6lo P. Thubert, Ed. Internet-Draft 5 November 2024 Updates: 4861, 6550, 6553, 7400, 8505, 8928, 9010 (if approved) Intended status: Standards Track Expires: 9 May 2025 IPv6 Neighbor Discovery Prefix Registration draft-ietf-6lo-prefix-registration-05 Abstract This document updates IPv6 Neighbor Discovery RFC4861 and the 6LoWPAN extensions (RFC8505, RFC8928, RFC7400) to enable a node that owns or is directly connected to a prefix to register that prefix to neighbor routers. The registration indicates that the registered prefix can be reached via the advertising node without a loop. The unicast prefix registration also provides a protocol-independent interface for the node to request neighbor router(s) to redistribute the prefix to the larger routing domain using their specific routing protocols. This document extends RPL (RFC6550, RFC6553, RFC9010) to enable the 6LR to inject the registered prefix in RPL. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 9 May 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. Thubert Expires 9 May 2025 [Page 1] Internet-Draft Prefix Registration November 2024 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2.2. References . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 5 2.4. New terms . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. LLN Mesh Network . . . . . . . . . . . . . . . . . . . . 7 3.2. Shared Link . . . . . . . . . . . . . . . . . . . . . . . 8 3.3. Hub Link . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Updating RFC 4861 . . . . . . . . . . . . . . . . . . . . . . 11 5. Extending RFC 7400 . . . . . . . . . . . . . . . . . . . . . 11 6. Updating RFC 6550 . . . . . . . . . . . . . . . . . . . . . . 12 7. Updating RFC 8505 . . . . . . . . . . . . . . . . . . . . . . 13 7.1. New P field value . . . . . . . . . . . . . . . . . . . . 13 7.2. New EARO Prefix Length Field and F Flag . . . . . . . . . 13 7.3. New EDAR Prefix Length Field . . . . . . . . . . . . . . 15 7.4. Registering Extensions . . . . . . . . . . . . . . . . . 16 8. Updating RFC 9010 . . . . . . . . . . . . . . . . . . . . . . 18 9. Updating RFC 8928 . . . . . . . . . . . . . . . . . . . . . . 18 10. Security Considerations . . . . . . . . . . . . . . . . . . . 19 11. Backward Compatibility . . . . . . . . . . . . . . . . . . . 20 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 12.1. Updated P-Field Registry . . . . . . . . . . . . . . . . 20 12.2. New 6LoWPAN Capability Bit . . . . . . . . . . . . . . . 20 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 14. Normative References . . . . . . . . . . . . . . . . . . . . 21 15. Informative References . . . . . . . . . . . . . . . . . . . 22 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24 Thubert Expires 9 May 2025 [Page 2] Internet-Draft Prefix Registration November 2024 1. Introduction The design of Low Power and Lossy Networks (LLNs) is generally focused on saving energy, which is the most constrained resource of all. Other design constraints, such as a limited memory capacity, duty cycling of the LLN devices and low-power lossy transmissions, derive from that primary concern. The radio (both transmitting or simply listening) is a major energy drain and the LLN protocols must be adapted to allow the nodes to remain sleeping with the radio turned off at most times. The "Routing Protocol for Low Power and Lossy Networks" [RFC6550] (RPL) provides IPv6 [RFC8200] routing services within such constraints. To save signaling and routing state in constrained networks, the RPL routing is only performed along a Destination- Oriented Directed Acyclic Graph (DODAG) that is optimized to reach a Root node, as opposed to along the shortest path between 2 peers, whatever that would mean in each LLN. This trades the quality of peer-to-peer (P2P) paths for a vastly reduced amount of control traffic and routing state that would be required to operate an any-to-any shortest path protocol. Additionally, broken routes may be fixed lazily and on-demand, based on dataplane inconsistency discovery, which avoids wasting energy in the proactive repair of unused paths. The "IPv6 Neighbor Discovery (IPv6 ND) Protocol" [RFC4861] [RFC4862] was defined for serial links and shared transit media such as Ethernet at a time when broadcast was cheap on those media while memory for neighbor cache was expensive. It was thus designed as a reactive protocol that relies on caching and multicast operations for the Address Resolution (AR, aka Address Discovery or Address Lookup) and Duplicate Address Detection (DAD) of IPv6 unicast addresses. Those multicast operations typically impact every node on-link when at most one is really targeted, which is a waste of energy, and imply that all nodes are awake to hear the request, which is inconsistent with power saving (sleeping) modes. The "Architecture and Framework for IPv6 over Non-Broadcast Access" (NBMA) [I-D.ietf-6man-ipv6-over-wireless] introduces an evolution of IPv6 ND towards a proactive AR method also called Stateful Address Autoconfiguration (SFAAC). Because the IPv6 model for NBMA depends on a routing protocol to reach inside the Subnet, the IPv6 ND extension for NBMA is referred to as Subnet Neighbor Discovery (SND). SND is based on work done in the context of IoT, known as 6LoWPAN ND. Thubert Expires 9 May 2025 [Page 3] Internet-Draft Prefix Registration November 2024 The original 6LoWPAN ND, "Neighbor Discovery Optimizations for 6LoWPAN networks" [RFC6775], was introduced to avoid the excessive use of multicast messages and enable IPv6 ND for operations over energy-constrained nodes. [RFC6775] changes the classical IPv6 ND model to proactively establish the Neighbor Cache Entry (NCE) associated to the unicast address of a 6LoWPAN Node (6LN) in the a 6LoWPAN Router(s) (6LRs) that serve it. To that effect, [RFC6775] defines a new Address Registration Option (ARO) that is placed in unicast Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages between the 6LN and the 6LR. "Registration Extensions for 6LoWPAN Neighbor Discovery" [RFC8505] updates [RFC6775] into a generic Address Registration mechanism that can be used to access services such as routing and ND proxy and introduces the Extended Address Registration Option (EARO) for that purpose. This provides a router-protocol-agnostic interface for a host to request that the router inject a unicast IPv6 address in the local routing protocol and provide return reachability for that address. "IPv6 Neighbor Discovery Multicast Address Listener Subscription" [I-D.ietf-6lo-multicast-registration] updates [RFC8505] to enable a listener to subscribe to an IPv6 anycast or multicast address; the draft also extends [RFC9010] to enable the 6LR to inject the anycast and multicast addresses in RPL. Similarly, this specification extends [RFC8505] and [RFC9010] to add the capability for the 6LN to register unicast prefixes as opposed to addresses, and to signal in a protocol-independent fashion to the 6LR that it is expected to redistribute the prefixes in their specific routing protocols. 2. Terminology 2.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. In addition, the terms "Extends" and "Amends" are used as per [I-D.kuehlewind-update-tag] section 3. 2.2. References This document uses terms and concepts that are discussed in: Thubert Expires 9 May 2025 [Page 4] Internet-Draft Prefix Registration November 2024 * "Neighbor Discovery for IP version 6" [RFC4861] and "IPv6 Stateless Address Autoconfiguration" [RFC4862], * Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) [RFC6775], as well as * "Registration Extensions for 6LoWPAN Neighbor Discovery" [RFC8505] and * "Using RPI Option Type, Routing Header for Source Routes, and IPv6-in-IPv6 Encapsulation in the RPL Data Plane" [RFC9008]. 2.3. Acronyms This document uses the following abbreviations: 6BBR: Backbone Router 6CIO: (6LoWPAN) Capability Indication Option 6LN: (6LoWPAN) Node 6LR: (6LoWPAN) Router AMC Address Mapping Confirmation AMR Address Mapping Request ARO: Address Registration Option DAC: Duplicate Address Confirmation (message) DAD: Duplicate Address Detection DAO Destination Advertisement Object DAR: Duplicate Address Request (message) DIO DODAG Information Object DODAG: Destination-Oriented Directed Acyclic Graph EARO: Extended Address Registration Option EDAC: Extended Duplicate Address Confirmation EDAR: Extended Duplicate Address Request ESS: Extended service set IPAM: IP address management LLN: Low-Power and Lossy Network LLA: link-local address LoWPAN: Low-Power WPAN MAC: Medium Access Control MLSN: Multi-link Subnet MLD: Multicast Listener Discovery MOP: Mode of Operation NA: Neighbor Advertisement (message) NBMA: Non-Broadcast Multi-Access (full mesh) NCE: Neighbor Cache Entry ND: Neighbor Discovery (protocol) NDP: Neighbor Discovery Protocol NS: Neighbor Solicitation (message) P2P: Point-to-Point Thubert Expires 9 May 2025 [Page 5] Internet-Draft Prefix Registration November 2024 P2MP: Point-to-Multipoint (partial mesh) ROVR Registration Ownership Verifier, pronounced "rover" RPL: IPv6 Routing Protocol for LLNs RA: Router Advertisement (message) RS: Router Solicitation (message) RTO: RPL Target Option TID: Transaction ID TIO: Transit Information Option SGP: Subnet Gateway Protocol SPL: Subnet Prefix Length ULP: Upper-Layer Protocol VLAN: Virtual LAN VxLAN: Virtual Extensible LAN VPN: Virtual Private Network WAN: Wide Area Network SND: Subnet Neighbor Discovery (protocol) WLAN: Wireless Local Area Network WPAN: Wireless Personal Area Network 2.4. New terms This document introduces the following terms: Origin The node that issued the prefix advertisement, either in the form of a NS(EARO) or as a DAO(TIO, RTO) Merge/merging The action of receiving multiple anycast or multicast advertisements, either internally from self, in the form of a NS(EARO), or as a DAO(TIO, RTO), and generating a single DAO(TIO, RTO). The 6RPL router maintains a state per origin for each advertised address, and merges the advertisements for all subscriptions for the same address in a single advertisement. A RPL router that merges becomes the origin of the merged advertisement and uses its own values for the Path Sequence and ROVR fields. 3. Overview This specification inherits from [RFC6550], [RFC8505], and [RFC9010] to register prefixes as opposed to addresses. Unless specified otherwise therein, the behavior of the 6LBR that acts as RPL Root, of the intermediate routers down the RPL graph, of the 6LRs that act as access routers and of the 6LNs that are the RPL-unaware destinations, is the same as for unicast addresses. In particular, forwarding a packet happens as specified in section 11 of [RFC6550], including loop avoidance and detection, though in the case of multicast multiple copies might be generated. Thubert Expires 9 May 2025 [Page 6] Internet-Draft Prefix Registration November 2024 [RFC8505] is a pre-requisite to this specification. A node that implements this MUST also implement [RFC8505]. This specification does not introduce a new option; it modifies existing options and updates the associated behaviors to enable the Registration for Multicast Addresses as an extension to [RFC8505]. This specification updates the P field introduced in [I-D.ietf-6lo-multicast-registration] for use in EARO, DAR, and RTO, with the new value of 3 to indicate the registration of a prefix, as detailed in Section 7.2. With this extension the 6LNs can now attract the traffic for a full prefix, using the P field value of 3 in the EARO to signal that the registration is for a prefix. Multiple 6LNs may register the same prefix to the same 6LR or to different 6LRs. If the R flag is set in the registration of one or more 6LNs for the same prefix, the 6LR is requested to redistribute the prefix in other routing protocol (e.g., RPL), based on the longest registration lifetime across the active registrations for the prefix. This specification extends 6LoWPAN work, and it is certainly possible to leverage it between the 6LN and the 6LR where the 6LR is a RPL router, as discussed in Section 3.1. But as for [RFC8505] in general, this specification applies, beyond IoT use cases, to networks that are not necessarily LLNs, and/or where the routing protocol between the 6LR and above is not necessarily RPL. Examples of shared links and hub links are provided in Section 3.2 and Section 3.3, respectively. 3.1. LLN Mesh Network This specification also extends [RFC6550] and [RFC9010] in the case of a route-over multilink subnet based on the RPL routing protocol, to add multicast ingress replication in Non-Storing Mode and anycast support in both Storing and Non-Storing modes. A 6LR that implements the RPL extensions specified therein MUST also implement [RFC9010]. Figure 1 illustrates the classical situation of an LLN as a single IPv6 Subnet, with a 6LoWPAN Border Router (6LBR) that acts as Root for RPL operations and maintains a registry of the active registrations as an abstract data structure called an Address Registrar for 6LoWPAN ND. The LLN may be a hub-and-spoke access link such as (Low-Power) Wi-Fi [IEEE80211] and Bluetooth (Low Energy) [IEEE802151], or a Route-Over LLN such as the Wi-SUN and 6TiSCH meshes [I-D.heile-lpwan-wisun-overview] that leverage 6LoWPAN [RFC4919][RFC6282] and RPL [RFC6550] over [IEEE802154]. Thubert Expires 9 May 2025 [Page 7] Internet-Draft Prefix Registration November 2024 | ----+-------+------------ | Wire side +------+ | 6LBR | |(Root)| +------+ o o o Wireless side o o o o o o o o o o o o o o o o LLN o +---+ o o o o o |6LR| o o o o o +---+ o o o o o o z o o oo o o +---+ o |6LN| +---+ z : wireless link, direct L2 connection o : node Figure 1: Wireless Mesh A leaf acting as a 6LN registers its unicast, multicast, and anycast addresses to a RPL router acting as a 6LR, using a layer-2 unicast NS message with an EARO as specified in [RFC8505] and [I-D.ietf-6lo-multicast-registration]. The registration state is periodically renewed by the Registering Node, before the lifetime indicated in the EARO expires. As for unicast IPv6 addresses, the 6LR uses an EDAR/EDAC exchange with the 6LBR to notify the 6LBR of the presence of the listeners. With this specification, a router that owns a prefix or provides reachability to an external prefix but is not a RPL router can also register those prefixes with the R flag set, to enable reachability to the Prefix within the RPL domain. 3.2. Shared Link A shared link is a situation where more than one Prefix is deployed over a L2 link (say a switched Ethernet + Wi-Fi ESS), and not necessarily all nodes are aware of all prefixes. Figure 2 depicts such a situation, with 2 routers 6LR1 and 6LR2 that own respective prefixes P1:: and P2::, and expose those in their RA messages over the same link. Thubert Expires 9 May 2025 [Page 8] Internet-Draft Prefix Registration November 2024 +-----+ +-----+ +-----+ +-----+ +-----+ |P1::c| |P2::d| |P2::e| |P1::f| |P1::g| +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ | | | | | ----+--+------+---------+-+-------+---------+---- | | +---+---+ +---+---+ | P1::a | | P2::b | | 6LR1 | | 6LR2 | +----+--+ +-------+ | .... . . .. ... Figure 2: Shared Link Say that 6LR1 is the router providing access to the outside, and 6LR2 is aware of 6LR1 as its default gateway. With this specification, 6LR2 registers P2:: to 6LR1 and 6LR1 installs a route to P2:: via 6LR2. This way, addresses that derive from P2:: can still be reached via 6LR1 and then 6LR2. 6LR2 may then leverage ICMP Redirect messages [RFC4861] to shorten the path between 6LR1 and the nodes that own those addresses. If P2 was delegated by 6LR1, then the expectation is that 6LR1 aggregates P1:: and P2:: in its advertisements to the outside, and there is no need to set the R flag. But unless 6LR2 knows about such a situation, e.g., through configuration, 6LR2 SHOULD set the R flag requesting 6LR1 to advertise P2:: so as to obtain reachability. 3.3. Hub Link A hub link is a situation where stub links are deployed around a hub link and interconnected by routers. Figure 3 depicts such a situation, with one router 6LR1 serving the hub link and at least one router like 6LR2 and 6LR3 providing connectivity from the stub links to the hub link. In this example, say that there is one prefix on each link, P1:: on the hub link and P2:: and P3:: on the stub links. Thubert Expires 9 May 2025 [Page 9] Internet-Draft Prefix Registration November 2024 +-----+ +-----+ +-----+ +-----+ +-----+ |P2::s| |P2::d| |P2::e| |P2::f| |P2::g| +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ | | | | | ----+----+----+---------+----STUB-+-LINK----+----- | +---+---+ +-------+ . | P2::r | | | .. . . | 6LR2 | | 6LR1 +--- . . .. | P1::b | | P1::a | . ... +---+---+ +---+---+ . ... | | -------+-+---------+--HUB-LINK--+-----+-- | | | +---+---+ +--+--+ +--+--+ | P1::c | |P1::n| |P1::q| | 6LR3 | +-----+ +-----+ | P3::m | +---+---+ | ----+--+------+---------+----STUB-+-LINK----+----- | | | | | +--+--+ +--+--+ +--+--+ +--+--+ +--+--+ |P3::h| |P3::i| |P3::j| |P3::k| |P3::a| +-----+ +-----+ +-----+ +-----+ +-----+ Figure 3: Hub and Stubs As before, say that 6LR1 is the router providing access to the outside, and 6LR2 is aware of 6LR1 as its default gateway. With this specification, 6LR2 registers P2:: to 6LR1 and 6LR1 installs a route to P2:: via 6LR2. This way, nodes on the stub link behind 6LR2 that derive their addresses from P2:: can still be reached via 6LR1 and then 6LR2. The same goes for 6LR3 and any other routers serving stub links. If P2 was delegated by 6LR1, then the expectation is that 6LR1 aggregates P1:: and P2:: in its advertisements to the outside, and there is no need to set the R flag. But unless 6LR2 knows about such a situation, e.g., through configuration, 6LR2 SHOULD set the R flag requesting 6LR1 to advertise P2:: so as to obtain reachability. Thubert Expires 9 May 2025 [Page 10] Internet-Draft Prefix Registration November 2024 4. Updating RFC 4861 [RFC4861] expects that the NS/NA exchange is for a unicast address, which is indicated in the Target Address field of the ND message. This specification Amends [RFC4861] by allowing a 6LN to advertise a prefix in the Target Address field when the NS or NA message is used for a registration, per section 5.5 of [RFC8505]; in that case, the prefix length is indicated in the EARO of the NS message, overloading the field that is used in the NA response for the Status. 5. Extending RFC 7400 This specification Extends "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)" [RFC7400] by defining a new capability bit for use in the 6CIO. [RFC7400] was already extended by [RFC8505] for use in IPv6 ND messages. The new "Registration for prefixes Supported" (F) flag indicates to the 6LN that the 6LR accepts IPv6 prefix registrations as specified in this document and will ensure that packets for the addresses that match this prefix will be routed to the 6LNs that registered the prefix, and the route to the prefix will be redistributed if the R flag is set to 1. Figure 4 illustrates the F flag in its position (7, counting 0 to 15 in network order in the 16-bit array), to be confirmed by IANA, and updated by RFC Editor if needed. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length = 1 | Reserved |F|X|A|D|L|B|P|E|G| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: New Capability Bit in the 6CIO New Option Field: X 1-bit flag: "Registration for prefixes Supported" Thubert Expires 9 May 2025 [Page 11] Internet-Draft Prefix Registration November 2024 6. Updating RFC 6550 [RFC6550] uses the Path Sequence in the Transit Information Option (TIO) to retain only the freshest unicast route and remove stale ones, e.g., in the case of mobility. [RFC9010] copies the TID from the EARO into the Path Sequence, and the ROVR field into the associated RPL Target Option (RTO). This way, it is possible to identify both the registering node and the order of registration in RPL for each individual advertisement, so the most recent path and lifetime values are used. [I-D.ietf-6lo-multicast-registration] requires the use of the ROVR field as the indication of the origin of a Target advertisement in the RPL DAO messages, as specified in section 6.1 of [RFC9010]. For anycast and multicast advertisements (in NS or DAO messages), multiple origins may subscribe to the same address, in which case the multiple advertisements from the different or unknown origins are merged by the common parent; in that case, the common parent becomes the origin of the merged advertisements and uses its own ROVR value. On the other hand, a parent that propagates an advertisement from a single origin uses the original ROVR in the propagated RTO, as it does for unicast address advertisements, so the origin is recognized across multiple hops. This specification Extends [RFC6550] to require that, for prefix routes, the Path Sequence is used between and only between advertisements for the same Target and from the same origin (i.e., with the same ROVR value); in that case, only the freshest advertisement is retained. But the freshness comparison cannot apply if the origin is not determined (i.e., the origin did not support this specification). [RFC6550] uses the Path Lifetime in the TIO to indicate the remaining time for which the advertisement is valid for unicast route determination, and a Path Lifetime value of 0 invalidates that route. [RFC9010] maps the Address Registration lifetime in the EARO and the Path Lifetime in the TIO so they are comparable when both forms of advertisements are received. The RPL router that merges multiple advertisements for the same prefix uses and advertises the longest remaining lifetime across all the origins of the advertisements for that prefix. When the lifetime expires, the router sends a no-path DAO (i.e., the lifetime is 0) using the same value for ROVR value as for the previous advertisements, that is either itself or the single descendant that advertised the Target. Thubert Expires 9 May 2025 [Page 12] Internet-Draft Prefix Registration November 2024 Note that the Registration Lifetime, TID and ROVR fields are also placed in the EDAR message so the state created by EDAR is also comparable with that created upon an NS(EARO) or a DAO message. For simplicity the text below mentions only NS(EARO) but applies also to EDAR. 7. Updating RFC 8505 7.1. New P field value [I-D.ietf-6lo-multicast-registration] defines a P-field of 2 bits and defines the values 0 to 2, leaving the value of 3 reserved. This specification adds a new value to the P field to signal that the Registered Address is a prefix. The receiver installs a route to the prefix via the sender's address used as source address in the NS(EARO) registration message. This specification assigns the value of 3, resulting in the complete table as follows: +-------+--------------------------------------+ | Value | Meaning | +-------+--------------------------------------+ | 0 | Registration for a Unicast Address | +-------+--------------------------------------+ | 1 | Registration for a Multicast Address | +-------+--------------------------------------+ | 2 | Registration for an Anycast Address | +-------+--------------------------------------+ | 3 | Registration for a Unicast prefix | +-------+--------------------------------------+ Table 1: P-field Values 7.2. New EARO Prefix Length Field and F Flag Section 4.1 of [RFC8505] defines the EARO as an extension to the ARO option defined in [RFC6775]. The Status Field that is used only when the EARO is placed in an NA message. This specification repurposes that field to carry the prefix length (plen) when the EARO is placed in an NS message as illustrated in Figure 5. The plen is expressed as 7 bits and the most significant bit of the field is reserved. A 7-bit value of 0 is understood as a truncated 128, meaning that this registration is for an address as opposed to a prefix. This approach is backward compatible with [RFC8505] and spans both addresses and prefixes. Thubert Expires 9 May 2025 [Page 13] Internet-Draft Prefix Registration November 2024 This specification adds a new F flag to signal that the Registered Prefix is topologically correct through the Registering Node. This means that the Registering Node can relay packets that are sourced in the Registered Prefix to the outside, and the packets will be not be filtered by the application of [BCP38]. The receiver forwards packets to the Registering Node address when the source address of the packets derives from the Registered Prefix. Note that to avoid loops, the receiver must be in the inside so packets sent by the sender towards the outside may never reach the receiver. The notion of inside and outside are administratively defined, e.g., inside is a particular Layer-2 network such as an Ethernet fabric. When the F flag is not set, the Registering Node owns the prefix and will deliver packets to the destination if the destination address derives from the prefix. Conversely, if the F flag is set, the Registering Node will forward traffic whose source address derives from the Registered Prefix into a network location (e.g., to an ISP Provider Edge) where this source address is topologically correct (e.g., derives from a prefix assigned by that ISP). The F flag is encoded in the most significant bit of the EARO status field when the status field is used to transport a Prefix Length as shown in Figure 5. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length |F|PrefixLength | Opaque | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | P | I |R|T| TID | Registration Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ... Registration Ownership Verifier ... | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: EARO Option Format in NS messages New and updated Option Fields: PrefixLength 8-bit field: This field contains a prefix length expressed in bits if the P field is set to 3 and the EARO is placed in an NS message. The field contains a Status if the EARO is placed in an NA message regardless of the setting of the P flag. In all other cases it is reserved, so it MUST be set to 0 by the sender and ignored by the receiver. F: 1-bit flag; set to 1 to indicate that the sender expects other Thubert Expires 9 May 2025 [Page 14] Internet-Draft Prefix Registration November 2024 routers to forward packets to self when the packets are sourced with the registered prefix. 7.3. New EDAR Prefix Length Field This specification adds the new value of 3 to the P field to signal that the Registered Address is a prefix. When that is the case, the prefix is assumed to be less than 120 bits long, padded with zeros up to 120 bits, and the remaining 8 bits are dedicated to the prefix length. Figure 6 illustrates the EDAR message when the value of the P field is 3. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type |CodePfx|CodeSfx| Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |P=3| Reserved | TID | Registration Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ... Registration Ownership Verifier (ROVR) ... | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Prefix + | | + (up to 120 bits, padded with 0s) + | | + +-+-+-+-+-+-+-+-+ | | Prefix Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6: EDAR Message Format with P == 3 New and updated Option Fields: Reserved 6-bit field: reserved, MUST be set to 0 and ignored by the receiver Prefix 15 bytes: up to 120 bits of prefix, padded with zeros Prefix Length 1-bit flag: length of the prefix, in bits Thubert Expires 9 May 2025 [Page 15] Internet-Draft Prefix Registration November 2024 7.4. Registering Extensions With [RFC8505]: * A router that expects to reboot may send a final RA message, upon which nodes should register elsewhere or redo the registration to the same router upon reboot. In all other cases, a node reboot is silent. When the node comes back to life, existing registration state might be lost if it was not persisted, e.g., in persistent memory. * Only unicast addresses can be registered. * The 6LN must register all its ULA and GUA with a NS(EARO). * The 6LN may set the R flag in the EARO to obtain return reachability services by the 6LR, e.g., through ND proxy operations, or by injecting the route in a route-over subnet. * The 6LR maintains a registration state per Registered Address, including an NCE with the Link Layer Address (LLA) of the Registered Node (the 6LN here). This specification adds the following behavior, similar to that introduced by [I-D.ietf-6lo-multicast-registration] for multicast addresses: * The operation for registering prefixes is similar as for addresses from the perspective of the 6LN, but shows important differences on the router side, which maintains a separate state for each origin and merges them in its own advertisements. * The ARO Status indicating a "Registration Refresh Request" applies to prefixes as well. This status is used in asynchronous NA(EARO) messages to indicate to peer 6LNs that they are requested to reregister all addresses and prefixes that were previously registered to the originating node. The NA message MAY be sent to a unicast or a multicast link-scope address and SHOULD be contained within the L2 range where nodes may effectively have registered/subscribed to this router, e.g., a radio broadcast domain to preserve energy and spectrum. A device that wishes to refresh its state, e.g., upon reboot if it may have lost some registration state, SHOULD send an asynchronous NA(EARO) with this new status value. That asynchronous NA(ARO) SHOULD be sent to the all-nodes link scope multicast address Thubert Expires 9 May 2025 [Page 16] Internet-Draft Prefix Registration November 2024 (FF02::1) and Target MUST be set to the link local address that was exposed previously by this node to accept registrations, and the TID MUST be set to 0. In an unreliable environment, the multicast NA(EARO) message may be resent in a fast sequence, in which case the TID is incremented each time. A 6LN that has recently processed the NA(ARO) ignores the NA(EARO) with a newer TID received within the duration of the fast sequence. That duration depends on the environment and has to be configured. By default, it is of 10 seconds. * Registration for prefixes is now supported. The value of 3 in the P field of the EARO and the EDAR message signals when the registration is for a prefix as opposed to an address. DAD for prefixes and addresses becomes a prefix overlap match. Whether overlapping addresses and prefixes may be registered is a network policy decision and out of scope. The same prefix may be injected twice (multiple routes) as long as they use the same value of the ROVR. Overlaps may be desirable. It may happen for instance that a proxy registers a prefix while a host using an address from that prefix also registers. It might also occur that an aggregated prefix is owned as a catch all, and subdivided into subnets that are allocated to and then registered by other nodes. In case of an overlapping registration, the longest match wins, meaning that if the network policy allows for overlapping registrations, then the routes for the registered prefixes are installed towards the node that registered with the longest match, all the way to /128. * If the 6LR acts as a router to prefixes or owns the prefixes entirely, it SHOULD register all those prefixes on all interfaces from which it might be needed to relay traffic to that prefix, and it MUST set the P field in the EARO to 3 for those prefixes. * The 6LN MAY set the R flag in the EARO to request the 6LR to redistribute the prefix on other links using a routing protocol. The 6LR MUST NOT reregister that prefix to yet another router as it may create a loop. * The 6LR and the 6LBR are extended to accept more than one registration for the same prefix, since multiple 6LNs may register it. The Registration Ownership Verifier (ROVR) in the EARO identifies uniquely a registration within the namespace of the Registered Prefix. Thubert Expires 9 May 2025 [Page 17] Internet-Draft Prefix Registration November 2024 * The 6LR MUST maintain a registration state per tuple (IPv6 prefix/ length, ROVR) for all registered prefixes. It SHOULD notify the 6LBR with an EDAR message, unless it determined that the 6LBR is legacy and does not support this specification (see Section 5). In turn, the 6LBR MUST maintain a registration state per tuple (IPv6 prefix, ROVR) for all prefixes. 8. Updating RFC 9010 With [RFC9010]: * The 6LR injects only unicast routes in RPL. * Upon a registration with the R flag set to 1 in the EARO, the 6LR injects the address in the RPL unicast support. * Upon receiving a packet directed to a unicast address for which it has an active registration, the 6LR delivers the packet as a unicast layer-2 frame to the LLA of the node that registered the unicast address. This specification adds the following behavior: * Upon a registration with the R flag set to 1 and the P field set to 3 in the EARO, the 6LR injects the prefix in RPL using a prefix RTO. The P field in the RTP MUST be set to 3. * Upon receiving a packet directed to an address that derives from a prefix for which it has at least one registration, the 6LR delivers a copy of the packet as a unicast layer-2 frame to the LLA of exactly one of the nodes that registered to that prefix, using the longest match derivation to find the best 6LN. 9. Updating RFC 8928 Address-Protected Neighbor Discovery for Low-Power and Lossy Networks [RFC8928] was defined to protect the ownership of unicast IPv6 addresses that are registered with [RFC8505]. With [RFC8928], it is possible for a node to autoconfigure a pair of public and private keys and use them to sign the registration of addresses that are either autoconfigured or obtained through other methods. The first hop router (the 6LR) can then validate a registration and perform source address validation on packets coming from the sender node (the 6LN). Thubert Expires 9 May 2025 [Page 18] Internet-Draft Prefix Registration November 2024 Prefixes are not always owned by one node. Multiple nodes may register the same prefix. In that context, the method specified in [RFC8928] cannot be used with node-local autoconfigured keypairs which protect a single ownership only. For a prefix, as for an anycast or a multicast address, it is still possible to leverage [RFC8928] to enforce the right to register. If [RFC8928] is used, a keypair MUST be created and associated with the prefix before the prefix is deployed, and a ROVR MUST be generated from that keypair as specified in [RFC8928]. The prefix and the ROVR MUST then be installed in the 6LBR at the first registration, or by an external mechanism such as IP Address Management (IPAM) or DHCPv6 snooping prior to the first registration. This way, the 6LBR can recognize the prefix on the future registrations and validate the right to register based on the ROVR. The keypair MUST then be provisioned in each node that needs to register the prefix or a prefix within, so the node can follow the steps in [RFC8928] to register the prefix. Upon receiving an NA Message with the status set to 5 "Validation Requested", the node that registered the address or prefix performs the proof of ownership based on that longest match. 10. Security Considerations This specification extends [RFC8505], and the security section of that document also applies to this document. In particular, the link layer SHOULD be sufficiently protected to prevent rogue access. Section 9 leverages [RFC8928] to prevent a rogue node to register a unicast address that it does not own. The mechanism could be extended to anycast and multicast addresses if the values of the ROVR they use is known in advance, but how this is done is not in scope for this specification. One way would be to authorize in advance the ROVR of the valid users. A less preferred way could be to synchronize the ROVR and TID values across the valid registering nodes as a preshared key material. In the latter case, it could be possible to update the keys associated to a prefix in all the 6LNs, but the flow is not clearly documented and may not complete in due time for all nodes in LLN use cases. It may be simpler to install an all-new address with new keys over a period of time, and switch the traffic to that address when the migration is complete. Thubert Expires 9 May 2025 [Page 19] Internet-Draft Prefix Registration November 2024 11. Backward Compatibility A legacy 6LN will not register prefixes and the service will be the same when the network is upgraded. A legacy 6LR will not set the F flag in the 6CIO and an upgraded 6LN will not register prefixes. Upon an EDAR message, a legacy 6LBR may not realize that the address being registered is anycast or multicast, and return that it is duplicate in the EDAC status. The 6LR MUST ignore a duplicate status in the EDAR for anycast and multicast addresses. 12. IANA Considerations Note to RFC Editor, to be removed: please replace "This RFC" throughout this document by the RFC number for this specification once it is allocated. IANA is requested to make changes under the "Internet Control Message Protocol version 6 (ICMPv6) Parameters" [IANA.ICMP] and the "Routing Protocol for Low Power and Lossy Networks (RPL)" [IANA.RPL] registry groupings, as follows: 12.1. Updated P-Field Registry This specification updates the P field introduced in [I-D.ietf-6lo-multicast-registration] to assign the value of 3, which is the only remaining unassigned value for the 2-bit field. To that effect, IANA is requested to update the "P-field values" registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 2: +-------+---------------------------+-----------+ | Value | Meaning | Reference | +-------+---------------------------+-----------+ | 3 | Registration for a prefix | This RFC | +-------+---------------------------+-----------+ Table 2: New P-field value 12.2. New 6LoWPAN Capability Bit IANA is requested to make an addition to the "6LoWPAN Capability Bits" [IANA.ICMP.6CIO] registry under the heading "Internet Control Message Protocol version 6 (ICMPv6) Parameters" as indicated in Table 3: Thubert Expires 9 May 2025 [Page 20] Internet-Draft Prefix Registration November 2024 +----------------+--------------------------+-----------+ | Capability Bit | Meaning | Reference | +----------------+--------------------------+-----------+ | 7 (suggested) | F flag: Registration for | This RFC | | | prefixes Supported (F) | | +----------------+--------------------------+-----------+ Table 3: New 6LoWPAN Capability Bit 13. Acknowledgments Many thanks to Dave Thaler and Dan Romascanu for their early INT-DIR review. 14. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, DOI 10.17487/RFC4861, September 2007, . [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007, . [RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J., Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, JP., and R. Alexander, "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks", RFC 6550, DOI 10.17487/RFC6550, March 2012, . [RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C. Bormann, "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 6775, DOI 10.17487/RFC6775, November 2012, . [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November 2014, . Thubert Expires 9 May 2025 [Page 21] Internet-Draft Prefix Registration November 2024 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, . [RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C. Perkins, "Registration Extensions for IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, . [RFC8928] Thubert, P., Ed., Sarikaya, B., Sethi, M., and R. Struik, "Address-Protected Neighbor Discovery for Low-Power and Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November 2020, . [RFC9010] Thubert, P., Ed. and M. Richardson, "Routing for RPL (Routing Protocol for Low-Power and Lossy Networks) Leaves", RFC 9010, DOI 10.17487/RFC9010, April 2021, . [IANA.ICMP] IANA, "IANA Registry for ICMPv6", IANA, https://www.iana.org/assignments/icmpv6-parameters/ icmpv6-parameters.xhtml. [IANA.ICMP.6CIO] IANA, "IANA Registry for the 6LoWPAN Capability Bits", IANA, https://www.iana.org/assignments/icmpv6-parameters/ icmpv6-parameters.xhtml#sixlowpan-capability-bits. [IANA.RPL] IANA, "IANA Registry for the RPL", IANA, https://www.iana.org/assignments/rpl/rpl.xhtml. [I-D.ietf-6lo-multicast-registration] Thubert, P., "IPv6 Neighbor Discovery Multicast and Anycast Address Listener Subscription", Work in Progress, Internet-Draft, draft-ietf-6lo-multicast-registration-19, 16 May 2024, . 15. Informative References Thubert Expires 9 May 2025 [Page 22] Internet-Draft Prefix Registration November 2024 [BCP38] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, DOI 10.17487/RFC2827, May 2000, . [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals", RFC 4919, DOI 10.17487/RFC4919, August 2007, . [RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, DOI 10.17487/RFC6282, September 2011, . [RFC9008] Robles, M.I., Richardson, M., and P. Thubert, "Using RPI Option Type, Routing Header for Source Routes, and IPv6- in-IPv6 Encapsulation in the RPL Data Plane", RFC 9008, DOI 10.17487/RFC9008, April 2021, . [I-D.kuehlewind-update-tag] Kühlewind, M. and S. Krishnan, "Definition of new tags for relations between RFCs", Work in Progress, Internet-Draft, draft-kuehlewind-update-tag-04, 12 July 2021, . [I-D.heile-lpwan-wisun-overview] Robert, H., Liu, B. R., Zhang, M., and C. E. Perkins, "Wi- SUN FAN Overview", Work in Progress, Internet-Draft, draft-heile-lpwan-wisun-overview-00, 3 July 2017, . [I-D.ietf-6man-ipv6-over-wireless] Thubert, P. and M. Richardson, "Architecture and Framework for IPv6 over Non-Broadcast Access", Work in Progress, Internet-Draft, draft-ietf-6man-ipv6-over-wireless-06, 23 May 2024, . [IEEE802154] IEEE standard for Information Technology, "IEEE Std 802.15.4, Part. 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks". Thubert Expires 9 May 2025 [Page 23] Internet-Draft Prefix Registration November 2024 [IEEE80211] IEEE standard for Information Technology, "IEEE Standard 802.11 - IEEE Standard for Information Technology - Telecommunications and information exchange between systems Local and metropolitan area networks - Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.", . [IEEE802151] IEEE standard for Information Technology, "IEEE Standard for Information Technology - Telecommunications and Information Exchange Between Systems - Local and Metropolitan Area Networks - Specific Requirements. - Part 15.1: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Wireless Personal Area Networks (WPANs)". Author's Address Pascal Thubert (editor) 06330 Roquefort-les-Pins France Email: pascal.thubert@gmail.com Thubert Expires 9 May 2025 [Page 24]