draft-ietf-roll-turnon-rfc8138-10.txt   draft-ietf-roll-turnon-rfc8138-11.txt 
ROLL P. Thubert, Ed. ROLL P. Thubert, Ed.
Internet-Draft L. Zhao Internet-Draft L. Zhao
Updates: 8138 (if approved) Cisco Systems Updates: 8138 (if approved) Cisco Systems
Intended status: Standards Track 5 August 2020 Intended status: Standards Track 27 August 2020
Expires: 6 February 2021 Expires: 28 February 2021
A RPL DODAG Configuration Option for the 6LoWPAN Routing Header A RPL DODAG Configuration Option for the 6LoWPAN Routing Header
draft-ietf-roll-turnon-rfc8138-10 draft-ietf-roll-turnon-rfc8138-11
Abstract Abstract
This document updates RFC 8138 by defining a bit in the RPL DODAG This document updates RFC 8138 by defining a bit in the RPL DODAG
Configuration Option to indicate whether compression is used within Configuration Option to indicate whether compression is used within
the RPL Instance, and specify the behavior of RFC 8138-capable nodes the RPL Instance, and specify the behavior of RFC 8138-capable nodes
when the bit is set and reset. when the bit is set and reset.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 6 February 2021. This Internet-Draft will expire on 28 February 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 29 skipping to change at page 2, line 29
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8
9. Normative References . . . . . . . . . . . . . . . . . . . . 8 9. Normative References . . . . . . . . . . . . . . . . . . . . 8
10. Informative References . . . . . . . . . . . . . . . . . . . 9 10. Informative References . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
The packet compression technique defined in [RFC8138] can only be The packet compression technique defined in [RFC8138] can only be
activated in a RPL [RFC6550] network when all the nodes support it. activated in a RPL [RFC6550] network when all the nodes support it.
Otherwise, a non-capable node acting as leaf-only would fail to Otherwise, if acting as a leaf, a node that does not support the
communicate, and acting as a router it would drop the compressed compression would fail to communicate; if acting as a router it would
packets and black-hole a portion of the network. drop the compressed packets and black-hole a portion of the network.
The original idea was to use a flag day but that proved impractical The original idea was to use a flag day but that proved impractical
in a number of situations such as a large metering network that is in a number of situations such as a large metering network that is
used in production and incurs financial losses when interrupted. used in production and incurs financial losses when interrupted.
This specification is designed for the scenario where a live network This specification is designed for the scenario where a live network
is upgraded to support [RFC8138]. During the migration, the is upgraded to support [RFC8138]. During the migration, the
compression should remain inactive, until all nodes are upgraded. compression should remain inactive, until all nodes are upgraded.
This document complements [RFC8138] and dedicates a flag in the RPL This document complements [RFC8138] and dedicates a flag in the RPL
DODAG Configuration Option to indicate whether the [RFC8138] DODAG Configuration Option to indicate whether the [RFC8138]
compression should be used within the RPL DODAG. compression should be used within the RPL DODAG.
The setting of this new flag is controlled by the Root and propagates The setting of this new flag is controlled by the Root and propagates
as is in the whole network as part of the normal RPL signaling. as is in the whole network as part of the normal RPL signaling.
The idea is to use the flag to maintain the compression inactive The flag is cleared to maintain the compression inactive during the
during the migration phase. When the migration is complete (e.g., as migration phase. When the migration is complete (e.g., as known by
known by network management and/or inventory), the flag is set and network management and/or inventory), the flag is set and the
the compression is globally activated in the whole DODAG. compression is globally activated in the whole DODAG.
2. Terminology 2. Terminology
2.1. References 2.1. References
The terminology used in this document is consistent with and The terminology used in this document is consistent with and
incorporates that described in "Terms Used in Routing for Low-Power incorporates that described in "Terms Used in Routing for Low-Power
and Lossy Networks (LLNs)" [RFC7102]. Other terms in use in LLNs are and Lossy Networks (LLNs)" [RFC7102]. Other terms in use in LLNs are
found in "Terminology for Constrained-Node Networks" [RFC7228]. found in "Terminology for Constrained-Node Networks" [RFC7228].
skipping to change at page 4, line 29 skipping to change at page 4, line 29
Information Object (DIO) message. The DIO message propagates down Information Object (DIO) message. The DIO message propagates down
the DODAG to form and then maintain its structure. The DODAG the DODAG to form and then maintain its structure. The DODAG
Configuration Option is copied unmodified from parents to children. Configuration Option is copied unmodified from parents to children.
As shown in Figure 1, the DODAG Configuration Option was designed As shown in Figure 1, the DODAG Configuration Option was designed
with 4 bit positions reserved for future use as Flags. with 4 bit positions reserved for future use as Flags.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x04 |Opt Length = 14| Flags |A| ... | | Type = 0x04 |Opt Length = 14| | |T| |A| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| ... | | <- Flags -> ... |
Figure 1: DODAG Configuration Option (Partial View) Figure 1: DODAG Configuration Option (Partial View)
This specification defines a new flag "Enable RFC8138 Compression" This specification defines a new flag "Enable RFC8138 Compression"
(T). The "T" flag is set to turn-on the use of the compression of (T). The "T" flag is set to turn-on the use of the compression of
RPL artifacts with [RFC8138] within the DODAG. The new "T" flag is RPL artifacts with [RFC8138] within the DODAG. The new "T" flag is
encoded in the Flags field in the RPL DODAG Configuration Option. encoded in position 2 of the reserved Flags field in the RPL DODAG
The suggested bit position of the "T" flag is indicated in Section 6. Configuration Option, and set to 0 in legacy implementations as
specified in Section 6.7.6 of [RFC6550].
[RFC6550] states, when referring to the DODAG Configuration Option, [RFC6550] states, when referring to the DODAG Configuration Option,
that "Nodes other than the DODAG Root MUST NOT modify this that "Nodes other than the DODAG Root MUST NOT modify this
information when propagating the DODAG Configuration option". information when propagating the DODAG Configuration option".
Therefore, a legacy parent propagates the "T" flag as set by the Root Therefore, a legacy parent propagates the "T" flag as set by the Root
whether it supports this specification or not. So when the "T" flag whether it supports this specification or not. So when the "T" flag
is set, it is transparently flooded to all the nodes in the DODAG. is set, it is transparently flooded to all the nodes in the DODAG.
Section 6.3.1 of [RFC6550] defines a 3-bit Mode of Operation (MOP) in Section 6.3.1 of [RFC6550] defines a 3-bit Mode of Operation (MOP) in
the DIO Base Object. This specification applies to MOP values 0 to the DIO Base Object. This specification applies to MOP values 0 to
6. For a MOP value of 7, the compression MUST be used by default 6. For a MOP value of 7, the compression MUST be used by default
regardless of the setting of the "T" flag. regardless of the setting of the "T" flag.
4. Updating RFC 8138 4. Updating RFC 8138
A node SHOULD source packets in the compressed form using [RFC8138] A node SHOULD generate packets in the compressed form using [RFC8138]
if and only if the "T" flag is set. This behaviour can be overridden if and only if the "T" flag is set. This behavior can be overridden
by e.g., configuration or network management. Overriding may be by configuration or network management. Overriding may be needed
needed e.g., to cope with a legacy implementation of the Root that e.g., to turn on the compression in a network where all nodes support
supports [RFC8138] but not this specification and cannot set the "T" [RFC8138] but the Root does not support this specification and cannot
flag. set the "T" flag, or to disable it locally in case of a problem.
The decision of using [RFC8138] is made by the originator of the The decision to use [RFC8138] is made by the originator of the packet
packet depending on its capabilities and its knowledge of the state depending on its capabilities and its knowledge of the state of the
of the "T" flag. A router that encapsulates a packet is the "T" flag. A router encapsulating a packet is the originator of the
originator of the resulting packet and is responsible to compress the resulting packet and is responsible for compressing the outer headers
outer headers with [RFC8138], but it MUST leave the encapsulated with [RFC8138], but it MUST leave the encapsulated packet as is.
packet as is.
An external target [USEofRPLinfo] is not expected to support An external target [USEofRPLinfo] is not expected to support
[RFC8138]. In most cases, packets from and to an external target are [RFC8138]. In most cases, packets to and from an external target are
tunneled back and forth between the border router (referred to as tunneled back and forth between the border router (referred to as
6LR) that serves the external target and the Root, regardless of the 6LR) that serves the external target and the Root, regardless of the
MOP used in the RPL DODAG. The inner packet is typically not MOP used in the RPL DODAG. The inner packet is typically not
compressed with [RFC8138], so for outgoing packets, the border router compressed with [RFC8138], so for outgoing packets, the border router
just needs to decapsulate the (compressed) outer header and forward just needs to decapsulate the (compressed) outer header and forward
the (uncompressed) inner packet towards the external target. the (uncompressed) inner packet towards the external target.
A router MUST uncompress a packet that is to be forwarded to an A router MUST uncompress a packet that is to be forwarded to an
external target. Otherwise, the router MUST forward the packet in external target. Otherwise, the router MUST forward the packet in
the form that the source used, either compressed or uncompressed. the form that the source used, either compressed or uncompressed.
A RUL [UNAWARE-LEAVES] is both a leaf and an external target. A RUL A RUL [UNAWARE-LEAVES] is both a leaf and an external target. A RUL
does not participate in RPL and depends on the parent router to does not participate in RPL and depends on the parent router to
obtain connectivity. In the case of a RUL, forwarding towards an obtain connectivity. In the case of a RUL, forwarding towards an
external target actually means delivering the packet. external target actually means delivering the packet.
5. Transition Scenarios 5. Transition Scenarios
A node that supports [RFC8138] but not this specification can only be A node that supports [RFC8138] but not this specification can only be
used in an homogeneous network. Enabling the [RFC8138] compression used in an homogeneous network. Enabling the [RFC8138] compression
without a turn-on signaling requires a "flag day"; all nodes must be without a turn-on signaling method requires a "flag day"; by which
upgraded, and then the network can be rebooted with the [RFC8138] time all nodes must be upgraded, and at which point the network can
compression turned on. be rebooted with the [RFC8138] compression turned on.
The intent for this specification is to perform a migration once and The intent for this specification is to perform a migration once and
for all without the need for a flag day. In particular it is not the for all without the need for a flag day. In particular it is not the
intention to undo the setting of the "T" flag. Though it is possible intention to undo the setting of the "T" flag. Though it is possible
to roll back (see Section 5.3), adding nodes that do not support to roll back (see Section 5.3), adding nodes that do not support
[RFC8138] after a roll back may be problematic if the roll back did [RFC8138] after a roll back may be problematic if the roll back did
not fully complete. not fully complete.
5.1. Coexistence 5.1. Coexistence
A node that supports this specification can operate in a network with A node that supports this specification can operate in a network with
the [RFC8138] compression turned on or off with the "T" flag set the [RFC8138] compression turned on or off with the "T" flag set
accordingly and in a network in transition from off to on or on to accordingly and in a network in transition from off to on or on to
off (see Section 5.2). off (see Section 5.2).
A node that does not support [RFC8138] can interoperate with nodes A node that does not support [RFC8138] can interoperate with nodes
that do in a network with [RFC8138] compression turned off. If the that do in a network with [RFC8138] compression turned off. If the
compression is turned on, all the RPL-Aware Nodes are expected to be compression is turned on, all the RPL-Aware Nodes are expected to be
able to handle compressed packets in the compressed form. A node able to handle compressed packets in the compressed form. A node
that cannot do so may remain connected to the network as a RUL, but that cannot do so may remain connected to the network as a RUL as
how the node is modified to turn into a RUL is out of scope. described in [UNAWARE-LEAVES].
5.2. Inconsistent State While Migrating 5.2. Inconsistent State While Migrating
When the "T" flag is turned on by the Root, the information slowly When the "T" flag is turned on by the Root, the information slowly
percolates through the DODAG as the DIO gets propagated. Some nodes percolates through the DODAG as the DIO gets propagated. Some nodes
will see the flag and start sourcing packets in the compressed form will see the flag and start sourcing packets in the compressed form
while other nodes in the same RPL DODAG are still not aware of it. while other nodes in the same RPL DODAG are still not aware of it.
In non-storing mode, the Root will start using [RFC8138] with a In non-storing mode, the Root will start using [RFC8138] with a
Source Routing Header 6LoRH (SRH-6LoRH) that routes all the way to Source Routing Header 6LoRH (SRH-6LoRH) that routes all the way to
the parent router or to the leaf. the parent router or to the leaf.
skipping to change at page 6, line 47 skipping to change at page 6, line 47
of a RPL instance with multiple Roots, all nodes that participate to of a RPL instance with multiple Roots, all nodes that participate to
the RPL Instance may potentially join any DODAG. The network MUST be the RPL Instance may potentially join any DODAG. The network MUST be
operated with the "T" flag reset until all nodes in the RPL Instance operated with the "T" flag reset until all nodes in the RPL Instance
are upgraded to support this specification. are upgraded to support this specification.
5.3. Rolling Back 5.3. Rolling Back
When turning [RFC8138] compression off in the network, the Network When turning [RFC8138] compression off in the network, the Network
Administrator MUST wait until all nodes have converged to the "T" Administrator MUST wait until all nodes have converged to the "T"
flag reset before allowing nodes that do not support the compression flag reset before allowing nodes that do not support the compression
in the network. in the network. To that effect, whether the compression is active in
a node SHOULD be exposed the node's management interface.
It is RECOMMENDED to only deploy nodes that support [RFC8138] in a It is RECOMMENDED to only deploy nodes that support [RFC8138] in a
network where the compression is turned on. A node that does not network where the compression is turned on. A node that does not
support [RFC8138] MUST only be used as a RUL. support [RFC8138] MUST only be used as a RUL.
6. IANA Considerations 6. IANA Considerations
IANA is requested to assign a new option flag from the Registry for IANA is requested to assign a new option flag from the Registry for
the "DODAG Configuration Option Flags" that was created for [RFC6550] the "DODAG Configuration Option Flags" that was created for [RFC6550]
as follows: as follows:
skipping to change at page 7, line 23 skipping to change at page 7, line 23
+---------------+---------------------------------+-----------+ +---------------+---------------------------------+-----------+
| 2 (suggested) | Turn on RFC8138 Compression (T) | THIS RFC | | 2 (suggested) | Turn on RFC8138 Compression (T) | THIS RFC |
+---------------+---------------------------------+-----------+ +---------------+---------------------------------+-----------+
Table 1: New DODAG Configuration Option Flag Table 1: New DODAG Configuration Option Flag
7. Security Considerations 7. Security Considerations
First of all, it is worth noting that with [RFC6550], every node in First of all, it is worth noting that with [RFC6550], every node in
the LLN that is RPL-aware can inject any RPL-based attack in the the LLN that is RPL-aware can inject any RPL-based attack in the
network. A trust model has to be put in place in an effort to network. A trust model is REQUIRED in an effort to exclude rogue
exclude rogue nodes from participating to the RPL and the 6LoWPAN nodes from participating to the RPL and the 6LoWPAN signaling, as
signaling, as well as from the data packet exchange. This trust well as from the data packet exchange. This trust model could at a
model could be at a minimum based on a Layer-2 Secure joining and the minimum be based on a Layer-2 Secure joining and the Link-Layer
Link-Layer security. This is a generic RPL and 6LoWPAN requirement, security. This is a generic RPL and 6LoWPAN requirement, see Req5.1
see Req5.1 in Appendix of [RFC8505]. in Appendix of [RFC8505].
Setting the "T" flag before all routers are upgraded may cause a loss Setting the "T" flag before all routers are upgraded may cause a loss
of packets. The new bit is protected as the rest of the of packets. The new bit is protected as the rest of the
configuration so this is just one of the many attacks that can happen configuration so this is just one of the many attacks that can happen
if an attacker manages to inject a corrupted configuration. if an attacker manages to inject a corrupted configuration.
Setting and resetting the "T" flag may create inconsistencies in the Setting and resetting the "T" flag may create inconsistencies in the
network but as long as all nodes are upgraded to [RFC8138] support network but as long as all nodes are upgraded to [RFC8138] support
they will be able to forward both forms. The source is responsible they will be able to forward both forms. The source is responsible
for selecting whether the packet is compressed or not, and all for selecting whether the packet is compressed or not, and all
skipping to change at page 8, line 7 skipping to change at page 8, line 7
"T" flag, so that nodes located downstream would compress when that "T" flag, so that nodes located downstream would compress when that
it is not desired, potentially resulting in the loss of packets. In it is not desired, potentially resulting in the loss of packets. In
a tree structure, the attacker would be in position to drop the a tree structure, the attacker would be in position to drop the
packets from and to the attacked nodes. So the attacks above would packets from and to the attacked nodes. So the attacks above would
be more complex and more visible than simply dropping selected be more complex and more visible than simply dropping selected
packets. The downstream node may have other parents and see both packets. The downstream node may have other parents and see both
settings, which could raise attention. settings, which could raise attention.
8. Acknowledgments 8. Acknowledgments
The authors wish to thank Carles Gomez, Alvaro Retana, Dominique The authors wish to thank Meral Shirazipour, Nagendra Kumar Nainar,
Barthel and Rahul Jadhav for their in-depth reviews and constructive Stewart Bryant, Carles Gomez, Alvaro Retana, Dominique Barthel and
suggestions. Rahul Jadhav for their in-depth reviews and constructive suggestions.
Also many thanks to Michael Richardson for being always helpful and Also many thanks to Michael Richardson for being always helpful and
responsive when need comes. responsive when need comes.
9. Normative References 9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
 End of changes. 16 change blocks. 
43 lines changed or deleted 44 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/