[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-hudson-ayers) 00

INTERNET-DRAFT                                              Hudson Ayers
Intended Status: Informational                                Paul Crews
Expires: December 31, 2018                                    Hubert Teo
                                                           Conor McAvity
                                                               Amit Levy
                                                            Philip Levis
                                                     Stanford University
                                                           June 29, 2018


        Design Considerations For Low Power Internet Protocols
                    draft-ayers-low-power-interop-00


Abstract

   This document discusses guidelines for specifying low-power Internet
   protocols in order to improve implementation interoperability. These
   guidelines are based around the importance of balancing memory usage
   and energy efficiency, and the importance of not relying on Postel's
   law when dealing with low resource devices. This document applies
   these guidelines to the IPv6 over low-power wireless personal area
   networks (6LoWPAN) Internet Standard, suggesting changes that would
   make it more likely for implementations to interoperate.


Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on <Expiry Date>



Hudson Ayers           Expires December 31, 2018                [Page 1]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


Copyright and License Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Table of Contents

   1  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1  Terminology . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  6LoWPAN Interoperability Study . . . . . . . . . . . . . . . .  4
     2.1  Incomplete Implementations  . . . . . . . . . . . . . . . .  5
     2.2  Unrealistic Bounds  . . . . . . . . . . . . . . . . . . . .  6
       2.2.1 Maximum Header Decompression . . . . . . . . . . . . . .  6
       2.2.2 Arbitrary Next Header Compression  . . . . . . . . . . .  6
     2.3  No Pairing Interoperates  . . . . . . . . . . . . . . . . .  7
   3  Implementation Concerns . . . . . . . . . . . . . . . . . . . .  9
     3.1  Processor Resources . . . . . . . . . . . . . . . . . . . .  9
   5 Contributing Factors . . . . . . . . . . . . . . . . . . . . . . 11
   6 Design Guidelines  . . . . . . . . . . . . . . . . . . . . . . . 11
     6.1 Guideline 1: Capability Spectrum . . . . . . . . . . . . . . 11
       6.1.1 Guideline 1 Application to 6LoWPAN . . . . . . . . . . . 12
     6.2 Guideline 2: Capability Discovery  . . . . . . . . . . . . . 13
       6.2.1 Guideline 2 Application to 6LoWPAN . . . . . . . . . . . 13
     6.3 Guideline 3: Provide Reasonable Bounds . . . . . . . . . . . 14
       6.3.1 Guideline 3 Application to 6LoWPAN . . . . . . . . . . . 14
     6.4 Guideline 4: Don't Break Layering  . . . . . . . . . . . . . 15
       6.4.1 Guideline 4 Application to 6LoWPAN . . . . . . . . . . . 16
   7  Security Considerations . . . . . . . . . . . . . . . . . . . . 18
   8  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 18
   9  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 18
     9.1  Normative References  . . . . . . . . . . . . . . . . . . . 18
     9.2  Informative References  . . . . . . . . . . . . . . . . . . 19
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20






Hudson Ayers           Expires December 31, 2018                [Page 2]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


1  Introduction

   Interoperability is critical for the Internet. Not only do edge-
   devices need to interoperate with the broader Internet, they should
   also interoperate with other devices in the same network.
   Historically, though, embedded systems and sensor networks have been
   vertical silos of proprietary technologies, each using custom network
   protocols and homogeneous implementations. Networks typically require
   specialized gateways and cannot easily include devices from different
   vendors for a variety of applications.

   Interoperability is just as important in the Internet of Things, but
   end hosts in the Internet of Things are less resourceful, more
   diverse in capability, and less well audited than typical Internet
   end hosts. Using IP allows devices from different manufacturers,
   running completely different software stacks, to interoperate, share
   services, and compose into larger, more complex applications. This
   interoperability should exist not only between IoT devices
   communicating with hosts across the broader Internet, but also
   between IoT devices in the same low power wireless network. The
   presence of such interoperability precludes the need for multiple
   gateways to support different devices, simplifies network management,
   and allows for efficient, logical communication between nearby
   devices.

   To address this problem, the IETF published a series of RFCs
   detailing a standard format for transmitting IPv6 packets over low-
   power wireless link layers such as IEEE 802.15.4 {RFC 4919][RFC
   4944][RFC 6282][RFC 6775]. The 6LoWPAN RFCs define a fragmentation
   format, a compression format, and more. These 6LoWPAN standards have
   been adopted by a number of popular embedded operating systems,
   including Contiki {CONTIKI], RiotOS {RIOT], OpenThread [OPENTHREAD],
   mbedOS [ARM], and TinyOS [TINYOS].

   Unfortunately, none of these implementations are complete. Each
   implementation supports different subsets of 6LoWPAN. As a result,
   devices built using different embedded operating systems cannot
   interoperate. In fact, for every possible pairing, one implementation
   is likely to transmit 6LoWPAN packets which the other cannot process.

   This paper explores the reasons behind the lack of interoperability
   in practice, and argues that this results from the protocol too
   heavily prioritizing radio efficiency over processor resources, and
   failing to consider the broad range of devices which embedded
   operating systems will attempt to support. This document proposes
   four guidelines for designing interoperable protocols for low-power
   wireless networks, and explain them through an example application to
   two 6LoWPAN standards - RFC 4944 and RFC 6282. These guidelines are



Hudson Ayers           Expires December 31, 2018                [Page 3]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   informed by an empirical analysis of existing 6LoWPAN implementations
   as well as experience implementing a full 6LoWPAN stack for the Tock
   operating system [TOCK].

1.1  Terminology

   Readers are expected to be familiar with all terms and concepts
   discussed in "IPv6 over Low-Power Wireless Personal Area Networks
   (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals",
   "Transmission of IPv6 Packets over IEEE 802.15.4 Networks",
   "Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based
   Networks".

   Readers would benefit from reading 6LoWPAN Neighbor Discovery (ND),
   6LoWPAN routing requirements, and 6LoWPAN design/application spaces
   for additional details of 6LoWPAN work.


2.  6LoWPAN Interoperability Study

   The IETF's 6LoWPAN working group has been concerned with
   interoperability between implementation since inception [6LO-CHART].
   Indeed, members of the working group have organized ``Plugtests'',
   where vendors verified correct implementation of the 6LowPAN
   specifications and tested interoperability with other vendors.
   Unfortunately, detailed results of these plugtests are not publicly
   available.

   A node sending IPv6 packets using 6LoWPAN may fragment the packet or
   compress headers in a large number of ways permitted by the
   specification. These choices depend both on the properties of the
   packet (e.g. whether it is a UDP packet or if the origin and
   destinations are in the same subnet) as well as on which compression
   and fragmentation options the sender chooses to use. For two nodes to
   interoperate, the 6LoWPAN implementation on each node must be able to
   receive any packet the other node might send.

   This document investigates the interoperability of 6LoWPAN
   implementations from five common embedded software platforms: Riot
   OS, Contiki, OpenThread, TinyOS, and ARM Mbed. This study is
   concerned, specifically, with each implementation's ability to
   receive and decode 6LoWPAN packets sent from other implementations.
   This document does not explore whether devices built using these
   implementations could form a network in the first place, since
   6LoWPAN leaves much of the network formation process (e.g. discovery
   and joining) unspecified.

   The compatibility analysis in this document, between five common



Hudson Ayers           Expires December 31, 2018                [Page 4]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   embedded software frameworks with 6LoWPAN implementations, is based
   in three discoveries. First, a determination of how completely each
   implementation implements the 6LoWPAN specification was obtained by
   directly examining their source code. Second, this code analysis was
   extended to verify that under some circumstances, each implementation
   sends packets using compression or fragmentation options which
   another implementation cannot decode. Finally, it was discovered that
   even in cases where two implementations use compatible compression
   and fragmentation options, different implementation choices, such as
   header decompression bounds, limit their interoperability.

   As a result, no pairing of these five implementations is fully
   interoperable.

2.1  Incomplete Implementations

   The 6LoWPAN protocol consists of a large number of complex and mostly
   independent features which use the link-layer frame efficiently  via
   compression and fragmentation optimizations. Examining the code and
   documentation for each of the aforementioned 6LoWPAN stacks reveals
   that the stacks do not uniformly implement the specification. In
   fact, each specification implements a different subset of the
   requirements in the 6LoWPAN specification, and none implements the
   entire specification to the letter.  A visualization of the
   mismatched feature support across different 6LoWPAN implementations
   can be found in Table 1. Note that OT is an abbreviation used
   throughout this document to refer to OpenThread.

   +----------------------------------------+-------+--+----+---+------+
   |                 Feature                |          Stack           |
   +----------------------------------------+-------+--+----+---+------+
   |                                        |Contiki|OT|Riot|Arm|TinyOS|
   +----------------------------------------+-------+--+----+---+------+
   | Uncompressed IPv6                      |   o   |  | o  | o |  o   |
   | 6LoWPAN Fragmentation                  |   o   |o | o  | o |  o   |
   | 1280 byte packets                      |   o   |o | o  | o |  o   |
   | Dispatch_IPHC header prefix            |   o   |o | o  | o |  o   |
   | IPv6 Stateless Address Compression     |   o   |o | o  | o |  o   |
   | Stateless multicast address compression|   o   |o | o  | o |  o   |
   | 802.15.4 16 bit short address support  |       |o | o  | o |  o   |
   | IPv6 Address Autoconfiguration         |   o   |o | o  | o |  o   |
   | IPv6 Stateful Address Compression      |   o   |o | o  | o |  o   |
   | Stateful multicast address compression |       |o | o  | o |      |
   | IPv6 TC and Flow label compression     |   o   |o | o  | o |  o   |
   | IPv6 NH Compression: Tunneled IPv6     |       |o |    | o |  o   |
   | IPv6 NH Compression: UDP               |   o   |o | o  | o |  o   |
   | UDP port compression                   |   o   |o | o  | o |  o   |
   | UDP checksum elision                   |       |  |    |   |  o   |



Hudson Ayers           Expires December 31, 2018                [Page 5]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   | Compression + headers past first frag  |       |  |    |   |      |
   +----------------------------------------+-------+--+----+---+------

                   Table 1: 6LoWPAN Interoperability Matrix


2.2  Unrealistic Bounds

   Beyond the variation in what portions of the 6LoWPAN specification
   each stack implements, there also exists significant variation in how
   each stack handles certain implementation-specific details. Some of
   these details have little impact on interoperability, such as
   decisions regarding how many fragments a stack holds for a given
   packet before dropping all of them, whether to allow for
   reconstruction of multiple packets simultaneously, and how long to
   hold onto fragments for which the rest of the packet has not yet
   arrived. Other details, however, differ in ways that significantly
   affect interoperability between stacks. A discussion of two such
   details follows:

2.2.1 Maximum Header Decompression

   Each of the stacks analyzed imposes some limit on the maximum amount
   of header decompression possible for a received packet. Such a limit
   is necessary to ensure that packet and fragment buffers within a
   stack are large enough for received packets. The maximum amount of
   header decompression allowed by the 6LoWPAN specification is about
   1200 bytes, basically, if an entire MSS IPv6 packet was sent
   containing only compressed headers. Some of the stacks analyzed
   decompress fragments directly into the MSS buffer which will
   eventually contain the entire IPv6 packet, and thus support this
   bound. Other stacks impose significantly lower limits - limits low
   enough that packets could easily be constructed within the 6LoWPAN
   specification that would exceed these limits. For example, Contiki's
   limit of 38 bytes of header decompression is exceeded by any packet
   for which the IP header is maximally compressed (38 bytes) and the
   UDP header is compressed at all. Accordingly, certain stacks would
   send packets with a significant amount of header compression, but
   other stacks would silently drop these packets due to lacking buffer
   space for fragments requiring that much decompression. Furthermore,
   these stacks do not given any indication back to the sender that a
   packet has been dropped for this reason, making it difficult for the
   sending stack to identify how to adjust its transmission to
   successfully deliver data.

2.2.2 Arbitrary Next Header Compression

   Several of the 6LoWPAN stacks also impose limits on the arbitrary



Hudson Ayers           Expires December 31, 2018                [Page 6]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   compression/decompression of IPv6 extension headers and next headers
   required by the specification. The headers which must be handled are
   as follows:

   - IPv6 Hop-By-Hop Options Header

   - IPv6 Routing Header

   - IPv6 Fragment Header

   - IPv6 Destination Options Header

   - IPv6 Mobility Header

   - IPv6 Next Header

   - UDP Next Header

   Further, 6LoWPAN implementations are expected to be able to
   decompress at least one of each of these headers, and up to two
   Destination Options headers, in almost any order. Handling all of
   these possible cases can result in complex state machines, convoluted
   code, and increase in code size and RAM use. Therefore, several of
   the stacks examined impose a limit on this arbitrary next header
   decompression - namely, Contiki and Riot. Both of these stacks only
   check for the UDP Next Header. This greatly simplifies the code
   required for decompression of next headers in these stacks as
   compared to the others, which require recursion to handle this
   arbitrary compression. The offshoot of this simplified code, however,
   is that these stacks will drop packets with certain compressed
   extension header configurations when other stacks send such messages.

2.3  No Pairing Interoperates

   These interoperability concerns are more than theoretical: existing
   6LoWPAN stacks generate valid packets that other stacks discard. This
   proves that missing receive functionality is not simply a case of
   limited 6LoWPAN stacks abstaining from handling packets which no
   existing stacks ever generate.

   What follows is a listing of each of the 10 possible combinations of
   6LoWPAN stacks, accompanied by a single example packet which can be
   generated by one of the stacks in the pairing which the other stack
   would not receive.

   Contiki, OpenThread : Contiki generated message using uncompressed
   IPv6




Hudson Ayers           Expires December 31, 2018                [Page 7]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   Contiki, Riot: Riot generated message using stateful multicast
   address compression

   Contiki, Mbed: Mbed generated message using compresesd, tunneled IPv6

   Contiki, TinyOS: TinyOS generated message containing compressed IPv6
   extension headers

   OpenThread, Riot: OpenThread generated message containing any of the
   IPv6 extension headers, which the OpenThread stack automatically
   compresses

   OpenThread, Mbed: Mbed generated IPv6 packet containing the IPv6
   mobility header

   OpenThread, TinyOS: OpenThread generated message for which the
   destination address is compressed using stateful multicast
   compression

   Riot, Mbed: Mbed generated IPv6 message containing any compressed
   next header other than the UDP header

   Riot, TinyOS: Riot generated message for which the destination
   address is compressed using stateful multicast compression

   Mbed, TinyOS: Mbed generated Neighbor Discovery message using the
   6LoWPAN context option as specified in RFC 6775.

   This is a non-exhaustive listing, and for most of these pairings
   several message formats exist which could be generated by one that
   would be dropped by the other. Each instance for which a claim is
   made that packets could be easily generated has been verified via
   code analysis.

   In addition to this code analysis, tests were performed to present
   further evidence that several of these packets formats could easily
   be generated via typical use of these 6LoWPAN stacks.

   These tests involved slightly modifying basic example networking apps
   on each stack, such that the existing 6LoWPAN interface could be used
   to send certain packets. These modified examples were flashed onto
   embedded hardware platforms supported by each. The transmitted
   packets were captured using a wireless packet sniffer, and the
   sniffed packets analyzed using Wireshark. This exercise verified that
   these non-interoperable packets could in fact be sent. Further
   description of this hardware generation of select packets can be
   found in [DESIGN].




Hudson Ayers           Expires December 31, 2018                [Page 8]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


3  Implementation Concerns

   The 6LoWPAN specification was created with a clear goal---to allow
   for IPv6 connectivity over a link-layer with an order of magnitude
   smaller frame sizes than Ethernet. Unfortunately, fragmented IPv6 on
   its own requires header overhead much greater than typical wireless
   protocols designed for low power devices. As a result, the
   specification places an extreme focus on minimizing protocol overhead
   and, thus, radio utilization.

   The primary problem with 6LoWPAN is that this focus was taken too
   far. This focus has resulted in complex implementations that require
   significant processor resources. In order for devices to
   interoperate, they must be able to parse any valid received 6LoWPAN
   packet that might be sent by others.

   In practice, many 6LoWPAN implementations do not implement the entire
   specification and, therefore, are not interoperable. This is not a
   result of poor software design, but rather intentional choices to
   implement different subsets of the specification that favor limited
   RAM and code size, security concerns, and minimizing engineering
   effort.

   In fact, in some cases even these incomplete 6LoWPAN implementations
   systems are too resource intensive for some devices. As a result,
   several implementations allow the developer to remove portions of the
   6LoWPAN stack during compilation. Even when implementations use
   overlapping portions of the specification, additional
   interoperability conflicts arise from different choices of memory
   bounds for decompression.

3.1  Processor Resources

   Evidence that developers of these 6LoWPAN stacks were concerned about
   6LoWPAN's consumption of processor resources is baked into the design
   of each. One of the primary indicators that each implementation was
   concerned with code size is the prevalence of options to compile
   limited subsets of the 6LoWPAN stack. For example, Contiki defines
   the SICSLOWPAN_CONF_COMPRESSION compilation flag, which can be set to
   force all Contiki packets (sent and received!) to be processed as
   uncompressed IPv6. Riot presents extensive compilation options for
   6LoWPAN, allowing for the exclusion of all IPHC compression, the
   exclusion of context based compression alone, the exclusion of
   fragmentation, the exclusion of ND, and the exclusion of next header
   compression. The Mbed stack allows users to exclude elements of the
   IPv6 stack such as security features, routing specific features,
   link-layer features, and more. Further, Mbed defines macros which can
   be used to save RAM at the expense of flash, or vice-versa. TinyOS by



Hudson Ayers           Expires December 31, 2018                [Page 9]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   default removes all code in a stack that is not being used by an
   application, and this can easily be observed by compiling different
   6LoWPAN application binaries.

   Table 2 shows the code size overhead of each of the five
   implementations broken into independent overheads for compression,
   fragmentation, mesh and broadcast headers, as well as totals for
   6LoWPAN and the entire networking stack including physical layer
   drivers, IPv6, UDP, ICMP, etc.

   +----------+--------+---------+-------------+------+----------------+
   |  Stack   |            Code Size Measurements (Bytes)              |
   +----------+--------+---------+-------------+------+----------------+
   |          | IP-All | 6Lo-All | Compression | Frag | Mesh/Bcast Hdr |
   +----------+--------+---------+-------------+------+----------------+
   | Contiki  |  37538 |   11262 |        5952 | 3319 |            N/A |
   | OT       |  42262 |   26375 |  4146-20000 | 1310 |           4500 |
   | Riot     |  30942 |    7500 |       >4712 | 1514 |            N/A |
   | Arm Mbed |  46030 |   22061 |       17900 | 3104 |           1331 |
   | TinyOS   |  37312 |   16174 |        ---- | ---- |            600 |
   +----------+--------+---------+-------------+------+----------------+

                 Table 2: 6LoWPAN Stack Code Size


   The methodology use to collect these values can be found in [DESIGN].
   These results likely overestimate the overhead of fragmentation and
   underestimate the overhead of certain kinds of compression since some
   of the complexity of compression is born on the fragmentation logic.
   Moreover, for OpenThread and Arm Mbed, which required manual
   examination of binaries, the results almost certainly underestimate
   the overhead of all 6LoWPAN components since we only counted
   procedures which unambiguously implemented particular functionality,
   though some of the complexity is implemented in other portions of the
   stack. In summary:

      -  6LoWPAN stack developers were concerned with processor resource
      requirements of the protocol.

      - Fragmentation, the only portion of 6LoWPAN that's strictly
      necessary for sending IPv6 packets, consumes significantly less
      ROM than compression.

      - Implementations with more complete adherence to compression
      specification consume more code for compression

      - Mesh and broadcast headers are relatively expensive given that
      few real-world applications use them



Hudson Ayers           Expires December 31, 2018               [Page 10]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


5 Contributing Factors

   Several fundamental factors contributed to 6LoWPAN's interoperability
   problems.

   When writing low power networking specifications, an important
   "slider'' exists - the tradeoff between code size and protocol
   efficiency. This tradeoff is similar to the historically significant
   tradeoff between RAM and code size. Techniques such as advanced MAC
   and physical layers, and tracking the state of a network can reduce
   packet sizes and, thus, radio energy consumption. However, these
   techniques typically require larger and more complex
   implementations.

   Even moving beyond the constraints of code size, added complexity
   harms interoperability in the general case, and complex
   implementations are undesirable in the space of low power embedded
   devices. Finally, 6LoWPAN failed to consider the reality that some
   implementations of the protocol may be incomplete, and accordingly
   failed to include any affirmative indications of interoperability
   failures, with interoperability failures instead only being visible
   as silent packet drops. All of these factors contributed to 6LoWPAN's
   interoperability problems, and inspire the guidelines that follow.

6 Design Guidelines

   This section describes four protocol design guidelines which, if
   followed, lead to low-power protocols that are more likely to have
   interoperable implementations. In the next section, these are
   further explained by showing how each can be applied to 6LoWPAN.

6.1 Guideline 1: Capability Spectrum

   A low power protocol should be implementable on devices which are at
   the low end of code and RAM resources. Rather than require every
   device pay the potential energy costs of fewer optimizations, a
   protocol should support a spectrum of device capabilities. This
   spectrum defines a clear ordering via which especially resource
   constrained devices can reduce code size or RAM use by eliding
   features. Such a spectrum makes a protocol usable by extremely low
   resource devices without forcing more resourceful devices to
   communicate inefficiently.

   This capability spectrum should be a linear scale. For a device to
   support capability level N, it must also support all lower capability
   levels. More complex configuration approaches (e.g., a set of
   independent options) would allow for a particular application or
   implementation to be more efficient, picking the features that give



Hudson Ayers           Expires December 31, 2018               [Page 11]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   the most benefit at the least complexity cost. However, this sort of
   optimization then makes interoperability more difficult, as two
   devices must negotiate which features to use.

6.1.1 Guideline 1 Application to 6LoWPAN

   Application of this guideline would require replacing the large
   collection of "MUST'' requirements - those "features'' in Table 1 -
   into 6 levels of functionality. These levels prioritize features that
   provide the best packet size savings given the resulting
   implementation complexity.  For example, the greatest savings results
   from compressing 128-bit IPv6 addresses.

   0. Uncompressed IPv6

        0a. Uncompressed IPv6

        0b. 6LoWPAN Fragmentation and the Fragment Header

        0c.1280 Byte Packets

   1. IPv6 Compression Basics + Stateless Address Compression

                1a. Support for the Dispatch_IPHC Header Prefix

                1b. Correctly handle elision of IPv6 length and version

                1c. Stateless compression of unicast addresses

                1d. Stateless compression of multicast addresses

        1e. Compression even when 16 bit addresses are used at the link
   layer

        1f. IPv6 address autoconfiguration

   2. Stateful IPv6 Address Compression

                2a. Stateful compression of unicast addresses

        2b. Stateful compression of multicast addresses

   3.  IPv6 Traffic Class and Flow Label Compression

        3a. Traffic Class compression   3b. Flow Label Compression      3c. Hop
   Limit Compression

   4. IPv6 and UDP NH Compression + UDP Port Compression



Hudson Ayers           Expires December 31, 2018               [Page 12]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


        4a. Handle Tunneled IPv6 correctly

        4b. Handle the compression of the UDP Next Header

        4c. Correctly handle elision of the UDP length field

        4d. Correctly handle the compression of UDP ports

        4e. Correctly handle messages for which headers go on
   longer than the first fragment, and the headers in the first
     fragment are compressed.

   5. Entire Specification

        5a. Support the broadcast header and the mesh header as
   described in RFC 4944

        5b Support compression of all IPv6 Extension headers

   The classes in this scale do not precisely reflect the current
   feature support of the implementations described above. For example,
   Contiki supports UDP port compression (level 5) but does not support
   802.15.4 short addresses (level 2) or tunneled IPv6 (level 5):
   following this formulation, Contiki only provides level 1 support. If
   Contiki supported 16-bit addresses, it would provide level 4 support.

   The specific spectrum presented here is based off of measurements of
   code size, the saved bits that each additional level of compression
   allows for, and observations of existing 6LoWPAN implementations.

6.2 Guideline 2: Capability Discovery

   The second guideline immediately follows from the first: if two
   implementations may have different capability levels, there should be
   an explicit mechanism by which two devices can efficiently discover
   what level to use when they communicate

   If two devices wish to communicate, they default to the lower of
   their supported capability levels. For example, suppose a TinyOS
   device supports level 2 and a Contiki device supports level 4;
   Contiki must operate at level 2 when communicating with the TinyOS
   device. This requires keeping only a few bits of state for any device
   to communicate with. Also, note that this state is per-hop; for a
   layer 3 protocol like IP, it is stored for link-layer neighbors (not
   IP endpoints) and so does not require knowledge of the whole network.

6.2.1 Guideline 2 Application to 6LoWPAN




Hudson Ayers           Expires December 31, 2018               [Page 13]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   6lowpan could implement capability discovery using two mechanisms:
   neighbor discovery (ND) and ICMP. Neighbor discovery allows devices
   to probe and determine capability levels, while ICMP allows devices
   to determine when incompatible features are used, or when ND is not
   available.

   Neighbor discovery: 6LoWPAN ND should add an option that allows a
   device to communicate its capability class during association with a
   network. The inclusion of a few extra bits in ND messages would allow
   all devices that learn neighbor addresses via ND to also know how to
   send packets which that neighbor can receive. This option minimizes
   the energy cost of communicating capabilities. It is worth noting
   that [RFC7400] already employs a similar method for communicating
   whether devices implement General Header Compression: adding such an
   option is clearly viable.

   ICMP: All IPv6 devices are already required to support ICMP. A new
   ICMPv6 message type - 6LoWPAN Class Unsupported - should be added,
   which could be sent in response to messages received encoded using a
   6LoWPAN class higher than the class of the receiving host.  This
   would allow for communication of capabilities even in networks not
   constructed using IPv6 ND. This ICMPv6 message would allow hosts to
   indicate exactly what class the receiving host does support,
   preventing any need for repeated retransmissions using different
   compression or fragmentation formats.

6.3 Guideline 3: Provide Reasonable Bounds

   Specifications should impose reasonable bounds on recursive or
   variable features so implementations can bound RAM use. These bounds
   have two benefits. First, it allows implementations to safely limit
   their RAM use without silent interoperability failures. E.g., today,
   if an mbed device sends a 6lowpan packet whose compression is greater
   than 38 bytes to a Contiki device, Contiki will silently drop the
   packet. Second, it ensures that capability discovery is sufficient to
   interoperate.

   The original designers of a specification may not know exactly what
   these values should be. This is not a new problem: TCP congestion
   control, for example, had to specify initial congestion window
   values. The bounds should initially be very conservative. Over time,
   if increasing resources or knowledge suggests they should grow, then
   future devices will have the onus of using fewer resources to
   interoperate with earlier ones.

6.3.1 Guideline 3 Application to 6LoWPAN

   Section 2 discussed two unreasonable bounds which affect 6LoWPAN



Hudson Ayers           Expires December 31, 2018               [Page 14]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   interoperability. The first is the 1280 byte bound on maximum header
   decompression (the amount a header will grow when decompressed).  A
   bound allows implementations to conserve RAM. As a result, some
   implementations impose their own lower bounds, but these bounds do
   not agree so some stacks cannot decompress some packets sent by other
   stacks. The lack of a bound on arbitrary next header compression was
   demonstrated as adding significant complexity to implementations to
   service packets which should rarely be used.

   To address this, maximum header decompression in 6LoWPAN packets
   should be bounded to 50 bytes. This bound allows for significant RAM
   savings in implementations that decompress first fragments into the
   same buffer in which the fragment was originally held prior to any
   copying into a 1280 byte buffer.

   Second, the requirement for compression of interior headers for
   tunneled IPv6 should be removed. Currently, section 4.2 of RFC 6282
   states "When the identified next header is an IPv6 Header...The
   following bytes MUST be encoded using LOWPAN_IPHC''. This is
   problematic because it places no bound on how many tunneled IPv6
   headers may need to be compressed or decompressed, creating locations
   in code that require unbounded amounts of recursion. Implementations
   should adjust their path MTU constraints and responses to support
   inserting source routing headers, rather than tunnel IPv6.

   This change would limit the complexity of arbitrary next header
   compression slightly. In addition, an ordering should be imposed on
   the order of IPv6 extension options if they are to be compressed.
   This would allow for implementations to avoid recursive functions to
   decompress these headers, and instead use simple if/else statements.
   If for some reason IPv6 extension headers must be placed in a
   different order for a particular packet, those options must be sent
   uncompressed.

6.4 Guideline 4: Don't Break Layering

   Designers should ensure that interoperability is a central priority
   for specifications throughout the design process, and that
   interoperability is not simply assumed from the fact that devices
   will be communicating via a shared protocol. In particular,
   specifications should be careful that considerations introduced to
   save energy in certain scenarios should not make assumptions about
   the rest of the stack.  Layering is a foundational network design
   principle. As the difficulty NATs introduced to Internet connectivity
   in the early 2000s demonstrated, breaking layering can introduce
   unforeseen and extremely difficult to fix interoperability problems.

   The appeal of cross-layer optimization in embedded systems is even



Hudson Ayers           Expires December 31, 2018               [Page 15]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   stronger than in traditional computers. Designed for a specific
   application, a developer can understand and know exactly how the
   entire system works, from hardware to application code.  However,
   while this whole-system knowledge makes sense for a particular device
   or iteration of an application, long-lived systems will evolve and
   change.  This is especially true if the device will need to
   interoperate with new gateways or application devices. Furthermore,
   as embedded systems have grown more complex, their software has begun
   to resemble more traditional systems. Rather than write software from
   scratch every time, systems use and draw on existing operating
   systems as well as libraries. By breaking layering, cross-layer
   optimizations require that developers own and customize the entire
   software stack.

6.4.1 Guideline 4 Application to 6LoWPAN

   UDP checksum compression, as defined in section 4.3.2 of RFC 6282,
   should be removed from the 6LoWPAN specification. The RFC says that a
   higher layer may request the checksum be elided if it has an
   integrity mechanism that covers the UDP header. At first glance, this
   seems sufficient: if the UDP header is covered by a message integrity
   code (MIC) or other checksum, then corrupted packets will be
   correctly dropped.

   However, it misses an important error case: if the UDP ports are
   corrupted, then a packet missing a checksum may be delivered to the
   wrong application, and this incorrect application may not impose a
   replacement integrity measure or know one exists. It therefore cannot
   verify the MIC. Furthermore, protecting the header with a link-layer
   MIC is insufficient, as it only protects packets against sub-link
   corruption.

   The end-to-end principle [E2E], foundational to all modern network
   design, says that only endpoints can verify correct communication.
   The only place that can safely verify the UDP header is the UDP
   stack. It is worth noting that the seminal example that led to
   definition of the end-to-end principle was a memory corruption:
   packets held in memory to be sent were corrupted before being sent.
   The recommended workarounds in RFC 6282 are vulnerable to such an
   event. A packet sent by an application that elides the UDP checksum
   could be corrupted in memory before the link-layer MIC is computed.
   Such a packet would be successfully received by the destination and
   dispatched to the wrong application, which would not check the
   application-level MIC.

   The payoff of UDP checksum compression is not even significant - 2
   bytes of checksum is a small portion of a 127 byte frame. The
   problematic nature of UDP checksum compression is further



Hudson Ayers           Expires December 31, 2018               [Page 16]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   demonstrated by the fact that only one of the five stacks analyzed in
   this document implements the feature.

















































Hudson Ayers           Expires December 31, 2018               [Page 17]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


7  Security Considerations

   This informational document does have some implications for security
   if followed.

   First, capability advertisements of the type recommended in this
   document are liable to leak some information regarding the type of
   device sending those advertisements. In any situation for which this
   information is priveleged, such advertisements must be suppressed.

   Second, implementations should be careful not to take for granted
   that the suggestions in this document will be implemented by all
   other transmitting devices. Accordingly, though this document
   recommends reasonable bounds, receivers still must be careful to
   prevent buffer overflows in the event these bounds are not followed.

   Finally, it is worth noting that breaking layering has clear security
   implications, and that the recommendation in this document to avoid
   this practice should be expected to improve security by allowing the
   security protocols in place at individual layers to work as intended.


8  IANA Considerations

   This is an informational document, and accordingly does not formally
   request any IANA changes. However, it is worth noting that the
   example application of the guidelines to 6LoWPAN would require some
   changes by IANA, if actually implemented.

   Namely, IANA would be requested to update some of the "6LoWPAN
   Capability Bits" under the "Internet Control Message Protocol Version
   6 (ICMPv6) Parameters" registry such that some of the unassigned bits
   could be repurposed for capability advertisements as described in
   this document.

   Additionally, IANA would be requested to update the "IPv6 Neighbor
   Discovery Option Formats" registry to include a new ND option format
   for capability advertisements [RFC4861].


9  References

9.1  Normative References


   [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6
              over Low-Power Wireless Personal Area Networks (6LoWPANs):
              Overview, Assumptions, Problem Statement, and Goals", RFC



Hudson Ayers           Expires December 31, 2018               [Page 18]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


              4919, DOI 10.17487/RFC4919, August 2007, <https://www.rfc-
              editor.org/info/rfc4919>.

   [RFC4944]  Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
              "Transmission of IPv6 Packets over IEEE 802.15.4
              Networks", RFC 4944, September 2007, <http://www.rfc-
              editor.org/info/rfc4944>.

   [RFC6282]  Hui, J. and P. Thubert, "Compression Format for IPv6
              Datagrams over IEEE 802.15.4-Based Networks", RFC 6282,
              September 2011, <http://www.rfc-editor.org/info/rfc6282>.

   [RFC6775]  Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann,
              "Neighbor Discovery Optimization for IPv6 over Low-Power
              Wireless Personal Area Networks (6LoWPANs)", RFC 6775,
              November 2012, <http://www.rfc-editor.org/info/rfc6775>.

9.2  Informative References

   [DESIGN]  Ayers, H. et al., "Design Considerations for Low Power
              Internet Protocols", Arxiv, June 2018.

   [TINYOS]  TinyOS Alliance, "TinyOS",  2018,
              <https://github.com/tinyos/tinyos-main>.

   [ARM]  ARM Mbed, "ARM Mbed OS",  2018,
              <https://github.com/ARMmbed/mbed-os>.

   [RIOT]  FU Berlin, "Riot OS",  2018, <https://github.com/RIOT-
              OS/RIOT>.

   [CONTIKI]  Dunkels, A., "Contiki OS",  2018,
              <https://github.com/contiki-os/contiki>.

   [OPENTHREAD]  Nest, "OpenThread",  2018,
              <https://github.com/openthread/openthread>.

   [TOCK]  Levy, A., Campbell, B., Pannuto, P., Dutta, P., Levis, P.,
              "The Case for Writing a Kernel in Rust", APSys, 2017,
              <https://doi.org/10.1145/3124680.3124717>.

   [6LO-CHART] Lemon, T., "IPv6 over Low power WPAN WG Charter", IETF,
              2005, <https://datatracker.ietf.org/doc/charter-ietf-
              6lowpan/>.

   [E2E]  Saltzer, J. H., Reed, D. P., Clark, D. D., "End-to-end
              Arguments in System Design", ACM Trans. Comput. Syst.,
              November 1984.



Hudson Ayers           Expires December 31, 2018               [Page 19]


INTERNET DRAFT         6lo Design Considerations           June 29, 2018


   [RFC7400] Bormann, C., "6LoWPAN-GHC: Generic Header Compression for
              IPv6 over Low-Power Wireless Personal Area Networks
              (6LoWPANs)", RFC 7400, DOI 10.17487/RFC7400, November
              2014, <https://www.rfc-editor.org/info/rfc7400>.



Authors' Addresses


   Hudson Ayers
   Stanford University

   EMail: hayers@stanford.edu

   Paul Crews
   Stanford University

   EMail: ptcrews@stanford.edu

   Hubert Hua Kian Teo
   Stanford University

   EMail: hteo@stanford.edu

   Conor McAvity
   Stanford University

   EMail: cmcavity@stanford.edu

   Amit Levy
   Stanford University

   EMail: levya@cs.stanford.edu

   Philip Levis
   Stanford University

   EMail: pal@stanford.edu












Hudson Ayers           Expires December 31, 2018               [Page 20]


Html markup produced by rfcmarkup 1.127, available from https://tools.ietf.org/tools/rfcmarkup/