<?xmlversion='1.0' encoding='utf-8'?>version="1.0" encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent"><?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="no"?> <?rfc subcompact="no"?> <?rfc authorship="yes"?> <?rfc tocappendix="yes"?><rfc xmlns:xi="http://www.w3.org/2001/XInclude"category="std"ipr='trust200902' tocInclude="true"updates='6550,6775,8505'symRefs="true" sortRefs="true" updates='6550, 6775, 8505' obsoletes=""consensus="true"submissionType="IETF" category="std" consensus="true" xml:lang="en" version="3" docName="draft-ietf-roll-unaware-leaves-30"> <!-- updates='draft-ietf-roll-efficient-npdao,6550, 8505' consensus="true" submissionType="IETF" -->number="9010"> <front> <titleabbrev='RPL Unawareabbrev='RPL-Unaware Leaves'>Routing for RPLLeaves</title>(Routing Protocol for Low-Power and Lossy Networks) Leaves</title> <seriesInfo name="RFC" value="9010"/> <author initials='P' surname='Thubert' fullname='Pascal Thubert' role='editor'> <organization abbrev='Cisco Systems'>Cisco Systems,Inc</organization>Inc.</organization> <address> <postal> <street>Building D</street> <street>45 Allee des Ormes - BP1200 </street><city>Mougins<city>MOUGINS - Sophia Antipolis</city> <code>06254</code> <country>France</country> </postal> <phone>+33 497 23 26 34</phone> <email>pthubert@cisco.com</email> </address> </author> <author fullname='Michael C. Richardson' initials='M.' surname='Richardson'> <organization abbrev='Sandelman'>Sandelman Software Works</organization> <address> <email>mcr+ietf@sandelman.ca</email><uri>http://www.sandelman.ca/</uri><uri>https://www.sandelman.ca/</uri> </address> </author><date/> <area>Routing</area> <workgroup>ROLL</workgroup><date year="2021" month="April"/> <keyword>IPv6</keyword> <keyword>ND</keyword> <keyword>Redistribution</keyword> <abstract> <t> This specificationupdates RFC6550, RFC6775, and RFC8505. Itprovides a mechanism for a host that implements a routing-agnostic interface based on6LoWPANIPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor Discovery to obtain reachability services across a network that leveragesRFC6550RFC 6550 for its routing operations. It updates RFCs 6550, 6775, and 8505. </t> </abstract> </front> <middle> <section anchor='introduction'><name>Introduction</name> <t>The design ofLow PowerLow-Power and Lossy Networks (LLNs) is generally focused on saving energy, which is the most constrained resource of all. Other design constraints, such as a limited memory capacity, duty cycling of the LLNdevicesdevices, and low-power lossy transmissions, derive from that primary concern. </t> <t>The IETF producedthe"<xref target="RFC6550" format="title"/>" <xreftarget='RFC6550'>"Routing Protocol for Low Power and Lossy Networks"</xref> (RPL)target="RFC6550" format="default"/> to provide routing services for IPv6 <xref target='RFC8200'/>routing serviceswithin such constraints. RPL belongs to the class ofDistance-Vector protocols,distance-vector protocols -- which, compared to link-state protocols, limit the amount of topological knowledge that needs to be installed and maintained in eachnode,node -- and does not require convergence to avoid micro-loops. </t> <t> To save signaling and routing state in constrained networks, RPL allows a path stretch (see <xref target='RFC6687'/>), whereby routing is only performed along a Destination-Oriented Directed Acyclic Graph (DODAG) that is optimized to reach aRootroot node, as opposed to along the shortest path between2two peers, whatever that would mean in a given LLN. This trades the quality of peer-to-peer (P2P) paths for a vastly reduced amount of control traffic and routing state that would be required to operate an any-to-anyshortest pathshortest-path protocol. Additionally, broken routes may be fixed lazily andon-demand,on demand, based ondataplanedata-plane inconsistency discovery, which avoids wasting energy in the proactive repair of unused paths. </t> <t> For many of the nodes, though not all, the DODAG provides multiple forwarding solutions towards theRootroot of the topology via so-called parents. RPLis designedinstalls the routes proactively, but to adapt to fuzzyconnectivity,connectivity -- whereby the physical topology cannot be expected to reach a stablestate, withstate -- it uses a lazycontrolroute maintenance operation thatcreates the routes proactively, butmay only fix them reactively, upon actual traffic. The result is that RPL provides reachability for most of the LLN nodes, most of the time, but may not converge in the classical sense. </t><!--t> <xref target='RFC6550'/> provides unicast and multicast routing services to RPL-Aware nodes (RANs), either as a collection tree for outwards traffic only, or with routing back to the devices as well. In the latter case, a RAN injects routes to itself using Destination Advertisement Object (DAO) messages sent either to parent-nodes, in the RPL Storing Mode, or to the Root indicating their parent, in the Non-Storing Mode. This process effectively forms a DODAG back to the device that is a subset of the DODAG to the Root with all links reversed. </t--><t> RPL can be deployed in conjunction with IPv6 Neighbor Discovery (ND) <xref target='RFC4861'/> <xref target='RFC4862'/> and6LoWPANIPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) ND <xref target='RFC6775'/> <xref target='RFC8505'/> to maintain reachability within a Non-BroadcastMultiple-AccessMulti-Access (NBMA)Multi-Linkmulti-link subnet. </t> <t> In that mode, IPv6 addresses are advertised individually as host routes. Some nodes may act as routers and participate in the forwardingoperationsoperations, whereas others will only receive/originate packets, acting as hosts in thedata-plane. Indata plane. Per the terminology of <xreftarget='RFC6550'/> terms,target='RFC6550'/>, an IPv6 host <xref target='RFC8504'/> that is reachable over the RPL network is called aleaf."leaf". </t> <t>Section 2 of<xreftarget='I-D.ietf-roll-useofrplinfo'/>target="RFC9008" sectionFormat="of" section="2"/> defines the termsRPL leaf, RPL-Aware-leaf (RAL)"RPL leaf", "RPL-Aware Leaf" (RAL), andRPL-Unaware Leaf"RPL-Unaware Leaf" (RUL). A RPL leaf is a host attached to one or more RPLrouter(s);routers; as such, it relies on the RPL router(s) to forward its traffic across the RPL domain but does not forward traffic from another node. As opposed to the RAL, the RUL does not participateto RPL,in RPL and relies on its RPL router(s)alsoto also inject the routes to its IPv6 addresses in the RPL domain. </t> <t> A RUL may be unable to participate because it is veryenergy-constrained,energy constrained or code-space constrained, or because it would be unsafe to let it inject routes in RPL. Using 6LoWPAN ND as opposed to RPL as the host-to-router interface limits the surface of the possible attacks by the RUL against the RPL domain. If all RULs andRANsRPL-Aware Nodes (RANs) use 6LoWPAN ND forNeighbor Discovery,the neighbor discovery process, it is also possible to protect the address ownership of all nodes, including the RULs. </t> <t> This document specifies how the router injects the host routes in the RPL domain on behalf of the RUL. <xref target='prereq'/> details how the RUL can leverage 6LoWPAN ND to obtain the routing services from the router. In that model, the RUL is also a 6LoWPAN Node (6LN) and theRPL-AwareRPL-aware router is also a 6LoWPAN Router (6LR). Using the 6LoWPAN ND Address Registration mechanism, the RUL signals that the router must inject a host route for the Registered Address. </t> <figure anchor='injectfig'><name>Injecting Routes onbehalfBehalf of RULs</name><artwork><artwork><![CDATA[ ------+--------- | Internet | +-----+ | |<-------------<------------- 6LBR / RPL DODAG Root +-----+ ^ | | o o o o | RPL o o o o o o o o | o o o o o o o o o o | + o o o o o o o | o o o o o o o o o | 6LoWPAN ND o o o o o o | o o o o v o o o<-------------<------------- 6LR / RPL BorderrouterRouter ^ | 6LoWPAN ND only v u<-------------<------------- 6LN / RPL-UnawareLeaf </artwork>Leaf]]></artwork> </figure> <t> The RPL Non-StoringModemode mechanism is used to extend the routing state with connectivity to the RULs even when the DODAG is operated in StoringMode.mode. The unicastpacket forwardingpacket-forwarding operation by the 6LR serving a RUL is described insection 4.1 of<xreftarget='I-D.ietf-roll-useofrplinfo'/>.target="RFC9008" sectionFormat="of" section="4.1.1"/>. </t> <t> Examples of possible RULs include severelyenergy constrainedenergy-constrained sensors such as window smashsensorsensors (alarmsystem),system) and kinetically powered light switches. Other applications of this specification may include a smart grid network that controls appliances--- such as washing machines or the heating system--- in the home. Appliances may not participatetoin the RPL protocol operated in theSmartgridsmart grid network but can still interact with theSmartgridsmart grid for control and/or metering. </t> <t> This specification can be deployed incrementally in a network that implements <xreftarget='I-D.ietf-roll-useofrplinfo'/>.target='RFC9008'/>. Only theRootroot and the 6LRs that connect the RULs need to be upgraded. The RPL routers on the path will only see unicast IPv6 traffic between theRootroot and the 6LR. </t> <t> This document is organized as follows: </t> <ul spacing='normal'> <li> Sections <xreftarget='prereqv6'/>target='prereqv6' format="counter"/> and <xreftarget='lpnd'/>target='lpnd' format="counter"/> present in a non-normative fashion the salient aspects of RPL and 6LoWPAN ND, respectively, that are leveraged in this specification to provide connectivity to a 6LN acting as a RUL across a RPL network. </li> <li> <xref target='prereq'/> lists the requirements that a RUL needs to match in order to be served by a RPL router that complies with this specification. </li> <li> <xref target='upd'/> presents the changes made to <xref target='RFC6550'/>; a new behavior is introduced whereby the 6LR advertises the 6LN's addresses in a RPLDAODestination Advertisement Object (DAO) message based on the ND registration by the 6LN, and the RPL DODAG root performs theEDAR/EDACExtended Duplicate Address Request / Extended Duplicate Address Confirmation (EDAR/EDAC) exchange with the 6LoWPAN Border Router (6LBR) on behalf of the 6LR; modifications are introduced to some RPL options and to the RPL Status to facilitate the integration of the protocols. </li> <li> <xref target='updnpdao'/> presents the changes made to <xreftarget='I-D.ietf-roll-efficient-npdao'/>;target='RFC9009'/>; the use of theDCODestination Cleanup Object (DCO) message is extended to the Non-StoringMOP to report asynchronous issuesRPL Mode of Operation (MOP) to report asynchronous issues from theRootroot to the 6LR. </li> <li> <xref target='upd2'/> presents the changes made to <xref target='RFC6775'/> and <xref target='RFC8505'/>;Thethe range of theND status codesAddress Registration Option / Extended Address Registration Option (ARO/EARO) Status values is reduceddownto 64 values, and the remaining bits in the original status field are now reserved. </li> <li> Sections <xreftarget='op'/>target='op' format="counter"/> and <xreftarget='multiop'/>target='multiop' format="counter"/> present the operation of this specification for unicast and multicast flows, respectively, and <xref target='security-considerations'/> presents associated security considerations. </li> </ul> </section> <section><name>Terminology</name> <section anchor='bcp'><name>Requirements Language</name><t> The<t>The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xreftarget='RFC2119'/>target="RFC2119"/> <xreftarget='RFC8174'/>target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere. </t>here.</t> </section><!-- end section "Requirements Language" --><section anchor='gloss'><name>Glossary</name> <t> This document uses the followingacronyms:abbreviations: </t><dl spacing='compact'><dt>6CIO:</dt><dd> 6LoWPAN<dt>6BBR:</dt><dd>6LoWPAN Backbone Router</dd> <dt>6CIO:</dt><dd>6LoWPAN Capability Indication Option</dd><dt>6LN:</dt><dd> 6LoWPAN<dt>6LBR:</dt><dd>6LoWPAN Border Router</dd> <dt>6LN:</dt><dd>6LoWPAN Node (aLow Powerlow-power host orrouter) </dd> <dt>6LR:</dt><dd> 6LoWPAN router </dd> <dt>6LBR:</dt><dd> 6LoWPAN Border router </dd> <dt>(E)ARO:</dt><dd> (Extended) Addressrouter)</dd> <dt>6LoRH:</dt><dd>6LoWPAN Routing Header</dd> <dt>6LoWPAN:</dt><dd>IPv6 over Low-Power Wireless Personal Area Network</dd> <dt>6LR:</dt><dd>6LoWPAN Router</dd> <dt>AP-ND:</dt><dd>Address-Protected Neighbor Discovery</dd> <dt>ARO:</dt><dd>Address RegistrationOption </dd> <dt>(E)DAR:</dt><dd> (Extended) DuplicateOption</dd> <dt>DAC:</dt><dd>Duplicate AddressRequest </dd> <dt>(E)DAC:</dt><dd> (Extended) DuplicateConfirmation</dd> <dt>DAD:</dt><dd>Duplicate AddressConfirmation </dd> <dt>DAD:</dt><dd> Duplicate Address Detection </dd> <dt>DAO:</dt><dd> DestinationDetection</dd> <dt>DAO:</dt><dd>Destination Advertisement Object (a RPLmessage) </dd> <dt>DCO:</dt><dd> Destinationmessage)</dd> <dt>DAR:</dt><dd>Duplicate Address Request</dd> <dt>DCO:</dt><dd>Destination Cleanup Object (a RPLmessage) </dd> <dt>DIO:</dt><dd> DODAGmessage)</dd> <dt>DIO:</dt><dd>DODAG Information Object (a RPLmessage) </dd> <dt>DODAG:</dt><dd> Destination-Orientedmessage)</dd> <dt>DODAG:</dt><dd>Destination-Oriented Directed AcyclicGraph </dd> <dt>LLN:</dt><dd> Low-PowerGraph</dd> <dt>EARO:</dt><dd>Extended Address Registration Option</dd> <dt>EDAC:</dt><dd>Extended Duplicate Address Confirmation</dd> <dt>EDAR:</dt><dd>Extended Duplicate Address Request</dd> <dt>EUI:</dt><dd>Extended Unique Identifier</dd> <dt>LLN:</dt><dd>Low-Power and LossyNetwork </dd> <dt>MOP:</dt><dd> RPLNetwork</dd> <dt>MLD:</dt><dd>Multicast Listener Discovery</dd> <dt>MOP:</dt><dd>RPL Mode ofOperation </dd> <dt>NA:</dt><dd> Neighbor Advertisement </dd> <dt>NCE:</dt><dd> NeighborOperation</dd> <dt>NA:</dt><dd>Neighbor Advertisement</dd> <dt>NBMA:</dt><dd>Non-Broadcast Multi-Access</dd> <dt>NCE:</dt><dd>Neighbor CacheEntry </dd> <dt>ND:</dt><dd> Neighbor Discovery </dd> <dt>NS:</dt><dd> Neighbor Solicitation </dd> <dt>RA:</dt><dd> router Advertisement </dd> <dt>ROVR:</dt><dd> Registration Ownership Verifier </dd> <dt>RPI:</dt><dd> RPL PacketEntry</dd> <dt>ND:</dt><dd>Neighbor Discovery</dd> <dt>NS:</dt><dd>Neighbor Solicitation</dd> <dt>PIO:</dt><dd>Prefix Information</dd> <dt>RAL:</dt><dd> RPL-aware Leaf </dd> <dt>RAN:</dt><dd> RPL-AwareOption</dd> <dt>RA:</dt><dd>Router Advertisement</dd> <dt>RAL:</dt><dd>RPL-Aware Leaf</dd> <dt>RAN:</dt><dd>RPL-Aware Node (either a RPL router or aRPL-aware Leaf) </dd> <dt>RUL:</dt><dd> RPL-UnawareRPL-Aware Leaf)</dd> <dt>RH3:</dt><dd>Routing Header for IPv6 (type 3)</dd> <dt>ROVR:</dt><dd>Registration Ownership Verifier</dd> <dt>RPI:</dt><dd>RPL Packet Information</dd> <dt>RPL:</dt><dd>Routing Protocol for Low-Power and Lossy Networks</dd> <dt>RUL:</dt><dd>RPL-Unaware Leaf</dd><dt>SRH:</dt><dd> Source-Routing<dt>SAVI:</dt><dd>Source Address Validation Improvement</dd> <dt>SLAAC:</dt><dd>Stateless Address Autoconfiguration</dd> <dt>SRH:</dt><dd>Source Routing Header</dd><dt>TID:</dt><dd> Transaction<dt>TID:</dt><dd>Transaction ID (a sequence counter in theEARO) </dd> <dt>TIO:</dt><dd> TransitEARO)</dd> <dt>TIO:</dt><dd>Transit Information Option</dd></dl><t> </t></dl> </section><!-- end section "Subset of a 6LoWPAN Glossary" --><sectionanchor='lo'><name>References</name>anchor='lo'><name>Related Documents</name> <t> TheTerminologyterminology used in this document is consistentwithwith, and incorporatesthat described inthe terms provided in, "<xref target="RFC7102" format="title"/>" <xreftarget='RFC7102'>"Terms Used in Routing for Low-Power and Lossy Networks (LLNs)"</xref>.target="RFC7102" format="default"/>. A glossary of classical 6LoWPANacronymsabbreviations is given in <xref target='gloss'/>. Other terms in use in LLNs are found in "<xref target="RFC7228" format="title"/>" <xreftarget='RFC7228'> "Terminology for Constrained-Node Networks"</xref>.target="RFC7228" format="default"/>. This specification uses the terms6LN"6LN" and6LR"6LR" to refer specifically to nodes that implement the 6LN and 6LR roles in 6LoWPAN ND and does not expect other functionality such as 6LoWPAN Header Compression <xref target='RFC6282'/> from those nodes. </t> <t>"RPL",the "RPL Packet Information" (RPI),"RPI", "RPL Instance" (indexed by a RPLInstanceID), "up", and "down" are defined in "<xref target="RFC6550" format="title"/>" <xreftarget='RFC6550'>"RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks"</xref>.target="RFC6550" format="default"/>. The RPI is the abstract information that RPL defines to be placed in data packets, e.g., as the RPL Option <xref target='RFC6553'/> within the IPv6 Hop-By-Hop Header. By extension, the term "RPI" is often used to refer to the RPL Option itself. TheDestination Advertisement Object (DAO)DAO andDODAG Information Object (DIO)DIO messages are also specified in <xref target='RFC6550'/>. TheDestination Cleanup Object (DCO)DCO message is defined in <xreftarget='I-D.ietf-roll-efficient-npdao'/>.target='RFC9009'/>. </t><t> This document uses the termsRPL-Unaware Leaf (RUL), RPL-Aware Node (RAN)"RUL", "RAN", andRPL aware Leaf (RAL)"RAL" consistently with <xreftarget='I-D.ietf-roll-useofrplinfo'/>.target='RFC9008'/>. A RAN is either a RAL or a RPL router. As opposed to a RUL, a RAN manages the reachability of its addresses and prefixes by injecting them in RPL by itself.</t><t></t> <t> In this document, readers will encounter terms and concepts that are discussed in the following documents: </t> <dl> <dt>Classical IPv6ND:</dt><dd>ND:</dt><dd>"<xref target="RFC4861" format="title"/>" <xref target="RFC4861" format="default"/> and "<xref target="RFC4862" format="title"/>" <xref target="RFC4862" format="default"/>,</dd> <dt>6LoWPAN:</dt><dd>"<xref target="RFC6606" format="title"/>" <xref target="RFC6606" format="default"/> and "<xref target="RFC4919" format="title"/>" <xreftarget='RFC4861'>"Neighbor Discovery for IP version 6" </xref> and <xref target='RFC4862'>"IPv6 Stateless Address Autoconfiguration" </xref>, </dd> <dt>6LoWPAN:</dt><dd> <xref target='RFC6606'>"Problem Statement and Requirements for IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Routing" </xref> and <xref target='RFC4919'>"IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals"</xref>,target="RFC4919" format="default"/>, and</dd> <dt>6LoWPANND:</dt><dd> <xref target='RFC6775'>Neighbor Discovery Optimization for Low-Power and Lossy Networks</xref>, <xref target='RFC8505'> "Registration Extensions for 6LoWPAN Neighbor Discovery"</xref>,ND:</dt><dd>"<xref target="RFC6775" format="title"/>" <xref target="RFC6775" format="default"/>, "<xref target="RFC8505" format="title"/>" <xref target="RFC8505" format="default"/>, "<xref target="RFC8928" format="title"/>" <xreftarget='RFC8928'> "Address Protected Neighbor Discovery for Low-power and Lossy Networks" </xref>,target="RFC8928" format="default"/>, and "<xref target="RFC8929" format="title"/>" <xreftarget='RFC8929'>"IPv6 Backbone Router"</xref>. </dd>target="RFC8929" format="default"/>.</dd> </dl> </section><!-- end section "References" --></section><!-- end section "Terminology" --><section anchor='prereqv6'><name>RPL External Routes andDataplaneData-Plane Artifacts</name> <t> RPL was initially designed to build stub networks whereby the only border router would be the RPLRootDODAG root (typicallycollocatedco-located with the 6LBR) and all the nodes in the stub would beRPL-Aware.RPL aware. But <xref target='RFC6550'/> was also prepared to be extended for external routes(targets("targets" in RPLparlance) withparlance), via the External'E'('E') flag in the Transit Information Option (TIO). External targetsenableprovide the ability to reach destinations that are outside the RPL domain and connected to the RPL domain via RPL border routers that are not theRoot. Section 4.1 ofroot. <xreftarget='I-D.ietf-roll-useofrplinfo'/>target="RFC9008" sectionFormat="of" section="4.1"/> provides a set of rulessummarized below(summarized below) that must be followed for routing packets to and from an external destination. A RUL is a special case of an external target that is also a host directly connected to the RPL domain. </t><t> A 6LR that acts as a border router for external routes advertises them using Non-StoringModemode DAO messages that are unicast directly to theRoot,root, even if the DODAG is operated in StoringMode.mode. Non-StoringModemode routes are not visible inside the RPLdomaindomain, and all packets are routed via theRoot.root. The RPLRootDODAG root tunnels the data packets directly to the 6LR that advertised the external route, which decapsulates and forwards the original (inner) packets. </t><t> The RPL Non-Storing MOP signaling and the associated IPv6-in-IPv6 encapsulated packets appear as normal traffic to the intermediate routers.The supportSupport of external routes only impacts theRootroot and the 6LR. It can be operated with legacy intermediate routers and does not add to the amount of state that must be maintained in those routers. A RUL is an example of a destination that is reachable via an external route that happens tobealso be a host route. </t><t> The RPL data packets typically carry a Hop-by-Hop Header with a RPL Option <xref target='RFC6553'/> that contains the RPI (the RPL PacketInformation (RPI)Information, as defined insection 11.2 of<xreftarget='RFC6550'/>.target="RFC6550" sectionFormat="of" section="11.2"/>). Unless the RUL already placed a RPL Option in the outer header chain, the packets from and to the RUL are encapsulated using an IPv6-in-IPv6 tunnel between theRootroot and the 6LR that serves the RUL (seesections 7Sections <xref target="RFC9008" section="7" sectionFormat="bare"/> and8<xref target="RFC9008" section="8" sectionFormat="bare"/> of <xreftarget='I-D.ietf-roll-useofrplinfo'/>target="RFC9008"/> for details). If the packet from the RUL has an RPI, the 6LR acting as a RPL border router rewrites the RPI to indicate the selected RPL Instance and set the flags, but it does not need to encapsulate the packet (see <xreftarget='lr'/>) .target='lr'/>). </t><t> In Non-StoringMode,mode, packets going down the DODAG carry a Source Routing Header (SRH). The IPv6-in-IPv6 encapsulation, theRPIRPI, and the SRH are collectively called the "RPL artifacts" and can be compressed using the method defined in <xref target='RFC8138'/>. <xref target='u8138'/> presents an example compressed format for a packet forwarded by theRootroot to a RUL in a StoringModemode DODAG. </t><t> The inner packet that is forwarded to the RUL may carry some RPL artifacts, e.g., an RPI if the original packet was generated with it, and an SRH in a Non-StoringModemode DODAG. <xreftarget='I-D.ietf-roll-useofrplinfo'/>target='RFC9008'/> expects the RUL to support the basic IPv6 node requirements per <xreftarget='RFC8504'>"IPv6 Node Requirements"</xref> andtarget='RFC8504'></xref> and, inparticularparticular, the mandates inSections 4.2Sections <xref target="RFC8200" section="4.2" sectionFormat="bare"/> and4.4<xref target="RFC8200" section="4.4" sectionFormat="bare"/> of <xreftarget='RFC8200'/>.target="RFC8200"/>. As such, the RUL is expected to ignore the RPL artifacts that may be leftover,over -- either an SRHwith zerowhose Segments Left is zero or a RPL Option in the Hop-by-HopHeader, whichHeader (which can be skipped when notrecognized,recognized; see <xreftarget='prereq'/>target='prereqv6hh'/> formore. <!-- The inner packet that is forwarded to the RUL may carry some RPL artifacts, e.g., an RPI if the original packet was generated with it, and an SRH in a Non-Storing Mode DODAG. [USEofRPLinfo] expects the RUL to support the basic "IPv6 Node Requirements" [RFC8504]. In particular the RUL is expected to ignore the RPL artifacts that are either consumed or not applicable to a host (e.g., a Hop-by-Hop Option). Such a host may not necessarily ignore IPv6-in-IPv6 encapsulation, which is dealt with below. -->details). </t><t> A RUL is not expected to support the compression method defined in <xref target='RFC8138'/>. For that reason, the border router (the 6LR here) uncompresses the packet before forwarding it over an external route to a RUL <xreftarget='I-D.ietf-roll-useofrplinfo'/>.target='RFC9008'/>. </t> </section><!-- end section "RPL External Routes and Dataplane Artifacts" --><section anchor='lpnd'><name>6LoWPAN Neighbor Discovery</name> <t> This section goes through the 6LoWPAN ND mechanisms that this specification leverages, as a non-normative reference to the reader. The full normative text is to be found in <xref target='RFC6775'/>, <xref target='RFC8505'/>, and <xref target='RFC8928'/>. </t> <sectionanchor='R6775'><name>RFC 6775 Address Registration</name>anchor='R6775'><name>Address Registration per RFC 6775</name> <t> The classical"IPv6IPv6 Neighbor Discovery (IPv6 ND)Protocol"protocol <xref target='RFC4861'/> <xref target='RFC4862'/> was defined for serial links and transit media such as Ethernet. It is a reactive protocol that relies heavily on multicast operations for Address Discovery (akaLookup)address lookup) and Duplicate Address Detection (DAD). </t><t> "<xref target="RFC6775" format="title"/>" <xreftarget='RFC6775'> "Neighbor Discovery Optimizations for 6LoWPAN networks"</xref>target="RFC6775" format="default"/> adapts IPv6 ND for operations over energy-constrained LLNs. The main functions of <xref target='RFC6775'/> are to proactively establish the Neighbor Cache Entry (NCE) in the 6LR and to prevent address duplication. To that effect, <xref target='RFC6775'/> introduces anewunicast Address Registration mechanism that contributes to reducing the use of multicast messages compared to the classical IPv6 ND protocol. </t><t><xref target='RFC6775'/>defines a newalso introduces the Address Registration Option(ARO) that(ARO), which is carried in the unicast Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages between the 6LoWPAN Node (6LN) and the 6LoWPAN router (6LR). It also defines the Duplicate Address Request (DAR) and Duplicate Address Confirmation (DAC) messages between the 6LR and the 6LBR). In an LLN, the 6LBR is the central repository of all the Registered Addresses in its domain and the source of truth for uniqueness and ownership.<!--There is no concept of registering the address for an external service. --></t> </section><!-- end section "RFC 6775" --><sectionanchor='R8505E'><name>RFC 8505 Extendedanchor='R8505E'><name>Extended AddressRegistration</name>Registration per RFC 8505</name> <t> "<xref target="RFC8505" format="title"/>" <xreftarget='RFC8505'> "Registration Extensions for 6LoWPAN Neighbor Discovery"</xref>target="RFC8505" format="default"/> updatesRFC 6775 intoRFC 6775 with a generic Address Registration mechanism that can be used to access services such as routing and NDproxy.proxy functions. To that effect, <xref target='RFC8505'/> defines the Extended Address Registration Option (EARO), as shown in <xref target='EARO'/>: </t> <figure anchor='EARO'><name>EAROOptionFormat</name> <artwork align="center"> <![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Status | Opaque | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Rsvd | I |R|T| TID | Registration Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ... Registration Ownership Verifier (ROVR) ... | |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <section anchor='R8505ER'><name>R Flag</name> <t> <xref target='RFC8505'/> introduces the RFlagflag in the EARO. The Registering Node sets the RFlagflag to indicate whether the 6LR should ensure reachability for the Registered Address. If the RFlagflag is set to 0, then the Registering Node handles the reachability of the Registered Address by other means. In a RPL network, this means that either it is a RAN that injects the route by itself orthatit uses another RPL router for reachability services. </t><t> This document specifies how the RFlagflag is used in the context of RPL. A RPL leaf that implements the 6LN functionality from <xref target='RFC8505'/> requires reachability services for an IPv6 address if and only if it sets the RFlagflag in the NS(EARO) used to register the address to a 6LR acting as a RPL border router. Upon receiving the NS(EARO), the RPL router generates a DAO message for the Registered Address if and only if the R flag is set to 1. </t><t> <xref target='oper'/> specifies additional operations when the R flag is set to 1 in an EARO that is placedeitherin either an NS message or an NA message. </t> </section><!-- end section "R Flag" --><section anchor='R8505ETID'><name>TID, "I"FieldField, and OpaqueFields</name>Field</name> <t> When the TFlagflag is set to 1, the EARO includes a sequence counter calledTransaction IDthe "Transaction ID" (TID),thatwhich is needed to fill the Path SequenceFieldfield in the RPL TransitOption. This is the reason why theInformation Option (TIO). For this reason, support of <xref target='RFC8505'/> by the RUL, as opposed to only <xref target='RFC6775'/>, is a prerequisite for thisspecification);specification; this requirement is fully explained in <xref target='prereq6lp'/>. The EARO also transports an Opaque field and an associated "I" field that describes what the Opaque field transports and how to use it. </t><t> <xref target='ln'/> specifies the use of the "I" field and the Opaque field by a RUL. </t> </section><!-- end section "TID, I Field and Opaque Fields" --><section anchor='R8505EROVR'><name>Route Ownership Verifier</name> <t>Section 5.3 of<xreftarget='RFC8505'/>target="RFC8505" sectionFormat="of" section="5.3"/> introduces the Registration Ownership Verifier (ROVR)field offield, which has a variable lengthfromof 64 to 256 bits. The ROVRis a replacement ofreplaces theEUI-6464-bit Extended Unique Identifier (EUI&nbhy;64) in the ARO <xreftarget='RFC6775'/> thattarget='RFC6775'/>, which was used toidentifyuniquely identify an Address Registration with theLink-Layerlink-layer address of the owner but provided no protection against spoofing. </t><t> "<xref target="RFC8928" format="title"/>" <xreftarget='RFC8928'>"Address Protected Neighbor Discovery for Low-power and Lossy Networks"</xref>target="RFC8928" format="default"/> leverages the ROVR field as a cryptographic proof of ownership to prevent a rogue third party from registering an address that is already owned. The use of the ROVR field enables the 6LR to block traffic that is not sourced at an owned address. </t><t> This specification does not address how the protection offered by <xref target='RFC8928'/> could be extended for use in RPL. On the other hand, it adds the ROVR to the DAO to build the proxied EDAR at theRootroot (see <xref target='tgt'/>), which means that nodes that are aware of the host route are also aware of the ROVR associated to the Target Address. </t> </section><!-- end section "ROVR" --></section><!-- end section "RFC 8505 Extended ARO" --><sectionanchor='R8505D'><name>RFC 8505 Extended DAR/DAC</name>anchor='R8505D'><name>EDAR/EDAC per RFC 8505</name> <t> <xref target='RFC8505'/> updates the DAR/DAC messagesinto the Extended DAR/DACto EDAR/EDAC messages to carry the ROVR field. The EDAR/EDAC exchange takes place between the 6LR and the 6LBR. It is triggered by an NS(EARO) message from a 6LN to create, refresh, and delete the corresponding state in the 6LBR. The exchange is protected by the retry mechanism specified inSection 8.2.6 of<xreftarget='RFC6775'/>,target="RFC6775" sectionFormat="of" section="8.2.6"/>, though in an LLN, a duration longer than the default value of the RetransTimer (RETRANS_TIMER) <xref target='RFC4861'/> of 1 second may be necessary to cover theround tripround-trip delay between the 6LR and the 6LBR. </t><t> RPL <xref target='RFC6550'/> specifies a periodic DAO from the 6LN all the way to theRootroot that maintains the routing state in the RPL network for the lifetime indicated by the source of the DAO. This means that for each address, there are two keep-alive messages that traverse the wholenetwork,network: one to theRootroot and one to the 6LBR. </t><t> This specification avoids the periodic EDAR/EDAC exchange across the LLN. The 6LR turns the periodic NS(EARO) from the RUL into a DAO message to theRootroot on every refresh, but it only generates the EDAR upon the first registration, for the purpose of DAD, which must be verified before the address is injected in RPL. Upon the DAO message, theRootroot proxies the EDAR exchange to refresh the state at the 6LBR on behalf of the 6LR, as illustrated in <xref target='fReg2'/> in <xref target='flow'/>. </t> <sectionanchor='R7400'><name>RFC 7400 Capabilityanchor='R7400'><name>Capability IndicationOption</name>Option per RFC 7400</name> <t> "<xref target="RFC7400" format="title"/>" <xreftarget='RFC7400'> "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)"</xref>target="RFC7400" format="default"/> defines the 6LoWPAN Capability Indication Option(6CIO) that(6CIO), which enables a node to expose its capabilities inrouterRouter Advertisement (RA) messages. </t><t> <xref target='RFC8505'/> defines a number of bits in the6CIO,6CIO; in particular: </t> <dlspacing='compact'> <dt>L:</dt><dd> Nodespacing='compact' indent="4"> <dt>L:</dt><dd>The node is a6LR. </dd> <dt>E:</dt><dd> Node6LR.</dd> <dt>E:</dt><dd>The node is an IPv6 ND Registrar -- i.e., it supports registrations based onEARO. </dd> <dt>P:</dt><dd> NodeEARO.</dd> <dt>P:</dt><dd>The node is a RoutingRegistrar,Registrar -- i.e., an IPv6 ND Registrar that also provides reachability services for the RegisteredAddress. </dd>Address.</dd> </dl> <figure anchor='CIO'><name>6CIOflags</name>Flags</name> <artworkalign="center">align="center"><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length = 1 | Reserved |D|L|B|P|E|G| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ </artwork>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t> A 6LR that provides reachability services for a RUL in a RPL network as specified in this document includes a 6CIO in its RA messages and set the L,PP, and E flags to 1 as prescribed by <xref target='RFC8505'/>; this is fully explained in <xref target='oper'/>. </t> </section><!-- end section "RFC 7400 Capability Indication Option" --></section><!-- end section "RFC 8505 Extended DAR/DAC" --></section><!-- end section "6LoWPAN Neighbor Discovery" --><section anchor='prereq'><name>Requirementsonfor theRPL-Unware leaf</name>RPL-Unaware Leaf</name> <t> This document describes how RPL routing can be extended to reach a RUL. This section specifies the minimal RPL-independent functionality that the RUL needs to implement in order to obtain routing services for its addresses. </t> <section anchor='prereq6lp'><name>Support of 6LoWPAN ND</name> <t> To obtain routing services from a router that implements this specification, a RUL needs to implement <xref target='RFC8505'/> and sets the "R" and "T" flags in the EARO to 1 as discussed in<xref target='R8505ER'/>Sections <xref target='R8505ER' format="counter"/> and <xreftarget='R8505ETID'/>,target='R8505ETID' format="counter"/>, respectively. <xref target='ln'/> specifies new behaviors for the RUL, e.g., when the RFlagflag set to 1 inaan NS(EARO) is not echoed in the NA(EARO), which indicates that the route injection failed. </t><t> The RUL is expected to request routing services from a router only if that router originates RA messages with a 6CIO that has the L, P, and E flags all set to 1 as discussed in <xref target='R7400'/>, unless configured to do so. It is suggested that the RUL alsoimplementsimplement <xref target='RFC8928'/> to protect the ownership of its addresses. </t><t> A RUL that may attach to multiple 6LRs is expected to prefer those that provide routing services. The RUL needs to registertowith all the 6LRs from which it desires routing services. </t> <t> Parallel Address Registrations to several 6LRs should be performed in a rapid sequence, using the same EARO for the sameAddress.address. Gaps between the Address Registrations will invalidate some of the routestilluntil the Address Registration finally shows on those routes. </t> <t><xref target='RFC8505'/> introduces error Status values in the NA(EARO)whichthat can be received synchronously upon an NS(EARO) or asynchronously. The RUL needs to support both cases and refrain from using the address when the Status value indicates a rejection (see <xref target='stat'/>). </t> </section><!-- end section "Support of 6LoWPAN ND" --><section anchor='prereqv6ip'><name>Support of IPv6 Encapsulation</name> <t>Section 2.1 of<xreftarget='I-D.ietf-roll-useofrplinfo'/>target="RFC9008" sectionFormat="of" section="4.1.1"/> defines the rules fortunneling either to the finalsignaling an external destination (e.g., a RUL)orand tunneling to its attachment router (designated as a 6LR). In order to terminate the IPv6-in-IPv6 tunnel, the RUL, as an IPv6 host, would have to be capable of decapsulating the tunneled packet and either drop the encapsulated packet if it is not the finaldestination,destination or pass it to the upper layer for further processing. As indicated insection 4.1 of<xreftarget='I-D.ietf-roll-useofrplinfo'/>,target="RFC9008" sectionFormat="of" section="4.1"/>, this is not mandated by <xref target='RFC8504'/>, and the IPv6-in-IPv6 tunnel from theRootroot is terminated at the parent 6LR. It is thus not necessary for a RUL to support IPv6-in-IPv6 decapsulation. </t> </section><!-- end section "Support of IPv6 Encapsulation" --><section anchor='prereqv6hh'><name>Support of the Hop-by-Hop Header</name> <t> A RUL is expected to process an Option Type in a Hop-by-Hop Header as prescribed bysection 4.2 of<xreftarget='RFC8200'/>.target="RFC8200" sectionFormat="of" section="4.2"/>. An RPI with an Option Type of 0x23 <xreftarget='I-D.ietf-roll-useofrplinfo'/>target='RFC9008'/> is thus skipped when not recognized.</t> </section> <!-- end section "Support of the HbH Header" --></t> </section> <section anchor='prereqv6rh'><name>Support of the Routing Header</name> <t> A RUL is expected to process an unknown Routing Header Type as prescribed bysection 4.4 of<xreftarget='RFC8200'/>.target="RFC8200" sectionFormat="of" section="4.4"/>. This implies that theSource Routing Header,SRH, which has a Routing Type of 3 <xref target='RFC6554'/>, is ignored whentheSegments Left is zero. WhentheSegments Left is non-zero, the RUL discards the packet andsendsends an ICMP ParameterProblem, Code 0,Problem message with Code 0 to the packet'sSource Address,source address, pointing to the unrecognized Routing Type. </t></section><!-- end section "Support of the Routing Header" --></section><!-- "Requirements to be a RPL-Unware leaf" --></section> <section anchor='upd'><name>Enhancements to RFC 6550</name> <t> This document specifies a new behavior whereby a 6LR injects DAO messages for unicast addresses (see <xref target='op'/>) and multicast addresses (see <xref target='multiop'/>) on behalf of leaves that are not aware of RPL. The RUL addresses are exposed as external targets <xref target='RFC6550'/>. Conforming to <xreftarget='I-D.ietf-roll-useofrplinfo'/>, antarget='RFC9008'/>, IPv6-in-IPv6 encapsulation between the 6LR and the RPLRootDODAG root is used to carry the RPL artifacts and remove them when forwarding outside the RPL domain, e.g., to a RUL. </t><t> This document also synchronizes the liveness monitoring at theRootroot and the 6LBR. The samevalue oflifetime value is used for both, and a single keep-alive message, the RPL DAO, traverses the RPL network.AAnother new behavior is introduced whereby the RPLRootDODAG root proxies the EDAR message to the 6LBR on behalf of the 6LR (see <xref target='upd2'/>), for any leaf node that implements the 6LN functionality described in <xref target='RFC8505'/>. </t><t>Section 6.7.7 of<xreftarget='RFC6550'/>target="RFC6550" sectionFormat="of" section="6.7.7"/> introduces the RPL TargetOption,option, which can be used in RPLControlcontrol messages such as the DAO message to signal a destination prefix. This document addsthecapabilitiesto transportfor transporting the ROVR field (see <xref target='R8505EROVR'/>) and the IPv6Addressaddress of the prefix advertiser when the Target is a shorter prefix. Their use is signaledrespectivelyby a new ROVR Size field being non-zero and a new "Advertiser address inFull" 'F'Full (F)" flag set to 1, respectively; see <xref target='tgt'/>. </t><t> This specification defines a new flag, "Root ProxiesEDAR/EDAC" (P),EDAR/EDAC (P)", in the RPL DODAG Configurationoption,option; see <xref target='pflag'/>. </t><t>The RPL Status defined in section 6.5.1 of <xref target="RFC6550"/> for use in the DAO-ACK message is extended to be placed in DCO messages <xref target='I-D.ietf-roll-efficient-npdao'/> as well.Furthermore, this specificationenablesprovides the ability to carry the EARO Status defined for 6LoWPAN ND in RPL DAO and DCO messages, embedded in a RPLStatus,Status; see <xref target='stat'/>. </t><t>Section 12 of<xreftarget='RFC6550'/>target="RFC6550" sectionFormat="of" section="12"/> detailstheRPL support for multicast flows when theRPLInstanceRPL Instance is operatedin thewith a MOP setting of 3 ("Storing Mode of Operation with multicast support"). This specification extends the RPLRootDODAG root operation to proxy-relay the MLDv2 operation <xref target='RFC3810'/>operationbetween the RUL and the6LR,6LR; see <xref target= 'multiop'/>. </t> <section anchor='tgt'><name>Updated RPL Target Option</name> <t> This specification updates the RPL TargetOptionoption to transport the ROVR that was also defined for 6LoWPAN ND messages. This enables the RPLRootDODAG root to generate the proxied EDAR message to the 6LBR. </t> <t> The Target Prefix of the RPL TargetOptionoption is left (high bit) justified and contains the advertised prefix; its size may be smaller than 128 when it indicates aPrefixprefix route. The Prefix Length field signals the number of bits that correspond to the advertisedPrefix;prefix; it is 128 for a host route or less in the case of aPrefixprefix route. This remains unchanged. </t> <t> This specification defines the new 'F' flag. When it is set to 1, the size of the Target Prefix fieldMUST<bcp14>MUST</bcp14> be 128 bits and itMUST<bcp14>MUST</bcp14> contain an IPv6 address of the advertising node taken from the advertisedPrefix.prefix. In that case, the Target Prefix field carries two distinct pieces of information: a route that can be a host route or aPrefix routeprefix route, depending on the PrefixLength,Length; and an IPv6 address that can be used to reach the advertising node and validate the route. </t> <t> If the 'F' flag is set to 0, the Target Prefix field can be shorter than 128bitsbits, and itMUST<bcp14>MUST</bcp14> be aligned to the next byte boundary after the end of the prefix. Any additional bits in the rightmost octet are filled with padding bits. Padding bits are reserved and set to 0 as specified insection 6.7.7 of<xreftarget='RFC6550'/>.target="RFC6550" sectionFormat="of" section="6.7.7"/>. </t> <t> With thisspecificationspecification, the ROVR is the remainder of the RPL TargetOption.option. The size of the ROVR is indicated in a new ROVR Size field that is encoded to mapone-to-oneone to one with the Code Suffix in the EDAR message (seetableTable 4 of <xref target='RFC8505'/>). The ROVR Size field is taken from theflagsFlags field, which is an update to theRPL"RPL Target OptionFlagsFlags" IANA registry. </t> <t> The updated format is illustrated in <xref target='frpltgt'/>. It is backward compatible with the TargetOptionoption defined in <xref target='RFC6550'/>. It is recommended that the updated format be used as a replacement in new implementations in all MOPs in preparation for upcomingRoute Ownership Validationroute ownership validation mechanisms based on the ROVR, unless the device or the network is so constrained that this is not feasible. </t> <figure anchor='frpltgt' suppress-title='false'><name>Updated Target Option</name><artwork><artwork><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0x05 | Option Length |F|X|Flg|ROVRsz | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Target Prefix (Variable Length) | . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ... Registration Ownership Verifier (ROVR) ... | |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ </artwork>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]></artwork> </figure> <t> New fields: </t><dlspacing='normal'>spacing='normal' indent="4"> <dt>F:</dt><dd> 1-bit flag. Set to 1 to indicate that the Target Prefix field contains the complete(128 bit)(128-bit) IPv6 address of the advertisingnode. </dd>node.</dd> <dt>X:</dt><dd> <t>1-bit flag. Set to 1 to request that theRoot performsroot perform a proxy EDAR/EDAC exchange. </t> <t>The 'X' flag can only be set to 1 if the DODAG is operating in Non-StoringModemode and if theRootroot sets the "Root Proxies EDAR/EDAC (P)" flag to 1 in the DODAG ConfigurationOption,option; see <xref target='pflag'/>. </t><t> The 'X' flag can be set for host routes to RULs and RANs; it can also be set for internal prefix routes if the 'F' flag is set, using the node's address in the Target Prefix field to form the EDAR, but it cannot be used otherwise. </t> </dd> <dt>Flg (Flags):</dt><dd> The 2 bits remaining unused in the Flags field are reserved for flags. The fieldMUST<bcp14>MUST</bcp14> be initialized tozero0 by the sender andMUST<bcp14>MUST</bcp14> be ignored by thereceiver. </dd>receiver.</dd> <dt>ROVRsz (ROVR Size):</dt><dd><t> Indicates theSizesize of the ROVR. ItMUST<bcp14>MUST</bcp14> be set to 1, 2, 3, or 4, indicating a ROVR size of 64, 128, 192, or 256 bits, respectively. </t><t> If a legacy TargetOptionoption is used, then the value must remain 0, as specified in <xref target='RFC6550'/>. </t><t> In the case of a value above 4, the size of the ROVR is undetermined and this node cannot validate the ROVR; an implementationSHOULD<bcp14>SHOULD</bcp14> propagate the whole TargetOptionoption upwards as received to enable the verification by an ancestor that would support the upgraded ROVR. </t></dd> <dt>Registration Ownership Verifier (ROVR):</dt><dd> This is the same field as in theEARO,EARO; see <xreftarget='RFC8505'/> </dd>target='RFC8505'/>.</dd> </dl> </section><!-- end section "Updated RPL Target Option" --><section anchor='pflag'><name>Additional Flag in the RPL DODAG Configuration Option</name> <t> The DODAG ConfigurationOptionoption is defined inSection 6.7.6 of<xreftarget= 'RFC6550'/>.target="RFC6550" sectionFormat="of" section="6.7.6"/>. Its purpose is extended to distribute configuration information affecting the construction and maintenance of the DODAG, as well as operational parameters for RPL on the DODAG, through the DODAG. ThisOptionoption was originally designed with4four bit positions reserved for future use asFlags.flags. </t> <figure anchor="RPLDCO"> <name>DODAG Configuration Option (Partial View) </name> <artwork align="center" name="" type="" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0x04 |Opt Length = 14| |P| | |A| ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |4 bits| ]]></artwork>|]]></artwork> </figure> <t> This specification defines a newflagflag, "Root ProxiesEDAR/EDAC" (P).EDAR/EDAC (P)". The 'P' flag is encoded in bit position 1 of the reservedFlagsflags in the DODAG ConfigurationOptionoption (counting from bit 0 as the most significantbit)bit), and it is set to 0 in legacy implementations as specifiedrespectivelyinSections 20.14Sections <xref target="RFC6550" section="20.14" sectionFormat="bare"/> and6.7.6<xref target="RFC6550" section="6.7.6" sectionFormat="bare"/> of <xreftarget='RFC6550'/>.target="RFC6550"/>, respectively. </t> <t> The 'P' flag is set to 1 to indicate that theRootroot performs the proxy operation, which implies thatit supports this specification and the updated RPL Target Option (see <xref target='tgt'/>). </t> <!--t> Section 6.3.1 of <xref target='RFC6550'/> defines a 3-bit Mode of Operation (MOP) in the DIO Base Object. This specification applies to MOP values 0 to 6. For a MOP value of 7, the bit in position 1 is considered unallocatedit supports this specification and the updated RPL Target option (see <xreftarget='RFC8138'/> MUST be used by default. </t -->target='tgt'/>). </t> <t>Section 4.3 of<xreftarget='I-D.ietf-roll-useofrplinfo'/>target="RFC9008" sectionFormat="of" section="4.1.3"/> updates <xref target='RFC6550'/> to indicate that the definition of theFlagsflags applies toMode of Operation (MOP)MOP values from zero (0) to six (6) only. For a MOP value of 7, the implementationMUST consider<bcp14>MUST</bcp14> assume that theRootroot performs the proxy operation. </t> <t> The RPL DODAG ConfigurationOptionoption is typically placed in a DODAG Information Object (DIO) message. The DIO message propagates down the DODAG to form and then maintain its structure. The DODAG ConfigurationOptionoption is copied unmodified from parents to children. <xref target='RFC6550'/> states that "Nodes other than the DODAGRoot MUST NOTroot <bcp14>MUST NOT</bcp14> modify this information when propagating the DODAG Configurationoption".option." Therefore, a legacy parent propagates the 'P'Flagflag as set by theRoot,root, and when the 'P'Flagflag is set to 1, it is transparently flooded to all the nodes in the DODAG. </t></section><!-- New Flag in the RPL DODAG Configuration Option --></section> <section anchor='stat'><name>Updated RPL Status</name> <t>The RPL Status is defined insection 6.5.1 of<xreftarget="RFC6550"/>target="RFC6550" sectionFormat="of" section="6.5.1"/> for use in the DAO-ACKmessage and valuesmessage. Values are assigned as follows:</t> <table anchor="irplStatusbl"><name>RPL Status per RFC 6550</name> <thead> <tr><td>Range</td><td>Meaning</td></tr> </thead><tbody><tr><td>0</td><td>Success/Unqualified<tr><td>0</td><td>Success / Unqualified acceptance</td></tr> <tr><td>1-127</td><td>Not an outright rejection</td></tr> <tr><td>128-255</td><td>Rejection</td></tr> </tbody> </table> <t> The 6LoWPAN ND Status was defined for use in theEARO,EARO; seesection 4.1 of<xreftarget="RFC8505"/>.target="RFC8505" sectionFormat="of" section="4.1"/>. This specification addsa capabilitythe ability to allow the carriage of 6LoWPAN ND Status values in RPL DAO and DCO messages, embedded in the RPL Status field. </t> <t> To achieve this, the range of the ARO/EARO Status values is reduced to 0-63, which updates the IANA registry created for <xref target="RFC6775"/>. This reduction ensures that the values fit within a RPL Status as shown in <xref target="rpst"/>. See Sections <xref target="iana-aro" format="counter"/>, <xreftarget="iana-aro"/>, <xref target="iana-stats-nonrej"/>,target="iana-stats-nonrej" format="counter"/>, and <xreftarget="iana-stats-rej"/>target="iana-stats-rej" format="counter"/> for the respective IANA declarations.This ask isThese updates are reasonable because the associated registry relies onstandards actionthe Standards Action policy <xref target="RFC8126"/> for registration and only values up to 10 are currently allocated. </t> <figure anchor='rpst' suppress-title='false'><name>RPL Status Format</name> <artwork align="center" name="" type=""alt="">alt=""><![CDATA[ 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+|E|A|StatusValue| +-+-+-+-+-+-+-+-+ </artwork>|U|A|StatusValue| +-+-+-+-+-+-+-+-+]]></artwork> </figure> <t> This specification updates the RPL Status withsubfields as indicated below:the following subfields: </t><dlspacing='normal'> <dt>E:</dt><dd>spacing='normal' indent="4"> <dt>U:</dt><dd> 1-bit flag.setSet to 1 to indicate a rejection. When set to 0, a Status value of 0 indicatesSuccess/UnqualifiedSuccess / Unqualified acceptance and other values indicate"not"Not an outright rejection" as perRFC 6550.</dd>RFC 6550.</dd> <dt>A:</dt><dd>1-bit flag. Indicates the type of the RPL Status value.</dd> <dt>Status Value:</dt><dd><t>6-bit unsigned integer.</t> <t>If the 'A' flag is set to11, this field transports a value defined for the 6LoWPAN ND EARO Status. </t><t> When the 'A' flag is set to 0, this field transports a StatusValuevalue defined for RPL. </t></dd> </dl> <t> When building a DCO or a DAO-ACK message upon an IPv6 ND NA oraan EDAC message, the RPLRoot MUSTDODAG root <bcp14>MUST</bcp14> copy the 6LoWPAN ND status code unchanged in the RPL Status Value field and set the 'A' flag to 1. The RPLRoot MUSTDODAG root <bcp14>MUST</bcp14> set the'E''U' flag to 1 for all rejection and unknown status codes. The status codes in the 1-10 range <xref target='RFC8505'/> are all considered rejections. </t> <t> Reciprocally, upon a DCO or a DAO-ACK message from the RPLRootDODAG root with a RPL Status that has the 'A' flag set, the 6LRMUST<bcp14>MUST</bcp14> copy the RPL Status value unchanged in the Status field of the EARO when generating an NA to the RUL. </t></section><!-- Updated RPL Status --></section><!-- Enhancements to RFC 6550 --></section> <section anchor='updnpdao'><name>Enhancements todraft-ietf-roll-efficient-npdao</name>RFC 9009</name> <t> <xreftarget='I-D.ietf-roll-efficient-npdao'/>target='RFC9009'/> defines the DCO message for RPL StoringModemode only, with a link-local scope. All nodes in the RPL network are expected to support thespecificationspecification, since the message is processedhop-by-hophop by hop along the path that is being cleaned up. </t><t> This specification extends the use of the DCO message to the Non-Storing MOP, whereby the DCO is sentend-to-endend to end by theRootroot directly to the RAN that injected the DAO message for the considered target. In that case, intermediate nodes do not need to support <xreftarget='I-D.ietf-roll-efficient-npdao'/>;target='RFC9009'/>; they forward the DCO message as a plain IPv6 packet between theRootroot and the RAN. </t><t> In the case of a RUL, the 6LR that serves the RUL acts as the RAN that receives the Non-Storing DCO. This specification leverages the Non-Storing DCO between theRootroot and the 6LR that serves as the attachment router for a RUL. A 6LR and aRootroot that support this specificationMUST<bcp14>MUST</bcp14> implement the Non-Storing DCO. </t> </section><!-- end section "Enhancements to draft-ietf-roll-efficient-npdao" --><section anchor='upd2'><name>Enhancements toRFC6775RFCs 6775 andRFC8505</name>8505</name> <t> This document updates <xref target='RFC6775'/> and <xref target='RFC8505'/> to reduce the range of theND status codes downARO/EARO Status values to 64 values. The two most significant (leftmost) bitsifof the original NDstatusStatus field are nowreserved,reserved; theyMUST<bcp14>MUST</bcp14> be set tozero0 by the sender and ignored by the receiver. </t><t> This document also updates the behavior of a 6LR acting as a RPL router and of a 6LN acting as a RUL in the 6LoWPAN ND Address Registration as follows: </t> <ul> <li> If the RPLRootDODAG root advertises thecapabilityability to proxy the EDAR/EDAC exchange to the 6LBR, the 6LR refrains from sending the keep-alive EDAR message. If it is separated from the 6LBR, theRootroot regenerates the EDAR message to the 6LBR periodically, upon a DAO message that signals the liveliness of the address. </li><li> The use of the RFlagflag is extended to the NA(EARO) to confirm whether the route was installed. </li> </ul> </section><!-- end section "Enhancements to RFC 6775 and RFC8505" --><section anchor='op'><name>Protocol Operations for Unicast Addresses</name> <t> The description below assumes that theRootroot sets the 'P' flag in the DODAG ConfigurationOptionoption and performs the EDAR proxy operation presented in <xreftarget='R8505D'/> .target='R8505D'/>. </t><t> If the 'P' flag is set to 0, the 6LRMUST<bcp14>MUST</bcp14> generate the periodic EDAR messages and process the returned status as specified in <xref target='RFC8505'/>. If the EDAC indicates success, the rest of the flow takes place as presented but without the proxied EDAR/EDAC exchange. </t><t> <xref target='flow'/> provides an overview of the route injection in RPL, whereas <xref target='oper'/> offers more details from the perspective of the different nodes involved in the flow. </t> <section anchor='flow'><name>General Flow</name> <t> This specification eliminates the need to exchange keep-aliveExtended Duplicate Address messages,EDAR andEDAC,EDAC messages all the way from a 6LN to the 6LBR across a RPL mesh. Instead, the EDAR/EDAC exchange with the 6LBR is proxied by the RPLRootDODAG root upon the DAO message that refreshes the RPL routing state. The first EDAR upon a new Address Registration cannot be proxied, though, as itservesis generated for the purpose of DAD, which must be verified before the address is injected in RPL. </t><t> In a RPL network where the function is enabled, refreshing the state in the 6LBR is the responsibility of theRoot.root. Consequently, only addresses that are injected in RPL will be kept alive at the 6LBR by the RPLRoot.DODAG root. Since RULs are advertised using Non-StoringMode,mode, the DAO message flow and thekeep alivekeep-alive EDAR/EDAC can be nested within the Address (re)Registration flow. <xref target='fReg1'/> illustrates that, for the first Address Registration, both the DAD and the keep-aliveEDAR/EDACEDAR&wj;/EDAC exchanges happen in the same sequence. </t> <figure anchor='fReg1' suppress-title='false'><name>First RUL Registration Flow</name> <artwork align="center"><![CDATA[ 6LN/RUL 6LR <6LR*> Root 6LBR |<---Using ND--->|<--Using RPL->|<-----Using ND---->| | |<-----------Using ND------------->| | | | | | NS(EARO) | | | |--------------->| | | | EDAR | | |--------------------------------->| | | | | | EDAC | | |<---------------------------------| | | | | | DAO(X=0) | | | |------------->| | | | | | | DAO-ACK | | | |<-------------| | | NA(EARO) | | | |<---------------| | | | | || ]]></artwork>|]]></artwork> </figure> <t> This flow requires that the lifetimes and sequence counters in 6LoWPAN ND and RPLarebe aligned. </t><t> To achieve this, the Path Sequence and the Path Lifetime in the DAO message are taken from the Transaction ID and the Address Registration lifetime in the NS(EARO) message from the 6LN. </t><t> On the first Address Registration, illustrated in <xref target='fReg1'/> for RPL Non-StoringMode,mode, theExtended Duplicate AddressEDAR/EDAC exchange takes place as prescribed by <xref target='RFC8505'/>. If the exchange fails, the 6LR returns an NA message with a non-zero status to the 6LN, the NCE is not created, and the address is not injected in RPL. Otherwise, the 6LR creates an NCE and injects the Registered Address in the RPL routing using a DAO/DAO-ACK exchange with the RPL DODAGRoot.root. </t> <t> An Address Registration refresh is performed by the 6LN to keep the NCE in the 6LR alive before the lifetime expires. Upon the refresh of a registration, the 6LR reinjects the corresponding route in RPL before it expires, as illustrated in <xref target='fReg2'/>. </t> <figure anchor='fReg2' suppress-title='false'><name>Next RUL Registration Flow</name> <artwork align="center"><![CDATA[ 6LN/RUL <-ND-> 6LR <-RPL-> Root <-ND-> 6LBR | | | | | NS(EARO) | | | |--------------->| | | | | DAO(X=1) | | | |------------->| | | | | EDAR | | | |------------------>| | | | EDAC | | | |<------------------| | | DAO-ACK | | | |<-------------| | | NA(EARO) | | | |<---------------| || ]]></artwork>|]]></artwork> </figure><t> This is what causes the RPLRootDODAG root to refresh the state in the 6LBR, using an EDAC message. In the case of an error in the proxied EDAR flow, the error is returned in the DAO-ACK using a RPL Status with the 'A' flag set to1 that imbeds1, which embeds a 6LoWPAN Status value as discussed in <xref target='stat'/>. </t> <t> The 6LR may receive a requested DAO-ACK after it received an asynchronous Non-Storing DCO, but the non-zero status in the DCO supersedes a positiveStatusstatus in theDAO-ACKDAO-ACK, regardless of the order in which they are received. Upon the DAO-ACK--- or theDCODCO, if one arrives first--- the 6LR responds to the RUL with an NA(EARO). </t> <t> An issue may be detected later, e.g., the address moves to a different DODAG with the 6LBR attached to a different 6LoWPAN Backbonerouter (6BBR),Router (6BBR); see Figure 5 insection 3.3 of<xreftarget='RFC8929'/>.target="RFC8929" sectionFormat="of" section="3.3"/>. The 6BBR may send a negative NDstatus,Status, e.g., in an asynchronous NA(EARO) to the 6LBR. </t> <t> <xref target='RFC8929'/> expects that the 6LBR iscollocatedco-located with the RPLRoot,DODAG root, but if not, the 6LBRMUST<bcp14>MUST</bcp14> forward the status code to the originator of theEDAR,EDAR -- either the 6LR or the RPLRootDODAG root that proxies for it. The ND status code is mapped in a RPL Status value by the RPLRoot,DODAG root, and then back to an ND Status by the6LR.6LR to the 6LN. Note that a legacy RAN that receives a Non-Storing DCO that it does not support will ignore it silently, as specified insection 6 of<xreftarget='RFC6550'/>.target="RFC6550" sectionFormat="of" section="6"/>. The result is that itmay ignore for a whilewill remain unaware that it is nomore reachable. Thelonger reachable until its next RPL exchange happens. This situation will be cleared upon the next Non-Storing DAO exchange if the error is returned in a DAO-ACK. </t><t> <xref target='fReg1.5'/> illustrates this in the case where the 6LBR and theRootroot are notcollocated,co-located, and theRootroot proxies the EDAR/EDAC flow. </t> <figure anchor='fReg1.5' suppress-title='false'><name>Asynchronous Issue</name> <artwork align="center"><![CDATA[ 6LN/RUL <-ND-> 6LR <-RPL-> Root <-ND-> 6LBR <-ND-> 6BBR | | | | | | | | | NA(EARO) | | | | |<------------| | | | EDAC | | | | |<-------------| | | | DCO | | | | |<------------| | | | NA(EARO) | | | | |<-------------| | | | | | | || ]]></artwork>|]]></artwork> </figure> <t> If theRootroot does not proxy, then the EDAC with a non-zero status reaches the 6LR directly. In that case, the 6LRMUST<bcp14>MUST</bcp14> clean up the route using a DAO with a Lifetime ofzero,0, and itMUST<bcp14>MUST</bcp14> propagate the status back to the RUL inaan NA(EARO) with the RFlagflag set to 0. </t><t> The RUL may terminate the registration at any time by using a Registration Lifetime of 0. This specification requires that the RPL TargetOption transportsoption transport the ROVR. This way, the same flow as the heartbeat flow is sufficient to inform the 6LBR using theRootroot as a proxy, as illustrated in <xref target="fReg2"/>. </t> <t>AnyAll or any combination of thelogical functions of6LR,Root,the root, and the 6LBR might be collapsed in a single node. </t> </section> <section anchor='oper'><name>Detailed Operation</name> <t> The followingsectionsections specifyrespectivelythebehaviourbehavior ofthe(1) the 6LNActingacting as a RUL,the(2) the 6LRActingacting asBordera border router and serving the 6LN,the(3) the RPLRootDODAG root, andthe(4) the 6LBR in the control flows that enable RPL routing back to theRUL.RUL, respectively. </t> <section anchor='ln'><name>Perspective of the 6LN Acting as a RUL</name> <t> This specification builds on the operation of a 6LoWPAN ND-compliant 6LN/RUL, which is expected to operate as follows: </t> <ol spacing='normal'> <li> The 6LN selects a 6LR that provides reachability services for a RUL. This is signaled by a 6CIO in the RA messages with the L,PP, and E flags set to 1 as prescribed by <xref target='RFC8505'/>. </li><li> The 6LN obtains an IPv6 global address, via eitherusing Stateless(1) Stateless Address Autoconfiguration (SLAAC) <xref target='RFC4862'/> based on a Prefix Information Option (PIO) <xref target='RFC4861'/> found in an RAmessage,message orsome(2) some other means, such as DHCPv6 <xref target='RFC8415'/>. </li><li> Once it has formed an address, the 6LN registers its address and refreshes its registration periodically, early enough within theLifetimelifetime of the previous Address Registration, as prescribed by <xref target='RFC6775'/>, to refresh the NCE before the lifetime indicated in the EARO expires. It sets the TFlagflag to 1 as prescribed in <xref target='RFC8505'/>. The TID is incremented each time and wraps in a lollipop fashion (seesection 5.2.1 of<xreftarget='RFC8505'/>,target="RFC8505" sectionFormat="of" section="5.2.1"/>, which is fully compatible withsection 7.2 of<xreftarget='RFC6550'/>).target="RFC6550" sectionFormat="of" section="7.2"/>). </li><li> As stated insection 5.2 of<xreftarget='RFC8505'/>,target="RFC8505" sectionFormat="of" section="5.2"/>, the 6LN can registertowith more than one 6LR at the same time. In that case,it usesall the fields in thesameEARO are set to the same value for all of the parallel Address Registrations, with the exception of the Registration Lifetime field and thesetting of theRflag thatflag, which maydiffer.be set to different values. The 6LN may cancel a subset of itsregistrations,registrations or may transfer a registration from one or more old6LR(s)6LRs to one or more new6LR(s).6LRs. To do so, the 6LN sends a series of NS(EARO) messages, all with the same TID, with a zero Registration Lifetime to the old 6LR(s) and with a non-zero Registration Lifetime to the new 6LR(s). In that process, the 6LNSHOULD<bcp14>SHOULD</bcp14> send the NS(EARO) with a non-zero Registration Lifetime and ensure that at least one succeeds before it sends an NS(EARO) that terminates another registration. This avoids the churn related to transient route invalidation in the RPL network above the common parent of the involved 6LRs.<!-- To avoid churn related to transient route invalidation, the 6LN SHOULD send the NS(EARO) to maintain the registration active (i.e., with a non-zero Registration Lifetime) --></li><li> Followingsection 5.1 of<xreftarget='RFC8505'/>,target="RFC8505" sectionFormat="of" section="5.1"/>, a 6LN acting as a RUL sets the RFlagflag in the EARO of its registration(s) for which it requires routing services. If the RFlagflag is not echoed in the NA, the RULMUST consider<bcp14>MUST</bcp14> assume that establishing the routing services via this 6LRfailedfailed, and itSHOULD<bcp14>SHOULD</bcp14> attempt to use another 6LR. The RULSHOULD<bcp14>SHOULD</bcp14> ensure that one registration succeeds before setting the RFlagflag to 0. In the case of a conflict with the preceding ruleonregarding the lifetime, the ruleonregarding the lifetime has precedence. </li><li> The 6LN may use any of the 6LRs to which it registered as the default gateway. Using a 6LR to which the 6LN is not registered may result in packets dropped at the 6LR by a Source Address ValidationfunctionImprovement (SAVI) function <xref target='RFC7039'/>so itand thus is not recommended. </li> </ol> <t> Even without support for RPL, the RUL may be configured with an opaque value to be provided to the routing protocol. If the RUL has knowledge of the RPL Instance into which the packet should beinjected into,injected, then itSHOULD<bcp14>SHOULD</bcp14> set the Opaque field in the EARO to theRPLInstanceID, otherwiseRPLInstanceID; otherwise, itMUST<bcp14>MUST</bcp14> leave the Opaque field aszero.0. </t> <t> Regardless of the setting of the Opaque field, the 6LNMUST<bcp14>MUST</bcp14> set the "I" field tozero0 to signal "topological information to be passed to a routing process", as specified insection 5.1 of<xreftarget='RFC8505'/>.target="RFC8505" sectionFormat="of" section="5.1"/>. </t><t> A RUL is not expected to produce RPL artifacts in the data packets, but it may do so. For instance, if the RUL has minimal awareness of the RPLInstanceInstance, then it can build an RPI. A RUL that places an RPI in a data packetSHOULD<bcp14>SHOULD</bcp14> indicate the RPLInstanceID of the RPL Instance where the packet should be forwarded. It is up to the 6LR (e.g., by policy) to use the RPLInstanceID information provided by the RUL or rewrite it to the selected RPLInstanceID for forwarding inside the RPL domain. All the flags and theRankSenderRank field are set to 0 as specified bysection 11.2 of<xreftarget='RFC6550'/>.target="RFC6550" sectionFormat="of" section="11.2"/>. </t> </section> <section anchor='lr'><name>Perspective of the 6LR Acting as a Borderrouter</name>Router</name> <t> A 6LR that provides reachability services for a RUL in a RPL network as specified in this documentMUST<bcp14>MUST</bcp14> include a 6CIO in its RA messages and set the L,PP, and E flags to 1 as prescribed by <xref target='RFC8505'/>. </t><t> As prescribed by <xref target='RFC8505'/>, the 6LR generates an EDAR message upon reception of a valid NS(EARO) message for the registration of a new IPv6 address by a 6LN. If the initial EDAR/EDAC exchange succeeds, then the 6LR installs an NCE for the Registration Lifetime. </t> <t> If the RFlagflag is set to 1 in the NS(EARO), the 6LRSHOULD<bcp14>SHOULD</bcp14> inject the host route in RPL, unless this is barred for other reasons, such as the saturation of the RPL parents. The 6LRMUST<bcp14>MUST</bcp14> useaRPL Non-StoringModemode signaling and the updated TargetOptionoption (see <xref target='tgt'/>).The 6LR SHOULD refrain from setting the 'X' flag toTo avoid a redundant EDAR/EDAC flow to the6LBR.6LBR, the 6LR <bcp14>SHOULD</bcp14> refrain from setting the 'X' flag. The 6LRMUST<bcp14>MUST</bcp14> request a DAO-ACK by setting the 'K' flag in the DAO message.SuccessSuccessfully injecting the route to the RUL's addressiswill be indicatedbyvia the'E''U' flag set to 0 in the RPLstatusStatus of the DAO-ACK message. </t> <t> For the registration refreshes, if the RPLRootDODAG root sets the 'P' flag in the DODAG ConfigurationOptionoption to 1, then the 6LRMUST<bcp14>MUST</bcp14> refrain from sending the keep-alive EDAR; instead, itMUST<bcp14>MUST</bcp14> set the 'X' flag to 1 in the TargetOptionoption of the DAO messages, to request that theRoot proxiesroot proxy the keep-alive EDAR/EDAC exchange with the 6LBR (see <xref target='upd'/>); if the 'P' flag is set to00, then the 6LRMUST<bcp14>MUST</bcp14> set the 'X' flag to 0 and handle the EDAR/EDAC flow itself. </t> <t> The Opaque field in the EARO provides a means to signal which RPL Instance is to be used for the DAO advertisements and the forwarding of packets sourced at the Registered Address when there is no RPI in the packet. </t> <t> As described in <xref target='RFC8505'/>, if the "I" field iszero,0, then the Opaque field is expected to carry the RPLInstanceID suggested by the 6LN; otherwise, there is no suggested RPL Instance. If the 6LR participates in the suggested RPL Instance, then the 6LRMUST<bcp14>MUST</bcp14> use that RPL Instance for the Registered Address. </t> <t> If there is no suggested RPL Instance orelseif the 6LR does not participatetoin the suggested RPL Instance, it is expected that the packets coming from the 6LN "can unambiguously be associated to at least one RPL Instance" <xref target='RFC6550'/> by the 6LR, e.g., using a policy that maps the 6-tupleinto anto a RPL Instance. </t> <t> The DAO message advertising the Registered AddressMUST<bcp14>MUST</bcp14> be constructed as follows: </t> <ol spacing='normal'> <li>The Registered Address is signaled as the Target Prefix in the updated TargetOptionoption in the DAO message; the Prefix Length is set to 128 but the 'F' flag is set to00, since the advertiser is not the RUL. The ROVR field is copied unchanged from the EARO (see <xref target='tgt'/>). </li><li> The 6LR indicates one of its global or unique-local IPv6 unicast addresses as the Parent Address in the TIO associated with the TargetOptionoption. </li><li> The 6LR sets the External'E'('E') flag in the TIO to indicate that it is redistributing an external target into the RPLnetworknetwork. </li><li> <t> The Path Lifetime in the TIO is computed from the Registration Lifetime in the EARO. This operation converts seconds to the Lifetime Units used in the RPL operation. This creates the deployment constraint that the Lifetime Unit is reasonably compatible with the expression of the Registration Lifetime; e.g., a Lifetime Unit of 0x4000 maps the most significant byte of the Registration Lifetime to the Path Lifetime. </t> <t> In that operation, the Path Lifetime must be set to ensure that the path has a longer lifetime than the registration and also coversin additiontheround tripround-trip time to theRoot.root. </t> <t> Note that if the Registration Lifetime is 0, then the Path Lifetime is also 0 and the DAO message becomes a No-Path DAO, which cleans up the routes down to the RUL's address; this also causes theRootroot as a proxy to send an EDAR message to the 6LBR with a Lifetime of 0. </t> </li><li>theThe Path Sequence in the TIO is set to the TID value found in theEARO option.EARO. </li> </ol> <t> Upon receiving or timing out the DAO-ACK after an implementation-specific number of retries, the 6LRMUST<bcp14>MUST</bcp14> send the corresponding NA(EARO) to the RUL. Upon receiving an asynchronous DCO message, itMUST<bcp14>MUST</bcp14> send an asynchronous NA(EARO) to the RULimmediately,immediately but still be capable of processing the DAO-ACK if one is pending. </t><t> The 6LRMUST<bcp14>MUST</bcp14> set the RFlagflag to 1 in the NA(EARO) that it sends back to the 6LN if and only if the'E''U' flag in the RPL Status is set to 0, indicating that the 6LR injected the Registered Address in the RPL routing successfully and that the EDAR proxy operation succeeded. </t><t> If the 'A' flag in the RPL Status is set to 1, the embedded Status value is passed back to the RUL in the EARO Status. If the'E''U' flag is also set to 1, the registration failed for 6LoWPAN-ND-related reasons, and the NCE is removed. </t><t> An error injecting the route causes the'E''U' flag to be set to 1. If the error is not related to ND, the 'A' flag is set to 0. In that case, the registration succeeds, but the RPL route is not installed.SoSo, the NA(EARO) is returned with a status indicating success but the RFlagflag set to 0, which means that the 6LN obtained a binding but no route. </t><t> If the 'A' flag is set to 0 in the RPL Status of the DAO-ACK, then the 6LoWPAN ND operation succeeded, and an EARO Status of 0 (Success)MUST<bcp14>MUST</bcp14> be returned to the 6LN. The EARO Status of 0MUST<bcp14>MUST</bcp14> also be used if the 6LR did not attempt to inject the route but could create the binding after a successful EDAR/EDAC exchange or refresh it. </t><t> If the'E''U' flag is set to 1 in the RPL Status of the DAO-ACK, then the route was notinstalledinstalled, and the R flagMUST<bcp14>MUST</bcp14> be set to 0 in the NA(EARO). The R flagMUST<bcp14>MUST</bcp14> be set to 0 if the 6LR did not attempt to inject the route. </t><t> In a network whereAddress ProtectedAddress-Protected Neighbor Discovery (AP-ND) is enabled, in the case of a DAO-ACK or a DCO transporting an EARO Status value of 5 (Validation Requested), the 6LRMUST<bcp14>MUST</bcp14> challenge the 6LN for ownership of the address, as described insection 6.1 of<xreftarget='RFC8928'/>,target="RFC8928" sectionFormat="of" section="6.1"/>, before theRegistrationregistration is complete. This flow, illustrated in <xref target='Dynamic-fig'/>, ensures that the address is validated before it is injected in the RPL routing.</t><t> If the challenge succeeds, then the operations continue as normal. In particular, a DAO message is generated upon the NS(EARO) that proves the ownership of the address. If the challenge failed, the 6LR rejects the registration as prescribed by AP-ND and may take actions to protect itself against DoS attacks by a rogue 6LN, see <xref target='security-considerations'/>.</t> <figure anchor='Dynamic-fig' suppress-title='false'><name>Address Protection</name> <artwork><![CDATA[ 6LN 6LR Root 6LBR | | | | |<--------------- RA ---------------------| | | | | | | |------NS EARONS(EARO) (ROVR=Crypto-ID)-------->|------->| | | | | | ||<- NA EARO(status=Validation Requested) -||<-NA(EARO) (Status=Validation Requested)-| | | | | | ||----- NS EARO|---- NS(EARO) andProof-of-ownership -->|proof of ownership --->| | | | | | | | <validate theProof>proof> | | | | ||<----------- NA EARO (status=10)---<if|<------- NA(EARO) (Status=10) -----<if failed> | | | | | | <else> | | | | | | | |--------- EDAR ------->| | | | | |<-------- EDAC --------| | | | | | | | | |-DAO(X=0)->| | | | | | | |<- DAO-ACK-| | | | | ||<----------- NA EARO (status=0)----------||<---------- NA(EARO) (Status=0) ---------| | | | | | | ... | | | | |------NS EARONS(EARO) (ROVR=Crypto-ID)-------->|------->| | | | |-DAO(X=1)->| | | | |-- EDAR -->| | | | | | | |<-- EDAC --| | |<- DAO-ACK-| ||<----------- NA EARO (status=0)----------||<---------- NA(EARO) (Status=0) ---------| | | | | | |... ]]></artwork>...]]></artwork> </figure> <t>TheIf the challenge succeeded, then the operations continue as normal. In particular, a DAO message is generated upon the NS(EARO) that proves the ownership of the address. If the challenge failed, the 6LR rejects the registration as prescribed by AP-ND and may take actions to protect itself against Denial-Of-Service (DoS) attacks by a rogue 6LN; see <xref target='security-considerations'/>. </t> <t> The 6LR may, at anytimetime, send a unicast asynchronous NA(EARO) with the RFlagflag set to 0 to signal that itstopshas stopped providing routing services, and/or withthean EARO Status of 2"Neighbor(Neighbor Cachefull"Full) to signal that itremovesremoved the NCE. It may also send a finalRA,RA -- unicast ormulticast,multicast -- with a router Lifetime field ofzero,0, to signal that itis ceasingwill cease to serve as the router, as specified insection 6.2.5 of<xreftarget='RFC4861'/>.target="RFC4861" sectionFormat="of" section="6.2.5"/>. This may happen upon a DCO or a DAO-ACK message indicating that the path is already removed;elseotherwise, the 6LRMUST<bcp14>MUST</bcp14> remove the host route to the 6LN using a DAO message with a Path Lifetime ofzero.0. </t><t> A valid NS(EARO) message with the RFlagflag set to 0 and a Registration Lifetime that is not zero signals that the 6LN wishes to maintain the binding but does not require (i.e., no longer requires) the routing services from the6LR (any more).6LR. Upon this message, if, due to a previous NS(EARO) with the RFlagflag set to1,1 the 6LR was injecting the host route to the Registered Address in RPL using DAO messages, then the 6LRMUST<bcp14>MUST</bcp14> invalidate the host route in RPL using a DAO with a Path Lifetime ofzero.0. It is up to theRegisteringregistering 6LN to maintain the corresponding route from then on, by eitherkeeping(1) keeping it active via a different 6LR orby acting(2) acting as a RAN and managing its own reachability. </t><t> When forwarding a packet from the RUL into the RPL domain, if the packet does not have anRPI thenRPI, the 6LRMUST<bcp14>MUST</bcp14> encapsulate the packet to theRoot,root and add an RPI. If there is an RPI in the packet, the 6LRMUST<bcp14>MUST</bcp14> rewrite theRPIRPI, but it does not need to encapsulate. </t> </section> <section anchor='Root'><name>Perspective of the RPL DODAG Root</name> <t> A RPLRoot MUSTDODAG root <bcp14>MUST</bcp14> set the 'P' flag to 1 in the RPL DODAG ConfigurationOptionoption of the DIO messages that it generates (see <xref target='upd'/>) to signal that it proxies the EDAR/EDAC exchange and supports theUpdatedupdated RPL Target option.<!-- The remainder of this section assumes that it does. --></t><t> Upon reception of a DAO message, for each updated RPL TargetOptionoption (see <xref target='tgt'/>) with the 'X' flag set to 1, theRoot MUSTroot <bcp14>MUST</bcp14> notify the 6LBR by using a proxied EDAR/EDAC exchange; if the RPLRootDODAG root and the 6LBR are integrated, an internal API can be used instead. </t> <t> The EDAR messageMUST<bcp14>MUST</bcp14> be constructed as follows: </t> <ol spacing='normal'> <li> TheTargettarget IPv6 address from the RPL TargetOptionoption is placed in the Registered Address field of the EDAR message;<!--and in the Target field of the NS message, respectively--></li><li>theThe Registration Lifetime is adapted from the Path Lifetime in the TIO by converting the Lifetime Units used in RPLinto units of 60 seconds used in the 6LoWPAN ND messages; </li><li> <!-- the RPL Root indicates its own MAC address as Source Link Layer Address (SLLA)into units of 60 seconds used in theNS(EARO);6LoWPAN ND messages; </li><li>-->The TID value is set to the Path Sequence in the TIO and indicated with an ICMP code of 1 in the EDAR message; </li><li> The ROVR in the RPL TargetOptionoption is copied as is in theEDAREDAR, and the ICMP Code Suffix is set to the appropriate value as shown in Table 4 of <xreftarget='RFC8505'/>target='RFC8505'/>, depending on the size of the ROVR field. </li> </ol> <t> Upon receiving an EDAC message from the 6LBR, if a DAO is pending, then theRoot MUSTroot <bcp14>MUST</bcp14> send a DAO-ACK back to the 6LR. Otherwise, if theStatusstatus in the EDAC message is not "Success", then itMUST<bcp14>MUST</bcp14> send an asynchronous DCO to the 6LR. </t> <t> In either case, the EDAC Status is embedded in the RPL Status with the 'A' flag set to 1. </t> <t> The proxied EDAR/EDAC exchangeMUST<bcp14>MUST</bcp14> be protected with a timerof anwhose appropriate duration andanumber ofretries, that are implementation-dependent,retries (1) are implementation dependent andSHOULD(2) <bcp14>SHOULD</bcp14> beconfigurableconfigurable, since theRootroot and the 6LBR are typically nodes with a higher capacity and manageability than 6LRs. Upon timing out, theRoot MUSTroot <bcp14>MUST</bcp14> send an error back to the 6LR as above,eitherusing either a DAO-ACK or a DCO, as appropriate, with the 'A' and'E''U' flags set to 1 in the RPLstatus,Status, and a RPL Status value ofof"6LBR Registry Saturated" <xref target='RFC8505'/>. </t> </section> <section anchor='lbr'><name>Perspective of the 6LBR</name> <t> The 6LBR is unaware that the RPLRootDODAG root is not the new attachment 6LR of the RUL, so it is not impacted by this specification. </t> <t> Upon reception of an EDAR message, the 6LBRactsbehaves as prescribed by <xref target='RFC8505'/> and returns an EDAC message to the sender. </t> </section> </section> </section> <section anchor='multiop'><name>Protocol Operations for Multicast Addresses</name><t> Section 12 of <xref target='RFC6550'/><t><xref target="RFC6550" sectionFormat="of" section="12"/> detailstheRPL support for multicast flows. This support is activated by setting the MOPofvalue to 3 ("Storing Mode of Operation with multicast support") in the DIO messages that form the DODAG. This section also applies if and only if the MOP of theRPLInstanceRPL Instance is 3. </t> <t>TheRPL supportoffor multicast is notsource-specificsource specific and only operates as an extension to the StoringModemode ofOperationoperation for unicast packets. Note that it is the RPL model that the multicast packet ispassedcopied and transmitted as aLayer-2Layer 2 unicast to each of the interested children. This remains true when forwarding between the 6LR and the listener 6LN. </t> <t> "<xref target="RFC3810" format="title"/>" <xreftarget='RFC3810'> "Multicast Listener Discovery Version 2 (MLDv2) for IPv6"</xref>target="RFC3810" format="default"/> provides an interface for a listener to registertowith multicast flows. In the MLD model, the router is a "querier", and the host is a multicast listener that registerstowith the querier to obtain copies of the particular flows it is interested in. </t><t> The equivalent of the first Address Registration happens as illustrated in <xref target='fReg3'/>. The 6LN, as an MLD listener, sends an unsolicited Report to the 6LR. This enables it to start receiving the flowimmediately,immediately and causes the 6LR to inject the multicast route in RPL. </t> <figure anchor='fReg3' suppress-title='false'><name>First Multicast Registration Flow</name> <artwork><![CDATA[ 6LN/RUL 6LR Root 6LBR | | | | | unsolicited Report | | | |------------------->| | | | | DAO | | | |-------------->| | | | DAO-ACK | | | |<--------------| | | | | <if not done already> | | | | unsolicited Report | | | |---------------------->| | | | |]]></artwork> </figure> <t> This specification does not change MLD but will operate more efficiently if the asynchronous messages for unsolicited Report and Done are sent by the 6LN asLayer-2Layer 2 unicast to the 6LR,in particularparticularly on wireless. </t><t> The 6LR acts as a generic MLD querier and generates a DAO with theMulticast Addressmulticast address as the Target Prefix as described insection 12 of<xreftarget='RFC6550'/>.target="RFC6550" sectionFormat="of" section="12"/>. As for theUnicastunicast host routes, the Path Lifetime associated to the Target is mapped from the QueryInterval,Interval and is set to belargerlarger, to account for variable propagation delays to theRoot.root. TheRootroot proxies the MLD exchange as a listener with the 6LBR acting as the querier, so as to get packets from a source external to the RPL domain. </t><t> Upon a DAO with a Target option for a multicast address, the RPLRootDODAG root checks to see if it is already registered as a listener for that address, and if not, it performs its own unsolicited Report for the multicast address as described insection 5.1 of<xreftarget='RFC3810'/>.target="RFC3810" sectionFormat="of" section="6.1"/>. ThereportReport is source independent, so there is noSource Addresssource address listed. </t><figure anchor='fReg3' suppress-title='false'><name>First Multicast Registration Flow</name> <artwork><![CDATA[ 6LN/RUL 6LR Root 6LBR | | | | | unsolicited Report | | | |------------------->| | | | | DAO | | | |-------------->| | | | DAO-ACK | | | |<--------------| | | | | <if not done already> | | | | unsolicited Report | | | |---------------------->| | | | | ]]></artwork> </figure><t> The equivalent of the registration refresh is pulled periodically by the 6LR acting as the querier. Upon the timing out of the Query Interval, the 6LR sends a Multicast Address Specific Query to each of its listeners, for eachMulticast Address, and getsmulticast address. The listeners respond with aReport back thatReport. Based on the Reports, the 6LR maintains the aggregated list of all the multicast addresses for which there ismapped intoa listener and advertises them using DAOone by one.messages as specified in <xref target="RFC6550" sectionFormat="of" section="12"/>. Optionally, the 6LRMAY<bcp14>MAY</bcp14> send a General Query, where the Multicast Address field is set tozero.0. In that case, the multicast packet is passed as aLayer-2Layer 2 unicast to each of the interested children..</t> <t> Upon a Report, the 6LR generates a DAO with as many TargetOptionsoptions as there are Multicast Address Records in the Report message, copying the Multicast Address field in the Target Prefix of the RPL TargetOption.option. The DAO message is a StoringModemode DAO, passed to a selection of the 6LR's parents. </t> <t> Asynchronously to this, a similar procedure happens between theRootroot and arouterrouter, such as the6LBR6LBR, that serves multicast flows on theLinklink where theRootroot is located.AgainAgain, the Query and Report messages are source independent. TheRootroot lists exactly once eachMulticast Addressmulticast address for which it has at least one active multicast DAO state, copying the multicast address in the DAO state in the Multicast Address field of the Multicast Address Records in the Report message. </t> <t> This is illustrated in <xref target='fReg4'/>: </t> <figure anchor='fReg4' suppress-title='false'><name>Next Registration Flow</name> <artwork><![CDATA[ 6LN/RUL 6LR Root 6LBR | | | | | Query | | | |<-------------------| | | | Report | | | |------------------->| | | | | DAO | | | |-------------->| | | | DAO-ACK | | | |<--------------| | | | | Query | | | |<-------------------| | | | Report | | | |------------------->| | | || ]]></artwork>|]]></artwork> </figure> <t>Note that all or any combination of thefunctions6LR,Rootthe root, and the 6LBR might be collapsed in a single node, in which case the flow above happens internally, and possibly through internal API calls as opposed to messaging. </t> </section> <section anchor='security-considerations'><name>Security Considerations</name> <t> It is worth noting that with <xref target='RFC6550'/>, every node in the LLN isRPL-awareRPL aware and can inject any RPL-based attack in the network. This specification improvesthethis situation by isolating edge nodes that can only interact with the RPL routers using 6LoWPAN ND, meaning that they cannot perform RPL insider attacks. </t> <t> The LLN nodes depend on the 6LBR and the RPL participants for their operation. A trust model must be put in place to ensure that the right devices are acting in these roles, so as to avoidthreatssuch threats asblack-holing,black-holing (see <xreftarget='RFC7416'/> section 7), Denial-Of-Servicetarget="RFC7416" sectionFormat="of" section="7"/>), DoS attacks whereby a rogue 6LR creates a high churn in the RPL network by advertising and removing many forged addresses, or a bombing attack whereby an impersonated 6LBR would destroy state in the network by usingthea status code of 4("Removed").("Removed") <xref target="RFC8505"/>. </t><t> This trust model couldbebe, at aminimumminimum, based ona Layer-2 SecureLayer 2 secure joining andthe Link-Layerlink-layer security. This is a generic 6LoWPANrequirement,requirement; seeReq5.1Req-5.1 inAppendix B.5 of<xreftarget='RFC8505'/>.target="RFC8505" format="default" section="B.5" sectionFormat="of" derivedLink="https://rfc-editor.org/rfc/rfc8505#appendix-B.5" derivedContent="RFC8505"/>. </t><t> In a general manner, the Security Considerationsinsections of <xref target='RFC6550'/>, <xreftarget='RFC7416'/>target='RFC7416'/>, <xref target='RFC6775'/>, and <xref target='RFC8505'/> apply to this specification as well. </t><t>The Link-LayerIn particular, link-layer security is neededin particularto preventDenial-Of-ServiceDoS attacks whereby a rogue 6LN creates a high churn in the RPL network by constantly registering and deregistering addresses with the RFlagflag set to 1 in the EARO. </t> <t> <xref target='RFC8928'/> updated 6LoWPAN ND withthe called Address-Protected Neighbor Discovery (AP-ND).AP-ND. AP-ND protects the owner of an address against address theft and impersonation attacks ina Low-Power and Lossy Network (LLN).an LLN. Nodes supporting the extension compute a cryptographic identifier(Crypto-ID),(Crypto-ID) and use it with one or more of their Registered Addresses. The Crypto-ID identifies the owner of the Registered Address and can be used to provide proof of ownership of the Registered Addresses. Once an address is registered with theCrypto-IDCrypto&nbhy;ID andaproof of ownership is provided, only the owner of that address can modify the registration information, thereby enforcingSource Address Validation.SAVI. <xref target='RFC8928'/> reduces evenmorefurther the attack perimeter that is available to the edgenodesnodes, and its use is suggested in this specification. </t><t> Additionally, the trust model could includearole validation (e.g., usingarole-based authorization) to ensure that the node that claims to be a 6LBR or a RPLRootDODAG root is entitled to do so. </t><t> The Opaque field in the EARO enables the RUL to suggest a RPLInstanceID where its traffic is placed. It is also possible for an attacker RUL to include an RPI in the packet. This opens the door to attacks where a RPLinstanceInstance would be reserved for critical traffic, e.g., with a specific bandwidth reservation, that the additional traffic generated by a rogue may disrupt. The attack may be alleviated by traditional access control andtraffic shapingtraffic-shaping mechanisms where the 6LR controls the incoming traffic from the 6LN. More importantly, the 6LR is the node that injects the traffic in the RPL domain, so it has the final word on whichRPLInstanceRPL Instance is to be used for the traffic coming from the RUL, per its own policy. In particular, a policy can override the formal language that forcestothe use of the Opaque field orto rewritethe rewriting of the RPI provided by the RUL, in a situation where the network administrator finds it relevant. </t><t> At the time of this writing, RPL does not have aRoute Ownership Validationroute ownership validation model whereby it is possible to validate the origin of an address that is injected in a DAO. This specification makes a first step in that direction by allowing theRootroot to challenge the RUL via the 6LR that serves it. </t><t> <xref target='tgt'/> indicates that when the length of the ROVR field is unknown, the RPL TargetOptionoption must be passed on as received in RPLstoring Mode.Storing mode. This creates a possible opening for using DAO messages as a covert channel. Note that DAO messages arerarerare, and overusing that channel could be detected. An implementationSHOULD<bcp14>SHOULD</bcp14> notify the network management system when a RPL TargetOptionoption isreceivesreceived with an unknown ROVR field size, to ensure that thesituationnetwork administrator isknown toaware of thenetwork administrator.situation. </t><t> <xreftarget='I-D.ietf-roll-efficient-npdao'/>target='RFC9009'/> introduces the ability for a rogue common ancestor node to invalidate a route on behalf of the target node. In this case, the RPL Status in the DCO has the 'A' flag set to 0, andaan NA(EARO) is returned to the 6LN with the R flag set to 0. This encourages the 6LN to try another 6LR. If a 6LR exists that does not use the rogue common ancestor, then the 6LN will eventually succeed gaining reachability over the RPL network in spite of the rogue node. </t> </section> <section anchor='iana-considerations'><name>IANA Considerations</name> <section anchor='iana-arof'><name>Fixing the Address Registration Option Flags</name><t>Section 9.1 of <xref target='RFC8505'/> creates<t><xref target="RFC8505" sectionFormat="of" section="9.1"/> created aRegistryregistry for the 8-bit Address Registration Option Flags field. IANAis requested to renamehas renamed the first column of the table from "ARO Status" to "Bitnumber".Number". </t> </section><!-- Fixing the Address Registration Option Flags --><section anchor="iana-aro"><name>Resizing the ARO Statusvalues</name> <t> Section 12 of <xref target='RFC6775'/> createsValues</name> <t><xref target="RFC6775" sectionFormat="of" section="12"/> created theAddress"Address Registration Option Statusvalues RegistryValues" registry with a range of 0-255. </t> <t> This specification reduces that range to0-63,0-63; see <xref target='stat'/>. </t> <t> IANAis requested to modifyhas modified theAddress"Address Registration Option Statusvalues RegistryValues" registry so that the upper bound of the unassigned values is 63. This documentshould behas been added as a reference. The registration proceduredoeshas notchange.changed. </t> </section><!-- end section "New ARO Status values" --><section anchor="iana-conf"><name>New RPL DODAG Configuration Option Flag</name> <t> IANAis requested to assign ahas assigned the following flagfromin the "DODAG Configuration Option Flags for MOP 0..6"<xref target='I-D.ietf-roll-useofrplinfo'/>registryas follows:<xref target='RFC9008'/>: </t> <table anchor="nexndopt"><name>New DODAG Configuration Option Flag</name> <thead> <tr><td>Bit Number</td><td>Capability Description</td><td>Reference</td></tr> </thead><tbody><tr><td>1 (suggested)</td><td>Root<tr><td>1</td><td>Root Proxies EDAR/EDAC(P)</td><td>THIS RFC</td></tr>(P)</td><td>RFC 9010</td></tr> </tbody> </table> <t>IANAis requested to add [this document]has added this document as a reference for MOP 7 in the RPLMode"Mode ofOperationOperation" registry. </t></section><!-- New RPL DODAG Configuration Option Flag --></section> <section anchor="iana-full"><name>RPL Target Option Flags Registry</name> <t> This document modifies the "RPL Target Option Flags" registry initially createdin Section 20.15 ofper <xreftarget='RFC6550'/> .target="RFC6550" sectionFormat="of" section="20.15"/>. The registry now includes only 4 bits (<xref target='tgt'/>) andshould point tolists this document as an additional reference. The registration proceduredoeshas notchange.changed. </t><t> <xref target='tgt'/> also defines2two new entries in theRegistryregistry, as follows: </t> <table anchor="ianatarget"><name>RPL Target Option Flags Registry</name> <thead> <tr><td>Bit Number</td><td>Capability Description</td><td>Reference</td></tr> </thead><tbody><tr><td>0 (suggested)</td><td>Advertiser<tr><td>0</td><td>Advertiser address in Full(F)</td><td>THIS RFC</td></tr> <tr><td>1 (suggested)</td><td>Proxy(F)</td><td>RFC 9010</td></tr> <tr><td>1</td><td>Proxy EDAR Requested(X)</td><td>THIS RFC</td></tr>(X)</td><td>RFC 9010</td></tr> </tbody> </table> </section> <section anchor='iana-stats-nonrej'><name>New Subregistry for RPL Non-Rejection Statusvalues </name>Values</name> <t>This specification createsIANA has created a newSubregistrysubregistry for the RPL Non-Rejection Status values for use in the RPL DAO-ACK, DCO, and DCO-ACK messages with the 'A' flag set to0,0 and the 'U' flag set to 1, under theRPL"Routing Protocol for Low Power and Lossy Networks (RPL)" registry. </t> <ul spacing='normal'><li> Possible<li>Possible values are 6-bit unsigned integers (0..63).</li><li> Registration<li>The registration procedure is"IETF Review"IETF Review <xref target='RFC8126'/>.</li><li> Initial<li>The initial allocation is as indicated in <xref target='iana-ACK-Status'/>:</li> </ul> <table anchor='iana-ACK-Status'><name>AcceptancevaluesValues of the RPL Status</name> <thead> <tr><td>Value</td><td>Meaning</td><td>Reference</td></tr> </thead><tbody><tr><td>0</td><td>Unqualified acceptance</td><td>THIS RFC<tr><td>0</td><td>Success /RFCUnqualified acceptance</td><td>RFC 6550</td></tr> <!-- <tr><td>1</td><td> No routing-entry for the indicated Target found</td><td><xref target='I-D.ietf-roll-efficient-npdao'/></td></tr> -->/ RFC 9010</td></tr> <tr><td>1..63</td><td>Unassigned</td><td></td></tr> </tbody> </table> </section><!-- New Subregistry for RPL Non-Rejection Status values --><section anchor='iana-stats-rej'><name>New Subregistry for RPL Rejection Statusvalues </name>Values</name> <t>This specification createsIANA has created a newSubregistrysubregistry for the RPL Rejection Status values for use in the RPL DAO-ACK and DCO messages with the 'A' flag set to0,0 and the 'U' flag set to 1, under theRPL"Routing Protocol for Low Power and Lossy Networks (RPL)" registry. </t><ul spacing='normal'><li> Possible<li>Possible values are 6-bit unsigned integers (0..63).</li><li> Registration<li>The registration procedure is"IETF Review"IETF Review <xref target='RFC8126'/>.</li><li> Initial<li>The initial allocation is as indicated in <xref target='iana-nack-Status'/>:</li> </ul> <table anchor='iana-nack-Status'><name>RejectionvaluesValues of the RPLStatus </name>Status</name> <thead> <tr><td>Value</td><td>Meaning</td><td>Reference</td></tr> </thead><tbody> <tr><td>0</td><td>Unqualifiedrejection</td><td>THIS RFC</td></tr> <tr><td>1 (suggested in <xref target='I-D.ietf-roll-efficient-npdao'/>)</td><td>Norejection</td><td>RFC 9010</td></tr> <tr><td>1</td><td>No routingentry</td><td><xref target='I-D.ietf-roll-efficient-npdao'/></td></tr>entry</td><td>RFC 9009</td></tr> <tr><td>2..63</td><td>Unassigned</td><td></td></tr> </tbody> </table> </section><!-- Subregistry for RPL Rejection Status values --> </section> <section anchor='Acks'><name>Acknowledgments</name> <t> The authors wish to thank Ines Robles, Georgios Papadopoulos and especially Rahul Jadhav and Alvaro Retana for their reviews and contributions to this document. Also many thanks to Eric Vyncke, Erik Kline, Murray Kucherawy, Peter Van der Stok, Carl Wallace, Barry Leiba, Julien Meuric, and especially Benjamin Kaduk and Elwyn Davies, for their reviews and useful comments during the IETF Last Call and the IESG review sessions. </t></section> </middle> <back><!-- <displayreference target="RFC8928" to="AP-ND"/> <displayreference target="RFC8929" to="6BBR"/> --> <displayreference target="I-D.ietf-roll-useofrplinfo" to="USEofRPLinfo"/> <displayreference target="I-D.ietf-roll-efficient-npdao" to="EFFICIENT-NPDAO"/> <references><name>Normative<references> <name>References</name> <references> <name>Normative References</name> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml'/> <xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3810.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4861.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3810.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6550.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4861.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6775.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6550.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7102.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6775.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7400.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7102.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7400.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8504.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8505.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8504.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8928.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8505.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-roll-useofrplinfo.xml'/> <xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-roll-efficient-npdao.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8928.xml'/> <!-- draft-ietf-roll-useofrplinfo (RFC 9008) --> <reference anchor='RFC9008' target="https://www.rfc-editor.org/info/rfc9008"> <front> <title>Using RPI Option Type, Routing Header for Source Routes, and IPv6-in-IPv6 Encapsulation in the RPL Data Plane</title> <author initials='M.I.' surname='Robles' fullname='Ines Robles'> <organization /> </author> <author initials='M' surname='Richardson' fullname='Michael Richardson'> <organization /> </author> <author initials='P' surname='Thubert' fullname='Pascal Thubert'> <organization /> </author> <date month='April' year='2021'/> </front> <seriesInfo name="RFC" value="9008"/> <seriesInfo name="DOI" value="10.17487/RFC9008"/> </reference> <!-- draft-ietf-roll-efficient-npdao (RFC 9009) --> <reference anchor='RFC9009' target="https://www.rfc-editor.org/info/rfc9009"> <front> <title>Efficient Route Invalidation</title> <author initials='R' surname='Jadhav' fullname='Rahul Jadhav' role="editor"> <organization /> </author> <author initials='P' surname='Thubert' fullname='Pascal Thubert'> <organization /> </author> <author initials='R' surname='Sahoo' fullname='Rabi Sahoo'> <organization /> </author> <author initials='Z' surname='Cao' fullname='Zhen Cao'> <organization /> </author> <date month='April' year='2021'/> </front> <seriesInfo name="RFC" value="9009"/> <seriesInfo name="DOI" value="10.17487/RFC9009"/> </reference> </references> <references><name>Informative References</name> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4919.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4919.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4862.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4862.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6553.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6553.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6554.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6554.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6606.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6606.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7039.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7039.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7228.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7228.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8138.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8138.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8415.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8415.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6282.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6282.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6687.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6687.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7416.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7416.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8025.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8025.xml'/> <xi:includehref='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8929.xml'/>href='https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8929.xml'/> </references> </references> <section anchor='u8138'><name>Example Compression</name> <t> <xref target='rtghc'/> illustrates the case in StoringModemode where the packet is received from the Internet, then theRootroot encapsulates the packet to insert the RPI and deliver it to the 6LR that is the parent and last hop to the final destination, which is not known to support <xref target='RFC8138'/>. </t> <figure anchor='rtghc'><name>Encapsulation to Parent 6LR in Storing Mode</name> <artwork> <![CDATA[ +-+ ... -+-+ ... +-+- ... -+-+ ... -+-+-+ ... +-+-+ ... -+ ... +-... |11110001|SRH-6LoRH| RPI- |IP-in-IP| NH=1 |11110CPP| UDP | UDP |Page 1 |Type1 S=0| 6LoRH | 6LoRH |LOWPAN_IPHC| UDP | hdr |Payld +-+ ... -+-+ ... +-+- ... -+-+ ... -+-+-+ ... +-+-+ ... -+ ... +-... <-4 bytes-> <- RFC 6282 -> <- No RPL artifact... ]]></artwork></figure>...]]></artwork></figure> <t> The differencewithfrom the example presented in Figure 19 of <xref target='RFC8138'/> is the addition ofaan SRH-6LoRH before the RPI-6LoRH to transport the compressed address of the 6LR as the destination address of the outer IPv6 header. IntheFigure 19 of <xreftarget='RFC8138'/> exampletarget='RFC8138'/>, the destination IP of the outer header was elided and was implicitly the same address as the destination of the inner header. Type 1 was arbitrarily chosen, and the size of 0 denotes a single address in the SRH. </t> <t> In <xref target='rtghc'/>, the source of the IPv6-in-IPv6 encapsulation is theRoot,root, so it is elided in the IPv6-in-IPv6 6LoRH. The destination is the parent 6LR of the destination of the encapsulatedpacketpacket, so it cannot be elided. If the DODAG is operated in StoringMode,mode, it is the single entry in the SRH-6LoRH and the SRH-6LoRH Size is encoded as 0. The SRH-6LoRH is the first 6LoRH in the chain. In this particular example, the 6LR address can be compressed to 2bytesbytes, so a Type of 1 is used.It resultsThe result is that the total length of the SRH-6LoRH is 4 bytes. </t> <t> In Non-StoringMode,mode, the encapsulation from theRootroot would be similar to that represented in <xref target='rtghc'/> with possibly more hops in theSRH-6LoRHSRH&nbhy;6LoRH and possibly multiple SRH-6LoRHs if the various addresses in the routing header are not compressed to the same format. Note that on the last hop to the parent 6LR, the RH3 is consumed and removed from the compressed form, so the use of Non-StoringMode vs. Storing Modemode vs. Storing mode is indistinguishable from the packet format. </t> <t> The SRH-6LoRHs are followed by the RPI-6LoRH and then the IPv6-in-IPv6 6LoRH. When the IPv6-in-IPv6 6LoRH is removed, all the 6LoRH Headers that precede it are also removed. The Paging Dispatch <xref target='RFC8025'/> may also be removed if there was no previous Page change to a Page other than 0 or 1, since and in Page 1. The resulting packet to the destination is the encapsulated packet compressedwithper <xref target='RFC6282'/>. </t> </section> <section anchor='Acks' numbered="false"><name>Acknowledgments</name> <t> The authors wish to thank <contact fullname="Ines Robles"/>, <contact fullname="Georgios Papadopoulos"/>, and especially <contact fullname="Rahul Jadhav"/> and <contact fullname="Alvaro Retana"/> for their reviews and contributions to this document. Also many thanks to <contact fullname="Éric Vyncke"/>, <contact fullname="Erik Kline"/>, <contact fullname="Murray Kucherawy"/>, <contact fullname="Peter van der Stok"/>, <contact fullname="Carl Wallace"/>, <contact fullname="Barry Leiba"/>, <contact fullname="Julien Meuric"/>, and especially <contact fullname="Benjamin Kaduk"/> and <contact fullname="Elwyn Davies"/>, for their reviews and useful comments during the IETF Last Call and the IESG review sessions. </t> </section> </back> </rfc>