draft-ietf-6lo-minimal-fragment-12.txt   draft-ietf-6lo-minimal-fragment-13.txt 
6lo T. Watteyne, Ed. 6lo T. Watteyne, Ed.
Internet-Draft Analog Devices Internet-Draft Analog Devices
Intended status: Standards Track P. Thubert, Ed. Intended status: Standards Track P. Thubert, Ed.
Expires: 15 August 2020 Cisco Systems Expires: 6 September 2020 Cisco Systems
C. Bormann C. Bormann
Universitaet Bremen TZI Universitaet Bremen TZI
12 February 2020 5 March 2020
On Forwarding 6LoWPAN Fragments over a Multihop IPv6 Network On Forwarding 6LoWPAN Fragments over a Multihop IPv6 Network
draft-ietf-6lo-minimal-fragment-12 draft-ietf-6lo-minimal-fragment-13
Abstract Abstract
This document introduces the capability to forward 6LoWPAN fragments. This document provides generic rules to enable the forwarding of
This method reduces the latency and increases end-to-end reliability 6LoWPAN fragment over a route-over network. Forwarding fragments can
in route-over forwarding. It is the companion to using virtual improve both the end-to-end latency and reliability, and reduce the
reassembly buffers which is a pure implementation technique. buffer requirements in intermediate nodes; it may be implemented
using RFC 4944 and virtual reassembly buffers.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 15 August 2020. This Internet-Draft will expire on 6 September 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 21 skipping to change at page 2, line 21
2.1. BCP 14 . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. BCP 14 . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Referenced Work . . . . . . . . . . . . . . . . . . . . . 3 2.2. Referenced Work . . . . . . . . . . . . . . . . . . . . . 3
2.3. New Terms . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. New Terms . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Overview of 6LoWPAN Fragmentation . . . . . . . . . . . . . . 4 3. Overview of 6LoWPAN Fragmentation . . . . . . . . . . . . . . 4
4. Limitations of Per-Hop Fragmentation and Reassembly . . . . . 6 4. Limitations of Per-Hop Fragmentation and Reassembly . . . . . 6
4.1. Latency . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Latency . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Memory Management and Reliability . . . . . . . . . . . . 6 4.2. Memory Management and Reliability . . . . . . . . . . . . 6
5. Forwarding Fragments . . . . . . . . . . . . . . . . . . . . 7 5. Forwarding Fragments . . . . . . . . . . . . . . . . . . . . 7
6. Virtual Reassembly Buffer (VRB) Implementation . . . . . . . 9 6. Virtual Reassembly Buffer (VRB) Implementation . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
10. Normative References . . . . . . . . . . . . . . . . . . . . 11 10. Normative References . . . . . . . . . . . . . . . . . . . . 11
11. Informative References . . . . . . . . . . . . . . . . . . . 11 11. Informative References . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
The original 6LoWPAN fragmentation is defined in [RFC4944] and it is The original 6LoWPAN fragmentation is defined in [RFC4944] for use
implicitly defined for use over a single IP hop through possibly over a single Layer 3 hop, though possibly multiple Layer 2 hops in a
multiple Layer-2 (mesh-under) hops in a meshed 6LoWPAN Network. mesh-under network, and was not modified by the [RFC6282] update.
Although [RFC6282] updates [RFC4944], it does not redefine 6LoWPAN 6LoWPAN operations including fragmentation depend on a Link-Layer
fragmentation. security that prevents any rogue access to the network.
This means that over a Layer-3 (route-over) network, an IP packet is In a route-over network, an IP packet is expected to be reassembled
expected to be reassembled at every hop at the 6LoWPAN sublayer, at every hop at the 6LoWPAN sublayer, pushed to Layer 3 to be routed,
pushed to Layer-3 to be routed, and then fragmented again if the next and then fragmented again if the next hop is another similar 6LoWPAN
hop is another similar 6LoWPAN link. This draft introduces an link. This draft introduces an alternate approach called 6LoWPAN
alternate approach called 6LoWPAN Fragment Forwarding (FF) whereby an Fragment Forwarding (FF) whereby an intermediate node forwards a
intermediate node forwards a fragment as soon as it is received if fragment (or the bulk thereof, MTU permitting) without reassembling
the next hop is a similar 6LoWPAN link. The routing decision is made if the next hop is a similar 6LoWPAN link. The routing decision is
on the first fragment, which has all the IPv6 routing information. made on the first fragment, which has the IPv6 routing information.
The first fragment is forwarded immediately and a state is stored to The first fragment is forwarded immediately and a state is stored to
enable forwarding the next fragments along the same path. enable forwarding the next fragments along the same path.
Done right, 6LoWPAN Fragment Forwarding techniques lead to more Done right, 6LoWPAN Fragment Forwarding techniques lead to more
streamlined operations, less buffer bloat and lower latency. But it streamlined operations, less buffer bloat and lower latency. But it
may be wasteful when fragments are missing, leading to locked may be wasteful when fragments are missing, leading to locked
resources and low throughput, and it may be misused to the point that resources and low throughput, and it may be misused to the point that
the end-to-end latency of one packet falls behind that of per-hop the end-to-end latency of one packet falls behind that of per-hop
recomposition. recomposition.
This specification provides a generic overview of FF, discusses This specification provides a generic overview of FF, discusses
advantages and caveats, and introduces a particular 6LoWPAN Fragment advantages and caveats, and introduces a particular 6LoWPAN Fragment
Forwarding technique called Virtual Reassembly Buffer that can be Forwarding technique called Virtual Reassembly Buffer that can be
used while conserving the message formats defined in [RFC4944]. used while retaining the message formats defined in [RFC4944]. Basic
Basic recommendations such as the insertion of an inter-frame gap recommendations such as the insertion of an inter-frame gap between
between fragments are provided to avoid the most typical caveats. fragments are provided to avoid the most typical caveats.
2. Terminology 2. Terminology
2.1. BCP 14 2.1. BCP 14
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119][RFC8174] when, and only when, they appear in all 14 [RFC2119][RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
skipping to change at page 3, line 34 skipping to change at page 3, line 34
Past experience with fragmentation, e.g., as described in "IPv4 Past experience with fragmentation, e.g., as described in "IPv4
Reassembly Errors at High Data Rates" [RFC4963] and references Reassembly Errors at High Data Rates" [RFC4963] and references
therein, has shown that mis-associated or lost fragments can lead to therein, has shown that mis-associated or lost fragments can lead to
poor network behavior and, occasionally, trouble at the application poor network behavior and, occasionally, trouble at the application
layer. That experience led to the definition of the "Path MTU layer. That experience led to the definition of the "Path MTU
discovery" [RFC8201] (PMTUD) protocol that limits fragmentation over discovery" [RFC8201] (PMTUD) protocol that limits fragmentation over
the Internet. the Internet.
"IP Fragmentation Considered Fragile" [FRAG-ILE] discusses security "IP Fragmentation Considered Fragile" [FRAG-ILE] discusses security
threats that are linked to using IP fragmentation. The 6LoWPAN threats that are linked to using IP fragmentation. The 6LoWPAN
fragmentation takes place underneath, but some issues described there fragmentation takes place underneath the IP Layer, but some issues
may still apply to 6LoWPAN fragments (as discussed in further details described there may still apply to 6LoWPAN fragments (as discussed in
in Section 7). further details in Section 7).
Readers are expected to be familiar with all the terms and concepts Readers are expected to be familiar with all the terms and concepts
that are discussed in "IPv6 over Low-Power Wireless Personal Area that are discussed in "IPv6 over Low-Power Wireless Personal Area
Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and
Goals" [RFC4919] and "Transmission of IPv6 Packets over IEEE 802.15.4 Goals" [RFC4919] and "Transmission of IPv6 Packets over IEEE 802.15.4
Networks" [RFC4944]. Networks" [RFC4944].
"Multiprotocol Label Switching (MPLS) Architecture" [RFC3031] says "Multiprotocol Label Switching (MPLS) Architecture" [RFC3031] says
that with MPLS, 'packets are "labeled" before they are forwarded.' that with MPLS, 'packets are "labeled" before they are forwarded.'
It goes on to say, "At subsequent hops, there is no further analysis It goes on to say, "At subsequent hops, there is no further analysis
skipping to change at page 4, line 10 skipping to change at page 4, line 10
an index into a table which specifies the next hop, and a new label". an index into a table which specifies the next hop, and a new label".
The MPLS technique is leveraged in the present specification to The MPLS technique is leveraged in the present specification to
forward fragments that actually do not have a network layer header, forward fragments that actually do not have a network layer header,
since the fragmentation occurs below IP. since the fragmentation occurs below IP.
2.3. New Terms 2.3. New Terms
This specification uses the following terms: This specification uses the following terms:
6LoWPAN endpoints: The 6LoWPAN endpoints are the first and last 6LoWPAN endpoints: The 6LoWPAN endpoints are the first and last
nodes in an unbroken string of 6LoWPAN nodes. They are in charge nodes in an unbroken string of 6LoWPAN fragment forwarding nodes.
of generating or expanding a 6LoWPAN header from/to a full IPv6 They are in charge of generating or expanding a 6LoWPAN header
packet. They are also the points where the fragmentation and from/to a full IPv6 packet. They are also the only points where
reassembly operations take place. the fragmentation and reassembly operations take place.
Compressed Form: This specification uses the generic term Compressed Compressed Form: This specification uses the generic term Compressed
Form to refer to the format of a datagram after the action of Form to refer to the format of a datagram after the action of
[RFC6282] and possibly [RFC8138] for RPL [RFC6550] artifacts. [RFC6282] and possibly [RFC8138] for RPL [RFC6550] artifacts.
datagram_size: The size of the datagram in its Compressed Form datagram_size: The size of the datagram in its Compressed Form
before it is fragmented. The datagram_size is expressed in a unit before it is fragmented.
that depends on the MAC layer technology, by default a byte.
datagram_tag: An identifier of a datagram that is locally unique to Datagram_Tag: An identifier of a datagram that is locally unique to
the Layer-2 sender. Associated with the MAC address of the the Layer 2 sender. Associated with the Link-Layer address of the
sender, this becomes a globally unique identifier for the sender, this becomes a globally unique identifier for the datagram
datagram. within the duration of its transmission.
fragment_offset: The offset of a fragment of a datagram in its fragment_offset: The offset of a fragment of a datagram in its
Compressed Form. The fragment_offset is expressed in a unit that Compressed Form.
depends on the MAC layer technology and is by default a byte.
3. Overview of 6LoWPAN Fragmentation 3. Overview of 6LoWPAN Fragmentation
We use Figure 1 to illustrate 6LoWPAN fragmentation. We assume node We use Figure 1 to illustrate 6LoWPAN fragmentation. We assume node
A forwards a packet to node B, possibly as part of a multi-hop route A forwards a packet to node B, possibly as part of a multi-hop route
between IPv6 source and destination nodes which are neither A nor B. between IPv6 source and destination nodes which may be neither A nor
B, though 6LoWPAN may compress the IP header better when they are.
+---+ +---+ +---+ +---+
... ---| A |-------------------->| B |--- ... ... ---| A |-------------------->| B |--- ...
+---+ +---+ +---+ +---+
# (frag. 5) # (frag. 5)
123456789 123456789 123456789 123456789
+---------+ +---------+ +---------+ +---------+
| # ###| |### # | | # ###| |### # |
+---------+ +---------+ +---------+ +---------+
outgoing incoming outgoing incoming
fragmentation reassembly fragmentation reassembly
buffer buffer buffer buffer
Figure 1: Fragmentation at node A, reassembly at node B. Figure 1: Fragmentation at node A, reassembly at node B.
Node A starts by compacting the IPv6 packet using the header Typically, Node A starts with an uncompressed packet and compacts the
compression mechanism defined in [RFC6282]. If the resulting 6LoWPAN IPv6 packet using the header compression mechanism defined in
packet does not fit into a single Link-Layer frame, node A's 6LoWPAN [RFC6282]. If the resulting 6LoWPAN packet does not fit into a
sublayer cuts it into multiple 6LoWPAN fragments, which it transmits single Link-Layer frame, node A's 6LoWPAN sublayer cuts it into
as separate Link-Layer frames to node B. Node B's 6LoWPAN sublayer multiple 6LoWPAN fragments, which it transmits as separate Link-Layer
reassembles these fragments, inflates the compressed header fields frames to node B. Node B's 6LoWPAN sublayer reassembles these
back to the original IPv6 header, and hands over the full IPv6 packet fragments, inflates the compressed header fields back to the original
to its IPv6 layer. IPv6 header, and hands over the full IPv6 packet to its IPv6 layer.
In Figure 1, a packet forwarded by node A to node B is cut into nine In Figure 1, a packet forwarded by node A to node B is cut into nine
fragments, numbered 1 to 9 as follows: fragments, numbered 1 to 9 as follows:
* Each fragment is represented by the '#' symbol. * Each fragment is represented by the '#' symbol.
* Node A has sent fragments 1, 2, 3, 5, 6 to node B. * Node A has sent fragments 1, 2, 3, 5, 6 to node B.
* Node B has received fragments 1, 2, 3, 6 from node A. * Node B has received fragments 1, 2, 3, 6 from node A.
* Fragment 5 is still being transmitted at the link layer from node * Fragment 5 is still being transmitted at the link layer from node
A to node B. A to node B.
The reassembly buffer for 6LoWPAN is indexed in node B by: The reassembly buffer for 6LoWPAN is indexed in node B by:
* a unique Identifier of Node A (e.g., Node A's Link-Layer address) * a unique Identifier of Node A (e.g., Node A's Link-Layer address)
* the datagram_tag chosen by node A for this fragmented datagram * the Datagram_Tag chosen by node A for this fragmented datagram
Because it may be hard for node B to correlate all possible Link- Because it may be hard for node B to correlate all possible Link-
Layer addresses that node A may use (e.g., short vs. long addresses), Layer addresses that node A may use (e.g., short vs. long addresses),
node A must use the same Link-Layer address to send all the fragments node A must use the same Link-Layer address to send all the fragments
of the same datagram to node B. of the same datagram to node B.
Conceptually, the reassembly buffer in node B contains: Conceptually, the reassembly buffer in node B contains:
* a datagram_tag as received in the incoming fragments, associated * a Datagram_Tag as received in the incoming fragments, associated
to Link-Layer address of node A for which the received to Link-Layer address of node A for which the received
datagram_tag is unique, Datagram_Tag is unique,
* the actual packet data from the fragments received so far, in a * the actual packet data from the fragments received so far, in a
form that makes it possible to detect when the whole packet has form that makes it possible to detect when the whole packet has
been received and can be processed or forwarded, been received and can be processed or forwarded,
* a state indicating the fragments already received, * a state indicating the fragments already received,
* a datagram_size, * a datagram_size,
* a timer that allows discarding a partially reassembled packet * a timer that allows discarding a partially reassembled packet
after some timeout. after some timeout.
A fragmentation header is added to each fragment; it indicates what A fragmentation header is added to each fragment; it indicates what
portion of the packet that fragment corresponds to. Section 5.3 of portion of the packet that fragment corresponds to. Section 5.3 of
[RFC4944] defines the format of the header for the first and [RFC4944] defines the format of the header for the first and
subsequent fragments. All fragments are tagged with a 16-bit subsequent fragments. All fragments are tagged with a 16-bit
"datagram_tag", used to identify which packet each fragment belongs "Datagram_Tag", used to identify which packet each fragment belongs
to. Each datagram can be uniquely identified by the sender Link- to. Each datagram can be uniquely identified by the sender Link-
Layer addresses of the frame that carries it and the datagram_tag Layer addresses of the frame that carries it and the Datagram_Tag
that the sender allocated for this datagram. [RFC4944] also mandates that the sender allocated for this datagram. [RFC4944] also mandates
that the first fragment is sent first and with a particular format that the first fragment is sent first and with a particular format
that is different than that of the next fragments. Each fragment but that is different than that of the next fragments. Each fragment but
the first one can be identified within its datagram by the datagram- the first one can be identified within its datagram by the datagram-
offset. offset.
Node B's typical behavior, per [RFC4944], is as follows. Upon Node B's typical behavior, per [RFC4944], is as follows. Upon
receiving a fragment from node A with a datagram_tag previously receiving a fragment from node A with a Datagram_Tag previously
unseen from node A, node B allocates a buffer large enough to hold unseen from node A, node B allocates a buffer large enough to hold
the entire packet. The length of the packet is indicated in each the entire packet. The length of the packet is indicated in each
fragment (the datagram_size field), so node B can allocate the buffer fragment (the datagram_size field), so node B can allocate the buffer
even if the first fragment it receives is not fragment 1. As even if the first fragment it receives is not fragment 1. As
fragments come in, node B fills the buffer. When all fragments have fragments come in, node B fills the buffer. When all fragments have
been received, node B inflates the compressed header fields into an been received, node B inflates the compressed header fields into an
IPv6 header, and hands the resulting IPv6 packet to the IPv6 layer IPv6 header, and hands the resulting IPv6 packet to the IPv6 layer
which performs the route lookup. This behavior typically results in which performs the route lookup. This behavior typically results in
per-hop fragmentation and reassembly. That is, the packet is fully per-hop fragmentation and reassembly. That is, the packet is fully
reassembled, then (re)fragmented, at every hop. reassembled, then (re)fragmented, at every hop.
skipping to change at page 7, line 33 skipping to change at page 7, line 33
When nodes A, B and C concurrently send fragmented packets, all 3 When nodes A, B and C concurrently send fragmented packets, all 3
reassembly buffers in node E are occupied. If, at that moment, node reassembly buffers in node E are occupied. If, at that moment, node
D also sends a fragmented packet, node E has no option but to drop D also sends a fragmented packet, node E has no option but to drop
one of the packets, lowering end-to-end reliability. one of the packets, lowering end-to-end reliability.
5. Forwarding Fragments 5. Forwarding Fragments
A 6LoWPAN Fragment Forwarding technique makes the routing decision on A 6LoWPAN Fragment Forwarding technique makes the routing decision on
the first fragment, which is always the one with the IPv6 address of the first fragment, which is always the one with the IPv6 address of
the destination. Upon a first fragment, a forwarding node (e.g. node the destination. Upon receiving a first fragment, a forwarding node
B in a A->B->C sequence) that does fragment forwarding MUST attempt (e.g. node B in a A->B->C sequence) that does fragment forwarding
to create a state and forward the fragment. This is an atomic MUST attempt to create a state and forward the fragment. This is an
operation, and if the first fragment cannot be forwarded then the atomic operation, and if the first fragment cannot be forwarded then
state MUST be removed. the state MUST be removed.
Since the datagram_tag is uniquely associated to the source Link- Since the Datagram_Tag is uniquely associated to the source Link-
Layer address of the fragment, the forwarding node MUST assign a new Layer address of the fragment, the forwarding node MUST assign a new
datagram_tag from its own namespace for the next hop and rewrite the Datagram_Tag from its own namespace for the next hop and rewrite the
fragment header of each fragment with that datagram_tag. fragment header of each fragment with that Datagram_Tag.
When a forwarding node receives a fragment other than a first When a forwarding node receives a fragment other than a first
fragment, it MUST look up state based on the source Link-Layer fragment, it MUST look up state based on the source Link-Layer
address and the datagram_tag in the received fragment. If no such address and the Datagram_Tag in the received fragment. If no such
state is found, the fragment MUST be dropped; otherwise the fragment state is found, the fragment MUST be dropped; otherwise the fragment
MUST be forwarded using the information in the state found. MUST be forwarded using the information in the state found.
Compared to Section 3, the conceptual reassembly buffer in node B now Compared to Section 3, the conceptual reassembly buffer in node B now
contains, assuming that node B is neither the source nor the final contains, assuming that node B is neither the source nor the final
destination: destination:
* a datagram_tag as received in the incoming fragments, associated * a Datagram_Tag as received in the incoming fragments, associated
to Link-Layer address of node A for which the received to Link-Layer address of node A for which the received
datagram_tag is unique, Datagram_Tag is unique,
* the Link-Layer address that node B uses as source to forward the * the Link-Layer address that node B uses as source to forward the
fragments fragments
* the Link-Layer address of the next hop C that is resolved on the * the Link-Layer address of the next hop C that is resolved on the
first fragment first fragment
* a datagram_tag that node B uniquely allocated for this datagram * a Datagram_Tag that node B uniquely allocated for this datagram
and that is used when forwarding the fragments of the datagram and that is used when forwarding the fragments of the datagram
* a buffer for the remainder of a previous fragment left to be sent, * a buffer for the remainder of a previous fragment left to be sent,
* a timer that allows discarding the stale FF state after some * a timer that allows discarding the stale FF state after some
timeout. The duration of the timer should be longer than that timeout. The duration of the timer should be longer than that
which covers the reassembly at the receiving end point. which covers the reassembly at the receiving end point.
A node that has not received the first fragment cannot forward the A node that has not received the first fragment cannot forward the
next fragments. This means that if node B receives a fragment, node next fragments. This means that if node B receives a fragment, node
A was in possession of the first fragment at some point. To keep the A was in possession of the first fragment at some point. To keep the
operation simple and consistent with [RFC4944], the first fragment operation simple and consistent with [RFC4944], the first fragment
must always be sent first. When that is done, if node B receives a MUST always be sent first. When that is done, if node B receives a
fragment that is not the first and for which it has no state, then fragment that is not the first and for which it has no state, then
node B treats it as an error and refrains from creating a state or node B treats it as an error and refrains from creating a state or
attempting to forward. This also means that node A should perform attempting to forward. This also means that node A should perform
all its possible retries on the first fragment before it attempts to all its possible retries on the first fragment before it attempts to
send the next fragments, and that it should abort the datagram and send the next fragments, and that it should abort the datagram and
release its state if it fails to send the first fragment. release its state if it fails to send the first fragment.
One benefit of Fragment Forwarding is that the memory that is used to One benefit of Fragment Forwarding is that the memory that is used to
store the packet is now distributed along the path, which limits the store the packet is now distributed along the path, which limits the
buffer bloat effect. Multiple fragments may progress in parallel buffer bloat effect. Multiple fragments may progress simultaneously
along the network as long as they do not interfere. An associated along the network as long as they do not interfere. An associated
caveat is that on a half duplex radio, if node A sends the next caveat is that on a half duplex radio, if node A sends the next
fragment at the same time as node B forwards the previous fragment to fragment at the same time as node B forwards the previous fragment to
a node C down the path then node B will miss the next fragment from a node C down the path then node B will miss the next fragment from
node A. If node C forwards the previous fragment to a node D at the node A. If node C forwards the previous fragment to a node D at the
same time and on the same frequency as node A sends the next fragment same time and on the same frequency as node A sends the next fragment
to node B, this may result in a hidden terminal problem. In that to node B, this may result in a hidden terminal problem. In that
case, the transmission from C interferes at node B with that from A case, the transmission from C interferes at node B with that from A
unbeknownst of node A. unbeknownst of node A. Consecutive fragments of a same datagram MUST
be separated with an inter-frame gap that allows one fragment to
Consecutive fragments of a same datagram must be separated with an progress beyond the next hop and beyond the interference domain
inter-frame gap that allows one fragment to progress before the next before the next shows up. This can be achieved by interleaving
shows up. This can be achieved by interleaving packets or fragments packets or fragments sent via different next-hop routers.
sent via different next-hop routers.
6. Virtual Reassembly Buffer (VRB) Implementation 6. Virtual Reassembly Buffer (VRB) Implementation
Virtual Reassembly Buffer (VRB) is the implementation technique The Virtual Reassembly Buffer (VRB) [LWIG-VRB] is a particular
described in [LWIG-VRB] in which a forwarder does not reassemble each incarnation of a 6LoWPAN Fragment Forwarding that can be implemented
packet in its entirety before forwarding it. without a change to [RFC4944].
VRB overcomes the limitations listed in Section 4. Nodes do not wait VRB overcomes the limitations listed in Section 4. Nodes do not wait
for the last fragment before forwarding, reducing end-to-end latency. for the last fragment before forwarding, reducing end-to-end latency.
Similarly, the memory footprint of VRB is just the VRB table, Similarly, the memory footprint of VRB is just the VRB table,
reducing the packet drop probability significantly. reducing the packet drop probability significantly.
There are other caveats, however: There are other caveats, however:
Non-zero Packet Drop Probability: The abstract data in a VRB table Non-zero Packet Drop Probability: The abstract data in a VRB table
entry contains at a minimum the Link-Layer address of the entry contains at a minimum the Link-Layer address of the
predecessor and that of the successor, the datagram_tag used by predecessor and that of the successor, the Datagram_Tag used by
the predecessor and the local datagram_tag that this node will the predecessor and the local Datagram_Tag that this node will
swap with it. The VRB may need to store a few octets from the swap with it. The VRB may need to store a few octets from the
last fragment that may not have fit within MTU and that will be last fragment that may not have fit within MTU and that will be
prepended to the next fragment. This yields a small footprint prepended to the next fragment. This yields a small footprint
that is 2 orders of magnitude smaller compared to needing a that is 2 orders of magnitude smaller compared to needing a
1280-byte reassembly buffer for each packet. Yet, the size of the 1280-byte reassembly buffer for each packet. Yet, the size of the
VRB table necessarily remains finite. In the extreme case where a VRB table necessarily remains finite. In the extreme case where a
node is required to concurrently forward more packets that it has node is required to concurrently forward more packets that it has
entries in its VRB table, packets are dropped. entries in its VRB table, packets are dropped.
No Fragment Recovery: There is no mechanism in VRB for the node that No Fragment Recovery: There is no mechanism in VRB for the node that
skipping to change at page 10, line 7 skipping to change at page 10, line 7
requirements the application places on the network. requirements the application places on the network.
If the caveats are present and not acceptable for the application, If the caveats are present and not acceptable for the application,
alternative specifications may define new protocols to overcome them. alternative specifications may define new protocols to overcome them.
One example is [FRAG-RECOV] which specifies a 6LoWPAN Fragment One example is [FRAG-RECOV] which specifies a 6LoWPAN Fragment
Forwarding technique that allows the end-to-end fragment recovery Forwarding technique that allows the end-to-end fragment recovery
between the 6LoWPAN endpoints. between the 6LoWPAN endpoints.
7. Security Considerations 7. Security Considerations
An attacker can perform a Denial-of-Service (DoS) attack on a node
implementing VRB by generating a large number of bogus "fragment 1"
fragments without sending subsequent fragments. This causes the VRB
table to fill up. Note that the VRB does not need to remember the
full datagram as received so far but only possibly a few octets from
the last fragment that could not fit in it. It is expected that an
implementation protects itself to keep the number of VRBs within
capacity, and that old VRBs are protected by a timer of a reasonable
duration for the technology and destroyed upon timeout.
Secure joining and the Link-Layer security that it sets up protects Secure joining and the Link-Layer security that it sets up protects
against those attacks from network outsiders. against those attacks from network outsiders.
"IP Fragmentation Considered Fragile" [FRAG-ILE] discusses security "IP Fragmentation Considered Fragile" [FRAG-ILE] discusses security
threats that are linked to using IP fragmentation. The 6LoWPAN threats and other caveats that are linked to using IP fragmentation.
fragmentation takes place underneath, but some issues described there The 6LoWPAN fragmentation takes place underneath the IP Layer, but
may still apply to 6LoWPAN fragments. some issues described there may still apply to 6LoWPAN fragments.
* Overlapping fragment attacks are possible with 6LoWPAN fragments * Overlapping fragment attacks are possible with 6LoWPAN fragments
but there is no known firewall operation that would work on but there is no known firewall operation that would work on
6LoWPAN fragments at the time of this writing, so the exposure is 6LoWPAN fragments at the time of this writing, so the exposure is
limited. An implementation of a firewall SHOULD NOT forward limited. An implementation of a firewall SHOULD NOT forward
fragments but recompose the IP packet, check it in the fragments but instead should recompose the IP packet, check it in
uncompressed form, and then forward it again as fragments if the u ncompressed form, and then forward it again as fragments if
necessary. necessary. Overlapping fragments are acceptable as long as they
contain the same payload. The firewall MUST drop the whole packet
if overlapping fragments are encountered that result in different
data at the same offset.
* Resource exhaustion attacks are certainly possible and a sensitive * Resource exhaustion attacks are certainly possible and a sensitive
issue in a constrained network. An attacker can perform a Denial- issue in a constrained network. An attacker can perform a Denial-
of-Service (DoS) attack on a node implementing VRB by generating a of-Service (DoS) attack on a node implementing VRB by generating a
large number of bogus first fragments without sending subsequent large number of bogus first fragments without sending subsequent
fragments. This causes the VRB table to fill up. When hop-by-hop fragments. This causes the VRB table to fill up. When hop-by-hop
reassembly is used, the same attack can be more damaging if the reassembly is used, the same attack can be more damaging if the
node allocates a full datagram_size for each bogus first fragment. node allocates a full datagram_size for each bogus first fragment.
With the VRB, the attack can be performed remotely on all nodes With the VRB, the attack can be performed remotely on all nodes
along a path, but each node suffers a lesser hit. This is because along a path, but each node suffers a lesser hit. This is because
the VRB does not need to remember the full datagram as received so the VRB does not need to remember the full datagram as received so
far but only possibly a few octets from the last fragment that far but only possibly a few octets from the last fragment that
could not fit in it. An implementation MUST protect itself to could not fit in it. An implementation MUST protect itself to
keep the number of VRBs within capacity, and ensure that old VRBs keep the number of VRBs within capacity, and ensure that old VRBs
are protected by a timer of a reasonable duration for the are protected by a timer of a reasonable duration for the
technology and destroyed upon timeout. technology and destroyed upon timeout.
* Attacks based on predictable fragment identification values are * Attacks based on predictable fragment identification values are
also possible but can be avoided. The datagram_tag SHOULD be also possible but can be avoided. The Datagram_Tag SHOULD be
assigned pseudo-randomly in order to defeat such attacks. assigned pseudo-randomly in order to defeat such attacks. A
larger size of the Datagram_Tag makes the guessing more difficult
and reduces the chances of an accidental reuse while the original
packet is still in flight, at the expense of more space in each
frame.
* Evasion of Network Intrusion Detection Systems (NIDS) leverages * Evasion of Network Intrusion Detection Systems (NIDS) leverages
ambiguity in the reassembly of the fragment. This is difficult ambiguity in the reassembly of the fragment. This attack makes
and mostly useless in a 6LoWPAN network since the fragmentation is little sense in the context of this specification since the
not end-to-end. fragmentation happens within the LLN, meaning that the intruder
should already be inside to perform the attack. NDIS systems
would probably not be installed within the LLN either, but rather
at a boittleneck at the exterior edge of the network.
8. IANA Considerations 8. IANA Considerations
No requests to IANA are made by this document. No requests to IANA are made by this document.
9. Acknowledgments 9. Acknowledgments
The authors would like to thank Carles Gomez Montenegro, Yasuyuki The authors would like to thank Carles Gomez Montenegro, Yasuyuki
Tanaka, Ines Robles and Dave Thaler for their in-depth review of this Tanaka, Ines Robles and Dave Thaler for their in-depth review of this
document and improvement suggestions. Also many thanks to Georgios document and improvement suggestions. Also many thanks to Georgios
Papadopoulos and Dominique Barthel for their own reviews, and to Papadopoulos and Dominique Barthel for their own reviews, and to
Barry Leiba, Derrell Piper, Sarah Banks, Joerg Ott and Francesca Roman Danyliw, Barry Leiba, Derrell Piper, Sarah Banks, Joerg Ott,
Palombini for their constructive reviews through the IETF last call Francesca Palombini, Mirja Kuhlewind, Eric Vyncke, and especially
and IESG process. Benjamin Kaduk for their constructive reviews through the IETF last
call and IESG process.
10. Normative References 10. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
skipping to change at page 12, line 38 skipping to change at page 13, line 14
[LWIG-VRB] Bormann, C. and T. Watteyne, "Virtual reassembly buffers [LWIG-VRB] Bormann, C. and T. Watteyne, "Virtual reassembly buffers
in 6LoWPAN", Work in Progress, Internet-Draft, draft-ietf- in 6LoWPAN", Work in Progress, Internet-Draft, draft-ietf-
lwig-6lowpan-virtual-reassembly-01, 11 March 2019, lwig-6lowpan-virtual-reassembly-01, 11 March 2019,
<https://tools.ietf.org/html/draft-ietf-lwig-6lowpan- <https://tools.ietf.org/html/draft-ietf-lwig-6lowpan-
virtual-reassembly-01>. virtual-reassembly-01>.
[FRAG-RECOV] [FRAG-RECOV]
Thubert, P., "6LoWPAN Selective Fragment Recovery", Work Thubert, P., "6LoWPAN Selective Fragment Recovery", Work
in Progress, Internet-Draft, draft-ietf-6lo-fragment- in Progress, Internet-Draft, draft-ietf-6lo-fragment-
recovery-08, 28 November 2019, recovery-13, 18 February 2020,
<https://tools.ietf.org/html/draft-ietf-6lo-fragment- <https://tools.ietf.org/html/draft-ietf-6lo-fragment-
recovery-08>. recovery-13>.
[ARTICLE] Tanaka, Y., Minet, P., and T. Watteyne, "6LoWPAN Fragment [ARTICLE] Tanaka, Y., Minet, P., and T. Watteyne, "6LoWPAN Fragment
Forwarding", IEEE Communications Standards Magazine , Forwarding", IEEE Communications Standards Magazine ,
2019. 2019.
Authors' Addresses Authors' Addresses
Thomas Watteyne (editor) Thomas Watteyne (editor)
Analog Devices Analog Devices
32990 Alvarado-Niles Road, Suite 910 32990 Alvarado-Niles Road, Suite 910
 End of changes. 43 change blocks. 
98 lines changed or deleted 118 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/