rfc8929xml2.original.xml   rfc8929.xml 
<?xml version="1.0" encoding="UTF-8"?>
<!-- updated by Chris 04/09/20 -->
<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="
std" consensus="true" ipr='trust200902' tocInclude="true" sortRefs="true" symRef
s="true" obsoletes="" updates="6775, 8505" xml:lang="en" version="3" docName="dr
aft-ietf-6lo-backbone-router-20" number="8929">
<front>
<title>IPv6 Backbone Router</title>
<seriesInfo name="RFC" value="8929"/>
<author fullname='Pascal Thubert' initials='P.' role='editor' surname='Thube
rt'>
<organization abbrev='Cisco Systems'>Cisco Systems, Inc.</organization>
<address>
<postal>
<extaddr>Building D</extaddr>
<street>45 Allee des Ormes - BP1200</street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>France</country>
</postal>
<phone>+33 497 23 26 34</phone>
<email>pthubert@cisco.com</email>
</address>
</author>
<!--[rfced] Charles - please review contact information to ensure
that it appears as desired (i.e., no state is listed in postal
address: should it be added or should Saratoga and the zip code
be deleted as well?). -->
<author fullname='Charles E. Perkins' initials='C.E.' surname='Perkins'>
<organization>Blue Meadow Networking</organization>
<address>
<postal>
<street/>
<city>Saratoga</city>
<region/>
<code>95070</code>
<country>United States of America</country>
</postal>
<phone/>
<email>charliep@computer.org</email>
</address>
</author>
<author fullname='Eric Levy-Abegnoli' initials='E.' surname='Levy-Abegnoli'>
<organization abbrev='Cisco Systems'>Cisco Systems, Inc.</organization>
<address>
<postal>
<extaddr>Building D</extaddr>
<street>45 Allee des Ormes - BP1200</street>
<city>MOUGINS - Sophia Antipolis</city>
<code>06254</code>
<country>France</country>
</postal>
<phone>+33 497 23 26 20</phone>
<email>elevyabe@cisco.com</email>
</address>
</author>
<date year="2020" month="October" />
<area>Internet</area>
<workgroup>6lo</workgroup>
<!-- [rfced] Please insert any keywords (beyond those that appear in
the title) for use on https://www.rfc-editor.org/search. -->
<abstract>
<t>
This document updates RFCs 6775 and 8505 in order to enable
proxy services for IPv6 Neighbor Discovery by Routing Registrars
called "Backbone Routers".
Backbone Routers are placed along the wireless edge of a Backbone and
federate multiple wireless links to form a single Multi-Link
Subnet (MLSN).
</t>
</abstract>
</front>
<middle>
<section anchor='introduction'><name>Introduction</name>
<t>
Ethernet bridging per IEEE Std 802.1 <xref target='IEEEstd8021'/>
provides an efficient and reliable broadcast service for wired
networks; applications and protocols have been built that heavily
depend on that feature for their core operation. Unfortunately,
Low-Power and Lossy Networks (LLNs) and local wireless networks generally
do not provide the broadcast capabilities of Ethernet bridging in an
economical fashion.
</t>
<t>
As a result, protocols designed for bridged networks that rely
on multicast and broadcast often exhibit disappointing behaviors
when employed unmodified on a local wireless medium (see
<xref target='I-D.ietf-mboned-ieee802-mcast-problems'/>).
</t>
<t>
Wi-Fi <xref target='IEEEstd80211'></xref> Access Points (APs)
deployed in an Extended Service Set (ESS) act as Ethernet bridges
<xref target='IEEEstd8021'/>, with the property that the bridging
state is established at the time of association. This ensures
connectivity to the end node (the Wi-Fi Station (STA)) and protects the w
ireless medium
against broadcast-intensive transparent bridging reactive lookups.
<!--[rfced] Please confirm if this author comment has already been addressed
in the text:
CEP: citation needed for Transparent Bridging.
Original:
This ensures connectivity to the end node (the Wi-Fi
STA) and protects the wireless medium against broadcast-intensive
Transparent Bridging reactive Lookups.
-->
<!-- CEP: citation needed for Transparent Bridging. -->
In other words, the association process is used to register the Medium Ac
cess Control (MAC)
address of the STA to the AP. The AP subsequently proxies the
bridging operation and does not need to forward the broadcast lookups
over the radio.
</t>
<t>
In the same way as transparent bridging, the IPv6 <xref target='RFC8200'
/>
Neighbor Discovery (IPv6 ND) protocol <xref target='RFC4861'/> <xref tar
get='RFC4862'/>
is a reactive protocol, based on multicast
transmissions to locate an on-link correspondent and ensure the
uniqueness of an IPv6 address. The mechanism for Duplicate Address
Detection (DAD) <xref target='RFC4862'/> was designed for
the efficient broadcast operation of Ethernet bridging.
Since broadcast can be unreliable over wireless media, DAD often
fails to discover duplications
<xref target='I-D.yourtchenko-6man-dad-issues'/>. In practice, the fact
that IPv6 addresses very rarely conflict is mostly attributable to the entropy o
f the 64-bit Interface IDs as opposed to the successful operation of the IPv6 ND
DAD and resolution mechanisms.</t>
<t>
The IPv6 ND Neighbor Solicitation (NS) <xref target='RFC4861'/> message
is used for DAD and address lookup when a node moves or wakes up and
reconnects to the wireless network. The NS message is targeted to a
Solicited-Node Multicast Address (SNMA) <xref target='RFC4291'/> and
should, in theory, only reach a very small group of nodes. But, in
reality, IPv6 multicast messages are typically broadcast on the
wireless medium, so they
are processed by most of the wireless nodes over the subnet (e.g., the
ESS fabric) regardless of how few of the nodes are subscribed to the
SNMA. As a result, IPv6 ND address lookups and DADs over a large
wireless network and/or LLN can consume enough
bandwidth to cause a substantial degradation to the unicast traffic
service.</t>
<t>
Because IPv6 ND messages sent to the SNMA group are broadcast at the
radio MAC layer, wireless nodes that do not belong to the SNMA group
still have to keep their radio turned on to listen to multicast NS
messages, which is a waste of energy for them. In order to
reduce their power consumption, certain battery-operated devices such
as Internet of Things (IoT) sensors and smartphones ignore some of the br
oadcasts, making
IPv6 ND operations even less reliable.
</t>
<t>
These problems can be alleviated by reducing the IPv6 ND broadcasts
over wireless access links. This has been done by splitting the broadcas
t
domains and routing between subnets to the extreme by assigning
a /64 prefix to each wireless node (see <xref target='RFC8273'/>).
But deploying a single large subnet can still be attractive to avoid
renumbering in situations that involve large numbers of devices and mobility
within a bounded area.
</t>
<t>
A way to reduce the propagation of IPv6 ND broadcast in the wireless doma
in
while preserving a large single subnet is to form a Multi-Link Subnet (MLSN)
.
Each Link in the MLSN, including the backbone, is its own broadcast domain.
A key property of MLSNs is that Link-Local unicast traffic, link-scope multi
cast, and traffic with a hop limit of 1 will not transit to nodes in the same su
bnet on a different link, which is something that may produce unexpected behavio
r in software that expects a subnet to be entirely contained within a single lin
k.
</t>
<t>
This specification considers a special type of MLSN with a central backbone
that federates edge (LLN) links, with each Link providing its own protection aga
inst rogue access and tempering or replaying packets. In particular, the use of
classical IPv6 ND on the backbone requires that the all nodes are trusted and th
at rogue access
to the backbone is prevented at all times (see <xref target='sec'/>).
</t>
<t>
In that particular topology, ND proxies can be placed at the boundary of the
edge links and the backbone to handle IPv6 ND on behalf of Registered Nodes and
to forward IPv6 packets back and forth.
The ND proxy enables the continuity of IPv6 ND operations beyond the backbon
e and enables communication using Global or Unique Local Addresses between any p
air of nodes in the MLSN.
</t>
<t>
The 6LoWPAN Backbone Router (6BBR) is a Routing Registrar <xref target='RFC8
505'/> that provides proxy-ND services.
A 6BBR acting as a Bridging Proxy provides a proxy-ND function with Layer 2
continuity and can be
collocated with a Wi-Fi AP as prescribed by IEEE Std 802.11 <xref target='IE
EEstd80211'></xref>. A 6BBR acting as a Routing Proxy is applicable to any type
of LLN, including LLNs that cannot be bridged onto the backbone, such as IEEE St
d 802.15.4 <xref target='IEEEstd802154'></xref>.
</t>
<t>
Knowledge of which address to proxy can be obtained by snooping the
IPv6 ND protocol (see <xref target='I-D.bi-savi-wlan'/>), but it has been
found to be unreliable.
An IPv6 address may not be discovered immediately due to a packet loss or if
a "silent" node
is not currently using one of its addresses. A change of state (e.g.,
due to movement) may be missed or misordered, leading to unreliable
connectivity and incomplete knowledge of the state of the network.
</t>
<t>
With this specification, the address to be proxied is signaled explicitly th
rough a registration process.
A 6LoWPAN Node (6LN) registers all of its IPv6 Addresses using NS messages w
ith an Extended Address Registration Option (EARO) as specified in <xref target=
'RFC8505'/> to a 6LoWPAN Router (6LR) to which it is directly attached.
If the 6LR is a 6BBR, then the 6LN is both the Registered Node and the Regis
tering Node. If not, then the 6LoWPAN Border Router (6LBR) that serves the LLN p
roxies the registration to the 6BBR. In that case, the 6LN is the Registered Nod
e and the 6LBR is the Registering Node.
The 6BBR performs IPv6 ND operations on its Backbone interface on behalf of
the 6LNs that have registered addresses on its LLN interfaces, without the need
of a broadcast over the wireless medium.
</t>
<t>
A Registering Node that resides on the backbone does not register to the SNM
A groups associated to its Registered Addresses and defers to the 6BBR to answer
or preferably forward the corresponding multicast packets to it as unicast.
</t>
</section>
<section><name>Terminology</name>
<section anchor='bcp'><name>Requirements Language</name>
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
be interpreted as
described in BCP&nbsp;14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t>
</section>
<section anchor='new'><name>New Terms</name>
<t>
This document introduces the following terminology:
</t><dl>
<dt>Federated:</dt><dd>
A subnet that comprises a Backbone, and one or more (wireless)
access links, is said to be federated into one MLSN.
The proxy-ND operation of 6BBRs over the Backbone extends IPv6 ND ope
ration over the access links.
</dd>
<dt>Sleeping Proxy:</dt><dd>
A 6BBR acts as a Sleeping Proxy if it answers IPv6 ND NSs over the Back
bone on behalf of the Registering
Node that is in a sleep state and that cannot answer in due time.
</dd>
<dt>Routing Proxy:</dt><dd>
A Routing Proxy provides IPv6 ND proxy functions and enables the
MLSN operation over federated links that may not be compatible for
bridging. The Routing Proxy advertises its own MAC
address as the Target Link-Layer Address (TLLA) in the proxied Neighbor
Advertisements (NAs)
over the Backbone and routes
at the network layer between the federated links.
</dd>
<dt>Bridging Proxy:</dt><dd>
A Bridging Proxy provides IPv6 ND proxy functions while preserving
forwarding continuity at the MAC layer.
<!--[rfced] Should this text be made "IPv6 proxy-ND functions" where
it occurs (more than one location)?
Original:
A Bridging Proxy provides IPv6 ND proxy functions while preserving
forwarding continuity at the MAC layer.
...
A Routing Proxy provides IPv6 ND proxy functions for Global and Unique
Local Addresses between the LLN and the backbone, but not for Link-Local
addresses
...
A Bridging Proxy provides IPv6 ND proxy functions between the LLN and the
backbone while preserving the forwarding continuity at the MAC layer.
-->
In
that case, the MAC address and the mobility of the Registering Node is
visible across the bridged Backbone. The Bridging Proxy advertises
the MAC address of the Registering Node as the TLLA in the proxied NAs
over the Backbone, and it proxies ND for all unicast addresses including
Link-Local Addresses.
<!--[rfced] We updated "NS Lookup" to be "NS(Lookup)" in the following
sentence for consistency, and we updated "and let it respond on
its own" to "so it can respond on its own" for clarity. If this
is not correct, please let us know.
Original:
Instead of replying on
behalf of the Registering Node, a Bridging Proxy will preferably
forward the NS Lookup and NUD messages that target the Registered
Address to the Registering Node as unicast frames and let it
respond in its own.
Current:
Instead of replying on
behalf of the Registering Node, a Bridging Proxy will preferably
forward the NS(Lookup) and Neighbor Unreachability Detection (NUD)
messages that target the Registered Address to the Registering Node
as unicast frames, so it can respond on its own.
-->
Instead of replying on behalf of the Registering Node, a Bridging Proxy
will preferably forward the NS(Lookup) and Neighbor Unreachability Detec
tion (NUD) messages that target the
Registered Address to the Registering Node as unicast frames, so it can
respond in its own.
</dd>
<dt>Binding Table:</dt><dd>
The Binding Table is an abstract database that is maintained by the
6BBR to store the state associated with its registrations.
</dd>
<dt>Binding:</dt><dd>
A Binding is an abstract state associated to one registration; in
other words, it's associated to one entry in the Binding Table.
</dd>
</dl>
</section>
<!--[rfced] Should the following abbreviations be added to Section 2.3?
AP
ESS
STA
MLSN
HA
MIPv6
HA
SLLAO
TLLAO
ODAD
MTU
-->
<section anchor='acronyms'><name>Abbreviations</name>
<t> This document uses the following abbreviations:
</t><dl spacing='compact' indent="12">
<dt>6BBR:</dt><dd>6LoWPAN Backbone Router </dd>
<dt>6LBR:</dt><dd>6LoWPAN Border Router </dd>
<dt>6LN:</dt><dd>6LoWPAN Node </dd>
<dt>6LR:</dt><dd>6LoWPAN Router </dd>
<dt>ARO:</dt><dd>Address Registration Option</dd>
<dt>DAC:</dt><dd>Duplicate Address Confirmation </dd>
<dt>DAD:</dt><dd>Duplicate Address Detection </dd>
<dt>DAR:</dt><dd>Duplicate Address Request</dd>
<dt>EARO:</dt><dd>Extended Address Registration Option</dd>
<dt>EDAC:</dt><dd>Extended Duplicate Address Confirmation </dd>
<dt>EDAR:</dt><dd>Extended Duplicate Address Request</dd>
<dt>DODAG:</dt><dd>Destination-Oriented Directed Acyclic Graph </dd>
<dt>ID:</dt><dd>Identifier </dd>
<dt>LLA:</dt><dd>Link-Layer Address (aka MAC address)</dd>
<dt>LLN:</dt><dd>Low-Power and Lossy Network </dd>
<dt>MAC:</dt><dd>Medium Access Control </dd>
<dt>NA:</dt><dd>Neighbor Advertisement </dd>
<dt>NCE:</dt><dd>Neighbor Cache Entry </dd>
<dt>ND:</dt><dd>Neighbor Discovery </dd>
<dt>NDP:</dt><dd>Neighbor Discovery Protocol </dd>
<dt>NS:</dt><dd>Neighbor Solicitation </dd>
<dt>NS(DAD):</dt><dd>NDP NS message used for the purpose of duplication a
voidance (multicast) </dd>
<dt>NS(Lookup):</dt><dd>NDP NS message used for the purpose of address re
solution (multicast) </dd>
<dt>NS(NUD):</dt><dd>NDP NS message used for the purpose of unreachabilit
y detection (unicast) </dd>
<dt>NUD:</dt><dd>Neighbor Unreachability Detection</dd>
<dt>RA:</dt><dd>Router Advertisement </dd>
<dt>ROVR:</dt><dd>Registration Ownership Verifier </dd>
<dt>RPL:</dt><dd>Routing Protocol for LLNs </dd>
<dt>RS:</dt><dd>Router Solicitation </dd>
<dt>SLLA:</dt><dd>Source Link-Layer Address</dd>
<dt>SNMA:</dt><dd>Solicited-Node Multicast Address </dd>
<dt>TID:</dt><dd>Transaction ID </dd>
<dt>TLLA:</dt><dd>Target Link-Layer Address</dd>
</dl>
</section>
<section anchor='lo'><name>References</name>
<t>
In this document, readers will encounter terms and concepts
that are discussed in the following documents:
</t>
<dl>
<dt>Classical IPv6 ND:</dt><dd>"Neighbor Discovery for IP version 6 (IPv6
)" <xref target='RFC4861'/>,
"IPv6 Stateless Address Autoconfiguration" <xref target='RFC4862'/>,
and
"Optimistic Duplicate Address Detection (DAD) for IPv6" <xref target=
'RFC4429'/>;</dd>
<dt>IPv6 ND over multiple links:</dt><dd> "Neighbor Discovery Proxies (ND Pr
oxy)"
<xref target='RFC4389'></xref> and
"Multi-Link Subnet Issues" <xref target='RFC4903'></xref>;</dd>
<dt>6LoWPAN:</dt><dd>"Problem Statement and Requirements for
IPv6 over Low-Power Wireless Personal Area Network (6LoWPAN)
Routing" <xref target='RFC6606'></xref>; and</dd>
<dt>6LoWPAN ND:</dt><dd>Neighbor Discovery Optimization for IPv6 over Low
-Power
Wireless Personal Area Networks (6LoWPANs) <xref target='RFC6775'
></xref>,
"Registration Extensions for IPv6 over Low-Power Wireless Persona
l Area Network (6LoWPAN) Neighbor Discovery" <xref target='RFC8505'></xref>,
and
"Address-Protected Neighbor Discovery for Low-Power and Lossy Networks"
<xref target='RFC8928'></xref>.</dd>
</dl>
</section>
</section>
<section anchor='overview'><name>Overview</name>
<t> This section and its subsections present a non-normative high-level view of
the operation of the 6BBR. The following sections cover the normative part.
</t>
<t>
<xref target='figBackbone'/> illustrates a Backbone Link that federates a
collection of LLNs as a single IPv6 subnet, with a number of 6BBRs
providing proxy-ND services to their attached LLNs.
</t>
<figure anchor='figBackbone'><name>Backbone Link and Backbone Routers</name>
<artwork><![CDATA[
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
| | | | | |
+------+ +------+ +------+
o Wireless side o o o o o o
o o o o o o o o o o o o o o o o o o o o
o o o o o o o o o o o o o o o o o o o
o o o o o o o o o LLN o o o o o o o o o
o o o o o o o o o o o o o o
o o o
]]></artwork></figure>
<t>
The LLN may be a hub-and-spoke access link such as (Low-Power)
IEEE Std 802.11 (Wi-Fi) <xref target='IEEEstd80211'/>
and IEEE Std 802.15.1 (Bluetooth) <xref target='IEEEstd802151'/>
or a Mesh-Under or a Route-Over network <xref target='RFC8505'/>.
The proxy state can be distributed across multiple 6BBRs attached to
the same Backbone.
</t>
<t>
The main features of a 6BBR are as follows:
</t>
<ul>
<li>
MLSN functions (provided by the 6BBR on the
backbone) performed on behalf of Registered Nodes
</li>
<li>
<t>
Routing Registrar services that reduce multicast within the LLN:
</t>
<ul spacing='compact' empty="true">
<li>- Binding Table management
</li>
<li>- failover, e.g., due to mobility
</li>
</ul>
</li>
</ul>
<t>
Each Backbone Router (6BBR) maintains a data structure for its
Registered Addresses called a Binding Table. The abstract data that
is stored in the Binding Table includes the Registered Address; anchor infor
mation on the Registering Node such as the connecting interface, Link-Local Addr
ess, and Link-Layer Address (LLA) of the Registering Node on that interface; the
EARO including ROVR and TID; a state that can be either Reachable, Tentative, o
r Stale; and other information such as a trust level that may be configured, e.g
., to protect a server. The combined Binding Tables
of all the 6BBRs on a backbone form a distributed database of Registered
Nodes
that reside in the LLNs or on the IPv6 Backbone.
</t>
<t>
Unless otherwise configured, a 6BBR does the following:
</t>
<ul>
<li>Creates a new entry in a Binding Table for a newly
Registered Address and ensures that the Address is not
duplicated over the Backbone.
</li>
<li>Advertises a Registered Address over the Backbone using an NA message
as
either unsolicited or a response to an NS message. This includes
joining the multicast group associated to the SNMA derived from the
Registered Address, as specified in
<xref target='RFC4861' sectionFormat="of" section="7.2.1"/>, over the Ba
ckbone.
</li>
<li>
<t>
The 6BBR <bcp14>MAY</bcp14> respond immediately as a proxy in lieu of the
Regsitering Node, e.g., if the Registering Node has a sleeping cycle that the 6B
BR does not want to interrupt or if the 6BBR has a recent state that is deemed f
resh enough to permit the proxied response. It is preferred, though, that the 6B
BR checks whether the Registering Node is still responsive on the Registered Add
ress. To that effect:
</t>
<!--[rfced] This sentence is lengthy. May we add a semicolon for
easier readability? Please let us know if this is agreeable or if
you prefer otherwise.
Original:
the 6BBR forwards the multicast DAD and Address Lookup messages
as a unicast MAC-Layer frames to the MAC address of the
Registering Node that matches the Target in the ND message, and
forwards as is the unicast Neighbor Unreachability Detection
(NUD) messages, so as to let the Registering Node answer with
the ND Message and options that it sees fit;
Perhaps:
the 6BBR forwards the multicast DAD and address lookup messages
as a unicast MAC-Layer frame to the MAC address of the
Registering Node that matches the target in the ND message; it
then forwards the unicast Neighbor Unreachability Detection
(NUD) messages as is, in order to let the Registering Node
answer with the ND Message and options that it sees fit.
-->
<dl spacing='compact' newline="true">
<dt> - as a Bridging Proxy:</dt>
<dd>the 6BBR forwards the multicast DAD and address lookup messages as a
unicast MAC-layer frame to the MAC address of the Registering Node that matches
the target in the ND message, and forwards as is the unicast Neighbor Unreachabi
lity Detection (NUD) messages so as to let the Registering Node answer with the
ND Message and options that it sees fit.</dd>
<dt> - as a Routing Proxy:</dt>
<dd>the 6BBR checks the liveliness of the Registering Node, e.g., using a
NUD verification, before answering on its behalf.</dd>
</dl>
</li>
<li> Delivers packets arriving from the LLN, using Neighbor Solicitation
messages to look up the destination over the Backbone. </li>
<li> Forwards or bridges packets between the LLN and the Backbone. </li>
<li> Verifies liveness for a registration, when needed. </li>
</ul>
<t>
The first of these functions enables the 6BBR to fulfill its
role as a Routing Registrar for each of its attached LLNs.
The remaining functions fulfill the role of the 6BBRs as the
border routers that federate the Multi-Link IPv6 Subnet.
</t>
<t>
The operation of IPv6 ND and proxy-ND are not mutually exclusive on the Back
bone, meaning that nodes attached to the Backbone and using IPv6 ND can transpar
ently interact with 6LNs that rely on a 6BBR to proxy-ND for them, whether the 6
LNs are reachable over an LLN or directly attached to the Backbone.
</t>
<t>
The registration mechanism <xref target='RFC8505'/> used to learn addresses
to be proxied may
coexist in a 6BBR with a proprietary snooping or the traditional bridging fu
nctionality of an AP, in order to support legacy LLN nodes that do not support t
his specification.
</t>
<t>
The registration to a proxy service uses an NS/NA exchange with EARO.
The 6BBR operation resembles that of a
Mobile IPv6 (MIPv6) <xref target='RFC6275'></xref> Home Agent (HA).
The combination of a 6BBR and a MIPv6 HA enables full mobility
support for 6LNs, inside and outside the links that form the subnet.
</t>
<t>
6BBRs perform IPv6 ND functions over the backbone as follows:
</t><ul >
<li>
The EARO <xref target='RFC8505'/> is used in IPv6 ND exchanges over
the Backbone between the 6BBRs to help distinguish duplication from move
ment.
Extended Duplicate Address Messages (EDAR and EDAC) may also be
used to communicate with a 6LBR, if one is present.
Address duplication is detected using the ROVR field.
Conflicting registrations to different 6BBRs for the same
Registered Address are resolved using the TID field, which forms an o
rder
of registrations.
</li>
<li>
The LLA that the 6BBR advertises for the
Registered Address on behalf of the Registered Node over the
Backbone can belong to the Registering Node; in that case, the 6BBR
(acting as a Bridging Proxy (see <xref target='bridge_proxy'/>))
bridges the unicast packets. Alternatively, the LLA can be that
of the 6BBR on the Backbone interface, in which case, the 6BBR
(acting as a Routing Proxy (see <xref target='rtr_proxy'/>))
receives the unicast packets at Layer 3 and routes over.
</li>
</ul>
<section anchor='updating'><name>Updating RFCs 6775 and 8505</name>
<t>
This specification adds the EARO as a possible option in RS, NS(DAD),
and NA messages over the backbone.
This document specifies the use of those ND messages by 6BBRs
over the backbone, at a high level in <xref target='bbrbb'/> and in more
detail in <xref target='crea'/>.
</t>
<aside>
<t>
Note: <xref target='RFC8505'/> requires
that the registration NS(EARO) contain a Source Link-Layer Address Option
(SLLAO). <xref target='RFC4862'/> requires that
the NS(DAD) be sent from the unspecified address for which there cannot be a
n
SLLAO. Consequently, an NS(DAD) cannot be confused with a registration.
</t>
</aside>
<t>
This specification allows the deployment of a 6LBR on the backbone where EDA
R and
EDAC messages coexist with classical ND.
<!--[rfced] Should 'receiving' perhaps be added to the sentence below
for clarity?
Original:
A 6BBR acting as a 6LR for the Registered Address can insert
an SLLAO in the EDAR to the 6LBR in order to avoid a Lookup back.
Perhaps:
A 6BBR acting as a 6LR for the Registered Address can insert
an SLLAO in the EDAR to the 6LBR in order to avoid receiving
a lookup back.
-->
It also adds the capability to insert IPv6 ND options in the EDAR and EDAC mess
ages. A 6BBR acting as a 6LR
for the Registered Address can insert an SLLAO in the EDAR to the 6LB
R in
order to avoid a lookup back. This enables the 6LBR to store the MAC
address associated with the Registered Address on a link and to serve as a
mapping server as described in
<xref target='I-D.thubert-6lo-unicast-lookup'/>.
</t>
<t>
This specification allows an address to be registered to more than one
6BBR. Consequently, a 6LBR that is deployed on the backbone <bcp14>MUST</bcp
14> be capable
of maintaining state for each of the 6BBRs that have registered with the sam
e
TID and same ROVR.
</t>
</section>
<section anchor='WAL'><name>Access Link</name>
<t>
The simplest MLSN topology from the Layer 3 perspective occurs
when the wireless network appears as a single-hop hub-and-spoke network as
shown in <xref target='figBackbone1'/>. The Layer 2 operation may effectively
be hub-and-spoke (e.g., Wi-Fi) or Mesh-Under, with a Layer 2 protocol
handling the complex topology.
</t>
<figure anchor='figBackbone1'><name>Access Link Use Case</name>
<artwork><![CDATA[
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
| 6LR | | 6LR | | 6LR |
+------+ +------+ +------+
(6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN)
]]></artwork></figure>
<t>
<xref target='figReg2'/> illustrates a flow where 6LN forms an IPv6
Address and registers it to a 6BBR acting as a 6LR
<xref target='RFC8505'/>. The 6BBR applies Optimistic Duplicate Address D
etection (ODAD) (see
<xref target='odad'/>) to the registered address to enable
connectivity while the message flow is still in progress.
</t>
<figure anchor='figReg2' suppress-title='false'><name>Initial Registration F
low to a 6BBR Acting as a Routing Proxy</name>
<artwork><![CDATA[
6LN(STA) 6BBR(AP) 6LBR default GW
| | | |
| LLN Access Link | IPv6 Backbone (e.g., Ethernet) |
| | | |
| RS(multicast) | | |
|---------------->| | |
| RA(PIO, Unicast)| | |
|<----------------| | |
| NS(EARO) | | |
|---------------->| | |
| | Extended DAR | |
| |--------------->| |
| | Extended DAC | |
| |<---------------| |
| | |
| | NS-DAD(EARO, multicast) |
| |--------> |
| |----------------------------------->|
| | |
| | RS(no SLLAO, for ODAD) |
| |----------------------------------->|
| | if (no fresher Binding) NS(Lookup) |
| | <----------------|
| |<-----------------------------------|
| | NA(SLLAO, not(O), EARO) |
| |----------------------------------->|
| | RA(unicast) |
| |<-----------------------------------|
| | |
| IPv6 Packets in optimistic mode |
|<---------------------------------------------------->|
| | |
| |
| NA(EARO) |<DAD timeout>
|<----------------|
| |]]></artwork>
</figure>
<t>
In this example, a 6LBR is deployed on the Backbone Link to serve the whole
subnet, and EDAR/EDAC messages are used in combination with DAD to enable
coexistence with IPv6 ND over the backbone.
</t> <t>
The RS sent initially by the 6LN (e.g., a Wi-Fi STA) is transmitted as a mul
ticast, but
since it is intercepted by the 6BBR, it is never effectively broadcast.
The multiple arrows associated to the ND messages on the Backbone denote a
real Layer 2 broadcast.
</t>
</section>
<section anchor='ROM'><name>Route-Over Mesh</name>
<t>
A more complex MLSN topology occurs when the wireless network
appears as a Layer 3 mesh network as shown in <xref target='figBackbone2'/>.
A so-called Route-Over routing protocol exposes routes between 6LRs towards
both 6LRs and 6LNs, and a 6LBR acts as the Root of the Layer 3 mesh network a
nd
proxy-registers the LLN addresses to the 6BBR.
</t>
<figure anchor='figBackbone2'><name>Route-Over Mesh Use Case</name>
<artwork><![CDATA[
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
+------+ +------+ +------+
| | |
+------+ +------+ +------+
| 6LBR | | 6LBR | | 6LBR |
+------+ +------+ +------+
(6LN) (6LR) (6LN) (6LR) (6LN) (6LR) (6LR) (6LR)(6LN)
(6LN)(6LR) (6LR) (6LN) (6LN) (6LR)(6LN) (6LR) (6LR) (6LR) (6LN)
(6LR)(6LR) (6LR) (6LR) (6LR)(6LN) (6LR) (6LR)(6LR)
(6LR) (6LR) (6LR) (6LR) (6LN)(6LR) (6LR) (6LR) (6LR) (6LR)
(6LN) (6LN)(6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN)
]]></artwork></figure>
<t>
<xref target='figReg'/> illustrates IPv6 signaling that
enables a 6LN (the Registered Node) to form a Global or a Unique Local Ad
dress and register it to the 6LBR that serves its LLN using <xref target='RFC850
5'/> and a neighboring 6LR as relay.
The 6LBR (the Registering Node) then proxies the registration <xref target='
RFC8505'/> to the 6BBR to obtain proxy-ND services from the 6BBR.
</t> <t>
The RS sent initially by the 6LN is transmitted as a multicast and contained
within 1-hop broadcast range where hopefully a 6LR is found. The 6LR is expecte
d to be already connected to the LLN and capable of reaching the 6LBR, which is
possibly multiple hops away, using unicast messages.
</t>
<figure anchor='figReg' suppress-title='false'><name>Initial Registration Fl
ow over Route-Over Mesh</name>
<artwork><![CDATA[
6LoWPAN Node 6LR 6LBR 6BBR
(mesh leaf) (mesh router) (mesh root)
| | | |
| 6LoWPAN ND |6LoWPAN ND | 6LoWPAN ND | IPv6 ND
| LLN link |Route-Over mesh|Ethernet/serial| Backbone
| | |/Internal call |
| IPv6 ND RS | | |
|-------------->| | |
|-----------> | | |
|------------------> | |
| IPv6 ND RA | | |
|<--------------| | |
| | | |
| NS(EARO) | | |
|-------------->| | |
| 6LoWPAN ND | Extended DAR | |
| |-------------->| |
| | | NS(EARO) |
| | |-------------->|
| | | (proxied) | NS-DAD
| | | |------>
| | | | (EARO)
| | | |
| | | NA(EARO) |<timeout>
| | |<--------------|
| | Extended DAC | |
| |<--------------| |
| NA(EARO) | | |
|<--------------| | |
| | | |]]>
</artwork>
</figure>
<t>
As a non-normative example of a Route-Over Mesh, the
IPv6 over the TSCH mode of IEEE 802.15.4e (6TiSCH) architecture <xref tar
get='I-D.ietf-6tisch-architecture'></xref>
suggests using the RPL <xref target='RFC6550'/> and collocating the RPL
root with a 6LBR that serves the LLN. The 6LBR is also either collocated
with or directly connected to the 6BBR over an IPv6 link.
</t>
</section>
<section anchor='Binding'><name>The Binding Table</name>
<t>
Addresses in an LLN that are reachable from the Backbone by way of the 6BBR
function must be registered to that 6BBR, using an NS(EARO) with the R flag
set <xref target='RFC8505'/>. The 6BBR answers with an NA(EARO)
and maintains a state for the registration in an abstract
Binding Table.
</t>
<t>
An entry in the Binding Table is called a "Binding".
A Binding may be in Tentative, Reachable, or Stale state.
</t>
<t>
<!--[rfced] Please confirm if these author comments have already been addressed
in the document:
1) CEP: The false positive is supposed to be prevented by the last two
sentences. This needs to be reworded somehow, because
prevention means that the false positive doesn't arise.
2) CEP: Need to check RFC 8505 and delete the list items specified there.
3) CEP: Something is wrong here.
4) CEP: Guessing that the last "different" should simply be deleted.
5) CEP: This does not belong here. It is specified later, as is proper.
In the latter case, the 6BBR maintains the list of correspondents
to which it has advertised its own MAC Address on behalf of the LLN
node.
-->
<!-- CEP: The false positive is supposed to be prevented by the last two
sentences. This needs to be reworded somehow, because
prevention means that the false positive doesn't arise. -->
The 6BBR uses a combination of <xref target='RFC8505'/> and IPv6 ND over the
Backbone to advertise the registration and avoid a duplication.
Conflicting registrations are solved by the 6BBRs and are transparent to
the
Registering Nodes.
</t>
<t>
Only one 6LN may register a given Address, but the Address may be registe
red
to multiple 6BBRs for higher availability.
<!-- CEP: But the primary/secondary distinction was described as optional. -->
</t>
<t>
<!-- CEP:Need to check RFC 8505 and delete the list items specified there.-->
Over the LLN, Binding Table management is as follows:
</t><ul>
<li> De-registrations (newer TID, same ROVR, null Lifetime) are
accepted with a status of 4 ("Removed"); the entry is deleted. </li>
<li> Newer registrations (newer TID, same ROVR, non-null Lifetime) are
accepted with a status of 0 ("Success"); the Binding is updated
with the new TID, the Registration Lifetime, and the Registering
Node. In Tentative state, the EDAC response
is held and may be overwritten; in other states, the
Registration Lifetime timer is restarted, and the entry is placed
in Reachable state. </li>
<li> Identical registrations (same TID, same ROVR) from the same
Registering Node are accepted with a status of 0 ("Success").
In Tentative state, the response is held and may be overwritten,
but the response is eventually produced, carrying
the result of the DAD process. </li>
<li> Older registrations (older TID, same ROVR) from the same
Registering Node are discarded. </li>
<!-- CEP: Something is wrong here. -->
<li> Identical and older registrations (not-newer TID, same ROVR) from
a different Registering Node are rejected with a status of 3
("Moved"); this may be rate-limited to avoid undue interference. </li
>
<!-- CEP: Guessing that the last "different" should simply be deleted. -->
<li> Any registration for the same address but with a different
ROVR is rejected with a status of 1 ("Duplicate Address").</li>
</ul>
<t>The operation of the Binding Table is specified in detail in <xref target
='crea'/>.
</t>
</section>
<section anchor='primary'><name>Primary and Secondary 6BBRs</name>
<t>
A Registering Node <bcp14>MAY</bcp14> register the same address to more than
one 6BBR,
in which case, the Registering Node uses the same EARO in all the parallel
registrations.
On the other hand, there is no provision in 6LoWPAN ND for a 6LN (acting
as Registered Node) to select its 6LBR (acting as Registering Node), so it
cannot select more than one either.
<!--[rfced] In the following text, does "but" mean "except"? That
is, are NS(DAD) and NA messages with an EARO are used to
select the primary 6BBR but are ignored otherwise?
Original:
To allow for this, NS(DAD) and NA messages with an EARO
received over the backbone that indicate an identical Binding in
another 6BBR (same Registered address, same TID, same ROVR) are
silently ignored but for the purpose of selecting the primary 6BBR for
that registration.
-->
To allow for this, NS(DAD) and NA messages with an EARO received over the
backbone that indicate an identical Binding in another 6BBR (same Registered
address, same TID, same ROVR) are silently ignored but for the purpose of
selecting the primary 6BBR for that registration.
</t>
<t>
A 6BBR may be either primary or secondary. The primary is the 6BBR
that has the highest 64-bit Extended Unique Identifier (EUI-64)
address of all the 6BBRs that share a registration for the same
Registered Address, with the same ROVR and same Transaction ID, and the
EUI-64 address is considered an unsigned 64-bit integer.
A given 6BBR can be primary for a given address and secondary for another
address, regardless of whether or not the addresses belong to the same 6
LN.
</t>
<t>
In the following sections, it is expected that an NA will be sent over the
backbone only if the node is primary or does not support the concept of
primary. More than one 6BBR claiming or defending an address generates
unwanted traffic, but there is no reachability issue since all 6BBRs provide
reachability from the Backbone to the 6LN.
</t>
<t>
<!--[rfced] Fyi, we inserted '6BBR' after 'its' in the sentence below;
if this is not correct, please let us know how you would like it
to be updated.
Original:
If a Registering Node loses connectivity to its or one of the 6BBRs
to which it registered an address, it retries the registration to the
(one or more) available 6BBR(s).
Current:
If a Registering Node loses connectivity to its 6BBR or one of the 6BBRs
to which it registered an address, it retries the registration to the
(one or more) available 6BBR(s).
-->
If a Registering Node loses connectivity to its 6BBR or one of the 6BBRs to
which
it registered an address, it retries the registration to the (one or more)
available 6BBR(s). When doing that, the Registering Node <bcp14>MUST</bcp14>
increment the
TID in order to force the migration of the state to the new 6BBR and
the reselection of the primary 6BBR if it is the node that was lost.
</t>
</section>
<section anchor='odad'><name>Using Optimistic DAD</name>
<t>
ODAD <xref target='RFC4429'></xref> specifies how an IPv6 Address can be
used before completion of
DAD. ODAD guarantees that this behavior
will not cause harm if the new address is a duplicate. </t>
<t>
Support for ODAD avoids delays in installing the Neighbor Cache Entry (NC
E)
in the 6BBRs and the default router, enabling immediate connectivity
to the Registered Node. As shown in <xref target='figReg2'/>, if the
6BBR is aware of the LLA of a router, then the
6BBR sends a Router Solicitation (RS), using the Registered Address as
the IP Source Address, to the known router(s). The RS is sent
without an SLLAO, to avoid invalidating a
preexisting NCE in the router.
</t>
<t>
Following ODAD, the router may then send a unicast RA to the Registered
Address, and it may resolve that Address using an NS(Lookup) message.
In response, the 6BBR sends an NA with an EARO and the Override flag
<xref target='RFC4861'/> that is not set.
The router can then determine the freshest EARO in case of
conflicting NA(EARO) messages, using the method described in
<xref target='RFC8505' sectionFormat="of" section="5.2.1"/>.
If the NA(EARO) is the freshest answer, the default router creates a
Binding with the SLLAO of the 6BBR (in Routing Proxy mode) or that of the
Registering Node (in Bridging Proxy mode), so traffic from/to the
Registered Address can flow immediately.
</t>
</section>
</section>
<section anchor='sn'><name>Multi-Link Subnet Considerations</name>
<t>
The Backbone and the federated LLN links are considered to be different
links in the MLSN, even if multiple LLNs are attached to
the same 6BBR. ND messages are link-scoped and are not forwarded by the
6BBR between the backbone and the LLNs, though some packets may be
reinjected in Bridging Proxy mode (see <xref target='bridge_proxy'/>).
</t>
<t>
Legacy nodes located on the backbone expect that the subnet is deployed
within a single link and that there is a common Maximum Transmission Unit
(MTU) for intra-subnet communication: the Link MTU.
They will not perform the IPv6 Path MTU Discovery <xref target='RFC8201'/>
for a destination within the subnet. For that reason, the MTU <bcp14>MUST</
bcp14> have
the same value on the Backbone and on all federated LLNs in the MLSN. As
a
consequence, the 6BBR <bcp14>MUST</bcp14> use the same MTU value in RAs over
the Backbone
and in the RAs that it transmits toward the LLN links.
</t>
</section>
<section anchor='lbr'><name>Optional 6LBR Serving the Multi-Link Subnet</name>
<t>
A 6LBR can be deployed to serve the whole MLSN. It may be attached to the
backbone, in which case it can be discovered by its capability advertisement
(see <xref target='RFC8505' sectionFormat="of" section="4.3"/>) in RA messag
es.
</t>
<t>
When a 6LBR is present, the 6BBR uses an EDAR/EDAC message
exchange with the 6LBR to check if the new registration corresponds to a dup
lication or a movement.
This is done prior to the NS(DAD) process, which may be avoided if
the 6LBR already maintains a conflicting state for the Registered Address.
</t>
<t>
If this registration is a duplicate or not the freshest, then the 6LBR
replies with an EDAC message with a status code of 1 ("Duplicate Address") o
r 3 ("Moved"), respectively.
If this registration is the freshest, then the 6LBR replies with a status
code of 0 ("Success"). In that case, if this registration is fresher than a
n existing
registration for another 6BBR, then the 6LBR also sends an asynchronous
EDAC with a status of 4 ("Removed") to the older 6BBR.
</t>
<t>
The EDAR message <bcp14>SHOULD</bcp14> carry the SLLAO used in NS messages b
y the 6BBR
for that Binding, and the EDAC message <bcp14>SHOULD</bcp14> carry the Targe
t Link-Layer
Address Option (TLLAO) associated with the currently accepted registration.
This enables a 6BBR to locate
the new position of a mobile 6LN in the case of a Routing Proxy operation
and opens the capability for the 6LBR to serve as a mapping server in the
future.
</t>
<t>
Note that if Link-Local Addresses are registered, then the scope of
uniqueness on which the address duplication is checked is the total
collection of links that the 6LBR serves, as opposed to the sole link on
which the Link-Local Address is assigned.
</t>
</section>
<section anchor='bbrbb'><name>Using IPv6 ND over the Backbone Link</name>
<t>
On the Backbone side, the 6BBR <bcp14>MUST</bcp14> join the SNMA group co
rresponding
to a Registered Address as soon as it creates a Binding for that
Address and maintain that SNMA membership as long as it maintains the
registration.
The 6BBR uses either the SNMA or plain unicast to
defend the Registered Addresses in its Binding Table over the
Backbone (as specified in <xref target='RFC4862'/>).
The 6BBR advertises and defends the Registered Addresses over the
Backbone Link using RS, NS(DAD), and NA messages with the Registered
Address as the Source or Target Address.
</t>
<t>
The 6BBR <bcp14>MUST</bcp14> place an EARO in the IPv6 ND messages that it g
enerates
on behalf of the Registered Node. Note that an NS(DAD) does not
contain an SLLAO and cannot be confused with a proxy registration such as
performed by a 6LBR.
</t>
<t>
IPv6 ND operates as follows on the backbone:
</t>
<ul>
<li>
<xref target='RFC4861' sectionFormat="of" section="7.2.8"/> specifies that a
n NA message generated as a proxy does not have the Override flag set in order t
o ensure that if the real owner is present on the link, its own NA will take pre
cedence, and this NA does not update the NCE for the real owner if one exists.
</li>
<li>
A node that receives multiple NA messages updates an existing NCE only if th
e Override flag is set; otherwise, the node will probe the cached address.
</li>
<!--[rfced] FYI - In the sentence below, we moved the RFC 4862 citation so
that it follows the text it is referencing.
Original:
When an NS(DAD) is received for a tentative address, which means
that two nodes form the same address at nearly the same time,
section 5.4.3 of [RFC4862] cannot detect which node first claimed
the address and the address is abandoned.
Current:
When an NS(DAD) is received for a tentative address, which means
that two nodes form the same address at nearly the same time,
the node that first claimed the address cannot be detected per
Section 5.4.3 of [RFC4862], and the address is abandoned.
-->
<li>
When an NS(DAD) is received for a tentative address, which means that two no
des form the same address at nearly the same time, the node that first claimed t
he address cannot be detected per <xref target='RFC4862' sectionFormat="of" sect
ion="5.4.3"/>, and the address is abandoned.
</li>
<li>
In any case, <xref target='RFC4862'/> indicates that a node never responds
to a Neighbor Solicitation for a tentative address.
</li>
</ul>
<t>
This specification adds information about proxied addresses that helps to so
rt out a duplication (different ROVR) from a movement (same ROVR, different TID)
; in the latter case, the older registration is sorted out from the fresher one
(by comparing TIDs).
</t>
<t>
When a Registering Node moves from one 6BBR to the next, the new 6BBR sends
NA messages over the backbone to update existing NCEs.
A node that supports this specification and that receives multiple NA messag
es with an EARO option and the same ROVR <bcp14>MUST</bcp14> favor the NA with t
he freshest EARO over the others.
</t>
<t>
The 6BBR <bcp14>MAY</bcp14> set the Override flag in the NA messages if it d
oes not compete
with the Registering Node for the NCE in backbone nodes. This is assured if
the Registering Node is attached via an interface that cannot be bridged
onto the backbone, making it impossible for the Registering Node to defend
its own addresses there. This may also be signaled by the Registering Node t
hrough a protocol extension that is not in scope for this specification.
</t>
<t>
When the Binding is in Tentative state, the 6BBR acts as follows:
</t>
<ul>
<li>
an NS(DAD) that indicates a duplication can still not be asserted for first
come, but the situation can be avoided using a 6LBR on the backbone that will se
rialize the order of appearance of the address and ensure first-come, first-serv
ed.
</li>
<li>
an NS or an NA that denotes an older registration for the same Registered No
de is not interpreted as a duplication as specified in Sections <xref target='RF
C4862' section="5.4.3" sectionFormat="bare"/> and <xref target='RFC4862' section
="5.4.4" sectionFormat="bare" /> of <xref target="RFC4862"/>, respectively.
</li>
</ul>
<t>
When the Binding is no longer in Tentative state, the 6BBR acts as follows:
</t>
<ul>
<li>
an NS or an NA with an EARO that denotes a duplicate registration
(different ROVR) is answered with an NA message that carries an
EARO with a status of 1 ("Duplicate Address"), unless the received
message is an NA that carries an EARO with a status of 1
("Duplicate Address").
</li>
</ul>
<t>
In any state, the 6BBR acts as follows:
</t>
<ul>
<li>
an NS or an NA with an EARO that denotes an older registration (same ROVR) i
s answered with an NA message that carries an EARO with a status of 3 ("Moved")
to ensure that the Stale state is removed rapidly.
</li>
</ul>
<t>
This behavior is specified in more detail in <xref target='crea'/>.
</t>
<t>
This specification enables proxy operation for the IPv6 ND resolution of
LLN devices, and a prefix that is used across an MLSN <bcp14>MAY</bcp14> be
advertised as on-link over the Backbone. This is done for backward
compatibility with existing IPv6 hosts by setting the L flag in the Prefix
Information Option (PIO) of RA messages <xref target='RFC4861'/>.
</t>
<t>
For movement involving a slow reattachment, the NUD procedure
defined in <xref target='RFC4861'/> may timeout too
quickly. Nodes on the backbone <bcp14>SHOULD</bcp14> support <xref targe
t='RFC7048'/>
whenever possible.
</t>
</section>
<section anchor='rtr_proxy'><name>Routing Proxy Operations</name>
<t>
A Routing Proxy provides IPv6 ND proxy functions for Global and Unique
Local Addresses between the LLN and the backbone, but not for Link-Local
addresses. It operates as an IPv6 border router and provides a full
Link-Layer isolation.
</t>
<t>
In this mode, it is not required that the MAC addresses of the 6LNs be
visible at Layer 2 over the Backbone. Thus, it is useful when the messaging
over the Backbone that is associated with wireless mobility becomes
expensive, e.g., when the Layer 2 topology is virtualized over a wide area
IP underlay.
</t>
<t>
This mode is definitely required when the LLN uses a MAC address format
that is different from that on the Backbone (e.g., EUI-64 versus EUI-48).
Since a 6LN may not be able to resolve an arbitrary destination in the
MLSN directly, a prefix that is used across a MLSN <bcp14>MUST NOT</bcp14> b
e advertised as
on-link in RA messages sent towards the LLN.
</t>
<t>
In order to maintain IP connectivity, the 6BBR installs a connected
host route to the Registered Address on the LLN interface, via the
Registering Node as identified by the source address and the SLLA
option in the NS(EARO) messages.
</t>
<t>
When operating as a Routing Proxy, the 6BBR <bcp14>MUST</bcp14> use its Laye
r 2
address on its Backbone interface in the SLLAO of the RS messages and
the TLLAO of the NA messages that it generates to advertise the
Registered Addresses.
</t>
<t>
For each Registered Address, multiple peers on the Backbone may
have resolved the Address with the 6BBR MAC address, maintaining that
mapping in their Neighbor Cache. The 6BBR <bcp14>SHOULD</bcp14> maintain
a list of
the peers on the Backbone that have associated its MAC address with
the Registered Address. If that Registered Address moves to another 6BBR,
the previous 6BBR <bcp14>SHOULD</bcp14> unicast a gratuitous NA to each s
uch peer, to supply the LLA of the new 6BBR in the TLLA option for the Address.
A 6BBR that does not maintain this list <bcp14>MAY</bcp14> multicast a
gratuitous NA message; this NA
will possibly hit all the nodes on the Backbone, whether or not
they maintain an NCE for the Registered Address.
In either case, the 6BBR <bcp14>MAY</bcp14> set the Override flag if it is k
nown that the Registered Node cannot attach to the backbone; this will avoid int
erruptions and save probing flows in the future.
</t>
<t>
If a correspondent fails to receive the gratuitous NA, it will keep
sending traffic to a 6BBR to which the node was previously registered.
Since the previous 6BBR removed its host route to the Registered Address,
it will look up the address over the backbone, resolve the address
with the LLA of the new 6BBR, and forward the packet to the correct
6BBR. The previous 6BBR <bcp14>SHOULD</bcp14> also issue a redirect mess
age
<xref target='RFC4861'/> to update the cache of the correspondent.
</t>
</section>
<section anchor='bridge_proxy'><name>Bridging Proxy Operations</name>
<t>
A Bridging Proxy provides IPv6 ND proxy functions between the LLN and the
backbone while preserving the forwarding continuity at the MAC layer.
It acts as a Layer 2 bridge for all types of unicast packets including
link-scoped, and it appears as an IPv6 Host on the Backbone.
</t>
<t>
The Bridging Proxy registers any Binding, including a Link-Local
address to the 6LBR (if present), and defends it over the backbone in IPv6
ND procedures.
</t>
<t>
To achieve this, the Bridging Proxy intercepts the IPv6 ND messages
and may reinject them on the other side, respond directly, or drop them.
For instance, an ND(Lookup) from the backbone that matches a Binding can be
responded to directly or turned into a unicast on the LLN side to let the
6LN respond.
</t>
<t>
As a Bridging Proxy, the 6BBR <bcp14>MUST</bcp14> use the Registering Nod
e's Layer 2
address in the SLLAO of the NS/RS messages and the TLLAO of the NA
messages that it generates to advertise the Registered Addresses.
The Registering Node's Layer 2 address is found in the SLLA of the
registration NS(EARO) and maintained in the Binding Table.
</t>
<t>
The MLSN prefix <bcp14>SHOULD NOT</bcp14> be advertised as on-link in RA
messages sent towards the LLN.
If a destination address is seen as on-link, then a 6LN may use NS(Lookup)
messages to resolve that address. In that case, the 6BBR <bcp14>MUST</bcp14>
either answer the NS(Lookup) message directly or reinject the message on the
backbone, as either a Layer 2 unicast or a multicast.
</t>
<t>
If the Registering Node owns the Registered Address, meaning that the Regist
ering Node is the Registered Node, then its mobility does not impact exis
ting NCEs over the Backbone.
In a network where proxy registrations are used, meaning that the Registerin
g Node acts on behalf of the Registered Node, if the Registered Node selects a n
ew Registering Node, then the existing NCEs across the Backbone pointing at the
old Registering Node must be updated.
In that case, the 6BBR <bcp14>SHOULD</bcp14> attempt to fix the existing NCE
s across the Backbone pointing at other 6BBRs using NA messages as described in
<xref target='rtr_proxy'/>.
</t>
<t>
This method can fail if the multicast message is not received; one or
more
correspondent nodes on the Backbone might maintain a stale NCE,
and packets to the Registered Address may be lost.
When this condition happens, it is eventually discovered and
resolved using NUD as
defined in <xref target='RFC4861'/>.
</t>
</section>
<section anchor='crea'><name>Creating and Maintaining a Binding</name>
<t>
Upon receiving a registration for a new Address (i.e., an NS(EARO) with
the R flag set), the 6BBR creates a Binding and operates as a 6LR accordi
ng
to <xref target='RFC8505'/>, interacting with the 6LBR if one is present.
</t>
<t>
An implementation of a Routing Proxy that creates a Binding <bcp14>MUST</bcp
14> also create an associated host route pointing to the Registering Node in the
LLN
interface from which the registration was received.
</t>
<t>
Acting as a 6BBR, the 6LR operation is modified as follows:
</t><ul>
<li>
Acting as a Bridging Proxy, the 6LR
<bcp14>MUST</bcp14> proxy-ND over the backbone for registered Link-Local
Addresses.
</li>
<li>
EDAR and EDAC messages <bcp14>SHOULD</bcp14> carry an SLLAO and a TLLAO,
respectively.
</li>
<li>
An EDAC message with a status of 9 ("6LBR Registry Saturated") is
assimilated as a status of 0 ("Success") if a following DAD process prot
ects the
address against duplication.
</li>
</ul>
<t>
This specification enables nodes on a Backbone Link to coexist along
with nodes implementing IPv6 ND <xref target='RFC4861'/> as well as other
non-normative specifications such as <xref target='I-D.bi-savi-wlan'/>.
It is possible that not all IPv6 addresses on the Backbone are registered
and known to the 6LBR, and an EDAR/EDAC exchange with the 6LBR might
succeed even for a duplicate address.
Consequently, the 6BBR still
needs to perform IPv6 ND DAD over the backbone after an EDAC with a
status code of 0 ("Success") or 9 ("6LBR Registry Saturated").
</t>
<t>
For the DAD operation, the Binding is placed in Tentative state for a
duration of TENTATIVE_DURATION (<xref target='const'/>),
and an NS(DAD) message is sent as a multicast
message over the Backbone to the SNMA associated with the registered Address
<xref target='RFC4862'/>.
The EARO from the registration <bcp14>MUST</bcp14> be placed unchanged in th
e NS(DAD)
message.
</t>
<t>
If a registration is received for an existing Binding with a non-null
Registration Lifetime and the registration is fresher (same ROVR, fresher TI
D), then the Binding is updated with the new Registration Lifetime,
TID, and possibly Registering Node. In Tentative state
(see <xref target='tent'/>), the current DAD operation continues unaltered.
In other states (see Sections <xref target='defend' format='counter'/> and <
xref target='stale' format='counter'/> ),
the Binding is placed in Reachable state for the Registration Lifetime, and
the 6BBR returns an NA(EARO) to the Registering Node with a status of 0
("Success").
</t>
<t>
Upon a registration that is identical (same ROVR, TID, and Registering
Node), the 6BBR does not alter its current state. In Reachable state, it ret
urns an NA(EARO) back to the Registering Node with a status of 0 ("Success").
A registration that is not as fresh (same ROVR, older TID) is ignored.
</t>
<t>
If a registration is received for an existing Binding and a Registration
Lifetime of 0, then the Binding is removed, and the 6BBR returns an
NA(EARO) back to the Registering Node with a status of 0 ("Success").
An implementation of a Routing Proxy that removes a binding <bcp14>MUST</bcp
14> remove the
associated host route pointing on the Registering Node.
</t>
<t>
The old 6BBR removes its Binding Table entry and notifies the Registering No
de with a status of 3 ("Moved") if a new 6BBR claims a fresher registration (sam
e ROVR, fresher TID) for the same address.
The old 6BBR <bcp14>MAY</bcp14> preserve a temporary state in order to forwa
rd packets in
flight.
<!--[rfced] Please clarify the following sentence. Is the NCE formed
when an NA message is received? If so, please let us know if the
suggested text is agreeable.
Original:
The state may for instance be a NCE formed based
on a received NA message.
Perhaps:
The state may be, for instance, an NCE that was
formed when an NA message was received.
-->
The state may be, for instance, an NCE formed based on a received NA message
. It may also be a Binding Table entry in Stale state, pointing at the new 6BBR
on the backbone or any other abstract cache entry that can be used to resolve th
e Link-Layer Address of the new 6BBR.
<!--[rfced] Please clarify the following sentence. Does the Registered
Address point to the new 688R?
Original:
The old 6BBR SHOULD also use REDIRECT messages as
specified in [RFC4861] to update the correspondents
for the Registered Address, pointing to the new 6BBR.
Perhaps:
The old 6BBR SHOULD also use REDIRECT messages as
specified in [RFC4861] to update the correspondents
for the Registered Address, which points to the new
6BBR.
-->
The old 6BBR <bcp14>SHOULD</bcp14> also use REDIRECT messages as specified i
n
<xref target='RFC4861'/> to update the correspondents for the Registered
Address, pointing to the new 6BBR.
</t>
<section anchor='tent'><name>Operations on a Binding in Tentative State</nam
e>
<t>The Tentative state covers a DAD period over the backbone during which
an address being registered is checked for duplication using the procedures
defined in <xref target='RFC4862'/>.
</t>
<t>
For a Binding in Tentative state:
</t><ul>
<li>
The Binding <bcp14>MUST</bcp14> be removed if an NA message is received o
ver the
Backbone for the Registered Address with no EARO or with an EARO that in
dicates an existing registration owned by a different Registering Node (differen
t ROVR). In that case, an NA is
sent back to the Registering Node with a status of 1
("Duplicate Address") to indicate that the binding has been rejected. Thi
s behavior might be overridden by policy, in particular
if the registration is trusted, e.g., based on the validation of the
ROVR field (see <xref target='RFC8928'/>).
</li>
<li>
The Binding <bcp14>MUST</bcp14> be removed if an NS(DAD) message is recei
ved over the
Backbone for the Registered Address with no EARO or with an EARO that ha
s a different ROVR that indicates a tentative registration by a different Regist
ering Node. In that case, an NA is
sent back to the Registering Node with a status of 1
("Duplicate Address"). This behavior might be overridden by policy, in p
articular
if the registration is trusted, e.g., based on the validation of the
ROVR field (see <xref target='RFC8928'/>).
</li>
<li>
<!--[rfced] Please confirm if a word missing after 'with a' (e.g., 'an
EARO with a that indicates'); note that there are 2 instances in
the text.
1)
Original:
The Binding MUST be removed if an NA or an NS(DAD)
message is received over the Backbone for the
Registered Address containing an EARO with a that
indicates a fresher registration ([RFC8505]) for
the same Registering Node (same ROVR).
Perhaps:
The Binding MUST be removed if an NA or an NS(DAD)
message is received over the Backbone for the
Registered Address and contains an EARO that
indicates a fresher registration [RFC8505]
for the same Registering Node (same ROVR).
2)
Original:
The Binding MUST be kept unchanged if an NA or
an NS(DAD) message is received over the Backbone
for the Registered Address containing an EARO
with a that indicates an older registration
([RFC8505]) for the same Registering Node
(same ROVR).
Perhaps:
The Binding MUST be kept unchanged if an NA or
an NS(DAD) message is received over the Backbone
for the Registered Address and contains an EARO
that indicates an older registration [RFC8505]
for the same Registering Node (same ROVR).
-->
The Binding <bcp14>MUST</bcp14> be removed if an NA or an NS(DAD) messag
e is received over the Backbone for the Registered Address containing an EARO wi
th a that indicates a fresher registration <xref target='RFC8505'/> for the same
Registering Node (same ROVR). In that case, an NA <bcp14>MUST</bcp14> be sent b
ack to the Registering Node with a status of 3 ("Moved").
</li>
<li>
The Binding <bcp14>MUST</bcp14> be kept unchanged if an NA or an NS(DAD)
message is received over the Backbone for the Registered Address containing an
EARO with a that indicates an older registration <xref target='RFC8505'/> for th
e same Registering Node (same ROVR). The message is answered with an NA that car
ries an EARO with a status of 3 ("Moved") and the Override flag not set. This be
havior might be overridden by policy, in particular if the registration is not t
rusted.
</li>
<li> Other NS(DAD) and NA messages from the Backbone are ignored.
</li>
<li> NS(Lookup) and NS(NUD) messages <bcp14>SHOULD</bcp14> be optimistica
lly answered with
an NA message containing an EARO with a status of 0
("Success") and the Override
flag not set (see <xref target='odad'/>).
If optimistic DAD is disabled, then they <bcp14>SHOULD</bcp14> be queued
to be answered
when the Binding goes to Reachable state.
</li>
</ul>
<t> When the TENTATIVE_DURATION (<xref target='const'/>) timer elapses,
the Binding is placed in
Reachable state for the Registration Lifetime, and the 6BBR returns
an NA(EARO) to the Registering Node with a status of 0 ("Success").
</t>
<t>
The 6BBR also attempts to take over any existing Binding from other
6BBRs and to update existing NCEs in backbone nodes. This is done by
sending an NA message with an EARO and the Override flag not set over
the backbone
(see Sections <xref target='rtr_proxy' format='counter'/> and <xref targ
et='bridge_proxy' format='counter'/>).
</t>
</section>
<section anchor='defend'><name>Operations on a Binding in Reachable State</n
ame>
<t>
The Reachable state covers an active registration after a successful DAD
process.
</t>
<t>
If the Registration Lifetime is of a long duration,
an implementation might be configured to reassess the availability of the
Registering Node at a lower period, using a NUD procedure as specified in
<xref target='RFC7048'/>. If the NUD procedure fails, the Binding <bcp14>SHO
ULD</bcp14> be
placed in Stale state immediately.
</t>
<t>
For a Binding in Reachable state:
</t><ul >
<li>
The Binding <bcp14>MUST</bcp14> be removed if an NA or an NS(DAD) messag
e is received
over the Backbone for the Registered Address and contains an EARO that
indicates a fresher registration <xref target='RFC8505'/> for the same
Registered Node (i.e., same ROVR but fresher TID).
A status of 4 ("Removed") is returned in an asynchronous NA(EARO) to the
Registering Node.
Based on configuration, an implementation may delay this operation by a
timer with a short setting, e.g., a few seconds to a minute, in order
to allow for a parallel registration to reach this node, in which case
the NA might be ignored.
</li>
<li> NS(DAD) and NA messages containing an EARO that indicates a
registration for the same Registered Node that is not as fresh as this
binding <bcp14>MUST</bcp14> be answered with an NA message containing an
EARO with a
status of 3 ("Moved").
</li>
<li> An NS(DAD) with no EARO or with an EARO that indicates a duplicate
registration (i.e., different ROVR) <bcp14>MUST</bcp14> be answered with
an NA message
containing an EARO with a status of 1 ("Duplicate Address") and the Over
ride flag
not set, unless the received message is an NA that carries an
EARO with a status of 1 ("Duplicate Address"), in which case the node ref
rains from answering.
</li>
<li> Other NS(DAD) and NA messages from the Backbone are ignored.
</li>
<li> NS(Lookup) and NS(NUD) messages <bcp14>SHOULD</bcp14> be answered wi
th
an NA message containing an EARO with a status of 0
("Success") and the Override
flag not set. The 6BBR <bcp14>MAY</bcp14> check whether
the Registering Node is still available using a NUD procedure over the
LLN prior to answering;
this behavior depends on the use case and is subject to configuration.
</li>
</ul>
<t> When the Registration Lifetime timer elapses, the Binding is placed i
n
Stale state for a duration of STALE_DURATION (<xref target='const'/>).
</t>
</section>
<section anchor='stale'><name>Operations on a Binding in Stale State</name>
<t>
The Stale state enables tracking of the Backbone peers that have a
NCE pointing to this 6BBR in case the Registered Address shows up later.
</t>
<t>
If the Registered Address is claimed by another 6LN on the Backbone, with an
NS(DAD) or an NA, the 6BBR does not defend the Address.
</t>
<t>
For a Binding in Stale state:
</t><ul>
<li>
The Binding <bcp14>MUST</bcp14> be removed if an NA or an NS(DAD) message
is received
over the Backbone for the Registered Address with no EARO or with
an EARO that indicates either a fresher registration for the same
Registered Node or a duplicate registration.
A status of 4 ("Removed") <bcp14>MAY</bcp14> be returned in an asynchron
ous NA(EARO) to
the Registering Node.
</li>
<li> NS(DAD) and NA messages containing an EARO that indicates a
registration for the same Registered Node that is not as fresh as this
<bcp14>MUST</bcp14> be answered with an NA message containing an EARO wi
th a
status of 3 ("Moved").
</li>
<li> If the 6BBR receives an NS(Lookup) or an NS(NUD) message for the
Registered Address, the 6BBR <bcp14>MUST</bcp14> attempt a NUD procedure
as specified
in <xref target='RFC7048'/> to the Registering Node, targeting
the Registered Address, prior to answering. If the NUD procedure
succeeds, the operation in Reachable state applies. If the NUD fails,
the 6BBR refrains from answering. </li>
<li> Other NS(DAD) and NA messages from the Backbone are ignored.
</li>
</ul>
<t> When the STALE_DURATION (<xref target='const'/>) timer elapses, the
Binding <bcp14>MUST</bcp14> be removed.
</t>
</section>
</section>
<section anchor='lln_proxy'><name>Registering Node Considerations</name>
<t>
A Registering Node <bcp14>MUST</bcp14> implement <xref target='RFC8505'/>
in order to
interact with a 6BBR (which acts as a Routing Registrar). Following
<xref target='RFC8505'/>, the Registering Node signals that it requires IPv6
proxy-ND services from a 6BBR by registering the corresponding IPv6 Address
using an NS(EARO) message with the R flag set.
</t>
<t>
The Registering Node may be the 6LN owning the IPv6 Address or a 6LBR tha
t
performs the registration on its behalf in a Route-Over mesh.
</t>
<t>
A 6LN <bcp14>MUST</bcp14> register all of its IPv6 Addresses to its 6LR,
which is the 6BBR when they are connected at Layer 2. Failure to register an
address may result in the address being unreachable by other parties. Thi
s
would happen, for instance, if the 6BBR propagates the NS(Lookup) from the b
ackbone only to the LLN nodes that do not register their addresses.
</t>
<t>
The Registering Node <bcp14>MUST</bcp14> refrain from using multicast NS(Loo
kup) when the
destination is not known as on-link, e.g., if the prefix is advertised
in a PIO with the L flag not set. In that case, the Registering
Node sends its packets directly to its 6LR.
</t>
<t>
The Registering Node <bcp14>SHOULD</bcp14> also follow <xref target='RFC7
772'>BCP 202</xref> in order to
limit the use of multicast RAs. It <bcp14>SHOULD</bcp14> also implement
"Simple Procedures for Detecting Network Attachment
in IPv6" <xref target='RFC6059'></xref> (DNA procedures) to detect movements
and
support
"Packet-Loss Resiliency for Router Solicitations" <xref target='RFC7559'>
</xref> in order to
improve reliability for the unicast RS messages.
</t>
</section>
<section anchor='sec'><name>Security Considerations</name>
<t>
The procedures in this document modify the mechanisms used for IPv6 ND
and DAD and should not affect other aspects of IPv6 or
higher-level-protocol operation. As such, the main classes of attacks
that are in play are those that work to block Neighbor Discovery or to
forcibly claim an address that another node is attempting to use. In the
absence of cryptographic protection at higher layers, the latter class of
attacks can have significant consequences, with the attacker being able
to read all the "stolen" traffic that was directed to the target of the
attack.
</t>
<t>
This specification applies to LLNs and a backbone in which the individual
links are protected against rogue access on the LLN by authenticating a node th
at attaches to the network and encrypting the transmissions at the MAC layer and
on the backbone side, using the physical security and access control measures t
hat are typically applied there; thus, packets may neither be forged nor overhea
rd.
</t>
<t>
In particular, the LLN MAC is required to provide secure unicast to/from
the
Backbone Router and secure broadcast from the routers
in a way that prevents tampering with or replaying the ND messages.
</t>
<t>
For the IPv6 ND operation over the backbone, and unless the classical ND
is disabled (e.g., by configuration), the classical ND messages are
interpreted as emitted by the address owner and have precedence over the
6BBR that is only a proxy.
</t>
<t>
As a result, the security threats that are
detailed in <xref target='RFC4861' sectionFormat="of" section="11.1"/> fully
apply to this
specification as well. In short:
</t>
<ul>
<li>
Any node that can send a packet on the backbone can take over any address,
including addresses of LLN nodes, by
claiming it with an NA message and the Override bit set. This means that the
real owner will stop receiving its packets.
</li>
<li>
Any node that can send a packet on the backbone can forge traffic and
pretend it is issued from an address that it does not own, even if it did
not claim the address using ND.
</li>
<li>
Any node that can send a packet on the backbone can present itself as a
preferred router to intercept all traffic outgoing on the subnet. It may eve
n
expose a prefix on the subnet as "not-on-link" and intercept all the traffic
within the subnet.
</li>
<li>If the rogue can receive a packet from the backbone, it can also snoop
all the intercepted traffic, by stealing an address or the role of a
router.
</li>
</ul>
<t>
This means that any rogue access to the backbone must be prevented
at all times, and nodes that are attached to the backbone must be fully
trusted / never compromised.
</t>
<t>
Using address registration as the sole ND mechanism on a link and coupling
it with <xref target='RFC8928'/> guarantees the ownership of a registered ad
dress within that link.
</t>
<ul>
<li>
The protection is based on a proof of ownership encoded in the ROVR field, a
nd it protects against address theft and impersonation by a 6LN, because the 6LR
can challenge the Registered Node for a proof of ownership.
</li>
<li>
The protection extends to the full LLN in the case of an LLN link, but it do
es not extend over the backbone since the 6BBR cannot provide the proof of owner
ship
when it defends the address.
</li>
</ul>
<t>
A possible attack over the backbone can be done by sending an NS with
an EARO and expecting the NA(EARO) back to contain the TID and ROVR
fields of the existing state. With that information, the attacker can
easily increase the TID and take over the Binding.
</t>
<t>
If the classical ND is disabled on the backbone and the use of <xref target=
'RFC8928'/> and a 6LBR are mandated, the network will benefit from
the following new advantages:
</t>
<dl>
<dt>Zero-trust security for ND flows within the whole subnet:</dt>
<dd>
the increased security that <xref target='RFC8928'/> provides on the LLN wil
l also apply to the backbone; it becomes impossible for an attached node to clai
m an address that belongs to another node using ND, and the network can filter p
ackets that are not originated by the owner of the source address (Source Addres
s Validation Improvement (SAVI)), as long as the routers are known and trusted.
</dd>
<dt>Remote ND DoS attack avoidance:</dt>
<dd>the complete list of addresses in the network will be known to the 6LBR
and available to the default router; with that information, the router does not
need to send a multicast NA(Lookup) in case of a Neighbor Cache miss for an inco
ming packet, which is a source of remote DoS attack against the network.
</dd>
<dt>Less IPv6 ND-related multicast on the backbone:</dt>
<dd>
DAD and NS(Lookup) become unicast queries to the 6LBR.
</dd>
<dt>Better DAD operation on wireless:</dt>
<dd>
DAD has been found to fail to detect duplications on large Wi-Fi infrastruct
ures due to the unreliable broadcast operation on wireless; using a 6LBR enables
a unicast lookup.
</dd>
<dt>Less Layer 2 churn on the backbone:</dt>
<dd>
Using the Routing Proxy approach, the Link-Layer address of the LLN devices
and their mobility are not visible in the backbone; only the Link-Layer addresse
s of the 6BBR and backbone nodes are visible at Layer 2 on the backbone. This is
mandatory for LLNs that cannot be bridged on the backbone and useful in any cas
e to scale down, stabilize the forwarding tables at Layer 2, and avoid the gratu
itous frames that are typically broadcasted to fix the transparent bridging tabl
es when a wireless node roams from an AP to the next.
</dd>
</dl>
<t>
This specification introduces a 6BBR that is a router on the path of the LLN
traffic and a 6LBR that is used for the lookup. They could be interesting
targets for an attacker. A compromised 6BBR can accept a registration but
block the traffic or refrain from proxying. A compromised 6LBR may
unduly accept the transfer of ownership of an address or block a newcomer by
faking that its address is a duplicate. But those attacks are possible
in a classical network from a compromised default router and a DHCP
server, respectively, and can be prevented using the same methods.
</t>
<t>
A possible attack over the LLN can still be done by compromising a 6LR.
A compromised 6LR may modify the ROVR of EDAR messages in flight and transfe
r
the ownership of the Registered Address to itself or a tier. It may also cla
im
that a ROVR was validated when it really wasn't and reattribute an address
to itself or to an attached 6LN. This means that 6LRs, as well as 6LBRs and
6BBRS, must still be fully trusted / never compromised.
</t>
<t>
This specification mandates checking on the 6LBR on the backbone before doin
g
the classical DAD, in case the address already exists. This may delay the DA
D
operation and should be protected by a short timer, in the order of 100 ms o
r
less, which will only represent a small extra delay versus the 1 s wait of t
he
DAD operation.
</t>
</section>
<section anchor='const'><name>Protocol Constants</name>
<t>
This specification uses the following constants:
</t><dl>
<dt>TENTATIVE_DURATION:</dt><dd>800 milliseconds</dd>
</dl>
<t>
In LLNs with long-lived Addresses such as Low-Power WAN (LPWANs), STALE_D
URATION
<bcp14>SHOULD</bcp14> be configured with a relatively long value to cover
an interval when the address may be reused and before it is safe to expect that
the address was definitively released. A good default value is 24 hours.
In LLNs where addresses are renewed rapidly, e.g., for privacy reasons,
STALE_DURATION <bcp14>SHOULD</bcp14> be configured with a relatively shor
ter value -- 5 minutes by default.
</t>
</section>
<section><name>IANA Considerations</name>
<t> This document has no IANA actions.</t>
</section>
</middle>
<back>
<displayreference target="I-D.yourtchenko-6man-dad-issues" to="DAD-ISSUES"/>
<displayreference target="I-D.nordmark-6man-dad-approaches" to="DAD-APPROACHES"/
>
<displayreference target="I-D.ietf-6man-rs-refresh" to="RS-REFRESH"/>
<displayreference target="I-D.ietf-mboned-ieee802-mcast-problems" to="MCAST-PROB
LEMS"/>
<displayreference target="I-D.bi-savi-wlan" to="SAVI-WLAN"/>
<displayreference target="I-D.thubert-6lo-unicast-lookup" to="UNICAST-LOOKUP"/>
<displayreference target="I-D.ietf-6tisch-architecture" to="TISCH-ARCHITECTURE"/
>
<references><name>Normative References</name>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.2119.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4291.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4429.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4861.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4862.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6059.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6775.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.7048.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.7559.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.7772.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8174.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8200.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8201.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8505.xml'/>
</references>
<references><name>Informative References</name>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4389.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.4903.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.5415.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.5568.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6606.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6275.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6550.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.6830.xml'/>
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refere
nce.RFC.8273.xml'/>
<!--[I-D.yourtchenko-6man-dad-issues]; IESG state - Expired -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refer
ence.I-D.yourtchenko-6man-dad-issues.xml'/>
<!--[I-D.nordmark-6man-dad-approaches]; IESG state - Expired -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refer
ence.I-D.nordmark-6man-dad-approaches.xml'/>
<!--[I-D.ietf-6man-rs-refresh]; IESG state - Expired -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refer
ence.I-D.ietf-6man-rs-refresh.xml'/>
<!--[I-D.ietf-6lo-ap-nd] in EDIT state; C310 companion document-->
<!--Note: per updates to the companion doc's title, capped "Power" and added a h
yphen-->
<reference anchor='RFC8928' target='https://www.rfc-editor.org/info/rfc8928'>
<front>
<title>Address-Protected Neighbor Discovery for Low-Power and Lossy Networks</ti
tle>
<author initials='P' surname='Thubert' fullname='Pascal Thubert' role='editor'>
<organization />
</author>
<author initials='B' surname='Sarikaya' fullname='Behcet Sarikaya'>
<organization />
</author>
<author initials='M' surname='Sethi' fullname='Mohit Sethi'>
<organization />
</author>
<author initials='R' surname='Struik' fullname='Rene Struik'>
<organization />
</author>
<date month='October' year='2020' />
</front>
<seriesInfo name="RFC" value="8928"/>
<seriesInfo name="DOI" value="10.17487/RFC8928"/>
</reference>
<!--[I-D.ietf-6tisch-architecture] in MISSREF state as of 04/08/20 -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refer
ence.I-D.ietf-6tisch-architecture.xml'/>
<!-- [rfced] [I-D.ietf-mboned-ieee802-mcast-problems] IESG state IESG Ev
aluation::Revised I-D Needed -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refer
ence.I-D.ietf-mboned-ieee802-mcast-problems.xml'/>
<!-- [rfced] [I-D.bi-savi-wlan] IESG state I-D Exists -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refe
rence.I-D.bi-savi-wlan.xml'/>
<!-- [rfced] [I-D.thubert-6lo-unicast-lookup] IESG state Expired -->
<xi:include href='https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/refer
ence.I-D.thubert-6lo-unicast-lookup.xml'/>
<!--[rfced] There are several IEEE Std 802.1 documents, and we are
unable to locate the specific document outlined below. Please
provide the standard number and URL for the document you would
like to cite, so we can review the title and include a link/DOI.
Original:
[IEEEstd8021]
IEEE standard for Information Technology, "IEEE Standard
for Information technology - Telecommunications and
information exchange between systems Local and
metropolitan area networks Part 1: Bridging and
Architecture".
-->
<!-- [IEEEstd8021]-->
<reference anchor='IEEEstd8021'>
<front>
<title>
IEEE Standard for Information technology -- Telecommunications
and information exchange between systems Local and metropolitan
area networks Part 1: Bridging and Architecture
</title>
<author>
<organization>IEEE</organization>
</author>
</front>
<refcontent>IEEE Std 802.1</refcontent>
</reference>
<!--[IEEEstd80211] URL https://ieeexplore.ieee.org/document/7786995 -->
<reference anchor='IEEEstd80211' target='https://ieeexplore.ieee.org/document/77
86995'>
<front>
<title>IEEE Standard for Information technology--Telecommunications and inform
ation exchange between systems Local and metropolitan area networks--Specific re
quirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Laye
r (PHY) Specifications</title>
<author>
<organization>IEEE</organization>
</author>
<date month='December' year='2016' />
</front>
<seriesInfo name='IEEE' value='802.11-2012' />
<seriesInfo name='DOI' value='10.1109/ieeestd.2016.7786995' />
</reference>
<!-- [IEEEstd802151] URL https://ieeexplore.ieee.org/document/1490827 -->
<reference anchor='IEEEstd802151' target='https://ieeexplore.ieee.org/document/1
490827'>
<front>
<title>IEEE Standard for Information technology--Local and metropolitan area n
etworks--Specific requirements--Part 15.1a: Wireless Medium Access Control (MAC)
and Physical Layer (PHY) specifications for Wireless Personal Area Networks (WP
AN)</title>
<author>
<organization>IEEE</organization>
</author>
<date month='June' year='2005' />
<abstract><t>Methods for communicating devices in a personal area network (PAN
) are covered in this standard.</t>
</abstract>
</front>
<seriesInfo name='IEEE' value='802.15.1-2005' />
<seriesInfo name='DOI' value='10.1109/ieeestd.2005.96290' />
</reference>
<!-- [IEEEstd802154] URL https://ieeexplore.ieee.org/document/6012487 -->
<reference anchor='IEEEstd802154' target='https://ieeexplore.ieee.org/document/6
012487'>
<front>
<title>IEEE Standard for Local and metropolitan area networks--Part 15.4: Low-R
ate Wireless Personal Area Networks (LR-WPANs)</title>
<author>
<organization>IEEE</organization>
</author>
<date month='September' year='2011' />
</front>
<seriesInfo name='IEEE' value='802.15.4-2011' />
<seriesInfo name='DOI' value='10.1109/ieeestd.2011.6012487'/>
</reference>
</references>
<section><name>Possible Future Extensions</name>
<t>
With the current specification, the 6LBR is not leveraged to avoid
multicast NS(Lookup) on the Backbone. This could be done by adding
a lookup procedure in the EDAR/EDAC exchange.
</t>
<t>
By default, the specification does not have a fine-grained trust model: all
nodes that can authenticate to the LLN MAC or attach to the backbone are equally
trusted. It would be desirable to provide a stronger authorization model, e.g.
, whereby
nodes that associate their address with a proof of ownership
<xref target='RFC8928'/> should be trusted more than nodes that
do not. Such a trust model and related signaling could be added in the
future to override the default operation and favor trusted nodes.
</t>
<t>
<!--[rfced] We updated the list of routing protocols for clarity (by
removing 2 instances of "or" and adding one instnace of
"over"). Please confirm if this retains the intended meaning or
if you prefer otherwise.
Original:
Future documents may extend this specification by allowing the 6BBR
to redistribute Host routes in routing protocols that would operate
over the Backbone, or in MIPv6 [RFC6275], or FMIP [RFC5568], or the
Locator/ID Separation Protocol (LISP) [RFC6830] to support mobility
on behalf of the 6LNs, etc...
Current:
Future documents may extend this specification by allowing the 6BBR
to redistribute host routes in routing protocols that would operate
over the Backbone, in MIPv6 [RFC6275], in Fast Handovers for Mobile
IP (FMIP) [RFC5568], or over the Locator/ID Separation Protocol (LISP)
[RFC6830] to support mobility on behalf of the 6LNs, etc.
-->
Future documents may extend this specification by allowing the
6BBR to redistribute host routes in routing protocols that would
operate over the Backbone, in MIPv6 <xref target='RFC6275'/>, in Fast Han
dovers for Mobile IP (FMIP) <xref target='RFC5568'/>, or over the
Locator/ID Separation Protocol (LISP) <xref target='RFC6830'></xref>
to support mobility on behalf of the 6LNs, etc.
LISP may also be used to provide an equivalent to the EDAR/EDAC exchange
using a Map Server / Map Resolver as a replacement to the 6LBR.
</t>
</section>
<section anchor='app'><name>Applicability and Requirements Served</name>
<t>
This document specifies proxy-ND functions that can be used to
federate an IPv6 Backbone Link and multiple IPv6 LLNs into a
single MLSN. The proxy-ND functions enable IPv6 ND
services for DAD and address lookup
that do not require broadcasts over the LLNs.
</t>
<t>
The term LLN is used to cover multiple types of WLANs and WPANs,
including (Low-Power) Wi-Fi, BLUETOOTH(R) Low Energy,
IEEE Std 802.11ah and IEEE Std 802.15.4 wireless meshes, and the
types of networks listed in "Requirements Related to Various Low-Power Li
nk Types"
(see <xref target='RFC8505' sectionFormat="of" section="B.3"/>).
</t>
<t>
<!--[rfced] Please clarify if "IPv6 Backbone Router (6BBR)" is correct
or if the intended meaning is "6LoWPAN Backbone Router
(6BBR)". If the latter, since 6BBR has already been expanded
earlier in the document, may we update the text to be "Each LLN
in the subnet is attached to a 6BBR"?
Original:
Each LLN in the subnet is attached to an IPv6 Backbone Router (6BBR).
Perhaps:
Each LLN in the subnet is attached to a 6BBR.
-->
Each LLN in the subnet is attached to an IPv6 Backbone Router (6BBR).
The Backbone Routers interconnect the LLNs and advertise the Addresses
of the 6LNs over the Backbone Link using proxy-ND operations.
</t>
<t>
This specification updates IPv6 ND over the Backbone to
distinguish Address movement from duplication and eliminate Stale
state in the Backbone routers and Backbone nodes once a 6LN has
roamed. This way, mobile nodes may roam rapidly from
one 6BBR to the next, and requirements are met per "Requirements Related
to Mobility" (see
<xref target='RFC8505' sectionFormat="of" section="B.1"/>).
</t>
<t>
A 6LN can register its IPv6 Addresses and thereby obtain proxy-ND
services over the Backbone, meeting the requirements
expressed in "Requirements Related to Proxy Operations" (see <xref target
='RFC8505' sectionFormat="of" section="B.4"/>.
</t>
<t>
<!-- CEP: This does not belong here. It is specified later, as is proper.
In the latter case, the 6BBR maintains the list of correspondents
to which it has advertised its own MAC Address on behalf of the LLN
node.
-->
The negative impact of the IPv6 ND-related broadcasts can be limited to o
ne of the federated links, enabling the number of 6LNs to grow. The Routing Prox
y operation avoids the need to expose the MAC addresses of the 6LNs onto the bac
kbone, keeping the Layer 2 topology simple and stable. This meets the requireme
nts in "Requirements Related to Scalability" (see <xref target='RFC8505' section
Format="of" section="B.6"/>), as long as the 6BBRs are dimensioned for the numbe
r of registrations that each needs to support.
</t>
<t>
In the case of a Wi-Fi access link, a 6BBR may be collocated
with the AP, a Fabric Edge (FE), or a Control and Provisioning of Wireles
s Access Points (CAPWAP)
<xref target='RFC5415'/> Wireless LAN Controller (WLC).
In those cases, the wireless client (STA) is the 6LN
that makes use of <xref target='RFC8505'/> to register its IPv6
Address(es) to the 6BBR acting as the Routing Registrar. The 6LBR can be
centralized and either connected to the Backbone Link or reachable
over IP.
The 6BBR proxy-ND operations eliminate the need for wireless nodes
to respond synchronously when a lookup is performed for their IPv6
Addresses. This provides the function of a Sleep Proxy for ND
<xref target='I-D.nordmark-6man-dad-approaches'/>.
</t>
<t>
For the Time-Slotted Channel Hopping (TSCH) mode of
<xref target='IEEEstd802154'/>, the
6TiSCH architecture <xref target='I-D.ietf-6tisch-architecture'></xref>
describes how a 6LoWPAN ND host could connect to the Internet via a
RPL mesh network, but doing so requires extensions to the 6LOWPAN ND
protocol to support mobility and reachability in a secure and
manageable environment. The extensions detailed in this document
also work for the 6TiSCH architecture, serving the requirements listed
in "Requirements Related to Routing Protocols" (see <xref target='RFC8505
' sectionFormat="of" section="B.2"/>).
</t>
<t>
The registration mechanism may be seen as a more reliable alternate to
snooping <xref target='I-D.bi-savi-wlan'/>. Note that
registration and snooping are not mutually exclusive. Snooping may be used i
n
conjunction with the registration for nodes that do not register their IPv6
Addresses.
The 6BBR assumes that if a node registers at least one IPv6 Address to it,
then the node registers all of its Addresses to the 6BBR.
With this assumption, the 6BBR can possibly cancel all undesirable multicast
NS messages that would otherwise have been delivered to that node.
</t>
<t>
Scalability of the MLSN <xref target='RFC4903'/> requires
avoidance of multicast/broadcast operations as much as possible even on
the Backbone <xref target='I-D.ietf-mboned-ieee802-mcast-problems'/>.
Although hosts can connect to the Backbone using IPv6 ND operations,
multicast RAs can be saved by using
<xref target='I-D.ietf-6man-rs-refresh'/>, which also requires the
support of <xref target='RFC7559'/>.
</t>
</section>
<section anchor="acknowledgements" numbered="false" toc="default"><name>Acknowle
dgments</name>
<t>Many thanks to <contact fullname="Dorothy Stanley"/>, <contact fullname="
Thomas Watteyne"/>, and <contact fullname="Jerome Henry"/> for their various con
tributions.
Also, many thanks to <contact fullname="Timothy Winters"/> and <contact full
name="Erik Nordmark"/> for their help, review, and support in preparation for th
e IESG cycle and to <contact fullname="Kyle Rose"/>, <contact fullname="Elwyn Da
vies"/>, <contact fullname="Barry Leiba"/>, <contact fullname="Mirja Kuehlewind"
/>, <contact fullname="Alvaro Retana"/>, <contact fullname="Roman Danyliw"/>, an
d especially <contact fullname="Dominique Barthel"/> and <contact fullname="Benj
amin Kaduk"/> for their useful contributions through the IETF Last Call and IESG
process.
</t>
</section>
</back>
<!-- [rfced] Throughout the text, the following terminology appears to be used
inconsistently. Please review these occurrences and let us know if/how they
may be made consistent.
Address vs. address (when used in general)
Some examples:
ensure that the Address is not
register a given Address, but the Address
resolve that Address using
for a tentative address
form the same address
the address is abandoned
[Note: we recommend using the lowercase version when 'address'
is not a part of a term]
Fyi, note that we updated these terms to reflect lowercase 'address':
address lookup (per use in other RFCs)
EUI-64 address (per use in RFC 8505)
Layer 2 address (per use in other RFCs and the companion document)
MAC address (per use in RFC 8505)
...
Link vs. link (when used in general)
Some examples:
Each Link in the
each Link providing
on a Link and to
within a single link
mechanism on a link
is present on the link
[Note: we recommend using the lowercase version when 'link'
is not a part of a term.]
...
Backbone vs. backbone (and related terms)
We see Backbone Routers and Backbone routers
Backbone and backbone when alone in text (no router or link following)
-->
<!--[rfced] Please note that we made the use of status codes uniform
using "status code of # ("name of code")" format. We tried to
make the names uniform and insert the names where they were
missing. Please review these updates as well as if the names
should be double marked (using parentheses and double quotes).-->
</rfc>
 End of changes. 1 change blocks. 
lines changed or deleted lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/