<?xml version="1.0"encoding="US-ASCII"?> <!-- This template is for creating an Internet Draft using xml2rfc, which is available here: http://xml.resource.org. -->encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!-- One method to get references from the online citation libraries. There has to be one entity for each item to be referenced. An alternate method (rfc include) is described in the references. --> <!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC6550 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6550.xml"> <!ENTITY RFC8505 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8505.xml"> ]> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <!-- used by XSLT processors --> <!-- For a complete list and description of processing instructions (PIs), please see http://xml.resource.org/authoring/README.html. --> <!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use. (Here they are set differently than their defaults in xml2rfc v1.32) --> <?rfc strict="yes" ?> <!-- give errors regarding ID-nits and DTD validation --> <!-- control the table of contents (ToC) --> <?rfc toc="yes"?> <!-- generate a ToC --> <?rfc tocdepth="4"?> <!-- the number of levels of subsections in ToC. default: 3 --> <!-- control references --> <?rfc symrefs="yes"?> <!-- use symbolic references tags, i.e, [RFC2119] instead of [1] --> <?rfc sortrefs="yes" ?> <!-- sort the reference entries alphabetically --> <!-- control vertical white space (using these PIs as follows is recommended by the RFC Editor) --> <?rfc compact="yes" ?> <!-- do not start each main section on a new page --> <?rfc subcompact="yes" ?> <!-- keep one blank line between list items --> <!-- end of list of popular I-D processing instructions -->"rfc2629-xhtml.ent"> <rfccategory="std"xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-roll-efficient-npdao-18"ipr="trust200902"> <!-- category values: std, bcp, info, exp, and historic ipr values: full3667, noModification3667, noDerivatives3667 you can add the attributes updates="NNNN" and obsoletes="NNNN" they will automatically be output with "(if approved)" --> <!-- ***** FRONT MATTER ***** -->number="9009" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" version="3"> <front><!-- The abbreviated title is used in the page header - it is only necessary if the full title is longer than 39 characters --><title abbrev="Efficient Route Invalidation">Efficient Route Invalidation</title> <seriesInfo name="RFC" value="9009"/> <author fullname="Rahul Arvind Jadhav" initials="R.A." role="editor" surname="Jadhav"> <organization>Huawei</organization> <address> <postal> <street>KundalahalliVillage, Whitefield,</street>Village</street> <extaddr>Whitefield</extaddr> <city>Bangalore</city> <region>Karnataka</region> <code>560037</code> <country>India</country> </postal> <phone>+91-080-49160700</phone> <email>rahul.ietf@gmail.com</email> </address> </author> <author initials="P" surname="Thubert" fullname="Pascal Thubert"> <organization abbrev="Cisco">Cisco Systems,Inc</organization>Inc.</organization> <address> <postal><street>Building D</street><extaddr>Building D</extaddr> <street>45 Allee des Ormes - BP1200 </street> <city>MOUGINS - Sophia Antipolis</city> <code>06254</code> <country>France</country> </postal><phone>+33 497 23 26 34</phone><phone>+33-497-23-26-34</phone> <email>pthubert@cisco.com</email> </address> </author> <author fullname="Rabi Narayan Sahoo" initials="R.N." surname="Sahoo"> <organization>Huawei</organization> <address> <postal> <extaddr>Whitefield</extaddr> <street>KundalahalliVillage, Whitefield, </street>Village</street> <city>Bangalore</city> <region>Karnataka</region> <code>560037</code> <country>India</country> </postal> <phone>+91-080-49160700</phone><email>rabinarayans@huawei.com</email><email>rabinarayans0828@gmail.com</email> </address> </author> <author initials="Z" surname="Cao" fullname="Zhen Cao"> <organization>Huawei</organization> <address> <postal> <street>W Chang'an Ave</street> <city>Beijing</city><country>P.R. China</country><country>China</country> </postal> <email>zhencao.ietf@gmail.com</email> </address> </author><date/> <!-- If<date year="2021" month="April" /> <keyword>NPDAO</keyword> <keyword>DCO</keyword> <keyword>no-path</keyword> <keyword>route</keyword> <keyword>cleanup</keyword> <abstract> <t> This document explains themonth and year are both specified and areproblems associated with thecurrent ones, xml2rfc will filluse of No-Path Destination Advertisement Object (NPDAO) messaging in RFC 6550 and also discusses thecurrent dayrequirements foryou. If only the current year is specified, xml2rfc will fill inan optimized route invalidation messaging scheme. Further, this document specifies a new proactive route invalidation message called thecurrent day and month"Destination Cleanup Object" (DCO), which fulfills requirements foryou. If the year is not the current one, it is necessary to specify at least a month (xml2rfc assumes day="1" if not specifiedoptimized route invalidation messaging. </t> </abstract> </front> <middle> <section numbered="true" toc="default"> <name>Introduction</name> <t> RPL (the Routing Protocol forthe purpose of calculating the expiry date). With drafts it is normally sufficient to specify just the year. --> <!-- Meta-data Declarations --> <area>Routing</area> <workgroup>ROLL</workgroup> <!-- WG name at the upperleft corner of the doc, IETF is fine for individual submissions. If this element is not present, the default is "Network Working Group", which is used by the RFC Editor as a nod to the history of the IETF. --> <keyword>template</keyword> <!-- Keywords will be incorporated into HTML output files in a meta tag but they have no effect on text or nroff output. If you submit your draft to the RFC Editor, the keywords will be used for the search engine. --> <abstract> <t> This document explains the problems associated with the current use of NPDAO messagingLow-Power andalso discusses the requirements for an optimized route invalidation messaging scheme. Further a new proactive route invalidation message calledLossy Networks) as"Destination Cleanup Object" (DCO) is specified which fulfills requirements of an optimized route invalidation messaging. </t> </abstract> </front> <middle> <section title="Introduction"> <t> RPLdefined in <xreftarget="RFC6550"/> (Routing Protocol for Low power and lossy networks)target="RFC6550" format="default"/> specifies a proactivedistance-vector baseddistance-vector-based routing scheme. RPL has optional messaging in the form of DAO (Destination Advertisement Object) messages, which the 6LBR(6Lo(6LoWPAN Border Router) and 6LR(6Lo(6LoWPAN Router) can use to learn a route towards the downstream nodes. ("6LoWPAN" stands for "IPv6 over Low-Power Wireless Personal Area Network".) InstoringStoring mode, DAO messages would result in routing entries being created on all intermediate 6LRs fromthea node's parent all the way towards the 6LBR. </t> <t> RPL allows the use of No-Path DAO (NPDAO) messaging to invalidate a routing path corresponding to the given target, thus releasing resources utilized on that path.AAn NPDAO is a DAO message with a route lifetime ofzero,zero. It originates at the target node and always flows upstream towards the 6LBR. This document explains the problems associated with thecurrentuse of NPDAO messaging in <xref target="RFC6550"/> and also discusses the requirements for an optimized route invalidation messaging scheme.FurtherFurther, this document specifies a new proactive route invalidation message calledasthe "Destination Cleanup Object"(DCO) is specified(DCO), which fulfills requirementsof anfor optimized route invalidation messaging. </t> <t>TheThis document only caters totheRPL'sstoring modeStoring Mode ofoperationOperation (MOP). Thenon-storingNon-Storing MOP does not require the use of an NPDAO for routeinvalidationinvalidation, since routing entries are not maintained on 6LRs. </t> <sectiontitle="Requirementsnumbered="true" toc="default"> <name>Requirements Language andTerminology"> <t> TheTerminology</name> <t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere. </t>here.</t> <t> This specification requires readers to be familiar with all the terms and concepts that are discussed in "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks" <xref target="RFC6550"/>. </t><t> <list style="hanging"> <t hangText="Low Power<dl newline="true" spacing="normal"> <dt>Low-Power and LossyNetworks (LLN):"> <vspace />Network (LLN):</dt> <dd> A network in which both the routers and theirinterconnectinterconnects are constrained. LLN routers typically operate with constraints on processing power, memory, and energy(batter(battery power). Their interconnects are characterized by high loss rates, low data rates, and instability.</t> <t hangText="6LoWPAN</dd> <dt>6LoWPAN Router(6LR):"> <vspace />(6LR):</dt> <dd> An intermediate router that is able to send and receive Router Advertisements (RAs) and Router Solicitations (RSs) as well as forward and route IPv6 packets.</t> <t hangText="Directed</dd> <dt>Directed Acyclic Graph(DAG):"> <vspace />(DAG):</dt> <dd> A directed graph having the property that all edges are oriented in such a way that no cycles exist.</t> <t hangText="Destination-Oriented</dd> <dt>Destination-Oriented DAG(DODAG):"> <vspace />(DODAG):</dt> <dd> A DAG rooted at a single destination, i.e., at a single DAG root with no outgoing edges.</t> <t hangText="6LoWPAN</dd> <dt>6LoWPAN Border Router(6LBR):"> <vspace />(6LBR):</dt> <dd> A border routerwhichthat is a DODAG root and is the edge node for traffic flowing in and out of the6LoWPAN network. </t> <t hangText="Destination6LoWPAN. </dd> <dt>Destination Advertisement Object(DAO):"> <vspace />(DAO):</dt> <dd> DAO messaging allows downstream routes to the nodes to be established.</t> <t hangText="DODAG</dd> <dt>DODAG Information Object(DIO):"> <vspace />(DIO):</dt> <dd> DIO messaging allows upstream routes to the 6LBR to be established. DIO messaging is initiated at the DAO root.</t> <t hangText="Common Ancestor node"> <vspace /></dd> <dt>Common ancestor node:</dt> <dd> A 6LR/6LBR nodewhichthat is the first common node between two paths of a target node.</t> <t hangText="No-Path</dd> <dt>No-Path DAO(NPDAO):"> <vspace />(NPDAO):</dt> <dd> A DAO messagewhichthat has a target with a lifetime0 usedof 0. Used for the purpose of route invalidation.</t> <t hangText="Destination</dd> <dt>Destination Cleanup Object(DCO):"> <vspace />(DCO):</dt> <dd> A new RPL control message code defined by this document. DCO messaging improves proactive route invalidation in RPL.</t> <t hangText="Regular DAO:"> <vspace /></dd> <dt>Regular DAO:</dt> <dd> A DAO message with a non-zero lifetime. Routing adjacencies are created or updated based on this message.</t> <t hangText="Target node:"> <vspace /></dd> <dt>Target node:</dt> <dd> The node switching its parent whose routing adjacencies are updated (created/removed).</t> </list> </t></dd> </dl> </section> <section anchor="current_npdao"title="Currentnumbered="true" toc="default"> <name>RPL NPDAOmessaging">Messaging</name> <t> RPL uses NPDAO messaging inthe storingStoring mode so that the node changing its routing adjacencies can invalidate the previous route. This is needed so that nodes along the previous path can release any resources (such as the routing entry) they maintain on behalf of the target node. </t> <t>For the rest ofThroughout thisdocument considerdocument, we will refer to thefollowing topology:topology shown in <xref target="sample_top"/>: </t><t><figurealign="center" anchor="sample_top" title="Sample topology">anchor="sample_top"> <name>Sample Topology</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ (6LBR) | | | (A) / \ / \ / \ (G) (H) | | | | | | (B) (C) \ ; \ ; \ ; (D) / \ / \ / \ (E)(F) ]]></artwork>(F)]]></artwork> </figure></t><t> Node(D)D is connected via preferred parent(B). (D)B. D has an alternate path via(C)C towards the 6LBR. Node(A)A is the common ancestor for(D)D for paths through(B)-(G)B-G and(C)-(H).C-H. When(D)D switches from(B)B to(C),C, RPL allows sending an NPDAO to(B)B and a regular DAO to(C).C. </t> </section><!--<sectiontitle="Cases when No-Path DAO may be used"> <t> There are following cases in which a node switches its parent and may employ No-Path DAO messaging:</t> <t>Case I: Current parent becomes unavailable because of transient or permanent link or parent node failure.</t> <t>Case II: The node finds a better parent node i.e. the metrics of another parent is better than its current parent.</t> <t>Case III: The node switches to a new parent whom it "thinks" has a better metric but does not in reality.</t> <t>The usual steps of operation when the node switches the parent is that the node sends a No-Path DAO message via its current parent to invalidate its current route and subsequently it tries to establish a new routing path by sending a new DAO via its new parent.</t> </section> --> <section title="Whynumbered="true" toc="default"> <name>Why Is NPDAOImportant?">Messaging Important?</name> <t>NodesResources inLLNs may be resourceLLN nodes are typically constrained. There is limited memoryavailableavailable, and routing entry records are one of the primary elements occupying dynamic memory in the nodes. Route invalidation helps 6LR nodes to decide which routing entriescouldcan be discardedtofor betteroptimize resource utilization. Thususe of the limited resources. Thus, it becomes necessary to have an efficient route invalidation mechanism. Also note that a single parent switch may result in a"sub-tree""subtree" switching from one parent to another.ThusThus, the route invalidation needs to be done on behalf of thesub-treesubtree and not the switching node alone. In the above example, when Node(D)D switches its parent,theroute updatesneedsneed to be done for the routingtablestable entries of(C),(H),(A),(G),C, H, A, G, and(B)B withdestination (D),(E)destinations D, E, and(F).F. Without efficient route invalidation, a 6LR may have to hold a lot of stale route entries. </t> </section> </section> <section anchor="current_npdao_problems"title="Problemsnumbered="true" toc="default"> <name>Problems withcurrentthe RPL NPDAOmessaging">Messaging</name> <sectiontitle="Lostnumbered="true" toc="default"> <name>Lost NPDAOdueDue tolink breakLink Break to theprevious parent">Previous Parent</name> <t> When a node switches its parent, the NPDAO is to be sent to its previous parent and a regular DAO to its new parent. In cases where the node switches its parent because of transient or permanent parent link/nodefailure thenfailure, the NPDAO messageis bound to fail. </t> <!-- <t> RPL allows use of route lifetime to remove unwanted routes in case the routes couldmay not berefreshed. But route lifetimes in case of LLNs could be substantially high and thusreceived by theroute entries would be stuck for longer times.parent. </t>--></section> <sectiontitle="Invalidatenumbered="true" toc="default"> <name>Invalidating Routes of DependentNodes">Nodes</name> <t> RPL does not specify how route invalidation will work for dependent nodesrooted atin the switchingnode,node subDAG, resulting in stale routing entries of the dependent nodes. The only way for a 6LR to invalidate the route entries for dependent nodes would be to use route lifetimeexpiryexpiry, which could be substantially high for LLNs. </t> <t> In the example topology, when Node(D)D switches its parent, Node(D)D generates an NPDAO on its own behalf. There is no NPDAO generated by the dependent childnodes (E)Nodes E and(F),F, through the previous path via(D)D to(B)B and(G),G, resulting in stale entries onnodes (B)Nodes B and(G)G fornodes (E)Nodes E and(F).F. </t> </section> <sectiontitle="Possible route downtime causednumbered="true" toc="default"> <name>Possible Route Downtime Caused byasynchronous operationAsynchronous Operation of the NPDAO andDAO">DAO</name> <t> A switching node may generate both an NPDAO and a DAO via two different paths at almost the same time.ThereIt isa possibilitypossible thatanthe NPDAOgeneratedmay invalidate the previous route and the regular DAO sent via the new path gets lost on the way. This may result in routedowntimedowntime, impacting downward traffic for the switching node. </t> <t> In the example topology,considersay that Node(D)D switches from parent(B)B to(C).C. An NPDAO sent via the previous route may invalidate the previousrouteroute, whereas there is no way to determine whether the new DAO has successfully updated the route entries on the new path. </t> </section> </section> <sectiontitle="Requirementsanchor="requirements" numbered="true" toc="default"> <name>Requirements fortheNPDAOOptimization" anchor="requirements">Optimization</name> <sectiontitle="Req#1:numbered="true" toc="default"> <name>Req. #1: Removemessaging dependencyMessaging Dependency onlinkthe Link to theprevious parent">Previous Parent</name> <t> When the switching node sends the NPDAO message to the previous parent, it is normal that the link to the previous parent is prone to failure (that's why thenode decided to switch). Therefore, it is required that the route invalidation does not depend on the previous link which is prone to failure. The previous link referred here represents the link between the node and its previous parent (from whom the node is now disassociating). </t> </section> <section title="Req#2: Dependent nodes route invalidation on parent switching"> <t> It should be possible to do route invalidation for dependent nodes rooted at the switching node. </t> </section> <section title="Req#3: Route invalidation should not impact data traffic"> <t> While sending the NPDAO and DAO messages, it is possible that the NPDAO successfully invalidates the previous path, while the newly sent DAO gets lost (new path not set up successfully). This will result in downstream unreachability to the node switching paths. Therefore, it is desirable that the route invalidation is synchronized with the DAO to avoid the risk of route downtime. </t> </section> </section> <!-- Too Confusing section and may not be needed now... If required this can be added in Appendix. <section title="Existing Solution"> <section title="NPDAO can be generated by the parent node who detects link failure to the child"> <t>RPL states mechanisms which could be utilized to clear DAO states in a sub-DODAG. [RFC6550] Section 11.2.2.3 states "With DAO inconsistency loop recovery, a packet can be used to recursively explore and clean up the obsolete DAO states along a sub-DODAG".</t> <t>Thus in the sample topology in Figure 1, when Node (B) detects link failure to (D), (B) has an option of generating an NPDAO on behalf of Node (D) and its sub-childs, (E) and (F).</t> <t>This section explains why generation of an NPDAO in such cases may not function as desired. Primarily the DAO state information in the form of Path Sequence plays a major role here. Every target is associated with a Path Sequence number which relates to the latest state of the target. <xref target="RFC6550"/> Section 7.1 explains the semantics of Path Sequence number. The target node increments the Path Sequence number every time it generates a new DAO. The router nodes en-route utilize this Path Sequence number to decide the freshness of target information. If a non-target node has to generate an NPDAO then it could use following two possibilities with Path Sequence number: </t> <t>Let the Path Sequence number of old regular DAO that flowed through (B) be x. The subsequent regular DAO generated by Node (D) will have sequence number x+1.</t> <t>i. Node (B) uses the previous Path Sequence number from the regular DAO i.e. NPDAO(pathseq=x)</t> <t>ii. Node (B) increments the Path Sequence number i.e. NPDAO(pathseq=x+1)</t> <t>In case i, the NPDAO(pathseq=x) will be dropped by all the intermediate nodes since the semantics of Path Sequence number dictates that any DAO with an older Path Sequence number be dropped.</t> <t>In case ii, there is a risk that the NPDAO(pathseq=x+1) traverses up the DODAG and invalidates all the routes till the root and then the regular DAO(pathseq=x+1) from the target traverses upwards. In this case the regular DAO(pathseq=x+1) will be dropped from common ancestor node to the root. This will result in route downtime.</t> <t>Another problem with this scheme is its dependence on the upstream neighbor to detect that the downstream neighbor is unavailable. There are two possibilities by which such a detection might be put to work:</t> <t>i. There is P2P traffic from the previous sub-DODAG to any of nodes in the sub-tree which has switched the path. In the above example, lets consider that Node (G) has P2P traffic for either of nodes (D), (E), or (F). In this case, Node (B) will detect forwarding error while forwarding the packets from Node (B)node decided to(D). But dependence on P2P traffic mayswitch). Therefore, it is required that the route invalidation does notbe an optimal waydepend on the previous link, which is prone tosolve this problem consideringfailure. The previous link referred to here represents thereactive approach oflink between thescheme. The P2P traffic pattern might be sparsenode andthus such a detection might kick-in too late.</t> <t>ii. The other caseits previous parent (from which the node iswhere Node (B) explicitly employs some mechanism to probe directly attached downstream child nodes. Such kind of schemes are seldom used.</t>now disassociating). </t> </section> <sectiontitle="NPDAO cannumbered="true" toc="default"> <name>Req. #2: Route Invalidation for Dependent Nodes at the Parent Switching Node</name> <t> It should begenerated oncepossible to do route invalidation for dependent nodes rooted at thelinkswitching node. </t> </section> <section numbered="true" toc="default"> <name>Req. #3: Route Invalidation Should Not Impact Data Traffic</name> <t> While sending the NPDAO and DAO messages, it isrestored topossible that the NPDAO successfully invalidates the previousparent"> <t>This scheme solves a specific scenario of transient links. The childpath, while the newly sent DAO gets lost (new path not set up successfully). This will result in downstream unreachability to the nodecan detectswitching paths. Therefore, it is desirable that theconnection to previous parentroute invalidation isrestored and then transmit an NPDAO tosynchronized with theprevious parentDAO toinvalidateavoid theroute. This scheme is stateful, thus requires more memory and solves a specific scenario.</t>risk of route downtime. </t> </section> </section>--><sectiontitle="Changesnumbered="true" toc="default"> <name>Changes to RPLsignaling">Signaling</name> <sectiontitle="Changenumbered="true" toc="default"> <name>Change in RPLroute invalidation semantics">Route Invalidation Semantics</name> <t> As described in <xreftarget="current_npdao"/>,target="current_npdao" format="default"/>, the NPDAO originates at the node changing to a new parent and traverses upstream towards the root. In order to solve the problemsas mentioneddiscussed in <xreftarget="current_npdao_problems"/>, thetarget="current_npdao_problems" format="default"/>, this document adds a new proactive route invalidation message called the "Destination Cleanup Object"(DCO) that(DCO), which originates at a common ancestor node and flows downstreambetweenthenew andold path. The common ancestor node generates a DCOinwhen removing a next hop to a target -- for instance, as a delayed response tothe change in the next-hop onreceiving a regular DAO from another child node withupdateda Path Sequence for thetarget.target that is the same or newer, in which case the DCO transmission is canceled. </t> <t> The 6LRs in the path for the DCO takeactionsuch action as route invalidation based on the DCO information and subsequently send another DCO with the same information downstream to the nexthop.hop(s). This operation is similar to how the DAOs are handled on intermediate 6LRs instoringthe Storing MOPin<xreftarget="RFC6550"/>.target="RFC6550" format="default"/>. Just like the DAO instoringthe Storing MOP, the DCO is sent using link-local unicast source and destination IPv6address.addresses. Unlike the DAO, which always travels upstream, the DCO always travels downstream. </t> <t> In <xreftarget="sample_top"/>,target="sample_top" format="default"/>, whennodechild Node D decides to switch the path from parent B to parent C, it sends a regular DAO tonodeNode C with reachability information containing the address of D as the target and an incremented Path Sequence. Node C will update the routing table based on the reachability information in the DAO and will in turn generate another DAO with the same reachability information and forward it to H. Node Halsorecursively follows the same procedure as Node C and forwards it tonodeNode A. WhennodeNode A receives the regular DAO, it finds that it already has a routing table entry on behalf of thetarget addressTarget Address ofnodeNode D. Itfinds howeverfinds, however, that thenext hopnext-hop information for reachingnodeNode D haschangedchanged, i.e.,nodeNode D has decided to change the paths. In this case, NodeAA, which is the common ancestor node fornodeNode D along the two paths (previous and new),shouldcan generate a DCOwhichthat traverses the network downwardsinover the old path to thenetwork.target. Node A handles normal DAO forwarding to the 6LBR as required by <xreftarget="RFC6550"/>.target="RFC6550" format="default"/>. </t> </section> <sectiontitle="Transitanchor="transit_opt_changes" numbered="true" toc="default"> <name>Transit Information Optionchanges" anchor="transit_opt_changes">Changes</name> <t> Every RPL message is divided into base message fields and additionalOptionsoptions, as described inSection 6 of<xreftarget="RFC6550"/>.target="RFC6550" section="6" sectionFormat="of"/>. The base fields apply to the message as awholewhole, and options are appended to addmessage/use-case specificmessage-specific / use-case-specific attributes. As an example, a DAO message may be attributed by one or more "RPL Target" optionswhichthat specify that the reachability information is for the given targets. Similarly, a Transit Information option may be associated with a set of RPL Target options. </t> <t> This document specifies a change in the Transit InformationOptionoption to contain the "Invalidate previous route" (I) flag. This 'I' flag signals the common ancestor node to generate a DCO on behalf of the target node with a RPL Status of195195, indicating that the address has moved. The 'I' flag is carried in the Transit InformationOptionoption, which augments the reachability information for a given set of one or more RPLTarget(s).Targets. A Transit InformationOptionoption with the 'I' flag set should be carried in the DAO message when route invalidation is sought for the correspondingtarget(s).target or targets. </t> <t> Value 195 represents'E'the 'U' and 'A'bitbits in RPLStatusStatus, to be set as per Figure36 of <xreftarget="I-D.ietf-roll-unaware-leaves"/>target="RFC9010" format="default"/>, with the lower 6 bitswithset to the 6LoWPAN Neighbor Discovery (ND) Extended Address Registration Option (EARO) Status value of 3 indicating 'Moved' as per Table 1 of[RFC8505].<xref target="RFC8505"/>. </t><t><figurealign="center" anchor="transit_info_with_i" title="Updatedanchor="transit_info_with_i"> <name>Updated Transit Information Option (NewI flag added)">'I' Flag Added)</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0x06 | Option Length |E|I| Flags | Path Control | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Path Sequence | Path Lifetime |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure></t> <t> I<dl> <dt>I (Invalidate previous route)flag: Theflag:</dt><dd>The 'I' flag is set by the target node to indicate to the common ancestor node that it wishes to invalidate any previous route between the two paths.</t></dd> </dl> <t> <xreftarget="RFC6550"/>target="RFC6550" format="default"/> allows the parent address to be sent in the Transit InformationOptionoption, depending on themode of operation.MOP. In the case ofstoring mode of operationthe Storing MOP, the field is usually not needed. In the case of a DCO, theparent addressParent Address fieldMUST NOT<bcp14>MUST NOT</bcp14> be included. </t> <t>TheUpon receiving a DAO message with a Transit Information option that has the 'I' flag set, and as a delayed response removing a routing adjacency to the target indicated in the Transit Information option, the common ancestor nodeSHOULD<bcp14>SHOULD</bcp14> generate a DCO messagein responsetothis 'I' flag when it sees that the routing adjacencies have changed forthetarget.next hop associated to that adjacency. The 'I' flag is intended to give the target node control over its own route invalidation, serving as a signal to request DCO generation. </t> </section> <sectiontitle="Destinationnumbered="true" toc="default"> <name>Destination Cleanup Object(DCO)">(DCO)</name> <t> A new ICMPv6 RPL control message code is defined by this specification and is referred to as the "Destination Cleanup Object" (DCO), which is used for proactive cleanup of state and routing information held on behalf of the target node by 6LRs. The DCO message always traverses downstream and cleans up route information and other state information associated with the given target. The format of the DCO message is shown in <xref target="dco_obj"/>. </t><t><figurealign="center" anchor="dco_obj" title="DCO base object">anchor="dco_obj"> <name>DCO Base Object</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RPLInstanceID |K|D| Flags | RPL Status | DCOSequence | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | +DODAGID(optional)DODAGID (optional) + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option(s)...+-+-+-+-+-+-+-+-+ ]]></artwork>+-+-+-+-+-+-+-+-+]]></artwork> </figure></t> <t> RPLInstanceID: 8-bit<dl> <dt> RPLInstanceID:</dt><dd>8-bit field indicating the topology instance associated with the DODAG, as learned from the DIO.</t> <t> K: The</dd> <dt> K:</dt><dd>The 'K' flag indicates that the recipient of a DCO message is expected to send a DCO-ACK back. If the DCO-ACK is not received even after setting the 'K' flag, an implementation may retry the DCO at a later time. The number of retriesareis implementation and deployment dependent andareis expected to be kept similarwith those used into the number of DAO retriesin<xreftarget="RFC6550"/>.target="RFC6550" format="default"/>. <xreftarget="dco_retry"/>target="dco_retry" format="default"/> specifies the considerations for DCOretry.retries. A node receiving a DCO message without the 'K' flag setMAY<bcp14>MAY</bcp14> respond with a DCO-ACK, especially to report an error condition. An example error condition could be that the node sending the DCO-ACK does not find the routing entry for the indicated target. When the sender does not set the 'K'flagflag, it is an indication that the sender does not expect a response, and the senderSHOULD NOT<bcp14>SHOULD NOT</bcp14> retry the DCO.</t> <t> D: The</dd> <dt> D:</dt><dd>The 'D' flag indicates that the DODAGID field is present. This flagMUST<bcp14>MUST</bcp14> be set when a local RPLInstanceID is used.</t> <t> Flags: The</dd> <dt> Flags:</dt><dd>The 6 bits remaining unused in the Flags field are reserved for future use. These bitsMUST<bcp14>MUST</bcp14> be initialized to zero by the sender andMUST<bcp14>MUST</bcp14> be ignored by the receiver.</t> <t></dd> <dt> RPLStatus: AsStatus:</dt><dd>As defined in <xreftarget="RFC6550"/>target="RFC6550" format="default"/> and updated in <xreftarget="I-D.ietf-roll-unaware-leaves"/>.target="RFC9010" format="default"/>. The root or common parent that generates a DCO is authoritative for setting the statusinformationinformation, and the information is unchanged as propagated down the DODAG. This document does not specify a differentiated action based on the RPLstatus. </t> <t> DCOSequence: 8-bitStatus. </dd> <dt> DCOSequence:</dt><dd>8-bit field incremented at each unique DCO message from a node and echoed in the DCO-ACK message. The initial DCOSequence can be chosen randomly by the node. <xreftarget="base_rules"/>target="base_rules" format="default"/> explains the handling of the DCOSequence.</t> <t></dd> <dt> DODAGID(optional): 128-bit(optional):</dt><dd>128-bit unsigned integer set by a DODAG root that uniquely identifies a DODAG. This fieldMUST<bcp14>MUST</bcp14> be present when the 'D' flag is set andMUST NOT<bcp14>MUST NOT</bcp14> be present if the 'D' flag is not set. The DODAGID is used when a local RPLInstanceID is in use, in order to identify the DODAGID that is associated with the RPLInstanceID.</t></dd> </dl> <sectiontitle="Secure DCO">numbered="true" toc="default"> <name>Secure DCO</name> <t> A Secure DCO message follows the format shown in <xreftarget="RFC6550"/>target="RFC6550" format="default"/>, Figure 7, where the base message format is the DCO message shown in <xreftarget="dco_obj"/>.target="dco_obj" format="default"/> of this document. </t> </section> <sectiontitle="DCO Options">numbered="true" toc="default"> <name>DCO Options</name> <t> The DCO messageMUST<bcp14>MUST</bcp14> carry at least one RPL Target and the Transit InformationOptionoption andMAY<bcp14>MAY</bcp14> carry other valid options. This specification allows for the DCO message to carry the following options:<list> <t>0x00 Pad1</t> <t>0x01 PadN</t> <t>0x05 RPL Target</t> <t>0x06 Transit Information</t> <t>0x09 RPL</t> <dl newline="false" spacing="compact"> <dt>0x00</dt><dd>Pad1</dd> <dt>0x01</dt><dd>PadN</dd> <dt>0x05</dt><dd>RPL Target</dd> <dt>0x06</dt><dd>Transit Information</dd> <dt>0x09</dt><dd>RPL TargetDescriptor</t> </list> Section 6.7 ofDescriptor</dd> </dl> <t> <xreftarget="RFC6550"/>target="RFC6550" section="6.7" sectionFormat="of"/> defines all theabove mentionedabove-mentioned options. The DCO carriesana RPL TargetOptionoption and an associated Transit InformationOptionoption with a lifetime of 0x00000000 to indicate a loss of reachability to thatTarget.target. </t> </section> <sectiontitle="Pathnumbered="true" toc="default"> <name>Path Sequencenumberin theDCO">DCO</name> <t> A DCO messagemay containincludes a Transit Information option for each invalidated path. The value of the Path Sequence counter in the Transit InformationOption to identifyoption allows identification of the freshness of the DCOmessage. The Path Sequencemessage versus the newest known to the 6LRs along the path being removed. If the DCO is generated by a common parent in response to a DAO message, then the Transit Information option in the DCOMUST<bcp14>MUST</bcp14> use thesamevalue of the Path Sequencenumber presentas found in theregular DAO message whennewest Transit Information option that was received for that target by the common parent. If a 6LR down the path receives a DCO with a Path Sequence that isgeneratednot newer than the Path Sequence as known from a Transit Information option inresponse toa DAOmessage. Thus ifmessage, then the 6LR <bcp14>MUST NOT</bcp14> remove its current routing state, and it <bcp14>MUST NOT</bcp14> forward the DCO down a path where it is not newer. If the DCO isreceived by anewer, the 6LRand subsequentlymay retain a temporary state to ensure that a DAO that is received later with a Transit Information option with anoldolder sequencenumber, thennumber is ignored. A Transit Information option in a DAO message that is as new as or newer than that in a DCO wins, meaning that the path indicated in the DAOMUST be ignored.is installed and the DAO is propagated. When the DCO isgenerated in response topropagated upon a DCO from an upstream parent, the Path SequenceMUST<bcp14>MUST</bcp14> be copied from the received DCO. </t> </section> <sectiontitle="Destinationnumbered="true" toc="default"> <name>Destination Cleanup Option Acknowledgment(DCO-ACK)">(DCO-ACK)</name> <t> The DCO-ACK messageSHOULD<bcp14>SHOULD</bcp14> be sent as a unicast packet by a DCO recipient in response to a unicast DCO message with the 'K' flag set. If the 'K' flag is notsetset, then the receiver of the DCO messageMAY<bcp14>MAY</bcp14> send a DCO-ACK, especially to report an error condition. The format of the DCO-ACK message is shown in <xref target="dco_ack"/>. </t><t><figurealign="center" anchor="dco_ack" title="DCO-ACK base object">anchor="dco_ack"> <name>DCO-ACK Base Object</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RPLInstanceID |D| Flags | DCOSequence | DCO-ACK Status| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | +DODAGID(optional)DODAGID (optional) + | | + + | |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure></t> <t> RPLInstanceID: 8-bit<dl> <dt> RPLInstanceID:</dt><dd>8-bit field indicating the topology instance associated with the DODAG, as learned from the DIO.</t> <t> D: The</dd> <dt> D:</dt><dd>The 'D' flag indicates that the DODAGID field is present. This flagMUST<bcp14>MUST</bcp14> be set when a local RPLInstanceID is used.</t> <t> Flags: 7-bit</dd> <dt> Flags:</dt><dd>7-bit unused field. The fieldMUST<bcp14>MUST</bcp14> be initialized to zero by the sender andMUST<bcp14>MUST</bcp14> be ignored by the receiver.</t> <t> DCOSequence: 8-bit</dd> <dt> DCOSequence:</dt><dd>8-bit field. The DCOSequence in the DCO-ACK is copied from the DCOSequence received in the DCO message.</t> <t></dd> <dt> DCO-ACK Status:</dt><dd>Indicates completion status. The DCO-ACKStatus: IndicatesStatus field is defined based on Figure 6 of <xref target="RFC9010" format="default"/> defining thecompletion.RPL Status Format. AvalueStatusValue of 0is defined as unqualifiedalong with the 'U' bit set to 0 indicates Success / Unqualified acceptancein this specification.as per Figure 6 of <xref target="RFC9010" format="default"/>. AvalueStatusValue of 1is defined as "No routing-entry forwith theTarget found". The remaining status values are reserved'U' bit set to 1 indicates 'No routing entry' asrejection codes. </t> <t>defined in <xref target="rpl_reject_status" format="default"/> of this document. </dd> <dt> DODAGID(optional): 128-bit(optional):</dt><dd>128-bit unsigned integer set by a DODAG root that uniquely identifies a DODAG. This fieldMUST<bcp14>MUST</bcp14> be present when the 'D' flag is set andMUST NOT<bcp14>MUST NOT</bcp14> be present when the 'D' flag is not set. The DODAGID is used when a local RPLInstanceID is in use, in order to identify the DODAGID that is associated with the RPLInstanceID.</t></dd> </dl> </section> <sectiontitle="Secure DCO-ACK">numbered="true" toc="default"> <name>Secure DCO-ACK</name> <t> A Secure DCO-ACK message follows the format shown in <xreftarget="RFC6550"/>target="RFC6550" format="default"/>, Figure 7, where the base message format is the DCO-ACK message shown in <xreftarget="dco_ack"/>.target="dco_ack" format="default"/> of this document. </t> </section> </section> <sectiontitle="DCOanchor="base_rules" numbered="true" toc="default"> <name>DCO BaseRules" anchor="base_rules"> <t> <list style="numbers"> <t>Rules</name> <ol spacing="normal" type="1"><li> If a node sends a DCO message with newer or different information than the prior DCO message transmission, itMUST<bcp14>MUST</bcp14> increment the DCOSequence field by at least one. A DCO message transmission that is identical to the prior DCO message transmissionMAY<bcp14>MAY</bcp14> increment the DCOSequence field. The DCOSequence counter follows the sequence counter operation as defined inSection 7.2 of<xreftarget="RFC6550"/>. </t> <t>target="RFC6550" section="7.2" sectionFormat="of"/>. </li> <li> The RPLInstanceID and DODAGID fields of a DCO messageMUST be<bcp14>MUST</bcp14> have the samevaluevalues asthat ofthose contained in the DAO message in response to which the DCO is generated on the common ancestor node.</t> <t></li> <li> A nodeMAY<bcp14>MAY</bcp14> set the 'K' flag in a unicast DCO message to solicit a unicast DCO-ACK inresponseresponse, in order to confirm the attempt.</t> <t></li> <li> A node receiving a unicast DCO message with the 'K' flag setSHOULD<bcp14>SHOULD</bcp14> respond with a DCO-ACK. A node receiving a DCO message without the 'K' flag setMAY<bcp14>MAY</bcp14> respond with a DCO-ACK, especially to report an error condition.</t> <t></li> <li> A node receiving a unicast DCO messageMUST<bcp14>MUST</bcp14> verify the stored Path Sequence in context to the given target. If the stored Path Sequence ismore fresh,as new as or newer than the Path Sequence received in the DCO, then the DCOMUST<bcp14>MUST</bcp14> be dropped.</t> <t></li> <li> A node that sets the 'K' flag in a unicast DCO message but does not receive a DCO-ACK in responseMAY<bcp14>MAY</bcp14> reschedule the DCO message transmission for another attempt, up until animplementation specificimplementation-specific number of retries.</t> <t></li> <li> A node receiving a unicast DCO message with its own address in the RPL TargetOption MUST strip-offoption <bcp14>MUST</bcp14> strip off that TargetOption.option. If this TargetOptionoption is the only one in the DCOmessagemessage, then the DCO messageMUST<bcp14>MUST</bcp14> be dropped.</t> </list> </t></li> </ol> <t> The scope of DCOSequence values is unique to the nodewhichthat generatesit.them. </t> </section> <sectiontitle="Unsolicited DCO">numbered="true" toc="default"> <name>Unsolicited DCO</name> <t> A 6LR may generate an unsolicited DCO to unilaterallycleanupclean up the path on behalf of the target entry. The 6LR has all the state information, namely, the TargetaddressAddress and the Path Sequence, required for generating a DCO in its routing table. The conditionswhyunder which a 6LR may generate an unsolicited DCO are beyond the scope of thisdocumentdocument, butsomepossible reasons couldbe: <list style="numbers"> <t>be as follows: </t> <ol spacing="normal" type="1"><li> On route expiry of an entry, a 6LR may decide to graciouslycleanupclean up the entry by initiating a DCO.</t> <t></li> <li> A 6LR needs to entertainhigher priorityhigher-priority entries in case the routing table is full, thus resulting in eviction of an existing routing entry. In thiscasecase, the eviction can be handled graciously by using a DCO.</t> </list> </t></li> </ol> <t> A DCO that is generated asynchronously to a DAO message and is meant to discard all state along the path regardless of the Path Sequence <bcp14>MUST</bcp14> use a Path Sequence value of 240 (see <xref target="RFC6550" section="7.2" sectionFormat="of"/>). This value allows the DCO to win against any established DAO path but to lose against a DAO path that is being installed. Note that ifthe 6LRan ancestor initiates a unilateral path cleanup on an established path using a DCOand if it has the latest state for the target thenwith a Path Sequence value of 240, the DCOwould finallywill eventually reach the targetnode. Thus the target node wouldnode, which will thus be informed ofitsthe path invalidation. </t> </section> <sectiontitle="Other considerations"> <section title="Dependent Nodes invalidation">numbered="true" toc="default"> <name>Other Considerations</name> <section numbered="true" toc="default"> <name>Invalidation of Dependent Nodes</name> <t>CurrentThe RPL specification <xreftarget="RFC6550"/>target="RFC6550" format="default"/> does not provide a mechanism for route invalidation for dependent nodes. This document allows the invalidation of dependentnodes invalidation.nodes. Dependent nodes will generate their respective DAOs to update their paths, and the previous route invalidation for those nodes should work inthe similara manner similar to what is described for a switching node. The dependent node may set the 'I' flag in the Transit InformationOptionoption as part of a regular DAO so as to request invalidation of the previous route from the common ancestor node. </t> <t> Dependent nodes do not have any indication regardingifwhether any of their parents have in turnhavedecided to switch their parent.ThusThus, for routeinvalidationinvalidation, the dependent nodes may choose to always set the 'I' flag in allitstheir DAOmessage'smessages' Transit InformationOption.options. Note that setting the 'I' flag is not counterproductive even if there is no previous route to be invalidated. </t> </section> <sectiontitle="NPDAOnumbered="true" toc="default"> <name>NPDAO and DCO in thesame network">Same Network</name> <t> ThecurrentNPDAO mechanism provided in <xreftarget="RFC6550"/>target="RFC6550" format="default"/> can still be used in the same network where a DCO is used.TheNPDAO messaging can be used, for example, on route lifetime expiry of the target or when the node simply decides to gracefully terminate the RPL session on graceful node shutdown. Moreover, a deployment can have a mix of nodes supporting the DCO and the existing NPDAO mechanism. It is also possible that the same node supports boththeNPDAO and DCO signaling for route invalidation. </t> <t>Section 9.8 of<xreftarget="RFC6550"/>target="RFC6550" section="9.8" sectionFormat="of"/> states, "When a node removes a node from its DAO parent set, itSHOULD<bcp14>SHOULD</bcp14> send a No-Path DAO message (Section 6.4.3) to that removed DAO parent to invalidate the existingrouter".route." This document introduces an alternative and more optimized wayofto perform routeinvalidationinvalidation, but it also allows existing NPDAO messaging to work.ThusThus, an implementation has two choices to make when a route invalidation is to be initiated: </t><t> <list style="numbers"> <t><ol spacing="normal" type="1"><li> Use an NPDAO to invalidate the previousrouteroute, and send a regular DAO on the new path.</t> <t></li> <li> Send a regular DAO on the new path with the 'I' flag set in the Transit InformationOptionoption such that the common ancestor node initiates the DCO message downstream to invalidate the previous route.</t> </list> </t></li> </ol> <t> This document recommends using option22, for the reasons specified in <xreftarget="requirements"/> intarget="requirements" format="default"/> of this document. </t> <t> This document assumes that all the 6LRs in the network support this specification. Ifthere are 6LRs en-route DCO message path whichthere are 6LR nodes that do not support thisdocument,document that are in the path of the DCO message transmission, then the route invalidation for the corresponding targets (targets that are in the DCO message) may not work or may workpartially i.e., only part of the path supporting DCO may be invalidated.partially. Alternatively, a node could generate an NPDAO if it does not receive a DCO with itself as the target within a specified time limit. The specified time limit is deployment specific and depends upon the maximum depth of the network andper hopper-hop average latency. Note that sending an NPDAO and a DCO for the same operation would not result in unwantedside-effectsside effects because the acceptability of an NPDAO or a DCO depends upon the Path Sequence freshness. </t> </section> <sectiontitle="Considerationsanchor="dco_retry" numbered="true" toc="default"> <name>Considerations for DCOretry" anchor="dco_retry">Retries</name> <t> A DCO message could be retried by a sender if it sets the 'K' flag and does not receive a DCO-ACK. The DCO retry time could be dependent on the maximum depth of the network and averageper hopper-hop latency. This could range from 2 seconds to 120secondsseconds, depending on the deployment.In caseIf the latency limits are not known, an implementationMUST NOT<bcp14>MUST NOT</bcp14> retry more than once in 3 seconds andMUST NOT<bcp14>MUST NOT</bcp14> retry more than3three times. </t> <t> The number of retries could also be set depending on how critical the route invalidation could be for the deployment and thelink layerlink-layer retry configuration. For networks supporting onlyMP2PMulti-Point to Point (MP2P) andP2MPPoint-to-Multipoint (P2MP) flows, such as inAMIAdvanced Metering Infrastructure (AMI) and telemetry applications, the 6LRs may not be very keen to invalidate routes, unless they are highlymemory-constrained.memory constrained. For home and building automation networkswhichthat may have substantial P2P traffic, the 6LRs might be keen to invalidate efficiently because it may additionally impacttheforwarding efficiency. </t> </section> <sectiontitle="DCO with multiple preferred parents">numbered="true" toc="default"> <name>DCO with Multiple Preferred Parents</name> <t> <xreftarget="RFC6550"/>target="RFC6550" format="default"/> allows a node to select multiple preferred parents for route establishment.Section 9.2.1 of<xreftarget="RFC6550"/>target="RFC6550" section="9.2.1" sectionFormat="of"/> specifies, "All DAOs generated at the same time for the sameTarget MUSTtarget <bcp14>MUST</bcp14> be sent with the same Path Sequence in the TransitInformation". SubsequentlyInformation." Subsequently, when route invalidation has to be initiated,RPL mentions use of NPDAOan NPDAO, which can be initiated with an updated Path Sequence to all the parent nodes through which the route is to beinvalidated.invalidated, can be used; see <xref target="RFC6550"/>. </t> <t> With a DCO, theTargettarget node itself does not initiate the routeinvalidation and itinvalidation; this is left to the common ancestor node. A common ancestor node when it discovers an updated DAO from a newnext-hop,next hop, it initiates a DCO.With multiple preferred parents, this handling does not change. But in this case itIt is recommended that an implementationinitiatesinitiate a DCO after a time period (DelayDCO) such that the common ancestor node may receive updated DAOs from all possiblenext-hops.next hops. This will help to reduce DCO controloverheadoverhead, i.e., the common ancestor can wait for updated DAOs from all possible directions before initiating a DCO for route invalidation. After timeout, the DCO needs to be generated for all thenext-hopsnext hops forwhomwhich the route invalidation needs to be done. </t> <t> This document recommends using a DelayDCO timer value of1sec.1 second. This value is inspired by the default DelayDAO timer value of1sec in1 second <xreftarget="RFC6550"/>. Heretarget="RFC6550" format="default"/>. Here, the hypothesis is that the DAOs from all possible parent sets would be received on the common ancestor within this time period. </t> <t> It is still possible that a DCO is generated before all the updated DAOs from all the paths are received. In this case, the ancestor node would start the invalidation procedure for paths from which the updated DAO is not received. The DCO generated in this case would start invalidating the segments along these paths on which the updated DAOs are not received. But once the DAO reaches these segments, the routing state would be updated along thesesegments andsegments; this should not lead to any inconsistent routingstate.states. </t> <t> Note that there is no requirement for synchronization between a DCO and DAOs. The DelayDCO timer simply ensures thattheDCO control overhead can be reduced and is only needed when the network contains nodes using multiple preferredparent.parents. </t> </section> </section> </section> <sectionanchor="Acknowledgments" title="Acknowledgments"> <t> Many thanks to Alvaro Retana, Cenk Gundogan, Simon Duquennoy, Georgios Papadopoulous, Peter Van Der Stok for their review and comments. Alvaro Retana helped shape this document's final version with critical review comments. </t> </section> <!-- Possibly a 'Contributors' section ... --> <sectionanchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t> IANAis requested to allocate newhas allocated codes for the DCO and DCO-ACK messages from theRPL"RPL ControlCodesCodes" registry. </t><texttable title=""> <ttcol align='center'>Code</ttcol> <ttcol align='center'>Description</ttcol> <ttcol align='center'>Reference</ttcol> <c>TBD1</c> <c>Destination<table align="center"> <name>New Codes for DCO and DCO-ACK Messages</name> <thead> <tr> <th align="center">Code</th> <th align="center">Description</th> <th align="center">Reference</th> </tr> </thead> <tbody> <tr> <td align="center">0x07</td> <td align="center">Destination CleanupObject</c> <c>This document</c> <c>TBD2</c> <c>DestinationObject</td> <td align="center">This document</td> </tr> <tr> <td align="center">0x08</td> <td align="center">Destination Cleanup ObjectAcknowledgment</c> <c>This document</c> <c>TBD3</c> <c>SecureAcknowledgment</td> <td align="center">This document</td> </tr> <tr> <td align="center">0x87</td> <td align="center">Secure Destination CleanupObject</c> <c>This document</c> <c>TBD4</c> <c>SecureObject</td> <td align="center">This document</td> </tr> <tr> <td align="center">0x88</td> <td align="center">Secure Destination Cleanup ObjectAcknowledgment</c> <c>This document</c> </texttable>Acknowledgment</td> <td align="center">This document</td> </tr> </tbody> </table> <t> IANAis requested to allocatehas allocated bit 1 from theTransit"Transit Information OptionFlagsFlags" registry for the 'I' flag(<xref target="transit_opt_changes"/>)(Invalidate previous route; see <xref target="transit_opt_changes" format="default"/>). </t> <sectiontitle="Newnumbered="true" toc="default"> <name>New Registry for the Destination Cleanup Object (DCO)Flags"> <t> IANA is requested to create a registry for the 8-bit Destination Cleanup Object (DCO) Flags field. This registry should be located in existing category of "Routing Protocol for Low Power and Lossy Networks (RPL)". </t> <t> New bit numbers may be allocated only by an IETF Review. Each bit is tracked with the following qualities: </t> <t> <list style="symbols"> <t>Bit number (counting from bit 0 as the most significant bit)</t> <t>Capability description</t> <t>Defining RFC</t> </list> </t> <t> The following bits are currently defined: </t> <texttable title="DCO Base Flags"> <ttcol align='center'>Bit number</ttcol> <ttcol align='center'>Description</ttcol> <ttcol align='center'>Reference</ttcol> <c>0</c> <c>DCO-ACK request (K)</c> <c>This document</c> <c>1</c> <c>DODAGID field is present (D)</c> <c>This document</c> </texttable> </section> <section title="New Registry for the Destination Cleanup Object Acknowledgment (DCO-ACK) Status field">Flags</name> <t>IANA is requested to createIANA has created a registry for the 8-bit Destination Cleanup ObjectAcknowledgment (DCO-ACK) Status(DCO) Flags field.ThisThe "Destination Cleanup Object (DCO) Flags" registryshould beis located inexisting category ofthe "Routing Protocol for Low Power and Lossy Networks(RPL)".(RPL)" registry. </t> <t> NewStatus valuesbit numbers may be allocated only byanIETFReview.Review <xref target="RFC8126"/>. Eachvaluebit is tracked with the following qualities: </t><t> <list style="symbols"> <t>Status Code</t> <t>Description</t> <t>Defining RFC</t> </list> </t><ul spacing="normal"> <li>Bit number (counting from bit 0 as the most significant bit)</li> <li>Capability description</li> <li>Defining RFC</li> </ul> <t> The followingvaluesbits are currently defined: </t><texttable title="DCO-ACK Status Codes"> <ttcol align='center'>Status Code</ttcol> <ttcol align='center'>Description</ttcol> <ttcol align='center'>Reference</ttcol> <c>0</c> <c>Unqualified acceptance</c> <c>This document</c> <c>1</c> <c>No routing-entry for the indicated Target found</c> <c>This document</c> </texttable><table align="center"> <name>DCO Base Flags</name> <thead> <tr> <th align="center">Bit number</th> <th align="center">Description</th> <th align="center">Reference</th> </tr> </thead> <tbody> <tr> <td align="center">0</td> <td align="center">DCO-ACK request (K)</td> <td align="center">This document</td> </tr> <tr> <td align="center">1</td> <td align="center">DODAGID field is present (D)</td> <td align="center">This document</td> </tr> </tbody> </table> </section> <sectiontitle="Newnumbered="true" toc="default"> <name>New Registry for the Destination Cleanup Object (DCO) AcknowledgmentFlags">Flags</name> <t> IANAis requested to createhas created a registry for the 8-bit Destination Cleanup Object (DCO) Acknowledgment Flags field.ThisThe "Destination Cleanup Object (DCO) Acknowledgment Flags" registryshould beis located inexisting category ofthe "Routing Protocol for Low Power and Lossy Networks(RPL)".(RPL)" registry. </t> <t> New bit numbers may be allocated only byanIETFReview.Review <xref target="RFC8126"/>. Each bit is tracked with the following qualities: </t><t> <list style="symbols"> <t>Bit<ul spacing="normal"> <li>Bit number (counting from bit 0 as the most significantbit)</t> <t>Capability description</t> <t>Defining RFC</t> </list> </t>bit)</li> <li>Capability description</li> <li>Defining RFC</li> </ul> <t> The followingbits arebit is currently defined: </t><texttable title="DCO-ACK<table align="center"> <name>DCO-ACK BaseFlags"> <ttcol align='center'>Bit number</ttcol> <ttcol align='center'>Description</ttcol> <ttcol align='center'>Reference</ttcol> <c>0</c> <c>DODAGIDFlag</name> <thead> <tr> <th align="center">Bit number</th> <th align="center">Description</th> <th align="center">Reference</th> </tr> </thead> <tbody> <tr> <td align="center">0</td> <td align="center">DODAGID field is present(D)</c> <c>This document</c> </texttable>(D)</td> <td align="center">This document</td> </tr> </tbody> </table> </section> <section anchor="rpl_reject_status" numbered="true" toc="default"> <name>RPL Rejection Status Values</name> <t> This document adds a new status value to the "RPL Rejection Status" subregistry initially created per <xref target="RFC9010" sectionFormat="of" section="12.6"/>. </t> <table align="center"> <name>Rejection Value of the RPL Status</name> <thead> <tr> <th align="center">Value</th> <th align="center">Meaning</th> <th align="center">Reference</th> </tr> </thead> <tbody> <tr> <td align="center">1</td> <td align="center">No routing entry</td> <td align="center">This document</td> </tr> </tbody> </table> </section> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t> This document introduces the ability for a common ancestor node to invalidate a route on behalf of the target node. The common ancestor node could be directed to do so by the targetnodenode, using the 'I' flag in a DCO's Transit InformationOption.option. However, the common ancestor node is in a position to unilaterally initiate the routeinvalidationinvalidation, since it possesses all the required state information, namely, the TargetaddressAddress and the corresponding Path Sequence.ThusThus, a rogue common ancestor node could initiate such an invalidation and impact the traffic to the target node. </t> <t> The DCO carries a RPL Status value, which is informative. New Status values may be created overtimetime, and a node will ignore an unknown Status value. This enables the RPL Status field to be used as a cover channel. But the channel only worksonceonce, since the message destroys its own medium,that isi.e., the existing route that it is removing. </t> <t> This document also introduces an 'I'flagflag, which is set by the target node and used by the ancestor node to initiate a DCO if the ancestor sees an update in therouterouting adjacency. However, this flag could be spoofed by a malicious 6LR in the path and can cause invalidation of an existing active path. Note that invalidation willhappenwork only if theother conditions such asPath Sequence condition is alsomet.met for the target for which the invalidation is attempted. Having said that, such a malicious 6LR may spoof a DAO on behalf of the (sub) child with the 'I' flag set and can cause route invalidation on behalf of the (sub) child node. Notethat,that by using existing mechanisms offered by <xreftarget="RFC6550"/>,target="RFC6550" format="default"/>, a malicious 6LR might also spoof a DAO with a lifetime of zero or otherwise cause denial of service by dropping traffic entirely, so the new mechanism described in this document does not present a substantially increased risk of disruption. </t> <t> This document assumes that the security mechanisms as defined in <xreftarget="RFC6550"/>target="RFC6550" format="default"/> are followed, which means that the common ancestor node and all the 6LRs are part of the RPL network because they have the required credentials. A non-secure RPL network needs to take into consideration the risks highlighted in this section as well as those highlighted in <xreftarget="RFC6550"/>.target="RFC6550" format="default"/>. </t> <t> All RPL messages support a secure version ofmessages whichmessages; this allows integrity protection using either aMACMessage Authentication Code (MAC) or a signature. Optionally, secured RPL messages also have encryption protection for confidentiality. </t> <t>TheThis document adds new messages(DCO,(DCO and DCO-ACK)whichthat are syntactically similar to existing RPL messages such asDAO,DAO and DAO-ACK. Secure versions of DCO and DCO-ACK messages are added in a way that is similar to the technique used for other RPL messages (such asDAO,DAO and DAO-ACK). </t> <t> RPL supports three securitymodesmodes, as mentioned inSection 10.1 of<xreftarget="RFC6550"/>: <list style="numbers"> <t> Unsecured: Intarget="RFC6550" section="10.1" sectionFormat="of"/>: </t> <dl newline="false" spacing="normal"> <dt>Unsecured:</dt><dd>In this mode, it is expected that the RPL control messages are secured by other security mechanisms, such as link-layer security. In this mode, the RPL control messages, includingDCO, DCO-ACK,DCO and DCO-ACK messages, do not have Security sections. Also note that unsecured mode does not imply that all messages are sent without anyprotection. </t> <t> Preinstalled: In this mode, RPL uses secure messages. Thus secure versions of DCO, DCO-ACK MUST be used in this mode. </t> <t> Authenticated: Inprotection.</dd> <dt>Preinstalled:</dt><dd>In this mode, RPLuses secure messages. Thus secure versions of DCO, DCO-ACK MUST be used in this mode. </t> </list> </t> </section> </middle> <back> <!-- References split into informative and normative --> <!-- There are 2 ways to insert reference entries from the citation libraries: 1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown) 2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here (for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml") Both are cited textually in the same manner: by using xref elements. If you use the PI option, xml2rfc will, by default, try to find included files in the same directory as the including file. You can also define the XML_LIBRARY environment variable with a value containing a setuses secure messages. Thus, secure versions ofdirectories to search. These canDCO and DCO-ACK messages <bcp14>MUST</bcp14> beeitherused inthe local filing system or remote ones accessed by http (http://domain/dir/... ).--> <references title="Normative References"> <!--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?--> &RFC6550; &RFC2119; &RFC8174; <?rfc include='reference.I-D.ietf-roll-unaware-leaves.xml'?>this mode.</dd> <dt>Authenticated:</dt><dd>In this mode, RPL uses secure messages. Thus, secure versions of DCO and DCO-ACK messages <bcp14>MUST</bcp14> be used in this mode.</dd> </dl> </section> </middle> <back> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6550.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8505.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> <!-- draft-ietf-roll-unaware-leaves (RFC 9010) --> <reference anchor='RFC9010' target="https://www.rfc-editor.org/info/rfc9010"> <front> <title>Routing for RPL (Routing Protocol for Low-Power and Lossy Networks) Leaves</title> <author initials='P' surname='Thubert' fullname='Pascal Thubert' role="editor"> <organization /> </author> <author initials='M' surname='Richardson' fullname='Michael Richardson'> <organization /> </author> <date month='April' year='2021' /> </front> <seriesInfo name="RFC" value="9010"/> <seriesInfo name="DOI" value="10.17487/RFC9010"/> </reference> </references> <section anchor="app-additional"title="Example Messaging"> <section title="Examplenumbered="true" toc="default"> <name>Example Messaging</name> <section numbered="true" toc="default"> <name>Example DCOMessaging">Messaging</name> <t> In<xref target="sample_top"/>, node (D)this example, Node D (<xref target="sample_top" format="default"/>) switches its parent from(B)B to(C).C. This example assumes that Node D has already established its own route via Node B-G-A-6LBR using pathseq=x. The example uses DAO and DCO messagingconventionconventions and specifies only the required parameters to explain theexampleexample, namely, the parameter 'tgt', which stands forTarget Option and"Target option"; the value of this parameter specifies the address of the target node. The parameter'pathseq', which'pathseq' specifies the Path Sequence value carried in the Transit InformationOption. Theoption, and the parameter 'I_flag' specifies the 'I' flag in the Transit InformationOption.option. The sequence of actions is as follows:<list style="numbers"> <t>Node</t> <ol spacing="normal" type="1"><li>Node D switches its parent fromnodeNode B tonode C</t> <t>DNode C.</li> <li>D sends a regular DAO(tgt=D,pathseq=x+1,I_flag=1) in the updated path toC</t> <t>CC.</li> <li>C checks for a routing entry on behalf ofD,D; since it cannot find an entry on behalf ofDD, it creates a new routing entry and forwards the reachability information of the target D to H in aDAO(tgt=D,pathseq=x+1,I_flag=1).</t> <t>SimilarDAO(tgt=D,pathseq=x+1,I_flag=1).</li> <li>Similar to C,nodeNode H checks for a routing entry on behalf of D, cannot find anentryentry, and hence creates a new routing entry and forwards the reachability information of the target D to A in aDAO(tgt=D,pathseq=x+1,I_flag=1).</t> <t>DAO(tgt=D,pathseq=x+1,I_flag=1).</li> <li> Node A receives theDAO(tgt=D,pathseq=x+1,I_flag=1),DAO(tgt=D,pathseq=x+1,I_flag=1) and checks for a routing entry on behalf of D. It finds a routing entry but checks that the next hop for target D is different (i.e., Node G). Node A checks the I_flag and generates the DCO(tgt=D,pathseq=x+1) to the previous next hop for targetDD, which is G. Subsequently, Node A updates the routing entry and forwards the reachability information of target D upstream using the DAO(tgt=D,pathseq=x+1,I_flag=1).</t> <t></li> <li> Node G receives the DCO(tgt=D,pathseq=x+1). It checks to see if the receivedpath sequencePath Sequence is later than the storedpath sequence.Path Sequence. If it is later, Node G invalidates the routing entry of target D and forwards the (un)reachability information downstream to B in the DCO(tgt=D,pathseq=x+1).</t> <t></li> <li> Similarly, B processes the DCO(tgt=D,pathseq=x+1) by invalidating the routing entry of target D and forwards the (un)reachability information downstream to D.</t> <t></li> <li> D ignores theDCO(tgt=D,pathseq=x+1)DCO(tgt=D,pathseq=x+1), since the target is itself.</t> <t></li> <li> The propagation of the DCO will stop at any node where the node does not haveanrouting information associated with the target. If cached routing information is present and the cached Path Sequence is higher than the value in the DCO, then the DCO is dropped.</t> </list> </t></li> </ol> </section> <sectiontitle="Examplenumbered="true" toc="default"> <name>Example DCO Messaging with Multiple Preferred Parents</name> <t> As shown in <xref target="sample_top_mpp" format="default"/>, node (N41) selects multiple preferredparents"> <t>parents (N32) and (N33). The sequence of actions is listed below the figure. </t> <figurealign="center" anchor="sample_top_mpp" title="Sample topology 2">anchor="sample_top_mpp"> <name>Sample Topology 2</name> <artworkalign="center"><![CDATA[align="center" name="" type="" alt=""><![CDATA[ (6LBR) | | | (N11) / \ / \ / \ (N21) (N22) / / \ / / \ / / \ (N31) (N32) (N33) : | / : | / : | /(N41) ]]></artwork>(N41)]]></artwork> </figure></t> <t> In <xref target="sample_top_mpp"/>, node (N41) selects multiple preferred parents (N32) and (N33). The sequence of actions is as follows: <list style="numbers"> <t><ol spacing="normal" type="1"><li> (N41) sends a DAO(tgt=N41,PS=x,I_flag=1) to (N32) and (N33).Here I_flagHere, 'I_flag' refers to the Invalidationflagflag, andPS'PS' refers to the Path Sequence in the Transit Information option.</t> <t></li> <li> (N32) sends the DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N33) also sends the DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N22) learns multiple routes for the same destination (N41) through multiplenext-hops.next hops. (N22) may receive the DAOs from (N32) and (N33) in any order with the I_flag set. The implementation should use the DelayDCO timer to wait to initiate the DCO. If (N22) receives an updated DAO from all thepathspaths, then the DCO need not be initiated in this case.ThusThus, therouterouting table at N22 should contain (Dst,NextHop,PS): { (N41,N32,x), (N41,N33,x) }.</t> <t></li> <li> (N22) sends the DAO(tgt=N41,PS=x,I_flag=1) to (N11).</t> <t></li> <li> (N11) sends the DAO(tgt=N41,PS=x,I_flag=1) to (6LBR).ThusThus, the complete path is established.</t> <t></li> <li> (N41) decides to change the preferred parent set from{ N32, N33 }{ N32, N33 } to { N31, N32 }.</t> <t></li> <li> (N41) sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N32). (N41) sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N31).</t> <t></li> <li> (N32) sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N22). (N22) has multiple routes to destination (N41). It sees that a new Path Sequence for Target=N41 is received and thusitwaits forpre-determineda predetermined time period(DelayDCO(the DelayDCO time period) to invalidate another route{(N41),(N33),x}. After{ (N41),(N33),x }. After the time period, (N22) sends the DCO(tgt=N41,PS=x+1) to (N33). Also (N22) sends the regular DAO(tgt=N41,PS=x+1,I_flag=1) to (N11).</t> <t></li> <li> (N33) receives the DCO(tgt=N41,PS=x+1). The received Path Sequence is the latest and thusitinvalidates the entry associated with the target (N41). (N33) then sends the DCO(tgt=N41,PS=x+1) to (N41). (N41) sees itself as the target and drops the DCO.</t> <t></li> <li> From Step 6 above, (N31) receives the DAO(tgt=N41,PS=x+1,I_flag=1). It creates a routing entry and sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N21).SimilarlySimilarly, (N21) receives the DAO and subsequently sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N11).</t> <t></li> <li> (N11) receives the DAO(tgt=N41,PS=x+1,I_flag=1) from (N21). It waits for the DelayDCOtimertimer, since it has multiple routes to (N41). (N41) will receive the DAO(tgt=N41,PS=x+1,I_flag=1) from (N22) from Step 7 above.ThusThus, (N11) has received the regular DAO(tgt=N41,PS=x+1,I_flag=1) from all paths and thus does not initiate the DCO.</t> <t></li> <li> (N11) forwards the DAO(tgt=N41,PS=x+1,I_flag=1) to6LBR(6LBR), and the full path is established.</t> </list></t></li> </ol> </section> </section> <section anchor="Acknowledgments" numbered="false" toc="default"> <name>Acknowledgments</name> <t> Many thanks to <contact fullname="Alvaro Retana"/>, <contact fullname="Cenk Gundogan"/>, <contact fullname="Simon Duquennoy"/>, <contact fullname="Georgios Papadopoulos"/>, and <contact fullname="Peter van der Stok"/> for their review and comments. <contact fullname="Alvaro Retana"/> helped shape this document's final version with critical review comments. </t> </section> </back> </rfc>