Internet-Draft | Prefix Registration | November 2024 |
Thubert | Expires 13 May 2025 | [Page] |
This document updates IPv6 Neighbor Discovery RFC4861 and the 6LoWPAN extensions (RFC8505, RFC8928, RFC7400) to enable a node that owns or is directly connected to a prefix to register that prefix to neighbor routers. The registration indicates that the registered prefix can be reached via the advertising node without a loop. The unicast prefix registration also provides a protocol-independent interface for the node to request neighbor router(s) to redistribute the prefix to the larger routing domain using their specific routing protocols. This document extends RPL (RFC6550, RFC6553, RFC9010) to enable the 6LR to inject the registered prefix in RPL.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 13 May 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The design of Low Power and Lossy Networks (LLNs) is generally focused on saving energy, which is the most constrained resource of all. Other design constraints, such as a limited memory capacity, duty cycling of the LLN devices and low-power lossy transmissions, derive from that primary concern. The radio (both transmitting or simply listening) is a major energy drain and the LLN protocols must be adapted to allow the nodes to remain sleeping with the radio turned off at most times.¶
6LoWPAN was a pioneering attempt at the IETF to design protocols that conserve energy, with the primary goal to serve LLNs, though the general design could be applied in other environments where lowering carbon emissions is also a priority. The general design points include:¶
This translates into:¶
The "Routing Protocol for Low Power and Lossy Networks" [RFC6550] (RPL) provides IPv6 [RFC8200] routing services within such constraints. To save signaling and routing state in constrained networks, the RPL routing is only performed along a Destination-Oriented Directed Acyclic Graph (DODAG) that is optimized to reach a Root node, as opposed to along the shortest path between 2 peers, whatever that would mean in each LLN.¶
The classical Neighbor Discovery (IPv6 ND) Protocol [RFC4861] [RFC4862] was defined for serial links and shared transit media such as Ethernet at a time when broadcast was cheap on those media while memory for neighbor cache was expensive. It was thus designed as a reactive protocol that relies on caching and multicast operations for the Address Resolution (AR, aka Address Discovery or Address Lookup) and Duplicate Address Detection (DAD) of IPv6 unicast addresses. Those multicast operations typically impact every node on-link when at most one is really targeted, which is a waste of energy, and imply that all nodes are awake to hear the request, which is inconsistent with power saving (sleeping) modes.¶
The "Architecture and Framework for IPv6 over Non-Broadcast Access" (NBMA) [I-D.ietf-6man-ipv6-over-wireless] introduces an evolution of IPv6 ND towards a proactive AR method also called Stateful Address Autoconfiguration (SFAAC). Because the IPv6 model for NBMA depends on a routing protocol to reach inside the Subnet, the IPv6 ND extension for NBMA is referred to as Subnet Neighbor Discovery (SND). SND is based on work done in the context of IoT, known as 6LoWPAN ND. As opposed to the classical IPv6 ND Protocol, this evolution follows the energy conservation principles discussed above:¶
This specification extends the above registration and subscription methods to enable a node to register a prefix to the routing system and get it injected in the routing protocol. As with [RFC8505], the prefix registration is agnostic to the routing protocol in which the router injects the prefix, and the router is agnotic to the method that was used to allocate the prefix to the node. The energy conservation principles in [RFC8505] are retained as well, meaning that the node does not have to send or expect asynchronous broadcast messages.¶
It can be noted that an energy-conserving node is not necessarily a router, so even when advertising a prefix, it is a design choice not to use RA messages that would make the node appear as a router to peer nodes. From the design principles above, it is clearly a design choice not to leverage broadcasts from or to the node, or complex state machines in the node. It is also a design choice to use and extend the EARO as opposed to the Route Information Option (RIO) [RFC4191] because the RIO is explicitly not intended to serve in routing, and is lacking related control information like the R bit in the EARO. Additionally, an RA with RIO cannot be trusted for a safe injection in the routing protocol for the lack of the equivalent of the Registration Ownership Verifier (ROVR) [RFC8928] in the EARO.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
In addition, the terms "Extends" and "Amends" are used as per [I-D.kuehlewind-update-tag] section 3.¶
This document uses terms and concepts that are discussed in:¶
This document uses the following abbreviations:¶
This document introduces the following terms:¶
This specification inherits from [RFC6550], [RFC8505], and [RFC9010] to register prefixes as opposed to addresses. Unless specified otherwise therein, the behavior of the 6LBR that acts as RPL Root, of the intermediate routers down the RPL graph, of the 6LRs that act as access routers and of the 6LNs that are the RPL-unaware destinations, is the same as for unicast addresses. In particular, forwarding a packet happens as specified in section 11 of [RFC6550], including loop avoidance and detection, though in the case of multicast multiple copies might be generated.¶
[RFC8505] is a pre-requisite to this specification. A node that implements this MUST also implement [RFC8505]. This specification does not introduce a new option; it modifies existing options and updates the associated behaviors to enable the Registration for Multicast Addresses as an extension to [RFC8505].¶
This specification updates the P field introduced in [I-D.ietf-6lo-multicast-registration] for use in EARO, DAR, and RTO, with the new value of 3 to indicate the registration of a prefix, as detailed in Section 7.2. With this extension the 6LNs can now attract the traffic for a full prefix, using the P field value of 3 in the EARO to signal that the registration is for a prefix. Multiple 6LNs may register the same prefix to the same 6LR or to different 6LRs.¶
If the R flag is set in the registration of one or more 6LNs for the same prefix, the 6LR is requested to redistribute the prefix in other routing protocol (e.g., RPL), based on the longest registration lifetime across the active registrations for the prefix.¶
This specification extends 6LoWPAN work, and it is certainly possible to leverage it between the 6LN and the 6LR where the 6LR is a RPL router, as discussed in Section 3.1. But as for [RFC8505] in general, this specification applies, beyond IoT use cases, to networks that are not necessarily LLNs, and/or where the routing protocol between the 6LR and above is not necessarily RPL. Examples of shared links and hub links are provided in Section 3.2 and Section 3.3, respectively.¶
This specification also extends [RFC6550] and [RFC9010] in the case of a route-over multilink subnet based on the RPL routing protocol, to add multicast ingress replication in Non-Storing Mode and anycast support in both Storing and Non-Storing modes. A 6LR that implements the RPL extensions specified therein MUST also implement [RFC9010].¶
Figure 1 illustrates the classical situation of an LLN as a single IPv6 Subnet, with a 6LoWPAN Border Router (6LBR) that acts as Root for RPL operations and maintains a registry of the active registrations as an abstract data structure called an Address Registrar for 6LoWPAN ND.¶
The LLN may be a hub-and-spoke access link such as (Low-Power) Wi-Fi [IEEE80211] and Bluetooth (Low Energy) [IEEE802151], or a Route-Over LLN such as the Wi-SUN and 6TiSCH meshes [I-D.heile-lpwan-wisun-overview] that leverage 6LoWPAN [RFC4919][RFC6282] and RPL [RFC6550] over [IEEE802154].¶
A leaf acting as a 6LN registers its unicast, multicast, and anycast addresses to a RPL router acting as a 6LR, using a layer-2 unicast NS message with an EARO as specified in [RFC8505] and [I-D.ietf-6lo-multicast-registration]. The registration state is periodically renewed by the Registering Node, before the lifetime indicated in the EARO expires. As for unicast IPv6 addresses, the 6LR uses an EDAR/EDAC exchange with the 6LBR to notify the 6LBR of the presence of the listeners. With this specification, a router that owns a prefix or provides reachability to an external prefix but is not a RPL router can also register those prefixes with the R flag set, to enable reachability to the Prefix within the RPL domain.¶
A hub link is a situation where stub links are deployed around a hub link and interconnected by routers. Figure 3 depicts such a situation, with one router 6LR1 serving the hub link and at least one router like 6LR2 and 6LR3 providing connectivity from the stub links to the hub link. In this example, say that there is one prefix on each link, P1:: on the hub link and P2:: and P3:: on the stub links.¶
As before, say that 6LR1 is the router providing access to the outside, and 6LR2 is aware of 6LR1 as its default gateway. With this specification, 6LR2 registers P2:: to 6LR1 and 6LR1 installs a route to P2:: via 6LR2. This way, nodes on the stub link behind 6LR2 that derive their addresses from P2:: can still be reached via 6LR1 and then 6LR2. The same goes for 6LR3 and any other routers serving stub links.¶
If P2 was delegated by 6LR1, then the expectation is that 6LR1 aggregates P1:: and P2:: in its advertisements to the outside, and there is no need to set the R flag. But unless 6LR2 knows about such a situation, e.g., through configuration, 6LR2 SHOULD set the R flag requesting 6LR1 to advertise P2:: so as to obtain reachability.¶
[RFC4861] expects that the NS/NA exchange is for a unicast address, which is indicated in the Target Address field of the ND message. This specification Amends [RFC4861] by allowing a 6LN to advertise a prefix in the Target Address field when the NS or NA message is used for a registration, per section 5.5 of [RFC8505]; in that case, the prefix length is indicated in the EARO of the NS message, overloading the field that is used in the NA response for the Status.¶
This specification Extends "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)" [RFC7400] by defining a new capability bit for use in the 6CIO. [RFC7400] was already extended by [RFC8505] for use in IPv6 ND messages.¶
The new "Registration for prefixes Supported" (F) flag indicates to the 6LN that the 6LR accepts IPv6 prefix registrations as specified in this document and will ensure that packets for the addresses that match this prefix will be routed to the 6LNs that registered the prefix, and the route to the prefix will be redistributed if the R flag is set to 1.¶
Figure 4 illustrates the F flag in its position (7, counting 0 to 15 in network order in the 16-bit array), to be confirmed by IANA, and updated by RFC Editor if needed.¶
New Option Field:¶
[RFC6550] uses the Path Sequence in the Transit Information Option (TIO) to retain only the freshest unicast route and remove stale ones, e.g., in the case of mobility. [RFC9010] copies the TID from the EARO into the Path Sequence, and the ROVR field into the associated RPL Target Option (RTO). This way, it is possible to identify both the registering node and the order of registration in RPL for each individual advertisement, so the most recent path and lifetime values are used.¶
[I-D.ietf-6lo-multicast-registration] requires the use of the ROVR field as the indication of the origin of a Target advertisement in the RPL DAO messages, as specified in section 6.1 of [RFC9010]. For anycast and multicast advertisements (in NS or DAO messages), multiple origins may subscribe to the same address, in which case the multiple advertisements from the different or unknown origins are merged by the common parent; in that case, the common parent becomes the origin of the merged advertisements and uses its own ROVR value. On the other hand, a parent that propagates an advertisement from a single origin uses the original ROVR in the propagated RTO, as it does for unicast address advertisements, so the origin is recognized across multiple hops.¶
This specification Extends [RFC6550] to require that, for prefix routes, the Path Sequence is used between and only between advertisements for the same Target and from the same origin (i.e., with the same ROVR value); in that case, only the freshest advertisement is retained. But the freshness comparison cannot apply if the origin is not determined (i.e., the origin did not support this specification).¶
[RFC6550] uses the Path Lifetime in the TIO to indicate the remaining time for which the advertisement is valid for unicast route determination, and a Path Lifetime value of 0 invalidates that route. [RFC9010] maps the Address Registration lifetime in the EARO and the Path Lifetime in the TIO so they are comparable when both forms of advertisements are received.¶
The RPL router that merges multiple advertisements for the same prefix uses and advertises the longest remaining lifetime across all the origins of the advertisements for that prefix. When the lifetime expires, the router sends a no-path DAO (i.e., the lifetime is 0) using the same value for ROVR value as for the previous advertisements, that is either itself or the single descendant that advertised the Target.¶
Note that the Registration Lifetime, TID and ROVR fields are also placed in the EDAR message so the state created by EDAR is also comparable with that created upon an NS(EARO) or a DAO message. For simplicity the text below mentions only NS(EARO) but applies also to EDAR.¶
[I-D.ietf-6lo-multicast-registration] defines a P-field of 2 bits and defines the values 0 to 2, leaving the value of 3 reserved. This specification adds a new value to the P field to signal that the Registered Address is a prefix. The receiver installs a route to the prefix via the sender's address used as source address in the NS(EARO) registration message.¶
This specification assigns the value of 3, resulting in the complete table as follows:¶
Value | Meaning |
0 | Registration for a Unicast Address |
1 | Registration for a Multicast Address |
2 | Registration for an Anycast Address |
3 | Registration for a Unicast prefix |
Section 4.1 of [RFC8505] defines the EARO as an extension to the ARO option defined in [RFC6775].¶
The Status Field that is used only when the EARO is placed in an NA message. This specification repurposes that field to carry the prefix length (plen) when the EARO is placed in an NS message as illustrated in Figure 5. The plen is expressed as 7 bits and the most significant bit of the field is reserved. A 7-bit value of 0 is understood as a truncated 128, meaning that this registration is for an address as opposed to a prefix. This approach is backward compatible with [RFC8505] and spans both addresses and prefixes.¶
This specification adds a new F flag to signal that the Registered Prefix is topologically correct through the Registering Node. This means that the Registering Node can relay packets that are sourced in the Registered Prefix to the outside, and the packets will be not be filtered by the application of [BCP38]. The receiver forwards packets to the Registering Node address when the source address of the packets derives from the Registered Prefix. Note that to avoid loops, the receiver must be in the inside so packets sent by the sender towards the outside may never reach the receiver. The notion of inside and outside are administratively defined, e.g., inside is a particular Layer-2 network such as an Ethernet fabric.¶
When the F flag is not set, the Registering Node owns the prefix and will deliver packets to the destination if the destination address derives from the prefix. Conversely, if the F flag is set, the Registering Node will forward traffic whose source address derives from the Registered Prefix into a network location (e.g., to an ISP Provider Edge) where this source address is topologically correct (e.g., derives from a prefix assigned by that ISP). The F flag is encoded in the most significant bit of the EARO status field when the status field is used to transport a Prefix Length as shown in Figure 5.¶
New and updated Option Fields:¶
This specification adds the new value of 3 to the P field to signal that the Registered Address is a prefix. When that is the case, the prefix is assumed to be less than 120 bits long, padded with zeros up to 120 bits, and the remaining 8 bits are dedicated to the prefix length.¶
Figure 6 illustrates the EDAR message when the value of the P field is 3.¶
New and updated Option Fields:¶
This specification adds the following behavior, similar to that introduced by [I-D.ietf-6lo-multicast-registration] for multicast addresses:¶
The ARO Status indicating a "Registration Refresh Request" applies to prefixes as well.¶
This status is used in asynchronous NA(EARO) messages to indicate to peer 6LNs that they are requested to reregister all addresses and prefixes that were previously registered to the originating node. The NA message MAY be sent to a unicast or a multicast link-scope address and SHOULD be contained within the L2 range where nodes may effectively have registered/subscribed to this router, e.g., a radio broadcast domain to preserve energy and spectrum.¶
A device that wishes to refresh its state, e.g., upon reboot if it may have lost some registration state, SHOULD send an asynchronous NA(EARO) with this new status value. That asynchronous NA(ARO) SHOULD be sent to the all-nodes link scope multicast address (FF02::1) and Target MUST be set to the link local address that was exposed previously by this node to accept registrations, and the TID MUST be set to 0.¶
In an unreliable environment, the multicast NA(EARO) message may be resent in a fast sequence, in which case the TID is incremented each time. A 6LN that has recently processed the NA(ARO) ignores the NA(EARO) with a newer TID received within the duration of the fast sequence. That duration depends on the environment and has to be configured. By default, it is of 10 seconds.¶
Registration for prefixes is now supported. The value of 3 in the P field of the EARO and the EDAR message signals when the registration is for a prefix as opposed to an address. DAD for prefixes and addresses becomes a prefix overlap match. Whether overlapping addresses and prefixes may be registered is a network policy decision and out of scope. The same prefix may be injected twice (multiple routes) as long as they use the same value of the ROVR.¶
Overlaps may be desirable. It may happen for instance that a proxy registers a prefix while a host using an address from that prefix also registers. It might also occur that an aggregated prefix is owned as a catch all, and subdivided into subnets that are allocated to and then registered by other nodes.¶
In case of an overlapping registration, the longest match wins, meaning that if the network policy allows for overlapping registrations, then the routes for the registered prefixes are installed towards the node that registered with the longest match, all the way to /128.¶
This specification adds the following behavior:¶
Address-Protected Neighbor Discovery for Low-Power and Lossy Networks [RFC8928] was defined to protect the ownership of unicast IPv6 addresses that are registered with [RFC8505].¶
With [RFC8928], it is possible for a node to autoconfigure a pair of public and private keys and use them to sign the registration of addresses that are either autoconfigured or obtained through other methods.¶
The first hop router (the 6LR) can then validate a registration and perform source address validation on packets coming from the sender node (the 6LN).¶
Prefixes are not always owned by one node. Multiple nodes may register the same prefix. In that context, the method specified in [RFC8928] cannot be used with node-local autoconfigured keypairs which protect a single ownership only.¶
For a prefix, as for an anycast or a multicast address, it is still possible to leverage [RFC8928] to enforce the right to register. If [RFC8928] is used, a keypair MUST be created and associated with the prefix before the prefix is deployed, and a ROVR MUST be generated from that keypair as specified in [RFC8928]. The prefix and the ROVR MUST then be installed in the 6LBR at the first registration, or by an external mechanism such as IP Address Management (IPAM) or DHCPv6 snooping prior to the first registration. This way, the 6LBR can recognize the prefix on the future registrations and validate the right to register based on the ROVR.¶
The keypair MUST then be provisioned in each node that needs to register the prefix or a prefix within, so the node can follow the steps in [RFC8928] to register the prefix.¶
Upon receiving an NA Message with the status set to 5 "Validation Requested", the node that registered the address or prefix performs the proof of ownership based on that longest match.¶
This specification extends [RFC8505], and the security section of that document also applies to this document. In particular, the link layer SHOULD be sufficiently protected to prevent rogue access.¶
Section 9 leverages [RFC8928] to prevent a rogue node to register a unicast address that it does not own. The mechanism could be extended to anycast and multicast addresses if the values of the ROVR they use is known in advance, but how this is done is not in scope for this specification. One way would be to authorize in advance the ROVR of the valid users. A less preferred way could be to synchronize the ROVR and TID values across the valid registering nodes as a preshared key material.¶
In the latter case, it could be possible to update the keys associated to a prefix in all the 6LNs, but the flow is not clearly documented and may not complete in due time for all nodes in LLN use cases. It may be simpler to install an all-new address with new keys over a period of time, and switch the traffic to that address when the migration is complete.¶
A legacy 6LN will not register prefixes and the service will be the same when the network is upgraded. A legacy 6LR will not set the F flag in the 6CIO and an upgraded 6LN will not register prefixes.¶
Upon an EDAR message, a legacy 6LBR may not realize that the address being registered is anycast or multicast, and return that it is duplicate in the EDAC status. The 6LR MUST ignore a duplicate status in the EDAR for anycast and multicast addresses.¶
Note to RFC Editor, to be removed: please replace "This RFC" throughout this document by the RFC number for this specification once it is allocated.¶
IANA is requested to make changes under the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" [IANA.ICMP] and the "Routing Protocol for Low Power and Lossy Networks (RPL)" [IANA.RPL] registry groupings, as follows:¶
This specification updates the P field introduced in [I-D.ietf-6lo-multicast-registration] to assign the value of 3, which is the only remaining unassigned value for the 2-bit field. To that effect, IANA is requested to update the "P-field values" registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 2:¶
Value | Meaning | Reference |
3 | Registration for a prefix | This RFC |
IANA is requested to make an addition to the "6LoWPAN Capability Bits" [IANA.ICMP.6CIO] registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 3:¶
Capability Bit | Meaning | Reference |
7 (suggested) | F flag: Registration for prefixes Supported (F) | This RFC |
Many thanks to Dave Thaler and Dan Romascanu for their early INT-DIR review.¶