6Lo                                                      P. Thubert, Ed.
Internet-Draft                                                     cisco
Intended status: Standards Track                         P. van der Stok
Expires: July 18, 2015                                        consultant
                                                        January 14, 2015


                Requirements for an update to 6LoWPAN ND
                draft-thubert-6lo-rfc6775-update-reqs-06

Abstract

   Work presented at the ROLL, 6lo, 6TiSCH and 6MAN Working Groups
   suggest that enhancements to the 6LoWPAN ND mechanism are now needed.
   This document elaborates on those requirements and suggests
   approaches to serve them.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 18, 2015.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Thubert & van der Stok    Expires July 18, 2015                 [Page 1]


Internet-Draft                6775bis reqs                  January 2015


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   6
     4.1.  Requirements Related to Mobility  . . . . . . . . . . . .   6
     4.2.  Requirements Related to Routing Protocols . . . . . . . .   7
     4.3.  Requirements Related to the Variety of Low-Power Link
           types . . . . . . . . . . . . . . . . . . . . . . . . . .   8
     4.4.  Requirements Related to Proxy Operations  . . . . . . . .   8
     4.5.  Requirements Related to Security  . . . . . . . . . . . .   9
     4.6.  Requirements Related to Scalability . . . . . . . . . . .  10
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  11
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
   7.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  11
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Appendix A.  Suggested Changes to Protocol Elements . . . . . . .  14
     A.1.  ND Neighbor Solicitation (NS) . . . . . . . . . . . . . .  14
     A.2.  ND Router Advertisement (RA)  . . . . . . . . . . . . . .  15
     A.3.  RPL DODAG Information Object (DIO)  . . . . . . . . . . .  15
     A.4.  ND Enhanced Address Registration Option (EARO)  . . . . .  15
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  17

1.  Introduction

   A number of use cases, including the Industrial Internet, require a
   large scale deployment of sensors that can not be realized with wires
   and is only feasible over wireless Low power and Lossy Network (LLN)
   technologies.  When simpler hub-and-spoke topologies are not
   sufficient for the expected throughput and density, mesh networks are
   deployed, which implies the routing of packets over the mesh,
   operated at either Layer-2 or Layer-3.

   For routing over a mesh at layer-3, the IETF has designed the IPv6
   Routing Protocol over LLN (RPL) [RFC6550].

   To assign routable addresses, DHCPv6 is still a viable option in
   LLNs.  However, the IETF standard that supports address assignment
   specifically for LLNs is 6LoWPAN ND, the Neighbor Discovery
   Optimization for Low-power and Lossy Networks [RFC6775]. 6LoWPAN ND
   was designed as a stand-alone mechanism separately from its IETF
   routing counterpart, the IPv6 Routing Protocol for Low power and
   Lossy Networks [RFC6550] (RPL), and the interaction between the 2
   protocols was not defined.




Thubert & van der Stok    Expires July 18, 2015                 [Page 2]


Internet-Draft                6775bis reqs                  January 2015


   The 6TiSCH WG is now considering an architecture
   [I-D.ietf-6tisch-architecture] whereby a 6LowPAN ND host could
   connect to the Internet via a RPL Network, but this requires
   additions to the 6LOWPAN ND protocol to support mobility and
   reachability in a secured and manageable environment.

   At the same time, new work at 6MAN on Efficiency aware IPv6 Neighbor
   Discovery Optimizations [I-D.chakrabarti-nordmark-6man-efficient-nd]
   suggests that 6LoWPAN ND can be extended to other types of networks
   on top of the Low power and Lossy Networks (LLNs) for which it was
   already defined.  The value of such extension is especially apparent
   in the case of mobile wireless devices, to reduce the multicast
   operations that are related to classical ND ([RFC4861], [RFC4862])
   and plague the wireless medium.  In this context also, there is a
   need for additions to 6LOWPAN ND.

   The Optimistic Duplicate Address Detection [RFC4429] (ODAD)
   specification details how an address can be used before a Duplicate
   Address Detection (DAD) is complete, and insists that an address that
   is TENTATIVE should not be associated to a Source Link-Layer Address
   Option in a Neighbor Solicitation message.  Applying this rule to
   6LOWPAN ND implies another change to its specification.

   In [I-D.richardson-6tisch--security-6top], the 6tisch working group
   considers the use of layer-2 security.  It develops a network
   bootstrap protocol that provides secure link connections at the same
   rate that nodes are discovered.  This approach needs the presence of
   a routing protocol to route packets from a joining node to a security
   providing node (e.g. a PCE or commissioning tool).

   This document suggests a limited evolution to [RFC6775] so as to
   allow operation of a 6LoWPAN ND node while a routing protocol (in
   first instance RPL) is present and operational.  It also suggests a
   more generalized use of the information in the ARO option of the ND
   messages outside the strict LLN domain, for instance over a converged
   backbone.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   Readers are expected to be familiar with all the terms and concepts
   that are discussed in "Neighbor Discovery for IP version 6"
   [RFC4861], "IPv6 Stateless Address Autoconfiguration" [RFC4862],
   "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs):
   Overview, Assumptions, Problem Statement, and Goals" [RFC4919],



Thubert & van der Stok    Expires July 18, 2015                 [Page 3]


Internet-Draft                6775bis reqs                  January 2015


   Neighbor Discovery Optimization for Low-power and Lossy Networks
   [RFC6775] and "Transmission of IPv6 Packets over IEEE 802.15.4
   Networks" [RFC4944].

   Additionally, this document uses terminology from 6TiSCH
   [I-D.ietf-6tisch-terminology] and ROLL [RFC7102].

3.  Overview

   This document is mostly motivated by the work ongoing in the 6TiSCH
   working group.  The 6TiSCH architecture
   [I-D.ietf-6tisch-architecture] draft explains the network
   architecture of a 6TiSCH network.  This architecture is used for the
   remainder of this document.

   The scope of the 6TiSCH Architecture is a Backbone Link that
   federates multiple LLNs (mesh) as a single IPv6 Multi-Link Subnet.
   Each LLN in the subnet is anchored at a Backbone Router (6BBR).  The
   Backbone Routers interconnect the LLNs over the Backbone Link and
   emulate that the LLN nodes are present on the Backbone thus creating
   a so-called: Multi-Link Subnet.  An LLN node can move freely from an
   LLN anchored at a Backbone Router to another LLN anchored at the same
   or a different Backbone Router inside the Multi-Link Subnet and
   conserve its addresses.



























Thubert & van der Stok    Expires July 18, 2015                 [Page 4]


Internet-Draft                6775bis reqs                  January 2015


               ---+------------------------
                  |          Plant Network
                  |
               +-----+
               |     | Gateway
               |     |
               +-----+
                  |
                  |    Backbone Link (with VLANs)
            +--------------------+------------------+
            |                    |                  |
         +-----+             +-----+             +-----+
         |     | Backbone    |     | Backbone    |     | Backbone
         |     | router      |     | router      |     | router
         +-----+             +-----+             +-----+
           | |                | | |                 |
           0 0                0 0 0      (6LBR == LLN border router)
        o o   o  o       o o   o  o  o         o  o  o  o o
       o  o o  o o       o   o  o  o  o     (6LR == LLN router)
       o   o  o  o          o    o  o             z
       o   o o               o  o                  z
              RPL Instances               (6LoWPAN Host == LLN host)


                       Figure 1: 6TiSCH architecture

   The 6LBR is the border router that is placed between the LLN and
   nodes outside the LLN.  The 6LBR is logically separated from the 6BBR
   that is used to connect the LLN to the backbone.  The 6LBR can use
   Efficient ND as the interface to register an LLN node in its topology
   to the 6BBR for whatever operation the 6BBR performs, such as ND
   proxy operations, or injection in a routing protocol.  It results
   that, as illustrated in Figure 2, the periodic signaling could start
   at the leaf node with 6LoWPAN ND, then would be routed to the 6LBR,
   and then with Efficient-ND to the 6BBR.  Efficient ND being an
   adaptation of 6LoWPAN ND, it makes sense to keep those two
   homogeneous in the way they use the source and the target addresses
   in the Neighbor Solicitation (NS) messages for registration, as well
   as in the options that they use for that process.












Thubert & van der Stok    Expires July 18, 2015                 [Page 5]


Internet-Draft                6775bis reqs                  January 2015


    6LoWPAN host        6LR             6LBR            6BBR

         |               |               |               |
         |  6LoWPAN ND   |  6LoWPAN ND   | Efficient ND  | IPv6 ND
         |   LLN link    |  IPv6 route   |  IPv6 link    | Backbone
         |               |               |               |
         |  NS(ARO)      |               |               |
         |-------------->|               |               |
         | 6LoWPAN ND    | DAR (then DAO)|               |
         |               |-------------->|               |
         |               |               |  NS(ARO)      |
         |               |               |-------------->|
         |               |               |               | DAD
         |               |               |               |------>
         |               |               |               |
         |               |               |  NA(ARO)      |
         |               |               |<--------------|
         |               | DAC           |               |
         |               |<--------------|               |
         |  NA(ARO)      |               |               |
         |<--------------|               |               |


          Figure 2: (Re-)Registration Flow over Multi-Link Subnet

   As the network builds up, a LoWPAN host starts as a leaf to join the
   LLN, and may later turn into a 6LR, so as to accept other nodes to
   recursively join the LLN.

   Section 5 of the 6TiSCH architecture [I-D.ietf-6tisch-architecture]
   provides more information on the need to update the protocols that
   sustain the requirements in the next section.

4.  Requirements

4.1.  Requirements Related to Mobility

   Due to the unstable nature of LLN links, even in a LLN of immobile
   nodes a 6LoWPAN Node may change its point of attachment to a 6LR, say
   6LR-a, and may not be able to notify 6LR-a.  Consequently, 6LR-a may
   still attract traffic that it cannot deliver any more.  When links to
   a 6LR change state, there is thus a need to identify stale states in
   a 6LR and restore reachability in a timely fashion.

   Req1.1: Upon a change of point of attachment, connectivity via a new
   6LR MUST be restored timely without the need to de-register from the
   previous 6LR.




Thubert & van der Stok    Expires July 18, 2015                 [Page 6]


Internet-Draft                6775bis reqs                  January 2015


   Req1.2: For that purpose, the protocol MUST enable to differentiate
   between multiple registrations from one 6LoWPAN Node and
   registrations from different 6LoWPAN Nodes claiming the same address.

   Req1.3: Stale states MUST be cleaned up in 6LRs.

   Req1.4: A 6LoWPAN Node SHOULD also be capable to register its Address
   to multiple 6LRs, and this, concurrently.

4.2.  Requirements Related to Routing Protocols

   The point of attachment of a 6LoWPAN Node may be a 6LR in an LLN
   mesh.  IPv6 routing in a LLN can be based on RPL, which is the
   routing protocol that was defined at the IETF for this particular
   purpose.  Other routing protocols than RPL are also considered by
   Standard Defining Organizations (SDO) on the basis of the expected
   network characteristics.  It is required that a 6LoWPAN Node attached
   via ND to a 6LR would need to participate in the selected routing
   protocol to obtain reachability via the 6LR.

   Next to the 6LBR unicast address registered by ND, other addresses
   including multicast addresses are needed as well.  For example a
   routing protocol often uses a multicast address to register changes
   to established paths.  ND needs to register such a multicast address
   to enable routing concurrently with discovery.

   Multicast is needed for groups.  Groups MAY be formed by device type
   (e.g. routers, street lamps), location (Geography, RPL sub-tree), or
   both.

   The Bit Index Explicit Replication (BIER) Architecture
   [I-D.wijnands-bier-architecture] proposes an optimized technique to
   enable multicast in a LLN with a very limited requirement for routing
   state in the nodes.

   Related requirements are:

   Req2.1: The ND registration method SHOULD be extended in such a
   fashion that the 6LR MAY advertise the Address of a 6LoWPAN Node over
   the selected routing protocol and obtain reachability to that Address
   using the selected routing protocol.

   Req2.2: Considering RPL, the Address Registration Option that is used
   in the ND registration SHOULD be extended to carry enough information
   to generate a DAO message as specified in [RFC6550] section 6.4, in
   particular the capability to compute a DAOSequence and, as an option,
   a RPLInstanceID.




Thubert & van der Stok    Expires July 18, 2015                 [Page 7]


Internet-Draft                6775bis reqs                  January 2015


   Req2.3: Multicast operations SHOULD be supported and optimized, for
   instance using BIER or MPL.  Whether ND is appropriate for the
   registration to the 6BBR is to be defined, considering the additional
   burden of supporting the Multicast Listener Discovery Version 2
   [RFC3810] (MLDv2) for IPv6.

4.3.  Requirements Related to the Variety of Low-Power Link types

   6LoWPAN ND [RFC6775] was defined with a focus on IEEE802.15.4 and in
   particular the capability to derive a unique Identifier from a
   globally unique MAC-64 address.  At this point, the 6lo Working Group
   is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique
   to other link types ITU-T G.9959 [I-D.brandt-6man-lowpanz], Master-
   Slave/Token-Passing [I-D.ietf-6lo-6lobac], DECT Ultra Low Energy
   [I-D.ietf-6lo-dect-ule], Near Field Communication
   [I-D.hong-6lo-ipv6-over-nfc], as well as IEEE1901.2 Narrowband
   Powerline Communication Networks
   [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] and BLUETOOTH(R)
   Low Energy [I-D.ietf-6lo-btle].

   Related requirements are:

   Req3.1: The support of the registration mechanism SHOULD be extended
   to more LLN links than IEEE 802.15.4, matching at least the LLN links
   for which an "IPv6 over foo" specification exists, as well as Low-
   Power Wi-Fi.

   Req3.2: As part of this extension, a mechanism to compute a unique
   Identifier should be provided, with the capability to form a Link-
   Local Address that SHOULD be unique at least within the LLN connected
   to a 6LBR discovered by ND in each node within the LLN.

   Req3.3: The Address Registration Option used in the ND registration
   SHOULD be extended to carry the relevant forms of unique Identifier.

   Req3.4: The Neighbour Discovery should specify the formation of a
   site-local address that follows the security recommendations from
   [RFC7217].

4.4.  Requirements Related to Proxy Operations

   Duty-cycled devices may not be able to answer themselves to a lookup
   from a node that uses classical ND on a backbone and may need a
   proxy.  Additionally, the duty-cycled device may need to rely on the
   6LBR to perform registration to the 6BBR.






Thubert & van der Stok    Expires July 18, 2015                 [Page 8]


Internet-Draft                6775bis reqs                  January 2015


   The ND registration method SHOULD defend the addresses of duty-cycled
   devices that are sleeping most of the time and not capable to defend
   their own Addresses.

   Related requirements are:

   Req4.1: The registration mechanism SHOULD enable a third party to
   proxy register an Address on behalf of a 6LoWPAN node that may be
   sleeping or located deeper in an LLN mesh.

   Req4.2: The registration mechanism SHOULD be applicable to a duty-
   cycled device regardless of the link type, and enable a 6BBR to
   operate as a proxy to defend the registered Addresses on its behalf.

   Req4.3: The registration mechanism SHOULD enable long sleep
   durations, in the order of multiple days to a month.

4.5.  Requirements Related to Security

   In order to guarantee the operations of the 6LoWPAN ND flows, the
   spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided.  Once a
   node successfully registers an address, 6LoWPAN ND should provide
   energy-efficient means for the 6LBR to protect that ownership even
   when the node that registered the address is sleeping.

   In particular, the 6LR and the 6LBR then should be able to verify
   whether a subsequent registration for a given Address comes from the
   original node.

   In a LLN it makes sense to base security on layer-2 security.  During
   bootstrap of the LLN, nodes join the network after authorization by a
   Joining Assistant (JA) or a Commissioning Tool (CT).  After joining
   nodes communicate with each other via secured links.  The keys for
   the layer-2 security are distributed by the JA/CT.  The JA/CT can be
   part of the LLN or be outside the LLN.  In both cases it is needed
   that packets are routed between JA/CT and the joining node.

   Related requirements are:

   Req5.1: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for
   the 6LR, 6LBR and 6BBR to authenticate and authorize one another for
   their respective roles, as well as with the 6LoWPAN Node for the role
   of 6LR.

   Req5.2: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for
   the 6LR and the 6LBR to validate new registration of authorized
   nodes.  Joining of unauthorized nodes MUST be impossible.




Thubert & van der Stok    Expires July 18, 2015                 [Page 9]


Internet-Draft                6775bis reqs                  January 2015


   Req5.3: 6LoWPAN ND security mechanisms SHOULD lead to small packet
   sizes.  In particular, the NS, NA, DAR and DAC messages for a re-
   registration flow SHOULD NOT exceed 80 octets so as to fit in a
   secured IEEE802.15.4 frame.

   Req5.4: Recurrent 6LoWPAN ND security operations MUST NOT be
   computationally intensive on the LoWPAN Node CPU.  When a Key hash
   calculation is employed, a mechanism lighter than SHA-1 SHOULD be
   preferred.

   Req5.5: The number of Keys that the 6LoWPAN Node needs to manipulate
   SHOULD be minimized.

   Req5.6: The 6LoWPAN ND security mechanisms SHOULD enable CCM* for use
   at both Layer 2 and Layer 3, and SHOULD enable the reuse of security
   code that has to be present on the device for upper layer security
   such as TLS.

   Req5.7: Public key and signature sizes SHOULD be minimized while
   maintaining adequate confidentiality and data origin authentication
   for multiple types of applications with various degrees of
   criticality.

   Req5.8: Routing of packets should continue when links pass from the
   unsecured to the secured state.

   Req5.9: 6LoWPAN ND security mechanisms SHOULD provide a mechanism for
   the 6LR and the 6LBR to validate whether a new registration for a
   given address corresponds to the same 6LoWPAN Node that registered it
   initially, and, if not, determine the rightful owner, and deny or
   clean-up the registration that is duplicate.

4.6.  Requirements Related to Scalability

   Use cases from Automatic Meter Reading (AMR, collection tree
   operations) and Advanced Metering Infrastructure (AMI, bi-directional
   communication to the meters) indicate the needs for a large number of
   LLN nodes pertaining to a single RPL DODAG (e.g. 5000) and connected
   to the 6LBR over a large number of LLN hops (e.g. 15).

   Related requirements are:

   Req6.1: The registration mechanism SHOULD enable a single 6LBR to
   register multiple thousands of devices.

   Req6.2: The timing of the registration operation should allow for a
   large latency such as found in LLNs with ten and more hops.




Thubert & van der Stok    Expires July 18, 2015                [Page 10]


Internet-Draft                6775bis reqs                  January 2015


5.  Security Considerations

   This specification expects that the link layer is sufficiently
   protected, either by means of IP security for the Backbone Link or
   MAC sublayer cryptography.  In particular, it is expected that the
   LLN MAC provides secure unicast to/from the Backbone Router and
   secure broadcast from the Backbone Router in a way that prevents
   tampering with or replaying the RA messages.  Still, Section 4.5 has
   a requirement for a mutual authentication and authorization for a
   role for 6LRs, 6LBRs and 6BBRs.

   This documents also suggests in Appendix A.4 that a 6LoWPAN Node
   could form a single Unique Interface ID (CUID) based on cryptographic
   techniques similar to CGA.  The CUID would be used as Unique
   Interface Identifier in the ARO option and new Secure ND procedures
   would be proposed to use it as opposed to the source IPv6 address to
   secure the binding between an Address and its owning Node, and
   enforce First/Come-First/Serve at the 6LBR.

6.  IANA Considerations

   This draft does not require an IANA action.

7.  Acknowledgments

   The author wishes acknowledge the contributions by Samita
   Chakrabarti, Erik Normark, JP Vasseur, Eric Levy-Abegnoli, Patrick
   Wetterwald, Thomas Watteyne, and Behcet Sarikaya.

8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

   [RFC3810]  Vida, R. and L. Costa, "Multicast Listener Discovery
              Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC4429]  Moore, N., "Optimistic Duplicate Address Detection (DAD)
              for IPv6", RFC 4429, April 2006.




Thubert & van der Stok    Expires July 18, 2015                [Page 11]


Internet-Draft                6775bis reqs                  January 2015


   [RFC4443]  Conta, A., Deering, S., and M. Gupta, "Internet Control
              Message Protocol (ICMPv6) for the Internet Protocol
              Version 6 (IPv6) Specification", RFC 4443, March 2006.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              September 2007.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

   [RFC4944]  Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
              "Transmission of IPv6 Packets over IEEE 802.15.4
              Networks", RFC 4944, September 2007.

   [RFC6275]  Perkins, C., Johnson, D., and J. Arkko, "Mobility Support
              in IPv6", RFC 6275, July 2011.

   [RFC6282]  Hui, J. and P. Thubert, "Compression Format for IPv6
              Datagrams over IEEE 802.15.4-Based Networks", RFC 6282,
              September 2011.

   [RFC6550]  Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R.,
              Levis, P., Pister, K., Struik, R., Vasseur, JP., and R.
              Alexander, "RPL: IPv6 Routing Protocol for Low-Power and
              Lossy Networks", RFC 6550, March 2012.

   [RFC6655]  McGrew, D. and D. Bailey, "AES-CCM Cipher Suites for
              Transport Layer Security (TLS)", RFC 6655, July 2012.

   [RFC6775]  Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann,
              "Neighbor Discovery Optimization for IPv6 over Low-Power
              Wireless Personal Area Networks (6LoWPANs)", RFC 6775,
              November 2012.

8.2.  Informative References

   [I-D.brandt-6man-lowpanz]
              Brandt, A. and J. Buron, "Transmission of IPv6 packets
              over ITU-T G.9959 Networks", draft-brandt-6man-lowpanz-02
              (work in progress), June 2013.

   [I-D.chakrabarti-nordmark-6man-efficient-nd]
              Chakrabarti, S., Nordmark, E., Thubert, P., and M.
              Wasserman, "IPv6 Neighbor Discovery Optimizations for
              Wired and Wireless Networks", draft-chakrabarti-nordmark-
              6man-efficient-nd-06 (work in progress), July 2014.




Thubert & van der Stok    Expires July 18, 2015                [Page 12]


Internet-Draft                6775bis reqs                  January 2015


   [I-D.hong-6lo-ipv6-over-nfc]
              Hong, Y. and J. Youn, "Transmission of IPv6 Packets over
              Near Field Communication", draft-hong-6lo-ipv6-over-nfc-03
              (work in progress), November 2014.

   [I-D.ietf-6lo-6lobac]
              Lynn, K., Martocci, J., Neilson, C., and S. Donaldson,
              "Transmission of IPv6 over MS/TP Networks", draft-ietf-
              6lo-6lobac-00 (work in progress), July 2014.

   [I-D.ietf-6lo-btle]
              Nieminen, J., Savolainen, T., Isomaki, M., Patil, B.,
              Shelby, Z., and C. Gomez, "Transmission of IPv6 Packets
              over BLUETOOTH(R) Low Energy", draft-ietf-6lo-btle-06
              (work in progress), January 2015.

   [I-D.ietf-6lo-dect-ule]
              Mariager, P., Petersen, J., Shelby, Z., Logt, M., and D.
              Barthel, "Transmission of IPv6 Packets over DECT Ultra Low
              Energy", draft-ietf-6lo-dect-ule-00 (work in progress),
              June 2014.

   [I-D.ietf-6tisch-architecture]
              Thubert, P., Watteyne, T., and R. Assimiti, "An
              Architecture for IPv6 over the TSCH mode of IEEE
              802.15.4e", draft-ietf-6tisch-architecture-04 (work in
              progress), October 2014.

   [I-D.ietf-6tisch-terminology]
              Palattella, M., Thubert, P., Watteyne, T., and Q. Wang,
              "Terminology in IPv6 over the TSCH mode of IEEE
              802.15.4e", draft-ietf-6tisch-terminology-03 (work in
              progress), January 2015.

   [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks]
              Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets
              over IEEE 1901.2 Narrowband Powerline Communication
              Networks", draft-popa-6lo-6loplc-ipv6-over-
              ieee19012-networks-00 (work in progress), March 2014.

   [I-D.richardson-6tisch--security-6top]
              Richardson, M., "6tisch secure join using 6top", draft-
              richardson-6tisch--security-6top-04 (work in progress),
              November 2014.







Thubert & van der Stok    Expires July 18, 2015                [Page 13]


Internet-Draft                6775bis reqs                  January 2015


   [I-D.wijnands-bier-architecture]
              Wijnands, I., Rosen, E., Dolganow, A., Przygienda, T., and
              S. Aldrin, "Multicast using Bit Index Explicit
              Replication", draft-wijnands-bier-architecture-02 (work in
              progress), December 2014.

   [RFC3610]  Whiting, D., Housley, R., and N. Ferguson, "Counter with
              CBC-MAC (CCM)", RFC 3610, September 2003.

   [RFC3963]  Devarapalli, V., Wakikawa, R., Petrescu, A., and P.
              Thubert, "Network Mobility (NEMO) Basic Support Protocol",
              RFC 3963, January 2005.

   [RFC3971]  Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
              Neighbor Discovery (SEND)", RFC 3971, March 2005.

   [RFC3972]  Aura, T., "Cryptographically Generated Addresses (CGA)",
              RFC 3972, March 2005.

   [RFC4389]  Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
              Proxies (ND Proxy)", RFC 4389, April 2006.

   [RFC4919]  Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6
              over Low-Power Wireless Personal Area Networks (6LoWPANs):
              Overview, Assumptions, Problem Statement, and Goals", RFC
              4919, August 2007.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830, January
              2013.

   [RFC7102]  Vasseur, JP., "Terms Used in Routing for Low-Power and
              Lossy Networks", RFC 7102, January 2014.

   [RFC7217]  Gont, F., "A Method for Generating Semantically Opaque
              Interface Identifiers with IPv6 Stateless Address
              Autoconfiguration (SLAAC)", RFC 7217, April 2014.

Appendix A.  Suggested Changes to Protocol Elements

A.1.  ND Neighbor Solicitation (NS)

   The NS message used for registration should use a source address that
   respects the rules in [RFC6775], [RFC4861], and [RFC4429] for DAD.
   The SLLA Option may be present but only if the address passed DAD,
   and it is used to allow the 6LR to respond as opposed to as a
   registration mechanism.




Thubert & van der Stok    Expires July 18, 2015                [Page 14]


Internet-Draft                6775bis reqs                  January 2015


   The address that is being registered is the target address in the NS
   message and the TLLA Option must be present.

A.2.  ND Router Advertisement (RA)

   [I-D.chakrabarti-nordmark-6man-efficient-nd] adds an 'E' bit in the
   Router Advertisement flag, as well as a new Registrar Address Option
   (RAO).  These fields are probably pertinent to LLNs inclusion into a
   revised 6LoWPAN ND should be studied.  If the new 6LoWPAN flows
   require a change of behaviour (e.g. registering the Target of the NS
   message) then the RA must indicate that the router supports the new
   capability, and the NS must indicate that the Target is registered as
   opposed to the Source in an unequivocal fashion.

   There is some amount of duplication between the options in the RPL
   DIO [RFC6550] and the options in the ND RA messages.  At the same
   time, there are a number of options, including the 6LoWPAN Context
   Option (6CO) [RFC6775], the MTU and the SLLA Options [RFC4861]  that
   can only be found in the RA messages.  Considering that these options
   are useful for a joining node, the recommendation would be to
   associate the RA messages to the join beacon, and make them rare when
   the network is stable.  On the other hand, the DIO message is to be
   used as the propagated heartbeat of the RPL network and provide the
   sense of time and liveliness.

   RAs should also be issued and the information therein propagated when
   a change occurs in the information therein, such as a router or a
   prefix lifetime.

A.3.  RPL DODAG Information Object (DIO)

   If the RPL root serves as 6LBR, it makes sense to add at least a bit
   of information in the DIO to signal so.  A Registrar Address Option
   (RAO) may also be considered for addition.

A.4.  ND Enhanced Address Registration Option (EARO)

   The ARO option contains a Unique ID that is supposed to identify the
   device across multiple registrations.  It is envisioned that the
   device could form a single CGA-based Unique Interface ID (CUID) to
   securely bind all of its addresses.  The CUID would be used as Unique
   Interface Identifier in the ARO option and to form a Link-Local
   address that would be deemed unique regardless of the Link type.
   Provided that the relevant cryptographic material is passed to the
   6LBR upon the first registration or on-demand at a later time, the
   6LBR can validate that a Node is effectively the owner of a CUID, and
   ensure that the ownership of an Address stays with the CUID that
   registered it first.



Thubert & van der Stok    Expires July 18, 2015                [Page 15]


Internet-Draft                6775bis reqs                  January 2015


   This option is designed to be used with standard NS and NA messages
   between backbone Routers as well as between nodes and 6LRs over the
   LLN and between the 6LBR and the 6BBR over whatever IP link they use
   to communicate.


      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |     Length    |    Status     | RPLInstanceID |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Res|P|N| IDS |T|      TID      |     Registration Lifetime     |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      ~         Unique Interface Identifier (variable length)         ~
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                              Figure 3: EARO

   The representation above is based on
   [I-D.chakrabarti-nordmark-6man-efficient-nd].  Only the proposed
   changes from that specification are discussed below but the
   expectation is that 6LoWPAN ND and Efficient ND converge on the ARO
   format.

   Status:  8-bit integer.  A new value of 3 is suggested to indicate a
      rejection due to an obsolete TID, typically an indication of a
      movement.

   RPLInstanceID:  8-bit integer.  This field is set to 0 when unused.
      Otherwise it contains the RPLInstanceID for which this address is
      registered, as specified in RPL [RFC6550], and discussed in
      particular in section 3.1.2.

   P: One bit flag.  When the bit is set, the address being registered
      is Target of the NS as opposed to the Source, for instance to
      enable ND proxy operation.

   N: One bit flag.  Set if the device moved.  If not set, the 6BBR will
      refrain from sending gratuitous NA(O) or other form of distributed
      ND cache clean-up over the backbone.  For instance, the flag
      should be reset after the DAD operation upon address formation.








Thubert & van der Stok    Expires July 18, 2015                [Page 16]


Internet-Draft                6775bis reqs                  January 2015


Authors' Addresses

   Pascal Thubert (editor)
   Cisco Systems, Inc
   Building D
   45 Allee des Ormes - BP1200
   MOUGINS - Sophia Antipolis  06254
   FRANCE

   Phone: +33 497 23 26 34
   Email: pthubert@cisco.com


   Peter van der Stok
   consultant

   Phone: +31-492474673 (Netherlands), +33-966015248 (France)
   Email: consultancy@vanderstok.org
   URI:   www.vanderstok.org
































Thubert & van der Stok    Expires July 18, 2015                [Page 17]