<title>Internet Protocol, Version 6 (IPv6) Specification</title>
<author initials="S." surname="Deering" fullname="S. Deering">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Hinden" fullname="R. Hinden">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="July"/>
<abstract>
<t indent="0">This document specifies version 6 of the Internet Prot
ocol (IPv6). It obsoletes RFC 2460.</t>
</abstract>
</front>
<seriesInfo name="STD" value="86"/>
<seriesInfo name="RFC" value="8200"/>
<seriesInfo name="DOI" value="10.17487/RFC8200"/>
</reference>
<reference anchor="RFC8201" target="https://www.rfc-editor.org/info/rfc820
1" quoteTitle="true" derivedAnchor="RFC8201">
<front>
<title>Path MTU Discovery for IP version 6</title>
<author initials="J." surname="McCann" fullname="J. McCann">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Deering" fullname="S. Deering">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Mogul" fullname="J. Mogul">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Hinden" fullname="R. Hinden" role="edit
or">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="July"/>
<abstract>
<t indent="0">This document describes Path MTU Discovery (PMTUD) for
IP version 6. It is largely derived from RFC 1191, which describes Path MTU Dis
covery for IP version 4. It obsoletes RFC 1981.</t>
</abstract>
</front>
<seriesInfo name="STD" value="87"/>
<seriesInfo name="RFC" value="8201"/>
<seriesInfo name="DOI" value="10.17487/RFC8201"/>
</reference>
<reference anchor="RFC8505" target="https://www.rfc-editor.org/info/rfc850
5" quoteTitle="true" derivedAnchor="RFC8505">
<front>
<title>Registration Extensions for IPv6 over Low-Power Wireless Person
al Area Network (6LoWPAN) Neighbor Discovery</title>
<author initials="P." surname="Thubert" fullname="P. Thubert" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<author initials="E." surname="Nordmark" fullname="E. Nordmark">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Chakrabarti" fullname="S. Chakrabarti">
<organization showOnFrontPage="true"/>
</author>
<author initials="C." surname="Perkins" fullname="C. Perkins">
<organization showOnFrontPage="true"/>
</author>
<date year="2018" month="November"/>
<abstract>
<t indent="0">This specification updates RFC 6775 -- the Low-Power W
ireless Personal Area Network (6LoWPAN) Neighbor Discovery specification -- to c
larify the role of the protocol as a registration technique and simplify the reg
istration operation in 6LoWPAN routers, as well as to provide enhancements to th
e registration capabilities and mobility detection for different network topolog
ies, including the Routing Registrars performing routing for host routes and/or
proxy Neighbor Discovery in a low-power network.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8505"/>
<seriesInfo name="DOI" value="10.17487/RFC8505"/>
</reference>
</references>
<references pn="section-15">
<name slugifiedName="name-informative-references">Informative References</
name>
<reference anchor="I-D.ietf-6tisch-architecture" quoteTitle="true" target=
"https://tools.ietf.org/html/draft-ietf-6tisch-architecture-29" derivedAnchor="6
TiSCH">
<front>
<title>An Architecture for IPv6 over the TSCH mode of IEEE 802.15.4</t
itle>
<author fullname="Pascal Thubert">
<organization showOnFrontPage="true">Cisco Systems, Inc</organizatio
n>
</author>
<date month="August" day="27" year="2020"/>
<abstract>
<t indent="0"> This document describes a network architecture that
provides low-
latency, low-jitter and high-reliability packet delivery. It
combines a high-speed powered backbone and subnetworks using IEEE
802.15.4 time-slotted channel hopping (TSCH) to meet the requirements
of LowPower wireless deterministic applications.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-6tisch-architecture-
29"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-ie
tf-6tisch-architecture-29.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.nordmark-6man-dad-approaches" quoteTitle="true" tar
get="https://tools.ietf.org/html/draft-nordmark-6man-dad-approaches-02" derivedA
nchor="DAD-APPROACHES">
<front>
<title>Possible approaches to make DAD more robust and/or efficient</t
itle>
<author fullname="Erik Nordmark">
</author>
<date month="October" day="19" year="2015"/>
<abstract>
<t indent="0"> This outlines possible approaches to solve the issu
es around IPv6
Duplicate Address Detection robustness and/or efficiency which are
specified in the "DAD issues" dradft.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-nordmark-6man-dad-approac
hes-02"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-no
rdmark-6man-dad-approaches-02.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.yourtchenko-6man-dad-issues" quoteTitle="true" targ
et="https://tools.ietf.org/html/draft-yourtchenko-6man-dad-issues-01" derivedAnc
hor="DAD-ISSUES">
<front>
<title>A survey of issues related to IPv6 Duplicate Address Detection<
/title>
<author fullname="Andrew Yourtchenko">
</author>
<author fullname="Erik Nordmark">
</author>
<date month="March" day="3" year="2015"/>
<abstract>
<t indent="0"> This document enumerates the practical issues obser
ved with respect
to Duplicate Address Detection.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-yourtchenko-6man-dad-issu
es-01"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-yo
urtchenko-6man-dad-issues-01.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="IEEEstd80211" target="https://ieeexplore.ieee.org/docum
ent/7786995" quoteTitle="true" derivedAnchor="IEEEstd80211">
<front>
<title>IEEE Standard for Information technology--Telecommunications an
d information exchange between systems Local and metropolitan area networks--Spe
cific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physi
cal Layer (PHY) Specifications</title>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date month="December" year="2016"/>
</front>
<seriesInfo name="IEEE" value="802.11-2012"/>
<seriesInfo name="DOI" value="10.1109/ieeestd.2016.7786995"/>
</reference>
<reference anchor="IEEEstd802151" target="https://ieeexplore.ieee.org/docu
ment/1490827" quoteTitle="true" derivedAnchor="IEEEstd802151">
<front>
<title>IEEE Standard for Information technology--Local and metropolita
n area networks--Specific requirements--Part 15.1a: Wireless Medium Access Contr
ol (MAC) and Physical Layer (PHY) specifications for Wireless Personal Area Netw
orks (WPAN)</title>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date month="June" year="2005"/>
<abstract>
<t indent="0">Methods for communicating devices in a personal area n
etwork (PAN) are covered in this standard.</t>
</abstract>
</front>
<seriesInfo name="IEEE" value="802.15.1-2005"/>
<seriesInfo name="DOI" value="10.1109/ieeestd.2005.96290"/>
</reference>
<reference anchor="IEEEstd802154" target="https://ieeexplore.ieee.org/docu
ment/6012487" quoteTitle="true" derivedAnchor="IEEEstd802154">
<front>
<title>IEEE Standard for Local and metropolitan area networks--Part 15
.4: Low-Rate Wireless Personal Area Networks (LR-WPANs)</title>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date month="September" year="2011"/>
</front>
<seriesInfo name="IEEE" value="802.15.4-2011"/>
<seriesInfo name="DOI" value="10.1109/ieeestd.2011.6012487"/>
</reference>
<reference anchor="IEEEstd8021Q" target="https://ieeexplore.ieee.org/docum
ent/8403927" quoteTitle="true" derivedAnchor="IEEEstd8021Q">
<front>
<title>IEEE Standard for Local and Metropolitan Area Networks--Bridges
and Bridged Networks</title>
<author>
<organization showOnFrontPage="true">IEEE</organization>
</author>
<date month="July" year="2018"/>
</front>
<seriesInfo name="IEEE" value="802.1Q-2018"/>
<seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8403927"/>
</reference>
<reference anchor="I-D.ietf-mboned-ieee802-mcast-problems" quoteTitle="tru
e" target="https://tools.ietf.org/html/draft-ietf-mboned-ieee802-mcast-problems-
12" derivedAnchor="MCAST-PROBLEMS">
<front>
<title>Multicast Considerations over IEEE 802 Wireless Media</title>
<author fullname="Charles E. Perkins">
<organization showOnFrontPage="true">Blue Meadow Networks</organizat
ion>
</author>
<author fullname="Mike McBride">
<organization showOnFrontPage="true">Futurewei Technologies Inc.</or
ganization>
</author>
<author fullname="Dorothy Stanley">
<organization showOnFrontPage="true">Hewlett Packard Enterprise</org
anization>
</author>
<author fullname="Warren Kumari">
<organization showOnFrontPage="true">Google</organization>
</author>
<author fullname="Juan Carlos Zuniga">
<organization showOnFrontPage="true">SIGFOX</organization>
</author>
<date month="October" day="26" year="2020"/>
<abstract>
<t indent="0"> Well-known issues with multicast have prevented the
deployment of
multicast in 802.11 (wifi) and other local-area wireless
environments. This document describes the problems of known
limitations with wireless (primarily 802.11) Layer-2 multicast. Also
described are certain multicast enhancement features that have been
specified by the IETF, and by IEEE 802, for wireless media, as well
as some operational choices that can be taken to improve the
performance of the network. Finally, some recommendations are
provided about the usage and combination of these features and
operational choices.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-mboned-ieee802-mcast
-problems-12"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-ie
tf-mboned-ieee802-mcast-problems-12.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="RFC4271" target="https://www.rfc-editor.org/info/rfc427
1" quoteTitle="true" derivedAnchor="RFC4271">
<front>
<title>A Border Gateway Protocol 4 (BGP-4)</title>
<author initials="Y." surname="Rekhter" fullname="Y. Rekhter" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<author initials="T." surname="Li" fullname="T. Li" role="editor">
<organization showOnFrontPage="true"/>
</author>
<author initials="S." surname="Hares" fullname="S. Hares" role="editor
">
<organization showOnFrontPage="true"/>
</author>
<date year="2006" month="January"/>
<abstract>
<t indent="0">This document discusses the Border Gateway Protocol (B
GP), which is an inter-Autonomous System routing protocol.</t>
<t indent="0">The primary function of a BGP speaking system is to ex
change network reachability information with other BGP systems. This network re
achability information includes information on the list of Autonomous Systems (A
Ses) that reachability information traverses. This information is sufficient for
constructing a graph of AS connectivity for this reachability from which routin
g loops may be pruned, and, at the AS level, some policy decisions may be enforc
ed.</t>
<t indent="0">BGP-4 provides a set of mechanisms for supporting Clas
sless Inter-Domain Routing (CIDR). These mechanisms include support for adverti
sing a set of destinations as an IP prefix, and eliminating the concept of netwo
rk "class" within BGP. BGP-4 also introduces mechanisms that allow aggregation
of routes, including aggregation of AS paths.</t>
<t indent="0">This document obsoletes RFC 1771. [STANDARDS-TRACK]</
t>
</abstract>
</front>
<seriesInfo name="RFC" value="4271"/>
<seriesInfo name="DOI" value="10.17487/RFC4271"/>
</reference>
<reference anchor="RFC4389" target="https://www.rfc-editor.org/info/rfc438
9" quoteTitle="true" derivedAnchor="RFC4389">
<front>
<title>Neighbor Discovery Proxies (ND Proxy)</title>
<author initials="D." surname="Thaler" fullname="D. Thaler">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Talwar" fullname="M. Talwar">
<organization showOnFrontPage="true"/>
</author>
<author initials="C." surname="Patel" fullname="C. Patel">
<organization showOnFrontPage="true"/>
</author>
<date year="2006" month="April"/>
<abstract>
<t indent="0">Bridging multiple links into a single entity has sever
al operational advantages. A single subnet prefix is sufficient to support mult
iple physical links. There is no need to allocate subnet numbers to the differe
nt networks, simplifying management. Bridging some types of media requires netwo
rk-layer support, however. This document describes these cases and specifies th
e IP-layer support that enables bridging under these circumstances. This memo d
efines an Experimental Protocol for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4389"/>
<seriesInfo name="DOI" value="10.17487/RFC4389"/>
</reference>
<reference anchor="RFC4903" target="https://www.rfc-editor.org/info/rfc490
3" quoteTitle="true" derivedAnchor="RFC4903">
<front>
<title>Multi-Link Subnet Issues</title>
<author initials="D." surname="Thaler" fullname="D. Thaler">
<organization showOnFrontPage="true"/>
</author>
<date year="2007" month="June"/>
<abstract>
<t indent="0">There have been several proposals around the notion th
at a subnet may span multiple links connected by routers. This memo documents t
he issues and potential problems that have been raised with such an approach. T
his memo provides information for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4903"/>
<seriesInfo name="DOI" value="10.17487/RFC4903"/>
</reference>
<reference anchor="RFC5340" target="https://www.rfc-editor.org/info/rfc534
0" quoteTitle="true" derivedAnchor="RFC5340">
<front>
<title>OSPF for IPv6</title>
<author initials="R." surname="Coltun" fullname="R. Coltun">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Ferguson" fullname="D. Ferguson">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Moy" fullname="J. Moy">
<organization showOnFrontPage="true"/>
</author>
<author initials="A." surname="Lindem" fullname="A. Lindem">
<organization showOnFrontPage="true"/>
</author>
<date year="2008" month="July"/>
<abstract>
<t indent="0">This document describes the modifications to OSPF to s
upport version 6 of the Internet Protocol (IPv6). The fundamental mechanisms of
OSPF (flooding, Designated Router (DR) election, area support, Short Path First
(SPF) calculations, etc.) remain unchanged. However, some changes have been ne
cessary, either due to changes in protocol semantics between IPv4 and IPv6, or s
imply to handle the increased address size of IPv6. These modifications will ne
cessitate incrementing the protocol version from version 2 to version 3. OSPF f
or IPv6 is also referred to as OSPF version 3 (OSPFv3).</t>
<t indent="0">Changes between OSPF for IPv4, OSPF Version 2, and OSP
F for IPv6 as described herein include the following. Addressing semantics have
been removed from OSPF packets and the basic Link State Advertisements (LSAs).
New LSAs have been created to carry IPv6 addresses and prefixes. OSPF now runs
on a per-link basis rather than on a per-IP-subnet basis. Flooding scope for L
SAs has been generalized. Authentication has been removed from the OSPF protoco
l and instead relies on IPv6's Authentication Header and Encapsulating Security
Payload (ESP).</t>
<t indent="0">Even with larger IPv6 addresses, most packets in OSPF
for IPv6 are almost as compact as those in OSPF for IPv4. Most fields and packe
t- size limitations present in OSPF for IPv4 have been relaxed. In addition, op
tion handling has been made more flexible.</t>
<t indent="0">All of OSPF for IPv4's optional capabilities, includin
g demand circuit support and Not-So-Stubby Areas (NSSAs), are also supported in
OSPF for IPv6. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5340"/>
<seriesInfo name="DOI" value="10.17487/RFC5340"/>
</reference>
<reference anchor="RFC5415" target="https://www.rfc-editor.org/info/rfc541
5" quoteTitle="true" derivedAnchor="RFC5415">
<front>
<title>Control And Provisioning of Wireless Access Points (CAPWAP) Pro
tocol Specification</title>
<author initials="P." surname="Calhoun" fullname="P. Calhoun" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<author initials="M." surname="Montemurro" fullname="M. Montemurro" ro
le="editor">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Stanley" fullname="D. Stanley" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<date year="2009" month="March"/>
<abstract>
<t indent="0">This specification defines the Control And Provisionin
g of Wireless Access Points (CAPWAP) Protocol, meeting the objectives defined by
the CAPWAP Working Group in RFC 4564. The CAPWAP protocol is designed to be fl
exible, allowing it to be used for a variety of wireless technologies. This doc
ument describes the base CAPWAP protocol, while separate binding extensions will
enable its use with additional wireless technologies. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5415"/>
<seriesInfo name="DOI" value="10.17487/RFC5415"/>
</reference>
<reference anchor="RFC6275" target="https://www.rfc-editor.org/info/rfc627
5" quoteTitle="true" derivedAnchor="RFC6275">
<front>
<title>Mobility Support in IPv6</title>
<author initials="C." surname="Perkins" fullname="C. Perkins" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Johnson" fullname="D. Johnson">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Arkko" fullname="J. Arkko">
<organization showOnFrontPage="true"/>
</author>
<date year="2011" month="July"/>
<abstract>
<t indent="0">This document specifies Mobile IPv6, a protocol that a
llows nodes to remain reachable while moving around in the IPv6 Internet. Each
mobile node is always identified by its home address, regardless of its current
point of attachment to the Internet. While situated away from its home, a mobil
e node is also associated with a care-of address, which provides information abo
ut the mobile node's current location. IPv6 packets addressed to a mobile node'
s home address are transparently routed to its care-of address. The protocol en
ables IPv6 nodes to cache the binding of a mobile node's home address with its c
are-of address, and to then send any packets destined for the mobile node direct
ly to it at this care-of address. To support this operation, Mobile IPv6 define
s a new IPv6 protocol and a new destination option. All IPv6 nodes, whether mob
ile or stationary, can communicate with mobile nodes. This document obsoletes R
FC 3775. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6275"/>
<seriesInfo name="DOI" value="10.17487/RFC6275"/>
</reference>
<reference anchor="RFC6550" target="https://www.rfc-editor.org/info/rfc655
0" quoteTitle="true" derivedAnchor="RFC6550">
<front>
<title>RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks</ti
tle>
<author initials="T." surname="Winter" fullname="T. Winter" role="edit
or">
<organization showOnFrontPage="true"/>
</author>
<author initials="P." surname="Thubert" fullname="P. Thubert" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<author initials="A." surname="Brandt" fullname="A. Brandt">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Hui" fullname="J. Hui">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Kelsey" fullname="R. Kelsey">
<organization showOnFrontPage="true"/>
</author>
<author initials="P." surname="Levis" fullname="P. Levis">
<organization showOnFrontPage="true"/>
</author>
<author initials="K." surname="Pister" fullname="K. Pister">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Struik" fullname="R. Struik">
<organization showOnFrontPage="true"/>
</author>
<author initials="JP." surname="Vasseur" fullname="JP. Vasseur">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Alexander" fullname="R. Alexander">
<organization showOnFrontPage="true"/>
</author>
<date year="2012" month="March"/>
<abstract>
<t indent="0">Low-Power and Lossy Networks (LLNs) are a class of net
work in which both the routers and their interconnect are constrained. LLN rout
ers typically operate with constraints on processing power, memory, and energy (
battery power). Their interconnects are characterized by high loss rates, low d
ata rates, and instability. LLNs are comprised of anything from a few dozen to
thousands of routers. Supported traffic flows include point-to-point (between d
evices inside the LLN), point-to-multipoint (from a central control point to a s
ubset of devices inside the LLN), and multipoint-to-point (from devices inside t
he LLN towards a central control point). This document specifies the IPv6 Routi
ng Protocol for Low-Power and Lossy Networks (RPL), which provides a mechanism w
hereby multipoint-to-point traffic from devices inside the LLN towards a central
control point as well as point-to-multipoint traffic from the central control p
oint to the devices inside the LLN are supported. Support for point-to-point tr
affic is also available. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6550"/>
<seriesInfo name="DOI" value="10.17487/RFC6550"/>
</reference>
<reference anchor="RFC6606" target="https://www.rfc-editor.org/info/rfc660
6" quoteTitle="true" derivedAnchor="RFC6606">
<front>
<title>Problem Statement and Requirements for IPv6 over Low-Power Wire
less Personal Area Network (6LoWPAN) Routing</title>
<author initials="E." surname="Kim" fullname="E. Kim">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Kaspar" fullname="D. Kaspar">
<organization showOnFrontPage="true"/>
</author>
<author initials="C." surname="Gomez" fullname="C. Gomez">
<organization showOnFrontPage="true"/>
</author>
<author initials="C." surname="Bormann" fullname="C. Bormann">
<organization showOnFrontPage="true"/>
</author>
<date year="2012" month="May"/>
<abstract>
<t indent="0">IPv6 over Low-Power Wireless Personal Area Networks (6
LoWPANs) are formed by devices that are compatible with the IEEE 802.15.4 standa
rd. However, neither the IEEE 802.15.4 standard nor the 6LoWPAN format specific
ation defines how mesh topologies could be obtained and maintained. Thus, it sh
ould be considered how 6LoWPAN formation and multi-hop routing could be supporte
d.</t>
<t indent="0">This document provides the problem statement and desig
n space for 6LoWPAN routing. It defines the routing requirements for 6LoWPANs,
considering the low-power and other particular characteristics of the devices an
d links. The purpose of this document is not to recommend specific solutions bu
t to provide general, layer-agnostic guidelines about the design of 6LoWPAN rout
ing that can lead to further analysis and protocol design. This document is int
ended as input to groups working on routing protocols relevant to 6LoWPANs, such
as the IETF ROLL WG. This document is not an Internet Standards Track specific
ation; it is published for informational purposes.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6606"/>
<seriesInfo name="DOI" value="10.17487/RFC6606"/>
</reference>
<reference anchor="RFC6830" target="https://www.rfc-editor.org/info/rfc683
0" quoteTitle="true" derivedAnchor="RFC6830">
<front>
<title>The Locator/ID Separation Protocol (LISP)</title>
<author initials="D." surname="Farinacci" fullname="D. Farinacci">
<organization showOnFrontPage="true"/>
</author>
<author initials="V." surname="Fuller" fullname="V. Fuller">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Meyer" fullname="D. Meyer">
<organization showOnFrontPage="true"/>
</author>
<author initials="D." surname="Lewis" fullname="D. Lewis">
<organization showOnFrontPage="true"/>
</author>
<date year="2013" month="January"/>
<abstract>
<t indent="0">This document describes a network-layer-based protocol
that enables separation of IP addresses into two new numbering spaces: Endpoint
Identifiers (EIDs) and Routing Locators (RLOCs). No changes are required to ei
ther host protocol stacks or to the "core" of the Internet infrastructure. The
Locator/ID Separation Protocol (LISP) can be incrementally deployed, without a "
flag day", and offers Traffic Engineering, multihoming, and mobility benefits to
early adopters, even when there are relatively few LISP-capable sites.</t>
<t indent="0">Design and development of LISP was largely motivated b
y the problem statement produced by the October 2006 IAB Routing and Addressing
Workshop. This document defines an Experimental Protocol for the Internet commu
nity.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="6830"/>
<seriesInfo name="DOI" value="10.17487/RFC6830"/>
</reference>
<reference anchor="RFC7432" target="https://www.rfc-editor.org/info/rfc743
2" quoteTitle="true" derivedAnchor="RFC7432">
<front>
<title>BGP MPLS-Based Ethernet VPN</title>
<author initials="A." surname="Sajassi" fullname="A. Sajassi" role="ed
itor">
<organization showOnFrontPage="true"/>
</author>
<author initials="R." surname="Aggarwal" fullname="R. Aggarwal">
<organization showOnFrontPage="true"/>
</author>
<author initials="N." surname="Bitar" fullname="N. Bitar">
<organization showOnFrontPage="true"/>
</author>
<author initials="A." surname="Isaac" fullname="A. Isaac">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Uttaro" fullname="J. Uttaro">
<organization showOnFrontPage="true"/>
</author>
<author initials="J." surname="Drake" fullname="J. Drake">
<organization showOnFrontPage="true"/>
</author>
<author initials="W." surname="Henderickx" fullname="W. Henderickx">
<organization showOnFrontPage="true"/>
</author>
<date year="2015" month="February"/>
<abstract>
<t indent="0">This document describes procedures for BGP MPLS-based
Ethernet VPNs (EVPN). The procedures described here meet the requirements speci
fied in RFC 7209 -- "Requirements for Ethernet VPN (EVPN)".</t>
</abstract>
</front>
<seriesInfo name="RFC" value="7432"/>
<seriesInfo name="DOI" value="10.17487/RFC7432"/>
</reference>
<reference anchor="RFC8273" target="https://www.rfc-editor.org/info/rfc827
3" quoteTitle="true" derivedAnchor="RFC8273">
<front>
<title>Unique IPv6 Prefix per Host</title>
<author initials="J." surname="Brzozowski" fullname="J. Brzozowski">
<organization showOnFrontPage="true"/>
</author>
<author initials="G." surname="Van de Velde" fullname="G. Van de Velde
">
<organization showOnFrontPage="true"/>
</author>
<date year="2017" month="December"/>
<abstract>
<t indent="0">This document outlines an approach utilizing existing
IPv6 protocols to allow hosts to be assigned a unique IPv6 prefix (instead of a
unique IPv6 address from a shared IPv6 prefix). Benefits of using a unique IPv6
prefix over a unique service-provider IPv6 address include improved host isolat
ion and enhanced subscriber management on shared network segments.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="8273"/>
<seriesInfo name="DOI" value="10.17487/RFC8273"/>
</reference>
<reference anchor="RFC8928" target="https://www.rfc-editor.org/info/rfc892
8" quoteTitle="true" derivedAnchor="RFC8928">
<front>
<title>Address-Protected Neighbor Discovery for Low-Power and Lossy Ne
tworks</title>
<author initials="P" surname="Thubert" fullname="Pascal Thubert" role=
"editor">
<organization showOnFrontPage="true"/>
</author>
<author initials="B" surname="Sarikaya" fullname="Behcet Sarikaya">
<organization showOnFrontPage="true"/>
</author>
<author initials="M" surname="Sethi" fullname="Mohit Sethi">
<organization showOnFrontPage="true"/>
</author>
<author initials="R" surname="Struik" fullname="Rene Struik">
<organization showOnFrontPage="true"/>
</author>
<date month="November" year="2020"/>
</front>
<seriesInfo name="RFC" value="8928"/>
<seriesInfo name="DOI" value="10.17487/RFC8928"/>
</reference>
<reference anchor="I-D.ietf-rift-rift" quoteTitle="true" target="https://t
ools.ietf.org/html/draft-ietf-rift-rift-12" derivedAnchor="RIFT">
<front>
<title>RIFT: Routing in Fat Trees</title>
<author fullname="Tony Przygienda">
<organization showOnFrontPage="true">Juniper</organization>
</author>
<author fullname="Alankar Sharma">
<organization showOnFrontPage="true">Comcast</organization>
</author>
<author fullname="Pascal Thubert">
<organization showOnFrontPage="true">Cisco Systems, Inc</organizatio
n>
</author>
<author fullname="Bruno Rijsman">
<organization showOnFrontPage="true">Individual</organization>
</author>
<author fullname="Dmitry Afanasiev">
<organization showOnFrontPage="true">Yandex</organization>
</author>
<date month="May" day="26" year="2020"/>
<abstract>
<t indent="0"> This document defines a specialized, dynamic routin
g protocol for
Clos and fat-tree network topologies optimized towards minimization
of configuration and operational complexity. The protocol
o deals with no configuration, fully automated construction of fat-
tree topologies based on detection of links,
o minimizes the amount of routing state held at each level,
o automatically prunes and load balances topology flooding exchanges
over a sufficient subset of links,
o supports automatic disaggregation of prefixes on link and node
failures to prevent black-holing and suboptimal routing,
o allows traffic steering and re-routing policies,
o allows loop-free non-ECMP forwarding,
o automatically re-balances traffic towards the spines based on
bandwidth available and finally
o provides mechanisms to synchronize a limited key-value data-store
that can be used after protocol convergence to e.g. bootstrap
higher levels of functionality on nodes.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-rift-rift-12"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-ie
tf-rift-rift-12.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.ietf-roll-unaware-leaves" quoteTitle="true" target=
"https://tools.ietf.org/html/draft-ietf-roll-unaware-leaves-23" derivedAnchor="R
PL-LEAVES">
<front>
<title>Routing for RPL Leaves</title>
<author fullname="Pascal Thubert">
<organization showOnFrontPage="true">Cisco Systems, Inc</organizatio
n>
</author>
<author fullname="Michael C. Richardson">
<organization showOnFrontPage="true">Sandelman Software Works</organ
ization>
</author>
<date month="November" day="10" year="2020"/>
<abstract>
<t indent="0"> This specification updates RFC6550, RFC6775, and RF
C8505, to provide
routing services to RPL Unaware Leaves that implement 6LoWPAN ND and
the extensions therein.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-roll-unaware-leaves-
23"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-ie
tf-roll-unaware-leaves-23.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.ietf-6man-rs-refresh" quoteTitle="true" target="htt
ps://tools.ietf.org/html/draft-ietf-6man-rs-refresh-02" derivedAnchor="RS-REFRES
H">
<front>
<title>IPv6 Neighbor Discovery Optional RS/RA Refresh</title>
<author fullname="Erik Nordmark">
</author>
<author fullname="Andrew Yourtchenko">
</author>
<author fullname="Suresh Krishnan">
</author>
<date month="October" day="31" year="2016"/>
<abstract>
<t indent="0"> IPv6 Neighbor Discovery relies on periodic multicas
t Router
Advertisement messages to update timer values and to distribute new
information (such as new prefixes) to hosts. On some links the use
of periodic multicast messages to all host becomes expensive, and in
some cases it results in hosts waking up frequently. Many
implementations of RFC 4861 also use multicast for solicited Router
Advertisement messages, even though that behavior is optional.
This specification provides an optional mechanism for hosts and
routers where instead of periodic multicast Router Advertisements the
hosts are instructed (by the routers) to use Router Solicitations to
request refreshed Router Advertisements. This mechanism is enabled
by configuring the router to include a new option in the Router
Advertisement in order to allow the network administrator to choose
host behavior based on whether periodic multicast are more efficient
on their link or not. The routers can also tell whether the hosts
are capable of the new behavior through a new flag in the Router
Solicitations.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-6man-rs-refresh-02"/
>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-ie
tf-6man-rs-refresh-02.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.bi-savi-wlan" quoteTitle="true" target="https://too
ls.ietf.org/html/draft-bi-savi-wlan-20" derivedAnchor="SAVI-WLAN">
<front>
<title>A SAVI Solution for WLAN</title>
<author fullname="Jun Bi">
<organization showOnFrontPage="true">Tsinghua University</organizati
on>
</author>
<author fullname="Jianping Wu">
<organization showOnFrontPage="true">Tsinghua University</organizati
on>
</author>
<author fullname="You Wang">
<organization showOnFrontPage="true">Tsinghua University</organizati
on>
</author>
<author fullname="Tao Lin">
<organization showOnFrontPage="true">New H3C Technologies Co. Ltd</o
rganization>
</author>
<date month="November" day="14" year="2020"/>
<abstract>
<t indent="0"> This document describes a source address validation
solution for WLAN
enabling 802.11i or other security mechanisms. This mechanism snoops
NDP and DHCP packets to bind IP address to MAC address, and relies on
the security of MAC address guaranteed by 802.11i or other mechanisms
to filter IP spoofing packets. It can work in the special situations
described in the charter of SAVI(Source Address Validation
Improvements) workgroup, such as multiple MAC addresses on one
interface. This document describes three different deployment
scenarios, with solutions for migration of binding entries when hosts
move from one access point to another.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-bi-savi-wlan-20"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-bi
-savi-wlan-20.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
<reference anchor="I-D.thubert-6lo-unicast-lookup" quoteTitle="true" targe
t="https://tools.ietf.org/html/draft-thubert-6lo-unicast-lookup-00" derivedAncho
r="UNICAST-LOOKUP">
<front>
<title>IPv6 Neighbor Discovery Unicast Lookup</title>
<author fullname="Pascal Thubert">
<organization showOnFrontPage="true">Cisco Systems, Inc</organizatio
n>
</author>
<author fullname="Eric Levy-Abegnoli">
<organization showOnFrontPage="true">Cisco Systems, Inc</organizatio
n>
</author>
<date month="January" day="25" year="2019"/>
<abstract>
<t indent="0"> This document updates RFC 8505 in order to enable u
nicast address
lookup from a 6LoWPAN Border Router acting as an Address Registrar.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-thubert-6lo-unicast-looku
p-00"/>
<format type="TXT" target="https://www.ietf.org/internet-drafts/draft-th
ubert-6lo-unicast-lookup-00.txt"/>
<refcontent>Work in Progress</refcontent>
</reference>
</references>
<section numbered="true" removeInRFC="false" toc="include" pn="section-appen
dix.a">
<name slugifiedName="name-possible-future-extensions">Possible Future Exte
nsions</name>
<t indent="0" pn="section-appendix.a-1">
With the current specification, the 6LBR is not leveraged to avoid
multicast NS(Lookup) on the backbone. This could be done by adding
a lookup procedure in the EDAR/EDAC exchange.
</t>
<t indent="0" pn="section-appendix.a-2">
By default, the specification does not have a fine-grained trust model: all
nodes that can authenticate to the LLN link layer or attach to the backbone are
equally trusted. It would be desirable to provide a stronger authorization mode
l, e.g., whereby
nodes that associate their address with a proof of ownership
<xref target="RFC8928" format="default" sectionFormat="of" derivedContent="R
FC8928"/> should be trusted more than nodes that
do not. Such a trust model and related signaling could be added in the
future to override the default operation and favor trusted nodes.
</t>
<t indent="0" pn="section-appendix.a-3">
As an alternate to the ND Proxy operation, the registration may be redistribu
ted as a
host route in a routing protocol that would operate over the backbone; this i
s already
happening in IoT networks <xref target="I-D.ietf-roll-unaware-leaves" format=
"default" sectionFormat="of" derivedContent="RPL-LEAVES"/> and Data Center Routi
ng <xref target="I-D.ietf-rift-rift" format="default" sectionFormat="of" derived
Content="RIFT"/>
and could be extended to other protocols, e.g., BGP <xref target="RFC4271" fo
rmat="default" sectionFormat="of" derivedContent="RFC4271"/> and OSPFv3 <xref ta
rget="RFC5340" format="default" sectionFormat="of" derivedContent="RFC5340"/>.
The registration may also be advertised in an overlay protocol such as Mobile
IPv6 (MIPv6) <xref target="RFC6275" format="default" sectionFormat="of" derived
Content="RFC6275"/>,
the Locator/ID Separation Protocol (LISP) <xref target="RFC6830" format="defa
ult" sectionFormat="of" derivedContent="RFC6830"/>, or Ethernet VPN (EVPN) <xref
target="RFC7432" format="default" sectionFormat="of" derivedContent="RFC7432"/>
.
</t>
</section>
<section anchor="app" numbered="true" removeInRFC="false" toc="include" pn="
section-appendix.b">
<name slugifiedName="name-applicability-and-requireme">Applicability and R
equirements Served</name>
<t indent="0" pn="section-appendix.b-1">
This document specifies ND proxy functions that can be used to
federate an IPv6 Backbone Link and multiple IPv6 LLNs into a
single MLSN. The ND proxy functions enable IPv6 ND
services for DAD and address lookup
that do not require broadcasts over the LLNs.
</t>
<t indent="0" pn="section-appendix.b-2">
The term LLN is used to cover multiple types of WLANs and WPANs,
including (Low-Power) Wi-Fi, BLUETOOTH(R) Low Energy,
IEEE Std 802.11ah and IEEE Std 802.15.4 wireless meshes, and the
types of networks listed in "Requirements Related to Various Low-Power Li
nk Types"
(see <xref target="RFC8505" sectionFormat="of" section="B.3" format="def
ault" derivedLink="https://rfc-editor.org/rfc/rfc8505#appendix-B.3" derivedConte
nt="RFC8505"/>).
</t>
<t indent="0" pn="section-appendix.b-3">
Each LLN in the subnet is attached to a 6BBR.
The Backbone Routers interconnect the LLNs and advertise the addresses
of the 6LNs over the Backbone Link using ND proxy operations.
</t>
<t indent="0" pn="section-appendix.b-4">
This specification updates IPv6 ND over the backbone to
distinguish address movement from duplication and eliminate Stale
state in the backbone routers and backbone nodes once a 6LN has
roamed. This way, mobile nodes may roam rapidly from
one 6BBR to the next, and requirements are met per "Requirements Related
to Mobility" (see
<xref target="RFC8505" sectionFormat="of" section="B.1" format="default"
derivedLink="https://rfc-editor.org/rfc/rfc8505#appendix-B.1" derivedContent="RF
C8505"/>).
</t>
<t indent="0" pn="section-appendix.b-5">
A 6LN can register its IPv6 addresses and thereby obtain ND proxy
services over the backbone, meeting the requirements
expressed in "Requirements Related to Proxy Operations" (see <xref target
="RFC8505" sectionFormat="of" section="B.4" format="default" derivedLink="https:
//rfc-editor.org/rfc/rfc8505#appendix-B.4" derivedContent="RFC8505"/>.
</t>
<t indent="0" pn="section-appendix.b-6">
The negative impact of the IPv6 ND-related broadcasts can be limited to o
ne of the federated links, enabling the number of 6LNs to grow. The Routing Prox
y operation avoids the need to expose the link-layer addresses of the 6LNs onto
the backbone, keeping the Layer 2 topology simple and stable. This meets the re
quirements in "Requirements Related to Scalability" (see <xref target="RFC8505"
sectionFormat="of" section="B.6" format="default" derivedLink="https://rfc-edito
r.org/rfc/rfc8505#appendix-B.6" derivedContent="RFC8505"/>), as long as the 6BBR
s are dimensioned for the number of registrations that each needs to support.
</t>
<t indent="0" pn="section-appendix.b-7">
In the case of a Wi-Fi access link, a 6BBR may be collocated
with the AP, a Fabric Edge (FE), or a Control and Provisioning of Wireles
s Access Points (CAPWAP)
<xref target="RFC5415" format="default" sectionFormat="of" derivedContent
="RFC5415"/> Wireless LAN Controller (WLC).
In those cases, the wireless client (STA) is the 6LN
that makes use of <xref target="RFC8505" format="default" sectionFormat="
of" derivedContent="RFC8505"/> to register its IPv6
address(es) to the 6BBR acting as the Routing Registrar. The 6LBR can be
centralized and either connected to the Backbone Link or reachable
over IP.
The 6BBR ND proxy operations eliminate the need for wireless nodes
to respond synchronously when a lookup is performed for their IPv6
addresses. This provides the function of a Sleep Proxy for ND
<xref target="I-D.nordmark-6man-dad-approaches" format="default" sectionF
ormat="of" derivedContent="DAD-APPROACHES"/>.
</t>
<t indent="0" pn="section-appendix.b-8">
For the Time-Slotted Channel Hopping (TSCH) mode of
<xref target="IEEEstd802154" format="default" sectionFormat="of" derivedC
ontent="IEEEstd802154"/>, the
6TiSCH architecture <xref target="I-D.ietf-6tisch-architecture" format="d
efault" sectionFormat="of" derivedContent="6TiSCH"/>
describes how a 6LoWPAN ND host could connect to the Internet via a
RPL mesh network, but doing so requires extensions to the 6LOWPAN ND
protocol to support mobility and reachability in a secure and
manageable environment. The extensions detailed in this document
also work for the 6TiSCH architecture, serving the requirements listed
in "Requirements Related to Routing Protocols" (see <xref target="RFC8505
" sectionFormat="of" section="B.2" format="default" derivedLink="https://rfc-edi
tor.org/rfc/rfc8505#appendix-B.2" derivedContent="RFC8505"/>).
</t>
<t indent="0" pn="section-appendix.b-9">
The registration mechanism may be seen as a more reliable alternate to
snooping <xref target="I-D.bi-savi-wlan" format="default" sectionFormat="of"
derivedContent="SAVI-WLAN"/>. Note that
registration and snooping are not mutually exclusive. Snooping may be used i
n
conjunction with the registration for nodes that do not register their IPv6
addresses.
The 6BBR assumes that if a node registers at least one IPv6 address to it,
then the node registers all of its addresses to the 6BBR.
With this assumption, the 6BBR can possibly cancel all undesirable multicast
NS messages that would otherwise have been delivered to that node.
</t>
<t indent="0" pn="section-appendix.b-10">
Scalability of the MLSN <xref target="RFC4903" format="default" sectionFo
rmat="of" derivedContent="RFC4903"/> requires
avoidance of multicast/broadcast operations as much as possible even on
the backbone <xref target="I-D.ietf-mboned-ieee802-mcast-problems" format
="default" sectionFormat="of" derivedContent="MCAST-PROBLEMS"/>.
Although hosts can connect to the backbone using IPv6 ND operations,
multicast RAs can be saved by using
<xref target="I-D.ietf-6man-rs-refresh" format="default" sectionFormat="o
f" derivedContent="RS-REFRESH"/>, which also requires the
support of <xref target="RFC7559" format="default" sectionFormat="of" der
ivedContent="RFC7559"/>.
</t>
</section>
<section anchor="acknowledgements" numbered="false" toc="include" removeInRF
C="false" pn="section-appendix.c">
<name slugifiedName="name-acknowledgments">Acknowledgments</name>
<t indent="0" pn="section-appendix.c-1">Many thanks to <contact fullname="
Dorothy Stanley"/>, <contact fullname="Thomas Watteyne"/>, and <contact fullname
="Jerome Henry"/> for their various contributions.
Also, many thanks to <contact fullname="Timothy Winters"/> and <contact full
name="Erik Nordmark"/> for their help, review, and support in preparation for th
e IESG cycle and to <contact fullname="Kyle Rose"/>, <contact fullname="Elwyn Da
vies"/>, <contact fullname="Barry Leiba"/>, <contact fullname="Mirja Kühlewind"/
>, <contact fullname="Alvaro Retana"/>, <contact fullname="Roman Danyliw"/>, and
especially <contact fullname="Dominique Barthel"/> and <contact fullname="Benja
min Kaduk"/> for their useful contributions through the IETF Last Call and IESG
process.
</t>
</section>
<section anchor="authors-addresses" numbered="false" removeInRFC="false" toc
="include" pn="section-appendix.d">
<name slugifiedName="name-authors-addresses">Authors' Addresses</name>
<author fullname="Pascal Thubert" initials="P." role="editor" surname="Thu
bert">
<organization abbrev="Cisco Systems" showOnFrontPage="true">Cisco System
s, Inc.</organization>
<address>
<postal>
<extaddr>Building D</extaddr>
<street>45 Allee des Ormes - BP1200</street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>France</country>
</postal>
<phone>+33 497 23 26 34</phone>
<email>pthubert@cisco.com</email>
</address>
</author>
<author fullname="Charles E. Perkins" initials="C.E." surname="Perkins">
<organization showOnFrontPage="true">Blue Meadow Networking</organizatio
n>
<address>
<postal>
<street/>
<city>Saratoga</city>
<region>CA</region>
<code>95070</code>
<country>United States of America</country>
</postal>
<phone/>
<email>charliep@computer.org</email>
</address>
</author>
<author fullname="Eric Levy-Abegnoli" initials="E." surname="Levy-Abegnoli
">
<organization abbrev="Cisco Systems" showOnFrontPage="true">Cisco System
s, Inc.</organization>
<address>
<postal>
<extaddr>Building D</extaddr>
<street>45 Allee des Ormes - BP1200</street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>France</country>
</postal>
<phone>+33 497 23 26 20</phone>
<email>elevyabe@cisco.com</email>
</address>
</author>
</section>
</back>
</rfc>
 End of changes. 1 change blocks. 
lines changed or deleted lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/