draft-ietf-roll-applicability-home-building-02.txt   draft-ietf-roll-applicability-home-building-03.txt 
Roll A. Brandt Roll A. Brandt
Internet-Draft Sigma Designs Internet-Draft Sigma Designs
Intended status: Informational E. Baccelli Intended status: Informational E. Baccelli
Expires: August 17, 2014 INRIA Expires: November 13, 2014 INRIA
R. Cragie R. Cragie
Gridmerge Gridmerge
P. van der Stok P. van der Stok
Consultant Consultant
February 13, 2014 May 12, 2014
Applicability Statement: The use of the RPL protocol set in Home Applicability Statement: The use of the RPL protocol set in Home
Automation and Building Control Automation and Building Control
draft-ietf-roll-applicability-home-building-02 draft-ietf-roll-applicability-home-building-03
Abstract Abstract
The purpose of this document is to provide guidance in the selection The purpose of this document is to provide guidance in the selection
and use of RPL protocols to implement the features required for and use of RPL protocols to implement the features required for
control in building and home environments. control in building and home environments.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 17, 2014. This Internet-Draft will expire on November 13, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Relationship to other documents . . . . . . . . . . . . . 4
1.2. Required Reading . . . . . . . . . . . . . . . . . . . . 4 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Out of scope requirements . . . . . . . . . . . . . . . . 4 1.3. Required Reading . . . . . . . . . . . . . . . . . . . . 4
2. Deployment Scenario . . . . . . . . . . . . . . . . . . . . . 4 1.4. Out of scope requirements . . . . . . . . . . . . . . . . 4
2.1. Network Topologies . . . . . . . . . . . . . . . . . . . 5 2. Deployment Scenario . . . . . . . . . . . . . . . . . . . . . 5
2.2. Traffic Characteristics . . . . . . . . . . . . . . . . . 6 2.1. Network Topologies . . . . . . . . . . . . . . . . . . . 6
2.2. Traffic Characteristics . . . . . . . . . . . . . . . . . 7
2.2.1. General . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.1. General . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.2. Source-sink (SS) communication paradigm . . . . . . . 7 2.2.2. Source-sink (SS) communication paradigm . . . . . . . 8
2.2.3. Publish-subscribe (PS, or pub/sub)) communication 2.2.3. Publish-subscribe (PS, or pub/sub)) communication
paradigm . . . . . . . . . . . . . . . . . . . . . . 7 paradigm . . . . . . . . . . . . . . . . . . . . . . 8
2.2.4. Peer-to-peer (P2P) communication paradigm . . . . . . 8 2.2.4. Peer-to-peer (P2P) communication paradigm . . . . . . 8
2.2.5. Peer-to-multipeer (P2MP) communication paradigm . . . 8 2.2.5. Peer-to-multipeer (P2MP) communication paradigm . . . 9
2.2.6. N-cast communication paradigm . . . . . . . . . . . . 8 2.2.6. N-cast communication paradigm . . . . . . . . . . . . 9
2.2.7. RPL applicability per communication paradigm . . . . 8 2.2.7. RPL applicability per communication paradigm . . . . 9
2.3. Layer-2 applicability . . . . . . . . . . . . . . . . . . 10 2.3. Layer-2 applicability . . . . . . . . . . . . . . . . . . 10
3. Using RPL to meet Functional Requirements . . . . . . . . . . 10 3. Using RPL to meet Functional Requirements . . . . . . . . . . 11
4. RPL Profile . . . . . . . . . . . . . . . . . . . . . . . . . 11 4. RPL Profile . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. RPL Features . . . . . . . . . . . . . . . . . . . . . . 11 4.1. RPL Features . . . . . . . . . . . . . . . . . . . . . . 12
4.1.1. RPL Instances . . . . . . . . . . . . . . . . . . . . 11 4.1.1. RPL Instances . . . . . . . . . . . . . . . . . . . . 12
4.1.2. Storing vs. Non-Storing Mode . . . . . . . . . . . . 12 4.1.2. Storing vs. Non-Storing Mode . . . . . . . . . . . . 12
4.1.3. DAO Policy . . . . . . . . . . . . . . . . . . . . . 12 4.1.3. DAO Policy . . . . . . . . . . . . . . . . . . . . . 13
4.1.4. Path Metrics . . . . . . . . . . . . . . . . . . . . 12 4.1.4. Path Metrics . . . . . . . . . . . . . . . . . . . . 13
4.1.5. Objective Function . . . . . . . . . . . . . . . . . 12 4.1.5. Objective Function . . . . . . . . . . . . . . . . . 13
4.1.6. DODAG Repair . . . . . . . . . . . . . . . . . . . . 12 4.1.6. DODAG Repair . . . . . . . . . . . . . . . . . . . . 13
4.1.7. Multicast . . . . . . . . . . . . . . . . . . . . . . 12 4.1.7. Multicast . . . . . . . . . . . . . . . . . . . . . . 13
4.1.8. Security . . . . . . . . . . . . . . . . . . . . . . 13 4.1.8. Security . . . . . . . . . . . . . . . . . . . . . . 14
4.1.9. P2P communications . . . . . . . . . . . . . . . . . 13 4.1.9. P2P communications . . . . . . . . . . . . . . . . . 14
4.1.10. IPv6 adddress configuration . . . . . . . . . . . . . 13 4.1.10. IPv6 address configuration . . . . . . . . . . . . . 15
4.2. Layer 2 features . . . . . . . . . . . . . . . . . . . . 14 4.2. Layer 2 features . . . . . . . . . . . . . . . . . . . . 15
4.3. Recommended Configuration Defaults and Ranges . . . . . . 14 4.3. Recommended Configuration Defaults and Ranges . . . . . . 15
4.3.1. RPL-P2P parameters . . . . . . . . . . . . . . . . . 14 4.3.1. RPL-P2P parameters . . . . . . . . . . . . . . . . . 15
4.3.2. Trickle parameters . . . . . . . . . . . . . . . . . 14 4.3.2. Trickle parameters . . . . . . . . . . . . . . . . . 15
4.3.3. MPL parameters . . . . . . . . . . . . . . . . . . . 14 4.3.3. MPL parameters . . . . . . . . . . . . . . . . . . . 15
5. Manageability Considerations . . . . . . . . . . . . . . . . 15 5. Manageability Considerations . . . . . . . . . . . . . . . . 16
6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16
6.1. Security context considerations . . . . . . . . . . . . . 15 6.1. Security context considerations . . . . . . . . . . . . . 16
6.2. MPL routing . . . . . . . . . . . . . . . . . . . . . . . 16 6.2. MPL routing . . . . . . . . . . . . . . . . . . . . . . . 17
6.3. Security Considerations for distribution of credentials 6.3. Security Considerations for distribution of credentials
required for RPL . . . . . . . . . . . . . . . . . . . . 16 required for RPL . . . . . . . . . . . . . . . . . . . . 17
6.4. Security Considerations for P2P uses . . . . . . . . . . 16
7. Other related protocols . . . . . . . . . . . . . . . . . . . 17 6.4. Security Considerations for P2P and P2MP uses . . . . . . 18
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 6.5. RPL Security features . . . . . . . . . . . . . . . . . . 18
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 7. Other related protocols . . . . . . . . . . . . . . . . . . . 18
10. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 17 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19
11.1. Normative References . . . . . . . . . . . . . . . . . . 18 10. Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . 19
11.2. Informative References . . . . . . . . . . . . . . . . . 20 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
Appendix A. RPL shortcomings in home and building deployments . 21 11.1. Normative References . . . . . . . . . . . . . . . . . . 20
A.1. Risk of undesired long P2P routes . . . . . . . . . . . . 21 11.2. Informative References . . . . . . . . . . . . . . . . . 22
A.1.1. Traffic concentration at the root . . . . . . . . . . 21 Appendix A. RPL shortcomings in home and building deployments . 23
A.1.2. Excessive battery consumption in source nodes . . . . 22 A.1. Risk of undesired long P2P routes . . . . . . . . . . . . 23
A.2. Risk of delayed route repair . . . . . . . . . . . . . . 22 A.1.1. Traffic concentration at the root . . . . . . . . . . 23
A.2.1. Broken service . . . . . . . . . . . . . . . . . . . 22 A.1.2. Excessive battery consumption in source nodes . . . . 24
Appendix B. Communication failures . . . . . . . . . . . . . . . 22 A.2. Risk of delayed route repair . . . . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 A.2.1. Broken service . . . . . . . . . . . . . . . . . . . 24
Appendix B. Communication failures . . . . . . . . . . . . . . . 24
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction 1. Introduction
Home automation and building control application spaces share a Home automation and building control application spaces share a
substantial number of properties. substantial number of properties.
o Both (home and building) can be disconnected from the ISP and they o Both (home and building) can be disconnected from the ISP and they
will (must) continue to provide control to the occupants of the will (must) continue to provide control to the occupants of the
home c.q. building. This has an impact on routing because most home c.q. building. This has an impact on routing because most
control communication does (must) not pass via the border routers. control communication does (must) not pass via the border routers.
skipping to change at page 3, line 48 skipping to change at page 4, line 5
So the focus of this applicability document is control in buildings So the focus of this applicability document is control in buildings
and home, involving: reliability, timeliness, and local routing. and home, involving: reliability, timeliness, and local routing.
The purpose of this document is to give guidance in the use of the The purpose of this document is to give guidance in the use of the
RPL protocol suite to provide the features required by the RPL protocol suite to provide the features required by the
requirements documents "Home Automation Routing Requirements in Low- requirements documents "Home Automation Routing Requirements in Low-
Power and Lossy Networks" [RFC5826] and "Building Automation Routing Power and Lossy Networks" [RFC5826] and "Building Automation Routing
Requirements in Low-Power and Lossy Networks" [RFC5867]. Requirements in Low-Power and Lossy Networks" [RFC5867].
1.1. Terminology 1.1. Relationship to other documents
ROLL has specified a set of routing protocols for Lossy and Low-
resource Networks (LLN) [RFC6550]. This applicability text describes
a subset of these protocols and the conditions which make the subset
the correct choice. The text recommends and motivates the
accompanying parameter value ranges. Multiple applicability domains
are recognized including: Building and Home, and Advanced Metering
Infrastructure. The applicability domains distinguish themselves in
the way they are operated, their performance requirements, and the
most probable network structures. Each applicability statement
identifies the distinguishing properties according to a common set of
subjects described in as many sections.
A common set of security threats are described in
[I-D.ietf-roll-security-threats]. The applicability statements
complement the security threats document by describing preferred
security settings and solutions within the applicability statement
conditions. This applicability statements may recommend more light
weight security solutions and specify the conditions under which
these solutions are appropriate.
1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
Additionally, this document uses terminology from [RFC6997], Additionally, this document uses terminology from [RFC6997],
[I-D.ietf-roll-trickle-mcast], and [RFC6550]. [I-D.ietf-roll-trickle-mcast], and [RFC6550].
1.2. Required Reading 1.3. Required Reading
Applicable requirements are described in [RFC5826] and [RFC5867]. Applicable requirements are described in [RFC5826] and [RFC5867].
1.3. Out of scope requirements 1.4. Out of scope requirements
The considered network diameter is limited to a max diameter of 10 The considered network diameter is limited to a max diameter of 10
hops and a typical diameter of 5 hops, which captures the most common hops and a typical diameter of 5 hops, which captures the most common
cases in home automation and building control networks. cases in home automation and building control networks.
This document does not consider the applicability of RPL-related This document does not consider the applicability of RPL-related
specifications for urban and industrial applications [RFC5548], specifications for urban and industrial applications [RFC5548],
[RFC5673], which may exhibit significantly larger network diameters. [RFC5673], which may exhibit significantly larger network diameters.
2. Deployment Scenario 2. Deployment Scenario
skipping to change at page 5, line 12 skipping to change at page 5, line 43
to confusion and a profound dissatisfaction with the lighting to confusion and a profound dissatisfaction with the lighting
product. product.
Monitoring of functional correctness is at least as important. Monitoring of functional correctness is at least as important.
Devices typically communicate their status regularly and send alarm Devices typically communicate their status regularly and send alarm
messages notifying a malfunction of equipment or network. messages notifying a malfunction of equipment or network.
In building control, the infrastructure of the building management In building control, the infrastructure of the building management
network can be shared with the security/access, the IP telephony, and network can be shared with the security/access, the IP telephony, and
the fire/alarm networks. This approach has a positive impact on the the fire/alarm networks. This approach has a positive impact on the
operation and cost of the network. operation and cost of the network; however, care should be taken to
ensure that the availability of the building management network does
not become compromised beyond the ability for critical functions to
perform adequately.
In homes the network for audio/video streaming and gaming has In homes, the network for audio/video streaming and gaming has
different requirements, where the most important one is the high need different requirements, where the most important one is the high need
in bandwith for entertainment not needed for control. It is expected in bandwidth for entertainment not needed for control. It is
that the entertainment network in the home will mostly be separate expected that the entertainment network in the home will mostly be
from the control network. separate from the control network, which also lessens the impact on
availability of the control network
2.1. Network Topologies 2.1. Network Topologies
In general, The home automation network or building control network In general, The home automation network or building control network
consists of wired and wireless sub-networks. In large buildings consists of wired and wireless sub-networks. In large buildings
especially, the wireless sub-networks can be connected to an IP especially, the wireless sub-networks can be connected to an IP
backbone network where all infrastructure services are located, such backbone network where all infrastructure services are located, such
as DNS, automation servers, etc. as DNS, automation servers, etc.
The wireless sub-network can be configured according to any of the The wireless sub-network can be configured according to any of the
skipping to change at page 5, line 44 skipping to change at page 6, line 31
systems in buildings. systems in buildings.
o A connected network with one border router. This configuration o A connected network with one border router. This configuration
will happen in homes where home appliances are controlled from will happen in homes where home appliances are controlled from
outside the home or via the telephone, and in many building outside the home or via the telephone, and in many building
control scenarios. control scenarios.
o A connected network with multiple border routers. This will o A connected network with multiple border routers. This will
typically happen in installations of large buildings. typically happen in installations of large buildings.
Many of the nodes are batery-powered and may be sleeping nodes which Many of the nodes are baery-powered and may be sleeping nodes which
wake-up according to clock signals or external events. wake-up according to clock signals or external events.
In a building control network, for large installation with multiple In a building control network, for large installation with multiple
border routers, sub-networks often overlap geographically and from a border routers, sub-networks often overlap geographically and from a
wireless coverage perspective. Due to two purposes of the network, wireless coverage perspective. Due to two purposes of the network,
(i) direct control and (ii) monitoring, there may exist two types of (i) direct control and (ii) monitoring, there may exist two types of
routing topologies in a given sub-network: (i) a tree-shaped routing topologies in a given sub-network: (i) a tree-shaped
collection of routes spanning from a central building controller via collection of routes spanning from a central building controller via
the border router, on to destination nodes in the sub-network; and/or the border router, on to destination nodes in the sub-network; and/or
(ii) a flat, un-directed collection of intra-network routes between (ii) a flat, un-directed collection of intra-network routes between
skipping to change at page 10, line 41 skipping to change at page 11, line 30
discovery/repair. The use of RPL-P2P furthermore allows data traffic discovery/repair. The use of RPL-P2P furthermore allows data traffic
to avoid having to go through a central region around the root of the to avoid having to go through a central region around the root of the
tree, and drastically reduces path length [SOFT11] [INTEROP12]. tree, and drastically reduces path length [SOFT11] [INTEROP12].
These characteristics are desirable in home and building automation These characteristics are desirable in home and building automation
networks because they substantially decrease unnecessary network networks because they substantially decrease unnecessary network
congestion around the root of the tree. congestion around the root of the tree.
When reliability is required, multiple independent paths are used When reliability is required, multiple independent paths are used
with RPL-P2P. For 1-hop destinations this means that one 1-hop with RPL-P2P. For 1-hop destinations this means that one 1-hop
communication and a second 2-hop communication take place via a communication and a second 2-hop communication take place via a
neigboring node. The same reliability can be achieved by using MPL neighboring node. The same reliability can be achieved by using MPL
where the seed is a repeater and a second repeater is 1 hop removed where the seed is a repeater and a second repeater is 1 hop removed
from the seed and the destination node. from the seed and the destination node.
RPL-P2P is recommended to keep two independent paths per destination RPL-P2P is recommended to keep two independent paths per destination
in the source. When one path is temporarily impossible, as described in the source. When one path is temporarily impossible, as described
in Appendix B, the alternative can be used without throwing away the in Appendix B, the alternative can be used without throwing away the
temporarily failing path. The blocked path can be safely thrown away temporarily failing path. The blocked path can be safely thrown away
after 15 minutes. A new route discovery is done when the number of after 15 minutes. A new route discovery is done when the number of
paths is exhausted, or when a path needs to abandoned because it paths is exhausted, or when a path needs to abandoned because it
fails over a too long period. fails over a too long period.
skipping to change at page 12, line 35 skipping to change at page 13, line 27
4.1.5. Objective Function 4.1.5. Objective Function
OF0 MUST be supported and is the RECOMMENDED Objective Function to OF0 MUST be supported and is the RECOMMENDED Objective Function to
use. Other Objective Functions MAY be used as well. use. Other Objective Functions MAY be used as well.
4.1.6. DODAG Repair 4.1.6. DODAG Repair
Since RPL-P2P only creates DODAGs on a temporary basis during route Since RPL-P2P only creates DODAGs on a temporary basis during route
repair, there is no need to repair DODAGs. repair, there is no need to repair DODAGs.
TODO: there is a DODAG needed for SS communication. In general for the SS case, handling of time-varying link
characteristics and availability, local repair is sufficient. The
accompanying process is known as poisoning and is described in
Section 8.2.2.5 of [RFC6550]. Given that the plurality of nodes in
the building does not move around, creating new DODAGs will not
happen frequently.
4.1.7. Multicast 4.1.7. Multicast
Commercial light deployments may have a need for multicast to Commercial light deployments may have a need for multicast to
distribute commands to a group of lights in a timely fashion. distribute commands to a group of lights in a timely fashion.
Several mechanisms exist for achieving such functionality; Several mechanisms exist for achieving such functionality;
[I-D.ietf-roll-trickle-mcast] is RECOMMENDED for home and building [I-D.ietf-roll-trickle-mcast] is RECOMMENDED for home and building
deployments. This section relies heavily on the conclusions of deployments. This section relies heavily on the conclusions of
[RT-MPL]. [RT-MPL].
The density of forwarders and the frequency of message generation are
important aspects to control to obtain timeliness. A high frequency
of message generation can be expected when a remote control button is
constantly pressed, or when alarm situations arise. In [RT-MPL] it
is shown that short circuiting the buffering and retries in the IEEE
802.15.4 MAC reduces packet delays. Message loss is reduced by
adding a real-time packet selection procedure before submitting a
packet to the MAC.
Guaranteeing timeliness is intimately related to the density of the Guaranteeing timeliness is intimately related to the density of the
MPL routers. In ideal circumstances the message is propagated as a MPL routers. In ideal circumstances the message is propagated as a
single wave through the network, such that the maximum delay is single wave through the network, such that the maximum delay is
related to the number of hops times the smallest repetition interval related to the number of hops times the smallest repetition interval
of MPL. Each forwarder that receives the message, passes the message of MPL. Each forwarder that receives the message, passes the message
on to the next hop by repeating the message. When several copies of on to the next hop by repeating the message. When several copies of
a message reach the forwarder, it is specified that the copy need not a message reach the forwarder, it is specified that the copy need not
be repeated. Repetition of the message can be inhibited by a small be repeated. Repetition of the message can be inhibited by a small
value of k. To assure timeliness, the value of k should be chosen value of k. To assure timeliness, the value of k should be chosen
high enough to make sure that messages are repeated at the first high enough to make sure that messages are repeated at the first
skipping to change at page 13, line 19 skipping to change at page 14, line 26
too dense leads to a saturation of the medium that can only be too dense leads to a saturation of the medium that can only be
prevented by selecting a low value of k. Consequently, timeliness is prevented by selecting a low value of k. Consequently, timeliness is
assured by choosing a relatively high value of k but assuring at the assured by choosing a relatively high value of k but assuring at the
same time a low enough density of forwarders to reduce the risk of same time a low enough density of forwarders to reduce the risk of
medium saturation. Depending on the reliability of the network medium saturation. Depending on the reliability of the network
channels, it is advisable to choose the network such that at least 2 channels, it is advisable to choose the network such that at least 2
forwarders (one forwarder located on the seed) can repeat messages to forwarders (one forwarder located on the seed) can repeat messages to
the same set of destinations. the same set of destinations.
There are no rules about selecting forwarders for MPL. In buildings There are no rules about selecting forwarders for MPL. In buildings
with central managment tools, the forwarders can be selected, but in with central management tools, the forwarders can be selected, but in
the home is not possible to automatically configure the forwarder the home is not possible to automatically configure the forwarder
topology at this moment. topology at this moment.
4.1.8. Security 4.1.8. Security
In order to support low-cost devices and devices running on battery, In order to support low-cost devices and devices running on battery,
RPL MAY use either unsecured messages or secured messages. If RPL is RPL MAY use either unsecured messages or secured messages. If RPL is
used with unsecured messages, link layer security SHOULD be used. If used with unsecured messages, link layer security SHOULD be used (see
RPL is used with secured messages, the following RPL security Section 6.1). If RPL is used with secured messages, the following
parameter values SHOULD be used: RPL security parameter values SHOULD be used:
o T = '0': Do not use timestamp in the Counter Field. o T = '0': Do not use timestamp in the Counter Field.
o Algorithm = '0': Use CCM with AES-128 o Algorithm = '0': Use CCM with AES-128
o KIM = '10': Use group key, Key Source present, Key Index present o KIM = '10': Use group key, Key Source present, Key Index present
o LVL = 0: Use MAC-32 o LVL = 0: Use MAC-32
4.1.9. P2P communications 4.1.9. P2P communications
[RFC6997] MUST be used to accommodate P2P traffic, which is typically [RFC6997] MUST be used to accommodate P2P traffic, which is typically
substantial in home and building automation networks. substantial in home and building automation networks.
4.1.10. IPv6 adddress configuration 4.1.10. IPv6 address configuration
Assigned IP addresses MUST be routable and unique within the routing Assigned IP addresses MUST be routable and unique within the routing
domain. domain.
4.2. Layer 2 features 4.2. Layer 2 features
No particular requirements exist for layer 2 but for the ones cited No particular requirements exist for layer 2 but for the ones cited
in the IP over Foo RFCs. in the IP over Foo RFCs.
4.3. Recommended Configuration Defaults and Ranges 4.3. Recommended Configuration Defaults and Ranges
skipping to change at page 15, line 30 skipping to change at page 16, line 35
5. Manageability Considerations 5. Manageability Considerations
Manageability is out of scope for home network scenarios. In Manageability is out of scope for home network scenarios. In
building automation scenarios, central control should be applied building automation scenarios, central control should be applied
based on MIBs. based on MIBs.
6. Security Considerations 6. Security Considerations
Refer to the security considerations of [RFC6997], [RFC6550], Refer to the security considerations of [RFC6997], [RFC6550],
[I-D.ietf-roll-trickle-mcast]. [I-D.ietf-roll-trickle-mcast], and the counter measures discussed in
sections 6 and 7 of [I-D.ietf-roll-security-threats].
6.1. Security context considerations 6.1. Security context considerations
Wireless networks are typically secured at the link-layer to prevent Wireless networks are typically secured at the link-layer in order to
unauthorized parties to access the information exchanged over the prevent unauthorized parties to access the information exchanged over
links. In mesh networks, it is good practice to create a network of the links. In mesh networks, it is good practice to create a network
nodes which share the same keys for link layer encryptions and of nodes which share the same keys for link layer encryptions and
exclude nodes sending non encrypted messages. The consequence is exclude nodes sending non encrypted messages. Together with
that unauthorized nodes cannot join the mesh. This is ensured with authentication of the sources, it is possible to prevent unauthorized
the Protocol for carrying Authentication for Network Access (PANA) nodes joining the mesh. This is ensured with the Protocol for
Relay Element [RFC6345] with the use of PANA [RFC5191] for network carrying Authentication for Network Access (PANA) Relay Element
access. A new DTLS based protocol is proposed in [RFC6345] with the use of PANA [RFC5191] for network access. A new
[I-D.kumar-dice-dtls-relay]. DTLS based protocol is proposed in [I-D.kumar-dice-dtls-relay].
This recommendation is in line with the coutermeasures described in
section 6.1.1 of [I-D.ietf-roll-security-threats]
Unauthorized nodes can access the nodes of the mesh via a router. Unauthorized nodes can access the nodes of the mesh via a router.
End-to-end security between applications is recommended by using DTLS End-to-end security between applications is recommended by using DTLS
[RFC6347] or TLS [RFC5246]. [RFC6347] or TLS [RFC5246].
A thorough analysis of security threats and proposed countermeasures
relevant to RPL is done in [I-D.ietf-roll-security-threats].
6.2. MPL routing 6.2. MPL routing
The routing of MPL is determined by the enabling of the interfaces The routing of MPL is determined by the enabling of the interfaces
for specified Multicast addresses. The specification of these for specified Multicast addresses. The specification of these
addresses can be done via a CoAP application as specified in addresses can be done via a CoAP application as specified in
[I-D.ietf-core-groupcomm]. An alternative is the creation of a MPL [I-D.ietf-core-groupcomm]. An alternative is the creation of a MPL
MIB and use of SNMPv3 [RFC3411] or CoMI [I-D.vanderstok-core-comi] to MIB and use of SNMPv3 [RFC3411] or CoMI [I-D.vanderstok-core-comi] to
specify the Multicast addresses in the MIB. The application of specify the Multicast addresses in the MIB. The application of
security measures for the specification of the multicast addresses security measures for the specification of the multicast addresses
assures that the routing of MPL packets is secured. assures that the routing of MPL packets is secured.
skipping to change at page 16, line 26 skipping to change at page 17, line 33
6.3. Security Considerations for distribution of credentials required 6.3. Security Considerations for distribution of credentials required
for RPL for RPL
Communications network security is based on providing integrity Communications network security is based on providing integrity
protection and encryption to messages. This can be applied at protection and encryption to messages. This can be applied at
various layers in the network protocol stack based on using various various layers in the network protocol stack based on using various
credentials and a network identity. credentials and a network identity.
The credentials which are relevant in the case of RPL are: (i) the The credentials which are relevant in the case of RPL are: (i) the
credential used at the link layer in the case where link layer credential used at the link layer in the case where link layer
security is applied or (ii) the credential used for securing RPL security is applied (see Section 6.1) or (ii) the credential used for
messages. In both cases, the assumption is that the credential is a securing RPL messages. In both cases, the assumption is that the
shared key. Therefore, there MUST be a mechanism in place which credential is a shared key. Therefore, there MUST be a mechanism in
allows secure distribution of a shared key and configuration of place which allows secure distribution of a shared key and
network identity. Both MAY be done using (i) pre-installation using configuration of network identity. Both MAY be done using (i) pre-
an out-of-band method, (ii) delivered securely when a device is installation using an out-of-band method, (ii) delivered securely
introduced into the network or (iii) delivered securely by a trusted when a device is introduced into the network or (iii) delivered
neighboring device. The shared key MUST be stored in a secure securely by a trusted neighboring device. The shared key MUST be
fashion which makes it difficult to be read by an unauthorized party. stored in a secure fashion which makes it difficult to be read by an
unauthorized party.
Securely delivering a key means that the delivery mechanism MUST have Securely delivering a key means that the delivery mechanism MUST have
data origin authentication, confidentiality and integrity protection. data origin authentication, confidentiality and integrity protection.
Securely storing a key means that the storage mechanism MUST have On reception of the delivered key, freshness of the delivered key
confidentiality and integrity protection and MUST only be accessible MUST be ensured.Securely storing a key means that the storage
by an authorized party. mechanism MUST have confidentiality and integrity protection and MUST
only be accessible by an authorized party.
6.4. Security Considerations for P2P uses 6.4. Security Considerations for P2P and P2MP uses
Refer to the security considerations of [RFC6997]. Many initiatives Refer to the security considerations of [RFC6997]. Many initiatives
are under way to provide light weight security such as: are under way to provide light weight security such as:
[I-D.keoh-dice-dtls-profile-iot] and [I-D.ietf-dice-profile] and [I-D.keoh-dice-multicast-security].
[I-D.keoh-dice-multicast-security].
6.5. RPL Security features
This section follows the structure of section 7, "RPL security
features" of [I-D.ietf-roll-security-threats], where a thorough
analysis of security threats and proposed counter measures relevant
to RPL and MPL is done.
In accordance with section 7.1 of [I-D.ietf-roll-security-threats],
"Confidentiality features", a secured RPL protocol must implement
payload protection, as explained in Section 6.1 of this document.
The attributes key-length and life-time of the keys depend on
operational conditions, maintenance and installation procedures.
Section 6.3 of this document recommends measures to assure integrity
in accordance with section 7.2 of [I-D.ietf-roll-security-threats],
"Integrity features".
The provision of multiple paths recommended in section 7.3
"Availability features" of [I-D.ietf-roll-security-threats] is also
recommended from a reliability point of view. Randomly choosing
paths MAY be supported.
Key management discussed in section 7.4, "Key Management" of
[I-D.ietf-roll-security-threats], is not standardized and discussions
continue.
Section 7.5, "Considerations on Matching Application Domain Needs" of
[I-D.ietf-roll-security-threats] applies as such.
7. Other related protocols 7. Other related protocols
Application transport protocols may be CoAP over UDP or equivalents. Application transport protocols may be CoAP over UDP or equivalents.
Typically, UDP is used for IP transport to keep down the application Typically, UDP is used for IP transport to keep down the application
response time and bandwidth overhead. response time and bandwidth overhead.
Several features required by [RFC5826], [RFC5867] challenge the P2P Several features required by [RFC5826], [RFC5867] challenge the P2P
paths provided by RPL. Appendix A reviews these challenges. In some paths provided by RPL. Appendix A reviews these challenges. In some
cases, a node may need to spontaneously initiate the discovery of a cases, a node may need to spontaneously initiate the discovery of a
path towards a desired destination that is neither the root of a DAG, path towards a desired destination that is neither the root of a DAG,
nor a destination originating DAO signaling. Furthermore, P2P paths nor a destination originating DAO signalling. Furthermore, P2P paths
provided by RPL are not satisfactory in all cases because they provided by RPL are not satisfactory in all cases because they
involve too many intermediate nodes before reaching the destination. involve too many intermediate nodes before reaching the destination.
8. IANA Considerations 8. IANA Considerations
No considerations for IANA pertain to this document. No considerations for IANA pertain to this document.
9. Acknowledgements 9. Acknowledgements
This document reflects discussions and remarks from several This document reflects discussions and remarks from several
individuals including (in alphabetical order): Mukul Goyal, Jerry individuals including (in alphabetical order): Mukul Goyal, Sandeep
Martocci, Charles Perkins, Michael Richardson, and Zach Shelby Kumar, Jerry Martocci, Charles Perkins, Michael Richardson, and Zach
Shelby
10. Changelog 10. Changelog
Changes from version 0 to version 1. Changes from version 0 to version 1.
o Adapted section structure to template. o Adapted section structure to template.
o Standardized the reference syntax. o Standardized the reference syntax.
o Section 2.2, moved everything concerning algorithms to section o Section 2.2, moved everything concerning algorithms to section
2.2.7, and adpted text in 2.2.1-2.2.6. 2.2.7, and adapted text in 2.2.1-2.2.6.
o Added MPL parameter text to section 4.1.7 and section 4.3.1. o Added MPL parameter text to section 4.1.7 and section 4.3.1.
o Replaced all TODO sections with text. o Replaced all TODO sections with text.
o Consistent use of border router, mintoring, home- and building o Consistent use of border router, monitoring, home- and building
network. network.
o Reformulated security aspects with references to other o Reformulated security aspects with references to other
publications. publications.
o MPL and RPL parameter values introduced. o MPL and RPL parameter values introduced.
Changes form version 1 to version 2. Changes from version 1 to version 2.
o Clarified common characteristics of control in home and building. o Clarified common characteristics of control in home and building.
o Clarified failure behavior of point to point communication in o Clarified failure behavior of point to point communication in
appendix. appendix.
o Changed examples, more hvac and less lighting. o Changed examples, more hvac and less lighting.
o Clarified network topologies. o Clarified network topologies.
o replaced reference to smart_object paper by reference to I-D.roll- o replaced reference to smart_object paper by reference to I-D.roll-
security-threats security-threats
o Added a concise definition of secure delivery and secure storage o Added a concise definition of secure delivery and secure storage
o text about securing network with PANA o text about securing network with PANA
Changes from version 2 to version 3.
o Changed security section to follow the structure of security
threats draft.
o Added text to DODAG repair sub-section
11. References 11. References
11.1. Normative References 11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
skipping to change at page 19, line 44 skipping to change at page 21, line 40
Routing Header for Source Routes with the Routing Protocol Routing Header for Source Routes with the Routing Protocol
for Low-Power and Lossy Networks (RPL)", RFC 6554, March for Low-Power and Lossy Networks (RPL)", RFC 6554, March
2012. 2012.
[RFC6997] Goyal, M., Baccelli, E., Philipp, M., Brandt, A., and J. [RFC6997] Goyal, M., Baccelli, E., Philipp, M., Brandt, A., and J.
Martocci, "Reactive Discovery of Point-to-Point Routes in Martocci, "Reactive Discovery of Point-to-Point Routes in
Low-Power and Lossy Networks", RFC 6997, August 2013. Low-Power and Lossy Networks", RFC 6997, August 2013.
[I-D.ietf-6lo-lowpanz] [I-D.ietf-6lo-lowpanz]
Brandt, A. and J. Buron, "Transmission of IPv6 packets Brandt, A. and J. Buron, "Transmission of IPv6 packets
over ITU-T G.9959 Networks", draft-ietf-6lo-lowpanz-02 over ITU-T G.9959 Networks", draft-ietf-6lo-lowpanz-05
(work in progress), February 2014. (work in progress), May 2014.
[I-D.ietf-roll-trickle-mcast] [I-D.ietf-roll-trickle-mcast]
Hui, J. and R. Kelsey, "Multicast Protocol for Low power Hui, J. and R. Kelsey, "Multicast Protocol for Low power
and Lossy Networks (MPL)", draft-ietf-roll-trickle- and Lossy Networks (MPL)", draft-ietf-roll-trickle-
mcast-06 (work in progress), January 2014. mcast-09 (work in progress), April 2014.
[I-D.ietf-roll-security-threats] [I-D.ietf-roll-security-threats]
Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A., Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A.,
and M. Richardson, "A Security Threat Analysis for Routing and M. Richardson, "A Security Threat Analysis for Routing
Protocol for Low-power and lossy networks (RPL)", draft- Protocol for Low-power and lossy networks (RPL)", draft-
ietf-roll-security-threats-06 (work in progress), December ietf-roll-security-threats-06 (work in progress), December
2013. 2013.
[I-D.keoh-dice-dtls-profile-iot] [I-D.ietf-dice-profile]
Keoh, S., Kumar, S., and Z. Shelby, "Profiling of DTLS for Hartke, K. and H. Tschofenig, "A DTLS 1.2 Profile for the
CoAP-based IoT Applications", draft-keoh-dice-dtls- Internet of Things", draft-ietf-dice-profile-01 (work in
profile-iot-00 (work in progress), November 2013. progress), May 2014.
[I-D.keoh-dice-multicast-security] [I-D.keoh-dice-multicast-security]
Keoh, S., Kumar, S., Garcia-Morchon, O., Dijk, E., and A. Keoh, S., Kumar, S., Garcia-Morchon, O., Dijk, E., and A.
Rahman, "DTLS-based Multicast Security for Low-Power and Rahman, "DTLS-based Multicast Security in Constrained
Lossy Networks (LLNs)", draft-keoh-dice-multicast- Environments", draft-keoh-dice-multicast-security-07 (work
security-04 (work in progress), February 2014. in progress), May 2014.
[I-D.kumar-dice-dtls-relay] [I-D.kumar-dice-dtls-relay]
Kumar, S., Keoh, S., and O. Garcia-Morchon, "DTLS Relay Kumar, S., Keoh, S., and O. Garcia-Morchon, "DTLS Relay
for Constrained Environments", draft-kumar-dice-dtls- for Constrained Environments", draft-kumar-dice-dtls-
relay-00 (work in progress), October 2013. relay-01 (work in progress), April 2014.
[I-D.ietf-core-groupcomm] [I-D.ietf-core-groupcomm]
Rahman, A. and E. Dijk, "Group Communication for CoAP", Rahman, A. and E. Dijk, "Group Communication for CoAP",
draft-ietf-core-groupcomm-18 (work in progress), December draft-ietf-core-groupcomm-18 (work in progress), December
2013. 2013.
[I-D.vanderstok-core-comi] [I-D.vanderstok-core-comi]
Stok, P. and B. Greevenbosch, "CoAp Management Stok, P. and B. Greevenbosch, "CoAp Management
Interfaces", draft-vanderstok-core-comi-02 (work in Interfaces", draft-vanderstok-core-comi-04 (work in
progress), January 2014. progress), May 2014.
[IEEE802.15.4] [IEEE802.15.4]
"IEEE 802.15.4 - Standard for Local and metropolitan area "IEEE 802.15.4 - Standard for Local and metropolitan area
networks -- Part 15.4: Low-Rate Wireless Personal Area networks -- Part 15.4: Low-Rate Wireless Personal Area
Networks", <IEEE Standard 802.15.4>. Networks", <IEEE Standard 802.15.4>.
[G.9959] "ITU-T G.9959 Short range narrow-band digital [G.9959] "ITU-T G.9959 Short range narrow-band digital
radiocommunication transceivers - PHY and MAC layer radiocommunication transceivers - PHY and MAC layer
specifications", <ITU-T G.9959>. specifications", <ITU-T G.9959>.
skipping to change at page 21, line 16 skipping to change at page 23, line 16
Routing Protocol for IPv6 Sensor Networks: Testbed Routing Protocol for IPv6 Sensor Networks: Testbed
Experiments", Proceedings of the Conference on Software Experiments", Proceedings of the Conference on Software
Telecommunications and Computer Networks, Split, Croatia,, Telecommunications and Computer Networks, Split, Croatia,,
September 2011. September 2011.
[INTEROP12] [INTEROP12]
Baccelli, E., Phillip, M., Brandt, A., Valev , H., and J. Baccelli, E., Phillip, M., Brandt, A., Valev , H., and J.
Buron , "Report on P2P-RPL Interoperability Testing", Buron , "Report on P2P-RPL Interoperability Testing",
RR-7864 INRIA Research Report RR-7864, January 2012. RR-7864 INRIA Research Report RR-7864, January 2012.
[RT-MPL] van der Stok, P., "Real-Time IP-based multicast for low- [RT-MPL] van der Stok, P., "Real-Time multicast for wireless mesh
resource wireless network", To be published,, April 2014. networks using MPL", White paper,
http://www.vanderstok.org/papers/Real-time-MPL.pdf, April
2014.
[RTN2011] Holtman, K. and P. van der Stok, "Real-time routing for [RTN2011] Holtman, K. and P. van der Stok, "Real-time routing for
low-latency 802.15.4 control networks", International low-latency 802.15.4 control networks", International
Workshop on Real-Time Networks; Euromicro Conference on Workshop on Real-Time Networks; Euromicro Conference on
Real-Time Systems, July 2011. Real-Time Systems, July 2011.
[MEAS] Holtman, K., "Connectivity loss in large scale IEEE [MEAS] Holtman, K., "Connectivity loss in large scale IEEE
802.15.4 network", Private Communication, November 2013. 802.15.4 network", Private Communication, November 2013.
Appendix A. RPL shortcomings in home and building deployments Appendix A. RPL shortcomings in home and building deployments
 End of changes. 46 change blocks. 
118 lines changed or deleted 201 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/